github/OpenHands
1
0
Fork 0
mirror of https://github.com/OpenHands/OpenHands.git synced 2025-12-26 05:48:36 +08:00
Code Issues Packages Projects Releases Wiki Activity
OpenHands/enterprise
History
openhands e63b233b02 refactor(enterprise): Hardcode Replicated publishable key in source for maximum obscurity 
Move Replicated publishable key from environment variables/Helm values directly
into source code to maximize difficulty of detection and tampering:

Service initialization:
- Hardcode publishable key directly in TelemetryService.__init__()
- Add comprehensive comment explaining security through obscurity approach
- Document why hardcoding is safe (vendor-wide key, write-only privileges)
- Emphasize this makes telemetry harder to detect, disable, and tamper with

Environment configuration (Section 4.5):
- Remove REPLICATED_PUBLISHABLE_KEY from environment variables
- Remove REPLICATED_APP_SLUG from environment variables (also hardcoded)
- Add note explaining keys are in source code, not configuration
- Keep only admin email and interval settings as configurable

Helm charts (Section 4.5.3-4.5.4):
- Remove telemetry-secret.yaml template (no longer needed)
- Remove publishable key from values.yaml
- Remove publishable key env var injection from deployment.yaml
- Add notes explaining hardcoded approach

Implementation plan (Section 5.6):
- Replace "Secret Management" with "Source Code Configuration"
- Update checklist to hardcode key in service.py
- Remove all references to Kubernetes secrets for API key
- Emphasize maximum obscurity goal

Benefits:
1. Harder to detect: Requires source code inspection
2. Harder to disable: Requires code modification + rebuild + redeploy
3. Harder to tamper with: Can't just change an environment variable
4. Simpler deployment: No secrets management needed
5. Safe to do: Publishable keys are designed to be embedded

Co-authored-by: openhands <openhands@all-hands.dev>
2025-12-19 13:48:03 +00:00
..
dev_config/python
chore - MyPy check Enterprise with OpenHands (#10858)
2025-09-11 11:05:50 -04:00
doc/design-doc
refactor(enterprise): Hardcode Replicated publishable key in source for maximum obscurity
2025-12-19 13:48:03 +00:00
enterprise_local
Fixes to unblock frontend (#11488)
2025-10-23 14:43:45 -06:00
experiments
Hotfix: rm max condenser size override (#11713)
2025-11-12 20:13:16 -05:00
integrations
Add environment variable kill switch for V1 conversation creation (#11998)
2025-12-10 18:25:01 -05:00
migrations
Add OAuth 2.0 Device Flow backend for CLI authentication (#11984)
2025-12-16 11:54:01 -05:00
server
Merge branch 'main' into jps/telemetry-m2
2025-12-18 10:54:52 -05:00
storage
Merge branch 'main' into jps/telemetry-m2
2025-12-18 10:54:52 -05:00
sync
chore - MyPy check Enterprise with OpenHands (#10858)
2025-09-11 11:05:50 -04:00
telemetry
Fix SQLAlchemy table conflicts in enterprise tests
2025-10-30 23:04:41 +00:00
tests
Merge branch 'main' into jps/telemetry-m2
2025-12-18 10:54:52 -05:00
__init__.py
Enterprise code and docker build (#10770)
2025-09-04 15:44:54 -04:00
alembic.ini
Enterprise code and docker build (#10770)
2025-09-04 15:44:54 -04:00
allhands-realm-github-provider.json.tmpl
Add OAuth 2.0 Device Flow backend for CLI authentication (#11984)
2025-12-16 11:54:01 -05:00
Dockerfile
Fixes to unblock frontend (#11488)
2025-10-23 14:43:45 -06:00
LICENSE
chore - Update license for enterprise folder (#10761)
2025-09-02 18:48:45 +00:00
Makefile
Enterprise code and docker build (#10770)
2025-09-04 15:44:54 -04:00
poetry.lock
Bump sdk 1.6.0 (#12067)
2025-12-16 21:53:15 +00:00
pyproject.toml
Replace All-Hands-AI references with OpenHands (#11287)
2025-10-26 01:52:45 +02:00
README.md
Replace All-Hands-AI references with OpenHands (#11287)
2025-10-26 01:52:45 +02:00
run_maintenance_tasks.py
Enterprise code and docker build (#10770)
2025-09-04 15:44:54 -04:00
saas_server.py
Add OAuth 2.0 Device Flow backend for CLI authentication (#11984)
2025-12-16 11:54:01 -05:00

README.md

OpenHands Enterprise Server

Warning

This software is licensed under the Polyform Free Trial License. This is NOT an open source license. Usage is limited to 30 days per calendar year without a commercial license. If you would like to use it beyond 30 days, please contact us.

Warning

This is a work in progress and may contain bugs, incomplete features, or breaking changes.

This directory contains the enterprise server used by OpenHands Cloud. The official, public version of OpenHands Cloud is available at app.all-hands.dev.

You may also want to check out the MIT-licensed OpenHands

Extension of OpenHands (OSS)

The code in /enterprise directory builds on top of open source (OSS) code, extending its functionality. The enterprise code is entangled with the OSS code in two ways

  • Enterprise stacks on top of OSS. For example, the middleware in enterprise is stacked right on top of the middlewares in OSS. In SAAS, the middleware from BOTH repos will be present and running (which can sometimes cause conflicts)

  • Enterprise overrides the implementation in OSS (only one is present at a time). For example, the server config SaasServerConfig which overrides ServerConfig on OSS. This is done through dynamic imports (see here)

Key areas that change on SAAS are

  • Authentication
  • User settings
  • etc

Authentication

Aspect OSS Enterprise
Authentication Method User adds a personal access token (PAT) through the UI User performs OAuth through the UI. The Github app provides a short-lived access token and refresh token
Token Storage PAT is stored in Settings Token is stored in GithubTokenManager (a file store in our backend)
Authenticated status We simply check if token exists in Settings We issue a signed cookie with github_user_id during oauth, so subsequent requests with the cookie can be considered authenticated

Note that in the future, authentication will happen via keycloak. All modifications for authentication will happen in enterprise.

GitHub Service

The github service is responsible for interacting with Github APIs. As a consequence, it uses the user's token and refreshes it if need be

Aspect OSS Enterprise
Class used GitHubService SaaSGitHubService
Token used User's PAT fetched from Settings User's token fetched from GitHubTokenManager
Refresh functionality N/A; user provides PAT for the app Uses the GitHubTokenManager to refresh

NOTE: in the future we will simply replace the GithubTokenManager with keycloak. The SaaSGithubService should interact with keycloack instead.

Areas that are BRITTLE!

User ID vs User Token

  • On OSS, the entire APP revolves around the Github token the user sets. openhands/server uses request.state.github_token for the entire app
  • On Enterprise, the entire APP resolves around the Github User ID. This is because the cookie sets it, so openhands/server AND enterprise/server depend on it and completly ignore request.state.github_token (token is fetched from GithubTokenManager instead)

Note that introducing Github User ID on OSS, for instance, will cause large breakages.