sync: merge usnavy13/main (33 commits, incl. AUTH_ENABLED for LibreChat dev compat)#4
Merged
Conversation
Bumps [python-dotenv](https://github.com/theskumar/python-dotenv) from 1.2.1 to 1.2.2. - [Release notes](https://github.com/theskumar/python-dotenv/releases) - [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md) - [Commits](theskumar/python-dotenv@v1.2.1...v1.2.2) --- updated-dependencies: - dependency-name: python-dotenv dependency-version: 1.2.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [uvicorn[standard]](https://github.com/Kludex/uvicorn) from 0.41.0 to 0.42.0. - [Release notes](https://github.com/Kludex/uvicorn/releases) - [Changelog](https://github.com/Kludex/uvicorn/blob/main/docs/release-notes.md) - [Commits](Kludex/uvicorn@0.41.0...0.42.0) --- updated-dependencies: - dependency-name: uvicorn[standard] dependency-version: 0.42.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [fastapi](https://github.com/fastapi/fastapi) from 0.129.0 to 0.135.2. - [Release notes](https://github.com/fastapi/fastapi/releases) - [Commits](fastapi/fastapi@0.129.0...0.135.2) --- updated-dependencies: - dependency-name: fastapi dependency-version: 0.135.2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [redis](https://github.com/redis/redis-py) from 7.2.0 to 7.4.0. - [Release notes](https://github.com/redis/redis-py/releases) - [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES) - [Commits](redis/redis-py@v7.2.0...v7.4.0) --- updated-dependencies: - dependency-name: redis dependency-version: 7.4.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov) from 4.1.0 to 7.1.0. - [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst) - [Commits](pytest-dev/pytest-cov@v4.1.0...v7.1.0) --- updated-dependencies: - dependency-name: pytest-cov dependency-version: 7.1.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [pytest](https://github.com/pytest-dev/pytest) from 9.0.2 to 9.0.3. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst) - [Commits](pytest-dev/pytest@9.0.2...9.0.3) --- updated-dependencies: - dependency-name: pytest dependency-version: 9.0.3 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
- Added AUTH_ENABLED configuration to control API key authentication on user endpoints, with detailed documentation updates. - Introduced a new batch file upload endpoint to support multi-file uploads, preserving subdirectory structures. - Implemented a new PTC server for bash execution, allowing users to run bash code with the same JSON protocol as the Python server. - Updated Dockerfile to include jq for JSON processing in the bash PTC server. - Enhanced existing endpoints and services to accommodate the new features and ensure proper handling of authentication and file management.
- Added configuration options for enabling sandbox network access, allowing sandboxes to reach the internet through an inline allowlist proxy. - Implemented egress proxy and firewall to enforce outbound traffic restrictions, preventing SSRF vulnerabilities. - Updated Docker configurations to support new sandbox features, including persistent skill-deps caching. - Enhanced API with endpoints to inspect and purge the skill-deps cache, facilitating better management of installed dependencies. - Refactored execution services to accommodate network-enabled sandboxes, ensuring proper handling of package installations across multiple languages.
- Enhanced file upload logic to skip extension checks for agent files, allowing skill-priming uploads from the LibreChat host. - Increased the maximum number of files per session from 300 to 1000 to accommodate larger skill bundles and prevent upload errors.
- Added normalization functions for Python and Bash tool names to ensure compatibility with SDK-generated code. - Updated file handling in execution services to support new metadata fields, including `inherited`, `modified_from`, and `entity_id`. - Introduced read-only file handling during uploads, allowing for better management of file permissions in sandbox environments. - Enhanced unit tests to cover new features and ensure robust validation of file and tool name handling.
…essions - Egress proxy tunnel test: use IP literal 127.0.0.1 instead of localhost to avoid IPv6 resolution mismatch in CI - Batch upload mock: add missing is_read_only param to fake_store - Client-replay test: allow inherited file refs in exec response (matches LibreChat CodeExecutor.ts contract) - Bandit B103: suppress intentional 0o1777 chmod on shared skill-deps dir Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…ements feat: Auth, sandbox egress, file handling, and bash batch execution
- Introduced `original_filename` field in the FileInfo model to store pre-sanitization filenames. - Updated file upload and batch upload functions to include the original filename in metadata. - Enhanced file listing to return the original filename if available, improving metadata accuracy. - Adjusted file service methods to handle the new original filename parameter for better file management.
…-pass approach Align sanitize_filename with LibreChat#12977's sanitizeFilenameSegment: - NFC-normalize before sanitizing (handles decomposed accents) - Two-pass: strict ASCII [a-zA-Z0-9._-], permissive non-ASCII (only blocks C1 controls U+0080-U+009F) - Preserves emoji (📊) and ZWJ sequences that \w alone would strip Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The fake_store function in TestLibreChatUploadBatch had a fixed parameter list missing the new original_filename kwarg, causing a TypeError when the endpoint passed it through. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Updated configuration and environment variables to transition from MinIO to S3 storage, including changes to .env.example and Docker Compose files. - Introduced a new S3Config class for managing S3 settings and removed the MinIO configuration. - Refactored file management and state archival services to utilize the S3 client, ensuring compatibility with S3 operations. - Adjusted health checks and service dependencies to reflect the new S3 storage integration. - Updated documentation and comments throughout the codebase to replace references to MinIO with S3.
- Changed S3 access and secret keys in .env.example and test configuration to new values. - Updated Docker Compose files to reflect the new S3 access keys and added default bucket environment variable. - Modified health check command in Docker Compose to use the new status command for better service monitoring. - Added RPC settings in garage.toml for improved service configuration.
fix: Preserve Unicode filenames in sanitization and persist original names
- Enhanced functional tests to verify that edits to mounted files produce new outputs with unique file_ids instead of in-place overwrites. - Updated test descriptions for clarity on expected behavior regarding modified files. - Introduced a helper function to locate modified files based on the original file_id, ensuring accurate assertions in test cases.
…etup - Added a temporary filesystem configuration for /tmp with size and mode settings in both Docker Compose files. - Changed the directory for empty_proc from /tmp to /var/lib/code-interpreter in the Dockerfile and related service files. - Updated the sandbox execution commands to reflect the new empty_proc path and incorporated dynamic tmpfs size settings.
- Updated tmpfs mount options for /tmp in Docker Compose files to include noexec, nosuid, and nodev for improved security. - Refactored sandbox execution commands to apply the new tmpfs settings consistently across service files. - Introduced dynamic handling of skill dependencies with updated mount options to enhance security and isolation.
…rage-s3 Replace MinIO with S3-compatible storage (Garage)
…-0.42.0' into dev
…into dev # Conflicts: # requirements.txt
…pipeline - Remove nightly.yml entirely - Slim ci.yml from 11 jobs to 3 (static, unit, integration) — PR checks only, no Docker builds - Release.yml (unchanged) handles multi-arch image builds on merge to main/dev Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
chore(deps): Bump 6 Python dependencies
…tale files The repo had unnecessary docker-compose.prod.yml and docker-compose.local-test.yml files. docker-compose.yml is now the single production-ready base (pulls published GHCR image by default), and docker-compose.override.example.yml handles local dev overrides. All MinIO references across 10+ docs updated to S3/Garage to match the migration completed in usnavy13#90. Removed stale Reference/ directory and placeholder AGENTS.md. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Release: S3 migration, PTC bash, egress proxy, compose consolidation
…uth via URL credentials) Merges upstream usnavy13/LibreCodeInterpreter:main into On-Behalf-AI:main. Notable upstream changes pulled: - 67d2a18 feat: AUTH_ENABLED flag + Basic auth via URL credentials (LibreChat dev compat) - 64b4494 refactor: Replace MinIO with S3-compatible storage (Garage) - 9bf6479 feat: Sandbox network access for skill installations - 3b5794b feat(files): Update file upload restrictions and session limits - e85e9e8 fix: Match LibreChat's Unicode sanitization - 74bb001 chore: Simplify CI/CD — remove nightly, lean PR checks, keep release pipeline - 8323225 chore: Consolidate compose files, update docs for S3/Garage Conflict resolution: - .github/workflows/nightly.yml — accepted upstream deletion (74bb001). Our local commit 1032ee9 ("on-change+weekly schedule") aimed to reduce GHA minute consumption; upstream's full removal goes in the same direction. Going forward we rely on ci.yml (lean PR checks) + release.yml. Preserved On-Behalf-AI customizations: - .gitleaks.toml (whitelist upstream test fixtures + docs) - ci/nightly-on-change-weekly history (commits remain in tree even though the file is now deleted) Generated with [Claude Code](https://claude.ai/code) via [Happy](https://happy.engineering) Co-Authored-By: Claude <noreply@anthropic.com> Co-Authored-By: Happy <yesreply@happy.engineering>
7 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Sync
On-Behalf-AI/LibreCodeInterpreter:mainwith upstreamusnavy13/LibreCodeInterpreter:main(33 commits behind before this PR). Brings in theAUTH_ENABLEDflag and Basic-auth-via-URL-credentials support, needed to make our self-hosted code-interpreter compatible with LibreChatdevagain (LibreChat upstream PR #12767 removed theX-API-Keyheader fromuploadCodeEnvFile— see security-toolkit#96 for the corresponding workaround we applied on the LibreChat side).Notable upstream changes pulled
67d2a18feat: AUTH_ENABLED flag + Basic auth via URL credentials — the headline change. AddsAUTH_ENABLED(defaulttrue) and an alternative auth path: clients can now authenticate viaAuthorization: Basic base64("<key>:"), which axios/node-fetch generate automatically fromLIBRECHAT_CODE_BASEURL=http://<key>@host. Also addstests/integration/test_librechat_compat.py(236 lines) explicitly validating the LibreChat dev compatibility.64b4494refactor: Replace MinIO with S3-compatible storage (Garage)9bf6479feat: Sandbox network access for skill installations3b5794bfeat(files): Update file upload restrictions and session limitse85e9e8fix: Match LibreChat's Unicode sanitization (emoji, NFC, two-pass)74bb001chore: Simplify CI/CD — removesnightly.yml, slimsci.ymlfrom 11 jobs to 3 (PR checks only), keepsrelease.ymlfor multi-arch builds8323225chore: Consolidate compose files, update docs for S3/GarageConflict resolution
1 conflict (modify-vs-delete) on
.github/workflows/nightly.yml:1032ee9had switched the schedule from daily to on-change+weekly to reduce GHA minutes consumption.74bb001removednightly.ymlentirely with the same intent (reduce CI cost).ci.yml(lean PR checks) +release.yml(multi-arch builds on merge to main/dev). Our1032ee9commit remains in the history but the file it modified is gone.On-Behalf-AI customizations preserved
.gitleaks.toml(commit6470906) — whitelist for upstream test fixtures and docs false positives. Untouched by this merge.6470906,799a652,1032ee9) remain in the history above the merge commit.Diff stats
Test plan
git merge upstream/mainresolves with only the expected conflict (nightly.yml modify/delete)auth_enabled: bool = Field(default=True)is present insrc/config/security.py.env.exampledocumentsAUTH_ENABLED+ Basic-auth-via-URL methodstests/integration/test_librechat_compat.pyandtest_auth_disabled.pyare present.gitleaks.tomlpreservedci.ymlcode-interpreter:agent-skillsfromfeat/agent-skills-runtimeonce that branch is also synced (separate PR, see follow-up)Follow-ups (separate PRs)
feat/agent-skills-runtimewith this updatedmain(currently 33+ commits behind once this PR merges). That branch is what the productioncode-interpreter-apicontainer is built from.LIBRECHAT_CODE_BASEURL=http://<API_KEY>@code-interpreter-api:8000inLibreChat/.envto use the new Basic-auth path, then revert thelibrechat-api:v0.8.5pin we applied as workaround in security-toolkit#96. Tracked inSECURITY-OPERATIONS.md§8.5.🤖 Generated with Claude Code
via Happy