Conversation
- Added AUTH_ENABLED configuration to control API key authentication on user endpoints, with detailed documentation updates. - Introduced a new batch file upload endpoint to support multi-file uploads, preserving subdirectory structures. - Implemented a new PTC server for bash execution, allowing users to run bash code with the same JSON protocol as the Python server. - Updated Dockerfile to include jq for JSON processing in the bash PTC server. - Enhanced existing endpoints and services to accommodate the new features and ensure proper handling of authentication and file management.
- Added configuration options for enabling sandbox network access, allowing sandboxes to reach the internet through an inline allowlist proxy. - Implemented egress proxy and firewall to enforce outbound traffic restrictions, preventing SSRF vulnerabilities. - Updated Docker configurations to support new sandbox features, including persistent skill-deps caching. - Enhanced API with endpoints to inspect and purge the skill-deps cache, facilitating better management of installed dependencies. - Refactored execution services to accommodate network-enabled sandboxes, ensuring proper handling of package installations across multiple languages.
- Enhanced file upload logic to skip extension checks for agent files, allowing skill-priming uploads from the LibreChat host. - Increased the maximum number of files per session from 300 to 1000 to accommodate larger skill bundles and prevent upload errors.
- Added normalization functions for Python and Bash tool names to ensure compatibility with SDK-generated code. - Updated file handling in execution services to support new metadata fields, including `inherited`, `modified_from`, and `entity_id`. - Introduced read-only file handling during uploads, allowing for better management of file permissions in sandbox environments. - Enhanced unit tests to cover new features and ensure robust validation of file and tool name handling.
…essions - Egress proxy tunnel test: use IP literal 127.0.0.1 instead of localhost to avoid IPv6 resolution mismatch in CI - Batch upload mock: add missing is_read_only param to fake_store - Client-replay test: allow inherited file refs in exec response (matches LibreChat CodeExecutor.ts contract) - Bandit B103: suppress intentional 0o1777 chmod on shared skill-deps dir Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
feat: Auth, sandbox egress, file handling, and bash batch execution
- Introduced `original_filename` field in the FileInfo model to store pre-sanitization filenames. - Updated file upload and batch upload functions to include the original filename in metadata. - Enhanced file listing to return the original filename if available, improving metadata accuracy. - Adjusted file service methods to handle the new original filename parameter for better file management.
…-pass approach Align sanitize_filename with LibreChat#12977's sanitizeFilenameSegment: - NFC-normalize before sanitizing (handles decomposed accents) - Two-pass: strict ASCII [a-zA-Z0-9._-], permissive non-ASCII (only blocks C1 controls U+0080-U+009F) - Preserves emoji (📊) and ZWJ sequences that \w alone would strip Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The fake_store function in TestLibreChatUploadBatch had a fixed parameter list missing the new original_filename kwarg, causing a TypeError when the endpoint passed it through. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Updated configuration and environment variables to transition from MinIO to S3 storage, including changes to .env.example and Docker Compose files. - Introduced a new S3Config class for managing S3 settings and removed the MinIO configuration. - Refactored file management and state archival services to utilize the S3 client, ensuring compatibility with S3 operations. - Adjusted health checks and service dependencies to reflect the new S3 storage integration. - Updated documentation and comments throughout the codebase to replace references to MinIO with S3.
- Changed S3 access and secret keys in .env.example and test configuration to new values. - Updated Docker Compose files to reflect the new S3 access keys and added default bucket environment variable. - Modified health check command in Docker Compose to use the new status command for better service monitoring. - Added RPC settings in garage.toml for improved service configuration.
fix: Preserve Unicode filenames in sanitization and persist original names
- Enhanced functional tests to verify that edits to mounted files produce new outputs with unique file_ids instead of in-place overwrites. - Updated test descriptions for clarity on expected behavior regarding modified files. - Introduced a helper function to locate modified files based on the original file_id, ensuring accurate assertions in test cases.
…etup - Added a temporary filesystem configuration for /tmp with size and mode settings in both Docker Compose files. - Changed the directory for empty_proc from /tmp to /var/lib/code-interpreter in the Dockerfile and related service files. - Updated the sandbox execution commands to reflect the new empty_proc path and incorporated dynamic tmpfs size settings.
- Updated tmpfs mount options for /tmp in Docker Compose files to include noexec, nosuid, and nodev for improved security. - Refactored sandbox execution commands to apply the new tmpfs settings consistently across service files. - Introduced dynamic handling of skill dependencies with updated mount options to enhance security and isolation.
Replace MinIO with S3-compatible storage (Garage)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Major release merging accumulated work from
devintomain. 30 commits, 100 files changed (~8,800 additions, ~4,800 deletions).Storage: MinIO → S3-Compatible (Garage)
boto3garage.toml, updateddocker-compose.yml)Security Hardening
File Handling
FileServicewith orphan cleanupCI/CD Overhaul
ci.ymlreplacing oldlint.ymlanddocker-publish.ymlnightly.ymlandrelease.ymlworkflowsdocker-compose.prod.yml)Execution & Tool Calling
ptc_bash_server.py) with unit testsAuthentication
Bug Fixes
Testing
test_file_api.py,test_file_handling.py,test_mounted_file_edits.py)Docs & Config
AGENTS.mdCLAUDE.mdreferenceTest plan
pytest tests/unit/passesdocker compose up -dstarts cleanly with Garage S3 backendpytest tests/integration/passes against running stack🤖 Generated with Claude Code