Compare commits

...

171 commits
v1.20 ... main

Author SHA1 Message Date
Alessandro
3bb40576af Improve README conversion flow
Some checks are pending
Build And Publish Docker Images / plan (push) Waiting to run
Build And Publish Docker Images / build (push) Blocked by required conditions
Lead with a sharper Linux-computer positioning, desktop hero, and scannable feature table.

Put the Launcher first, collapse alternate install paths, add basic troubleshooting, and move starter prompts above the deep dives.

Trim the mid-README Space Agent detour to a footer note while keeping the safety and documentation sections.
2026-07-09 17:59:27 +02:00
Alessandro
c3f44b2c88 Merge branch 'main' into ready 2026-07-09 17:49:56 +02:00
Alessandro
fa05710da7 Reuse native parallel child logs
Pass each parent-visible child log into direct parallel worker execution so tool before_execution reuses it instead of creating a second generic tool log.

This keeps native badge types such as wait/progress (HDL) intact through execution, updates the parallel helper DOX contract, and adds a regression test for log reuse.
2026-07-09 17:42:41 +02:00
Alessandro
8d79f556c6 Fix parallel child log typing
Resolve tool-specific log objects for all parallel child jobs, removing the code_execution_tool-only special case and using native get_log_object() when available, with generic fallback.

Update parallel_tools docs to reflect the shared logging contract and add coverage for wait/ fallback behavior in parallel-tool tests.
2026-07-09 17:34:48 +02:00
Alessandro
1a6d0eb614 Ignore removed Time Travel workspaces
Drop queued debounced snapshots when the workspace directory is gone before the timer flushes.

This keeps transient delete/rename races from surfacing as Time Travel snapshot errors while preserving normal snapshot failures for existing workspaces.
2026-07-09 17:26:39 +02:00
Alessandro
1bd741ff7f Migrate saved Venice model config
Repair saved _model_config user config and presets so Venice model slots use chat completions with the Venice system prompt disabled. Leave a0_venice slots untouched and add regression coverage for parsing and slot preservation.
2026-07-09 17:19:33 +02:00
Alessandro
84c13dab01 Add built-in goal management plugin
Adds the always-enabled _goal plugin with per-chat goal storage, WebUI goal strip, /goal slash command, and agent-facing goal tools.

Includes command-picker integration, focused plugin tests, and the generated 256x256 thumbnail asset.
2026-07-09 17:09:08 +02:00
Alessandro
9c9a4e00ca Add built-in slash commands plugin
Introduce the _commands plugin with command storage, picker UI, bundled canonical command pack, and legacy migration into the built-in namespace.

Polish the Web UI picker behavior, hide WebUI-only-inappropriate commands from the popover, make /models always open model configuration, and add regression coverage for command CRUD, plugin discovery, migration, canonical names, hidden commands, and picker flows.
2026-07-09 16:00:30 +02:00
Alessandro
3d87998821 Exclude Time Travel history from backups
Skip usr/.time_travel during self-update user-data backups and add the same Time Travel shadow-history exclusion to default BackupService metadata.\n\nAdd focused regressions proving regular user files stay in backup coverage while Time Travel shadow repositories are omitted.
2026-07-09 13:27:03 +02:00
Alessandro
bc96386260 Add External Services plugin settings section
Expose plugins that declare the external settings section from the External Services settings page.

Wire the sidebar item, subsection mount, and settings DOX contract so plugin sections use matching tab IDs.
2026-07-09 13:20:48 +02:00
Alessandro
f64b6490c5 Add bundled Orchestrator plugin
Promote the terminal agent work into the built-in plugins tree as _orchestrator with Orchestrator branding and the orchestrator skill.

Include adapter status APIs, settings UI, per-agent skill references, thumbnail asset, tests, and DOX coverage for the bundled plugin.
2026-07-09 13:18:44 +02:00
Alessandro
f1787b65f5 Fix code execution PTY reset hangs
Start local PTY shells in a new process session and make close() escalate from SIGTERM to SIGKILL when a foreground command refuses to exit. This keeps code_execution_tool reset from blocking indefinitely on stuck terminal processes.\n\nAdd regression coverage for closing a TERM-resistant shell and document the reset lifecycle contract.
2026-07-09 03:29:52 +02:00
Alessandro
5f14435093 Normalize Codex Responses input shape
Ensure the Codex OAuth Responses proxy forwards list-shaped input for empty continuation turns while preserving string prompts as user input items. Add regression coverage for the gpt-5.5 continuation case and document the proxy contract.
2026-07-09 02:41:03 +02:00
Alessandro
a7255d9773 Await cached component module imports
Ensure x-component loading awaits cached dynamic import promises before appending deferred markup, matching first-load behavior and preventing Alpine bindings from running before imported stores register.

Document the loader contract in the WebUI JS DOX notes.
2026-07-08 20:53:56 +02:00
Alessandro
4f80ded531 Fix transient UI layering over modals
Raise notification toasts and Bootstrap tooltips above normal and legacy modal overlays while keeping confirmation dialogs on top.

Remove the duplicate tooltip CSS block and add a focused regression for the layer ordering contract.
2026-07-08 15:37:18 +02:00
Alessandro
6dfe33c493 Fix Codex OAuth request metadata
Send current Codex client metadata and compatibility headers on proxied Responses requests so ChatGPT OAuth calls pass upstream call checks.

Return Codex model slugs as the primary list while preserving model metadata for descriptions in the OAuth settings UI.
2026-07-08 15:08:44 +02:00
Alessandro
eb1326ccd3 Document Agent Zero runtime environment
Some checks are pending
Build And Publish Docker Images / plan (push) Waiting to run
Build And Publish Docker Images / build (push) Blocked by required conditions
Teach the agent prompt about the split framework and task Python runtimes so backend checks use /opt/venv-a0 while user-code tasks use /opt/venv.

Document the WebUI JSON API and CSRF token flow so terminal/API work can use the same session cookies and X-CSRF-Token correctly.
2026-07-08 14:38:43 +02:00
Alessandro
bcf2634000 Add AGENTS.md protocol guidance
Load active-project AGENTS.md path-chain guidance into the protocol area without duplicating the project root instructions.

Move the AGENTS.md protocol wording into a prompt template, reuse existing file/path helpers, and cover direct-path discovery plus prompt assembly with focused tests.
2026-07-08 14:29:15 +02:00
Alessandro
f8b06e0b12 Remove legacy skill prompt cleanup
Delete the empty active-skills prompt extension and its unused prompt template now that selected skills are loaded through chat history instead of protocol. Stop clearing legacy loaded_skills keys from protocol/extras in the loaded-skills hook while keeping history reattachment for compacted skill bodies.
2026-07-08 12:42:43 +02:00
Alessandro
0de0fcec0e Simplify relevant skill recall
Search the raw user message when recalling relevant skills instead of the rendered history wrapper.

Replace the stopword catalog with structural matching: names use normal terms, tags/triggers use long terms or phrase matches, and descriptions require phrase matches.
2026-07-08 12:32:19 +02:00
Alessandro
dea64ddad0 Load skills into chat history
Switch the Skills catalog UI/API from scope-wide prompt pins to current-chat history loading, and remove user-facing removal of loaded skills.

Disable legacy active-skill prompt injection so forgotten scope config no longer inflates new-chat prompts.
2026-07-08 01:52:22 +02:00
Alessandro
5ac4f75a47 Stop WebUI startup scripts from blocking render
Load startup vendor scripts with defer and serve Bootstrap locally so the first WebUI mount no longer depends on a parser-blocking CDN request.

Add a focused regression that rejects undeferred classic startup scripts in index.html and documents the vendor/startup contract.
2026-07-08 01:28:36 +02:00
Alessandro
7aba42d46e Default local providers to chat completions
Force chat-completions transport by default for local and broad OpenAI-compatible chat providers whose Responses API implementations are often missing or unstable.\n\nCovers LM Studio, llama.cpp, Ollama, Ollama Cloud, oMLX, vLLM, and Other OpenAI compatible while leaving embedding provider defaults untouched. Updates provider-default regression coverage for the new chat-only defaults.
2026-07-07 17:01:46 +02:00
Alessandro
ad148f24cc Fix Responses state after history compaction
Clear the active Responses provider continuation when automatic history compression or manual chat compaction rewrites local history, while preserving stored response IDs for cleanup.

Add focused regressions for both compression paths so compacted chats do not keep stale provider-side context.
2026-07-07 16:59:49 +02:00
Alessandro
67895f7b44 Default direct Venice to chat completions
Set the shipped direct Venice chat provider default to use Agent Zero's chat-completions transport while preserving the existing Venice API base and disabled Venice system prompt injection.\n\nAdd a focused regression check that direct venice gets the chat default, a0_venice and embeddings stay untouched, and explicit model kwargs can still override the provider default.
2026-07-07 16:52:27 +02:00
Alessandro
96fd5fc2b2 Ignore browser key handling for local editable targets
Prevent Browser keyboard capture from preventing chat composer typing when focus is in editable fields (including contenteditable).
2026-07-07 15:15:36 +02:00
Alessandro
9bb3cb9469 Render parallel code execution as EXE
Use the code_exe log type for code_execution_tool children launched through parallel so the WebUI reuses the existing code execution renderer.

Add a focused regression test and document the parallel child-log contract.
2026-07-07 13:56:38 +02:00
Alessandro
101d84551d Update launcher README links to v1.2
Some checks failed
Build And Publish Docker Images / plan (push) Has been cancelled
Build And Publish Docker Images / build (push) Has been cancelled
Point the root README's A0 Launcher downloads and release note link at the published v1.2 assets without moving the Agent Zero v2.2 tag.
2026-07-06 15:52:19 +02:00
Alessandro
8871bf5001 Update launcher README links to v1.2
Some checks failed
Build And Publish Docker Images / plan (push) Has been cancelled
Build And Publish Docker Images / build (push) Has been cancelled
Point the root README's A0 Launcher downloads and release note link at the published v1.2 assets without moving the Agent Zero v2.2 tag.
2026-07-06 15:28:57 +02:00
Alessandro
6998789ed3 Normalize MCP stdio command lines
Accept shell-style local MCP command values from the manager before spawning stdio clients, so configs like uvx workspace-mcp resolve to the correct executable and args.

Split collapsed option/value argument lines in the MCP manager, document the input contract, and add a regression for the google_workspace MCP shape.
2026-07-05 20:11:19 +02:00
Alessandro
afa5231a5a Refine BYOB host browser endpoint selection
Reduce Browser Settings host-browser choices to automatic and advertised debug endpoints, with a validated Custom endpoint input and faster inventory refresh.

Update Browser docs and regressions to document the custom endpoint workflow and CLI websocket selection.
2026-07-05 19:59:30 +02:00
Alessandro
c719134537 Document host browser debugging setup
Add Browser Settings guidance for supported Chromium-family remote debugging pages, including Opera and explicit remote-debugging endpoint fallback.

Update BYOB docs and troubleshooting to clarify that browser inventory comes from the connected A0 CLI and requires reconnecting the CLI after authorizing a browser.
2026-07-05 18:59:23 +02:00
Alessandro
7168f0984e Refresh BYOB browser inventory
Some checks are pending
Build And Publish Docker Images / plan (push) Waiting to run
Build And Publish Docker Images / build (push) Blocked by required conditions
Poll connected A0 CLI host-browser metadata while Browser Settings is open so newly authorized endpoints appear without saving or reopening.

Extend Browser Settings labels and remote-debugging guidance for Brave, Opera, Vivaldi, and Chromium-family host browsers with regression coverage.
2026-07-04 19:22:57 +02:00
Alessandro
7298a88fda Add BYOB host browser selection
Add host_browser_selection config normalization, Browser Settings UI choices from CLI-advertised inventory, and browser_selection forwarding through connector browser operations.

Expose host browser ids, labels, and available_browsers through A0 connector metadata and the browser_runtime API, with regression coverage for selection normalization.
2026-07-04 18:33:58 +02:00
Alessandro
d018177927 Add configurable Browser tab scope
Expose Browser settings for separate per-chat tabs versus a shared tab strip, and surface the existing maximum-tabs-per-chat cap. Make viewer WebSocket payloads carry the selected tab scope so the Browser panel can render the right tab list without guessing.

Keep the default scoped per chat, preserve the shared mode as an opt-in fallback, and cover both paths with Browser regression tests.
2026-07-04 16:52:39 +02:00
Alessandro
9bfa3b5c81 Fix Browser viewer input after stream restarts
Notify screencast consumers when a stream is stopped so the WebSocket frame supervisor restarts after viewport-driven screencast resets.

Keep the active canvas as the frame/input surface and avoid replacing live screencasts with click snapshots, preserving hover, click, and wheel feedback.

Tested: conda run -n a0 pytest tests/test_browser_agent_regressions.py -q
2026-07-04 16:21:46 +02:00
Alessandro
153ffcc221 Harden browser frame push completion paths
Wake the WebSocket screencast supervisor when the runtime frame task stops before delivering a consumer frame, and keep fatal frame exits eligible for normal CDP teardown.

Avoid resizing the Browser canvas backing store on every frame when bitmap dimensions are unchanged, preventing unnecessary clears and reallocations.
2026-07-03 11:22:23 +02:00
Alessandro
69fb0fca2a Smooth browser viewer rendering and frame push
Render live browser screencast frames through a canvas/ImageBitmap path while keeping the existing image/data-url path for snapshots and fallback rendering.

Attach WebSocket streams as runtime screencast consumers so delivered frames are pushed to the server loop and acknowledged after emit, removing the per-frame read_screencast_frame runtime round trip.
2026-07-03 11:06:14 +02:00
Alessandro
277bcd0783 Prevent browser frame stretch on resize
Keep the live browser frame proportional while the viewer is being resized by using contain sizing instead of stretching the stale frame to the transient surface shape.

Update the regression guard so the viewer contract pins the proportional render path.
2026-07-03 03:16:11 +02:00
Alessandro
727a840e10 Keep WebUI browser frames on base64 fallback
Disable WebUI binary-frame negotiation until its Socket.IO client reconstructs frame attachments as real Blob, ArrayBuffer, or typed-array values.

Reject placeholder binary payloads instead of wrapping them into broken image blobs, preserving the slim-frame path through base64 frames.

Document the transport constraint and pin the fallback behavior in browser regression coverage.
2026-07-03 02:15:54 +02:00
Alessandro
91b3bc9613 Slim browser viewer frame transport
Negotiate binary and slim screencast frames so updated clients avoid base64-in-JSON and repeated viewer metadata on every frame.

Clamp screencast capture to the subscriber viewport and DPR, lower streaming JPEG quality while preserving snapshot quality, and teach the client to manage binary frame URLs safely.

Document the browser viewer performance plan and update regression coverage for the new transport contract.
2026-07-03 01:49:07 +02:00
Alessandro
686e039d1b Wait for Browser screencast frames
Replace the WebSocket viewer frame pump's idle poll with read_screencast_frame so live screencast delivery follows the producer cadence instead of a 50 ms sleep cycle.

Keep idle-page timeouts inside the stream loop to avoid screencast restart flashes, and update the Browser regression test to pin the blocking read path and timeout handling.
2026-07-03 01:25:56 +02:00
Alessandro
306012eb00 Default desktop text files to Writer
Set LibreOffice Writer as the Desktop MIME default for Markdown and plain text while keeping Agent Zero Editor as the secondary Open With association.

Update the Desktop DOX contract and extend the routing regression test to pin the Writer-first association order.
2026-07-03 01:08:02 +02:00
Alessandro
05481c222a Fix browser URL intent routing
Limit the Browser URL-intent handler to web URL schemes so custom Agent Zero schemes fall through to their owning surfaces.

Document the scheme-ownership contract and cover the a0-editor misroute regression in the desktop/editor routing test.
2026-07-03 01:07:49 +02:00
Alessandro
6580ae8bec Avoid password-manager prompts in settings
Some checks failed
Build And Publish Docker Images / plan (push) Has been cancelled
Build And Publish Docker Images / build (push) Has been cancelled
Render settings secrets as masked text inputs instead of browser password fields. Add a static regression test so settings password controls do not return during future refactors.
2026-07-02 17:29:40 +02:00
Alessandro
da505de50a fix: prevent stale OAuth model provider selection
Render the OAuth model provider select as unchosen when the stored model slot still points at a non-connected or non-OAuth provider. This avoids showing Codex/ChatGPT as selected while the model input remains disabled, keeping account-backed model selection explicit.
2026-07-02 17:29:40 +02:00
Alessandro
0a9e15be87 Disable What's New cards
Move active What's New content into an empty slide list so the startup modal stays quiet until new cards are added. Keep manual Open available with an empty state, and update the static test plus DOX contract for dormant periods.
2026-07-02 17:29:40 +02:00
Alessandro
bcdc99e6cc Clarify optional memory plugin docs
Remove memory-plugin assumptions from root and non-plugin DOX contracts so disabled plugins are not implied as available runtime behavior.

Keep the memory plugin documented only in its owning plugin subtree and mark it optional from the parent plugin index.
2026-07-02 17:29:40 +02:00
Alessandro
63d0536cdc Update default main model to Claude Sonnet 5
Set the bundled model config, Balance preset, and onboarding OpenRouter default to anthropic/claude-sonnet-5. Refresh the model config README example to match.
2026-07-02 17:29:40 +02:00
Alessandro
446031429d Refresh Codex OAuth model defaults
Stop seeding stale Codex OAuth model metadata so connected accounts use the upstream /models response instead of the retired gpt-5.2-codex default.

Use gpt-5.5 as the Codex proxy fallback model, omit the fake legacy client version when Codex CLI is unavailable, and remove the stale Copilot fallback entry.

Add focused OAuth regressions for the current default model, upstream model-list behavior, and Copilot fallback ordering.
2026-07-02 17:29:40 +02:00
Alessandro
50f80d57dc Refresh onboarding screenshots in docs
Update first-run onboarding docs for the welcome screen, in-chat model gate, Cloud/AI account/Local provider paths, and explicit main and utility model choices.

Replace stale onboarding screenshots with optimized current assets and add gate, account, and local-provider captures.
2026-07-02 17:29:40 +02:00
Alessandro
caf5c2f129 Refine onboarding model setup flow
Remove composer blocking so sends always create or enter a chat and route missing-model messages through the in-thread gate.

Make Utility model selection explicit by removing same-as-main sync and defaulting to each provider's utility model when available.

Compact onboarding success channel cards and update static regressions for the new onboarding/gate behavior.
2026-07-02 17:29:40 +02:00
Alessandro
8d887e6f6d Unify onboarding provider selection
Replace the separate Cloud/Local illustrated path screen with a single provider step that switches between Cloud, Account, and Local choices.

Route the first-send gate account choice through onboarding, remove the old Cloud/Local card assets, and keep model setup in the existing onboarding flow.

Update static onboarding and welcome composer regressions for the merged provider step.
2026-07-02 17:29:40 +02:00
Alessandro
b75b0f2c5c Require explicit model choice after OAuth connect
Stop auto-populating Main and Utility models when an OAuth account is already connected or newly connected.

Add a connected-account gate state that routes users to model configuration instead of choosing provider defaults silently.

Update OAuth notifications, chat gate copy, DOX contracts, and focused static regressions for the explicit model-selection flow.
2026-07-02 17:29:40 +02:00
Alessandro
04ecaac0cd Add deferred first-send model gate
Move missing-model setup out of the welcome screen and into an in-thread gate that preserves the pending prompt, survives refresh, and auto-dispatches after a usable model is configured.

Reuse existing onboarding, OAuth account settings, and advanced model configuration surfaces instead of duplicating provider forms. Connected OAuth accounts can now populate Main and Utility defaults when no chat model is configured.

Update model readiness checks, focused static regressions, and DOX contracts for the new deferred setup flow.
2026-07-02 17:29:40 +02:00
Alessandro
038f88848d Fallback when Responses mock parses SSE
Detect LiteLLM JSONDecodeError failures caused by the Responses mock streaming iterator trying to parse a real SSE stream.

Fall back to Chat Completions before any output is emitted, keeping custom OpenAI-compatible proxy prefixes provider-neutral.

Add a regression test for SSE-shaped JSON decode failures and update the transport DOX contract.

Verified with: PYTHONPATH="/home/eclypso/a0/agent-zero" conda run -n a0 pytest tests/test_stream_tool_early_stop.py tests/test_responses_architecture.py -q; PYTHONPATH="/home/eclypso/a0/agent-zero" conda run -n a0 python -m py_compile helpers/litellm_transport.py; docker exec -i -w /a0 9c436228a4a2 /opt/venv-a0/bin/python -m py_compile helpers/litellm_transport.py; git diff --check.
2026-07-02 17:29:40 +02:00
Alessandro
09fb555ec7 Prevent selecting message action buttons
Mark message action button chrome as non-selectable so copy/paste captures message text without toolbar icon labels.

Add a static regression for the shared action-buttons stylesheet.
2026-07-02 17:29:40 +02:00
Alessandro
8ecd7a7f52 Fix file browser action menu clipping
Render file action menus outside the scroll container with fixed positioning so dropdowns remain visible while file list scrolling stays intact.

Deduplicate component body assets during x-component loading and add regressions for the menu, opaque header, and duplicate scoped styles.
2026-07-02 17:29:40 +02:00
Alessandro
0f7429daef Fix streamed parallel tool extraction
Only treat top-level JSON objects as tool roots during streaming, so a complete nested tool_calls item cannot end the stream before the parallel wrapper closes.

Add regression coverage for partial parallel wrapper snapshots.
2026-07-02 17:29:40 +02:00
Alessandro
b805773c91 Render composer code blocks from typed fences
Switch the chat composer to a Markdown-backed contenteditable editor so typing a triple-backtick fence and pressing Enter creates a visual code block while pasted fenced Markdown stays plain text.

Serialize visual code blocks back to fenced Markdown for send/history, keep full-screen input in sync with the backing store, and update the focused composer regression plus DOX contract.
2026-07-02 17:29:40 +02:00
Alessandro
6ab402172f Prune deleted saved chats from sidebar state
Mark chats after successful persistence and reconcile saved chat IDs while building WebUI state snapshots so stale in-memory contexts disappear after their chat files are removed.

Keep fresh unsaved chats visible, skip running contexts, and cover the regression with snapshot and persistence tests.
2026-07-02 17:29:40 +02:00
Alessandro
738949031b Stabilize LiteLLM provider fallback
Fall back to Chat Completions for provider/proxy Responses endpoint failures before any output is emitted.

Preserve streamed Chat Completions tool-call deltas as structured LLMResult function-call items, so fallback providers can still drive tools.

Document Docker host-gateway addressing for local model servers, where container localhost does not reach host loopback.

Verified with: PYTHONPATH="/home/eclypso/a0/agent-zero" conda run -n a0 pytest tests/test_stream_tool_early_stop.py tests/test_responses_architecture.py -q; PYTHONPATH="/home/eclypso/a0/agent-zero" conda run -n a0 python -m py_compile helpers/litellm_transport.py helpers/llm_result.py; git diff --check.
2026-07-02 17:29:40 +02:00
Alessandro
b07d142938 Coerce memory load numeric args
Normalize memory_load threshold and limit values from model calls before vector search so numeric strings from Responses tool arguments do not reach FAISS unchanged.

Add a focused regression covering string threshold/limit values and document the memory plugin contract.
2026-07-02 17:29:40 +02:00
Alessandro
0b38258d6c Show Utility Model rename failures
Notify users when automatic chat renaming cannot reach the Utility Model, while keeping the rename task best-effort. Normalize saved generated titles, mark WebUI state dirty after successful saves, and cover the success and failure paths with focused tests.
2026-07-02 17:29:39 +02:00
Alessandro
186ca2fde6 Update launcher README links to v1.1
Some checks failed
Build And Publish Docker Images / plan (push) Has been cancelled
Build And Publish Docker Images / build (push) Has been cancelled
Point the root README's A0 Launcher downloads and release note link at the published v1.1 assets without moving the Agent Zero v2.1 tag.
2026-06-30 18:11:03 +02:00
Alessandro
d61c4ae67f Update launcher README links to v1.0
Some checks failed
Build And Publish Docker Images / plan (push) Has been cancelled
Build And Publish Docker Images / build (push) Has been cancelled
Refresh the root README download table from A0 Launcher v0.9 to v1.0 asset URLs and point the release-note link at the v1.0 release page. This commit intentionally sits after the v2.1 tag without moving the tag.
2026-06-26 16:25:19 +02:00
Alessandro
48087de008 Render plain Responses completions
When Responses mode accepts a plain-text final answer, reuse the active generating log item as a finished response entry so the WebUI does not remain on the Calling LLM step.

Skip normal tool JSON and existing live response-tool logs, and cover the fallback with focused regression tests.
2026-06-26 15:00:02 +02:00
Alessandro
272a0d8dfa Normalize Responses tool schemas
Ensure function parameter schemas include an explicit properties object before Responses requests are dispatched through LiteLLM.

Keep prompt/MCP permissive schemas compatible with stricter OpenAI-compatible chat validators and cover chat, legacy function, and native Responses tool inputs with regressions.
2026-06-26 14:48:41 +02:00
Alessandro
a4b2848172 Fix WebUI message replay ordering
Treat full log snapshots as authoritative replays by clearing the message DOM when the snapshot starts at log no 0, then render logs in backend order. This prevents streamed responses from staying above earlier welcome/user messages after sync races while keeping incremental updates patch-based.
2026-06-26 14:15:54 +02:00
Alessandro
7160747607 Remove backup file count cap
Let backup creation and restore cleanup use unlimited pattern scans so archives for agents with more than 50,000 files are complete. Keep UI preview and dry-run paths bounded for responsiveness while making the dry-run truncated flag safe for optional limits.

Add regression coverage for unlimited scans, backup creation, clean-before-restore, and restoring an archive entry past the old 50,000-file boundary.
2026-06-26 14:03:51 +02:00
Alessandro
b11818bfff Accept JSON-string parallel tool calls
Restore parallel normalization tolerance for provider/model outputs that stringify the tool_calls array inside tool_args.

The wrapper still expects normal tool-call objects after decoding, so nested parallel and document_query guards continue to run through the same validation path.
2026-06-26 13:47:35 +02:00
Alessandro
5c914bc49e Tighten Responses bad request fallback
Keep fallback for endpoint-specific and Venice-style Responses payload rejections, but stop treating generic Bad Request validation text as proof that Responses is unsupported.

Add a regression that generic pre-output Responses 400s raise without trying Chat Completions.
2026-06-25 21:51:13 +02:00
Alessandro
eab40dc121 Flatten tool JSON extraction
Keep the valid-tool-root preference added for streamed snapshots, but avoid collecting and re-walking parsed candidates.

Remember the first parsed object/root while scanning and use a small predicate for tool-request recognition.
2026-06-25 21:49:29 +02:00
Alessandro
bf72345da6 Simplify skill frontmatter warnings
Keep the malformed SKILL.md warning behavior, but reduce the diagnostic machinery to a once-per-path warning with line numbers only for parser-owned structural errors.

Update the regression to assert the stable warning message without depending on the previous path/line/error dedupe key.
2026-06-25 21:48:16 +02:00
Alessandro
53a12a2ddd Prefer tool roots in streamed snapshots
Keep the streaming early-stop caller untouched by making extract_json_root_string prefer the first complete JSON root that normalizes as a tool request while preserving its first-root fallback for non-tool JSON.

Add regression coverage for incidental JSON before a streamed tool-call envelope.
2026-06-25 14:16:28 +02:00
Alessandro
884f13dea6 Keep skills tooling compatible
Default empty skills_tool calls to list, accept legacy method as a deprecated action alias, and warn when malformed SKILL.md frontmatter causes a skill to be skipped. Update the helper/tool DOX notes and focused regressions.
2026-06-25 09:41:08 +02:00
Alessandro
bd7e829a0f Materialize MCP image attachments
Save MCP image and image-resource payloads as scoped artifacts, return their paths in tool text and attachment metadata, and keep them model-visible through raw image history content. This gives downstream media delivery a real file path instead of only an inline data URL.
2026-06-25 09:40:47 +02:00
Alessandro
72cc78f8a5 Fallback Responses bad requests
Treat pre-output Responses API 400 validation failures as unsupported so OpenAI-compatible providers that reject /v1/responses payloads can retry through Chat Completions. Also prefer a valid tool-call JSON object after leading prose or incidental JSON to reduce false misformat warnings.
2026-06-25 09:40:37 +02:00
Alessandro
855694faf4 Add What's New plugin thumbnail
Some checks are pending
Build And Publish Docker Images / plan (push) Waiting to run
Build And Publish Docker Images / build (push) Blocked by required conditions
Add the missing 256x256 thumbnail asset for the built-in What's New plugin. The image is compressed under 20 KB and stored in the plugin web UI asset location used by bundled plugin cards.
2026-06-24 13:21:28 +02:00
Alessandro
6dfd3d5d5b Refresh install docs for Launcher and A0 Install
Update the docs index, quickstart, and installation guide to present A0 Launcher, A0 Install, and direct Docker as distinct setup paths.

Add the A0 Launcher v0.9 download matrix, document headless installer usage, and align visible architecture labels with the x86/ARM wording.
2026-06-24 13:08:11 +02:00
Alessandro
ac1051b511 Update README install options
Move installation guidance out of the feature overview and split it into Launcher, A0 Install, and direct Docker paths.

Add the A0 Launcher v0.9 download matrix, document headless A0 Install usage, and keep the visible architecture labels aligned with the requested x86/ARM wording.
2026-06-24 13:06:42 +02:00
Alessandro Frau
e2a23aafe6
Merge pull request #1705 from TriTechAI/fix/git-pager-cpu-spin
Disable pagers in non-interactive code execution shells
2026-06-24 11:14:27 +02:00
Alessandro
a18a35977a Fix pytest capture import in TTY session
Guard stream reconfiguration so pytest capture objects without reconfigure support can import the code execution TTY helper while preserving UTF-8 error handling for normal streams.
2026-06-24 11:13:42 +02:00
Alessandro Frau
1a43bfee46
Merge pull request #1719 from TerminallyLazy/codex/tiny-local-tool-use
[codex] Add Tiny Local tool-use profile
2026-06-24 11:06:14 +02:00
Alessandro
68c31b51e1 Raise Docker open file limit at startup
Raise the runtime container soft nofile limit before supervisord starts so WebUI and managed services inherit a larger descriptor allowance.

Add an explicit compose nofile example, document the startup contract, and cover the limit raise and hard-limit cap with focused regression tests.
2026-06-24 11:00:00 +02:00
Alessandro
1d90c27f3b Document Launcher setup and v2.0 upgrade path
Add a Launcher guide with runtime setup, Installs, Instances, and screenshot capture notes.

Link the guide from README, quickstart, and docs index, and clarify the v1.20-to-v2.0 image upgrade path with backup/restore screenshots.
2026-06-24 10:54:43 +02:00
TerminallyLazy
2131a5f336 fix: tighten tiny local repeat recovery 2026-06-24 04:37:32 -04:00
TerminallyLazy
15aa7d71f0 feat: add tiny local tool-use profile 2026-06-24 03:59:21 -04:00
Alessandro
9ea5ac07c2 Handle Xpra fallback on amd64 Docker builds
Some checks are pending
Build And Publish Docker Images / plan (push) Waiting to run
Build And Publish Docker Images / build (push) Blocked by required conditions
Use the same minimal trixie Xpra fallback package set for any architecture when the preferred Xpra repository is unsatisfiable.

This lets amd64 recover from current xpra beta sid libopenjph dependency drift like arm64 already does.
2026-06-23 21:26:37 +02:00
Alessandro
022bae8496 Fix welcome composer idle placeholder overlap
Suppress the chat progress ghost placeholder until a chat is selected so the welcome new-chat prompt remains the only visible composer hint. Add a focused static regression for the welcome composer idle-progress overlap case.
2026-06-23 20:31:23 +02:00
Alessandro
3fae1f49e7 Expose context window size in model settings
Move the ctx_length control for main and utility model slots above the Advanced disclosure while keeping embeddings excluded. Add a static regression guard so primary context controls stay visible outside Advanced.
2026-06-23 20:07:59 +02:00
Alessandro
f051d6580f Fix mobile compaction modal spacing
Reset inherited mobile white-space inside the chat compaction modal so template indentation does not render as large vertical gaps.

Constrain the custom dialog body and raise the overlay above the mobile canvas rail.
2026-06-23 19:58:06 +02:00
Alessandro
4ba591358e Fix unsecured connection settings link
Route the Configure credentials banner link through the welcome banner action dispatcher so it opens Settings directly at External Services > Authentication.\n\nAdd coverage for the unsecured connection banner and document the structured banner action contract for future banner links.
2026-06-23 18:47:10 +02:00
Alessandro
3106abce96 Preserve surface windows across refresh
Restore restorable surface modals through the initFw_end extension hook and keep right-canvas state in session storage for normal reloads.

Fix Desktop host visibility after modal cleanup so preserved iframes reattach to real modal or canvas hosts, and remove the duplicate file-browser path icon overlay.
2026-06-23 18:28:16 +02:00
Alessandro
4b49386f96 Refactor a0-development into grounded references
Split the monolithic a0-development skill into a lean entry point plus focused reference files for runtime, DOX, tools, extensions, API/WebUI, profiles, prompts, skills, projects, and plugin workflow.

Update the skill DOX ownership for the new references directory and clarify the root framework-vs-agent Python runtimes plus port-discovery guidance.

Verified with git diff --check, targeted skill/tool tests under PYTHONPATH, and live localhost:32769 skill loading/read_file checks before committing.
2026-06-23 17:51:43 +02:00
Alessandro
d707fe7bcf Restore shared text button styling
Reintroduce the shared .text-button primitive in WebUI button CSS so model-config preset controls no longer depend on the chat composer being mounted first.

Document the shared compact text-action contract and add a focused regression covering Model Presets and Model Configuration text-button usage.
2026-06-23 17:36:37 +02:00
Alessandro
5c5dc07f92 Clarify Gemini OAuth as Google Cloud
Rename the Gemini OAuth provider surface to Google Cloud Gemini so the OAuth provider list points users toward the required Google Cloud project setup.

Align model-provider metadata, usage-plan copy, README wording, and static assertions while keeping the Gemini API OAuth mechanics unchanged.
2026-06-23 17:30:11 +02:00
Alessandro
617adaf8a2 Keep welcome screen free of docked canvas
Route non-action canvas surfaces to their floating/modal forms while the welcome screen is active, and keep the canvas rail/shell hidden until a chat is selected.

Open the welcome Files quick action through the File Browser modal directly so the first screen remains composed.

Document the welcome/canvas boundary in the local DOX contracts and add focused regression assertions for the canvas guard and Files quick action.
2026-06-23 17:23:45 +02:00
Alessandro
8bcf1d3165 Fix mobile modal layering over canvas rail
Raise the shared modal stack above the mobile right-canvas rail so blocking modals remain authoritative on small screens. Compact the mobile rail below 420px to reduce intrusion on narrow phones, and document the stacking contract in the owning DOX files.

Verification: pytest tests/test_browser_agent_regressions.py -q; pytest tests/test_office_canvas_setup.py -q; git diff --check; headless Chrome smoke confirmed modal content wins at the rail overlap point.
2026-06-23 16:41:15 +02:00
Alessandro
53ad7ba2dc Persist loaded skills through compaction
Store explicitly loaded skill IDs as chat-wide context data while keeping full skill bodies in normal tool-result history. Reattach any loaded skill body that is no longer visible after compaction by reimporting the current skill from its source, without revision hashes or protocol reinjection.

Update compaction and summary prompts to preserve loaded skill names only, refresh DOX contracts, and add focused coverage for context-data persistence, legacy agent-data migration, duplicate suppression, and post-compaction reattachment.
2026-06-23 16:32:21 +02:00
Alessandro
bd584da2f4 Improve Editor text file workflows
Generalize the Editor storage/session path from Markdown-only to exact-text .md and .txt documents, including open, save, Save As, and rename refresh behavior.

Expose Open in Editor as a visible row action in the File Browser for Editor-owned text files, keep non-Editor surface opens in the overflow menu, and route Desktop text MIME handling through the Editor bridge.

Tests: node --check webui/components/modals/file-browser/file-browser-store.js; python -m py_compile plugins/_office/helpers/document_store.py plugins/_editor/helpers/markdown_sessions.py plugins/_editor/api/editor_session.py plugins/_editor/api/ws_editor.py plugins/_desktop/helpers/desktop_session.py plugins/_desktop/api/desktop_session.py plugins/_office/api/office_session.py plugins/_office/api/ws_office.py; pytest tests/test_office_document_store.py tests/test_file_browser_navigation.py tests/test_office_canvas_setup.py -q
2026-06-23 14:42:49 +02:00
Alessandro
6ccd48e81f Group mobile browser toolbar controls
Move Annotate and Browser settings into the Browser toolbar so narrow views keep navigation and controls on one row above a full-width address bar.

Make the Browser panel itself the container-query boundary so mobile modals and narrow right-canvas panels share the same polished toolbar layout, with regression and DOX coverage.
2026-06-23 14:17:13 +02:00
Alessandro
0028473ec9 Polish mobile browser affordances
Keep the File Browser path and search affordances on compact mobile rows, with create buttons sharing the search row and the Up control sharing the path row.

Give the Web Browser mobile toolbar a full-width address row by moving navigation controls above it, and add regression/DOX coverage for the layout contracts.
2026-06-23 14:01:30 +02:00
Alessandro
a27ac51136 Route mobile canvas rail to modals
Keep the right-canvas rail visible at mobile widths while routing non-action surface affordances into floating modals instead of the side canvas shell. Hide mobile surface-modal header controls except the close button and Editor New action, and clamp floating surface modal geometry to narrow viewports.
2026-06-23 13:28:38 +02:00
Alessandro
82bb0b9292 Refine What's New update gating
Show the What's New modal once per newer version by default, add a browser-local permanent opt-out checkbox, and expose the modal through the builtin plugin Open action. Keep the legacy modal path as a compatibility redirect and update the local DOX/tests for the new contract.
2026-06-23 13:14:03 +02:00
Alessandro
90abe05d2d Polish chat composer mobile alignment
Some checks are pending
Build And Publish Docker Images / plan (push) Waiting to run
Build And Publish Docker Images / build (push) Blocked by required conditions
Match the real chat composer to the welcome composer by using an 8px radius, centering the idle Waiting for input cue and fullscreen input control against the composer container, and switching the fullscreen input icon to the same fullscreen glyph used by modal surface Focus mode. Also remove the mobile-only #chat-input min-height under 640px so the composer can size naturally on narrow screens.
2026-06-23 12:56:21 +02:00
Alessandro
2f847f525e Keep project actions inline on mobile
Update the Projects modal card layout so edit/delete and activation controls stay beside the project title on narrow viewports. Add truncation for long project titles and paths, collapse activate/deactivate labels on phones, and preserve desktop spacing while preventing horizontal overflow.
2026-06-23 12:40:26 +02:00
Alessandro
8e3dad559f Fix welcome composer on mobile
Adjust the welcome-screen composer so the shared chat input wraps cleanly on narrow phones. Reclaim hidden expand-button padding, suppress placeholder-only textarea scrollbars, and tune the iPhone-width placeholder sizing while preserving normal typed-message scrolling.
2026-06-23 11:45:14 +02:00
Alessandro
cc13586f7b Keep right-canvas surface rail docked
Route right-canvas rail clicks through the explicit canvas opener so Browser, Editor, Files, and Desktop open in the canvas even after a modal session. Preserve modal-header surface switches as floating modal entry points, and document/test the entry-point split.
2026-06-23 11:28:20 +02:00
Alessandro
ffddc3ebcb Promote Files into shared canvas surface
Add Files to the universal canvas rail and sidebar flow, with a reusable floating surface modal chrome that matches Browser/Desktop behavior.

Make the File Browser modal draggable/resizable with Focus mode, keep Editor on the same draggable modal helper, and preserve dock/undock handoff state.

Harden File Browser startup so empty paths resolve to the default workdir, restyle the Up control, compact New file/New folder actions, and hide Modified before Name/Size in narrow containers.

Update DOX contracts and focused regression coverage for the new Files surface, modal chrome, default-path fallback, and compact layout behavior.
2026-06-23 11:19:58 +02:00
Alessandro
51f3ed00a1 Add project extension data hooks
Introduce generic project edit-data extension hooks so plugins can contribute named project settings sections without coupling helpers.projects to plugin-specific storage.

Move _model_config project LLM payload handling behind those hooks and preserve inherited global model settings unless a project override already exists or is explicitly selected.

Cover the inheritance regression, existing scoped overrides, multiple plugin sections, core-field collision protection, and extension payload filtering in focused project/model-config tests.
2026-06-23 07:34:21 +02:00
Alessandro
489acfe8c6 Refine welcome screen setup surfaces
Some checks are pending
Build And Publish Docker Images / plan (push) Waiting to run
Build And Publish Docker Images / build (push) Blocked by required conditions
Fold the blocking onboarding state into the welcome composer, refresh the account and channel tiles, and keep system resources aligned with the renewed Welcome Screen layout.

Update model-config, OAuth, and welcome static tests to pin the new CTA, dismissal, copy, and layout contracts.
2026-06-23 02:21:44 +02:00
Alessandro
0e262f7b87 Refresh welcome screen and composer
Some checks are pending
Build And Publish Docker Images / plan (push) Waiting to run
Build And Publish Docker Images / build (push) Blocked by required conditions
Rework the welcome screen around the shared new-chat composer, renewed quick actions, discovery cards, OAuth accounts, and dedicated system resources panel.

Restore static button colors and neutral surfaces, move microphone state feedback onto the icon, and keep Rubik/code-font composer behavior.

Add focused static regressions for the welcome composer, OAuth discovery panel, and speech button contract.
2026-06-22 15:12:20 +02:00
Alessandro
6dcaab2f5c Fix MCP settings apply NameError
Use the active settings dictionary when scheduling MCP config updates so applying global MCP servers no longer references an undefined config variable.

Add a focused regression test covering the settings apply path and document the deferred MCP update contract in settings.py DOX.
2026-06-22 10:26:05 +02:00
Alessandro
2a81e37499 Add built-in What's New showcase plugin
Introduce an always-enabled _whats_new plugin that shows a version-gated feature showcase modal with bundled media assets for parallel tool calls, the redesigned MCP configuration UI, and Skills Scanner.

Track the plugin in DOX and add static coverage for the modal copy, assets, manifest, and startup trigger.
2026-06-19 17:26:29 +02:00
Alessandro
98e51fbb2a Fix compaction backups for malformed Unicode
Some checks failed
Build And Publish Docker Images / plan (push) Has been cancelled
Build And Publish Docker Images / build (push) Has been cancelled
Use the shared sanitized file writer for chat compaction backup artifacts so JSON and transcript backups remain writable when a long chat contains malformed Unicode such as lone surrogates.

Add a regression that exercises surrogate-containing backup content and document the backup artifact contract in the chat compaction DOX file.

Verified with: conda run -n a0 pytest tests/test_chat_compaction.py -q; python -m py_compile plugins/_chat_compaction/helpers/compactor.py tests/test_chat_compaction.py; live localhost:32080 surrogate-long-chat repro after syncing into /a0 and restarting the container.
2026-06-19 14:33:36 +02:00
Alessandro
684e0b414d Ensure uploads directory exists on container startup
Create /a0/usr/uploads during Docker runtime initialization before supervised services start so upload callers can rely on the directory immediately after boot.

Document the startup directory contract in docker/run AGENTS instructions.
2026-06-19 11:57:09 +02:00
Alessandro
78a50e1431 Fix parallel worker chat log orphans
Skip persisted tool-result files for BACKGROUND contexts, remove ephemeral direct parallel worker chat folders during cleanup, and ignore chat directories without chat.json during startup loading.

Add focused regressions for background output persistence, parallel worker cleanup, and orphan directory loading.
2026-06-19 08:11:38 +02:00
Alessandro
77552b9394 Refine document query image routing
Prefer vision_load for images, screenshots, scans, charts, photos, and diagrams when vision tools are available.

Keep document_query focused on PDFs, documents, large text-heavy files, code-file Q&A, and fallback OCR when vision cannot read the needed text.

Update bundled prompt, skill guidance, DOX notes, and regression coverage for the routing contract.
2026-06-19 01:49:50 +02:00
frdel
afdc3aeb44 Add protocol prompt area before history
Some checks are pending
Build And Publish Docker Images / plan (push) Waiting to run
Build And Publish Docker Images / build (push) Blocked by required conditions
Introduce a new prompt "protocol" separate from extras: add LoopData.protocol_temporary and protocol_persistent, include protocol contents before message history during prompt construction, and clear temporary protocol data each turn. Add helper _build_context_message to render protocol/extras, update response input conversion to include protocol, and move project instructions & active/loaded skills injection into protocol. Update docs, prompts, plugin metadata, the SkillsTool message, and add tests to verify protocol placement and behavior.
2026-06-18 21:42:06 +02:00
Alessandro
bf2741990a Revert loaded skill history persistence
Some checks are pending
Build And Publish Docker Images / plan (push) Waiting to run
Build And Publish Docker Images / build (push) Blocked by required conditions
Reverts db01d7c1c8 and 3c83b2eca2.

Restores the prior loaded-skills prompt-extras behavior and removes the compaction reattachment metadata path.
2026-06-18 16:45:56 +02:00
Alessandro
8fda0ee69c Fix MCP timeouts from hanging agent loop
Release MCP config locks before awaited initialization or tool calls, isolate MCP session operations in disposable DeferredTask workers, and bound session cleanup so wedged transports cannot freeze later agent work.

Add deterministic MCP regression coverage for lock scope, config update initialization, cleanup timeouts, and isolated operation timeouts. Update the helper DOX contract for the new concurrency and cleanup behavior.
2026-06-18 13:32:10 +02:00
Alessandro
352320ef81 Polish skills settings scope and search
Remove agent profile scoping from the List Skills and Import Skills settings sections so skills are scoped only by project.

Move Scan Skills after Import Skills in both navigation metadata and rendered section order, and add an MCP-style search affordance to List Skills with filtered results and an empty search state.
2026-06-18 13:14:19 +02:00
Alessandro
7ac9910e1d Add skill scanner settings flow
Add a Settings > Skills scanner section and modal backed by Snyk Agent Scan-oriented checks and prompts. Wire uploaded skill zips from Import Skills into the scanner before import, and add a preparation API that extracts archives into temporary scan roots without installing or executing them.

Harden shared skill zip extraction against traversal, backslash paths, and symlink entries, and cover the new flow with focused scanner tests.
2026-06-18 12:52:41 +02:00
Alessandro
d398656d33 Make Browser viewer CDP-live by default
Default the WebUI Browser surface back to live CDP screencast while keeping snapshot/state transport as a fallback. Carry viewer transport through the WebSocket API and Browser store, use screencast metadata to avoid extra frame dimension decode, and include frame-chain action metadata in Browser content results. Update Browser prompts, skill guidance, DOX, and focused regressions so agent actions prefer DOM/CDP refs while the visible Browser remains responsive.
2026-06-17 16:15:07 +02:00
Alessandro
b9153f718e Preserve subordinate agent profiles
Some checks are pending
Build And Publish Docker Images / plan (push) Waiting to run
Build And Publish Docker Images / build (push) Blocked by required conditions
Validate call_subordinate profile arguments against available agent profiles so missing profiles fail as repairable errors. Persist each agent's profile in saved chats and avoid flattening existing subordinate profiles during profile switches, settings refresh, or restart reload.
2026-06-17 13:07:22 +02:00
Alessandro
630bfc16f2 Repair sentence-transformer embedding config aliases
Patch stale sentence-transformer embedding provider/model aliases at the _model_config read/build boundary so memory embeddings use the intended local HuggingFace provider without adding provider-specific logic to models.py.

Cover stale alias forms, the bare default alias, normal OpenAI embedding pass-through, and missing API-key detection with focused regression tests.
2026-06-17 02:53:07 +02:00
Alessandro
a24d9a73a0 Fix project skills folder initialization
Create the .a0proj/skills directory during project metadata setup so Project Settings can open the skills folder for new projects. Repair the folder when loading existing project settings, and cover both creation and repair with regression tests.
2026-06-17 02:37:28 +02:00
Alessandro
1dc719ff9c Extend WebSocket heartbeat grace
Some checks are pending
Build And Publish Docker Images / plan (push) Waiting to run
Build And Publish Docker Images / build (push) Blocked by required conditions
Raises the Socket.IO heartbeat interval and timeout defaults so long context and prompt work do not trip python-engineio's empty packet queue timeout.

Adds positive-integer environment overrides and updates the runtime configuration regression test.
2026-06-16 16:29:00 +02:00
Alessandro
3c83b2eca2 Reattach loaded skills after compaction
When compression hides an explicitly loaded skill body, reattach the current missing revision as a normal skills_tool history result under one fixed budget. Preserve skill name and revision metadata in automatic and manual compaction summaries without copying full skill bodies.
2026-06-16 14:31:37 +02:00
Alessandro
db01d7c1c8 Persist loaded skill instructions in history
Move explicit skill loads out of per-turn prompt extras and into normal tool-result history, with revision metadata for duplicate detection. Duplicate load calls now omit the full body only when the same revision remains model-visible after history output assembly.
2026-06-16 14:24:03 +02:00
Alessandro
2615fb8e3f Reassemble chunked connector file results
Buffer JSON/base64 connector_file_op_result chunks per pending file operation and resolve only after the complete result is assembled.

Validate malformed chunk metadata with a pending-operation error, while preserving the existing single-payload behavior for small file operations.
2026-06-16 13:59:38 +02:00
Alessandro
4714b5dcb9 Block document query in parallel calls
Some checks are pending
Build And Publish Docker Images / plan (push) Waiting to run
Build And Publish Docker Images / build (push) Blocked by required conditions
Reject document_query during parallel tool-call normalization before worker jobs are started. Add prompt guidance so the model avoids batching document_query, and update DOX plus regressions for the new sequential-only contract.
2026-06-16 13:27:59 +02:00
Alessandro
ec3c4cf81b Add browser skill discovery triggers
Add trigger frontmatter for browser automation and browser form workflow skills so relevant-skill recall surfaces them for rendered browsing, screenshots, host-browser, and form-heavy tasks. Update build-skill guidance to document trigger metadata and add regression coverage for parsing and ranking the browser skills.
2026-06-16 13:19:17 +02:00
Alessandro
f90bb63a9f Use prompt-declared Responses tool names
Some checks are pending
Build And Publish Docker Images / plan (push) Waiting to run
Build And Publish Docker Images / build (push) Blocked by required conditions
Prefer explicit tool_name examples and first prompt headings when deriving native Responses function tool names, falling back to the prompt filename only when no callable name is declared.

Add regression coverage for code_execution_tool, memory_load, call_subordinate, behaviour_adjustment, and filename-only fallback, and document the contract in responses_tools DOX.
2026-06-15 15:06:48 +02:00
Alessandro
9bcef39028 Add llama.cpp and vLLM local providers
Add llama.cpp / llama-server support:
- Register llama.cpp chat and embedding providers through hosted_vllm defaults on host.docker.internal:8080.
- Add onboarding metadata, a bundled icon, no-key provider metadata, model discovery coverage, setup docs, and tests.

Add vLLM support:
- Register vLLM chat and embedding providers through hosted_vllm defaults on host.docker.internal:8000.
- Add onboarding metadata, a bundled icon, no-key provider metadata, model discovery coverage, setup docs, and tests.
- Strip empty tools arrays from the Responses-to-chat fallback path so strict OpenAI-compatible servers accept local vLLM calls.
2026-06-15 05:37:28 +02:00
Alessandro
0450098117 Add oMLX local provider support
Some checks are pending
Build And Publish Docker Images / plan (push) Waiting to run
Build And Publish Docker Images / build (push) Blocked by required conditions
Add oMLX as a first-class local chat and embedding provider using the Docker-friendly host.docker.internal:8000/v1 default and LiteLLM hosted_vllm wiring. Mark it as a no-key local provider, include it in onboarding with a bundled logo, document Apple Silicon setup including paged SSD cache, and cover the provider defaults, model search behavior, and onboarding metadata with focused tests.
2026-06-15 04:54:52 +02:00
Alessandro
c38808259b Make local LM Studio and Ollama Docker-friendly
Add shipped local-provider defaults for LM Studio and Ollama so Dockerized Agent Zero can reach host-running services without manual api_base edits. Map host.docker.internal in the sample Compose file for Linux Docker, document the behavior, and cover the provider defaults and compose mapping with focused regression tests.
2026-06-15 04:17:03 +02:00
Alessandro
c56b65803b Slim browser prompt with progressive skills
Keep the browser tool prompt as a compact callable contract and move detailed workflows into browser-automation, with fragile form guidance chained through browser-form-workflows. Add regression coverage for the skills_tool loading path, host browser setup hint, and prompt token ceiling.
2026-06-15 03:23:09 +02:00
Alessandro
f68792496b Fix parallel await timeouts
Some checks failed
Build And Publish Docker Images / plan (push) Has been cancelled
Build And Publish Docker Images / build (push) Has been cancelled
Keep running parallel jobs alive when an await call reaches its timeout so agents can await the same job ids again instead of cancelling child work. Distinguish direct background tool workers from call_subordinate child chats so nested subordinate chats can use parallel normally while true worker recursion remains blocked. Update the parallel prompt, DOX notes, and regressions for non-destructive timeout and non-blocking collect semantics.
2026-06-13 18:36:41 +02:00
shisan
528c33b7ef Disable pagers in non-interactive code execution shells
The code execution tool runs commands inside TTY-backed shells (local PTY and
remote SSH). Commands like `git diff`/`git log` detect the TTY and pipe output
through a pager (more/less). These shells never receive interactive input, so
the pager blocks forever and spins at 100% CPU per process — on a 16-core host
5 pager processes pegged 5 cores for 8+ hours (#1697).

Disable pagers in both session types:
- LocalInteractiveSession: inject PAGER=cat / GIT_PAGER=cat into the TTY env
- SSHInteractiveSession: export the same in the initial shell command

`cat` streams the output through instead of blocking, and also covers other
pager-using tools (man, systemctl, journalctl). Adds regression tests.

Fixes #1697
2026-06-13 21:17:57 +08:00
Alessandro
2b99ab53c6 Gate remote tool prompts by connector metadata
Some checks are pending
Build And Publish Docker Images / plan (push) Waiting to run
Build And Publish Docker Images / build (push) Blocked by required conditions
Hide A0 connector remote tool prompts unless a connected CLI advertises the matching capability. Remote file access enables text_editor_remote, F4-enabled remote execution enables code_execution_remote, and supported enabled Computer Use that is not in rearm-required state enables computer_use_remote.

Apply the same gate to Responses API function-tool generation, move the prompt hook to the active tool-prompt extension path, and update connector prompt wording, DOX, and regression coverage.

Verified with:
- conda run -n a0 pytest tests/test_a0_connector_prompt_gating.py tests/test_default_prompt_budget.py tests/test_responses_architecture.py -q
2026-06-13 02:00:32 +02:00
Alessandro
6eeddf2f04 Clarify parallel tool-call batching
Some checks are pending
Build And Publish Docker Images / plan (push) Waiting to run
Build And Publish Docker Images / build (push) Blocked by required conditions
- document that parallel accepts full reply-shaped tool call objects and ignores planning-only fields
- steer prompt guidance toward one mixed batch for ready independent calls instead of splitting by tool type
- add normalization and prompt regression coverage plus matching DOX notes
2026-06-12 18:32:34 +02:00
Alessandro
b704a0e3f5 Add inspectable parallel tool calls
Some checks are pending
Build And Publish Docker Images / plan (push) Waiting to run
Build And Publish Docker Images / build (push) Blocked by required conditions
- add a parallel wrapper and runtime for concurrent background tool calls
- run parallel call_subordinate jobs as child chats with visible subagent steps that match normal subordinate args
- render parallel child tool steps with normal tool-call args while keeping job handles in wrapper results and prompt extras
- group parallel child chats in the sidebar with persistent accordion and caret behavior
- add prompt, extension, DOX, and regression coverage
2026-06-12 15:23:14 +02:00
Alessandro
3d4c302185 Solidify LiteLLM global kwargs handling
Some checks are pending
Build And Publish Docker Images / plan (push) Waiting to run
Build And Publish Docker Images / build (push) Blocked by required conditions
Limit LiteLLM module mutation to documented global switches such as drop_params, while preserving configured LiteLLM kwargs as per-call options. Avoid freezing global kwargs into provider defaults so runtime settings remain current, and extend focused tests for drop_params, additional_drop_params, and provider default behavior.
2026-06-12 03:27:49 +02:00
Alessandro
b8c390f50d Enable A2A streaming capability by default
Wrap FastA2A agent card generation so Agent Zero advertises streaming support on A2A endpoints by default.

Add focused regression coverage for the agent-card capability rewrite and proxy wiring, and update the helper DOX profile for the new wrapper.
2026-06-12 03:11:00 +02:00
Alessandro
8e270c5ab7 Ignore non-Telegram tool streaming contexts
Make Telegram tool lifecycle hooks no-op for contexts that do not expose a raw data dict or do not carry the Telegram bot marker.

This keeps global tool extension dispatch safe for non-Telegram contexts, including Responses API tool-call regression tests, without changing behavior for real Telegram sessions.
2026-06-11 19:14:03 +02:00
Alessandro
d6e8f06ec0 Clear stale preset kwargs on model switches
Treat model-slot kwargs as provider-specific preset fields: applying a preset now replaces explicit kwargs and clears inherited kwargs when the preset omits them, while preserving durable tuning like context windows and rate limits.

Mirror the behavior in the WebUI preset merge helper and add regressions for Codex-like presets so unsupported parameters such as temperature cannot leak into Responses API providers.
2026-06-11 19:13:47 +02:00
Alessandro
983fc50a77 Make Rubik the default WebUI font
Some checks failed
Build And Publish Docker Images / plan (push) Has been cancelled
Build And Publish Docker Images / build (push) Has been cancelled
Ensure native browser controls use the shared Rubik font token so Firefox no longer falls back to its UI font in form elements.\n\nImport Rubik on the login page and document the WebUI font contract, keeping mono aliases reserved for code and fixed-width data.
2026-06-11 04:35:05 +02:00
Alessandro
df19e399e8 Handle wrapped Responses endpoint 404s
Teach the Responses fallback classifier to inspect status codes, wrapped exception types, and response bodies so LiteLLM NotFoundError wrappers that hide the /v1/responses URL still fall back to chat completions.

Keep rate-limit errors non-fallback and add a regression test for the OpenAIException detail-only 404 shape observed with providers that do not expose the Responses API.
2026-06-11 04:12:40 +02:00
Alessandro Frau
e7b64a39fd
Merge pull request #1676 from hash-anmol/telegram-native-integration-production
feat: major improvements to native Telegram integration UX and streaming
2026-06-11 04:11:12 +02:00
Alessandro
b3b5e44cc3 Patch LiteLLM security pins
Upgrade LiteLLM to 1.88.1 so Agent Zero is above the CVE-2026-42271 patched floor, and move the OpenAI SDK pin to 2.41.1 to satisfy LiteLLM's new dependency range.

Pin Starlette to the patched 1.0.1 release for the Host-header request.url.path advisory.

Fold requirements2.txt back into requirements.txt now that browser-use is no longer part of the repo dependency set, and update installer and setup docs to use a single requirements file.
2026-06-11 03:47:58 +02:00
Alessandro
b04443be1a Add native Responses API transport
Route Agent Zero turns through a LiteLLM transport layer that prefers the Responses API while preserving chat-completions fallback for providers without compatible endpoints.

Persist Responses metadata in history and agent state so provider-state continuation, local replay, native function-call execution, and stored-response cleanup survive normal chat workflows.

Normalize prompt caching by provider: OpenAI and Azure use prompt_cache_key and prompt_cache_retention, while Anthropic, Gemini, Bedrock, OpenRouter, and compatible chat providers keep block-level cache_control breakpoints and cached tool definitions.
2026-06-11 03:37:04 +02:00
Alessandro
da4fb47d0b Polish MCP server removal flow
Use the shared inline confirmation helper for configured MCP server removal and keep the delete icon neutral until confirmation.\n\nApply confirmed removals immediately, refresh server status from the apply response, guard against stale/double actions, and document the new MCP manager behavior.
2026-06-11 03:04:47 +02:00
Alessandro
ab34084069 Polish MCP server management UI
Revamp the global and project MCP manager surfaces with list-first layout, clearer examples, a dedicated scanner modal, manager/raw toolbar parity, and local-command-first server creation.\n\nAdd server and tool search, plugin-style enable toggles, per-tool disabled_tools handling in the MCP backend, internal A0 MCP tool search, regression coverage, and updated DOX contracts.
2026-06-11 03:01:19 +02:00
Alessandro
521172b489 Revamp MCP server configuration
Some checks are pending
Build And Publish Docker Images / plan (push) Waiting to run
Build And Publish Docker Images / build (push) Blocked by required conditions
Add project-scoped MCP server configuration with global/project merge semantics, a richer settings UI, and chat composer access. Introduce MCP config scanning plus project-aware status/detail/log/apply APIs while preserving the raw JSON editor. Strengthen MCP runtime handling for dotted tool names, timeouts, status accuracy, and project-aware tool execution, with focused regression coverage.
2026-06-09 17:29:25 +02:00
frdel
77f7aa0274 Time Travel workspace selector + LiteLLM globals
Add selectable workspace support to the Time Travel plugin and introduce normalized global LiteLLM configuration handling.

models.py: add DEFAULT_LITELLM_GLOBAL_KWARGS and helpers to normalize, load, apply, and merge LiteLLM global kwargs; call configure_litellm/set per-call merges in LiteLLM wrappers so framework defaults, configured globals, and per-call overrides combine correctly. Add tests to assert merging and runtime application.

plugins/_time_travel: update docs and plugin metadata to describe workdir/project selection. API handlers now accept workspace_id and a new history_workspaces endpoint lists selectable workspaces. helpers/time_travel: implement workspace listing, selection, and resolution logic (workdir/project options, availability/locking, default selection). UI: add workspace picker to time-travel panel, wire selection/load into time-travel store, pass workspace_id to API calls, and add click hook to open the panel. Update styles and refresh/load behavior accordingly.

Tests: extend tests for LiteLLM global kwargs merging and adapt stream test to expect merged params; add tests for selectable workspaces, default selection, and locked external workdir handling.
2026-06-09 17:16:41 +02:00
Alessandro
60462eabbd Improve settings modal navigation
Add settings sidebar search with filtered section results and clear affordance. Decouple sidebar accordion expansion from the active section so groups can be opened or collapsed manually. Keep the settings menu/search column fixed while the content pane scrolls, and promote Backup & Restore to its own section under Self Update.
2026-06-09 00:47:57 +02:00
Alessandro
f9031b7575 Sync stale self-update manager at startup
Add a core startup migration that refreshes /exe/self_update_manager.py from the repository copy when the installed runtime updater is missing the socket-safe backup and Desktop cleanup markers.

Validate the source updater before replacing anything, preserve the previous runtime script as a backup, and leave current or non-regular targets untouched. Add regression coverage for stale runtime replacement, safe no-op/refusal paths, and the real repository updater source.
2026-06-08 16:07:37 +02:00
frdel
c576f67469 Merge branch 'ready' of https://github.com/agent0ai/agent-zero into ready 2026-06-08 12:41:57 +02:00
frdel
e138e33ca9 Add file-level DOX docs & update AGENTS indexes
Add comprehensive file-level DOX documentation across the repo and update directory AGENTS.md indexes. Many new `*.py.dox.md` files were added under api, helpers, tools, plugins, extensions, webui, and other dirs to document endpoint purpose, ownership, runtime contracts, work guidance, and verification. Several AGENTS.md files were created or updated (agents profiles, api, docker, extensions, helpers, plugins, skills, webui components, etc.) to list child DOX files and clarify documentation/work guidance. Also add example and bundled profile DOX files (agent0, default, developer, hacker, researcher) and minor updates to helpers/dirty_json.py and its tests. These changes improve on-disk documentation coverage and establish the convention that each direct runtime file should have a matching `*.dox.md` describing its contracts and verification steps.
2026-06-08 12:41:53 +02:00
Anmol Malik
abf0cef8e8 Scope Telegram integration commands 2026-06-07 21:20:30 +05:30
Anmol Malik
013a374daa Revert "Add Telegram speech mode"
This reverts commit c51c235faacbbed44994635d4743b97f7a143a17.
2026-05-29 00:10:04 +05:30
Anmol Malik
709b865399 Add Telegram speech mode 2026-05-29 00:10:04 +05:30
Anmol Malik
1ff45e71c2 Add Telegram session picker 2026-05-29 00:10:04 +05:30
Anmol Malik
99207d60a2 Add Telegram long-run status updates 2026-05-29 00:10:04 +05:30
Anmol Malik
92b728c3d7 Show friendly Telegram errors 2026-05-29 00:10:04 +05:30
Anmol Malik
97ef4797e0 Send Telegram media attachments natively 2026-05-29 00:10:04 +05:30
Anmol Malik
a17cef5b03 Group Telegram tool streams by response 2026-05-29 00:10:04 +05:30
Anmol Malik
8bc81c7a6a Send Telegram intermediate responses separately 2026-05-29 00:10:04 +05:30
Anmol Malik
1bbbfa44ac Improve Telegram integration command and streaming UX 2026-05-29 00:10:04 +05:30
810 changed files with 54404 additions and 4958 deletions

View file

@ -3,8 +3,8 @@
[Generated using reconnaissance on 2026-02-22]
## Quick Reference
Tech Stack: Python 3.12+ | Flask | Alpine.js | LiteLLM | WebSocket (Socket.io)
Dev Server: python run_ui.py (runs on http://localhost:50001 by default)
Tech Stack: Framework Python 3.12+ | Agent execution Python 3.13 in Docker | Flask | Alpine.js | LiteLLM | WebSocket (Socket.io)
Dev Server: python run_ui.py (discover host/port from startup output or runtime configuration; do not assume a default port)
Run Tests: pytest (standard) or pytest tests/test_name.py (file-scoped)
Documentation: README.md | docs/
Frontend & Plugin DOX: [WebUI](webui/AGENTS.md) | [Components](webui/components/AGENTS.md) | [Frontend JS](webui/js/AGENTS.md) | [Plugins](plugins/AGENTS.md)
@ -41,25 +41,26 @@ Primary Language(s): Python, JavaScript (ES Modules)
Do not combine these commands; run them individually:
```bash
pip install -r requirements.txt
pip install -r requirements2.txt
```
- Start WebUI: python run_ui.py
- Discover the WebUI URL from startup output, launcher/Docker port mappings, or explicit `--host`/`--port`/`WEB_UI_PORT` configuration; do not hardcode a default port.
---
## Docker Environment
When running in Docker, Agent Zero uses two distinct Python runtimes to isolate the framework from the code being executed:
When running in Docker, Agent Zero uses two distinct Python runtimes to isolate the framework itself from code executed on behalf of the agent:
### 1. Framework Runtime (/opt/venv-a0)
- Version: Python 3.12.4
- Purpose: Runs the Agent Zero backend, API, and core logic.
- Packages: Contains all dependencies from requirements.txt.
- Purpose: Runs the Agent Zero framework itself: WebUI backend, API, core loop, scheduler, framework imports, and plugin hooks/tools that execute inside the framework process.
- Packages: Contains framework dependencies from requirements.txt.
- Verification: Use this runtime for framework/backend import checks, WebUI startup checks, and plugin hook behavior unless the code explicitly switches environments.
### 2. Execution Runtime (/opt/venv)
### 2. Agent Execution Runtime (/opt/venv)
- Version: Python 3.13
- Purpose: Default environment for the interactive terminal and the agent's code execution tool.
- Behavior: This is the environment active when you docker exec into the container. Packages installed by the agent via pip install during a task are stored here.
- Purpose: Default Python environment for the agent's terminal/code-execution tasks and user code run by the agent.
- Behavior: Packages installed by the agent during a task belong here so task dependencies do not pollute or prove the framework runtime. Do not use this runtime as evidence that framework imports, WebUI startup, or plugin hooks work.
---
@ -87,9 +88,9 @@ When running in Docker, Agent Zero uses two distinct Python runtimes to isolate
├── agents/ # Agent profiles (prompts and config)
├── prompts/ # System and message prompt templates
├── knowledge/
│ └── main/about/ # Agent self-knowledge (indexed into vector DB for runtime recall)
│ └── main/about/ # Agent self-knowledge reference material
│ ├── identity.md # Philosophy, principles, project context
│ ├── architecture.md # Agent loop, memory pipeline, multi-agent, extensions
│ ├── architecture.md # Agent loop, multi-agent coordination, extensions
│ ├── capabilities.md # Detailed capabilities and limitations
│ ├── configuration.md # LLM roles, providers, profiles, plugins, settings
│ └── setup-and-deployment.md # Docker deployment, updates, troubleshooting
@ -97,12 +98,13 @@ When running in Docker, Agent Zero uses two distinct Python runtimes to isolate
```
Key Files:
- agent.py: Defines AgentContext and the main Agent class.
- agent.py: Defines AgentContext, LoopData virtual prompt areas (Protocol before history and Extras after history), and the main Agent class.
- helpers/plugins.py: Plugin discovery and configuration logic.
- webui/js/AlpineStore.js: Store factory for reactive frontend state.
- helpers/api.py: Base class for all API endpoints.
- models.py: LLM provider configuration and LiteLLM wrappers; framework LiteLLM defaults such as `drop_params=True` are merged with `litellm_global_kwargs`, configured values override framework defaults, documented module-level switches such as `drop_params` are applied to LiteLLM, and merged kwargs are passed per call.
- scripts/openrouter_release_notes_system_prompt.md: Editable system prompt used to generate GitHub release notes during Docker publishing.
- knowledge/main/about/: Agent self-knowledge files, indexed into the vector DB for runtime recall. Not user-facing docs - written for the agent's internal reference.
- knowledge/main/about/: Agent self-knowledge files. Not user-facing docs - written for the agent's internal reference.
- webui/components/AGENTS.md: DOX contract for Alpine component architecture.
- webui/js/AGENTS.md: DOX contract for frontend infrastructure, modal stack, API helpers, and extension loading.
- plugins/AGENTS.md: DOX contract for bundled and custom plugin architecture; `usr/plugins/` remains ignored user state.
@ -240,7 +242,6 @@ If pip install fails, try running in a clean virtual environment:
python -m venv .venv
source .venv/bin/activate
pip install -r requirements.txt
pip install -r requirements2.txt
```
### WebSocket Connection Failures
@ -273,7 +274,7 @@ pip install -r requirements2.txt
6. Use the nearest AGENTS.md as the local contract and parent docs for repo-wide rules
7. If docs conflict, the closer doc controls local work details, but no child doc may weaken DOX
Do not rely on memory. Re-read the applicable DOX chain in the current session before editing.
Do not rely on prior context. Re-read the applicable DOX chain in the current session before editing.
## Update After Editing

147
README.md
View file

@ -3,36 +3,62 @@
<img src="docs/res/a0-vector-graphics/horizontal_banner.svg" alt="Agent Zero Banner" width="100%"/>
# Agent Zero
### A full Linux system for your AI agent.
### Give your agent a full Linux computer.
Agent Zero is an open, dynamic, organic agentic framework. One Docker container ships a full Linux system with a desktop and a plugin hub that the agent can extend using Skills.
Agent Zero is an open agent framework for work that needs more than chat: a Dockerized Linux desktop, a browser with DOM annotation, live document cowork, projects, skills, plugins, and a bridge back to your host machine.
[![Website](https://img.shields.io/badge/Website-agent--zero.ai-0A192F?style=for-the-badge&logo=vercel&logoColor=white)](https://agent-zero.ai)
[![Docs](https://img.shields.io/badge/Docs-Read%20the%20guides-1F6FEB?style=for-the-badge&logo=readthedocs&logoColor=white)](./docs/)
[![Discord](https://img.shields.io/badge/Discord-Join%20us-5865F2?style=for-the-badge&logo=discord&logoColor=white)](https://discord.gg/B8KZKNsPpj)
[![GitHub Sponsors](https://img.shields.io/badge/Sponsors-Thank%20you-FF69B4?style=for-the-badge&logo=githubsponsors&logoColor=white)](https://github.com/sponsors/agent0ai)
[Install](#how-to-install) |
[What's Different](#what-makes-agent-zero-different) |
[A0 CLI](#a0-cli-connector-extend-onto-your-host-machine) |
[Docs](#documentation)
[![Ask DeepWiki](https://deepwiki.com/badge.svg)](https://deepwiki.com/agent0ai/agent-zero)
[Ask ChatGPT](https://chatgpt.com/?q=Analyze%20this%3A%20https%3A%2F%2Fgithub.com%2Fagent0ai%2Fagent-zero) |
[Ask Claude](https://claude.ai/new?q=Analyze%20this%3A%20https%3A%2F%2Fgithub.com%2Fagent0ai%2Fagent-zero)
[Quick Start](#quick-start) |
[Why Agent Zero](#why-agent-zero) |
[Try These First](#try-these-first) |
[Deep Dives](#deep-dives) |
[Docs](#documentation)
</div>
<div align="center">
<a href="https://www.youtube.com/watch?v=k78HX_RA9Q0&t=19s">
<img src="docs/res/thumbnail-install.webp" alt="Agent Zero Installation Guide" width="100%"/>
</a>
<img alt="Agent Zero driving Blender in its built-in XFCE desktop" src="docs/res/usage/webui/agentzero-xfce-computer.gif" width="100%" />
</div>
# What Makes Agent Zero Different
# Why Agent Zero
## How To Install
| Feature | Why it matters |
| --- | --- |
| **Full Linux desktop** | The agent can use real GUI software, terminals, files, and desktop apps inside the Canvas. |
| **Browser DOM annotation** | Click page elements and turn them into inspect, change, lift, or review instructions. |
| **Live document cowork** | Edit Markdown, Writer, Spreadsheet, and Presentation files together instead of losing work in chat. |
| **Plugin Hub** | Install 100+ community plugins or publish your own extension points. |
| **Projects and memory** | Keep files, instructions, secrets, memories, repositories, and model presets isolated per project. |
| **Host-machine bridge** | Connect with the A0 CLI so the same agent can work in your real local repositories. |
| **Multi-agent cooperation** | Let agents delegate research, coding, analysis, or review tasks to focused subagents. |
| **Transparent internals** | Prompts, tools, plugins, skills, and settings are inspectable and editable. |
# Quick Start
## Recommended: A0 Launcher
The desktop **A0 Launcher** is the fastest guided path on a personal machine. Download it, open it, and let it check Docker, create Instances, manage ports, and connect to local or remote Agent Zero installs.
Agent Zero runs wherever Docker runs, from a $6 VPS or Raspberry Pi to a local workstation or GPU server.
| Architecture | macOS | Linux | Windows |
| --- | --- | --- | --- |
| x86 | [Mac Intel](https://github.com/agent0ai/a0-launcher/releases/download/v1.2/a0-launcher-1.2-macos-x64.dmg) | [Linux x86](https://github.com/agent0ai/a0-launcher/releases/download/v1.2/a0-launcher-1.2-linux-x64.AppImage) | [Windows x86](https://github.com/agent0ai/a0-launcher/releases/download/v1.2/a0-launcher-1.2-windows-x64.exe) |
| ARM64 | [Mac Apple Silicon](https://github.com/agent0ai/a0-launcher/releases/download/v1.2/a0-launcher-1.2-macos-arm64.dmg) | [Linux ARM64](https://github.com/agent0ai/a0-launcher/releases/download/v1.2/a0-launcher-1.2-linux-arm64.AppImage) | [Windows ARM64](https://github.com/agent0ai/a0-launcher/releases/download/v1.2/a0-launcher-1.2-windows-arm64.exe) |
See the [A0 Launcher v1.2 release](https://github.com/agent0ai/a0-launcher/releases/tag/v1.2) for release notes and updater metadata. See the [Launcher guide](./docs/guides/launcher.md) for the first-run walkthrough.
<details>
<summary><strong>Other install paths</strong></summary>
## A0 Install
Use **A0 Install** when you want the terminal path: SSH sessions, servers, recovery shells, or a scriptable setup. It creates Dockerized Agent Zero instances, mounts each instance's data into `/a0/usr` inside the container, and uses a reuse-before-setup policy: it tries your current Docker CLI configuration, `DOCKER_HOST`, Docker contexts, and known local Docker-compatible endpoints before setting up a runtime.
### macOS / Linux
@ -46,7 +72,21 @@ curl -fsSL https://bash.agent-zero.ai | bash
irm https://ps.agent-zero.ai | iex
```
### Docker already installed? Run this directly
### Headless / scripted
For servers and automation, run the installer in Quick Start mode so it creates one instance and exits without opening menus:
```bash
curl -fsSL https://bash.agent-zero.ai | bash -s -- --quick-start --name agent-zero --port 5080
```
```powershell
& ([scriptblock]::Create((irm https://ps.agent-zero.ai))) -QuickStart -Name agent-zero -Port 5080
```
Use `--skip-runtime-setup` / `-SkipRuntimeSetup` when Docker must already be working and the installer should not try to set up a runtime. See the [A0 Install repository](https://github.com/agent0ai/a0-install) for all installer flags.
## Docker already installed? Run this directly
```bash
docker run -p 80:80 -v a0_usr:/a0/usr agent0ai/agent-zero
@ -54,10 +94,27 @@ docker run -p 80:80 -v a0_usr:/a0/usr agent0ai/agent-zero
Open the Web UI, configure your LLM provider, and start with a concrete task. For the full setup and onboarding experience, see the [Installation guide](./docs/setup/installation.md).
## A Real Linux Desktop in the Canvas
</details>
<img alt="Agent Zero driving Blender in its built-in XFCE desktop" src="docs/res/usage/webui/agentzero-xfce-computer.gif" />
<br>
## Troubleshooting
- **Docker is not running:** start Docker Desktop or your Docker service, then reopen the Launcher or rerun the install command.
- **Port 80 is already in use:** use the Launcher to pick another port, or run Docker directly with `-p 5080:80` and open `http://localhost:5080`.
- **Installing on a server:** use the A0 Install Quick Start command with `--quick-start --name agent-zero --port 5080`.
- **Still blocked:** see the [Troubleshooting guide](./docs/guides/troubleshooting.md).
# Try These First
- **Annotate a design you like:** "Open this template site in the Browser. I'll annotate the hero section - re-implement it in my project's React + Tailwind stack."
- **Cowork on a spreadsheet:** "Create an editable ODS budget model with assumptions and monthly projections."
- **Drive a desktop app:** "Use the Linux Desktop to open Blender and create a simple 3D logo for me."
- **Review a web UI:** "Open my local app in the Browser. I will annotate the page with comments; then implement the requested UI fixes."
- **Create a specialist:** "Create an Agent Profile for financial analysis with cautious reasoning, clear assumptions, and spreadsheet-first deliverables."
- **Recover a workspace:** "Show me recent Time Travel snapshots and explain what changed before I revert anything."
# Deep Dives
## A Real Linux Desktop in the Canvas
Agent Zero opens its own Linux desktop inside the right-side Canvas. Not a remote VM, not a shared clipboard, but a real XFCE desktop session running in the container.
@ -81,7 +138,7 @@ Annotate mode turns any webpage into an interactive directive surface. Click an
- **Lift it** - see a card, hero, or component on someone else's site that you like? Capture it and have the agent re-implement it in your own project's stack.
- **Comment it** - leave actionable notes pinned to elements during a UI review; the agent reads the comments and ships the fixes.
The Docker browser is the default live Browser surface. Browser history keeps screenshots of important steps, so older chats can still show what the agent saw. The Browser also supports Chrome extensions inside the Docker browser, and **Bring Your Own Browser** through the A0 CLI Connector lets the agent drive Chrome/Edge/Chromium on your own machine.
The Docker browser is the default live Browser surface. Browser history keeps screenshots of important steps, so older chats can still show what the agent saw. The Browser also supports Chrome extensions inside the Docker browser, and **Bring Your Own Browser** through the A0 CLI Connector lets the agent drive Chrome, Edge, Brave, Opera, Vivaldi, or Chromium on your own machine.
See the [Browser guide](./docs/guides/browser.md) for screenshots, settings, host-browser setup, and troubleshooting.
@ -186,31 +243,9 @@ Almost nothing is hidden. Prompts live in `prompts/`, tools live in `tools/` or
Agent Zero supports plugins, MCP, A2A, custom tools, custom prompts, project-scoped configuration, environment-based deployment settings, and a Web UI designed to keep the agent's work readable in real time.
## Try These First
## Time Travel
- **Annotate a design you like:** "Open this template site in the Browser. I'll annotate the hero section - re-implement it in my project's React + Tailwind stack."
- **Cowork on a spreadsheet:** "Create an editable ODS budget model with assumptions and monthly projections."
- **Drive a desktop app:** "Use the Linux Desktop to open Blender and create a simple 3D logo for me."
- **Review a web UI:** "Open my local app in the Browser. I will annotate the page with comments; then implement the requested UI fixes."
- **Create a specialist:** "Create an Agent Profile for financial analysis with cautious reasoning, clear assumptions, and spreadsheet-first deliverables."
- **Recover a workspace:** "Show me recent Time Travel snapshots and explain what changed before I revert anything."
## Agent Zero and Space Agent
Agent Zero is the open framework and Linux-powered agent workbench.
[Space Agent](https://github.com/agent0ai/space-agent) is our newer product direction for the agent-shaped workspace: a Space the agent can reshape from inside your browser, with live demos, a desktop app, and a path to running a real server for yourself or your team.
<p align="left">
<a href="https://www.youtube.com/watch?v=CNRHxEZ8yqs"><img src="https://github.com/agent0ai/space-agent/raw/main/.github/thumbnail.webp" alt="Watch Space Agent on YouTube" width="560" /></a>
</p>
If you want the raw power and deep customizability of an agent with a full Linux system, start here with Agent Zero. If you want the polished Space experience for easier personal, team, desktop, or self-hosted use, explore [Space Agent](https://github.com/agent0ai/space-agent).
## Time Travel (powered by Space Agent)
Time Travel gives Agent Zero-owned `/a0/usr` workspaces snapshot history, diff inspection, travel, and revert. It is designed for recoverable agent work: see what changed, compare files, inspect a past state, and roll back when needed. Try it in Space Agent as well (link above).
Time Travel gives Agent Zero-owned `/a0/usr` workspaces snapshot history, diff inspection, travel, and revert. It is designed for recoverable agent work: see what changed, compare files, inspect a past state, and roll back when needed.
<img alt="Time Travel" src="docs/res/time-travel.png" />
@ -228,17 +263,6 @@ It is not a replacement for Git or backups. It is a practical safety layer for t
- **Client/project isolation:** keep memory, secrets, instructions, files, and model choices separated by project.
- **Scheduled operations:** run recurring checks and monitoring tasks with project-scoped context and credentials.
## Safety Model
Agent Zero is powerful because it can use a real environment.
- Keep it running inside Docker or another isolated environment.
- Do not mount your entire home directory unless you understand the risk.
- Grant A0 CLI Read+Write access and remote code execution only for machines and workspaces you trust.
- Store credentials in project secrets or settings, not in prompts or public files.
- Review actions that touch accounts, money, production systems, or private data.
- Keep backups for important workspaces.
## Documentation
| I want to... | Start here |
@ -274,3 +298,16 @@ You can help by improving docs, creating skills, publishing plugins, testing mod
- [YouTube](https://www.youtube.com/@AgentZeroFW) for demos and tutorials.
- [X](https://x.com/Agent0ai), [LinkedIn](https://www.linkedin.com/company/109758317), and [Warpcast](https://warpcast.com/agent-zero) for updates.
- [GitHub Issues](https://github.com/agent0ai/agent-zero/issues) for bugs and feature requests.
[Space Agent](https://github.com/agent0ai/space-agent) is the related, more polished product direction for the agent-shaped workspace. Agent Zero remains the open framework and Linux-powered workbench.
## Safety Model
Agent Zero is powerful because it can use a real environment.
- Keep it running inside Docker or another isolated environment.
- Do not mount your entire home directory unless you understand the risk.
- Grant A0 CLI Read+Write access and remote code execution only for machines and workspaces you trust.
- Store credentials in project secrets or settings, not in prompts or public files.
- Review actions that touch accounts, money, production systems, or private data.
- Keep backups for important workspaces.

593
agent.py
View file

@ -1,4 +1,4 @@
import asyncio, random, string, threading
import asyncio, json, random, re, string, threading
from collections import OrderedDict
from dataclasses import dataclass, field
@ -32,6 +32,15 @@ from typing import Callable
from helpers.localization import Localization
from helpers import extension
from helpers.errors import RepairableException, InterventionException, HandledException
from helpers.llm_result import (
LLMResult,
RESPONSE_METADATA_KEY,
function_call_output_item,
metadata_from_llm_result,
result_from_metadata,
)
from helpers.litellm_transport import ResponsesTransport
from helpers.responses_tools import build_responses_function_tools, original_tool_name
class AgentContextType(Enum):
USER = "user"
@ -329,6 +338,8 @@ class LoopData:
self.system = []
self.user_message: history.Message | None = None
self.history_output: list[history.OutputMessage] = []
self.protocol_temporary: OrderedDict[str, history.MessageContent] = OrderedDict()
self.protocol_persistent: OrderedDict[str, history.MessageContent] = OrderedDict()
self.extras_temporary: OrderedDict[str, history.MessageContent] = OrderedDict()
self.extras_persistent: OrderedDict[str, history.MessageContent] = OrderedDict()
self.last_response = ""
@ -346,6 +357,9 @@ class Agent:
DATA_NAME_SUPERIOR = "_superior"
DATA_NAME_SUBORDINATE = "_subordinate"
DATA_NAME_CTX_WINDOW = "ctx_window"
DATA_NAME_RESPONSES_STATE = "responses_state"
DATA_NAME_RESPONSES_TOOL_NAME_MAP = "responses_tool_name_map"
DATA_NAME_RESPONSES_COMPUTER_SESSION = "responses_computer_session_id"
@extension.extensible
def __init__(
@ -468,11 +482,12 @@ class Agent:
return stop_response
# call main LLM
agent_response, _reasoning = await self.call_chat_model(
llm_result = await self.call_chat_model_turn(
messages=prompt,
response_callback=stream_callback,
reasoning_callback=reasoning_callback,
)
agent_response = llm_result.response
await self.handle_intervention(agent_response)
# Notify extensions to finalize their stream filters
@ -492,7 +507,12 @@ class Agent:
): # if assistant_response is the same as last message in history, let him know
# Append the assistant's response to the history
log_item = self.loop_data.params_temporary.get("log_item_generating")
self.hist_add_ai_response(agent_response, id=log_item.id if log_item else "")
assistant_message = self.hist_add_ai_response(
agent_response,
id=log_item.id if log_item else "",
llm_result=llm_result,
)
self._remember_llm_result_state(llm_result, assistant_message)
# Append warning message to the history
warning_msg = self.read_prompt("fw.msg_repeat.md")
wmsg = self.hist_add_warning(message=warning_msg)
@ -504,9 +524,16 @@ class Agent:
else: # otherwise proceed with tool
# Append the assistant's response to the history
log_item = self.loop_data.params_temporary.get("log_item_generating")
self.hist_add_ai_response(agent_response, id=log_item.id if log_item else "")
assistant_message = self.hist_add_ai_response(
agent_response,
id=log_item.id if log_item else "",
llm_result=llm_result,
)
self._remember_llm_result_state(llm_result, assistant_message)
# process tools requested in agent message
tools_result = await self.process_tools(agent_response)
tools_result = await self.process_llm_result_tools(
llm_result
)
if tools_result: # final response of message loop available
return tools_result # break the execution if the task is done
@ -555,24 +582,28 @@ class Agent:
# concatenate system prompt
system_text = "\n\n".join(loop_data.system)
# join extras
extras = history.Message( # type: ignore[abstract]
False,
content=self.read_prompt(
"agent.context.extras.md",
extras=dirty_json.stringify(
{**loop_data.extras_persistent, **loop_data.extras_temporary}
),
),
).output()
# join protocol and extras
protocol = self._build_context_message(
"agent.context.protocol.md",
"protocol",
{**loop_data.protocol_persistent, **loop_data.protocol_temporary},
include_empty=False,
)
extras = self._build_context_message(
"agent.context.extras.md",
"extras",
{**loop_data.extras_persistent, **loop_data.extras_temporary},
include_empty=True,
)
loop_data.protocol_temporary.clear()
loop_data.extras_temporary.clear()
# convert history + extras to LLM format
# convert protocol + history + extras to LLM format
history_langchain: list[BaseMessage] = history.output_langchain(
loop_data.history_output + extras
protocol + loop_data.history_output + extras
)
# build full prompt from system prompt, message history and extrS
# build full prompt from system prompt, protocol, message history and extras
full_prompt: list[BaseMessage] = [
SystemMessage(content=system_text),
*history_langchain,
@ -590,6 +621,24 @@ class Agent:
return full_prompt
def _build_context_message(
self,
prompt_file: str,
variable_name: str,
values: dict[str, history.MessageContent],
include_empty: bool,
) -> list[history.OutputMessage]:
if not include_empty and not values:
return []
return history.Message( # type: ignore[abstract]
False,
content=self.read_prompt(
prompt_file,
**{variable_name: dirty_json.stringify(values)},
),
).output()
@extension.extensible
async def handle_exception(self, location: str, exception: Exception):
if exception:
@ -664,7 +713,12 @@ class Agent:
@extension.extensible
def hist_add_message(
self, ai: bool, content: history.MessageContent, tokens: int = 0, id: str = ""
self,
ai: bool,
content: history.MessageContent,
tokens: int = 0,
id: str = "",
metadata: dict[str, Any] | None = None,
):
self.last_message = Localization.get().now()
# Allow extensions to process content before adding to history
@ -673,7 +727,11 @@ class Agent:
"hist_add_before", self, content_data=content_data, ai=ai
)
return self.history.add_message(
ai=ai, content=content_data["content"], tokens=tokens, id=id
ai=ai,
content=content_data["content"],
tokens=tokens,
id=id,
metadata=metadata,
)
@extension.extensible
@ -706,10 +764,17 @@ class Agent:
return msg
@extension.extensible
def hist_add_ai_response(self, message: str, id: str = ""):
def hist_add_ai_response(
self, message: str, id: str = "", llm_result: LLMResult | None = None
):
self.loop_data.last_response = message
content = self.parse_prompt("fw.ai_response.md", message=message)
return self.hist_add_message(True, content=content, id=id)
return self.hist_add_message(
True,
content=content,
id=id,
metadata=metadata_from_llm_result(llm_result),
)
@extension.extensible
def hist_add_warning(self, message: history.MessageContent, id: str = ""):
@ -719,13 +784,28 @@ class Agent:
@extension.extensible
def hist_add_tool_result(self, tool_name: str, tool_result: str, **kwargs):
msg_id = kwargs.pop("id", "")
responses_item = kwargs.pop("_responses_output_item", None) or kwargs.pop(
"responses_item", None
)
metadata = (
{
RESPONSE_METADATA_KEY: {
"input_items": [responses_item],
"output_items": [],
"mode": "responses",
"state": "provider",
}
}
if isinstance(responses_item, dict)
else None
)
data = {
"tool_name": tool_name,
"tool_result": tool_result,
**kwargs,
}
extension.call_extensions_sync("hist_add_tool_result", self, data=data)
return self.hist_add_message(False, content=data, id=msg_id)
return self.hist_add_message(False, content=data, id=msg_id, metadata=metadata)
def concat_messages(
self, messages
@ -830,6 +910,164 @@ class Agent:
return response, reasoning
@extension.extensible
async def call_chat_model_turn(
self,
messages: list[BaseMessage],
response_callback: Callable[[str, str], Awaitable[str | None]] | None = None,
reasoning_callback: Callable[[str, str], Awaitable[None]] | None = None,
background: bool = False,
explicit_caching: bool = True,
) -> LLMResult:
model = self.get_chat_model()
model_kwargs = getattr(model, "kwargs", {}) if model else {}
if isinstance(model_kwargs, dict) and model_kwargs.get("responses_delete_on_chat_delete") is False:
self.set_data("responses_delete_on_chat_delete", False)
response_tools, name_map = build_responses_function_tools(self)
self.set_data(Agent.DATA_NAME_RESPONSES_TOOL_NAME_MAP, name_map)
call_data = {
"model": model,
"messages": messages,
"response_callback": response_callback,
"reasoning_callback": reasoning_callback,
"background": background,
"explicit_caching": explicit_caching,
"a0_responses_function_tools": response_tools,
}
previous_state = self._responses_state_for_model(model)
if previous_state:
history_counter = int(previous_state.get("history_counter", 0) or 0)
call_data["previous_response_id"] = previous_state.get("response_id", "")
call_data["responses_input_items"] = self._responses_input_items_since(
model,
history_counter,
)
call_data["responses_local_input_items"] = self._responses_prompt_input_items(
model,
messages,
)
await extension.call_extensions_async(
"chat_model_call_before", self, call_data=call_data
)
turn_kwargs = {
"a0_responses_function_tools": call_data.get(
"a0_responses_function_tools"
),
"responses_local_input_items": call_data.get(
"responses_local_input_items"
),
}
for key in (
"responses_builtin_tools",
"responses_state",
"previous_response_id",
"responses_input_items",
):
if call_data.get(key) is not None:
turn_kwargs[key] = call_data.get(key)
llm_result = await call_data["model"].unified_turn(
messages=call_data["messages"],
reasoning_callback=call_data["reasoning_callback"],
response_callback=call_data["response_callback"],
rate_limiter_callback=(
self.rate_limiter_callback if not call_data["background"] else None
),
explicit_caching=call_data["explicit_caching"],
**turn_kwargs,
)
downgraded = llm_result.capability.get("builtin_tool_downgrades")
if downgraded:
self.context.log.log(
type="info",
heading="Responses capability downgrade",
content=(
"Provider rejected Responses built-in tool(s); omitted: "
+ ", ".join(str(item) for item in downgraded)
),
)
await extension.call_extensions_async(
"chat_model_call_after",
self,
call_data=call_data,
response=llm_result.response,
reasoning=llm_result.reasoning,
)
return llm_result
def _responses_state_for_model(self, model: Any) -> dict[str, Any]:
state = self.get_data(Agent.DATA_NAME_RESPONSES_STATE)
if not isinstance(state, dict):
return {}
provider_model_key = str(getattr(model, "model_name", "") or "")
if state.get("provider_model_key") != provider_model_key:
return {}
if not state.get("response_id"):
return {}
return state
def _responses_input_items_since(
self, model: Any, sequence: int
) -> list[dict[str, Any]]:
items: list[dict[str, Any]] = []
for message in self.history.messages_since(sequence):
items.extend(self._responses_input_items_for_message(model, message))
return items
def _responses_input_items_for_message(
self, model: Any, message: history.Message
) -> list[dict[str, Any]]:
result = result_from_metadata(message.metadata)
if result:
if message.ai and result.output_items:
return [item.to_dict() for item in result.output_items]
if not message.ai and result.input_items:
return [dict(item) for item in result.input_items]
output = message.output()
langchain_messages = history.output_langchain(output)
if hasattr(model, "_convert_messages"):
converted = model._convert_messages(langchain_messages)
return ResponsesTransport.input_from_messages(converted)
return []
def _responses_prompt_input_items(
self, model: Any, messages: list[BaseMessage]
) -> list[dict[str, Any]]:
if not hasattr(model, "_convert_messages"):
return []
converted = model._convert_messages(messages)
return ResponsesTransport.input_from_messages(converted)
def _remember_llm_result_state(
self, llm_result: LLMResult, history_message: history.Message
) -> None:
if not llm_result.response_id:
return
current = self.get_data(Agent.DATA_NAME_RESPONSES_STATE)
response_ids = []
if isinstance(current, dict) and isinstance(current.get("response_ids"), list):
response_ids = [str(item) for item in current["response_ids"] if item]
if llm_result.response_id not in response_ids:
response_ids.append(llm_result.response_id)
self.set_data(
Agent.DATA_NAME_RESPONSES_STATE,
{
"response_id": llm_result.response_id,
"previous_response_id": llm_result.previous_response_id,
"provider_model_key": llm_result.provider_model_key,
"history_counter": history_message.sequence,
"response_ids": response_ids,
},
)
@extension.extensible
async def rate_limiter_callback(
self, message: str, key: str, total: int, limit: int
@ -863,6 +1101,310 @@ class Agent:
while self.context.paused:
await asyncio.sleep(0.1)
async def process_llm_result_tools(self, llm_result: LLMResult):
await self._log_response_builtin_items(llm_result)
if llm_result.function_calls:
for function_call in llm_result.function_calls:
name_map = self.get_data(Agent.DATA_NAME_RESPONSES_TOOL_NAME_MAP)
tool_name = original_tool_name(function_call.name, name_map)
response_item_factory = lambda response, call=function_call: function_call_output_item(
call.call_id,
response.message,
)
result = await self._execute_tool_request(
tool_name=tool_name,
tool_args=function_call.arguments,
message=llm_result.response,
raw_tool_name=tool_name,
responses_item_factory=response_item_factory,
)
if result:
return result
return None
if llm_result.builtin_items and not llm_result.response:
return None
if (
llm_result.mode == "responses"
and llm_result.response
and extract_tools.json_parse_dirty(llm_result.response) is None
):
return llm_result.response
return await self.process_tools(llm_result.response)
async def _execute_tool_request(
self,
tool_name: str,
tool_args: dict,
message: str,
raw_tool_name: str = "",
responses_item_factory: Callable[[Any], dict[str, Any]] | None = None,
):
raw_tool_name = raw_tool_name or tool_name
tool_method = None
tool = None
try:
import helpers.mcp_handler as mcp_helper
mcp_tool_candidate = mcp_helper.MCPConfig.get_instance().get_tool(
self, tool_name
)
if mcp_tool_candidate:
tool = mcp_tool_candidate
except ImportError:
PrintStyle(
background_color="black", font_color="yellow", padding=True
).print("MCP helper module not found. Skipping MCP tool lookup.")
except Exception as e:
PrintStyle(background_color="black", font_color="red", padding=True).print(
f"Failed to get MCP tool '{tool_name}': {e}"
)
if not tool:
tool = self.get_tool(
name=tool_name,
method=tool_method,
args=tool_args,
message=message,
loop_data=self.loop_data,
)
if not tool:
error_detail = (
f"Tool '{raw_tool_name}' not found or could not be initialized."
)
wmsg = self.hist_add_warning(error_detail)
PrintStyle(font_color="red", padding=True).print(error_detail)
self.context.log.log(
type="warning",
content=f"{self.agent_name}: {error_detail}",
id=wmsg.id,
)
return None
self.loop_data.current_tool = tool # type: ignore
try:
await self.handle_intervention()
await tool.before_execution(**tool_args)
await self.handle_intervention()
await extension.call_extensions_async(
"tool_execute_before",
self,
tool_args=tool_args or {},
tool_name=tool_name,
)
response = await tool.execute(**tool_args)
await self.handle_intervention()
await extension.call_extensions_async(
"tool_execute_after",
self,
response=response,
tool_name=tool_name,
)
if responses_item_factory:
response.additional = {
**(response.additional or {}),
"_responses_output_item": responses_item_factory(response),
}
await tool.after_execution(response)
await self.handle_intervention()
if response.break_loop:
self._clear_responses_pending_state()
return response.message
finally:
self.loop_data.current_tool = None
return None
async def _log_response_builtin_items(self, llm_result: LLMResult) -> None:
for item in llm_result.builtin_items:
if item.type == "computer_call":
await self._handle_responses_computer_call(item.data)
continue
if item.type == "mcp_approval_request":
self._handle_responses_mcp_approval_request(item.data)
continue
self.context.log.log(
type="info",
heading=f"Responses tool item: {item.type}",
content=json.dumps(item.data, ensure_ascii=False, default=str),
)
async def _handle_responses_computer_call(self, item: dict[str, Any]) -> None:
safety_checks = item.get("pending_safety_checks") or item.get("safety_checks")
if safety_checks:
message = (
"Responses computer_call requested safety-check acknowledgement. "
"Agent Zero requires explicit user acknowledgement before executing it."
)
output_item = {
"type": "computer_call_output",
"call_id": str(item.get("call_id") or item.get("id") or ""),
"output": {"type": "input_text", "text": message},
}
self.hist_add_tool_result(
"computer_call",
message,
responses_item=output_item,
)
self.context.log.log(type="warning", content=message)
return
args = self._computer_call_args(item)
if not args:
message = "Responses computer_call action is unsupported by Agent Zero."
output_item = {
"type": "computer_call_output",
"call_id": str(item.get("call_id") or item.get("id") or ""),
"output": {"type": "input_text", "text": message},
}
self.hist_add_tool_result(
"computer_call",
message,
responses_item=output_item,
)
self.context.log.log(type="warning", content=message)
return
if args.get("action") != "start_session" and not args.get("session_id"):
session_id = str(
self.get_data(Agent.DATA_NAME_RESPONSES_COMPUTER_SESSION) or ""
)
if session_id:
args["session_id"] = session_id
response_item_factory = lambda response: self._computer_call_output_item(
item,
response,
)
result = await self._execute_tool_request(
tool_name="computer_use_remote",
tool_args=args,
message=json.dumps(item, ensure_ascii=False, default=str),
raw_tool_name="computer_call",
responses_item_factory=response_item_factory,
)
_ = result
def _handle_responses_mcp_approval_request(self, item: dict[str, Any]) -> None:
request_id = str(
item.get("approval_request_id") or item.get("id") or item.get("call_id") or ""
)
message = (
"Responses MCP approval request received. Agent Zero denied it because "
"provider-hosted MCP approval requires explicit user approval."
)
output_item = {
"type": "mcp_approval_response",
"approval_request_id": request_id,
"approve": False,
}
self.hist_add_tool_result(
"mcp_approval_request",
message,
responses_item=output_item,
)
self.context.log.log(
type="warning",
heading="Responses MCP approval required",
content=message,
)
def _computer_call_args(self, item: dict[str, Any]) -> dict[str, Any]:
action = item.get("action")
action_data = dict(action) if isinstance(action, dict) else {}
action_type = str(
action_data.get("type")
or action_data.get("action")
or item.get("action_type")
or ""
).strip().lower()
args: dict[str, Any] = {}
if action_type in {"screenshot", "capture"}:
args["action"] = "capture"
elif action_type in {"move", "mousemove"}:
args.update({"action": "move", "x": action_data.get("x"), "y": action_data.get("y")})
elif action_type in {"click", "double_click"}:
args.update(
{
"action": "click",
"x": action_data.get("x"),
"y": action_data.get("y"),
"button": action_data.get("button", "left"),
"count": 2 if action_type == "double_click" else action_data.get("count", 1),
}
)
elif action_type == "scroll":
args.update(
{
"action": "scroll",
"dx": action_data.get("dx", action_data.get("scroll_x", 0)),
"dy": action_data.get("dy", action_data.get("scroll_y", 0)),
}
)
elif action_type in {"keypress", "key"}:
args.update(
{
"action": "key",
"keys": action_data.get("keys") or action_data.get("key"),
}
)
elif action_type in {"type", "input_text"}:
args.update({"action": "type", "text": action_data.get("text", "")})
else:
return {}
session_id = item.get("session_id") or action_data.get("session_id")
if session_id:
args["session_id"] = session_id
return args
def _computer_call_output_item(
self, source_item: dict[str, Any], response: Any
) -> dict[str, Any]:
output: dict[str, Any] = {
"type": "input_text",
"text": str(getattr(response, "message", "") or ""),
}
additional = getattr(response, "additional", None)
raw_content = additional.get("raw_content") if isinstance(additional, dict) else None
if isinstance(raw_content, list):
for content in raw_content:
if not isinstance(content, dict):
continue
if content.get("type") != "image_url":
continue
image_url = content.get("image_url")
url = image_url.get("url") if isinstance(image_url, dict) else image_url
if url:
output = {"type": "input_image", "image_url": url}
break
session_id_match = re_search_session_id(str(getattr(response, "message", "") or ""))
if session_id_match:
self.set_data(Agent.DATA_NAME_RESPONSES_COMPUTER_SESSION, session_id_match)
return {
"type": "computer_call_output",
"call_id": str(source_item.get("call_id") or source_item.get("id") or ""),
"output": output,
}
def _clear_responses_pending_state(self) -> None:
state = self.get_data(Agent.DATA_NAME_RESPONSES_STATE)
if isinstance(state, dict):
state = dict(state)
state.pop("response_id", None)
state.pop("previous_response_id", None)
self.set_data(Agent.DATA_NAME_RESPONSES_STATE, state)
@extension.extensible
async def process_tools(self, msg: str):
# search for tool usage requests in agent message
@ -1037,3 +1579,8 @@ class Agent:
loop_data=loop_data,
**kwargs,
)
def re_search_session_id(text: str) -> str:
match = re.search(r"session_id=([A-Za-z0-9_.:-]+)", text or "")
return match.group(1) if match else ""

View file

@ -31,4 +31,14 @@
## Child DOX Index
No child DOX files.
Direct child DOX files:
| Child | Scope |
| --- | --- |
| [_example/AGENTS.md](_example/AGENTS.md) | Reference profile demonstrating profile-local prompts, tools, and extensions. |
| [agent0/AGENTS.md](agent0/AGENTS.md) | Main user-facing Agent Zero profile metadata. |
| [default/AGENTS.md](default/AGENTS.md) | Base profile metadata and inherited prompt specifics. |
| [developer/AGENTS.md](developer/AGENTS.md) | Software development specialist profile. |
| [hacker/AGENTS.md](hacker/AGENTS.md) | Cyber security and penetration testing specialist profile. |
| [researcher/AGENTS.md](researcher/AGENTS.md) | Research, data analysis, and reporting specialist profile. |
| [tiny-local/AGENTS.md](tiny-local/AGENTS.md) | Small/local model profile with an action-first communication prompt. |

33
agents/_example/AGENTS.md Normal file
View file

@ -0,0 +1,33 @@
# Example Agent Profile DOX
## Purpose
- Own the reference profile used to demonstrate bundled profile layout.
- Show how profile-local prompts, tools, and extensions fit beside `agent.yaml`.
## Ownership
- `agent.yaml` owns the example profile metadata.
- `prompts/` owns prompt override examples.
- `tools/` owns profile-local tool examples.
- `extensions/` owns profile-local lifecycle extension examples.
## Local Contracts
- Keep this profile generic, minimal, and safe to copy into user or plugin profile work.
- Do not add product behavior here that should live in a real bundled profile.
- Profile-local tools and extensions must follow the same contracts as root tools and extensions.
## Work Guidance
- Prefer simple examples that illustrate structure over complex behavior.
- Update related skill guidance when the example profile layout changes.
## Verification
- Manually inspect YAML and prompt filenames after edits.
- Run profile-loading tests when changing discovery or profile schema assumptions.
## Child DOX Index
No child DOX files.

31
agents/agent0/AGENTS.md Normal file
View file

@ -0,0 +1,31 @@
# Agent 0 Profile DOX
## Purpose
- Own the main user-facing Agent Zero profile metadata.
- Keep the primary assistant profile discoverable and distinct from subordinate specialist profiles.
## Ownership
- `agent.yaml` owns the profile title, description, and delegation context.
- Prompt behavior is inherited from the default profile unless a local prompt override is added.
## Local Contracts
- Keep `Agent 0` suitable as the direct conversation agent for the system.
- Do not add narrow specialist behavior that belongs in `developer/`, `researcher/`, `hacker/`, or a custom user profile.
- Do not store user-specific preferences, provider settings, or secrets in this profile.
## Work Guidance
- Keep metadata concise because it appears in profile selection and delegation contexts.
- Coordinate substantial behavior changes with default prompts and WebUI profile selection.
## Verification
- Manually inspect `agent.yaml` for valid YAML after edits.
- Run profile-loading tests when changing schema or discovery behavior.
## Child DOX Index
No child DOX files.

32
agents/default/AGENTS.md Normal file
View file

@ -0,0 +1,32 @@
# Default Agent Profile DOX
## Purpose
- Own base profile metadata and default prompt specifics inherited by specialized profiles.
- Provide the shared behavior layer for bundled and custom profiles.
## Ownership
- `agent.yaml` owns default profile metadata.
- `agent.system.main.specifics.md` owns default profile-specific system prompt content.
- Additional prompt overrides under this directory become shared defaults unless a child profile overrides them.
## Local Contracts
- Keep default behavior broad, framework-compatible, and safe for inheritance.
- Avoid role-specific instructions that belong in specialist profiles.
- Prompt filenames must match the framework prompt override names they target.
## Work Guidance
- Prefer small, explicit prompt changes with clear inheritance impact.
- Check bundled specialist profiles after changing default behavior.
## Verification
- Manually inspect YAML and prompt rendering assumptions after edits.
- Run prompt/profile tests when changing inherited prompt behavior.
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,32 @@
# Developer Agent Profile DOX
## Purpose
- Own the bundled software development specialist profile.
- Keep development, debugging, refactoring, and architecture behavior separate from general agent defaults.
## Ownership
- `agent.yaml` owns title, description, and delegation context for software development work.
- `prompts/` owns developer-specific prompt overrides when present.
- `extensions/` owns developer-specific lifecycle hooks when present.
## Local Contracts
- Keep this profile focused on software engineering tasks.
- Do not hardcode repository-local credentials, paths, or project-specific conventions.
- Prompt overrides must preserve the framework tool-call and response contracts.
## Work Guidance
- Align developer behavior with the root engineering and tool contracts.
- Prefer profile prompt edits over core prompt edits when the behavior is specific to development tasks.
## Verification
- Manually inspect `agent.yaml` for valid YAML after edits.
- Run prompt/profile tests when changing profile loading or developer prompt behavior.
## Child DOX Index
No child DOX files.

31
agents/hacker/AGENTS.md Normal file
View file

@ -0,0 +1,31 @@
# Hacker Agent Profile DOX
## Purpose
- Own the bundled cyber security and penetration testing specialist profile.
- Keep security-audit behavior scoped to this profile instead of default agent behavior.
## Ownership
- `agent.yaml` owns title, description, and delegation context for security work.
- `prompts/` owns security-specific prompt overrides when present.
## Local Contracts
- Keep the profile focused on authorized security analysis, vulnerability research, and defensive audit tasks.
- Do not add secrets, target-specific credentials, or local environment assumptions.
- Preserve the framework tool-call contract and safety expectations.
## Work Guidance
- Keep security instructions operational and bounded to legitimate testing contexts.
- Coordinate broad safety changes with core prompts and relevant tests.
## Verification
- Manually inspect `agent.yaml` for valid YAML after edits.
- Run prompt/profile tests when changing profile discovery or security prompt behavior.
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,31 @@
# Researcher Agent Profile DOX
## Purpose
- Own the bundled research, data analysis, and reporting specialist profile.
- Keep evidence-gathering and report-oriented behavior separate from general defaults.
## Ownership
- `agent.yaml` owns title, description, and delegation context for research work.
- `prompts/` owns researcher-specific prompt overrides when present.
## Local Contracts
- Keep this profile focused on information gathering, analysis, synthesis, and reporting.
- Do not bake in project-specific sources, credentials, or local paths.
- Preserve the framework tool-call and response contracts.
## Work Guidance
- Prefer prompt changes that improve citation, evidence handling, and analysis quality for research tasks.
- Coordinate broad research behavior changes with document or browser plugin contracts when relevant.
## Verification
- Manually inspect `agent.yaml` for valid YAML after edits.
- Run prompt/profile tests when changing discovery or researcher prompt behavior.
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,38 @@
# Tiny Local Agent Profile DOX
## Purpose
- Own the bundled Tiny Local profile for small/local chat models.
- Keep local-model behavior prompt-only and isolated from core framework execution.
## Ownership
- `agent.yaml` owns profile metadata for discovery and profile switching.
- `prompts/agent.system.main.communication.md` owns the local-model communication contract.
- `prompts/agent.system.main.solving.md` owns the local-model problem-solving contract and suppresses inherited visible reasoning requirements.
- `prompts/fw.msg_repeat.md` owns Tiny Local's profile-specific recovery instructions when the framework rejects a duplicate assistant message.
- `prompts/agent.system.tools.md` owns the Tiny Local tools wrapper and final output-shape reminder after tool listing.
- `prompts/agent.system.tool.*.md` files own Tiny Local-specific tool examples that avoid inherited reasoning fields and repeated writes.
## Local Contracts
- Preserve the normal Agent Zero tool-call shape: `tool_name` plus `tool_args`.
- Do not add parser repair, duplicate suppression runtime, model transport, or text-editor runtime behavior here.
- Duplicate-message handling may be tightened through profile prompts only.
- Keep prompt text short enough for small local models to follow.
- Treat continuation requests such as `proceed` or `continue` as commands to execute the next unfinished step, not as prompts for another status response.
- Do not include user-specific provider names, API keys, local paths, or secrets.
## Work Guidance
- Prefer prompt wording changes over new files when tightening this profile, except when replacing inherited tool examples for local-model compliance.
- Keep this profile suitable for Ollama, LM Studio, Qwen, and comparable local models.
## Verification
- Render the `tiny-local` system prompt after communication prompt changes.
- Run `pytest tests/test_default_prompt_budget.py` for prompt and profile regressions.
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,3 @@
title: Tiny Local
description: Action-first profile for small local models that need a minimal tool-call contract.
context: Use this agent when running small local chat models through Ollama, LM Studio, or similar providers and the model tends to explain actions instead of calling tools.

View file

@ -0,0 +1,31 @@
## Communication
You are Agent Zero. Act on the user's behalf.
When the user asks you to do something, do it directly. Do not explain how the user could do it themselves.
Your visible assistant message must be exactly one valid JSON object.
Use exactly these top-level fields: `"tool_name"` and `"tool_args"`.
Do not include markdown fences, prose before the JSON, prose after the JSON, hidden reasoning, analysis, thoughts, or headlines.
Choose a tool from the tools listed in this system prompt. Do not invent tool names, action names, or generic names such as `read`, `write`, `terminal`, or `multi`.
For a final user-facing answer, use the `response` tool.
Use `response` only when the work is complete, blocked, or the user is only acknowledging completed work.
If the user says "proceed", "continue", "go ahead", "do it", "excellent proceed", or similar after you named a next step or there is unfinished work, do not answer with a promise or status update. Call the next appropriate tool.
Final-answer shape:
`{"tool_name":"response","tool_args":{"text":"Answer briefly."}}`
For work that requires a command, file action, browser action, or any other available tool, call the appropriate tool immediately. Do not explain what command the user could run manually.
If the framework warns that your prior message was malformed, repeated, or reasoning-only, output a corrected JSON tool request immediately without explaining the warning.
When the warning says you sent the same message again, do not resend the same JSON. Change the tool, action, arguments, or final answer so the next message is meaningfully different.
{{ include "agent.system.main.communication_additions.md" }}

View file

@ -0,0 +1,18 @@
## Problem Solving
Act directly and keep hidden reasoning out of the visible JSON.
For simple questions, answer with the `response` tool.
Continuation words such as "proceed", "continue", "go ahead", "do it", and "excellent proceed" mean execute the next unfinished step. Do not respond by saying you will begin, continue, start, proceed, or investigate. Use a real tool call unless the task is already complete or blocked.
For tasks that need shell commands, files, browser actions, or other capabilities:
- choose the appropriate listed tool immediately
- keep one tool call per turn unless the `parallel` tool is listed and truly useful
- inspect outputs before deciding the next tool call
- never claim success from timeout output or a still-running command
- after a successful tool result, do not repeat the same exact tool call
- after a repeated-message warning, do not repeat the same status response or exact tool request; choose the next different executable action or report a blocker
- when finished, use the `response` tool with a brief result
Do not include `thoughts`, `headline`, analysis, plans, or prose outside the JSON object.

View file

@ -0,0 +1,24 @@
### code_execution_tool
Run terminal, Python, or Node.js commands.
Arguments in `tool_args`:
- `runtime`: `terminal`, `python`, `nodejs`, or `output`
- `code`: command or script code
- `session`: terminal session id; default `0`
- `reset`: kill a session before running; `true` or `false`
Rules:
- Put the command or script in `code`.
- Use `runtime=output` to poll running work.
- Use `input` for interactive terminal prompts.
- If a session is stuck, call this tool again with the same `session` and `reset=true`.
- Do not claim success from timeout output or a still-running command.
- When counting files, prefer `find` over `ls` so hidden files and type filters are handled.
Examples:
`{"tool_name":"code_execution_tool","tool_args":{"runtime":"terminal","session":0,"reset":false,"code":"ls -1 /tmp | wc -l"}}`
`{"tool_name":"code_execution_tool","tool_args":{"runtime":"python","session":0,"reset":false,"code":"import os\nprint(os.getcwd())"}}`
`{"tool_name":"code_execution_tool","tool_args":{"runtime":"output","session":0}}`

View file

@ -0,0 +1,13 @@
### response
Final answer to the user.
Use this tool only when the task is done, blocked, or no tool is needed.
Do not use this tool for "proceed", "continue", "go ahead", or similar continuation requests when there is an unfinished next step. Call a real tool instead.
Arguments in `tool_args`:
- `text`: concise final answer text
Example:
`{"tool_name":"response","tool_args":{"text":"There are 24 files in /tmp."}}`

View file

@ -0,0 +1,26 @@
### text_editor
Read, write, or patch Markdown and plain text files.
Actions in `tool_args.action`:
- `read`: read a file
- `write`: create or overwrite a file
- `patch`: edit an existing file
Common arguments:
- `path`: absolute file path
- `content`: full file content for `write`
- `open_in_canvas`: set `true` when the user explicitly asks to open a Markdown file in the Canvas or Editor
Rules:
- Use this tool for `.md` and plain text files.
- Use `write` to create a new Markdown file.
- If the user asks to open the file in the Canvas or Editor, include `"open_in_canvas": true` in the same `write` or `patch` call.
- After a successful write or patch result, do not repeat the same tool call. Use the `response` tool unless a different action is needed.
Examples:
`{"tool_name":"text_editor","tool_args":{"action":"write","path":"/a0/usr/workdir/TODO.md","content":"# TODO\n- [ ] First item\n","open_in_canvas":true}}`
`{"tool_name":"text_editor","tool_args":{"action":"read","path":"/a0/usr/workdir/TODO.md"}}`
`{"tool_name":"text_editor","tool_args":{"action":"patch","path":"/a0/usr/workdir/TODO.md","old_text":"- [ ] First item","new_text":"- [x] First item"}}`

View file

@ -0,0 +1,17 @@
## Available Tools
Use only the tools listed below. Match tool names exactly.
Every tool request must be exactly one JSON object with only these top-level fields:
- `tool_name`
- `tool_args`
Action names are not tool names. Do not invent top-level `multi`, `read`, `write`, `terminal`, or generic batch tools.
{{tools}}
## Tiny Local Output Rule
Some inherited tool examples may show `thoughts` or `headline`. Ignore that shape for this profile.
Do not include `thoughts`, `headline`, analysis, markdown fences, or prose outside the JSON object.

View file

@ -0,0 +1,13 @@
You have sent the same message again. You have to do something else.
Your repeated JSON was recorded, but it did not execute another tool. Do not send the same JSON object again.
Choose one different action now:
- If work is unfinished, call a real tool for the next unfinished step.
- If your previous JSON used `response` while work remains, replace it with the next real tool call.
- If a file write or patch already succeeded, read that file or answer with the observed result.
- If a command already ran, inspect its output or run a different next command.
- If the user only said "proceed" or "continue", continue with the next real tool call.
- If no different action is possible, use `response` with a brief blocker.
Output exactly one JSON object with `tool_name` and `tool_args`. No prose or markdown.

View file

@ -19,17 +19,23 @@
- Keep CSRF and authentication protections intact for browser-facing state-changing endpoints.
- WebSocket handlers must derive from `helpers.ws.WsHandler` and validate event data before using it.
- Do not return secrets, raw environment values, private files, or unfiltered exception details to clients.
- This directory is a file-documented DOX profile: every direct `*.py` endpoint or WebSocket module must have a same-directory `*.py.dox.md` file named by appending `.dox.md` to the full Python filename.
- The `*.py.dox.md` file owns endpoint purpose, request/response concepts, auth/CSRF/API-key/loopback assumptions, side effects, important helper dependencies, and verification guidance.
- When a Python endpoint is added, removed, renamed, or behaviorally changed, update its matching `*.py.dox.md` in the same change.
- Do not leave stale file-level DOX after endpoint deletion or rename.
## Work Guidance
- Use helpers for shared behavior instead of duplicating persistence, auth, file, project, plugin, or notification logic in endpoints.
- Keep request and response payloads stable; update frontend callers and tests together when payloads change.
- Prefer `Response` for files, redirects, status codes, and plain-text errors; return dictionaries for JSON success payloads.
- During the DOX pass, verify that every direct `*.py` file has a matching `*.py.dox.md` and that changed endpoint behavior is described there.
## Verification
- Run targeted `pytest tests/test_*api*.py`, endpoint-specific tests, or WebSocket tests after changing handler behavior.
- For auth, CSRF, upload/download, tunnel, or file endpoints, run the nearest security regression tests.
- Check file-level documentation coverage with a script or shell loop that verifies each `api/*.py` has a matching `api/*.py.dox.md`.
## Child DOX Index

View file

@ -1,4 +1,4 @@
from agent import Agent, AgentContext
from agent import AgentContext
from helpers import subagents
from helpers.api import ApiHandler, Request, Response
from helpers.persist_chat import save_tmp_chat
@ -39,11 +39,7 @@ class SetAgentProfile(ApiHandler):
config = initialize_agent(override_settings={"agent_profile": profile})
context.config = config
agent = context.agent0
while agent:
agent.config = config
agent = agent.get_data(Agent.DATA_NAME_SUBORDINATE)
context.agent0.config = config
save_tmp_chat(context)
mark_dirty_for_context(context.id, reason="agent_profile_change")

View file

@ -0,0 +1,48 @@
# agent_profile_set.py DOX
## Purpose
- Own the `agent_profile_set.py` API endpoint.
- This module sets the active agent profile for a chat context and returns profile label metadata.
- Keep this file-level DOX profile synchronized with `agent_profile_set.py` because this directory is intentionally flat.
## Ownership
- `agent_profile_set.py` owns the runtime implementation.
- `agent_profile_set.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `SetAgentProfile` (`ApiHandler`)
- `async process(self, input: dict, request: Request) -> dict | Response`
- Top-level functions:
- `_agent_profile_labels() -> dict[str, str]`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `SetAgentProfile` is an `ApiHandler`.
- `SetAgentProfile` defines `process(...)`.
- Observed side-effect areas: filesystem writes, settings/state persistence.
- Switching a chat profile updates the context and top-level agent profile only; existing subordinate agents keep their own profile configs.
- Imported dependency areas include: `agent`, `helpers`, `helpers.api`, `helpers.persist_chat`, `helpers.state_monitor_integration`.
## Key Concepts
- Important called helpers/classes observed in the source: `str.strip`, `context.is_running`, `_agent_profile_labels`, `initialize_agent`, `context.agent0.config`, `save_tmp_chat`, `mark_dirty_for_context`, `subagents.get_all_agents_list`, `Response`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- Related tests observed by source search:
- `tests/test_subagent_profiles.py`
## Child DOX Index
No child DOX files.

48
api/agents.py.dox.md Normal file
View file

@ -0,0 +1,48 @@
# agents.py DOX
## Purpose
- Own the `agents.py` API endpoint.
- This module lists available agent profiles for selection and delegation UI flows.
- Keep this file-level DOX profile synchronized with `agents.py` because this directory is intentionally flat.
## Ownership
- `agents.py` owns the runtime implementation.
- `agents.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `Agents` (`ApiHandler`)
- `async process(self, input: Input, request: Request) -> Output`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `Agents` is an `ApiHandler`.
- `Agents` defines `process(...)`.
- Imported dependency areas include: `helpers`, `helpers.api`.
## Key Concepts
- Important called helpers/classes observed in the source: `subagents.get_all_agents_list`, `Exception`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- Related tests observed by source search:
- `tests/test_default_prompt_budget.py`
- `tests/test_office_document_store.py`
- `tests/test_projects.py`
- `tests/test_skills_runtime.py`
- `tests/test_time_travel.py`
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,52 @@
# api_files_get.py DOX
## Purpose
- Own the `api_files_get.py` API endpoint.
- This module returns downloadable or inspectable files exposed through the external API surface.
- Keep this file-level DOX profile synchronized with `api_files_get.py` because this directory is intentionally flat.
## Ownership
- `api_files_get.py` owns the runtime implementation.
- `api_files_get.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `ApiFilesGet` (`ApiHandler`)
- `requires_auth(cls) -> bool`
- `requires_csrf(cls) -> bool`
- `requires_api_key(cls) -> bool`
- `get_methods(cls) -> list[str]`
- `async process(self, input: dict, request: Request) -> dict | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `ApiFilesGet` is an `ApiHandler`.
- `ApiFilesGet` defines `process(...)`.
- `ApiFilesGet` defines `get_methods(...)`.
- `ApiFilesGet` defines `requires_auth(...)`.
- `ApiFilesGet` defines `requires_csrf(...)`.
- `ApiFilesGet` defines `requires_api_key(...)`.
- Observed side-effect areas: filesystem reads, filesystem writes, settings/state persistence.
- Imported dependency areas include: `base64`, `helpers`, `helpers.api`, `helpers.print_style`, `json`, `os`.
## Key Concepts
- Important called helpers/classes observed in the source: `Response`, `PrintStyle.error`, `path.startswith`, `PrintStyle`, `json.dumps`, `path.replace`, `files.get_abs_path`, `os.path.basename`, `os.path.exists`, `PrintStyle.warning`, `f.read`, `base64.b64encode.decode`, `base64.b64encode`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

52
api/api_log_get.py.dox.md Normal file
View file

@ -0,0 +1,52 @@
# api_log_get.py DOX
## Purpose
- Own the `api_log_get.py` API endpoint.
- This module returns API/chat log data for external API clients.
- Keep this file-level DOX profile synchronized with `api_log_get.py` because this directory is intentionally flat.
## Ownership
- `api_log_get.py` owns the runtime implementation.
- `api_log_get.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `ApiLogGet` (`ApiHandler`)
- `get_methods(cls) -> list[str]`
- `requires_auth(cls) -> bool`
- `requires_csrf(cls) -> bool`
- `requires_api_key(cls) -> bool`
- `async process(self, input: dict, request: Request) -> dict | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `ApiLogGet` is an `ApiHandler`.
- `ApiLogGet` defines `process(...)`.
- `ApiLogGet` defines `get_methods(...)`.
- `ApiLogGet` defines `requires_auth(...)`.
- `ApiLogGet` defines `requires_csrf(...)`.
- `ApiLogGet` defines `requires_api_key(...)`.
- Observed side-effect areas: settings/state persistence, secret handling.
- Imported dependency areas include: `agent`, `helpers.api`.
## Key Concepts
- Important called helpers/classes observed in the source: `AgentContext.use`, `Response`, `context.log.output`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

51
api/api_message.py.dox.md Normal file
View file

@ -0,0 +1,51 @@
# api_message.py DOX
## Purpose
- Own the `api_message.py` API endpoint.
- This module accepts external API messages and dispatches them into Agent Zero chat processing.
- Keep this file-level DOX profile synchronized with `api_message.py` because this directory is intentionally flat.
## Ownership
- `api_message.py` owns the runtime implementation.
- `api_message.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `ApiMessage` (`ApiHandler`)
- `requires_auth(cls) -> bool`
- `requires_csrf(cls) -> bool`
- `requires_api_key(cls) -> bool`
- `async process(self, input: dict, request: Request) -> dict | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `ApiMessage` is an `ApiHandler`.
- `ApiMessage` defines `process(...)`.
- `ApiMessage` defines `requires_auth(...)`.
- `ApiMessage` defines `requires_csrf(...)`.
- `ApiMessage` defines `requires_api_key(...)`.
- Observed side-effect areas: filesystem reads, filesystem writes, settings/state persistence, secret handling, scheduler state.
- Imported dependency areas include: `agent`, `base64`, `datetime`, `helpers`, `helpers.api`, `helpers.print_style`, `helpers.projects`, `helpers.security`, `initialize`, `os`, `uuid`.
## Key Concepts
- Important called helpers/classes observed in the source: `context.set_data`, `datetime.now`, `Response`, `files.get_abs_path`, `os.makedirs`, `AgentContext.use`, `context.get_data`, `initialize_agent`, `AgentContext`, `context.log.log`, `context.communicate`, `ValueError`, `uuid.uuid4`, `UserMessage`, `task.result`, `PrintStyle.error`, `safe_filename`, `base64.b64decode`, `os.path.join`, `activate_project`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- Related tests observed by source search:
- `tests/test_api_chat_lifetime.py`
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,52 @@
# api_reset_chat.py DOX
## Purpose
- Own the `api_reset_chat.py` API endpoint.
- This module resets an API-created chat context.
- Keep this file-level DOX profile synchronized with `api_reset_chat.py` because this directory is intentionally flat.
## Ownership
- `api_reset_chat.py` owns the runtime implementation.
- `api_reset_chat.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `ApiResetChat` (`ApiHandler`)
- `requires_auth(cls) -> bool`
- `requires_csrf(cls) -> bool`
- `requires_api_key(cls) -> bool`
- `get_methods(cls) -> list[str]`
- `async process(self, input: dict, request: Request) -> dict | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `ApiResetChat` is an `ApiHandler`.
- `ApiResetChat` defines `process(...)`.
- `ApiResetChat` defines `get_methods(...)`.
- `ApiResetChat` defines `requires_auth(...)`.
- `ApiResetChat` defines `requires_csrf(...)`.
- `ApiResetChat` defines `requires_api_key(...)`.
- Observed side-effect areas: filesystem writes, filesystem deletion, settings/state persistence.
- Imported dependency areas include: `agent`, `helpers`, `helpers.api`, `helpers.print_style`, `json`.
## Key Concepts
- Important called helpers/classes observed in the source: `AgentContext.use`, `context.reset`, `persist_chat.save_tmp_chat`, `persist_chat.remove_msg_files`, `Response`, `PrintStyle.error`, `PrintStyle`, `json.dumps`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,52 @@
# api_terminate_chat.py DOX
## Purpose
- Own the `api_terminate_chat.py` API endpoint.
- This module terminates an API-created chat context.
- Keep this file-level DOX profile synchronized with `api_terminate_chat.py` because this directory is intentionally flat.
## Ownership
- `api_terminate_chat.py` owns the runtime implementation.
- `api_terminate_chat.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `ApiTerminateChat` (`ApiHandler`)
- `requires_auth(cls) -> bool`
- `requires_csrf(cls) -> bool`
- `requires_api_key(cls) -> bool`
- `get_methods(cls) -> list[str]`
- `async process(self, input: dict, request: Request) -> dict | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `ApiTerminateChat` is an `ApiHandler`.
- `ApiTerminateChat` defines `process(...)`.
- `ApiTerminateChat` defines `get_methods(...)`.
- `ApiTerminateChat` defines `requires_auth(...)`.
- `ApiTerminateChat` defines `requires_csrf(...)`.
- `ApiTerminateChat` defines `requires_api_key(...)`.
- Observed side-effect areas: filesystem writes, filesystem deletion, settings/state persistence.
- Imported dependency areas include: `agent`, `helpers.api`, `helpers.persist_chat`, `helpers.print_style`, `json`.
## Key Concepts
- Important called helpers/classes observed in the source: `AgentContext.use`, `AgentContext.remove`, `remove_chat`, `Response`, `PrintStyle.error`, `PrintStyle`, `json.dumps`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,49 @@
# backup_create.py DOX
## Purpose
- Own the `backup_create.py` API endpoint.
- This module handles backup create requests.
- Keep this file-level DOX profile synchronized with `backup_create.py` because this directory is intentionally flat.
## Ownership
- `backup_create.py` owns the runtime implementation.
- `backup_create.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `BackupCreate` (`ApiHandler`)
- `requires_auth(cls) -> bool`
- `requires_loopback(cls) -> bool`
- `async process(self, input: dict, request: Request) -> dict | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `BackupCreate` is an `ApiHandler`.
- `BackupCreate` defines `process(...)`.
- `BackupCreate` defines `requires_auth(...)`.
- `BackupCreate` defines `requires_loopback(...)`.
- Observed side-effect areas: filesystem writes.
- Imported dependency areas include: `helpers.api`, `helpers.backup`, `helpers.persist_chat`.
## Key Concepts
- Important called helpers/classes observed in the source: `save_tmp_chats`, `BackupService`, `send_file`, `backup_service.create_backup`, `line.strip`, `line.startswith`, `patterns_string.split`, `line.strip.startswith`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- Related tests observed by source search:
- `tests/test_download_toast_regressions.py`
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,47 @@
# backup_get_defaults.py DOX
## Purpose
- Own the `backup_get_defaults.py` API endpoint.
- This module handles backup get defaults requests.
- Keep this file-level DOX profile synchronized with `backup_get_defaults.py` because this directory is intentionally flat.
## Ownership
- `backup_get_defaults.py` owns the runtime implementation.
- `backup_get_defaults.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `BackupGetDefaults` (`ApiHandler`)
- `requires_auth(cls) -> bool`
- `requires_loopback(cls) -> bool`
- `async process(self, input: dict, request: Request) -> dict | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `BackupGetDefaults` is an `ApiHandler`.
- `BackupGetDefaults` defines `process(...)`.
- `BackupGetDefaults` defines `requires_auth(...)`.
- `BackupGetDefaults` defines `requires_loopback(...)`.
- Imported dependency areas include: `helpers.api`, `helpers.backup`.
## Key Concepts
- Important called helpers/classes observed in the source: `BackupService`, `backup_service.get_default_backup_metadata`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,47 @@
# backup_inspect.py DOX
## Purpose
- Own the `backup_inspect.py` API endpoint.
- This module handles backup inspect requests.
- Keep this file-level DOX profile synchronized with `backup_inspect.py` because this directory is intentionally flat.
## Ownership
- `backup_inspect.py` owns the runtime implementation.
- `backup_inspect.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `BackupInspect` (`ApiHandler`)
- `requires_auth(cls) -> bool`
- `requires_loopback(cls) -> bool`
- `async process(self, input: dict, request: Request) -> dict | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `BackupInspect` is an `ApiHandler`.
- `BackupInspect` defines `process(...)`.
- `BackupInspect` defines `requires_auth(...)`.
- `BackupInspect` defines `requires_loopback(...)`.
- Imported dependency areas include: `helpers.api`, `helpers.backup`, `werkzeug.datastructures`.
## Key Concepts
- Important called helpers/classes observed in the source: `BackupService`, `backup_service.inspect_backup`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,47 @@
# backup_preview_grouped.py DOX
## Purpose
- Own the `backup_preview_grouped.py` API endpoint.
- This module handles backup preview grouped requests.
- Keep this file-level DOX profile synchronized with `backup_preview_grouped.py` because this directory is intentionally flat.
## Ownership
- `backup_preview_grouped.py` owns the runtime implementation.
- `backup_preview_grouped.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `BackupPreviewGrouped` (`ApiHandler`)
- `requires_auth(cls) -> bool`
- `requires_loopback(cls) -> bool`
- `async process(self, input: dict, request: Request) -> dict | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `BackupPreviewGrouped` is an `ApiHandler`.
- `BackupPreviewGrouped` defines `process(...)`.
- `BackupPreviewGrouped` defines `requires_auth(...)`.
- `BackupPreviewGrouped` defines `requires_loopback(...)`.
- Imported dependency areas include: `helpers.api`, `helpers.backup`, `typing`.
## Key Concepts
- Important called helpers/classes observed in the source: `BackupService`, `search_filter.strip`, `backup_service.test_patterns`, `search_filter.lower`, `path.strip.split`, `line.strip`, `line.startswith`, `groups.add`, `patterns_string.split`, `path.strip`, `join`, `f.lower`, `line.strip.startswith`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,49 @@
# backup_restore.py DOX
## Purpose
- Own the `backup_restore.py` API endpoint.
- This module handles backup restore requests.
- Keep this file-level DOX profile synchronized with `backup_restore.py` because this directory is intentionally flat.
## Ownership
- `backup_restore.py` owns the runtime implementation.
- `backup_restore.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `BackupRestore` (`ApiHandler`)
- `requires_auth(cls) -> bool`
- `requires_loopback(cls) -> bool`
- `async process(self, input: dict, request: Request) -> dict | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `BackupRestore` is an `ApiHandler`.
- `BackupRestore` defines `process(...)`.
- `BackupRestore` defines `requires_auth(...)`.
- `BackupRestore` defines `requires_loopback(...)`.
- Observed side-effect areas: filesystem writes, filesystem deletion, settings/state persistence.
- Imported dependency areas include: `helpers.api`, `helpers.backup`, `helpers.persist_chat`, `json`, `werkzeug.datastructures`.
## Key Concepts
- Important called helpers/classes observed in the source: `request.form.get.lower`, `json.loads`, `BackupService`, `load_tmp_chats`, `backup_service.restore_backup`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- Related tests observed by source search:
- `tests/test_self_update_tag_filter.py`
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,48 @@
# backup_restore_preview.py DOX
## Purpose
- Own the `backup_restore_preview.py` API endpoint.
- This module handles backup restore preview requests.
- Keep this file-level DOX profile synchronized with `backup_restore_preview.py` because this directory is intentionally flat.
## Ownership
- `backup_restore_preview.py` owns the runtime implementation.
- `backup_restore_preview.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `BackupRestorePreview` (`ApiHandler`)
- `requires_auth(cls) -> bool`
- `requires_loopback(cls) -> bool`
- `async process(self, input: dict, request: Request) -> dict | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `BackupRestorePreview` is an `ApiHandler`.
- `BackupRestorePreview` defines `process(...)`.
- `BackupRestorePreview` defines `requires_auth(...)`.
- `BackupRestorePreview` defines `requires_loopback(...)`.
- Observed side-effect areas: filesystem deletion, settings/state persistence.
- Imported dependency areas include: `helpers.api`, `helpers.backup`, `json`, `werkzeug.datastructures`.
## Key Concepts
- Important called helpers/classes observed in the source: `request.form.get.lower`, `json.loads`, `BackupService`, `backup_service.preview_restore`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

View file

@ -47,12 +47,13 @@ class BackupTest(ApiHandler):
backup_service = BackupService()
matched_files = await backup_service.test_patterns(metadata, max_files=max_files)
truncated = max_files is not None and len(matched_files) >= max_files
return {
"success": True,
"files": matched_files,
"total_count": len(matched_files),
"truncated": len(matched_files) >= max_files
"truncated": truncated
}
except Exception as e:

48
api/backup_test.py.dox.md Normal file
View file

@ -0,0 +1,48 @@
# backup_test.py DOX
## Purpose
- Own the `backup_test.py` API endpoint.
- This module handles backup test requests.
- Keep this file-level DOX profile synchronized with `backup_test.py` because this directory is intentionally flat.
## Ownership
- `backup_test.py` owns the runtime implementation.
- `backup_test.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `BackupTest` (`ApiHandler`)
- `requires_auth(cls) -> bool`
- `requires_loopback(cls) -> bool`
- `async process(self, input: dict, request: Request) -> dict | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `BackupTest` is an `ApiHandler`.
- `BackupTest` defines `process(...)`.
- `BackupTest` defines `requires_auth(...)`.
- `BackupTest` defines `requires_loopback(...)`.
- Imported dependency areas include: `helpers.api`, `helpers.backup`.
- The `truncated` response flag is true only when a finite `max_files` limit is supplied and the result reaches that limit.
## Key Concepts
- Important called helpers/classes observed in the source: `BackupService`, `backup_service.test_patterns`, `line.strip`, `line.startswith`, `patterns_string.split`, `line.strip.startswith`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

46
api/banners.py.dox.md Normal file
View file

@ -0,0 +1,46 @@
# banners.py DOX
## Purpose
- Own the `banners.py` API endpoint.
- This module collects alert banners and discovery cards from backend extensions.
- Keep this file-level DOX profile synchronized with `banners.py` because this directory is intentionally flat.
## Ownership
- `banners.py` owns the runtime implementation.
- `banners.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `GetBanners` (`ApiHandler`)
- `async process(self, input: dict, request: Request) -> dict | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `GetBanners` is an `ApiHandler`.
- `GetBanners` defines `process(...)`.
- Imported dependency areas include: `helpers.api`, `helpers.extension`.
## Key Concepts
- Important called helpers/classes observed in the source: `call_extensions_async`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- Related tests observed by source search:
- `tests/test_model_config_api_keys.py`
- `tests/test_oauth_static.py`
- `tests/test_webui_extension_surfaces.py`
## Child DOX Index
No child DOX files.

53
api/cache_reset.py.dox.md Normal file
View file

@ -0,0 +1,53 @@
# cache_reset.py DOX
## Purpose
- Own the `cache_reset.py` API endpoint.
- This module handles cache reset API requests.
- Keep this file-level DOX profile synchronized with `cache_reset.py` because this directory is intentionally flat.
## Ownership
- `cache_reset.py` owns the runtime implementation.
- `cache_reset.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `CacheReset` (`ApiHandler`)
- `requires_auth(cls) -> bool`
- `requires_csrf(cls) -> bool`
- `requires_api_key(cls) -> bool`
- `requires_loopback(cls) -> bool`
- `get_methods(cls) -> list[str]`
- `async process(self, input: dict, request: Request) -> dict | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `CacheReset` is an `ApiHandler`.
- `CacheReset` defines `process(...)`.
- `CacheReset` defines `get_methods(...)`.
- `CacheReset` defines `requires_auth(...)`.
- `CacheReset` defines `requires_csrf(...)`.
- `CacheReset` defines `requires_api_key(...)`.
- `CacheReset` defines `requires_loopback(...)`.
- Imported dependency areas include: `helpers`, `helpers.api`.
## Key Concepts
- Important called helpers/classes observed in the source: `cache.clear_all`, `cache.clear`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

45
api/chat_create.py.dox.md Normal file
View file

@ -0,0 +1,45 @@
# chat_create.py DOX
## Purpose
- Own the `chat_create.py` API endpoint.
- This module handles chat create requests.
- Keep this file-level DOX profile synchronized with `chat_create.py` because this directory is intentionally flat.
## Ownership
- `chat_create.py` owns the runtime implementation.
- `chat_create.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `CreateChat` (`ApiHandler`)
- `async process(self, input: Input, request: Request) -> Output`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `CreateChat` is an `ApiHandler`.
- `CreateChat` defines `process(...)`.
- Observed side-effect areas: filesystem writes, model calls, plugin state, settings/state persistence.
- Imported dependency areas include: `agent`, `helpers`, `helpers.api`.
## Key Concepts
- Important called helpers/classes observed in the source: `self.use_context`, `mark_dirty_all`, `guids.generate_id`, `current_context.get_data`, `current_context.get_output_data`, `new_context.set_data`, `new_context.set_output_data`, `is_chat_override_allowed`, `settings.get_settings`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- Related tests observed by source search:
- `tests/test_browser_agent_regressions.py`
## Child DOX Index
No child DOX files.

44
api/chat_export.py.dox.md Normal file
View file

@ -0,0 +1,44 @@
# chat_export.py DOX
## Purpose
- Own the `chat_export.py` API endpoint.
- This module handles chat export requests.
- Keep this file-level DOX profile synchronized with `chat_export.py` because this directory is intentionally flat.
## Ownership
- `chat_export.py` owns the runtime implementation.
- `chat_export.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `ExportChat` (`ApiHandler`)
- `async process(self, input: Input, request: Request) -> Output`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `ExportChat` is an `ApiHandler`.
- `ExportChat` defines `process(...)`.
- Observed side-effect areas: filesystem writes.
- Imported dependency areas include: `helpers`, `helpers.api`.
## Key Concepts
- Important called helpers/classes observed in the source: `self.use_context`, `persist_chat.export_json_chat`, `Exception`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,44 @@
# chat_files_path_get.py DOX
## Purpose
- Own the `chat_files_path_get.py` API endpoint.
- This module handles chat files path get requests.
- Keep this file-level DOX profile synchronized with `chat_files_path_get.py` because this directory is intentionally flat.
## Ownership
- `chat_files_path_get.py` owns the runtime implementation.
- `chat_files_path_get.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `GetChatFilesPath` (`ApiHandler`)
- `async process(self, input: dict, request: Request) -> dict | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `GetChatFilesPath` is an `ApiHandler`.
- `GetChatFilesPath` defines `process(...)`.
- Observed side-effect areas: settings/state persistence.
- Imported dependency areas include: `helpers`, `helpers.api`.
## Key Concepts
- Important called helpers/classes observed in the source: `self.use_context`, `projects.get_context_project_name`, `Exception`, `files.normalize_a0_path`, `projects.get_project_folder`, `settings.get_settings`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

44
api/chat_load.py.dox.md Normal file
View file

@ -0,0 +1,44 @@
# chat_load.py DOX
## Purpose
- Own the `chat_load.py` API endpoint.
- This module handles chat load requests.
- Keep this file-level DOX profile synchronized with `chat_load.py` because this directory is intentionally flat.
## Ownership
- `chat_load.py` owns the runtime implementation.
- `chat_load.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `LoadChats` (`ApiHandler`)
- `async process(self, input: Input, request: Request) -> Output`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `LoadChats` is an `ApiHandler`.
- `LoadChats` defines `process(...)`.
- Observed side-effect areas: filesystem writes.
- Imported dependency areas include: `helpers`, `helpers.api`.
## Key Concepts
- Important called helpers/classes observed in the source: `persist_chat.load_json_chats`, `Exception`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

44
api/chat_remove.py.dox.md Normal file
View file

@ -0,0 +1,44 @@
# chat_remove.py DOX
## Purpose
- Own the `chat_remove.py` API endpoint.
- This module handles chat remove requests.
- Keep this file-level DOX profile synchronized with `chat_remove.py` because this directory is intentionally flat.
## Ownership
- `chat_remove.py` owns the runtime implementation.
- `chat_remove.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `RemoveChat` (`ApiHandler`)
- `async process(self, input: Input, request: Request) -> Output`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `RemoveChat` is an `ApiHandler`.
- `RemoveChat` defines `process(...)`.
- Observed side-effect areas: filesystem writes, filesystem deletion, settings/state persistence, scheduler state.
- Imported dependency areas include: `agent`, `helpers`, `helpers.api`, `helpers.task_scheduler`.
## Key Concepts
- Important called helpers/classes observed in the source: `scheduler.cancel_tasks_by_context`, `AgentContext.use`, `AgentContext.remove`, `persist_chat.remove_chat`, `scheduler.get_tasks_by_context_id`, `mark_dirty_all`, `context.reset`, `scheduler.reload`, `scheduler.remove_task_by_uuid`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

44
api/chat_reset.py.dox.md Normal file
View file

@ -0,0 +1,44 @@
# chat_reset.py DOX
## Purpose
- Own the `chat_reset.py` API endpoint.
- This module handles chat reset requests.
- Keep this file-level DOX profile synchronized with `chat_reset.py` because this directory is intentionally flat.
## Ownership
- `chat_reset.py` owns the runtime implementation.
- `chat_reset.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `Reset` (`ApiHandler`)
- `async process(self, input: Input, request: Request) -> Output`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `Reset` is an `ApiHandler`.
- `Reset` defines `process(...)`.
- Observed side-effect areas: filesystem writes, filesystem deletion, settings/state persistence, scheduler state.
- Imported dependency areas include: `helpers`, `helpers.api`, `helpers.task_scheduler`.
## Key Concepts
- Important called helpers/classes observed in the source: `TaskScheduler.get.cancel_tasks_by_context`, `self.use_context`, `context.reset`, `persist_chat.save_tmp_chat`, `persist_chat.remove_msg_files`, `mark_dirty_all`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

57
api/csrf_token.py.dox.md Normal file
View file

@ -0,0 +1,57 @@
# csrf_token.py DOX
## Purpose
- Own the `csrf_token.py` API endpoint.
- This module issues or refreshes CSRF tokens for browser API clients.
- Keep this file-level DOX profile synchronized with `csrf_token.py` because this directory is intentionally flat.
## Ownership
- `csrf_token.py` owns the runtime implementation.
- `csrf_token.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `GetCsrfToken` (`ApiHandler`)
- `get_methods(cls) -> list[str]`
- `requires_csrf(cls) -> bool`
- `async process(self, input: Input, request: Request) -> Output`
- `async check_allowed_origin(self, request: Request)`
- `async is_allowed_origin(self, request: Request)`
- `get_origin_from_request(self, request: Request)`
- `async get_allowed_origins(self) -> list[str]`
- `get_default_allowed_origins(self) -> list[str]`
- Notable constants/configuration names: `ALLOWED_ORIGINS_KEY`.
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `GetCsrfToken` is an `ApiHandler`.
- `GetCsrfToken` defines `process(...)`.
- `GetCsrfToken` defines `get_methods(...)`.
- `GetCsrfToken` defines `requires_csrf(...)`.
- Observed side-effect areas: filesystem writes, network calls, secret handling, tunnel state.
- Imported dependency areas include: `fnmatch`, `helpers`, `helpers.api`, `secrets`, `urllib.parse`.
## Key Concepts
- Important called helpers/classes observed in the source: `login.is_login_required`, `self.initialize_allowed_origins`, `self.get_origin_from_request`, `urlparse`, `dotenv.get_dotenv_value`, `self.get_default_allowed_origins`, `dotenv.save_dotenv_value`, `self.check_allowed_origin`, `secrets.token_urlsafe`, `runtime.get_runtime_id`, `self.is_allowed_origin`, `self.get_allowed_origins`, `origin.strip`, `join`, `fnmatch.fnmatch`, `split`, `tunnel_api_process`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- Related tests observed by source search:
- `tests/test_http_auth_csrf.py`
- `tests/test_self_update_tag_filter.py`
- `tests/test_ws_security.py`
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,44 @@
# ctx_window_get.py DOX
## Purpose
- Own the `ctx_window_get.py` API endpoint.
- This module handles ctx window get API requests.
- Keep this file-level DOX profile synchronized with `ctx_window_get.py` because this directory is intentionally flat.
## Ownership
- `ctx_window_get.py` owns the runtime implementation.
- `ctx_window_get.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `GetCtxWindow` (`ApiHandler`)
- `async process(self, input: Input, request: Request) -> Output`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `GetCtxWindow` is an `ApiHandler`.
- `GetCtxWindow` defines `process(...)`.
- Observed side-effect areas: secret handling.
- Imported dependency areas include: `helpers`, `helpers.api`.
## Key Concepts
- Important called helpers/classes observed in the source: `self.use_context`, `agent.get_data`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,46 @@
# delete_work_dir_file.py DOX
## Purpose
- Own the `delete_work_dir_file.py` API endpoint.
- This module handles workdir file operations for delete work dir file.
- Keep this file-level DOX profile synchronized with `delete_work_dir_file.py` because this directory is intentionally flat.
## Ownership
- `delete_work_dir_file.py` owns the runtime implementation.
- `delete_work_dir_file.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `DeleteWorkDirFile` (`ApiHandler`)
- `async process(self, input: Input, request: Request) -> Output`
- Top-level functions:
- `async delete_file(file_path: str)`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `DeleteWorkDirFile` is an `ApiHandler`.
- `DeleteWorkDirFile` defines `process(...)`.
- Observed side-effect areas: filesystem deletion.
- Imported dependency areas include: `api`, `helpers`, `helpers.api`, `helpers.file_browser`.
## Key Concepts
- Important called helpers/classes observed in the source: `FileBrowser`, `browser.delete_file`, `file_path.startswith`, `runtime.call_development_function`, `extension.call_extensions_async`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,47 @@
# delete_work_dir_files.py DOX
## Purpose
- Own the `delete_work_dir_files.py` API endpoint.
- This module handles workdir file operations for delete work dir files.
- Keep this file-level DOX profile synchronized with `delete_work_dir_files.py` because this directory is intentionally flat.
## Ownership
- `delete_work_dir_files.py` owns the runtime implementation.
- `delete_work_dir_files.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `DeleteWorkDirFiles` (`ApiHandler`)
- `async process(self, input: Input, request: Request) -> Output`
- Top-level functions:
- `async delete_files(paths: list[str]) -> dict`
- `collapse_nested_paths(paths: list[str]) -> list[str]`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `DeleteWorkDirFiles` is an `ApiHandler`.
- `DeleteWorkDirFiles` defines `process(...)`.
- Observed side-effect areas: filesystem deletion.
- Imported dependency areas include: `api`, `api.download_work_dir_files`, `helpers`, `helpers.api`, `helpers.file_browser`.
## Key Concepts
- Important called helpers/classes observed in the source: `FileBrowser`, `collapse_nested_paths`, `browser.delete_file`, `normalize_paths`, `runtime.call_development_function`, `path.strip`, `extension.call_extensions_async`, `item.count`, `clean_path.startswith`, `parent.rstrip`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,53 @@
# download_work_dir_file.py DOX
## Purpose
- Own the `download_work_dir_file.py` API endpoint.
- This module handles workdir file operations for download work dir file.
- Keep this file-level DOX profile synchronized with `download_work_dir_file.py` because this directory is intentionally flat.
## Ownership
- `download_work_dir_file.py` owns the runtime implementation.
- `download_work_dir_file.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `DownloadFile` (`ApiHandler`)
- `get_methods(cls)`
- `async process(self, input: Input, request: Request) -> Output`
- Top-level functions:
- `stream_file_download(file_source, download_name, chunk_size=...)`: Create a streaming response for file downloads that shows progress in browser.
- `make_disposition(download_name: str) -> str`
- `resolve_download_path(path: str) -> str`: Resolve a requested download path and keep it within the runtime base dir.
- `async fetch_file(path)`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `DownloadFile` is an `ApiHandler`.
- `DownloadFile` defines `process(...)`.
- `DownloadFile` defines `get_methods(...)`.
- Observed side-effect areas: filesystem reads, network calls.
- Imported dependency areas include: `api`, `base64`, `flask`, `helpers`, `helpers.api`, `io`, `mimetypes`, `os`, `pathlib`, `urllib.parse`.
## Key Concepts
- Important called helpers/classes observed in the source: `mimetypes.guess_type`, `Response`, `quote`, `Path.resolve`, `Path`, `candidate.is_absolute`, `os.path.getsize`, `generate`, `download_name.encode.decode`, `candidate.resolve`, `resolve`, `resolved.relative_to`, `Exception`, `file.read`, `base64.b64encode.decode`, `file_source.tell`, `file_source.seek`, `ValueError`, `file_path.startswith`, `runtime.call_development_function`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- Related tests observed by source search:
- `tests/test_download_toast_regressions.py`
- `tests/test_office_canvas_setup.py`
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,54 @@
# download_work_dir_files.py DOX
## Purpose
- Own the `download_work_dir_files.py` API endpoint.
- This module handles workdir file operations for download work dir files.
- Keep this file-level DOX profile synchronized with `download_work_dir_files.py` because this directory is intentionally flat.
## Ownership
- `download_work_dir_files.py` owns the runtime implementation.
- `download_work_dir_files.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `DownloadFiles` (`ApiHandler`)
- `async process(self, input: Input, request: Request) -> Output`
- Top-level functions:
- `normalize_paths(paths) -> list[str]`
- `selected_archive_name(count: int) -> str`
- `create_selected_zip(paths: list[str], current_path: str=...) -> str`
- `resolve_download_path(path: str, base_dir: Path) -> Path`
- `collapse_nested_paths(paths: list[Path]) -> list[Path]`
- `archive_root_name(source_path: Path, current_dir: Path | None, base_dir: Path) -> str`
- `unique_archive_name(name: str, used_names: set[str]) -> str`
- `write_zip_entry(zip_file: zipfile.ZipFile, source_path: Path, arc_root: str) -> None`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `DownloadFiles` is an `ApiHandler`.
- `DownloadFiles` defines `process(...)`.
- Observed side-effect areas: filesystem reads, filesystem writes, filesystem deletion.
- Imported dependency areas include: `api.download_work_dir_file`, `base64`, `flask`, `helpers`, `helpers.api`, `helpers.localization`, `io`, `os`, `pathlib`, `tempfile`, `zipfile`.
## Key Concepts
- Important called helpers/classes observed in the source: `Localization.get.now.strftime`, `Path.resolve`, `normalize_paths`, `collapse_nested_paths`, `Path`, `os.path.splitext`, `source_path.is_dir`, `zip_file.write`, `selected_archive_name`, `runtime.is_development`, `stream_file_download`, `ValueError`, `raw_path.strip`, `resolve_download_path`, `current_dir.is_file`, `resolved.exists`, `FileNotFoundError`, `tempfile.NamedTemporaryFile`, `zipfile.ZipFile`, `candidate.is_absolute`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- Related tests observed by source search:
- `tests/test_download_toast_regressions.py`
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,50 @@
# edit_work_dir_file.py DOX
## Purpose
- Own the `edit_work_dir_file.py` API endpoint.
- This module handles workdir file operations for edit work dir file.
- Keep this file-level DOX profile synchronized with `edit_work_dir_file.py` because this directory is intentionally flat.
## Ownership
- `edit_work_dir_file.py` owns the runtime implementation.
- `edit_work_dir_file.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `EditWorkDirFile` (`ApiHandler`)
- `get_methods(cls)`
- `async process(self, input: Input, request: Request) -> Output`
- Top-level functions:
- `async load_file(file_path: str) -> dict`
- `save_file(file_path: str, content: str) -> bool`
- Notable constants/configuration names: `MAX_EDIT_FILE_SIZE`, `BINARY_SAMPLE_SIZE`.
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `EditWorkDirFile` is an `ApiHandler`.
- `EditWorkDirFile` defines `process(...)`.
- `EditWorkDirFile` defines `get_methods(...)`.
- Observed side-effect areas: filesystem reads, filesystem writes.
- Imported dependency areas include: `helpers`, `helpers.api`, `helpers.file_browser`, `mimetypes`, `os`.
## Key Concepts
- Important called helpers/classes observed in the source: `FileBrowser`, `browser.get_full_path`, `os.path.isdir`, `os.path.getsize`, `files.is_probably_binary_file`, `mimetypes.guess_type`, `browser.save_text_file`, `error_str.strip`, `Exception`, `os.path.basename`, `error_str.split`, `file.read`, `line.split.strip`, `file_path.startswith`, `content.encode`, `runtime.call_development_function`, `extension.call_extensions_async`, `self._extract_error_message`, `line.split`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

47
api/file_info.py.dox.md Normal file
View file

@ -0,0 +1,47 @@
# file_info.py DOX
## Purpose
- Own the `file_info.py` API endpoint.
- This module handles file info API requests.
- Keep this file-level DOX profile synchronized with `file_info.py` because this directory is intentionally flat.
## Ownership
- `file_info.py` owns the runtime implementation.
- `file_info.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `FileInfoApi` (`ApiHandler`)
- `async process(self, input: Input, request: Request) -> Output`
- `FileInfo` (`TypedDict`)
- Top-level functions:
- `async get_file_info(path: str) -> FileInfo`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `FileInfoApi` is an `ApiHandler`.
- `FileInfoApi` defines `process(...)`.
- Observed side-effect areas: filesystem reads.
- Imported dependency areas include: `helpers`, `helpers.api`, `os`, `typing`.
## Key Concepts
- Important called helpers/classes observed in the source: `files.get_abs_path`, `os.path.exists`, `os.path.dirname`, `os.path.basename`, `runtime.call_development_function`, `os.path.isdir`, `os.path.isfile`, `os.path.islink`, `os.path.getsize`, `os.path.getmtime`, `os.path.getctime`, `os.path.splitext`, `os.stat`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

View file

@ -9,7 +9,7 @@ class GetWorkDirFiles(ApiHandler):
return ["GET"]
async def process(self, input: dict, request: Request) -> dict | Response:
current_path = request.args.get("path", "")
current_path = request.args.get("path", "") or "$WORK_DIR"
if current_path == "$WORK_DIR":
# if runtime.is_development():
# current_path = "work_dir"

View file

@ -0,0 +1,48 @@
# get_work_dir_files.py DOX
## Purpose
- Own the `get_work_dir_files.py` API endpoint.
- This module handles workdir file operations for get work dir files.
- Keep this file-level DOX profile synchronized with `get_work_dir_files.py` because this directory is intentionally flat.
## Ownership
- `get_work_dir_files.py` owns the runtime implementation.
- `get_work_dir_files.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `GetWorkDirFiles` (`ApiHandler`)
- `get_methods(cls)`
- `async process(self, input: dict, request: Request) -> dict | Response`
- Top-level functions:
- `async get_files(path)`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `GetWorkDirFiles` is an `ApiHandler`.
- `GetWorkDirFiles` defines `process(...)`.
- `GetWorkDirFiles` defines `get_methods(...)`.
- Imported dependency areas include: `helpers`, `helpers.api`, `helpers.file_browser`.
## Key Concepts
- Important called helpers/classes observed in the source: `FileBrowser`, `browser.get_files`, `runtime.call_development_function`.
- Empty `path` requests and explicit `$WORK_DIR` requests resolve to the default workdir path before `FileBrowser` is called, so the WebUI never receives an empty startup path for the default file browser view.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

52
api/health.py.dox.md Normal file
View file

@ -0,0 +1,52 @@
# health.py DOX
## Purpose
- Own the `health.py` API endpoint.
- This module reports process health for probes and startup checks.
- Keep this file-level DOX profile synchronized with `health.py` because this directory is intentionally flat.
## Ownership
- `health.py` owns the runtime implementation.
- `health.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `HealthCheck` (`ApiHandler`)
- `requires_auth(cls) -> bool`
- `requires_csrf(cls) -> bool`
- `get_methods(cls) -> list[str]`
- `async process(self, input: dict, request: Request) -> dict | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `HealthCheck` is an `ApiHandler`.
- `HealthCheck` defines `process(...)`.
- `HealthCheck` defines `get_methods(...)`.
- `HealthCheck` defines `requires_auth(...)`.
- `HealthCheck` defines `requires_csrf(...)`.
- Imported dependency areas include: `helpers`, `helpers.api`.
## Key Concepts
- Important called helpers/classes observed in the source: `git.get_git_info`, `errors.error_text`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- Related tests observed by source search:
- `tests/test_oauth_providers.py`
- `tests/test_office_document_store.py`
- `tests/test_self_update_tag_filter.py`
## Child DOX Index
No child DOX files.

44
api/history_get.py.dox.md Normal file
View file

@ -0,0 +1,44 @@
# history_get.py DOX
## Purpose
- Own the `history_get.py` API endpoint.
- This module handles history get API requests.
- Keep this file-level DOX profile synchronized with `history_get.py` because this directory is intentionally flat.
## Ownership
- `history_get.py` owns the runtime implementation.
- `history_get.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `GetHistory` (`ApiHandler`)
- `async process(self, input: dict, request: Request) -> dict | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `GetHistory` is an `ApiHandler`.
- `GetHistory` defines `process(...)`.
- Observed side-effect areas: secret handling.
- Imported dependency areas include: `helpers.api`.
## Key Concepts
- Important called helpers/classes observed in the source: `self.use_context`, `agent.history.output_text`, `agent.history.get_tokens`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

53
api/image_get.py.dox.md Normal file
View file

@ -0,0 +1,53 @@
# image_get.py DOX
## Purpose
- Own the `image_get.py` API endpoint.
- This module serves allowed image references and fallback file-type icons.
- Keep this file-level DOX profile synchronized with `image_get.py` because this directory is intentionally flat.
## Ownership
- `image_get.py` owns the runtime implementation.
- `image_get.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `ImageGet` (`ApiHandler`)
- `get_methods(cls) -> list[str]`
- `async process(self, input: dict, request: Request) -> dict | Response`
- Top-level functions:
- `_resolve_allowed_image_path(path: str) -> str`: Resolve a requested image path and keep it inside Agent Zero's base dir.
- `_set_image_headers(response: Response, filename: str, file_ext: str) -> None`
- `_send_file_type_icon(file_ext, filename=...)`: Return appropriate icon for file type
- `_send_fallback_icon(icon_name)`: Return fallback icon from public directory
- Notable constants/configuration names: `IMAGE_EXTENSIONS`, `SVG_EXTENSIONS`, `SVG_CONTENT_SECURITY_POLICY`.
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `ImageGet` is an `ApiHandler`.
- `ImageGet` defines `process(...)`.
- `ImageGet` defines `get_methods(...)`.
- Observed side-effect areas: filesystem reads, network calls, subprocess/runtime control, settings/state persistence.
- Imported dependency areas include: `base64`, `helpers`, `helpers.api`, `io`, `mimetypes`, `os`, `pathlib`, `urllib.parse`.
## Key Concepts
- Important called helpers/classes observed in the source: `runtime.is_development`, `Path.resolve`, `candidate.resolve`, `quote`, `_send_fallback_icon`, `files.get_abs_path`, `send_file`, `os.path.splitext.lower`, `os.path.basename`, `Path`, `candidate.is_absolute`, `resolved.relative_to`, `os.path.exists`, `ValueError`, `_set_image_headers`, `_send_file_type_icon`, `files.fix_dev_path`, `_resolve_allowed_image_path`, `files.exists`, `files.get_base_dir`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- Related tests observed by source search:
- `tests/test_image_get_security.py`
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,44 @@
# load_webui_extensions.py DOX
## Purpose
- Own the `load_webui_extensions.py` API endpoint.
- This module returns frontend extension manifests/files for a WebUI extension point.
- Keep this file-level DOX profile synchronized with `load_webui_extensions.py` because this directory is intentionally flat.
## Ownership
- `load_webui_extensions.py` owns the runtime implementation.
- `load_webui_extensions.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `LoadWebuiExtensions` (`ApiHandler`)
- `async process(self, input: dict, request: Request) -> dict | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `LoadWebuiExtensions` is an `ApiHandler`.
- `LoadWebuiExtensions` defines `process(...)`.
- Imported dependency areas include: `helpers`, `helpers.api`.
## Key Concepts
- Important called helpers/classes observed in the source: `extension.get_webui_extensions`, `Response`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- Related tests observed by source search:
- `tests/test_webui_extension_surfaces.py`
## Child DOX Index
No child DOX files.

47
api/logout.py.dox.md Normal file
View file

@ -0,0 +1,47 @@
# logout.py DOX
## Purpose
- Own the `logout.py` API endpoint.
- This module clears login/session state for the current client.
- Keep this file-level DOX profile synchronized with `logout.py` because this directory is intentionally flat.
## Ownership
- `logout.py` owns the runtime implementation.
- `logout.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `ApiLogout` (`ApiHandler`)
- `requires_auth(cls) -> bool`
- `async process(self, input: dict, request: Request) -> dict`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `ApiLogout` is an `ApiHandler`.
- `ApiLogout` defines `process(...)`.
- `ApiLogout` defines `requires_auth(...)`.
- Observed side-effect areas: secret handling.
- Imported dependency areas include: `helpers.api`.
## Key Concepts
- Important called helpers/classes observed in the source: `session.clear`, `session.pop`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- Related tests observed by source search:
- `tests/test_office_document_store.py`
## Child DOX Index
No child DOX files.

View file

@ -9,9 +9,11 @@ class McpServerGetDetail(ApiHandler):
# try:
server_name = input.get("server_name")
project_name = str(input.get("project_name", "") or "").strip()
if not server_name:
return {"success": False, "error": "Missing server_name"}
detail = MCPConfig.get_instance().get_server_detail(server_name)
config = MCPConfig.get_project_instance(project_name) if project_name else MCPConfig.get_instance()
detail = config.get_server_detail(server_name)
return {"success": True, "detail": detail}
# except Exception as e:
# return {"success": False, "error": str(e)}

View file

@ -0,0 +1,45 @@
# mcp_server_get_detail.py DOX
## Purpose
- Own the `mcp_server_get_detail.py` API endpoint.
- This module handles MCP server detail requests for global or project scope.
- Keep this file-level DOX profile synchronized with `mcp_server_get_detail.py` because this directory is intentionally flat.
## Ownership
- `mcp_server_get_detail.py` owns the runtime implementation.
- `mcp_server_get_detail.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `McpServerGetDetail` (`ApiHandler`)
- `async process(self, input: dict[Any, Any], request: Request) -> dict[Any, Any] | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- The request accepts `server_name` and optional `project_name`; when `project_name` is present, detail resolves through the project-scoped MCP configuration.
- Detail responses include the server tools visible to the manager UI. Tools disabled through a server `disabled_tools` config list remain present in this detail list with a `disabled` flag so the UI can re-enable them.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `McpServerGetDetail` is an `ApiHandler`.
- `McpServerGetDetail` defines `process(...)`.
- Imported dependency areas include: `helpers.api`, `helpers.mcp_handler`, `typing`.
## Key Concepts
- Important called helpers/classes observed in the source: `MCPConfig.get_instance.get_server_detail`, `MCPConfig.get_project_instance`, `MCPConfig.get_instance`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

View file

@ -9,9 +9,11 @@ class McpServerGetLog(ApiHandler):
# try:
server_name = input.get("server_name")
project_name = str(input.get("project_name", "") or "").strip()
if not server_name:
return {"success": False, "error": "Missing server_name"}
log = MCPConfig.get_instance().get_server_log(server_name)
config = MCPConfig.get_project_instance(project_name) if project_name else MCPConfig.get_instance()
log = config.get_server_log(server_name)
return {"success": True, "log": log}
# except Exception as e:
# return {"success": False, "error": str(e)}

View file

@ -0,0 +1,44 @@
# mcp_server_get_log.py DOX
## Purpose
- Own the `mcp_server_get_log.py` API endpoint.
- This module handles MCP server log requests for global or project scope.
- Keep this file-level DOX profile synchronized with `mcp_server_get_log.py` because this directory is intentionally flat.
## Ownership
- `mcp_server_get_log.py` owns the runtime implementation.
- `mcp_server_get_log.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `McpServerGetLog` (`ApiHandler`)
- `async process(self, input: dict[Any, Any], request: Request) -> dict[Any, Any] | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- The request accepts `server_name` and optional `project_name`; when `project_name` is present, logs resolve through the project-scoped MCP configuration.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `McpServerGetLog` is an `ApiHandler`.
- `McpServerGetLog` defines `process(...)`.
- Imported dependency areas include: `helpers.api`, `helpers.mcp_handler`, `typing`.
## Key Concepts
- Important called helpers/classes observed in the source: `MCPConfig.get_instance.get_server_log`, `MCPConfig.get_project_instance`, `MCPConfig.get_instance`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

232
api/mcp_server_scan.py Normal file
View file

@ -0,0 +1,232 @@
import asyncio
from shutil import which
from typing import Any
from urllib.parse import urlparse
from helpers.api import ApiHandler, Request, Response
from helpers.mcp_handler import MCPConfig, normalize_name
_PROMPT_INJECTION_MARKERS = (
"ignore previous",
"ignore all previous",
"system prompt",
"developer message",
"hidden instruction",
"exfiltrate",
"leak secret",
"credential",
)
class McpServerScan(ApiHandler):
async def process(self, input: dict[Any, Any], request: Request) -> dict[Any, Any] | Response:
server = dict(input.get("server") or {})
allow_local_execution = bool(input.get("allow_local_execution", False))
allow_remote_network = bool(input.get("allow_remote_network", False))
inspect_runtime = input.get("inspect_runtime", True) is not False
server = self._normalize_server(server)
warnings = self._static_warnings(server)
is_local = not (server.get("url") or server.get("serverUrl"))
has_static_errors = any(warning.get("level") == "error" for warning in warnings)
runtime_status: list[dict[str, Any]] = []
runtime_detail: dict[str, Any] = {}
runtime_error = ""
should_inspect_runtime = (
inspect_runtime
and not has_static_errors
and ((is_local and allow_local_execution) or (not is_local and allow_remote_network))
)
if should_inspect_runtime:
try:
scan_config = await asyncio.to_thread(
lambda: MCPConfig(servers_list=[server], config_scope="scan")
)
runtime_status = scan_config.get_servers_status()
runtime_detail = scan_config.get_server_detail(server.get("name", ""))
warnings.extend(self._tool_warnings(runtime_detail.get("tools", [])))
except Exception as exc:
runtime_error = str(exc)
warnings.append(
{
"level": "error",
"title": "Runtime inspection failed",
"message": runtime_error,
}
)
elif is_local and inspect_runtime:
warnings.append(
{
"level": "warning",
"title": "Local command not executed",
"message": "Local stdio MCP inspection requires explicit trust because it runs the configured command.",
}
)
elif not is_local and inspect_runtime and has_static_errors:
warnings.append(
{
"level": "info",
"title": "Runtime inspection skipped",
"message": "Fix static scan errors before attempting runtime MCP inspection.",
}
)
elif not is_local and inspect_runtime:
warnings.append(
{
"level": "info",
"title": "Remote runtime inspection skipped",
"message": "Enable trusted remote inspection to contact the MCP URL and list exposed tools.",
}
)
return {
"success": True,
"server": self._redact_server(server),
"risk_level": self._risk_level(warnings),
"warnings": warnings,
"status": runtime_status,
"detail": runtime_detail,
"runtime_error": runtime_error,
}
def _normalize_server(self, server: dict[str, Any]) -> dict[str, Any]:
name = str(server.get("name") or "").strip()
url = str(server.get("url") or server.get("serverUrl") or "").strip()
command = str(server.get("command") or "").strip()
if not name:
name = self._derive_name(url, command)
server["name"] = normalize_name(name or "mcp_server")
if url:
server["url"] = url
server.setdefault("type", "streamable-http")
elif command:
server["command"] = command
server["type"] = "stdio"
return server
def _derive_name(self, url: str, command: str) -> str:
if url:
parsed = urlparse(url)
parts = [part for part in parsed.path.split("/") if part]
return parts[-1] if parts else parsed.hostname or "remote_mcp"
if command:
return command.rsplit("/", 1)[-1]
return "mcp_server"
def _static_warnings(self, server: dict[str, Any]) -> list[dict[str, str]]:
warnings: list[dict[str, str]] = []
url = str(server.get("url") or "").strip()
command = str(server.get("command") or "").strip()
if url:
parsed = urlparse(url)
if parsed.scheme not in {"http", "https"}:
warnings.append(
{
"level": "error",
"title": "Unsupported URL scheme",
"message": "Remote MCP URLs should use http or https.",
}
)
elif parsed.scheme == "http" and parsed.hostname not in {"localhost", "127.0.0.1", "::1"}:
warnings.append(
{
"level": "warning",
"title": "Unencrypted remote URL",
"message": "Prefer HTTPS for remote MCP servers outside localhost.",
}
)
if not parsed.netloc:
warnings.append(
{
"level": "error",
"title": "Invalid remote URL",
"message": "The remote MCP URL is missing a host.",
}
)
elif command:
if which(command) is None:
warnings.append(
{
"level": "warning",
"title": "Command not found",
"message": f"'{command}' is not currently available on PATH.",
}
)
if command in {"bash", "sh", "zsh", "fish", "python", "python3", "node"}:
warnings.append(
{
"level": "warning",
"title": "General-purpose interpreter",
"message": "Review the command and arguments carefully before running this local MCP server.",
}
)
else:
warnings.append(
{
"level": "error",
"title": "Missing connection target",
"message": "Provide either a remote URL or a local command.",
}
)
if isinstance(server.get("headers"), dict) and server["headers"]:
warnings.append(
{
"level": "info",
"title": "Headers configured",
"message": "Header values are redacted in scan output. Keep tokens in trusted settings only.",
}
)
if isinstance(server.get("env"), dict) and server["env"]:
warnings.append(
{
"level": "info",
"title": "Environment configured",
"message": "Environment values are redacted in scan output. Avoid hardcoding secrets in MCP configs.",
}
)
return warnings
def _tool_warnings(self, tools: Any) -> list[dict[str, str]]:
warnings: list[dict[str, str]] = []
if not isinstance(tools, list):
return warnings
for tool in tools:
if not isinstance(tool, dict):
continue
haystack = f"{tool.get('name', '')}\n{tool.get('description', '')}".lower()
if any(marker in haystack for marker in _PROMPT_INJECTION_MARKERS):
warnings.append(
{
"level": "warning",
"title": "Suspicious tool description",
"message": f"Review tool '{tool.get('name', 'unknown')}' for prompt-injection style language.",
}
)
return warnings
def _redact_server(self, server: dict[str, Any]) -> dict[str, Any]:
redacted = dict(server)
for key in ("headers", "env"):
if isinstance(redacted.get(key), dict):
redacted[key] = {name: "***" for name in redacted[key]}
return redacted
def _risk_level(self, warnings: list[dict[str, str]]) -> str:
levels = {warning.get("level", "info") for warning in warnings}
if "error" in levels:
return "error"
if "warning" in levels:
return "warning"
return "ok"

View file

@ -0,0 +1,45 @@
# mcp_server_scan.py DOX
## Purpose
- Own the `mcp_server_scan.py` API endpoint.
- Provide static and optional runtime inspection for a single MCP server draft before it is added to global or project MCP config.
- Keep this file-level DOX profile synchronized with `mcp_server_scan.py` because this directory is intentionally flat.
## Ownership
- `mcp_server_scan.py` owns the runtime implementation.
- `mcp_server_scan.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `McpServerScan` (`ApiHandler`)
- `async process(self, input: dict[Any, Any], request: Request) -> dict[Any, Any] | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- The request accepts a `server` draft object, `inspect_runtime`, `allow_remote_network`, and `allow_local_execution`.
- Remote runtime inspection may contact the configured MCP URL to list tools only when `allow_remote_network` is true and static checks have no errors.
- Local stdio runtime inspection must not execute unless `allow_local_execution` is true.
- Response data redacts `headers` and `env` values.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- Imported dependency areas include: `asyncio`, `helpers.api`, `helpers.mcp_handler`, `shutil`, `typing`, `urllib.parse`.
## Key Concepts
- Static checks report invalid URLs, non-HTTPS remote URLs, missing local commands, interpreter-style local commands, headers/env presence, and obvious prompt-injection markers in inspected tool descriptions.
- Static errors skip runtime inspection; remote network inspection and local command execution both require explicit trust flags.
- Runtime inspection creates a temporary `MCPConfig` in a worker thread so stdio/remote tool listing does not call `asyncio.run()` inside the request event loop.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Do not return secret values, raw environment values, or private files.
- Keep scanner warnings explicit about local command execution risk.
## Verification
- Run endpoint-specific or MCP helper tests for changed behavior; smoke-test remote URL and local-command scan paths when practical.
## Child DOX Index
No child DOX files.

View file

@ -5,20 +5,27 @@ from typing import Any
from helpers.mcp_handler import MCPConfig
from helpers.settings import set_settings_delta
from helpers import projects
class McpServersApply(ApiHandler):
async def process(self, input: dict[Any, Any], request: Request) -> dict[Any, Any] | Response:
mcp_servers = input["mcp_servers"]
project_name = str(input.get("project_name", "") or "").strip()
try:
# MCPConfig.update(mcp_servers) # done in settings automatically
set_settings_delta({"mcp_servers": "[]"}) # to force reinitialization
set_settings_delta({"mcp_servers": mcp_servers})
if project_name:
projects.save_project_mcp_servers(project_name, mcp_servers)
config = MCPConfig.refresh_project(project_name)
else:
# MCPConfig.update(mcp_servers) # done in settings automatically
set_settings_delta({"mcp_servers": "[]"}) # to force reinitialization
set_settings_delta({"mcp_servers": mcp_servers})
time.sleep(1) # wait at least a second
# MCPConfig.wait_for_lock() # wait until config lock is released
status = MCPConfig.get_instance().get_servers_status()
return {"success": True, "status": status}
time.sleep(1) # wait at least a second
# MCPConfig.wait_for_lock() # wait until config lock is released
config = MCPConfig.get_instance()
status = config.get_servers_status()
return {"success": True, "status": status, "mcp_servers": mcp_servers, "project_name": project_name}
except Exception as e:
return {"success": False, "error": str(e)}

View file

@ -0,0 +1,47 @@
# mcp_servers_apply.py DOX
## Purpose
- Own the `mcp_servers_apply.py` API endpoint.
- This module handles MCP servers apply requests for global or project scope.
- Keep this file-level DOX profile synchronized with `mcp_servers_apply.py` because this directory is intentionally flat.
## Ownership
- `mcp_servers_apply.py` owns the runtime implementation.
- `mcp_servers_apply.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `McpServersApply` (`ApiHandler`)
- `async process(self, input: dict[Any, Any], request: Request) -> dict[Any, Any] | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- The request accepts `config` and optional `project_name`.
- Without `project_name`, the endpoint persists global `mcp_servers_config` through settings and refreshes the global `MCPConfig`.
- With `project_name`, the endpoint saves `.a0proj/mcp_servers.json` through `helpers.projects.save_project_mcp_servers(...)` and refreshes that project's merged MCP config.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `McpServersApply` is an `ApiHandler`.
- `McpServersApply` defines `process(...)`.
- Observed side-effect areas: filesystem writes, settings/state persistence.
- Imported dependency areas include: `helpers.api`, `helpers.mcp_handler`, `helpers.projects`, `helpers.settings`, `time`, `typing`.
## Key Concepts
- Important called helpers/classes observed in the source: `set_settings_delta`, `projects.save_project_mcp_servers`, `MCPConfig.refresh_project`, `time.sleep`, `MCPConfig.get_instance.get_servers_status`, `MCPConfig.get_instance`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

View file

@ -9,7 +9,9 @@ class McpServersStatuss(ApiHandler):
async def process(self, input: dict[Any, Any], request: Request) -> dict[Any, Any] | Response:
# try:
status = MCPConfig.get_instance().get_servers_status()
project_name = (input or {}).get("project_name") if isinstance(input, dict) else None
config = MCPConfig.get_project_instance(project_name) if project_name else MCPConfig.get_instance()
status = config.get_servers_status()
return {"success": True, "status": status}
# except Exception as e:
# return {"success": False, "error": str(e)}

View file

@ -0,0 +1,45 @@
# mcp_servers_status.py DOX
## Purpose
- Own the `mcp_servers_status.py` API endpoint.
- This module handles MCP servers status requests for global or project scope.
- Keep this file-level DOX profile synchronized with `mcp_servers_status.py` because this directory is intentionally flat.
## Ownership
- `mcp_servers_status.py` owns the runtime implementation.
- `mcp_servers_status.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `McpServersStatuss` (`ApiHandler`)
- `async process(self, input: dict[Any, Any], request: Request) -> dict[Any, Any] | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- The request accepts optional `project_name`; when present, status resolves through the merged project-scoped MCP configuration.
- `tool_count` reports enabled MCP tools only; tools disabled by a server `disabled_tools` list stay hidden from agent-facing status counts.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `McpServersStatuss` is an `ApiHandler`.
- `McpServersStatuss` defines `process(...)`.
- Imported dependency areas include: `helpers.api`, `helpers.mcp_handler`, `typing`.
## Key Concepts
- Important called helpers/classes observed in the source: `MCPConfig.get_instance.get_servers_status`, `MCPConfig.get_project_instance`, `MCPConfig.get_instance`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

54
api/message.py.dox.md Normal file
View file

@ -0,0 +1,54 @@
# message.py DOX
## Purpose
- Own the `message.py` API endpoint.
- This module submits a user message and runs agent processing synchronously through the UI API.
- Keep this file-level DOX profile synchronized with `message.py` because this directory is intentionally flat.
## Ownership
- `message.py` owns the runtime implementation.
- `message.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `Message` (`ApiHandler`)
- `async process(self, input: dict, request: Request) -> dict | Response`
- `async respond(self, task: DeferredTask, context: AgentContext)`
- `async communicate(self, input: dict, request: Request)`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `Message` is an `ApiHandler`.
- `Message` defines `process(...)`.
- Observed side-effect areas: filesystem reads, filesystem writes, settings/state persistence, scheduler state.
- Imported dependency areas include: `agent`, `helpers`, `helpers.api`, `helpers.defer`, `helpers.security`, `os`.
## Key Concepts
- Important called helpers/classes observed in the source: `request.content_type.startswith`, `self.use_context`, `mq.log_user_message`, `self.communicate`, `self.respond`, `task.result`, `request.files.getlist`, `files.get_abs_path`, `request.get_json`, `extension.call_extensions_async`, `context.communicate`, `os.makedirs`, `UserMessage`, `safe_filename`, `attachment.save`, `context.get_agent`, `os.path.join`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- Related tests observed by source search:
- `tests/email_parser_test.py`
- `tests/rate_limiter_test.py`
- `tests/test_api_chat_lifetime.py`
- `tests/test_browser_agent_regressions.py`
- `tests/test_chat_compaction.py`
- `tests/test_docker_release_plan.py`
- `tests/test_document_query_fallback.py`
- `tests/test_download_toast_regressions.py`
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,42 @@
# message_async.py DOX
## Purpose
- Own the `message_async.py` API endpoint.
- This module submits a user message for asynchronous agent processing.
- Keep this file-level DOX profile synchronized with `message_async.py` because this directory is intentionally flat.
## Ownership
- `message_async.py` owns the runtime implementation.
- `message_async.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `MessageAsync` (`Message`)
- `async respond(self, task: DeferredTask, context: AgentContext)`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- Observed side-effect areas: scheduler state.
- Imported dependency areas include: `agent`, `api.message`, `helpers.defer`.
## Key Concepts
- This module is primarily declarative or delegates behavior through classes/imported objects.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,44 @@
# message_queue_add.py DOX
## Purpose
- Own the `message_queue_add.py` API endpoint.
- This module handles message queue add API requests.
- Keep this file-level DOX profile synchronized with `message_queue_add.py` because this directory is intentionally flat.
## Ownership
- `message_queue_add.py` owns the runtime implementation.
- `message_queue_add.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `MessageQueueAdd` (`ApiHandler`)
- `async process(self, input: dict, request: Request) -> dict | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `MessageQueueAdd` is an `ApiHandler`.
- `MessageQueueAdd` defines `process(...)`.
- Observed side-effect areas: settings/state persistence.
- Imported dependency areas include: `agent`, `helpers`, `helpers.api`, `helpers.state_monitor_integration`.
## Key Concepts
- Important called helpers/classes observed in the source: `input.get.strip`, `mq.add`, `mark_dirty_for_context`, `Response`, `mq.get_queue`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,44 @@
# message_queue_remove.py DOX
## Purpose
- Own the `message_queue_remove.py` API endpoint.
- This module handles message queue remove API requests.
- Keep this file-level DOX profile synchronized with `message_queue_remove.py` because this directory is intentionally flat.
## Ownership
- `message_queue_remove.py` owns the runtime implementation.
- `message_queue_remove.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `MessageQueueRemove` (`ApiHandler`)
- `async process(self, input: dict, request: Request) -> dict | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `MessageQueueRemove` is an `ApiHandler`.
- `MessageQueueRemove` defines `process(...)`.
- Observed side-effect areas: filesystem deletion, settings/state persistence.
- Imported dependency areas include: `agent`, `helpers`, `helpers.api`, `helpers.state_monitor_integration`.
## Key Concepts
- Important called helpers/classes observed in the source: `mq.remove`, `mark_dirty_for_context`, `Response`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,44 @@
# message_queue_send.py DOX
## Purpose
- Own the `message_queue_send.py` API endpoint.
- This module handles message queue send API requests.
- Keep this file-level DOX profile synchronized with `message_queue_send.py` because this directory is intentionally flat.
## Ownership
- `message_queue_send.py` owns the runtime implementation.
- `message_queue_send.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `MessageQueueSend` (`ApiHandler`)
- `async process(self, input: dict, request: Request) -> dict | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `MessageQueueSend` is an `ApiHandler`.
- `MessageQueueSend` defines `process(...)`.
- Observed side-effect areas: settings/state persistence.
- Imported dependency areas include: `agent`, `helpers`, `helpers.api`, `helpers.state_monitor_integration`.
## Key Concepts
- Important called helpers/classes observed in the source: `mq.send_message`, `mark_dirty_for_context`, `Response`, `mq.has_queue`, `mq.send_all_aggregated`, `mq.pop_item`, `mq.pop_first`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,46 @@
# notification_create.py DOX
## Purpose
- Own the `notification_create.py` API endpoint.
- This module handles notification notification create requests.
- Keep this file-level DOX profile synchronized with `notification_create.py` because this directory is intentionally flat.
## Ownership
- `notification_create.py` owns the runtime implementation.
- `notification_create.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `NotificationCreate` (`ApiHandler`)
- `requires_auth(cls) -> bool`
- `async process(self, input: dict, request: Request) -> dict | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `NotificationCreate` is an `ApiHandler`.
- `NotificationCreate` defines `process(...)`.
- `NotificationCreate` defines `requires_auth(...)`.
- Imported dependency areas include: `flask`, `helpers.api`, `helpers.notification`.
## Key Concepts
- Important called helpers/classes observed in the source: `NotificationManager.send_notification`, `NotificationType`, `notification.output`, `notification_type.lower`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- Related tests observed by source search:
- `tests/test_download_toast_regressions.py`
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,45 @@
# notifications_clear.py DOX
## Purpose
- Own the `notifications_clear.py` API endpoint.
- This module handles notification notifications clear requests.
- Keep this file-level DOX profile synchronized with `notifications_clear.py` because this directory is intentionally flat.
## Ownership
- `notifications_clear.py` owns the runtime implementation.
- `notifications_clear.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `NotificationsClear` (`ApiHandler`)
- `requires_auth(cls) -> bool`
- `async process(self, input: dict, request: Request) -> dict | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `NotificationsClear` is an `ApiHandler`.
- `NotificationsClear` defines `process(...)`.
- `NotificationsClear` defines `requires_auth(...)`.
- Imported dependency areas include: `agent`, `flask`, `helpers.api`.
## Key Concepts
- Important called helpers/classes observed in the source: `AgentContext.get_notification_manager`, `notification_manager.clear_all`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,45 @@
# notifications_history.py DOX
## Purpose
- Own the `notifications_history.py` API endpoint.
- This module handles notification notifications history requests.
- Keep this file-level DOX profile synchronized with `notifications_history.py` because this directory is intentionally flat.
## Ownership
- `notifications_history.py` owns the runtime implementation.
- `notifications_history.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `NotificationsHistory` (`ApiHandler`)
- `requires_auth(cls) -> bool`
- `async process(self, input: dict, request: Request) -> dict | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `NotificationsHistory` is an `ApiHandler`.
- `NotificationsHistory` defines `process(...)`.
- `NotificationsHistory` defines `requires_auth(...)`.
- Imported dependency areas include: `agent`, `flask`, `helpers.api`.
## Key Concepts
- Important called helpers/classes observed in the source: `AgentContext.get_notification_manager`, `notification_manager.output_all`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,45 @@
# notifications_mark_read.py DOX
## Purpose
- Own the `notifications_mark_read.py` API endpoint.
- This module handles notification notifications mark read requests.
- Keep this file-level DOX profile synchronized with `notifications_mark_read.py` because this directory is intentionally flat.
## Ownership
- `notifications_mark_read.py` owns the runtime implementation.
- `notifications_mark_read.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `NotificationsMarkRead` (`ApiHandler`)
- `requires_auth(cls) -> bool`
- `async process(self, input: dict, request: Request) -> dict | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `NotificationsMarkRead` is an `ApiHandler`.
- `NotificationsMarkRead` defines `process(...)`.
- `NotificationsMarkRead` defines `requires_auth(...)`.
- Imported dependency areas include: `agent`, `flask`, `helpers.api`.
## Key Concepts
- Important called helpers/classes observed in the source: `AgentContext.get_notification_manager`, `notification_manager.mark_read_by_ids`, `notification_manager.mark_all_read`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

44
api/nudge.py.dox.md Normal file
View file

@ -0,0 +1,44 @@
# nudge.py DOX
## Purpose
- Own the `nudge.py` API endpoint.
- This module handles nudge API requests.
- Keep this file-level DOX profile synchronized with `nudge.py` because this directory is intentionally flat.
## Ownership
- `nudge.py` owns the runtime implementation.
- `nudge.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `Nudge` (`ApiHandler`)
- `async process(self, input: dict, request: Request) -> dict | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `Nudge` is an `ApiHandler`.
- `Nudge` defines `process(...)`.
- Imported dependency areas include: `helpers.api`.
## Key Concepts
- Important called helpers/classes observed in the source: `self.use_context`, `context.nudge`, `context.log.log`, `Exception`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- Related tests observed by source search:
- `tests/test_browser_agent_regressions.py`
## Child DOX Index
No child DOX files.

45
api/pause.py.dox.md Normal file
View file

@ -0,0 +1,45 @@
# pause.py DOX
## Purpose
- Own the `pause.py` API endpoint.
- This module handles pause API requests.
- Keep this file-level DOX profile synchronized with `pause.py` because this directory is intentionally flat.
## Ownership
- `pause.py` owns the runtime implementation.
- `pause.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `Pause` (`ApiHandler`)
- `async process(self, input: dict, request: Request) -> dict | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `Pause` is an `ApiHandler`.
- `Pause` defines `process(...)`.
- Imported dependency areas include: `helpers.api`.
## Key Concepts
- Important called helpers/classes observed in the source: `self.use_context`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- Related tests observed by source search:
- `tests/test_multi_tab_isolation.py`
- `tests/test_snapshot_schema_v1.py`
## Child DOX Index
No child DOX files.

52
api/plugins.py.dox.md Normal file
View file

@ -0,0 +1,52 @@
# plugins.py DOX
## Purpose
- Own the `plugins.py` API endpoint.
- This module manages plugin actions and plugin settings through the core API.
- Keep this file-level DOX profile synchronized with `plugins.py` because this directory is intentionally flat.
## Ownership
- `plugins.py` owns the runtime implementation.
- `plugins.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `Plugins` (`ApiHandler`)
- `async process(self, input: dict, request: Request) -> dict | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `Plugins` is an `ApiHandler`.
- `Plugins` defines `process(...)`.
- Observed side-effect areas: filesystem reads, filesystem writes, filesystem deletion, subprocess/runtime control, plugin state, settings/state persistence.
- Imported dependency areas include: `helpers`, `helpers.api`, `helpers.localization`, `json`, `os`, `subprocess`, `sys`.
## Key Concepts
- Important called helpers/classes observed in the source: `Response`, `plugins.find_plugin_assets`, `plugins.get_plugin_meta`, `plugins.get_default_plugin_config`, `plugins.save_plugin_config`, `plugins.toggle_plugin`, `plugins.find_plugin_dir`, `files.get_abs_path`, `Localization.get.now_iso`, `plugins.determine_plugin_asset_path`, `self._get_config`, `self._get_toggle_status`, `self._list_configs`, `self._delete_config`, `self._delete_plugin`, `self._get_default_config`, `self._save_config`, `self._toggle_plugin`, `self._get_doc`, `self._run_execute_script`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- Related tests observed by source search:
- `tests/test_a0_connector_computer_use_metadata.py`
- `tests/test_a0_connector_prompt_gating.py`
- `tests/test_browser_agent_regressions.py`
- `tests/test_chat_compaction.py`
- `tests/test_default_prompt_budget.py`
- `tests/test_document_query_plugin.py`
- `tests/test_error_retry_plugin.py`
- `tests/test_host_browser_connector.py`
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,46 @@
# plugins_list.py DOX
## Purpose
- Own the `plugins_list.py` API endpoint.
- This module returns plugin inventory and activation metadata for plugin UI surfaces.
- Keep this file-level DOX profile synchronized with `plugins_list.py` because this directory is intentionally flat.
## Ownership
- `plugins_list.py` owns the runtime implementation.
- `plugins_list.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `PluginsList` (`ApiHandler`)
- `async process(self, input: Input, request: Request) -> Output`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `PluginsList` is an `ApiHandler`.
- `PluginsList` defines `process(...)`.
- Observed side-effect areas: plugin state, settings/state persistence.
- Imported dependency areas include: `helpers`, `helpers.api`.
## Key Concepts
- Important called helpers/classes observed in the source: `plugins.get_enhanced_plugins_list`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- Related tests observed by source search:
- `tests/test_plugin_activation_ui.py`
- `tests/test_speech_plugin_split.py`
## Child DOX Index
No child DOX files.

52
api/poll.py.dox.md Normal file
View file

@ -0,0 +1,52 @@
# poll.py DOX
## Purpose
- Own the `poll.py` API endpoint.
- This module returns chat/log/status changes for polling clients.
- Keep this file-level DOX profile synchronized with `poll.py` because this directory is intentionally flat.
## Ownership
- `poll.py` owns the runtime implementation.
- `poll.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `Poll` (`ApiHandler`)
- `async process(self, input: dict, request: Request) -> dict | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `Poll` is an `ApiHandler`.
- `Poll` defines `process(...)`.
- Observed side-effect areas: settings/state persistence.
- Imported dependency areas include: `helpers.api`, `helpers.state_snapshot`.
## Key Concepts
- Important called helpers/classes observed in the source: `build_snapshot`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- Related tests observed by source search:
- `tests/test_multi_tab_isolation.py`
- `tests/test_oauth_github_copilot.py`
- `tests/test_oauth_providers.py`
- `tests/test_office_document_store.py`
- `tests/test_snapshot_parity.py`
- `tests/test_snapshot_schema_v1.py`
- `tests/test_timezone_regressions.py`
- `tests/test_tunnel_remote_link.py`
## Child DOX Index
No child DOX files.

59
api/projects.py.dox.md Normal file
View file

@ -0,0 +1,59 @@
# projects.py DOX
## Purpose
- Own the `projects.py` API endpoint.
- This module manages project create, update, delete, clone, and metadata flows.
- Keep this file-level DOX profile synchronized with `projects.py` because this directory is intentionally flat.
## Ownership
- `projects.py` owns the runtime implementation.
- `projects.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `Projects` (`ApiHandler`)
- `async process(self, input: Input, request: Request) -> Output`
- `get_active_projects_list(self)`
- `get_active_projects_options(self)`
- `create_project(self, project: dict | None)`
- `clone_project(self, project: dict | None)`
- `load_project(self, name: str | None)`
- `update_project(self, project: dict | None)`
- `delete_project(self, name: str | None)`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `Projects` is an `ApiHandler`.
- `Projects` defines `process(...)`.
- Observed side-effect areas: filesystem deletion, settings/state persistence.
- Imported dependency areas include: `helpers`, `helpers.api`, `helpers.notification`.
## Key Concepts
- Important called helpers/classes observed in the source: `projects.get_active_projects_list`, `projects.BasicProjectData`, `projects.create_project`, `projects.load_edit_project_data`, `NotificationManager.send_notification`, `projects.EditProjectData`, `projects.update_project`, `projects.delete_project`, `projects.activate_project`, `projects.deactivate_project`, `projects.load_basic_project_data`, `projects.get_file_structure`, `self.use_context`, `Exception`, `projects.clone_git_project`, `self.get_active_projects_list`, `self.get_active_projects_options`, `self.load_project`, `self.create_project`, `self.clone_project`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- Related tests observed by source search:
- `tests/test_model_config_project_presets.py`
- `tests/test_office_document_store.py`
- `tests/test_plugin_activation_ui.py`
- `tests/test_projects.py`
- `tests/test_skills_runtime.py`
- `tests/test_task_scheduler_timezone.py`
- `tests/test_time_travel.py`
- `tests/test_tool_action_contracts.py`
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,47 @@
# rename_work_dir_file.py DOX
## Purpose
- Own the `rename_work_dir_file.py` API endpoint.
- This module handles workdir file operations for rename work dir file.
- Keep this file-level DOX profile synchronized with `rename_work_dir_file.py` because this directory is intentionally flat.
## Ownership
- `rename_work_dir_file.py` owns the runtime implementation.
- `rename_work_dir_file.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `RenameWorkDirFile` (`ApiHandler`)
- `async process(self, input: Input, request: Request) -> Output`
- Top-level functions:
- `async rename_item(file_path: str, new_name: str) -> bool`
- `async create_folder(parent_path: str, folder_name: str) -> bool`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `RenameWorkDirFile` is an `ApiHandler`.
- `RenameWorkDirFile` defines `process(...)`.
- Observed side-effect areas: filesystem writes.
- Imported dependency areas include: `api`, `helpers`, `helpers.api`, `helpers.file_browser`, `posixpath`.
## Key Concepts
- Important called helpers/classes observed in the source: `FileBrowser`, `browser.rename_item`, `browser.create_folder`, `strip`, `runtime.call_development_function`, `posixpath.join`, `file_path.startswith`, `extension.call_extensions_async`, `str.rstrip`, `posixpath.dirname`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

48
api/restart.py.dox.md Normal file
View file

@ -0,0 +1,48 @@
# restart.py DOX
## Purpose
- Own the `restart.py` API endpoint.
- This module requests server restart or reload behavior.
- Keep this file-level DOX profile synchronized with `restart.py` because this directory is intentionally flat.
## Ownership
- `restart.py` owns the runtime implementation.
- `restart.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `Restart` (`ApiHandler`)
- `async process(self, input: dict, request: Request) -> dict | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `Restart` is an `ApiHandler`.
- `Restart` defines `process(...)`.
- Imported dependency areas include: `helpers`, `helpers.api`.
## Key Concepts
- Important called helpers/classes observed in the source: `process.reload`, `Response`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- Related tests observed by source search:
- `tests/test_browser_agent_regressions.py`
- `tests/test_download_toast_regressions.py`
- `tests/test_self_update_tag_filter.py`
- `tests/test_timezone_regressions.py`
- `tests/test_ws_manager.py`
## Child DOX Index
No child DOX files.

47
api/rfc.py.dox.md Normal file
View file

@ -0,0 +1,47 @@
# rfc.py DOX
## Purpose
- Own the `rfc.py` API endpoint.
- This module dispatches remote function calls through the RFC helper layer.
- Keep this file-level DOX profile synchronized with `rfc.py` because this directory is intentionally flat.
## Ownership
- `rfc.py` owns the runtime implementation.
- `rfc.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `RFC` (`ApiHandler`)
- `requires_csrf(cls) -> bool`
- `requires_auth(cls) -> bool`
- `async process(self, input: dict, request: Request) -> dict | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `RFC` is an `ApiHandler`.
- `RFC` defines `process(...)`.
- `RFC` defines `requires_auth(...)`.
- `RFC` defines `requires_csrf(...)`.
- Imported dependency areas include: `helpers`, `helpers.api`.
## Key Concepts
- Important called helpers/classes observed in the source: `runtime.handle_rfc`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,44 @@
# scheduler_task_create.py DOX
## Purpose
- Own the `scheduler_task_create.py` API endpoint.
- This module handles scheduler task create requests.
- Keep this file-level DOX profile synchronized with `scheduler_task_create.py` because this directory is intentionally flat.
## Ownership
- `scheduler_task_create.py` owns the runtime implementation.
- `scheduler_task_create.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `SchedulerTaskCreate` (`ApiHandler`)
- `async process(self, input: Input, request: Request) -> Output`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `SchedulerTaskCreate` is an `ApiHandler`.
- `SchedulerTaskCreate` defines `process(...)`.
- Observed side-effect areas: filesystem writes, secret handling, scheduler state.
- Imported dependency areas include: `helpers.api`, `helpers.localization`, `helpers.print_style`, `helpers.projects`, `helpers.task_scheduler`, `random`.
## Key Concepts
- Important called helpers/classes observed in the source: `PrintStyle`, `scheduler.get_task_by_uuid`, `serialize_task`, `Localization.get.set_timezone`, `scheduler.reload`, `ValueError`, `ScheduledTask.create`, `scheduler.add_task`, `requested_project_slug.strip`, `load_basic_project_data`, `random.randint`, `schedule.split`, `TaskSchedule`, `PlannedTask.create`, `AdHocTask.create`, `printer.error`, `type`, `parse_task_plan`, `parse_task_schedule`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,44 @@
# scheduler_task_delete.py DOX
## Purpose
- Own the `scheduler_task_delete.py` API endpoint.
- This module handles scheduler task delete requests.
- Keep this file-level DOX profile synchronized with `scheduler_task_delete.py` because this directory is intentionally flat.
## Ownership
- `scheduler_task_delete.py` owns the runtime implementation.
- `scheduler_task_delete.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `SchedulerTaskDelete` (`ApiHandler`)
- `async process(self, input: Input, request: Request) -> Output`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `SchedulerTaskDelete` is an `ApiHandler`.
- `SchedulerTaskDelete` defines `process(...)`.
- Observed side-effect areas: filesystem writes, filesystem deletion, settings/state persistence, scheduler state.
- Imported dependency areas include: `agent`, `helpers`, `helpers.api`, `helpers.localization`, `helpers.task_scheduler`.
## Key Concepts
- Important called helpers/classes observed in the source: `scheduler.get_task_by_uuid`, `Localization.get.set_timezone`, `scheduler.reload`, `self.use_context`, `scheduler.cancel_running_task`, `AgentContext.remove`, `persist_chat.remove_chat`, `scheduler.remove_task_by_uuid`, `context.reset`, `scheduler.update_task`, `scheduler.save`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,44 @@
# scheduler_task_run.py DOX
## Purpose
- Own the `scheduler_task_run.py` API endpoint.
- This module handles scheduler task run requests.
- Keep this file-level DOX profile synchronized with `scheduler_task_run.py` because this directory is intentionally flat.
## Ownership
- `scheduler_task_run.py` owns the runtime implementation.
- `scheduler_task_run.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `SchedulerTaskRun` (`ApiHandler`)
- `async process(self, input: Input, request: Request) -> Output`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `SchedulerTaskRun` is an `ApiHandler`.
- `SchedulerTaskRun` defines `process(...)`.
- Observed side-effect areas: settings/state persistence, scheduler state.
- Imported dependency areas include: `helpers.api`, `helpers.localization`, `helpers.print_style`, `helpers.task_scheduler`.
## Key Concepts
- Important called helpers/classes observed in the source: `PrintStyle`, `scheduler.get_task_by_uuid`, `Localization.get.set_timezone`, `scheduler.reload`, `self._printer.error`, `scheduler.serialize_task`, `scheduler.run_task_by_uuid`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,44 @@
# scheduler_task_update.py DOX
## Purpose
- Own the `scheduler_task_update.py` API endpoint.
- This module handles scheduler task update requests.
- Keep this file-level DOX profile synchronized with `scheduler_task_update.py` because this directory is intentionally flat.
## Ownership
- `scheduler_task_update.py` owns the runtime implementation.
- `scheduler_task_update.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `SchedulerTaskUpdate` (`ApiHandler`)
- `async process(self, input: Input, request: Request) -> Output`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `SchedulerTaskUpdate` is an `ApiHandler`.
- `SchedulerTaskUpdate` defines `process(...)`.
- Observed side-effect areas: settings/state persistence, secret handling, scheduler state.
- Imported dependency areas include: `helpers.api`, `helpers.localization`, `helpers.task_scheduler`.
## Key Concepts
- Important called helpers/classes observed in the source: `scheduler.get_task_by_uuid`, `serialize_task`, `Localization.get.set_timezone`, `scheduler.reload`, `TaskState`, `scheduler.update_task`, `parse_task_schedule`, `parse_task_plan`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,44 @@
# scheduler_tasks_list.py DOX
## Purpose
- Own the `scheduler_tasks_list.py` API endpoint.
- This module handles scheduler tasks list requests.
- Keep this file-level DOX profile synchronized with `scheduler_tasks_list.py` because this directory is intentionally flat.
## Ownership
- `scheduler_tasks_list.py` owns the runtime implementation.
- `scheduler_tasks_list.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `SchedulerTasksList` (`ApiHandler`)
- `async process(self, input: Input, request: Request) -> Output`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `SchedulerTasksList` is an `ApiHandler`.
- `SchedulerTasksList` defines `process(...)`.
- Observed side-effect areas: scheduler state.
- Imported dependency areas include: `helpers.api`, `helpers.localization`, `helpers.print_style`, `helpers.task_scheduler`, `traceback`.
## Key Concepts
- Important called helpers/classes observed in the source: `scheduler.serialize_all_tasks`, `Localization.get.set_timezone`, `scheduler.reload`, `PrintStyle.error`, `traceback.format_exc`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,50 @@
# scheduler_tick.py DOX
## Purpose
- Own the `scheduler_tick.py` API endpoint.
- This module handles scheduler tick requests.
- Keep this file-level DOX profile synchronized with `scheduler_tick.py` because this directory is intentionally flat.
## Ownership
- `scheduler_tick.py` owns the runtime implementation.
- `scheduler_tick.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `SchedulerTick` (`ApiHandler`)
- `requires_loopback(cls) -> bool`
- `requires_auth(cls) -> bool`
- `requires_csrf(cls) -> bool`
- `async process(self, input: Input, request: Request) -> Output`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `SchedulerTick` is an `ApiHandler`.
- `SchedulerTick` defines `process(...)`.
- `SchedulerTick` defines `requires_auth(...)`.
- `SchedulerTick` defines `requires_csrf(...)`.
- `SchedulerTick` defines `requires_loopback(...)`.
- Observed side-effect areas: settings/state persistence, scheduler state.
- Imported dependency areas include: `datetime`, `helpers.api`, `helpers.localization`, `helpers.print_style`, `helpers.task_scheduler`.
## Key Concepts
- Important called helpers/classes observed in the source: `datetime.now.strftime`, `PrintStyle`, `scheduler.get_tasks`, `scheduler.serialize_all_tasks`, `Localization.get.set_timezone`, `scheduler.reload`, `scheduler.tick`, `datetime.now`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,45 @@
# self_update_get.py DOX
## Purpose
- Own the `self_update_get.py` API endpoint.
- This module handles self update get API requests.
- Keep this file-level DOX profile synchronized with `self_update_get.py` because this directory is intentionally flat.
## Ownership
- `self_update_get.py` owns the runtime implementation.
- `self_update_get.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `SelfUpdateGet` (`ApiHandler`)
- `get_methods(cls) -> list[str]`
- `async process(self, input: dict, request: Request) -> dict | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `SelfUpdateGet` is an `ApiHandler`.
- `SelfUpdateGet` defines `process(...)`.
- `SelfUpdateGet` defines `get_methods(...)`.
- Imported dependency areas include: `helpers`, `helpers.api`.
## Key Concepts
- Important called helpers/classes observed in the source: `self_update.get_update_info`, `runtime.is_dockerized`, `self_update.load_pending_update`, `self_update.load_last_status`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,45 @@
# self_update_schedule.py DOX
## Purpose
- Own the `self_update_schedule.py` API endpoint.
- This module handles self update schedule API requests.
- Keep this file-level DOX profile synchronized with `self_update_schedule.py` because this directory is intentionally flat.
## Ownership
- `self_update_schedule.py` owns the runtime implementation.
- `self_update_schedule.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `SelfUpdateSchedule` (`ApiHandler`)
- `async process(self, input: dict, request: Request) -> dict | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `SelfUpdateSchedule` is an `ApiHandler`.
- `SelfUpdateSchedule` defines `process(...)`.
- Observed side-effect areas: filesystem writes, subprocess/runtime control.
- Imported dependency areas include: `helpers`, `helpers.api`.
## Key Concepts
- Important called helpers/classes observed in the source: `runtime.is_dockerized`, `self_update.schedule_update`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- Related tests observed by source search:
- `tests/test_self_update_tag_filter.py`
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,43 @@
# self_update_tags.py DOX
## Purpose
- Own the `self_update_tags.py` API endpoint.
- This module handles self update tags API requests.
- Keep this file-level DOX profile synchronized with `self_update_tags.py` because this directory is intentionally flat.
## Ownership
- `self_update_tags.py` owns the runtime implementation.
- `self_update_tags.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `SelfUpdateTags` (`ApiHandler`)
- `async process(self, input: dict, request: Request) -> dict | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `SelfUpdateTags` is an `ApiHandler`.
- `SelfUpdateTags` defines `process(...)`.
- Imported dependency areas include: `helpers`, `helpers.api`.
## Key Concepts
- Important called helpers/classes observed in the source: `str.strip.lower`, `self_update.get_repo_version_info.get.strip.lower`, `self_update.get_available_branch_values`, `self_update.get_selector_tag_options`, `str.strip`, `self_update.get_repo_version_info.get.strip`, `runtime.is_dockerized`, `self_update.get_repo_version_info`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,46 @@
# settings_get.py DOX
## Purpose
- Own the `settings_get.py` API endpoint.
- This module returns current application settings.
- Keep this file-level DOX profile synchronized with `settings_get.py` because this directory is intentionally flat.
## Ownership
- `settings_get.py` owns the runtime implementation.
- `settings_get.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `GetSettings` (`ApiHandler`)
- `async process(self, input: dict, request: Request) -> dict | Response`
- `get_methods(cls) -> list[str]`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `GetSettings` is an `ApiHandler`.
- `GetSettings` defines `process(...)`.
- `GetSettings` defines `get_methods(...)`.
- Observed side-effect areas: settings/state persistence.
- Imported dependency areas include: `helpers`, `helpers.api`.
## Key Concepts
- Important called helpers/classes observed in the source: `settings.get_settings`, `settings.convert_out`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,44 @@
# settings_set.py DOX
## Purpose
- Own the `settings_set.py` API endpoint.
- This module persists application settings updates.
- Keep this file-level DOX profile synchronized with `settings_set.py` because this directory is intentionally flat.
## Ownership
- `settings_set.py` owns the runtime implementation.
- `settings_set.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `SetSettings` (`ApiHandler`)
- `async process(self, input: dict[Any, Any], request: Request) -> dict[Any, Any] | Response`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `SetSettings` is an `ApiHandler`.
- `SetSettings` defines `process(...)`.
- Observed side-effect areas: settings/state persistence.
- Imported dependency areas include: `helpers`, `helpers.api`, `typing`.
## Key Concepts
- Important called helpers/classes observed in the source: `settings.convert_in`, `settings.set_settings`, `settings.convert_out`, `settings.Settings`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

View file

@ -0,0 +1,46 @@
# settings_workdir_file_structure.py DOX
## Purpose
- Own the `settings_workdir_file_structure.py` API endpoint.
- This module handles settings workdir file structure API requests.
- Keep this file-level DOX profile synchronized with `settings_workdir_file_structure.py` because this directory is intentionally flat.
## Ownership
- `settings_workdir_file_structure.py` owns the runtime implementation.
- `settings_workdir_file_structure.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `SettingsWorkdirFileStructure` (`ApiHandler`)
- `async process(self, input: dict, request: Request) -> dict | Response`
- `get_methods(cls) -> list[str]`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `SettingsWorkdirFileStructure` is an `ApiHandler`.
- `SettingsWorkdirFileStructure` defines `process(...)`.
- `SettingsWorkdirFileStructure` defines `get_methods(...)`.
- Observed side-effect areas: filesystem reads, settings/state persistence.
- Imported dependency areas include: `helpers`, `helpers.api`.
## Key Concepts
- Important called helpers/classes observed in the source: `files.get_abs_path_development`, `Exception`, `file_tree.file_tree`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- No direct test reference was found by name search; choose the nearest behavioral test or perform a focused smoke check.
## Child DOX Index
No child DOX files.

54
api/skills.py.dox.md Normal file
View file

@ -0,0 +1,54 @@
# skills.py DOX
## Purpose
- Own the `skills.py` API endpoint.
- This module lists and manages available skills for settings and agent-facing skill flows.
- Keep this file-level DOX profile synchronized with `skills.py` because this directory is intentionally flat.
## Ownership
- `skills.py` owns the runtime implementation.
- `skills.py.dox.md` owns durable notes about responsibilities, contracts, side effects, and verification for that implementation.
- Classes:
- `Skills` (`ApiHandler`)
- `async process(self, input: Input, request: Request) -> Output`
- `list_skills(self, input: Input)`
- `delete_skill(self, input: Input)`
## Runtime Contracts
- HTTP handlers must derive from `helpers.api.ApiHandler`; WebSocket handlers must derive from `helpers.ws.WsHandler`.
- Update this file whenever request payloads, authentication or CSRF requirements, response shapes, route side effects, or WebSocket event contracts change.
- `Skills` is an `ApiHandler`.
- `Skills` defines `process(...)`.
- Observed side-effect areas: filesystem reads, filesystem deletion.
- Imported dependency areas include: `helpers`, `helpers.api`.
## Key Concepts
- Important called helpers/classes observed in the source: `skills.list_skills`, `result.sort`, `str.strip`, `skills.delete_skill`, `projects.get_project_folder`, `runtime.is_development`, `Exception`, `self.list_skills`, `strip`, `files.normalize_a0_path`, `files.get_abs_path`, `self.delete_skill`, `files.is_in_dir`, `projects.get_project_meta`.
- Keep request/response, tool, or helper semantics documented here at the same time as source changes.
## Work Guidance
- Preserve authentication, CSRF, loopback, and API-key checks unless the endpoint contract explicitly changes.
- Update frontend callers, plugin callers, and tests together when payload shape changes.
- Use `helpers.api.Response` for non-JSON responses, files, redirects, or status-specific replies.
## Verification
- Run endpoint-specific or API/WebSocket tests for changed behavior; smoke-test browser callers when no focused test exists.
- Related tests observed by source search:
- `tests/test_a0_connector_prompt_gating.py`
- `tests/test_browser_agent_regressions.py`
- `tests/test_document_query_plugin.py`
- `tests/test_fasta2a_client.py`
- `tests/test_office_canvas_setup.py`
- `tests/test_office_document_store.py`
- `tests/test_skills_runtime.py`
- `tests/test_time_travel.py`
## Child DOX Index
No child DOX files.

Some files were not shown because too many files have changed in this diff Show more