Release v4.5.121

Author: MervinPraison

.github/workflows/claude.yml

@@ -147,12 +147,36 @@ jobs:
           private-key: ${{ secrets.CLAUDE_APP_PRIVATE_KEY }}
           owner: ${{ github.repository_owner }}
 
+      - name: Check for Fork PR
+        id: check_fork
+        uses: actions/github-script@v7
+        with:
+          script: |
+            if (context.issue.pull_request) {
+              const pr = await github.rest.pulls.get({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                pull_number: context.issue.number
+              });
+              if (pr.data.head.repo && pr.data.head.repo.full_name !== context.repo.full_name) {
+                core.setOutput('is_fork', 'true');
+                core.setOutput('clone_url', pr.data.head.repo.clone_url);
+                return;
+              }
+            }
+            core.setOutput('is_fork', 'false');
+
       - name: Checkout repository
         uses: actions/checkout@v4
         with:
           fetch-depth: 0
           token: ${{ steps.app-token.outputs.token }}
 
+      - name: Setup Remote for Fork PR
+        if: steps.check_fork.outputs.is_fork == 'true'
+        run: |
+          git remote set-url origin ${{ steps.check_fork.outputs.clone_url }}
+
       - uses: anthropics/claude-code-action@beta
         env:
           GH_TOKEN: ${{ steps.app-token.outputs.token }}
@@ -164,6 +188,7 @@ jobs:
           label_trigger: "claude"
 
           direct_prompt: |
+            ${{ steps.check_fork.outputs.is_fork == 'true' && 'CRITICAL: THIS IS A PULL REQUEST FROM A FORK. YOU DO NOT HAVE PUSH PERMISSIONS TO THIS REPOSITORY. ONLY READ FILES, VALIDATE CODE, AND PROVIDE YOUR COMMENTS/FEEDBACK DIRECTLY IN THIS PR VIA COMMENTS. DO NOT ATTEMPT TO PUSH OR CREATE PULL REQUESTS.\n\n' || '' }}
             You are working on the PraisonAI SDK. Follow AGENTS.md strictly.
 
             STEP 0 — SETUP GIT IDENTITY & AUTH (GLOBAL — required for all repos):

docker/Dockerfile.chat

@@ -16,7 +16,7 @@ RUN mkdir -p /root/.praison
 # Install Python packages (using latest versions)
 RUN pip install --no-cache-dir \
     praisonai_tools \
-    "praisonai>=4.5.120" \
+    "praisonai>=4.5.121" \
     "praisonai[chat]" \
     "embedchain[github,youtube]"
 

docker/Dockerfile.dev

@@ -20,7 +20,7 @@ RUN mkdir -p /root/.praison
 # Install Python packages (using latest versions)
 RUN pip install --no-cache-dir \
     praisonai_tools \
-    "praisonai>=4.5.120" \
+    "praisonai>=4.5.121" \
     "praisonai[ui]" \
     "praisonai[chat]" \
     "praisonai[realtime]" \

docker/Dockerfile.ui

@@ -16,7 +16,7 @@ RUN mkdir -p /root/.praison
 # Install Python packages (using latest versions)
 RUN pip install --no-cache-dir \
     praisonai_tools \
-    "praisonai>=4.5.120" \
+    "praisonai>=4.5.121" \
     "praisonai[ui]" \
     "praisonai[crewai]"
 

src/praisonai-agents/praisonaiagents/tools/python_tools.py

@@ -61,6 +61,8 @@ def _validate_code_ast(code: str):
         'ag_frame', 'ag_code', 'tb_frame', 'tb_next',
         'f_globals', 'f_locals', 'f_builtins', 'f_code',
         'co_consts', 'co_names',
+        '__getattribute__', '__getattr__', '__setattr__', '__delattr__',
+        '__dir__', '__get__', '__set__', '__delete__',
     })
 
     for node in ast.walk(tree):
@@ -84,6 +86,15 @@ def _validate_code_ast(code: str):
                 'setattr', 'delattr', 'dir',
             ):
                 return f"Call to '{func.id}' is not allowed"
+                
+        # Block dangerous constants (strings containing dunders)
+        # Fallback for Python 3.7 ast.Str
+        if isinstance(node, ast.Constant) and isinstance(node.value, str):
+            if any(attr in node.value for attr in _blocked_attrs):
+                return f"String constant contains restricted attribute name"
+        elif type(node).__name__ == 'Str':
+            if any(attr in getattr(node, 's', '') for attr in _blocked_attrs):
+                return f"String constant contains restricted attribute name"
 
     return None
 
@@ -152,6 +163,8 @@ def safe_execute():
             'ag_frame', 'ag_code', 'tb_frame', 'tb_next',
             'f_globals', 'f_locals', 'f_builtins', 'f_code',
             'co_consts', 'co_names',
+            '__getattribute__', '__getattr__', '__setattr__', '__delattr__',
+            '__dir__', '__get__', '__set__', '__delete__',
         }}
         
         for node in ast.walk(tree):
@@ -179,6 +192,22 @@ def safe_execute():
                         "stderr": f"Call to '{{node.func.id}}' is not allowed",
                         "success": False
                     }}
+            if isinstance(node, ast.Constant) and isinstance(node.value, str):
+                if any(attr in node.value for attr in blocked_attrs):
+                    return {{
+                        "result": None,
+                        "stdout": "",
+                        "stderr": "String constant contains restricted attribute name",
+                        "success": False
+                    }}
+            elif type(node).__name__ == 'Str':
+                if any(attr in getattr(node, 's', '') for attr in blocked_attrs):
+                    return {{
+                        "result": None,
+                        "stdout": "",
+                        "stderr": "String constant contains restricted attribute name",
+                        "success": False
+                    }}
         
         # Create safe globals
         # Create a safe getattr that blocks dunder access (defense-in-depth)

src/praisonai-agents/pyproject.toml

@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"
 
 [project]
 name = "praisonaiagents"
-version = "1.5.120"
+version = "1.5.121"
 description = "Praison AI agents for completing complex tasks with Self Reflection Agents"
 readme = "README.md"
 requires-python = ">=3.10"

src/praisonai-agents/uv.lock

@@ -3,8 +3,8 @@ class Praisonai < Formula
 
     desc "AI tools for various AI applications"
     homepage "https://github.com/MervinPraison/PraisonAI"
-    url "https://github.com/MervinPraison/PraisonAI/archive/refs/tags/v4.5.120.tar.gz"
-    sha256 `curl -sL https://github.com/MervinPraison/PraisonAI/archive/refs/tags/v4.5.120.tar.gz | shasum -a 256`.split.first
+    url "https://github.com/MervinPraison/PraisonAI/archive/refs/tags/v4.5.121.tar.gz"
+    sha256 `curl -sL https://github.com/MervinPraison/PraisonAI/archive/refs/tags/v4.5.121.tar.gz | shasum -a 256`.split.first
     license "MIT"
 
     depends_on "python@3.11"

src/praisonai/praisonai.rb

@@ -444,6 +444,17 @@ async def _apply_step(self, step: ActionStep) -> Optional[Dict[str, Any]]:
 
         elif step.action_type == ActionType.SHELL_COMMAND:
             import subprocess
+            
+            # Block shell injection characters
+            banned_chars = [';', '&', '|', '$', '`']
+            if any(char in step.target for char in banned_chars):
+                return {
+                    "command": step.target,
+                    "stdout": "",
+                    "stderr": "Command contains blocked shell characters",
+                    "returncode": -1
+                }
+                
             result = subprocess.run(
                 step.target,
                 shell=True,

src/praisonai/praisonai/cli/features/action_orchestrator.py

@@ -233,6 +233,11 @@ def _execute_step(self, step_type: str, target: Any, step: Dict, flags: Dict) ->
 
     def _exec_shell(self, cmd: str, step: Dict) -> Dict:
         """Execute a shell command."""
+        # Block dangerous shell injection characters
+        banned_chars = [';', '&', '|', '$', '`']
+        if any(char in cmd for char in banned_chars):
+            return {"ok": False, "error": "Command contains blocked shell characters"}
+            
         cwd = step.get("cwd", self._cwd)
         env = self._build_env(step)
         result = subprocess.run(