Merge branch 'main' into fix/add-security-risk-to-tool-examples

Author: ixchio

examples/03_github_workflows/02_pr_review/prompt.py

@@ -36,8 +36,21 @@
 PROMPT = """{skill_trigger}
 /github-pr-review
 
-When posting a review, keep the review body brief unless your active review instructions
-require a longer structured format.
+When posting a review, keep the review body brief unless your active review
+instructions require a longer structured format.
+
+## Review decision policy (eval / benchmark risk)
+
+You MAY approve clearly low-risk changes (docs, typo fixes, formatting, or
+pure refactors with no behavior changes).
+
+Do NOT submit an APPROVE review when the PR changes agent behavior or anything
+that affects benchmark/evaluation performance.
+Examples include: prompt templates, tool calling/execution, planning/loop logic,
+memory/condenser behavior, terminal/stdin/stdout handling, or evaluation harness code.
+
+If a PR is in this category (or you are uncertain), leave a COMMENTED review and
+explicitly flag it for a human maintainer to decide after running lightweight evals.
 
 Review the PR changes below and identify issues that need to be addressed.
 

openhands-agent-server/openhands/agent_server/config.py

@@ -140,6 +140,13 @@ class Config(BaseModel):
         le=65535,
         description="Port on which VSCode server should run",
     )
+    vscode_base_path: str | None = Field(
+        default=None,
+        description=(
+            "Base path for VSCode server (used in path-based routing). "
+            "For example, '/{runtime_id}/vscode' when using path-based routing."
+        ),
+    )
     enable_vnc: bool = Field(
         default=False,
         description="Whether to enable VNC desktop functionality",

openhands-agent-server/openhands/agent_server/conversation_router.py

@@ -275,13 +275,20 @@ async def update_conversation(
 @conversation_router.post(
     "/{conversation_id}/generate_title",
     responses={404: {"description": "Item not found"}},
+    deprecated=True,
 )
 async def generate_conversation_title(
     conversation_id: UUID,
     request: GenerateTitleRequest,
     conversation_service: ConversationService = Depends(get_conversation_service),
 ) -> GenerateTitleResponse:
-    """Generate a title for the conversation using LLM."""
+    """Generate a title for the conversation using LLM.
+
+    Deprecated since v1.11.5 and scheduled for removal in v1.14.0.
+
+    Prefer enabling `autotitle` in `StartConversationRequest` to have the server
+    generate and persist the title automatically from the first user message.
+    """
     title = await conversation_service.generate_conversation_title(
         conversation_id, request.max_length, request.llm
     )

openhands-agent-server/openhands/agent_server/conversation_service.py

@@ -25,6 +25,7 @@
     ConversationExecutionStatus,
     ConversationState,
 )
+from openhands.sdk.event import MessageEvent
 from openhands.sdk.event.conversation_state import ConversationStateUpdateEvent
 from openhands.sdk.utils.cipher import Cipher
 
@@ -505,6 +506,10 @@ async def _start_event_service(self, stored: StoredConversation) -> EventService
         )
         # Create subscribers...
         await event_service.subscribe_to_events(_EventSubscriber(service=event_service))
+        if stored.autotitle and stored.title is None:
+            await event_service.subscribe_to_events(
+                AutoTitleSubscriber(service=event_service)
+            )
         asyncio.gather(
             *[
                 event_service.subscribe_to_events(
@@ -548,6 +553,35 @@ async def __call__(self, _event: Event):
         update_last_execution_time()
 
 
+@dataclass
+class AutoTitleSubscriber(Subscriber):
+    service: EventService
+
+    async def __call__(self, event: Event) -> None:
+        # Only act on incoming user messages
+        if not isinstance(event, MessageEvent) or event.source != "user":
+            return
+        # Guard: skip if a title was already set (e.g. by a concurrent task)
+        if self.service.stored.title is not None:
+            return
+
+        async def _generate_and_save() -> None:
+            try:
+                title = await self.service.generate_title()
+                if title and self.service.stored.title is None:
+                    self.service.stored.title = title
+                    self.service.stored.updated_at = utc_now()
+                    await self.service.save_meta()
+            except Exception:
+                logger.warning(
+                    f"Auto-title generation failed for "
+                    f"conversation {self.service.stored.id}",
+                    exc_info=True,
+                )
+
+        asyncio.create_task(_generate_and_save())
+
+
 @dataclass
 class WebhookSubscriber(Subscriber):
     conversation_id: UUID

openhands-agent-server/openhands/agent_server/models.py

@@ -126,6 +126,13 @@ class StartConversationRequest(BaseModel):
             "hooks."
         ),
     )
+    autotitle: bool = Field(
+        default=True,
+        description=(
+            "If true, automatically generate a title for the conversation from "
+            "the first user message using the conversation's LLM."
+        ),
+    )
 
 
 class StoredConversation(StartConversationRequest):

openhands-agent-server/openhands/agent_server/vscode_service.py

@@ -18,6 +18,7 @@ def __init__(
         self,
         port: int = 8001,
         connection_token: str | None = None,
+        server_base_path: str | None = None,
     ):
         """Initialize VSCode service.
 
@@ -26,9 +27,11 @@ def __init__(
             workspace_path: Path to the workspace directory
             create_workspace: Whether to create the workspace directory if it doesn't
                 exist
+            server_base_path: Base path for the server (used in path-based routing)
         """
         self.port: int = port
         self.connection_token: str | None = connection_token
+        self.server_base_path: str | None = server_base_path
         self.process: asyncio.subprocess.Process | None = None
         self.openvscode_server_root: Path = Path("/openhands/.openvscode-server")
         self.extensions_dir: Path = self.openvscode_server_root / "extensions"
@@ -147,12 +150,18 @@ async def _start_vscode_process(self) -> None:
             if self.extensions_dir.exists()
             else ""
         )
+        base_path_arg = (
+            f"--server-base-path {self.server_base_path} "
+            if self.server_base_path
+            else ""
+        )
         cmd = (
             f"exec {self.openvscode_server_root}/bin/openvscode-server "
             f"--host 0.0.0.0 "
             f"--connection-token {self.connection_token} "
             f"--port {self.port} "
             f"{extensions_arg}"
+            f"{base_path_arg}"
             f"--disable-workspace-trust\n"
         )
 
@@ -229,6 +238,8 @@ def get_vscode_service() -> VSCodeService | None:
             if config.session_api_keys:
                 connection_token = config.session_api_keys[0]
             _vscode_service = VSCodeService(
-                port=config.vscode_port, connection_token=connection_token
+                port=config.vscode_port,
+                connection_token=connection_token,
+                server_base_path=config.vscode_base_path,
             )
     return _vscode_service

openhands-workspace/openhands/workspace/docker/dev_workspace.py

@@ -28,6 +28,13 @@ class DockerDevWorkspace(DockerWorkspace):
             result = workspace.execute_command("ls -la")
     """
 
+    # Override parent's server_image default to None so that callers
+    # providing base_image don't need to explicitly pass server_image=None.
+    server_image: str | None = Field(
+        default=None,
+        description="Pre-built agent server image. Mutually exclusive with base_image.",
+    )
+
     # Add base_image support
     base_image: str | None = Field(
         default=None,

tests/agent_server/test_conversation_router.py

@@ -1047,7 +1047,6 @@ def test_generate_conversation_title_success(
 ):
     """Test generate_conversation_title endpoint with successful generation."""
 
-    # Mock the service response
     mock_conversation_service.generate_conversation_title.return_value = (
         "Generated Title"
     )
@@ -1068,12 +1067,11 @@ def test_generate_conversation_title_success(
         data = response.json()
         assert data["title"] == "Generated Title"
 
-        # Verify service was called with correct parameters
         mock_conversation_service.generate_conversation_title.assert_called_once()
         call_args = mock_conversation_service.generate_conversation_title.call_args
         assert call_args[0][0] == sample_conversation_id
-        assert call_args[0][1] == 30  # max_length
-        assert call_args[0][2] is None  # llm (default)
+        assert call_args[0][1] == 30
+        assert call_args[0][2] is None
     finally:
         client.app.dependency_overrides.clear()
 
@@ -1083,7 +1081,6 @@ def test_generate_conversation_title_with_llm(
 ):
     """Test generate_conversation_title endpoint with custom LLM."""
 
-    # Mock the service response
     mock_conversation_service.generate_conversation_title.return_value = (
         "Custom LLM Title"
     )
@@ -1111,12 +1108,11 @@ def test_generate_conversation_title_with_llm(
         data = response.json()
         assert data["title"] == "Custom LLM Title"
 
-        # Verify service was called
         mock_conversation_service.generate_conversation_title.assert_called_once()
         call_args = mock_conversation_service.generate_conversation_title.call_args
         assert call_args[0][0] == sample_conversation_id
-        assert call_args[0][1] == 40  # max_length
-        assert call_args[0][2] is not None  # llm provided
+        assert call_args[0][1] == 40
+        assert call_args[0][2] is not None
     finally:
         client.app.dependency_overrides.clear()
 
@@ -1126,7 +1122,6 @@ def test_generate_conversation_title_failure(
 ):
     """Test generate_conversation_title endpoint with generation failure."""
 
-    # Mock the service response - generation failed
     mock_conversation_service.generate_conversation_title.return_value = None
 
     client.app.dependency_overrides[get_conversation_service] = (
@@ -1141,9 +1136,7 @@ def test_generate_conversation_title_failure(
             json=request_data,
         )
 
-        assert response.status_code == 500  # Internal Server Error
-
-        # Verify service was called
+        assert response.status_code == 500
         mock_conversation_service.generate_conversation_title.assert_called_once()
     finally:
         client.app.dependency_overrides.clear()
@@ -1159,25 +1152,36 @@ def test_generate_conversation_title_invalid_params(
     )
 
     try:
-        # Test with max_length too low
         request_data = {"max_length": 0}
         response = client.post(
             f"/api/conversations/{sample_conversation_id}/generate_title",
             json=request_data,
         )
-        assert response.status_code == 422  # Validation error
+        assert response.status_code == 422
 
-        # Test with max_length too high
         request_data = {"max_length": 201}
         response = client.post(
             f"/api/conversations/{sample_conversation_id}/generate_title",
             json=request_data,
         )
-        assert response.status_code == 422  # Validation error
+        assert response.status_code == 422
     finally:
         client.app.dependency_overrides.clear()
 
 
+def test_generate_title_endpoint_is_deprecated_in_openapi(client):
+    response = client.get("/openapi.json")
+    assert response.status_code == 200
+
+    openapi_schema = response.json()
+    operation = openapi_schema["paths"][
+        "/api/conversations/{conversation_id}/generate_title"
+    ]["post"]
+
+    assert operation.get("deprecated") is True
+    assert "scheduled for removal" in operation["description"]
+
+
 def test_start_conversation_with_tool_module_qualnames(
     client, mock_conversation_service, sample_conversation_info
 ):
@@ -1284,6 +1288,75 @@ def test_start_conversation_without_tool_module_qualnames(
         client.app.dependency_overrides.clear()
 
 
+def test_start_conversation_autotitle_defaults_to_true(
+    client, mock_conversation_service, sample_conversation_info
+):
+    """autotitle defaults to True when not supplied in the request."""
+    mock_conversation_service.start_conversation.return_value = (
+        sample_conversation_info,
+        True,
+    )
+    client.app.dependency_overrides[get_conversation_service] = (
+        lambda: mock_conversation_service
+    )
+
+    try:
+        request_data = {
+            "agent": {
+                "llm": {
+                    "model": "gpt-4o",
+                    "api_key": "test-key",
+                    "usage_id": "test-llm",
+                },
+                "tools": [{"name": "TerminalTool"}],
+            },
+            "workspace": {"working_dir": "/tmp/test"},
+        }
+        response = client.post("/api/conversations", json=request_data)
+
+        assert response.status_code == 201
+        call_args = mock_conversation_service.start_conversation.call_args
+        request_arg = call_args[0][0]
+        assert request_arg.autotitle is True
+    finally:
+        client.app.dependency_overrides.clear()
+
+
+def test_start_conversation_autotitle_false(
+    client, mock_conversation_service, sample_conversation_info
+):
+    """autotitle=False is forwarded correctly to the service."""
+    mock_conversation_service.start_conversation.return_value = (
+        sample_conversation_info,
+        True,
+    )
+    client.app.dependency_overrides[get_conversation_service] = (
+        lambda: mock_conversation_service
+    )
+
+    try:
+        request_data = {
+            "agent": {
+                "llm": {
+                    "model": "gpt-4o",
+                    "api_key": "test-key",
+                    "usage_id": "test-llm",
+                },
+                "tools": [{"name": "TerminalTool"}],
+            },
+            "workspace": {"working_dir": "/tmp/test"},
+            "autotitle": False,
+        }
+        response = client.post("/api/conversations", json=request_data)
+
+        assert response.status_code == 201
+        call_args = mock_conversation_service.start_conversation.call_args
+        request_arg = call_args[0][0]
+        assert request_arg.autotitle is False
+    finally:
+        client.app.dependency_overrides.clear()
+
+
 def test_set_conversation_security_analyzer_success(
     client,
     sample_conversation_id,