npm - open-agents-ai - Versions diffs - 0.186.70 → 0.186.72 - Mend

open-agents-ai 0.186.70 → 0.186.72

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/README.md +41 -11
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -2246,7 +2246,7 @@ Step 1 → Select endpoints (auto-discovers local Ollama models + configured /en
 Step 2 → Choose banner animation (8 presets: wave, pulse, matrix, sparkle, radar, circuit, fire)
          or generate a custom animation with your local LLM
 Step 3 → Set header message + clickable link (displayed to consumers during inference)
-Step 4 → Configure transport (cloudflared tunnel and/or libp2p P2P mesh)
+Step 4 → Configure transport (libp2p P2P mesh (primary) and/or cloudflared tunnel (fallback))
          + rate limits (req/min, tokens/day, max concurrent, model allowlist)
 Step 5 → Review and Go Live
 ```
@@ -2257,8 +2257,9 @@ Step 5 → Review and Go Live
 - Per-IP sliding window rate limiting + global daily token budget
 - Model allowlist enforcement (block models you don't want to share)
 - Token usage tracked from both Ollama and OpenAI response formats
-- Cloudflared tunnel creates a public HTTPS URL (or libp2p for decentralized relay)
-- Your raw API endpoint URL is **never exposed** — consumers only see the tunnel URL
+- **libp2p P2P mesh** provides decentralized relay — no DNS, no port forwarding, NAT-traversing
+- Cloudflared tunnel available as HTTPS fallback for non-P2P consumers
+- Your raw API endpoint URL is **never exposed** — consumers connect via peerId or tunnel
 - Config persists to `.oa/sponsor/config.json` — survives restarts
 **Management:**
@@ -2284,18 +2285,47 @@ When using sponsored inference, the sponsor's banner animation and message appea
 ### Architecture
 ```
+Primary path (libp2p):
+Consumer OA ──→ libp2p mesh ──→ Sponsor Daemon ──→ Ollama/vLLM
+                (P2P, NAT-traversing)  (auth + rate limit)   (local)
+Fallback path (tunnel):
 Consumer OA ──→ Cloudflared Tunnel ──→ Sponsor Proxy ──→ Ollama/vLLM
                 (HTTPS)                (auth + rate limit)   (local)
-                                       │
-                                       ├─ Bearer token gate
-                                       ├─ Per-IP sliding window (N req/min)
-                                       ├─ Daily token budget tracking
-                                       ├─ Model allowlist enforcement
-                                       ├─ Concurrent request cap
-                                       └─ Response header sanitization
+Both paths enforce:
+  ├─ Bearer token auth gate
+  ├─ Per-IP sliding window rate limiting
+  ├─ Daily token budget tracking
+  ├─ Model allowlist enforcement
+  ├─ Tool definitions forwarded (v0.186.68+)
+  └─ Response header sanitization
 ```
-The tunnel fix uses debounced restarts with exponential cooldown (10s → 20s → 40s), stopping auto-restart after 3 consecutive failures to prevent Cloudflare rate limiting. Progress indicators emit every 5 seconds during startup, and specific error messages are shown for common failure modes (ENOENT, port conflict, 429, DNS).
+libp2p relay uses GossipSub discovery + NATS (wss://demo.nats.io:8443) for peer announcement. Direct streams via invoke/1.1.0 protocol with payment negotiation (x402). The tunnel fallback uses debounced restarts with exponential cooldown.
+### Ollama Endpoint Security
+Three independent layers prevent remote peers from accessing destructive Ollama endpoints:
+| Endpoint | Default | `--full` | Sponsor Mode |
+|----------|---------|----------|-------------|
+| `/api/chat` (inference) | ALLOWED | ALLOWED | ALLOWED |
+| `/api/tags` (list models) | ALLOWED | ALLOWED | ALLOWED |
+| `/v1/chat/completions` | ALLOWED | ALLOWED | ALLOWED |
+| `/api/pull` (download model) | **BLOCKED** | ALLOWED | **BLOCKED** |
+| `/api/delete` (delete model) | **BLOCKED** | ALLOWED | **BLOCKED** |
+| `/api/push` (upload model) | **BLOCKED** | ALLOWED | **BLOCKED** |
+| `/api/create` (create model) | **BLOCKED** | ALLOWED | **BLOCKED** |
+| `/api/copy` (copy model) | **BLOCKED** | ALLOWED | **BLOCKED** |
+**Defense-in-depth:**
+1. **COHERE handler** — Only ever calls `/api/tags` + `/api/chat`. No code path to destructive endpoints.
+2. **Expose capability handler** — Only forwards inference requests. Auth validated before processing.
+3. **Expose reverse proxy** — Hardcoded path blocklist returns 403 for all model management endpoints.
+4. **Sponsor mode** — Whitelist of 6 read-only/inference endpoints only, overrides `--full`.
+The `--full` flag is required to grant remote peers model management access. Sponsor mode always blocks destructive operations regardless of flags. Tool definitions are now forwarded through all relay paths (v0.186.68+).
 </details>

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "open-agents-ai",
-  "version": "0.186.70",
+  "version": "0.186.72",
   "description": "AI coding agent powered by open-source models (Ollama/vLLM) — interactive TUI with agentic tool-calling loop",
   "type": "module",
   "main": "./dist/index.js",