open-agents-ai 0.186.71 → 0.186.73
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +27 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -1,5 +1,8 @@
|
|
|
1
1
|
<a name="top"></a>
|
|
2
|
-
<
|
|
2
|
+
<p align="center">
|
|
3
|
+
<img src="openagents-banner.png" alt="Open Agents P2P Network" width="100%" />
|
|
4
|
+
</p>
|
|
5
|
+
<h1 align="center">Open Agents — P2P Inference</h1>
|
|
3
6
|
|
|
4
7
|
<p align="center">
|
|
5
8
|
<strong>AI coding agent powered entirely by open-weight models.</strong><br>
|
|
@@ -2304,6 +2307,29 @@ Both paths enforce:
|
|
|
2304
2307
|
|
|
2305
2308
|
libp2p relay uses GossipSub discovery + NATS (wss://demo.nats.io:8443) for peer announcement. Direct streams via invoke/1.1.0 protocol with payment negotiation (x402). The tunnel fallback uses debounced restarts with exponential cooldown.
|
|
2306
2309
|
|
|
2310
|
+
### Ollama Endpoint Security
|
|
2311
|
+
|
|
2312
|
+
Three independent layers prevent remote peers from accessing destructive Ollama endpoints:
|
|
2313
|
+
|
|
2314
|
+
| Endpoint | Default | `--full` | Sponsor Mode |
|
|
2315
|
+
|----------|---------|----------|-------------|
|
|
2316
|
+
| `/api/chat` (inference) | ALLOWED | ALLOWED | ALLOWED |
|
|
2317
|
+
| `/api/tags` (list models) | ALLOWED | ALLOWED | ALLOWED |
|
|
2318
|
+
| `/v1/chat/completions` | ALLOWED | ALLOWED | ALLOWED |
|
|
2319
|
+
| `/api/pull` (download model) | **BLOCKED** | ALLOWED | **BLOCKED** |
|
|
2320
|
+
| `/api/delete` (delete model) | **BLOCKED** | ALLOWED | **BLOCKED** |
|
|
2321
|
+
| `/api/push` (upload model) | **BLOCKED** | ALLOWED | **BLOCKED** |
|
|
2322
|
+
| `/api/create` (create model) | **BLOCKED** | ALLOWED | **BLOCKED** |
|
|
2323
|
+
| `/api/copy` (copy model) | **BLOCKED** | ALLOWED | **BLOCKED** |
|
|
2324
|
+
|
|
2325
|
+
**Defense-in-depth:**
|
|
2326
|
+
1. **COHERE handler** — Only ever calls `/api/tags` + `/api/chat`. No code path to destructive endpoints.
|
|
2327
|
+
2. **Expose capability handler** — Only forwards inference requests. Auth validated before processing.
|
|
2328
|
+
3. **Expose reverse proxy** — Hardcoded path blocklist returns 403 for all model management endpoints.
|
|
2329
|
+
4. **Sponsor mode** — Whitelist of 6 read-only/inference endpoints only, overrides `--full`.
|
|
2330
|
+
|
|
2331
|
+
The `--full` flag is required to grant remote peers model management access. Sponsor mode always blocks destructive operations regardless of flags. Tool definitions are now forwarded through all relay paths (v0.186.68+).
|
|
2332
|
+
|
|
2307
2333
|
</details>
|
|
2308
2334
|
|
|
2309
2335
|
|
package/package.json
CHANGED