sillytavern 1.13.3 → 1.13.5

package/CONTRIBUTING.md

@@ -9,7 +9,7 @@
 ## Getting the code ready
 
 1. Register a GitHub account.
-2. Fork this repository under your account. 
+2. Fork this repository under your account.
 3. Clone the fork onto your machine.
 4. Open the cloned repository in the code editor.
 5. Create a git branch (recommended).
@@ -29,11 +29,22 @@
   - Updating GitHub Actions.
   - Hotfixing a critical bug.
 4. Project maintainers will test and can change your code before merging.
-5. Write at least somewhat meaningful PR descriptions. There's no "right" way to do it, but the following may help with outlining a general structure:
+5. To make sure that your contribution remains testable and reviewable, try not to exceed a soft limit of **200 lines of code** (both additions and deletions) per pull request. If you have more to contribute, split it into multiple pull requests. We can also consider creating a separate feature branch for more substantial changes, but please discuss it with the maintainers first.
+6. Write at least somewhat meaningful PR descriptions and commit messages. There's no "right" way to do it, but the following may help with outlining a general structure:
   - What is the reason for a change?
   - What did you do to achieve this?
   - How would a reviewer test the change?
-6. Mind the license. Your contributions will be licensed under the GNU Affero General Public License. If you don't know what that implies, consult your lawyer.
+7. English is the primary language of communication in this project. Please use only English when writing commit messages, PR descriptions, comments and other text. This does not apply to contributions to localization files.
+8. Mind the license. Your contributions will be licensed under the GNU Affero General Public License. If you don't know what that implies, consult your lawyer.
+
+## Use of AI coding assistance tools ("Vibe Coding")
+
+We do not prohibit nor encourage the use of AI tools for coding assistance to help you write code, documentation, etc. This includes specialized IDEs, plugins and add-ons, chat interfaces, etc. However, please keep in mind the following:
+
+- No matter who (or what) wrote the code, you are responsible for it. Make sure to carefully review and test everything before committing, and be ready to discuss and fix any issues that may arise during the review.
+- Maintainers can reject reviewing and accepting PRs of very low quality, i.e. if the time to fix the issues exceeds the time to write the code from scratch.
+- Avoid common mistakes attributed to AI tools, such as: adding/removing unrelated comments, excessive logging, unawareness of the project context and conventions, etc.
+- You are allowed, but not required, to trigger AI tools that are added to the project by maintainers (Gemini, Copilot, Codex). Keep in mind that any feedback (comments, suggestions) that these tools generate is not a call to action; make sure to properly assess it before applying.
 
 ## Further reading
 

package/Dockerfile

@@ -1,4 +1,4 @@
-FROM node:lts-alpine3.21
+FROM node:lts-alpine3.22
 
 # Arguments
 ARG APP_HOME=/home/node/app

package/config.yaml

@@ -40,9 +40,15 @@ browserLaunch:
 port: 8000
 # -- SSL options --
 ssl:
+  # Enable SSL/TLS encryption
   enabled: false
+  # Path to certificate (relative to server root)
   certPath: "./certs/cert.pem"
+  # Path to private key (relative to server root)
   keyPath: "./certs/privkey.pem"
+  # Private key passphrase (leave empty if not needed)
+  # For better security, use a CLI argument or an environment variable (SILLYTAVERN_SSL_KEYPASSPHRASE)
+  keyPassphrase: ""
 # -- SECURITY CONFIGURATION --
 # Toggle whitelist mode
 whitelistMode: true
@@ -76,19 +82,43 @@ requestProxy:
 enableUserAccounts: false
 # Enable discreet login mode: hides user list on the login screen
 enableDiscreetLogin: false
-# Enable's authlia based auto login. Only enable this if you
-# have setup and installed Authelia as a middle-ware on your
-# reverse proxy
-# https://www.authelia.com/
-# This will use auto login to an account with the same username
-# as that used for authlia. (Ensure the username in authlia
-# is an exact match in lowercase with that in sillytavern)
-autheliaAuth: false
 # If `basicAuthMode` and this are enabled then
 # the username and passwords for basic auth are the same as those
 # for the individual accounts
 perUserBasicAuth: false
 
+# -- SSO LOGIN CONFIGURATION --
+sso:
+  # Enable's authlia based auto login. Only enable this if you
+  # have setup and installed Authelia as a middle-ware on your
+  # reverse proxy
+  # https://www.authelia.com/
+  # This will use auto login to an account with the same username
+  # as that used for authlia. (Ensure the username in authlia
+  # is an exact match in lowercase with that in sillytavern)
+  autheliaAuth: false
+  # Enable's authentik based auto login. Only enable this if you
+  # have setup and installed Authentik as a middle-ware on your
+  # reverse proxy.
+  # https://goauthentik.io/
+  # This will use auto login to an account with the same username
+  # as that used for authentik. (Ensure the username in authentik
+  # is an exact match in lowercase with that in sillytavern).
+  authentikAuth: false
+
+# Host whitelist configuration. Recommended if you're using a listen mode
+hostWhitelist:
+  # Enable or disable host whitelisting
+  enabled: false
+  # Scan incoming requests for potential host header spoofing
+  scan: true
+  # List of allowed hosts. Do not include localhost or IPs, these are safe.
+  # Use a dot to create subdomain patterns.
+  # Examples:
+  # - example.com
+  # - .trycloudflare.com
+  hosts: []
+
 # User session timeout *in seconds* (defaults to 24 hours).
 ## Set to a positive number to expire session after a certain time of inactivity
 ## Set to 0 to expire session when the browser is closed

package/default/config.yaml

@@ -40,9 +40,15 @@ browserLaunch:
 port: 8000
 # -- SSL options --
 ssl:
+  # Enable SSL/TLS encryption
   enabled: false
+  # Path to certificate (relative to server root)
   certPath: "./certs/cert.pem"
+  # Path to private key (relative to server root)
   keyPath: "./certs/privkey.pem"
+  # Private key passphrase (leave empty if not needed)
+  # For better security, use a CLI argument or an environment variable (SILLYTAVERN_SSL_KEYPASSPHRASE)
+  keyPassphrase: ""
 # -- SECURITY CONFIGURATION --
 # Toggle whitelist mode
 whitelistMode: true
@@ -76,19 +82,43 @@ requestProxy:
 enableUserAccounts: false
 # Enable discreet login mode: hides user list on the login screen
 enableDiscreetLogin: false
-# Enable's authlia based auto login. Only enable this if you
-# have setup and installed Authelia as a middle-ware on your
-# reverse proxy
-# https://www.authelia.com/
-# This will use auto login to an account with the same username
-# as that used for authlia. (Ensure the username in authlia
-# is an exact match in lowercase with that in sillytavern)
-autheliaAuth: false
 # If `basicAuthMode` and this are enabled then
 # the username and passwords for basic auth are the same as those
 # for the individual accounts
 perUserBasicAuth: false
 
+# -- SSO LOGIN CONFIGURATION --
+sso:
+  # Enable's authlia based auto login. Only enable this if you
+  # have setup and installed Authelia as a middle-ware on your
+  # reverse proxy
+  # https://www.authelia.com/
+  # This will use auto login to an account with the same username
+  # as that used for authlia. (Ensure the username in authlia
+  # is an exact match in lowercase with that in sillytavern)
+  autheliaAuth: false
+  # Enable's authentik based auto login. Only enable this if you
+  # have setup and installed Authentik as a middle-ware on your
+  # reverse proxy.
+  # https://goauthentik.io/
+  # This will use auto login to an account with the same username
+  # as that used for authentik. (Ensure the username in authentik
+  # is an exact match in lowercase with that in sillytavern).
+  authentikAuth: false
+
+# Host whitelist configuration. Recommended if you're using a listen mode
+hostWhitelist:
+  # Enable or disable host whitelisting
+  enabled: false
+  # Scan incoming requests for potential host header spoofing
+  scan: true
+  # List of allowed hosts. Do not include localhost or IPs, these are safe.
+  # Use a dot to create subdomain patterns.
+  # Examples:
+  # - example.com
+  # - .trycloudflare.com
+  hosts: []
+
 # User session timeout *in seconds* (defaults to 24 hours).
 ## Set to a positive number to expire session after a certain time of inactivity
 ## Set to 0 to expire session when the browser is closed

package/default/content/presets/openai/Default.json

@@ -1,20 +1,23 @@
 {
     "chat_completion_source": "openai",
     "openai_model": "gpt-4-turbo",
-    "claude_model": "claude-3-5-sonnet-20240620",
+    "claude_model": "claude-sonnet-4-5",
     "openrouter_model": "OR_Website",
     "openrouter_use_fallback": false,
     "openrouter_group_models": false,
     "openrouter_sort_models": "alphabetically",
     "ai21_model": "jamba-large",
     "mistralai_model": "mistral-large-latest",
+    "electronhub_model": "gpt-4o-mini",
+    "electronhub_sort_models": "alphabetically",
+    "electronhub_group_models": false,
     "custom_model": "",
     "custom_url": "",
     "custom_include_body": "",
     "custom_exclude_body": "",
     "custom_include_headers": "",
-    "google_model": "gemini-pro",
-    "vertexai_model": "gemini-2.0-flash-001",
+    "google_model": "gemini-2.5-pro",
+    "vertexai_model": "gemini-2.5-pro",
     "temperature": 1,
     "frequency_penalty": 0,
     "presence_penalty": 0,

package/default/content/settings.json

@@ -620,7 +620,7 @@
         },
         "wi_format": "{0}",
         "openai_model": "gpt-4-turbo",
-        "claude_model": "claude-3-5-sonnet-20240620",
+        "claude_model": "claude-sonnet-4-5",
         "ai21_model": "jamba-large",
         "openrouter_model": "OR_Website",
         "reverse_proxy": "",

package/default/public/error/host-not-allowed.html

@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+    <title>Forbidden</title>
+</head>
+
+<body>
+    <h1>Forbidden</h1>
+    <p>
+        If you are the system administrator, add the hostname you are accessing from to the
+        host whitelist, or disable host whitelisting in the
+        <code>config.yaml</code> file located in the root directory of your installation.
+    </p>
+    <hr />
+    <p>
+        <em>Access from this host is not allowed. This attempt has been logged.</em>
+    </p>
+</body>
+
+</html>

package/package.json

@@ -1,6 +1,6 @@
 {
     "dependencies": {
-        "@adobe/css-tools": "^4.4.3",
+        "@adobe/css-tools": "^4.4.4",
         "@agnai/sentencepiece-js": "^1.1.1",
         "@agnai/web-tokenizers": "^0.1.3",
         "@iconfu/svg-inject": "^1.2.3",
@@ -32,9 +32,9 @@
         "archiver": "^7.0.1",
         "bing-translate-api": "^4.1.0",
         "body-parser": "^1.20.2",
-        "bowser": "^2.11.0",
+        "bowser": "^2.12.1",
         "bytes": "^3.1.2",
-        "chalk": "^5.4.1",
+        "chalk": "^5.6.0",
         "command-exists": "^1.2.9",
         "compression": "^1.8.1",
         "cookie-parser": "^1.4.6",
@@ -54,6 +54,7 @@
         "handlebars": "^4.7.8",
         "helmet": "^8.1.0",
         "highlight.js": "^11.11.1",
+        "host-validation-middleware": "^0.1.1",
         "html-entities": "^2.6.0",
         "iconv-lite": "^0.6.3",
         "ip-matching": "^2.1.2",
@@ -64,7 +65,7 @@
         "lodash": "^4.17.21",
         "mime-types": "^3.0.1",
         "moment": "^2.30.1",
-        "morphdom": "^2.7.5",
+        "morphdom": "^2.7.7",
         "multer": "^2.0.2",
         "node-fetch": "^3.3.2",
         "node-persist": "^4.0.4",
@@ -80,14 +81,14 @@
         "sillytavern-transformers": "2.14.6",
         "simple-git": "^3.28.0",
         "slidetoggle": "^4.0.0",
-        "tiktoken": "^1.0.21",
+        "tiktoken": "^1.0.22",
         "url-join": "^5.0.0",
         "vectra": "^0.2.2",
         "wavefile": "^11.0.0",
         "webpack": "^5.98.0",
         "write-file-atomic": "^5.0.1",
         "ws": "^8.18.3",
-        "yaml": "^2.8.0",
+        "yaml": "^2.8.1",
         "yargs": "^17.7.1",
         "yauzl": "^3.2.0"
     },
@@ -112,7 +113,7 @@
         "type": "git",
         "url": "https://github.com/SillyTavern/SillyTavern.git"
     },
-    "version": "1.13.3",
+    "version": "1.13.5",
     "scripts": {
         "start": "node server.js",
         "debug": "node --inspect server.js",
@@ -145,7 +146,7 @@
         "@types/cors": "^2.8.19",
         "@types/deno": "^2.3.0",
         "@types/express": "^4.17.23",
-        "@types/jquery": "^3.5.32",
+        "@types/jquery": "^3.5.33",
         "@types/jquery-cropper": "^1.0.4",
         "@types/jquery.transit": "^0.9.33",
         "@types/jqueryui": "^1.12.24",

package/public/css/backgrounds.css

@@ -0,0 +1,302 @@
+/* Main Page Backgrounds */
+#bg1 {
+    background-repeat: no-repeat;
+    background-attachment: fixed;
+    background-size: cover;
+    position: absolute;
+    width: 100%;
+    height: 100%;
+    transition: background-image var(--animation-duration-3x) ease-in-out;
+    z-index: -1;
+}
+
+/* Fitting options */
+#background_fitting {
+    max-width: 8em;
+}
+
+/* Fill/Cover - scales to fill width while maintaining aspect ratio */
+#bg1.cover {
+    background-size: cover;
+    background-position: center;
+}
+
+/* Fit/Contain - shows entire image maintaining aspect ratio */
+#bg1.contain {
+    background-size: contain;
+    background-position: center;
+    background-repeat: no-repeat;
+}
+
+/* Stretch - stretches to fill entire space */
+#bg1.stretch {
+    background-size: 100% 100%;
+}
+
+/* Center - centers without scaling */
+#bg1.center {
+    background-size: auto;
+    background-position: center;
+    background-repeat: no-repeat;
+}
+
+/* This is the main flex container for the entire drawer */
+.drawer-content.openDrawer.bg-drawer-layout {
+    display: flex;
+}
+
+.bg-drawer-layout {
+    flex-direction: column;
+    padding: 0;
+}
+
+#bg-header-fixed {
+    flex-shrink: 0;
+    padding: 5px;
+    background-color: var(--SmartThemeBlurTintColor);
+    border-bottom: 1px solid var(--SmartThemeBorderColor);
+    width: 100%;
+}
+
+.bg-header-row-1,
+.bg-header-row-2 {
+    display: flex;
+    gap: 5px;
+    width: 100%;
+}
+
+/* Control buttons in header */
+.heading-container-with-controls {
+    position: relative;
+}
+
+.heading-container-with-controls .heading-text {
+    margin: 10px 0;
+}
+
+.heading-container-with-controls .heading-controls {
+    position: absolute;
+    right: 5px;
+    top: 50%;
+    transform: translateY(-50%);
+    display: flex;
+    gap: 5px;
+}
+
+#bg-scrollable-content {
+    flex-grow: 1;
+    overflow-y: auto;
+    overflow-x: hidden;
+    padding: 0 5px 15px;
+    position: relative;
+}
+
+#bg_menu_content,
+#bg_custom_content {
+    display: grid;
+    gap: 5px;
+    width: 100%;
+    grid-template-columns: repeat(var(--bg-thumb-columns, 5), 1fr);
+}
+
+#bg-filter {
+    font-size: calc(var(--mainFontSize) * 0.95);
+}
+
+/* Thumbnails */
+.bg_example:hover .BGSampleTitle {
+    opacity: 1;
+}
+
+.bg_example .mobile-only-menu-toggle {
+    display: none;
+}
+
+.bg_example {
+    cursor: pointer;
+    box-shadow: 0 0 7px var(--black50a);
+    position: relative;
+    overflow: hidden;
+    border-radius: 8px;
+    border: 0px solid transparent;
+    outline: 2px solid var(--SmartThemeBorderColor);
+    outline-offset: -1px;
+
+    height: auto;
+    aspect-ratio: 16 / 9;
+}
+
+.bg_example:focus-visible {
+    outline-offset: inherit;
+    outline-color: var(--interactable-outline-color);
+}
+
+.bg_example.locked-background {
+    outline: 2px solid var(--golden);
+    outline-offset: 0;
+}
+
+.bg_example.locked-background::after {
+    content: '\f023';
+    font-family: 'Font Awesome 6 Free';
+    font-weight: 900;
+
+    position: absolute;
+    bottom: 5px;
+    right: 5px;
+    z-index: 4;
+    color: var(--golden);
+    filter: drop-shadow(0 1px 2px rgba(0, 0, 0, 0.8));
+    font-size: calc(var(--mainFontSize) * 0.8);
+    pointer-events: none;
+}
+
+.bg_example:not(.locked-background) .jg-unlock,
+.bg_example.locked-background .jg-lock {
+    display: none;
+}
+
+.bg_example.selected-background {
+    outline: 2px solid white;
+    outline-offset: 0;
+}
+
+.bg_example.selected-background::before {
+    content: '\f00c';
+    font-family: 'Font Awesome 6 Free';
+    font-weight: 900;
+    position: absolute;
+    top: 5px;
+    left: 5px;
+    z-index: 4;
+    color: var(--white100);
+    filter: drop-shadow(0 1px 3px rgba(0, 0, 0, 0.8));
+    font-size: calc(var(--mainFontSize) * 0.9);
+    pointer-events: none;
+}
+
+.bg_example .jg-menu {
+    display: flex;
+    position: absolute;
+    top: 2px;
+    right: 2px;
+    background-color: rgba(0, 0, 0, 0.5);
+    border-radius: 5px;
+    padding: 3px 3px;
+    z-index: 3;
+    backdrop-filter: blur(4px);
+    border: 1px solid var(--SmartThemeBorderColor);
+    justify-items: center;
+    align-items: center;
+
+    opacity: 0;
+    visibility: hidden;
+    transform: scale(0.9);
+    transform-origin: center;
+    transition: opacity var(--animation-duration) ease-out, visibility var(--animation-duration) ease-out, transform var(--animation-duration) ease-out;
+}
+
+.bg_example:hover .jg-menu,
+.bg_example:focus-within .jg-menu {
+    opacity: 1;
+    visibility: visible;
+    transform: scale(1);
+}
+
+.bg_example .jg-button {
+    display: flex;
+    width: 24px;
+    height: 24px;
+    align-items: center;
+    justify-content: center;
+    color: white;
+    padding: 5px;
+    font-size: 1.1em;
+    border-radius: 5px;
+    transition: background-color var(--animation-duration) ease;
+}
+
+.bg_example .jg-button:hover {
+    background-color: rgba(255, 255, 255, 0.2);
+}
+
+/* Scroll-to-Top Button */
+#bg-scroll-top {
+    position: absolute;
+    bottom: 20px;
+    right: 20px;
+    width: 42px;
+    height: 42px;
+    background: var(--SmartThemeBlurTintColor);
+    color: var(--SmartThemeBodyColor);
+    border: 1px solid var(--SmartThemeBorderColor);
+    border-radius: 50%;
+    cursor: pointer;
+    z-index: 10;
+    font-size: 18px;
+    display: inline-flex;
+    align-items: center;
+    justify-content: center;
+    opacity: 0;
+    transition: opacity var(--animation-duration) ease;
+    pointer-events: none;
+}
+
+#bg-scroll-top.visible {
+    opacity: 1;
+    pointer-events: auto;
+}
+
+#bg-scroll-top:hover {
+    filter: brightness(150%);
+    outline: 1px solid var(--interactable-outline-color);
+}
+
+#bg-scroll-top .fa-solid {
+    margin: 0;
+    padding: 0;
+    line-height: 1;
+}
+
+.thumbnail-clipper {
+    position: absolute;
+    top: -2px;
+    left: -2px;
+    right: -2px;
+    bottom: -2px;
+    overflow: hidden;
+    border-radius: inherit;
+    background-size: cover;
+    background-position: center;
+}
+
+.bg_example:not([custom="true"]) .jg-copy,
+.bg_example[custom="true"] .jg-edit {
+    display: none;
+}
+
+/* Thumbnail Title */
+.bg_example .BGSampleTitle {
+    position: absolute;
+    bottom: 0;
+    left: 0;
+    right: 0;
+    background: linear-gradient(transparent, rgba(0, 0, 0, 0.9));
+    color: var(--SmartThemeBodyColor);
+    font-size: 0.9em;
+    font-weight: 600;
+    padding: 0px 6px 2px;
+    text-align: center;
+    white-space: nowrap;
+    overflow: hidden;
+    text-overflow: ellipsis;
+    opacity: 0;
+    transition: opacity var(--animation-duration) ease-in-out;
+    pointer-events: none;
+    border-radius: 0 0 8px 8px;
+}
+
+.bg_example:hover .BGSampleTitle,
+.bg_example:focus-within .BGSampleTitle {
+    opacity: 1;
+}