openhands-agent-server 1.23.0__tar.gz → 1.23.1__tar.gz

{openhands_agent_server-1.23.0 → openhands_agent_server-1.23.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: openhands-agent-server
-Version: 1.23.0
+Version: 1.23.1
 Summary: OpenHands Agent Server - REST/WebSocket interface for OpenHands AI Agent
 Project-URL: Source, https://github.com/OpenHands/software-agent-sdk
 Project-URL: Homepage, https://github.com/OpenHands/software-agent-sdk

{openhands_agent_server-1.23.0 → openhands_agent_server-1.23.1}/openhands/agent_server/api.py

@@ -3,7 +3,7 @@ import os
 import tempfile
 import traceback
 from collections.abc import AsyncIterator, Sequence
-from contextlib import asynccontextmanager
+from contextlib import asynccontextmanager, suppress
 from pathlib import Path
 from typing import Any
 from urllib.parse import urlparse
@@ -17,6 +17,7 @@ from starlette.requests import Request
 
 from openhands.agent_server.auth_router import auth_router
 from openhands.agent_server.bash_router import bash_router
+from openhands.agent_server.bash_service import get_default_bash_event_service
 from openhands.agent_server.cloud_proxy_router import cloud_proxy_router
 from openhands.agent_server.config import (
     Config,
@@ -39,7 +40,7 @@ from openhands.agent_server.git_router import git_router
 from openhands.agent_server.hooks_router import hooks_router
 from openhands.agent_server.llm_router import llm_router
 from openhands.agent_server.mcp_router import mcp_router
-from openhands.agent_server.middleware import LocalhostCORSMiddleware
+from openhands.agent_server.middleware import CORSDispatcher
 from openhands.agent_server.profiles_router import profiles_router
 from openhands.agent_server.server_details_router import (
     get_server_info,
@@ -188,9 +189,28 @@ async def api_lifespan(api: FastAPI) -> AsyncIterator[None]:
         async with service:
             # Store the initialized service in app state for dependency injection
             api.state.conversation_service = service
+
+            config = api.state.config
+            retention_task: asyncio.Task | None = None
+            if config.bash_events_retention_seconds is not None:
+                retention_task = asyncio.create_task(
+                    get_default_bash_event_service().run_retention_cleanup_loop(
+                        config.bash_events_retention_seconds
+                    )
+                )
+                logger.info(
+                    "Bash events retention cleanup started (retention: %ds)",
+                    config.bash_events_retention_seconds,
+                )
+
             try:
                 yield
             finally:
+                if retention_task is not None:
+                    retention_task.cancel()
+                    with suppress(asyncio.CancelledError):
+                        await retention_task
+
                 # Define async functions for stopping each service
                 async def stop_vscode_service():
                     if vscode_service is not None:
@@ -519,7 +539,7 @@ def create_app(config: Config | None = None) -> FastAPI:
 
     _add_api_routes(app, config)
     _setup_static_files(app, config)
-    app.add_middleware(LocalhostCORSMiddleware, allow_origins=config.allow_cors_origins)
+    app.add_middleware(CORSDispatcher, allow_origins=config.allow_cors_origins)
     _add_exception_handlers(app)
 
     return app

{openhands_agent_server-1.23.0 → openhands_agent_server-1.23.1}/openhands/agent_server/bash_service.py

@@ -4,7 +4,7 @@ import json
 import os
 import signal
 from dataclasses import dataclass, field
-from datetime import datetime
+from datetime import datetime, timedelta
 from pathlib import Path
 from uuid import UUID
 
@@ -18,7 +18,7 @@ from openhands.agent_server.models import (
 )
 from openhands.agent_server.pub_sub import PubSub, Subscriber
 from openhands.sdk.logger import get_logger
-from openhands.sdk.utils import sanitized_env
+from openhands.sdk.utils import sanitized_env, utc_now
 
 
 logger = get_logger(__name__)
@@ -344,6 +344,76 @@ class BashEventService:
             self._save_event_to_file(error_output)
             await self._pub_sub(error_output)
 
+    def delete_events_older_than(self, cutoff: datetime) -> int:
+        """Delete bash event files with a recorded timestamp older than ``cutoff``.
+
+        This is a synchronous method — all operations are blocking filesystem
+        I/O. Callers on the asyncio event loop should use
+        ``await asyncio.to_thread(service.delete_events_older_than, cutoff)``
+        to avoid stalling the loop.
+
+        File names are prefixed with ``YYYYMMDDHHMMSS`` in ascending sort order,
+        so scanning stops as soon as a file at or after the cutoff is reached.
+
+        Returns:
+            int: The number of event files deleted.
+        """
+        cutoff_str = self._timestamp_to_str(cutoff)
+        files = self._get_event_files_by_pattern("*")  # ascending chronological order
+        count = 0
+        for path in files:
+            if path.name >= cutoff_str:
+                break  # remaining files are at or newer than cutoff
+            try:
+                path.unlink(missing_ok=True)
+                count += 1
+            except Exception as e:
+                logger.warning("Failed to delete bash event file %s: %s", path, e)
+        if count:
+            logger.info(
+                "Deleted %d bash event file(s) older than %s", count, cutoff_str
+            )
+        return count
+
+    async def run_retention_cleanup_loop(
+        self,
+        retention_seconds: int,
+        interval_seconds: float | None = None,
+    ) -> None:
+        """Periodically purge bash event files older than ``retention_seconds``.
+
+        Runs until cancelled (e.g. during application shutdown). Cleanup runs
+        immediately on entry so that files accumulated across a server restart
+        are purged without waiting for the first interval to elapse.
+
+        Blocking filesystem work is dispatched to a thread via
+        ``asyncio.to_thread`` to keep the event loop free.
+
+        Args:
+            retention_seconds: Age threshold in seconds; older files are deleted.
+            interval_seconds: How often to run the cleanup. Defaults to
+                ``max(60, retention_seconds / 2)``. Pass a smaller value in
+                tests to avoid long waits.
+        """
+        interval = (
+            interval_seconds
+            if interval_seconds is not None
+            else max(60.0, retention_seconds / 2)
+        )
+        while True:
+            try:
+                cutoff = utc_now() - timedelta(seconds=retention_seconds)
+                await asyncio.to_thread(self.delete_events_older_than, cutoff)
+            except Exception as e:
+                logger.warning("Bash events retention cleanup error: %s", e)
+                # Brief back-off to prevent log flooding if the failure is persistent
+                # (e.g. permission error, full disk). Cap at the normal interval so
+                # we don't over-delay in low-retention configurations.
+                await asyncio.sleep(min(interval, 60.0))
+            # Always sleep the full interval after the error back-off, so total
+            # wait on error = min(interval, 60) + interval ≈ 2× normal cadence.
+            await asyncio.sleep(interval)
+
     async def subscribe_to_events(self, subscriber: Subscriber[BashEventBase]) -> UUID:
         """Subscribe to bash events.
 

{openhands_agent_server-1.23.0 → openhands_agent_server-1.23.1}/openhands/agent_server/config.py

@@ -120,8 +120,10 @@ class Config(BaseModel):
     allow_cors_origins: list[str] = Field(
         default_factory=list,
         description=(
-            "Set of CORS origins permitted by this server (Anything from localhost is "
-            "always accepted regardless of what's in here)."
+            "CORS origins permitted by this server. Localhost / 127.0.0.1 "
+            "and ``DOCKER_HOST_ADDR`` are always allowed. Does not apply to "
+            "the workspace cookie routes, which accept any origin — see "
+            "``middleware.py``."
         ),
     )
     conversations_path: Path = Field(
@@ -137,6 +139,19 @@ class Config(BaseModel):
             "Defaults to 'workspace/bash_events'."
         ),
     )
+    bash_events_retention_seconds: int | None = Field(
+        default=None,
+        gt=0,
+        description=(
+            "How long bash event files are retained on disk, in seconds. "
+            "A background task purges events older than this window on a "
+            "rolling basis. None (default) retains events indefinitely. "
+            "Should be set higher than the longest expected command timeout: "
+            "a command whose BashCommand file is purged mid-execution will "
+            "complete normally, but its on-disk event history will be "
+            "incomplete. A value >= 2x max command timeout avoids this."
+        ),
+    )
     static_files_path: Path | None = Field(
         default=None,
         description=(

{openhands_agent_server-1.23.0 → openhands_agent_server-1.23.1}/openhands/agent_server/event_service.py

@@ -68,6 +68,9 @@ class EventService:
         default_factory=lambda: PubSub[Event](max_subscribers=50), init=False
     )
     _run_task: asyncio.Task | None = field(default=None, init=False)
+    # Set when a send_message(run=True) is rejected because a run is still
+    # wrapping up; consumed by _run_and_publish to re-run the stranded message.
+    _rerun_requested: bool = field(default=False, init=False)
     _run_lock: asyncio.Lock = field(default_factory=asyncio.Lock, init=False)
     _callback_wrapper: AsyncCallbackWrapper | None = field(default=None, init=False)
     _lease: ConversationLease | None = field(default=None, init=False)
@@ -419,9 +422,19 @@ class EventService:
         loop = asyncio.get_running_loop()
         await loop.run_in_executor(None, self._conversation.send_message, message)
         if run:
-            # Already running or inactive — message was sent, skip run.
-            with suppress(ValueError):
+            try:
                 await self.run()
+            except ValueError as e:
+                # run() refused. If a run is still wrapping up (its
+                # wait_for_pending tail), the message we just appended won't be
+                # picked up by it, so record explicit run intent for
+                # _run_and_publish to honor once that task clears. Tracking the
+                # request — rather than inferring it later from an IDLE status —
+                # is what keeps a deliberate run=False append, or an IDLE reached
+                # via another path, from triggering an unwanted run.
+                # "inactive_service" is terminal and must not re-arm.
+                if str(e) == "conversation_already_running":
+                    self._rerun_requested = True
 
     async def subscribe_to_events(self, subscriber: Subscriber[Event]) -> UUID:
         subscriber_id = self._pub_sub.subscribe(subscriber)
@@ -523,13 +536,29 @@ class EventService:
         """Configure stats update callbacks to stream stats changes via events."""
 
         def stats_callback() -> None:
-            """Callback to emit stats updates."""
+            """Callback to emit stats updates.
+
+            Invoked synchronously by ``Telemetry.on_response`` (regular
+            Agent path) and ``ACPAgent._record_usage`` (ACP path) — both
+            run inside ``LocalConversation.run()``'s ``with self._state:``
+            block, so the caller already owns the conversation state lock.
+
+            DO NOT re-acquire the state lock here (``with state:``). It
+            looks safe — ``FIFOLock`` documents itself as reentrant — but
+            on the ACP code path it deadlocks (silently) before the rest
+            of ``step()`` can emit the assistant's FinishAction +
+            ObservationEvent, leaving every conversation hung in
+            ``running`` status forever. ``_emit_event_from_thread`` below
+            already acquires the lock on the executor thread before
+            persisting the event; that's the only place serialization
+            needs the lock anyway.
+            """
             # Publish only the stats field to avoid sending entire state
             if not self._conversation:
                 return
-            state = self._conversation._state
-            with state:
-                event = ConversationStateUpdateEvent(key="stats", value=state.stats)
+            event = ConversationStateUpdateEvent(
+                key="stats", value=self._conversation._state.stats
+            )
             self._emit_event_from_thread(event)
 
         for llm in agent.get_all_llms():
@@ -646,6 +675,7 @@ class EventService:
             cipher=self.cipher,
             hook_config=self.stored.hook_config,
             tags=self.stored.tags,
+            user_id=self.stored.user_id,
         )
 
         conversation.set_confirmation_policy(self.stored.confirmation_policy)
@@ -778,6 +808,26 @@ class EventService:
                     self._run_task = None
                     await self._publish_state_update()
 
+                    # Re-arm a run for input stranded while this task was
+                    # wrapping up. A send_message(run=True) that arrived during
+                    # the wait_for_pending() tail above had its run() rejected as
+                    # "conversation_already_running" and suppressed, setting
+                    # _rerun_requested. Honor it only while the conversation is
+                    # still IDLE — i.e. that message is genuinely pending. If the
+                    # run loop was still alive it already absorbed the message
+                    # (LocalConversation.run() keeps looping on FINISHED) and we
+                    # are FINISHED here, so the IDLE guard avoids a redundant run.
+                    # A deliberate run=False append, or an IDLE reached via
+                    # another path, never sets the flag.
+                    if self._rerun_requested:
+                        self._rerun_requested = False
+                        if (
+                            await self._get_execution_status()
+                            == ConversationExecutionStatus.IDLE
+                        ):
+                            with suppress(ValueError):
+                                await self.run()
+
             # Create task but don't await it - runs in background
             self._run_task = asyncio.create_task(_run_and_publish())
 

openhands_agent_server-1.23.1/openhands/agent_server/middleware.py

@@ -0,0 +1,94 @@
+"""CORS middleware for the agent server.
+
+``CORSDispatcher`` routes requests to one of two CORS configurations
+based on path:
+
+* Workspace cookie endpoints (``/api/auth/workspace-session`` and
+  ``/api/conversations/{id}/workspace/*``) — wildcard CORS that echoes
+  the request Origin on every response. These are the only routes that
+  authenticate via an ambient (cookie) credential.
+* Everything else — ``LocalhostCORSMiddleware``, which honors the
+  operator's ``allow_cors_origins`` and always allows localhost and
+  ``DOCKER_HOST_ADDR`` (matches OpenHands/OpenHands#4624 intent).
+"""
+
+import os
+import re
+from urllib.parse import urlparse
+
+from fastapi.middleware.cors import CORSMiddleware
+from starlette.types import ASGIApp, Receive, Scope, Send
+
+
+_WORKSPACE_SESSION_PATH = "/api/auth/workspace-session"
+_WORKSPACE_STATIC_RE = re.compile(r"^/api/conversations/[^/]+/workspace(/|$)")
+
+
+def _is_workspace_cookie_path(path: str) -> bool:
+    if path == _WORKSPACE_SESSION_PATH:
+        return True
+    return bool(_WORKSPACE_STATIC_RE.match(path))
+
+
+class LocalhostCORSMiddleware(CORSMiddleware):
+    """``CORSMiddleware`` that always allows localhost and ``DOCKER_HOST_ADDR``."""
+
+    def __init__(self, app: ASGIApp, allow_origins: list[str]) -> None:
+        super().__init__(
+            app,
+            allow_origins=allow_origins,
+            allow_credentials=True,
+            allow_methods=["*"],
+            allow_headers=["*"],
+        )
+
+    def is_allowed_origin(self, origin: str) -> bool:
+        if origin:
+            hostname = urlparse(origin).hostname or ""
+            if hostname in ("localhost", "127.0.0.1"):
+                return True
+            docker_host_addr = os.environ.get("DOCKER_HOST_ADDR")
+            if docker_host_addr and hostname == docker_host_addr:
+                return True
+        return bool(super().is_allowed_origin(origin))
+
+
+class CORSDispatcher:
+    """Dispatches each request to the workspace or default CORS middleware.
+
+    The workspace branch uses ``allow_origin_regex=r"https?://.+"`` rather
+    than ``allow_origins=["*"]`` for two reasons:
+
+    1. Starlette emits a literal ``*`` on simple responses when
+       ``allow_all_origins`` is set and the request has no ``Cookie``
+       header — which browsers reject together with
+       ``Access-Control-Allow-Credentials: true``. The regex path always
+       echoes the request Origin (with ``Vary: Origin``).
+    2. Anchoring to ``http(s)://`` excludes ``Origin: null`` (sandboxed
+       iframes, ``data:`` / ``blob:`` URLs), which have no defined CHIPS
+       partition key and are not legitimate clients.
+    """
+
+    def __init__(self, app: ASGIApp, *, allow_origins: list[str]) -> None:
+        self._default_cors = LocalhostCORSMiddleware(
+            app, allow_origins=list(allow_origins)
+        )
+        self._workspace_cors = CORSMiddleware(
+            app,
+            allow_origin_regex=r"https?://.+",
+            allow_credentials=True,
+            allow_methods=["*"],
+            allow_headers=["*"],
+        )
+
+    async def __call__(self, scope: Scope, receive: Receive, send: Send) -> None:
+        if scope.get("type") == "http":
+            # Strip FastAPI ``root_path`` so dispatch works behind
+            # reverse proxies mounted under a sub-path.
+            root_path = scope.get("root_path", "")
+            path = scope.get("path", "/")
+            route_path = path.removeprefix(root_path) if root_path else path
+            if _is_workspace_cookie_path(route_path or "/"):
+                await self._workspace_cors(scope, receive, send)
+                return
+        await self._default_cors(scope, receive, send)

{openhands_agent_server-1.23.0 → openhands_agent_server-1.23.1}/openhands_agent_server.egg-info/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: openhands-agent-server
-Version: 1.23.0
+Version: 1.23.1
 Summary: OpenHands Agent Server - REST/WebSocket interface for OpenHands AI Agent
 Project-URL: Source, https://github.com/OpenHands/software-agent-sdk
 Project-URL: Homepage, https://github.com/OpenHands/software-agent-sdk

{openhands_agent_server-1.23.0 → openhands_agent_server-1.23.1}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "openhands-agent-server"
-version = "1.23.0"
+version = "1.23.1"
 description = "OpenHands Agent Server - REST/WebSocket interface for OpenHands AI Agent"
 
 requires-python = ">=3.12"

openhands_agent_server-1.23.0/openhands/agent_server/middleware.py

@@ -1,40 +0,0 @@
-import os
-from urllib.parse import urlparse
-
-from fastapi.middleware.cors import CORSMiddleware
-from starlette.types import ASGIApp
-
-
-class LocalhostCORSMiddleware(CORSMiddleware):
-    """Custom CORS middleware that allows any request from localhost/127.0.0.1 domains.
-
-    Also allows the DOCKER_HOST_ADDR IP, while using standard CORS rules for
-    other origins.
-    """
-
-    def __init__(self, app: ASGIApp, allow_origins: list[str]) -> None:
-        super().__init__(
-            app,
-            allow_origins=allow_origins,
-            allow_credentials=True,
-            allow_methods=["*"],
-            allow_headers=["*"],
-        )
-
-    def is_allowed_origin(self, origin: str) -> bool:
-        if origin and not self.allow_origins and not self.allow_origin_regex:
-            parsed = urlparse(origin)
-            hostname = parsed.hostname or ""
-
-            # Allow any localhost/127.0.0.1 origin regardless of port
-            if hostname in ["localhost", "127.0.0.1"]:
-                return True
-
-            # Also allow DOCKER_HOST_ADDR if set (for remote browser access)
-            docker_host_addr = os.environ.get("DOCKER_HOST_ADDR")
-            if docker_host_addr and hostname == docker_host_addr:
-                return True
-
-        # For missing origin or other origins, use the parent class's logic
-        result: bool = super().is_allowed_origin(origin)
-        return result