Dev#1290
Open
Classic298 wants to merge 41 commits into
Open
Conversation
IFRAME_CSP (a Content-Security-Policy injected into artifact and preview srcdoc iframes) is already covered in the env reference and the hardening guide. This fills the user-facing gap: an artifact-CSP section and a blank-preview troubleshooting entry on the Artifacts page, linking to both, with the correct variable name, scope, and prepend-first-wins behaviour. Based on the intent of PR open-webui#1249. Co-Authored-By: michaellrowley <13807564+michaellrowley@users.noreply.github.com> Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Moves the "up-to-date with release" line + its tag link, the database-schema "up to vX" note, and the pinned docker-image examples from v0.9.6 to v0.9.7. Historical feature markers (added in / since / fixed in / requires v0.9.6) are intentionally left, those features shipped in 0.9.6 and still work there. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
… to Legacy Documents the v0.9.7 breaking change: Native (Agentic) Mode is now the default for every chat and model that has not explicitly chosen a mode, and the old prompt-based mode is renamed from "Default" to "Legacy", the unsupported opt-out. Updates the authoritative Tool Calling Modes section and the beginner essentials guide, and preserves the #tool-calling-modes-default-vs-native anchor that ~15 pages link to. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…ling essential Follows the v0.9.7 change (Native is now the default, "Default" renamed "Legacy"): - Rename "Default Mode" to "Legacy Mode" across rag, performance, agentic-search, code-execution, knowledge, the tool-development guide, and the env reference. - Fix the function_calling value in the tool-development guide: the legacy value is now "legacy", not "default". - Reword the "you must enable native" framings to reflect that native is the default now (knowledge.md, rag.mdx entry 13). - Remove the now-obsolete "Tool calling" section from the getting-started essentials (native is automatic; nothing to set up). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Replaces the removed tool-calling section. Web Search is the must-have most new users reach for: live web access beyond the model's training cutoff. The section links to the provider category so users pick their own backend (self-hosted SearXNG, free DuckDuckGo, or a commercial API), and notes that with native function calling now the default the model runs search itself. Also gives the web-search category an explicit generated-index slug (/features/chat-conversations/web-search), matching its siblings (audio, image-generation), so it has a clean linkable path instead of the default /category/web-search/ route; updated the one existing reference in url-params.md accordingly. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…x native-default framing - essentials: remove the "Day one / within the first week" timeframe labels from the "What to do next" list (now a plain ordered list of actions). - tools/development.mdx: collapse the ~8 repeated function-calling-mode checks into a single "Detecting the Mode in Your Tool" section. The check now keys on is_legacy_mode() (== "legacy"): Native is the default and an unset model no longer carries "native", so the old == "native" / "default" checks misclassify the now-default case as Legacy. Added that caveat. Removed three near-identical both-mode demo tools (replaced with pointers to the canonical section), fixed the diagnostic tool and the two Legacy-only guards, and swept leftover "Default Mode" terminology. - Reframe "you must switch to Native" guidance now that Native is the default: agentic web search, Open Terminal (index + connecting step 8), code-execution/python. - code-execution: clarify the older XML-based code path is itself the legacy mechanism. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…ndex route Drop the explicit `slug` added to the web-search `_category_.json`; the category goes back to the default generated-index route `/category/web-search/`. Re-point the two links that targeted the slug (essentials "Web Search providers", url-params web-search) back to that default route. Also drops a stray em-dash in essentials. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…ks, add Firecrawl page - DDGS is a metasearch aggregator (Dux Distributed Global Search), not DuckDuckGo; DuckDuckGo is only one of its selectable backends. Relabel it correctly in the essentials Web Search section instead of calling it "DuckDuckGo (DDGS)". - Drop Google PSE from the recommended examples (Programmable Search Engine is being retired). Add Perplexity Search and Firecrawl in its place. - Add a Firecrawl provider page: a real web-search engine (engine value `firecrawl`), hosted at api.firecrawl.dev or self-hostable via FIRECRAWL_API_BASE_URL. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
"Supports tool calling" is not enough for a terminal: it is a multi-step agentic loop (call, read, decide, repeat over many turns), which small models cannot sustain. Spell that out and give the concrete bar (a 4B to 9B model will not cut it, even if it nominally supports tools). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Now that DDGS is correctly described as a metasearch aggregator, "free, no sign-up" reads as an odd middle category. Remove the bullet and leave the two clean groups (self-hosted, commercial); DDGS is still one click away on the providers page for anyone who wants it. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…owser" app New /features/computer page for open-webui/computer (cptr), verified against the local repo: CLI flags, env/data dir, the AI tool system, auth, the cross-platform PTY terminal, security model and licence. It leads with a cptr-vs-Open-Terminal comparison because the two are easily confused. Open Terminal is a shell tool the Open WebUI chat AI drives; cptr is a separate, human-operated computer (files, editor, terminal, git, mobile-first) with optional bring-your-own-key AI, not connected to Open WebUI at all. Covers install/run (pip + Docker), the feature set, the SSH-equivalent security model and the Open Use License. Cross-linked from the Open Terminal page and the features landing. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
cptr changed the `cptr run --host` default from 0.0.0.0 to 127.0.0.1, so the server is now reachable only from the local machine unless you opt in with `--host 0.0.0.0`. State that default in the install section and fold it into the security model (network exposure is now opt-in). Docker still works unchanged: the image's CMD binds 0.0.0.0 inside the container. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
PR open-webui/open-webui#25218 (released in v0.9.6) removed the hardcoded `t0p-s3cr3t` fallback. The env reference still described that fallback and said direct uvicorn / `open-webui dev` "uses the code-level fallback". That is no longer true: with authentication enabled and no key set, the backend now exits at startup and asks you to set WEBUI_SECRET_KEY. Auto-generation via start.sh / `open-webui serve` is unchanged, so the supported paths still need no manual key. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…ET_KEY The table row already conveys that dev / direct uvicorn is unsupported and that you set the key yourself there. Remove the extra explanatory paragraph. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
cptr v0.1.6 added "plan mode" (the AI drafts an implementation plan for review before making changes) and made its file tools and search block `.env` / `.env.*` files. Reflect both in the AI-agent feature description. v0.1.5/0.1.7-0.1.9 were packaging and race-condition fixes with no doc impact. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The "also on the community site" link actually points to a GitHub discussion, not the community site. Reword to "see the Show-and-tell discussion". Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
ENABLE_FORWARD_USER_INFO_HEADERS claimed all six headers go to OpenAI, Ollama, MCP and tool servers alike. Verified against source (utils/headers.py, the openai/ollama/anthropic routers, utils/tools.py): the four user-info headers go to nearly all outbound backends, X-OpenWebUI-Chat-Id goes to OpenAI/Ollama/tool servers (not Anthropic), and X-OpenWebUI-Message-Id is set only on tool-server calls (OpenAPI + MCP), not on OpenAI/Ollama/Anthropic/Pipelines connections. Replace the flat list with an accurate per-destination table, matching the behaviour reported in discussion #23384. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Previous edit over-emphasized the exceptions and read as if OpenAI barely receives headers. Lead instead with what is forwarded: the four user-info headers go to nearly every backend, and OpenAI/Ollama/Pipelines requests get five of the six headers (user info + Chat-Id). Only Message-Id is tool-server-specific. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
… timing side-channel Mirrors the vendor-dispositions register. Documents residual risks that are mitigated as far as application-level code allows and then formally accepted, with the reason they are not fully fixable (language / runtime / OS / CPU / network constraints) and how they sit within the threat model. First entry covers the CWE-208 sign-in timing side-channel: bcrypt cost equalised across all sign-in paths, sub-millisecond residual accepted. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…ingle-tenant") The Security Policy's threat model is now "self-hosted, single-tenant, authenticated, extensible, role-based". Propagate "single-tenant" to the security-policy summary, the vendor-dispositions and accepted-risks overviews, and the auth-timing entry so the docs match the policy. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Bring the docs Security Policy in line with the updated SECURITY.md: add the already-fixed rejection plus check-dev-first guidance, good-faith non-vulnerability reporting, CVE Program alignment, the "what a valid report gets you" section, rule 14 (one vulnerability per report), the security-boundaries definition, and the no-reporter-deadlines note. Align rules 4/5/8/12, the foreign-CNA wording (precedent link, "may be barred"), report handling order, and the publish-hold window. Docs-only sections (Tools & Functions, Production, Process) preserved. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…reat-model section Remove the auth-timing-specific "Threat-model coverage" section (its rate-limiting and MFA points were tied to that one risk). Reframe the register's "Why we accept these" to be generic: a residual is accepted when the exploitable part is mitigated and the residual is bounded, and eliminating it is either not technically fixable or would carry a real, disproportionate cost (degrading or removing functionality users depend on, or harming performance/correctness) for a marginal or illusory security benefit. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…sitions link "open-source project" -> "volunteer- and community-driven project" in the reporting-channel rationale. Change the foreign-CNA precedent link from the absolute https://docs.openwebui.com/security/vendor-dispositions/ (carried over from SECURITY.md, which renders on GitHub) to the relative ./vendor-dispositions, matching the sibling link in the same section and avoiding the trailing-slash ambiguity. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Convert the Hardening Guide, Redis, and Token Revocation links in the Production Deployment Security section from absolute https://docs.openwebui.com/... URLs to relative .md links, so Docusaurus validates them (onBrokenLinks: throw) and they respect baseUrl and trailing-slash settings. Verified with a full `npm run build`: MDX compiles, no broken links, no broken anchors. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…the policy intro Mirror the SECURITY.md opening: state that accepted vulnerabilities are published openly as advisories (what was found, how it was resolved, which version is patched), and that a visible advisory history reflects active scrutiny and a working disclosure process rather than fragile software. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
cptr jumped v0.1.9 -> v0.2.3 with substantial new features. Reflect them on the
page: Automations (scheduled tasks + completion/webhook notifications), Skills
(SKILL.md + `$` mention), per-model parameters and system prompts (with
{{VARIABLE}} placeholders and a .cptr/system.md workspace override), automatic
context compaction, the new global search (replaces QuickOpen), the added
Perplexity and OpenAI-compatible web-search providers, and the Python 3.10
minimum. Bump the version marker to v0.2.x.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
cptr v0.3.0 (tagged today) adds messaging bots: connect the AI to Telegram, Discord, Slack, WhatsApp or Signal from Settings, each with full tool access and conversation sync back to the web UI. Add that bullet and bump the version marker to v0.3.x. (Usage tooltip + live tool progress were the other v0.3.0 items, too minor for the overview.) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Add a "Native Server-Side Tools" step to the Open Responses connect guide covering OpenAI's native web_search (and other server-side tools) via a model `tools` custom parameter on a Responses-API connection. This capability already works end-to-end in Open WebUI: explicit tools on the request body pass through to the /responses endpoint unchanged, and web_search_call status blocks plus url_citation sources are rendered natively. It was simply undocumented and not discoverable. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…cptr v0.3.1/0.3.2) - v0.3.1: the AI can drive a real browser (navigate, click, type, screenshot, run JS) via local Chrome, Firecrawl or Browser-Use, and can read/describe images from the workspace. Folded both into the AI-agent bullet. - v0.3.2: voice memos (record from + menu or Cmd+Shift+M, saved with an auto-generated transcript via any OpenAI-compatible STT). New bullet. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…nses page The Open Responses native-tools page linked to /features/chat-conversations/web-search/, which is not a real route (the category generated-index lives at /category/web-search/, since the explicit slug was reverted earlier). Restores a green build. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…ategory/ trap The web-search category had no explicit slug, so its generated-index only existed at the ugly /category/web-search/ route while everyone (including new pages) naturally links to /features/chat-conversations/web-search and breaks the build. Add the explicit slug, matching its siblings (audio, image-generation), and point all three existing links at the clean path. The intuitive URL now works. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
cptr v0.3.3 added an OpenAI-compatible gateway: each workspace is exposed over /v1/models and /v1/chat/completions so Open WebUI or any OpenAI-compatible client can use it as a model with the full agent loop, plus hashed gateway API keys. v0.3.4 refined it (tool-call visibility, response-model setting). Add the bullet. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…it clause Mirror of the open-webui SECURITY.md change: the already-fixed rule now also covers issues already being fixed in the open (e.g. an open pull request), the monitoring pattern covers pull requests as well as commits, and a credit clause makes a report racing someone else's public fix earn no advisory and no credit for anyone — on the provable grounds (duplicate, already public, filed last, scraping indistinguishable from independent discovery), not an unprovable bad-faith claim. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
cptr v0.3.5 deepens the gateway's Open WebUI integration: chat branching from OWUI, background-task filtering so OWUI's title/tag/follow-up generation no longer spawns ghost chats, and a one-click recommended header config in the Gateway tab (requires Open WebUI 0.9.7+). Reflect that in the gateway bullet. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
cptr v0.4.0 adds external tool servers (MCP/OpenAPI, from the Tool Servers admin tab) and sub-agents (the AI spins up parallel sub-agents with full tool access, each a real inspectable chat), plus concurrent tool execution. Two new bullets; bump the version marker to v0.4.x. (v0.4.1 was i18n + settings-layout polish.) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…es / Open WebUI) The single overview page had outgrown itself (15+ feature bullets and a growing gateway section). Split it into: - index.md: overview, cptr-vs-Open-Terminal, a short "what you can do" teaser, install/run, security, license. - features.md: the full feature catalogue, grouped (the computer / the AI agent / automation and reach). - open-webui.md: a proper "Connect to Open WebUI" how-to for the gateway, with the verified base URL (/v1), cptr/<workspace> model naming, the five recommended X-OpenWebUI headers, and the accurate "needs OWUI 0.9.7 for branching/task filtering" caveat (those custom-header placeholders land in 0.9.7, not 0.9.6). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
cptr is the natural sibling to Open Terminal (your computer vs the AI's), and it connects back via the OpenAI-compatible gateway. Add a concise section right after Open Terminal with the when-to-use-which framing and links to the cptr pages, plus a TOC entry. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…+ concurrent Reframe so Open Terminal reads as the model's quick in-chat toolbox and cptr as a full agentic cowork/coding app: separate project, but first-class integratable into Open WebUI (gateway) and reachable from Telegram/Discord/Slack, accessible from anywhere once configured, and usable alongside Open Terminal rather than instead of it. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Redundant with the CVE Program counting rules, already incorporated via the "Alignment with the CVE Program" section. Mirrors the same removal in the open-webui SECURITY.md (patch-1). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Move it up to directly under the good-faith reporting section, mirroring the open-webui SECURITY.md change so the policy leads with what reporters receive instead of burying it below the guidelines. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Add a themed (light/dark) hero banner to every feature section, build two honeycomb "wayfinding" overviews, and give the Features landing a bento hero. - New banners: Extensibility, Workspace, Knowledge Base Sync, Open Terminal, Computer, Channels, Calendar, Notes, Chat & Conversations, Administration, Authentication & Access, plus the Features bento hero. - Workspace and Chat & Conversations get overview landing pages (honeycomb hub) where each subpage lights only its own cell. - Convert the Web Search, Audio and Image Generation generated-index categories into real landing pages (banner + DocCardList), preserving their routes. - Fix feature-section ordering so Auth and Admin sort after the core sections. - Refactor the Extensibility page to the real plugin types and scrub Pipelines, correct the extraction-engine count to 8, and minor wording fixes. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.