* fix: read allow_bash/allow_web_search from JSON body (#3229) API callers using Content-Type: application/json had bash and web tools silently disabled because allow_bash / allow_web_search were only read from FormData (which is empty for JSON requests). Changes: - Fall back to JSON body for allow_bash and allow_web_search values - Only add bash/web_search to disabled_tools when explicitly set to a falsy value; when unset (None), defer to per-user privilege checks - Admins with can_use_bash=True now get bash enabled by default Fixes #3229 * fix: always send explicit allow_bash/allow_web_search from frontend The backend 'is not None' guard (from prior commit) is correct for API callers, but the frontend only sent allow_bash=true when the toggle was ON — omission meant 'unspecified' which the backend treated as 'don't disable'. Now the frontend always sends an explicit true/false value: - allow_bash: sent on every request (checked ? 'true' : 'false') - allow_web_search: explicit 'false' when toggle is off in agent mode With explicit frontend values, the 'is not None' guard is safe: - explicit true → tool enabled - explicit false → tool disabled - None (API caller omission) → defer to per-user privilege --------- Co-authored-by: michaelxer <michaelxer@users.noreply.github.com> Co-authored-by: Alexandre Teixeira <111787685+alteixeira20@users.noreply.github.com> |
||
|---|---|---|
| .. | ||
| fonts | ||
| js | ||
| lib | ||
| app.js | ||
| index.html | ||
| login.html | ||
| manifest.json | ||
| style.css | ||
| sw.js | ||