mirror of
https://github.com/pewdiepie-archdaemon/odysseus.git
synced 2026-06-15 17:25:26 -04:00
Michael
c0cc0f954c
* fix: read allow_bash/allow_web_search from JSON body (#3229) API callers using Content-Type: application/json had bash and web tools silently disabled because allow_bash / allow_web_search were only read from FormData (which is empty for JSON requests). Changes: - Fall back to JSON body for allow_bash and allow_web_search values - Only add bash/web_search to disabled_tools when explicitly set to a falsy value; when unset (None), defer to per-user privilege checks - Admins with can_use_bash=True now get bash enabled by default Fixes #3229 * fix: always send explicit allow_bash/allow_web_search from frontend The backend 'is not None' guard (from prior commit) is correct for API callers, but the frontend only sent allow_bash=true when the toggle was ON — omission meant 'unspecified' which the backend treated as 'don't disable'. Now the frontend always sends an explicit true/false value: - allow_bash: sent on every request (checked ? 'true' : 'false') - allow_web_search: explicit 'false' when toggle is off in agent mode With explicit frontend values, the 'is not None' guard is safe: - explicit true → tool enabled - explicit false → tool disabled - None (API caller omission) → defer to per-user privilege --------- Co-authored-by: michaelxer <michaelxer@users.noreply.github.com> Co-authored-by: Alexandre Teixeira <111787685+alteixeira20@users.noreply.github.com>