feat: Migrate to OpenAI-compatible backend + scope guard, evidence & verified-only learning#124
Open
pikpikcu wants to merge 8 commits into
Open
feat: Migrate to OpenAI-compatible backend + scope guard, evidence & verified-only learning#124pikpikcu wants to merge 8 commits into
pikpikcu wants to merge 8 commits into
Conversation
This was
linked to
issues
Jun 17, 2026
…erified-only learning Backend - Replace Ollama with an OpenAI-compatible gateway via httpx-based LLMClient (openai_base_url/api_key/model, llm_* tuning). Remove ollama.py + ollama tests. - Runtime reasoning capability probe: auto mode sends reasoning_effort, degrades on HTTP 400 unsupported_parameter and caches per-model (no model-name lists). De-hardcoding - Remove thinking_markers.json and expert_url_hints.json keyword matchers. - Data-driven recon/analysis/exploit; tech-correlation & cold-start knowledge. Safety & operability - Scope guard (allow/deny, *.wildcard, off|warn|block) enforced in execute dispatch and /api/shell, with JSONL audit log; live /scope TUI + POST /api/scope. - Completion notifications (webhook + COMPLETE.json), scan profiles, tool-health probe. - Resume restores chat history + tool calls + recent turns; /api/history recap. - Evidence persistence (<slug>.evidence.json), CWE/OWASP + Verification report sections. - Non-recursive chown in docker-entrypoint; proxy-thread crash logging; bounded quit. Config - Surface scope_*, notify_*, scan_profile, intelligence_*, memory_*, tool_health_* keys in generated config.yaml; atomic YAML write fixes concurrent-read race. Docs - README + docs rewritten for the OpenAI-compatible backend and new features. - CHANGELOG v1.7.1-beta; pyproject drops ollama; requirements verified. Validation: ~2200 tests passing; pyflakes clean; no bare except in agent code.
…way HTTP 400 'No tool call found for function call output')
…ning-degrade at final attempt)
…alarming text-only 'stuck' abort)
…s ~38k tokens of repeated boilerplate crowding out recon data)
…ction points) + never emit empty message parts
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Migrate to OpenAI-compatible backend + scope guard, evidence & verified-only learning
Summary
Replaces the Ollama backend with a generic OpenAI-compatible gateway and lands a batch of safety, reporting, and operability improvements.
Backend migration
LLMClienttalking the OpenAI-compatible wire format (openai_base_url/openai_api_key/openai_model, plusllm_*tuning). NoopenaiSDK dependency — kept gateway-agnostic on purpose.ollama.pyand its tests.automode sendsreasoning_effort; on HTTP 400unsupported_parameterit strips the param, caches the result per-model, and retries. No hardcoded model-name lists.De-hardcoding
thinking_markers.jsonandexpert_url_hints.jsonkeyword matchers (narrow/dead logic).Safety & operability
*.wildcard,off|warn|block) enforced in theexecutedispatch and/api/shell, with a JSONL audit log. Live control via/scopeTUI command andPOST /api/scope.COMPLETE.jsonflag./api/status./api/historyrecap.<slug>.evidence.json) plus CWE/OWASP classification and Verification sections in the report.chownin the docker entrypoint (no longer touches host files); proxy-thread crash logging; bounded quit (fixes the Ctrl+C hang).Config
config.yaml:scope_*,notify_*,scan_profile,intelligence_*,memory_*,tool_health_*.Docs
CHANGELOG.txtupdated to v1.7.1-beta;pyproject.tomldropsollama;requirements.txtverified.Validation
except Exception:in agent code.