If I add a tool by URL and the url is bad/incorrect, I get in a bad state

gptscript-ai / desktop

MIT License

19 stars 13 forks source link

If I add a tool by URL and the url is bad/incorrect, I get in a bad state #296

Open cjellick opened 2 weeks ago

cjellick commented 2 weeks ago

Steps to repro: In the assistant editor, add a tool with an incorrect url - like i messed up the curent time context tool and called it github.com/gptscript-ai/current-time (missing the context path part).

This caused the current chat to fail to load: Screenshot 2024-08-27 at 9 07 17 AM

and when i exited the editor and came back the entire tools section was blank, I assume because it failed to load and we hav some bad error handling.

You can see this bug starting at 0:04:51 of this video: https://www.loom.com/share/4c46566fc8c5437b93f125c6a87989ae

cjellick commented 2 weeks ago

sorry for bad screen shot...it was taken from a loom

cjellick commented 2 weeks ago

Maybe related, but not sure: https://github.com/gptscript-ai/desktop/issues/222

thedadams commented 1 week ago

PR: https://github.com/gptscript-ai/desktop/pull/397

sangee2004 commented 1 week ago

Tested with electron build - 9d461669

Tried the following steps

Create an assistant with 1 tool (image-generation in my case)
Edit the assistant and using Find Tools -> Add by URL-> add github.com/gptscript-ai/current-time
This results in user being prompted to enter github credentials and there is no way out of this state when i do "Allow All"/"Deny".
When i close the tool catalog page and do a "Refresh Chat" , i dont see the chat prompt being presented.

https://github.com/user-attachments/assets/db59b4d8-2b3d-4120-8839-654b99dce10b

Note - When I quit the edit mode and launch a chat session with the assistant , I dont see any loss of existing tools (and the incorrect tool is not added to the assistant as expected)

Reopening this issue to address the issues seen in step 3 and step 4.

thedadams commented 1 week ago

Unassigning myself because this code is being changed outside of my fix.

ryanhopperlowe commented 5 days ago

https://github.com/user-attachments/assets/9a370628-2f0c-4805-b4e1-f667ca89d181

I've made changes to this previously so that a user should no longer be able to add invalid tools (with the exception of system tools).

@cjellick - How do we (if at all) want to handle a user giving an invalid system tool?

ryanhopperlowe commented 3 days ago

Discussed with @cjellick and decided to use a hard-coded whitelist to verify System tools

sangee2004 commented 3 days ago

Tested with electron build - 0f259cd7e4b

I am still seeing the same behavior outlined in https://github.com/gptscript-ai/desktop/issues/296#issuecomment-2330215556

https://github.com/user-attachments/assets/8c87fef5-40ea-4625-b795-06d06e9ef758

sangee2004 commented 3 days ago

When I try to add a tool with invalid url - github.com/gptscript-ai/current-time , and enter my password when prompted by git-credentials-osxkeychain, then I see the error message being presented for the tool as expected.

In this case I loose my existing http://github.com/gptscript-ai/gateway credential which I am following up.

Keeping this issue open to see why I am being prompted by git-credentials-osxkeychain in this workflow and when i deny it, i get into the state mentioned in https://github.com/gptscript-ai/desktop/issues/296#issuecomment-2347351122