Repository metrics
- Stars
- Â (13,691 stars)
- PR merge metrics
-  (å¹³åããŒãž 8d 11h) (30d ã§ 35 merged PRs)
説æ
ð Feature description
This feature proposes the implementation of critical security and quality-of-life enhancements for the public-facing Agent API. As agents are designed to be embedded and shared, it's essential to provide users with robust tools to control access and prevent abuse.
I propose adding two key features to the agent configuration settings:
- CORS Origin Whitelisting: An option for users to specify a whitelist of allowed domains. This will ensure that the agent's API can only be called from trusted websites.
- API Limits: A mechanism to set limits on token usage (or maybe number of requests). This is crucial for protecting against denial-of-service (DoS) attacks and managing the costs associated with LLM calls.
ð€ Why is this feature needed ?
Currently, once an agent is made public, its API endpoint is open to the world. This poses significant risks for some users.
âïž How do you aim to achieve this?
The implementation can be broken down into two parts, targeting the backend API and the frontend Agent Advanced section.
- CORS Origin Whitelisting:
Frontend:
- In the Agent Advanced section, add a new text input field labeled "Allowed Origins". This field should accept a comma-separated list of URLs.
Backend:
- Store the list of allowed origins in the database, associated with the specific agent.
- In the API middleware that handles agent requests, check the incoming request's Origin header if enabled.
- API Limits
Frontend:
- In the Agent Advanced section, add new text input field labeled "Usage limits"
Backend:
- In the API middleware that handles agent requests, check usage before processing if enabled.
ðïž Additional Information
No response
ð Have you spent some time to check if this feature request has been raised before?
- I checked and didn't find similar issue
Are you willing to submit PR?
None