From 1f42c8ad4ce28d6886c712c46faa1291b9932b91 Mon Sep 17 00:00:00 2001 From: Nils Kruthoff Date: Mon, 18 May 2026 15:26:33 +0200 Subject: [PATCH] Adding allowed private hosts for read_web_page tool to managed settings. This enables a whitelist because all other private hosts will be blocked --- app/MindWork AI Studio/Plugins/configuration/plugin.lua | 8 ++++++++ app/MindWork AI Studio/Settings/DataModel/DataTools.cs | 5 +++++ .../Tools/PluginSystem/PluginConfiguration.cs | 3 +++ .../Tools/PluginSystem/PluginFactory.Loading.cs | 4 ++++ 4 files changed, 20 insertions(+) diff --git a/app/MindWork AI Studio/Plugins/configuration/plugin.lua b/app/MindWork AI Studio/Plugins/configuration/plugin.lua index ffe1a019..419e804f 100644 --- a/app/MindWork AI Studio/Plugins/configuration/plugin.lua +++ b/app/MindWork AI Studio/Plugins/configuration/plugin.lua @@ -222,6 +222,14 @@ CONFIG["SETTINGS"] = {} -- ["get_current_weather"] = "NONE" -- } +-- Configure private or VPN hosts that the Read Web Page tool may access. +-- Public web pages do not need to be listed here. +-- Private hosts listed here still require a provider with HIGH confidence before any page content is sent to the model. +-- Separate host patterns with commas. Wildcards only match subdomains, so add the root domain separately if needed. +-- Examples: +-- CONFIG["SETTINGS"]["DataTools.ReadWebPageAllowedPrivateHosts"] = "dlr.de, *.dlr.de" +-- CONFIG["SETTINGS"]["DataTools.ReadWebPageAllowedPrivateHosts.AllowUserOverride"] = false + -- Example chat templates for this configuration: CONFIG["CHAT_TEMPLATES"] = {} diff --git a/app/MindWork AI Studio/Settings/DataModel/DataTools.cs b/app/MindWork AI Studio/Settings/DataModel/DataTools.cs index 1ace1059..ef4f9220 100644 --- a/app/MindWork AI Studio/Settings/DataModel/DataTools.cs +++ b/app/MindWork AI Studio/Settings/DataModel/DataTools.cs @@ -20,4 +20,9 @@ public sealed class DataTools(Expression>? configSelection configSelection, x => x.MinimumProviderConfidenceByToolId, new Dictionary(StringComparer.Ordinal)); + + public string ReadWebPageAllowedPrivateHosts { get; set; } = ManagedConfiguration.Register( + configSelection, + x => x.ReadWebPageAllowedPrivateHosts, + string.Empty); } diff --git a/app/MindWork AI Studio/Tools/PluginSystem/PluginConfiguration.cs b/app/MindWork AI Studio/Tools/PluginSystem/PluginConfiguration.cs index 8d409c31..37de8f4f 100644 --- a/app/MindWork AI Studio/Tools/PluginSystem/PluginConfiguration.cs +++ b/app/MindWork AI Studio/Tools/PluginSystem/PluginConfiguration.cs @@ -135,6 +135,9 @@ public sealed class PluginConfiguration(bool isInternal, LuaState state, PluginT // Config: minimum provider confidence per tool ManagedConfiguration.TryProcessConfiguration(x => x.Tools, x => x.MinimumProviderConfidenceByToolId, this.Id, settingsTable, dryRun); + + // Config: private hosts allowed for the read web page tool + ManagedConfiguration.TryProcessConfiguration(x => x.Tools, x => x.ReadWebPageAllowedPrivateHosts, this.Id, settingsTable, dryRun); // Handle configured LLM providers: PluginConfigurationObject.TryParse(PluginConfigurationObjectType.LLM_PROVIDER, x => x.Providers, x => x.NextProviderNum, mainTable, this.Id, ref this.configObjects, dryRun); diff --git a/app/MindWork AI Studio/Tools/PluginSystem/PluginFactory.Loading.cs b/app/MindWork AI Studio/Tools/PluginSystem/PluginFactory.Loading.cs index e4f290b9..bf60f9b8 100644 --- a/app/MindWork AI Studio/Tools/PluginSystem/PluginFactory.Loading.cs +++ b/app/MindWork AI Studio/Tools/PluginSystem/PluginFactory.Loading.cs @@ -241,6 +241,10 @@ public static partial class PluginFactory // Check for minimum provider confidence per tool: if(ManagedConfiguration.IsConfigurationLeftOver(x => x.Tools, x => x.MinimumProviderConfidenceByToolId, AVAILABLE_PLUGINS)) wasConfigurationChanged = true; + + // Check for private hosts allowed for the read web page tool: + if(ManagedConfiguration.IsConfigurationLeftOver(x => x.Tools, x => x.ReadWebPageAllowedPrivateHosts, AVAILABLE_PLUGINS)) + wasConfigurationChanged = true; if (wasConfigurationChanged) {