Unsafe code execution?

[Kreijstal]

Is there a way to not sandbox the code execution? That would be really nice.

[EtiennePerot]

What would be the use-case for doing that?

[Kreijstal]

What would be the use-case for doing that?

Reminds me of Gnome devs.

The use case is:
Writing stateful jupyter notebooks on whichever software you have preinstalled without much configuration because I am not in an enterprise enviroment but as home user.
I want to preload the enviroment with whatever functions I want to do, and let the LLM do the analysis it wants, if it wants to install a package, let it do it. It is my responsibility. I do not want to be nannied, If I want to do sudo rm -rf / --no-preserve-root I should be allowed.

There literally is no code execution feature, only "safe" code execution. But I do not care about safety, I only care about LLM running code. And yes there is open-interpreter, but they aren't in open-webui.

[EtiennePerot]

I want to preload the enviroment with whatever functions I want to do, and let the LLM do the analysis it wants, if it wants to install a package, let it do it. It is my responsibility. I do not want to be nannied, If I want to do sudo rm -rf / --no-preserve-root I should be allowed.

I understand this sentiment, I truly do. However this repository is named safe-code-execution, so please forgive me as it's a bit surprising to get a request about removing safety...

For context, I created this because all of the pre-existing "code execution" plugins on Open WebUI's repository all basically yolo'd Python's exec(whatever) with the LLM-generated code (here's one, which is still ranked ahead of safe-code-execution by popularity), and I thought this was an unsatisfactory situation, so this tool exists in response to those.

fwiw, environment preloading and package installation is already possible even with safe execution if you install them in the Docker image you're running in (via Dockerfile). Stateful execution is not currently possible but planned, see #33.

All that said, there's a good argument to be made that perhaps this tool now has better UX than those "yolo exec" alternatives and that it's worth opening it up for unsafe use just for that reason alone. So this issue stands nonetheless; I don't mean to suggest that it's not worth asking for. Thanks for reporting it.

[Kreijstal]

For context, I created this because all of the pre-existing "code execution" plugins on Open WebUI's repository all basically yolo'd Python's exec(whatever) with the LLM-generated code (here's one, which is still ranked ahead of safe-code-execution by popularity), and I thought this was an unsatisfactory situation, so this tool exists in response to those.

What! I could only find this repo! I didn't know there were already unsafe code executions. Google has blessed you

Interesting how you found this, I can't seem to find it through search engines.
This issue might then help people their right project, if they are like me.

[Kreijstal]

What would be the use-case for doing that?

for example you want to point it to a directory and let it read files on your home system, sort them out. Doing that executely would mean....

Somehow transferring the files to the sandbox, after execution, getting the files back where I want to place them. That's a lot of overhead. If I don't trust the LLM you can just prompt me for y/n before execution. But without the overhead I could just go on with my life without thinking about breaking the sandbox