-
oAI-Web v1.2.6 Stable
rune released this
2026-04-28 09:44:53 +02:00 | 0 commits to main since this releaseReleased 2026-04-28
SSH Key Generation
Users can now generate a personal ed25519 SSH key pair directly from Settings → Profile. The public key is displayed for easy copying to remote servers. The private key is stored in the user's personal data folder (
{base}/{username}/.ssh/), making it available to agent scripts that usescporssh. Theknown_hostsfile can be uploaded via the Files section.The Docker image now includes
openssh-client, and thedocker-compose.yml.exampleno longer requires mounting the host~/.sshdirectory — SSH credentials are managed entirely within the app.File Upload
A file upload button is now available in the Files section. Files are validated client- and server-side against a configurable policy:
- Allowed file extensions (configurable in Settings → Security → File Upload Policy)
- Maximum file size (default 50 MB per file)
- Maximum number of files per upload (default 20)
Extensionless files (e.g.
known_hosts,authorized_keys) are accepted only when the filename matches a named allowlist. Rejected files are listed in a flash notification.Chat - Markdown Renderer Improvements
The markdown renderer gains support for headings (
#,##,###), GFM tables, unordered and ordered lists, and italic text.<br>tags are passed through for explicit line breaks.Settings - Tab Renames
Two settings tabs have been renamed for clarity:
- Email Accounts → Email
- MCP Servers → MCP
Tab IDs are unchanged, so any saved links or JS references remain valid.
Mobile Fixes
- Audit log date filter inputs are correctly sized on mobile
- Chat list row buttons are properly spaced and tappable
- Agent detail page header and fullscreen prompt editor display correctly on small screens
Help Page - Smarter Search
The help page search now filters TOC sub-items based on whether the corresponding content block contains the search term, giving more precise results when searching for specific topics.
Security
- IDOR fix:
GET /api/agent-runs/{run_id}now verifies the requesting user owns the parent agent before returning the run. Previously any authenticated user could fetch any run by ID (CWE-862). - File upload: extensionless files are restricted to a named allowlist (
known_hosts,authorized_keys, etc.) — arbitrary extensionless uploads are rejected.
Docker Images
Four pre-built images are available. Choose the one that matches your architecture and whether you need the browser tool.
Image Architecture Browser tool image.gitlab.pm/rune/oai-web:latestamd64 Yes image.gitlab.pm/rune/oai-web:latest-no-browseramd64 No image.gitlab.pm/rune/oai-web:latest_arm64arm64 Yes image.gitlab.pm/rune/oai-web:latest-no-browser_arm64arm64 No Full image includes Playwright and a Chromium installation. This adds roughly 350 MB to the image size but enables the browser tool - the agent can fetch pages, take screenshots, click elements, fill forms, and navigate web UIs on your behalf.
No-browser image is leaner and faster to pull. All other tools and features are identical. Choose this if you don't need the agent to interact with web pages directly, or if you are constrained on disk space.
Downloads
-
2026-04-21 13:18:36 +02:00 | 1 commits to main since this releaseReleased 2026-04-21
Chat - Markdown Rendering
The chat interface now fully renders markdown responses. Code blocks display with a language label and a one-click Copy button. Inline code is styled distinctly. A "Copy response" button appears on hover below each assistant message, copying the raw markdown. Rendering happens after streaming completes so there is no flicker mid-response.
Mobile - Responsive Layout and PWA
oAI-Web is now fully usable on phones and tablets.
- The sidebar collapses into a hamburger menu on small screens
- Chat input is taller and no longer triggers iOS auto-zoom on focus
- The model picker and all settings inputs are sized to prevent iOS zoom
- Settings tabs switch to a native
<select>dropdown on mobile, saving vertical space - The help page TOC is collapsible on mobile
- An iOS install hint guides users to "Add to Home Screen"
- A web app manifest and service worker make the app installable as a PWA on iOS and Android
Files - Clickable Filenames
Filenames in the Files section are now directly clickable (highlighted in accent colour) for supported text file types. The file viewer opens immediately without needing a separate "View" button.
Email Handling - Cost Reduction
Agents handling incoming emails now run more efficiently:
- Prompt caching is enabled for the system prompt on email handling runs, reducing repeated token costs
- A dedicated tool call cap prevents runaway costs on complex emails
- The agent prompt mode is applied correctly so the email handling agent stays on-task
Agent Prompt Editor
The agent detail page replaces the inline edit button with a fullscreen prompt editor, making it easier to write and review longer agent prompts.
Email Account Modal
The email account configuration modal has been redesigned to a three-column layout, significantly reducing its height and making it easier to use on smaller screens.
Filesystem - Agent Awareness of Sandbox
The system prompt now includes the list of filesystem directories the agent has access to. Previously the agent would guess paths outside the sandbox and fail silently. It now navigates directly to the correct directories.
Infrastructure
- Docker images moved to
image.gitlab.pm(self-hosted registry) - Four image variants available:
latest,latest-no-browser,latest_arm64,latest-no-browser_arm64
Downloads
-
oAI-Web v1.2.3 Stable
2026-04-16 13:57:57 +02:00 | 3 commits to main since this releaseoAI-Web - Release Notes (14–16 April 2026)
Introduction
From now on I'll do releases when I push new docker images. The code itself might be updated without a new docker image being uploaded. Releases will follow docker image uploads
New Features
Chat markdown rendering
Code blocks (
python ...) and inline code are now rendered properly in the chat window. Each code block has a Copy button, and a Copy response button appears on hover below
assistant messages to copy the full reply including code. Applies to live responses, user messages, and restored chat history.File viewer in Files section
Text-based files (.md, .json, .py, .xml, .yaml, .sh, .log, and more) now have a View button in the Files section. Opens the file content in a scrollable modal - no need to download
just to read a file. Files over 512 KB are truncated with a notice.Usage page - chat session tracking
The Usage page now includes a Chat sessions section showing token consumption and estimated cost from interactive conversations, in addition to the agent run breakdown.
Usage page - Clear costs (admin)
Admins can reset all usage data via a Clear costs button. Deletes all agent run history and resets conversation cost estimates, so tracking starts fresh.
Docker: optional Playwright/Chromium
A new image is available:
gitlab.pm/rune/oai-web:latest-no-browser. This image is without browser capability using Chromium and Playwright. This reduces the image size from 572 to 172 MB.
Fixes & Improvements
- Anthropic model pricing was missing - costs now calculated correctly for Haiku 4.5 ($0.80/$4.00), Sonnet 4.6 ($3.00/$15.00), and Opus 4.6 ($15.00/$75.00) per 1M tokens. Bare model
IDs (without anthropic: prefix) now resolve correctly in cost lookups. - Agent filesystem awareness - the system prompt now lists the configured sandbox directories, so the agent no longer guesses paths like /tmp/ that don't exist in the whitelist.
- Email handler agents now correctly appear in the Usage overview.
- Usage page visibility is now properly restricted: non-admins only see it if they have their own API key configured.
Docker images
- docker pull image.gitlab.pm/rune/oai-web:latest
- docker pull image.gitlab.pm/rune/oai-web:latest-no-browser
Both images are for AMD64.
Downloads
- Anthropic model pricing was missing - costs now calculated correctly for Haiku 4.5 ($0.80/$4.00), Sonnet 4.6 ($3.00/$15.00), and Opus 4.6 ($15.00/$75.00) per 1M tokens. Bare model