Skip to content

5.6.0

Choose a tag to compare

View all tags
@ginccc ginccc released this 04 Mar 22:48
· 1 commit to release/5.6.0 since this release
5.6.0
d3bfe1d

EDDI v5.6.0

What's New

AI Agent & Tooling Framework

This release introduces a comprehensive AI Agent and Tooling system, enabling EDDI bots to autonomously use tools during conversations:

  • Declarative Agents — New DeclarativeAgent and DeclarativeAgentTask framework allowing bots to be configured as goal-driven agents that plan and execute multi-step tasks
  • Built-in Tools — Eight ready-to-use tools available out of the box:
    • Calculator — Safe math expression evaluation with sandboxed parsing
    • DataFormatter — Structured data formatting and transformation
    • DateTime — Date and time queries and formatting
    • PdfReader — Extract and process text from PDF documents
    • TextSummarizer — Summarize long text content
    • Weather — Fetch current weather data
    • WebScraper — Scrape and parse web pages
    • WebSearch — Perform web searches and return results
  • EDDI Tool Bridge (EddiToolBridge) — Integrates EDDI's existing HTTP call system as callable tools for AI agents, enabling full access to any configured REST API
  • Chat Memory Integration (EddiChatMemoryStore) — Persistent memory store wired into agent tool execution for context-aware tool use across conversation turns
  • Tool Execution InfrastructureToolExecutionService with built-in caching (ToolCacheService), rate limiting (ToolRateLimiter), and cost tracking (ToolCostTracker) for production-grade agent deployments

HTTP Client Migration: Jetty → Vert.x WebClient

  • Replaced jetty-client with vertx-web-client (managed via Quarkus BOM) for a fully reactive, non-blocking HTTP client
  • Implemented IHttpClient using VertxWebClientSession for proper cookie persistence
  • Added memory safety checks using Content-Length header validation and post-download size verification
  • Improved concurrency and interruption handling in synchronous request wrappers

Security Fixes

  • SSRF Protection — Added UrlValidationUtils to validate and block requests to private/internal IP ranges in WebScraperTool, PdfReaderTool, and HttpCallExecutor
  • Input Validation — Stricter validation on URL and parameter inputs across HTTP call and tool execution paths
  • Safe Math Parsing — Replaced unsafe eval-style evaluation in CalculatorTool with a sandboxed expression parser to prevent injection attacks

Improvements

  • ToolCacheService — Improved cache key generation for long arguments; migrated to ConcurrentHashMap for thread-safe caching
  • ToolRateLimiter — Enhanced to handle concurrent tool invocations without race conditions
  • AgentExecutionHelper — Better retry logic for transient/retryable errors during agent execution
  • RestToolHistory — Refactored to use the conversation memory store for tool history retrieval
  • HttpCallExecutor — Added null checks for memory and parameters; improved error handling
  • LangchainTask — Improved lifecycle management and task reliability
  • enableBuiltInTools — Type reverted from boolean to Boolean to correctly support nullable/optional configuration

Dependency Upgrades

Dependency Previous New
Quarkus 3.x 3.32.1
langchain4j 1.x 1.11.0

Infrastructure & Ops

  • Docker Compose: EDDI image now pinned to major version 5 instead of latest for more predictable deployments
  • MongoDB: Updated to the latest supported version in docker-compose.yml
  • Removed unused disableWWWAuthenticationValidation parameter from HTTP client configuration

Documentation

  • New docs/security.md — Documents SSRF protection, input validation, and safe tool execution practices
  • New AI Agent tooling guide — Comprehensive documentation covering Bot Father, tool configuration, and agent setup
  • Updated Bot Father conversation flow, implementation summary, and LangChain tools guide

Full Changelog: 5.5.1...5.6.0

Assets 2
Loading