From b2c23ff67546e9f16202e5e5b2218d18b89a8bb3 Mon Sep 17 00:00:00 2001 From: DrMelone <27028174+Classic298@users.noreply.github.com> Date: Tue, 27 Jan 2026 16:50:25 +0100 Subject: [PATCH 1/8] db schema --- docs/features/web-search/yandex.md | 8 +++- docs/tutorials/tips/sqlite-database.md | 63 ++++++++++++++++++++------ 2 files changed, 57 insertions(+), 14 deletions(-) diff --git a/docs/features/web-search/yandex.md b/docs/features/web-search/yandex.md index a3c8c588c..4dc1c9ee9 100644 --- a/docs/features/web-search/yandex.md +++ b/docs/features/web-search/yandex.md @@ -3,6 +3,12 @@ sidebar_position: 14 title: "Yandex" --- +:::warning + +This tutorial is a community contribution and is not supported by the Open WebUI team. It serves only as a demonstration on how to customize Open WebUI for your specific use case. Want to contribute? Check out the contributing tutorial. + +::: + :::tip For a comprehensive list of all environment variables related to Web Search (including concurrency settings, result counts, and more), please refer to the [Environment Configuration documentation](../../getting-started/env-configuration#web-search). @@ -40,4 +46,4 @@ services: * **YANDEX_WEB_SEARCH_URL**: The endpoint for the Yandex Search API. Defaults to `https://searchapi.api.cloud.yandex.net/v2/web/search`. * **YANDEX_WEB_SEARCH_API_KEY**: Your Yandex Cloud API Key. -* **YANDEX_WEB_SEARCH_CONFIG**: An optional JSON string to customize the search request (e.g., setting `searchType`, `region`, or other parameters supported by the Yandex Search API). +* **YANDEX_WEB_SEARCH_CONFIG**: An optional JSON string to customize the search request. This allows you to set any parameters supported by the Yandex Search API. diff --git a/docs/tutorials/tips/sqlite-database.md b/docs/tutorials/tips/sqlite-database.md index 131095958..50860c9cf 100644 --- a/docs/tutorials/tips/sqlite-database.md +++ b/docs/tutorials/tips/sqlite-database.md @@ -79,9 +79,10 @@ Here is a complete list of tables in Open-WebUI's SQLite database. The tables ar | 23 | note | Stores user-created notes and annotations | | 24 | oauth_session | Manages active OAuth sessions for users | | 25 | prompt | Stores templates and configurations for AI prompts | -| 26 | tag | Manages tags/labels for content categorization | -| 27 | tool | Stores configurations for system tools and integrations | -| 28 | user | Maintains user profiles and account information | +| 26 | prompt_history | Tracks version history and snapshots for prompts | +| 27 | tag | Manages tags/labels for content categorization | +| 28 | tool | Stores configurations for system tools and integrations | +| 29 | user | Maintains user profiles and account information | Note: there are two additional tables in Open-WebUI's SQLite database that are not related to Open-WebUI's core functionality, that have been excluded: @@ -446,14 +447,33 @@ The `access_control` fields expected structure: ## Prompt Table -| **Column Name** | **Data Type** | **Constraints** | **Description** | -| --------------- | ------------- | --------------- | ------------------------- | -| command | String | PRIMARY KEY | Unique command identifier | -| user_id | String | - | Prompt owner | -| title | Text | - | Prompt title | -| content | Text | - | Prompt content/template | -| timestamp | BigInteger | - | Last update timestamp | -| access_control | JSON | nullable | Access permissions | +| **Column Name** | **Data Type** | **Constraints** | **Description** | +| --------------- | ------------- | --------------- | ----------------------------------- | +| id | Text | PRIMARY KEY | Unique identifier (UUID) | +| command | String | UNIQUE, INDEX | Unique command identifier | +| user_id | String | NOT NULL | Owner of the prompt | +| name | Text | NOT NULL | Display name of the prompt | +| content | Text | NOT NULL | Prompt content/template | +| data | JSON | nullable | Additional prompt data | +| meta | JSON | nullable | Prompt metadata | +| access_control | JSON | nullable | Permission settings | +| is_active | Boolean | default=True | Active status | +| version_id | Text | nullable | Current version identifier | +| tags | JSON | nullable | Associated tags | +| created_at | BigInteger | NOT NULL | Creation timestamp | +| updated_at | BigInteger | NOT NULL | Last update timestamp | + +## Prompt History Table + +| **Column Name** | **Data Type** | **Constraints** | **Description** | +| --------------- | ------------- | ------------------------------ | --------------------------------- | +| id | Text | PRIMARY KEY | Unique identifier (UUID) | +| prompt_id | Text | FOREIGN KEY(prompt.id), INDEX | Reference to the prompt | +| parent_id | Text | nullable | Reference to the parent version | +| snapshot | JSON | NOT NULL | Snapshot of the prompt at version | +| user_id | Text | NOT NULL | User who created the version | +| commit_message | Text | nullable | Version commit message | +| created_at | BigInteger | NOT NULL | Creation timestamp | ## Tag Table @@ -524,6 +544,8 @@ erDiagram user ||--o{ memory : "owns" user ||--o{ model : "manages" user ||--o{ prompt : "creates" + user ||--o{ prompt_history : "creates" + prompt ||--o{ prompt_history : "has" user ||--o{ tag : "creates" user ||--o{ tool : "manages" user ||--o{ note : "owns" @@ -698,11 +720,26 @@ erDiagram } prompt { - string command PK + text id PK + string command string user_id FK - text title + text name text content + json data + json meta json access_control + boolean is_active + text version_id + json tags + } + + prompt_history { + text id PK + text prompt_id FK + text parent_id FK + json snapshot + text user_id FK + text commit_message } tag { From d4cb35adef36dd17a41dff507a543b9ee90c2df9 Mon Sep 17 00:00:00 2001 From: DrMelone <27028174+Classic298@users.noreply.github.com> Date: Tue, 27 Jan 2026 23:17:43 +0100 Subject: [PATCH 2/8] SECURITY WARNINGS tools and plugins --- docs/features/pipelines/index.mdx | 4 +-- docs/features/plugin/functions/index.mdx | 6 ++++ docs/features/plugin/index.mdx | 22 ++++++++++++ docs/security.mdx | 44 ++++++++++++++++++++++++ 4 files changed, 74 insertions(+), 2 deletions(-) diff --git a/docs/features/pipelines/index.mdx b/docs/features/pipelines/index.mdx index 354ba4b62..d27376ae1 100644 --- a/docs/features/pipelines/index.mdx +++ b/docs/features/pipelines/index.mdx @@ -53,9 +53,9 @@ Integrating Pipelines with any OpenAI API-compatible UI client is simple. Launch ## ⚡ Quick Start with Docker -:::warning +:::danger ⚠️ Security Warning -Pipelines are a plugin system with arbitrary code execution — **don't fetch random pipelines from sources you don't trust**. +Pipelines are a plugin system with arbitrary code execution — **don't fetch random pipelines from sources you don't trust**. A malicious Pipeline could access your file system, exfiltrate data, mine cryptocurrency, or compromise your system. Always review Pipeline source code before installing. See the [Security Policy](/security) for more details. ::: diff --git a/docs/features/plugin/functions/index.mdx b/docs/features/plugin/functions/index.mdx index e3f719a76..f6548f42b 100644 --- a/docs/features/plugin/functions/index.mdx +++ b/docs/features/plugin/functions/index.mdx @@ -11,6 +11,12 @@ Unlike external tools that may require complex integrations, **Functions are bui Think of Functions as **modular building blocks** that let you enhance how the WebUI works, tailored exactly to what you need. They’re lightweight, highly customizable, and written in **pure Python**, so you have the freedom to create anything—from new AI-powered workflows to integrations with anything you use, like Google Search or Home Assistant. +:::danger ⚠️ Security Warning + +**Functions execute arbitrary Python code on your server.** Only install Functions from trusted sources. Before importing any Function, review its source code to understand what it does. A malicious Function could access your file system, exfiltrate data, or compromise your system. See the [Security Policy](/security) for more details. + +::: + --- ## 🏗️ Types of Functions diff --git a/docs/features/plugin/index.mdx b/docs/features/plugin/index.mdx index f8e6dd434..20842e2d6 100644 --- a/docs/features/plugin/index.mdx +++ b/docs/features/plugin/index.mdx @@ -17,6 +17,28 @@ Getting started with Tools and Functions is easy because everything’s already ## What are "Tools" and "Functions"? +--- + +:::danger ⚠️ Critical Security Warning + +**Tools, Functions, Pipes, Filters, and Pipelines execute arbitrary Python code on your server.** This is by design—it's what makes them powerful. However, this also means: + +1. **Only install from trusted sources.** Never import Tools or Functions from unknown or untrusted sources. Malicious code can compromise your entire system. + +2. **Review code before importing.** Before installing any community Tool or Function, review its source code. If you don't understand what it does, don't install it. + +3. **Protect your data directory.** The `data` directory (mounted at `/app/backend/data` in Docker) contains your database, configurations, and cached Tools/Functions. If an attacker gains write access to this directory, they can inject malicious code that will execute on your server. + +4. **Restrict Workspace access.** Only trusted administrators should have permission to create, import, or modify Tools and Functions. Regular users should **not** have Workspace access unless explicitly required. + +5. **Audit installed plugins regularly.** Periodically review the Tools and Functions installed in your instance via **Workspace → Tools** and **Admin Panel → Functions**. + +**What could go wrong?** A malicious Tool or Function could exfiltrate data, install malware, mine cryptocurrency, pivot to other systems on your network, or corrupt your instance. + +::: + +--- + Let's start by thinking of **Open WebUI** as a "base" software that can do many tasks related to using Large Language Models (LLMs). But sometimes, you need extra features or abilities that don't come *out of the box*—this is where **tools** and **functions** come into play. ### Tools diff --git a/docs/security.mdx b/docs/security.mdx index b57dcd72f..35d30100b 100644 --- a/docs/security.mdx +++ b/docs/security.mdx @@ -85,6 +85,50 @@ If your concern does not meet the vulnerability requirements outlined above, is Examples of non-vulnerability, still security-related concerns include suggestions for better default configuration values, security hardening recommendations, deployment best practices guidance, unclear configuration instructions, need for additional security documentation, feature requests for optional security enhancements (2FA, audit logging, etc.), and general security questions about production deployment. Please use the adequate channel for your specific issue. +## Tools, Functions, and Pipelines Security + +Open WebUI provides powerful extensibility through **Tools**, **Functions** (including Pipes, Filters, and Actions), and **Pipelines**. These features allow you to extend Open WebUI's capabilities with custom Python code. However, this power comes with security responsibilities. + +:::warning + +**Tools, Functions, and Pipelines execute arbitrary Python code on your server.** This is intentional—it's what makes them powerful. However, this means they have the same level of access as the Open WebUI backend process itself. + +::: + +### Security Implications + +When you install a Tool, Function, or Pipeline, you are granting it the ability to: + +- **Access the file system** — read or write any files the backend process can access +- **Make network requests** — connect to external services, potentially exfiltrating data +- **Execute system commands** — run shell commands via subprocess +- **Access environment variables** — read API keys, secrets, and configuration +- **Modify the database** — access or alter stored data +- **Consume compute resources** — run CPU-intensive operations + +### Best Practices + +| Practice | Description | +|----------|-------------| +| **Only install from trusted sources** | Only use Tools/Functions from the official community library or sources you trust | +| **Review code before installing** | Read and understand what a Tool/Function does before importing it | +| **Restrict Workspace access** | Only grant Workspace permissions to trusted administrators | +| **Audit installed plugins** | Regularly review installed Tools (Workspace → Tools) and Functions (Admin Panel → Functions) | +| **Protect your data directory** | The `/app/backend/data` directory contains your database and cached plugins—protect it from unauthorized access | +| **Monitor resource usage** | Watch for unexpected CPU spikes that could indicate cryptomining or other abuse | +| **Use official Docker images** | Only pull from `ghcr.io/open-webui/open-webui`—unofficial images may be compromised | + +### What Is NOT a Vulnerability + +The following scenarios are **not** considered vulnerabilities because they require administrator action: + +- An admin installing a malicious Tool or Function +- An admin granting Workspace access to an untrusted user +- An admin importing code from an untrusted source +- An attacker with write access to the data volume injecting malicious plugins + +These scenarios represent **admin negligence** or **environment compromise**, not vulnerabilities in Open WebUI itself. See [Rule #10 in our Security Policy](https://github.com/open-webui/open-webui/security) for details. + ## Product Security Process - Internal and periodic external reviews of our architecture and pipelines From df2dbf6edd614cfe05ec565de78a7b26fa030217 Mon Sep 17 00:00:00 2001 From: DrMelone <27028174+Classic298@users.noreply.github.com> Date: Tue, 27 Jan 2026 23:19:11 +0100 Subject: [PATCH 3/8] playground --- docs/features/index.mdx | 2 +- docs/security.mdx | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/features/index.mdx b/docs/features/index.mdx index d757b5673..3aeceba0e 100644 --- a/docs/features/index.mdx +++ b/docs/features/index.mdx @@ -276,7 +276,7 @@ import { TopBanners } from "@site/src/components/TopBanners"; - 🍻 **TavernAI Character Card Integration**: Experience enhanced visual storytelling with TavernAI Character Card Integration in our model builder. Users can seamlessly incorporate TavernAI character card PNGs directly into their model files, creating a more immersive and engaging user experience. -- 🎲 **Model Playground (Beta)**: Try out models with the model playground area (`beta`), which enables users to test and explore model capabilities and parameters with ease in a sandbox environment before deployment in a live chat environment. +- 🎲 **Model Playground (Beta)**: Try out models with the model playground area (`beta`), which enables users to test and explore model capabilities and parameters with ease in a sandbox environment before deployment in a live chat environment. Export your playground conversations in JSON format (compatible with Open WebUI chat import) or as plain text for easy sharing and documentation. --- diff --git a/docs/security.mdx b/docs/security.mdx index 35d30100b..dcf5bc7ad 100644 --- a/docs/security.mdx +++ b/docs/security.mdx @@ -127,7 +127,7 @@ The following scenarios are **not** considered vulnerabilities because they requ - An admin importing code from an untrusted source - An attacker with write access to the data volume injecting malicious plugins -These scenarios represent **admin negligence** or **environment compromise**, not vulnerabilities in Open WebUI itself. See [Rule #10 in our Security Policy](https://github.com/open-webui/open-webui/security) for details. +These scenarios represent **admin negligence** or **environment compromise**, not vulnerabilities in Open WebUI itself. See [our Security Policy](https://github.com/open-webui/open-webui/security) for details. ## Product Security Process From 904f4ae079d1a1c7bcab80adc5a6ba0d5c4b42c9 Mon Sep 17 00:00:00 2001 From: DrMelone <27028174+Classic298@users.noreply.github.com> Date: Thu, 29 Jan 2026 17:51:41 +0100 Subject: [PATCH 4/8] REDIS --- docs/getting-started/env-configuration.mdx | 18 ++++++++++++++++++ docs/tutorials/integrations/redis.md | 9 +++++++++ 2 files changed, 27 insertions(+) diff --git a/docs/getting-started/env-configuration.mdx b/docs/getting-started/env-configuration.mdx index ddc65bfd9..c0a7cada3 100644 --- a/docs/getting-started/env-configuration.mdx +++ b/docs/getting-started/env-configuration.mdx @@ -5859,6 +5859,24 @@ If `WEBSOCKET_REDIS_OPTIONS` is not set, `REDIS_SOCKET_CONNECT_TIMEOUT` will be ::: +#### `REDIS_SENTINEL_MAX_RETRY_COUNT` + +- Type: `int` +- Default: `2` +- Description: Sets the maximum number of retries for Redis operations when using Sentinel fail-over. This is a critical high-availability setting that allows the application time for master election and promotion. If your Sentinel `down-after-milliseconds` is high, you should tune this value accordingly to ensure the service survives the failover window without dropping connections. + +#### `REDIS_RECONNECT_DELAY` + +- Type: `float` (milliseconds) +- Default: None +- Description: Optional reconnect delay in milliseconds for Redis Sentinel retry logic, applied consistently across both synchronous and asynchronous Redis operations. This improves stability during Sentinel failover by preventing tight retry loops. When unset or invalid, retry behavior remains unchanged. + +#### `WEBSOCKET_REDIS_LOCK_TIMEOUT` + +- Type: `int` +- Default: `60` +- Description: Sets the timeout in seconds for Redis locks used by the websocket manager. + #### `ENABLE_WEBSOCKET_SUPPORT` - Type: `bool` diff --git a/docs/tutorials/integrations/redis.md b/docs/tutorials/integrations/redis.md index 2e48e1daa..47d49577f 100644 --- a/docs/tutorials/integrations/redis.md +++ b/docs/tutorials/integrations/redis.md @@ -215,6 +215,13 @@ WEBSOCKET_REDIS_OPTIONS='{"socket_connect_timeout": 5}' ::: +#### Retry and Reconnect Logic + +To enhance resilience during Sentinel failover—the window when a new master is being elected and promoted—you can configure retry behavior to prevent the application from exhausting its reconnection attempts too quickly. + +- **`REDIS_SENTINEL_MAX_RETRY_COUNT`**: Sets the maximum number of retries for Redis operations when using Sentinel (Default: `2`). +- **`REDIS_RECONNECT_DELAY`**: Adds an optional delay in **milliseconds** between retry attempts (e.g., `REDIS_RECONNECT_DELAY=500`). This prevents tight retry loops that may otherwise overwhelm the event loop or block the application before a new master is ready. + ### Complete Example Configuration Here's a complete example showing all Redis-related environment variables: @@ -229,6 +236,8 @@ WEBSOCKET_REDIS_URL="redis://redis-valkey:6379/1" # Recommended for Sentinel deployments (prevents failover hangs) REDIS_SOCKET_CONNECT_TIMEOUT=5 +REDIS_SENTINEL_MAX_RETRY_COUNT=5 +REDIS_RECONNECT_DELAY=1000 # Optional REDIS_KEY_PREFIX="open-webui" From 02d3eaaa1e844eb99365ee1d9f1ee81e5150f156 Mon Sep 17 00:00:00 2001 From: DrMelone <27028174+Classic298@users.noreply.github.com> Date: Thu, 29 Jan 2026 18:19:59 +0100 Subject: [PATCH 5/8] CHAT SHARING FEATURE --- docs/faq.mdx | 4 ++ docs/features/chat-features/chatshare.md | 68 ++++++++++++++++++++++++ docs/features/index.mdx | 2 +- 3 files changed, 73 insertions(+), 1 deletion(-) diff --git a/docs/faq.mdx b/docs/faq.mdx index 61eb1eece..fe22ab78a 100644 --- a/docs/faq.mdx +++ b/docs/faq.mdx @@ -17,6 +17,10 @@ For more details on enterprise solutions and branding customizations, [click her **A:** No, your data is never sent anywhere unless you explicitly choose to share it or you connect an external model provider. Everything inside Open WebUI runs and is stored locally on your machine or server, giving you full control over your data at all times. We encourage you not to simply take our word for it: our entire codebase is hosted publicly, so you can inspect exactly how everything works, and if you ever notice anything concerning, please report it to us on our repo immediately. +### Q: How can I see a list of all the chats I've ever shared? + +**A:** Open WebUI provides a centralized **Shared Chats** dashboard where you can see every link you've generated. This is available to all users via **Settings > Data > Shared Chats > Manage**. From there, you can search through your shared history, re-copy links, or revoke (unshare) access to any conversation instantly. + ### Q: Can I use Open WebUI in outer space (e.g., Mars and beyond) or other extreme environments? **A:** **Yes.** Open WebUI is fully self-hosted and does not rely on persistent internet connectivity, making it suitable for environments where cloud-based systems are impractical or impossible. As long as the underlying hardware can run a supported runtime, Open WebUI will function normally regardless of location. diff --git a/docs/features/chat-features/chatshare.md b/docs/features/chat-features/chatshare.md index 619162d07..2267c7b9d 100644 --- a/docs/features/chat-features/chatshare.md +++ b/docs/features/chat-features/chatshare.md @@ -110,3 +110,71 @@ Once deleted, the shared link will no longer be valid, and users will not be abl 4. Click on the chat you wish to change permission access for. 5. Scroll to the bottom of the chat and update its permission level. 6. Click the **Update Chat** button. + +### Managing Shared Chats + +Open WebUI now includes a robust, centralized management system for all your shared conversations. This feature is available to **all users** and provides a convenient way to audit, update, and secure your shared content without having to navigate through your entire chat history. + +#### Why Use Shared Chat Management? + +- **Privacy Audit**: Quickly see every conversation you have ever made public via a share link. +- **Link Retrieval**: Lost a link you shared previously? Find it here in seconds. +- **Instant Revocation**: If you accidentally shared sensitive information, you can invalidate the link immediately from this central dashboard. +- **Organization**: Clean up old shared links that are no longer relevant. + +#### Accessing the Management Dashboard + +1. Click on your **profile name** or avatar in the bottom-left corner of the sidebar. +2. Select **Settings** from the menu. +3. In the Settings modal, navigate to the **Data** tab. +4. Locate the **Shared Chats** row and click the **Manage** button. + +#### Dashboard Features + +The **Shared Chats** modal provides a streamlined interface for managing your public content: + +- **Powerful Search**: Find specific shared conversations by their title. This is especially useful for users with hundreds of previous chats. +- **Dynamic Sorting**: Toggle the sort order by date (last updated) to see your most recent or oldest shares first. +- **Copy Link**: Each entry has a dedicated **Clipboard icon** to instantly copy the share URL back to your clipboard. +- **Instant Unshare**: Use the **Unshare icon** to delete the link. + - :::warning + Once unshared, the URL will be immediately deactivated. Anyone attempting to use the old link will receive a "Not Found" error. This action is permanent, though you can always re-share the chat later to generate a *new* unique link. + ::: +- **Pagination and Load More**: Efficiently browse through your entire history of shared content with smooth "Load More" scrolling. + +#### Availability + +This feature is available to **every user** on the platform. While Administrators can manage their own shared chats, they do not see other users' shared chats here to maintain privacy. For global administration of shared content, admins should refer to the **Admin Panel > Settings**. + +:::info +**Unsharing is Local**: This dashboard manages links generated on your local Open WebUI instance. If you have shared a chat to the [Open WebUI Community](https://openwebui.com), you must manage those snapshots directly on the community platform (see [Deleting Shared Chats](#deleting-shared-chats)). +::: + +### Security Considerations + +The Shared Chat Management dashboard is a critical security tool for any organization: + +- **Link Persistence**: Shared links are persistent by default. If a user shares a chat and leaves the organization, the link remains active unless the chat is deleted or unshared. +- **Static Snapshots**: Remember that local share links are **static snapshots**. If you share a link and then continue the conversation, the shared link will *not* show the new messages unless you explicitly use "Update and Copy Link". +- **Access Control**: Users must be logged into your specific Open WebUI instance to view a local share link. This provides a layer of security over internal shared chats. + +### Best Practices + +1. **Regular Audits**: We recommend checking your Manage Shared Chats dashboard once a month to ensure you aren't inadvertently leaking internal project details. +2. **Descriptive Titles**: Give your chats clear titles. The management dashboard's search feature relies on the chat title, so "Project Alpha Design Review" is much easier to find later than "New Chat". +3. **Explicit Unsharing**: If a shared link was only needed for a temporary review, unshare it as soon as the review is complete to minimize your data footprint. +4. **Update vs New Link**: If you need to show someone the next step in a conversation, use the **Update** feature in the individual chat modal rather than generating a new link. This keeps your management dashboard clean and ensures the recipient always has the latest version on the same URL. + +### Shared Management FAQ + +**Q: Does unsharing a chat delete the conversation?** +**A:** No. Unsharing only deletes the public link. Your original conversation remains perfectly intact in your history. + +**Q: Can I share a chat that has been archived?** +**A:** Yes. Archiving and Sharing are independent features. A chat can be both archived and shared. + +**Q: If I delete a chat, what happens to the shared link?** +**A:** Deleting a chat also immediately invalidates and deletes any associated share links. + +**Q: Can I see who has viewed my shared link?** +**A:** Currently, Open WebUI does not track view counts or recipient identities for shared links to prioritize privacy and performance. diff --git a/docs/features/index.mdx b/docs/features/index.mdx index 3aeceba0e..83db20536 100644 --- a/docs/features/index.mdx +++ b/docs/features/index.mdx @@ -282,7 +282,7 @@ import { TopBanners } from "@site/src/components/TopBanners"; ### 👥 Collaboration -- 🗨️ **Local Chat Sharing**: Generate and share chat links between users in an efficient and seamless manner, thereby enhancing collaboration and communication. +- 🗨️ **Local Chat Sharing**: Generate and share chat links between users in an efficient and seamless manner. Includes a **centralized management interface** in Settings to view, copy links, or unshare conversations at any time. [Learn more about Chat Sharing](/features/chat-features/chatshare). - 👍👎 **RLHF Annotation**: Enhance the impact of your messages by rating them with either a thumbs up or thumbs down AMD provide a rating for the response on a scale of 1-10, followed by the option to provide textual feedback, facilitating the creation of datasets for Reinforcement Learning from Human Feedback (`RLHF`). Utilize your messages to train or fine-tune models, all while ensuring the confidentiality of locally saved data. From b883381bd106c75e82fb07006dfa506d26513461 Mon Sep 17 00:00:00 2001 From: DrMelone <27028174+Classic298@users.noreply.github.com> Date: Thu, 29 Jan 2026 18:59:01 +0100 Subject: [PATCH 6/8] docs: document centralized data management and admin model controls This update provides comprehensive documentation for three major platform enhancements: Centralized Data Management - Shared Chat Manager: Documents the new dashboard in Settings > Data for auditing and revoking share links (LinkSlash icon). - File Manager: Detailed the unified dashboard for document management, including the automatic Knowledge Base and embedding cleanup logic. - Search & Performance: Documented the 500ms search debounce and advanced sorting (Updated At, Created At) across both managers. Admin Model Management - Admin View Selector: Guide for status-based filtering (Enabled, Disabled, Hidden, Visible). - Bulk Actions: Documented the new "Enable All" and "Disable All" controls in the Admin Panel for high-volume provider management. UI/UX & Discovery - Updated the Features Overview and FAQ sections to highlight these management tools and provide clear user navigation paths. --- docs/faq.mdx | 4 ++ docs/features/chat-features/chatshare.md | 65 +++++++----------------- docs/features/index.mdx | 6 +++ docs/features/rag/index.md | 4 ++ docs/features/workspace/files.md | 65 ++++++++++++++++++++++++ docs/features/workspace/index.mdx | 1 + docs/features/workspace/models.md | 26 ++++++++++ 7 files changed, 124 insertions(+), 47 deletions(-) create mode 100644 docs/features/workspace/files.md diff --git a/docs/faq.mdx b/docs/faq.mdx index fe22ab78a..d401c914e 100644 --- a/docs/faq.mdx +++ b/docs/faq.mdx @@ -21,6 +21,10 @@ For more details on enterprise solutions and branding customizations, [click her **A:** Open WebUI provides a centralized **Shared Chats** dashboard where you can see every link you've generated. This is available to all users via **Settings > Data > Shared Chats > Manage**. From there, you can search through your shared history, re-copy links, or revoke (unshare) access to any conversation instantly. +### Q: How can I manage or delete files I've uploaded? + +**A:** You can access the **File Manager** by going to **Settings > Data > Manage Files > Manage**. This dashboard allows you to search through all your uploaded documents, view their details, and delete them. Deleting a file here also automatically cleans up any associated Knowledge Base entries and vector embeddings. + ### Q: Can I use Open WebUI in outer space (e.g., Mars and beyond) or other extreme environments? **A:** **Yes.** Open WebUI is fully self-hosted and does not rely on persistent internet connectivity, making it suitable for environments where cloud-based systems are impractical or impossible. As long as the underlying hardware can run a supported runtime, Open WebUI will function normally regardless of location. diff --git a/docs/features/chat-features/chatshare.md b/docs/features/chat-features/chatshare.md index 2267c7b9d..ec49a660e 100644 --- a/docs/features/chat-features/chatshare.md +++ b/docs/features/chat-features/chatshare.md @@ -113,68 +113,39 @@ Once deleted, the shared link will no longer be valid, and users will not be abl ### Managing Shared Chats -Open WebUI now includes a robust, centralized management system for all your shared conversations. This feature is available to **all users** and provides a convenient way to audit, update, and secure your shared content without having to navigate through your entire chat history. - -#### Why Use Shared Chat Management? - -- **Privacy Audit**: Quickly see every conversation you have ever made public via a share link. -- **Link Retrieval**: Lost a link you shared previously? Find it here in seconds. -- **Instant Revocation**: If you accidentally shared sensitive information, you can invalidate the link immediately from this central dashboard. -- **Organization**: Clean up old shared links that are no longer relevant. +Open WebUI provides a centralized dashboard to manage every chat conversation you have shared. This feature allows users to audit their shared content and quickly revoke access if needed. #### Accessing the Management Dashboard 1. Click on your **profile name** or avatar in the bottom-left corner of the sidebar. 2. Select **Settings** from the menu. -3. In the Settings modal, navigate to the **Data** tab. +3. Navigate to the **Data** tab. 4. Locate the **Shared Chats** row and click the **Manage** button. #### Dashboard Features -The **Shared Chats** modal provides a streamlined interface for managing your public content: +The **Shared Chats** modal provides a unified interface for your public content: -- **Powerful Search**: Find specific shared conversations by their title. This is especially useful for users with hundreds of previous chats. -- **Dynamic Sorting**: Toggle the sort order by date (last updated) to see your most recent or oldest shares first. -- **Copy Link**: Each entry has a dedicated **Clipboard icon** to instantly copy the share URL back to your clipboard. -- **Instant Unshare**: Use the **Unshare icon** to delete the link. +- **Centralized List**: View all conversations that have an active share link. +- **Search & Filter**: Quickly find specific shared chats by title. The search bar includes a **500ms debounce** to ensure smooth performance while typing. +- **Advanced Sorting**: Organize your shared history by: + - **Updated At** (Default) + - **Created At** + - **Title** +- **Copy Link**: Use the **Clipboard icon** next to any entry to instantly copy the share URL back to your clipboard. +- **Revoke Access (Unshare)**: Use the **Unshare icon** (represented by a slashed link) to deactivate a share link. - :::warning - Once unshared, the URL will be immediately deactivated. Anyone attempting to use the old link will receive a "Not Found" error. This action is permanent, though you can always re-share the chat later to generate a *new* unique link. + Revoking access immediately invalidates the link. Anyone attempting to visit the URL will receive a "Not Found" error. This action is permanent, though you can generate a *new* unique link by sharing the chat again from the main interface. ::: -- **Pagination and Load More**: Efficiently browse through your entire history of shared content with smooth "Load More" scrolling. - -#### Availability - -This feature is available to **every user** on the platform. While Administrators can manage their own shared chats, they do not see other users' shared chats here to maintain privacy. For global administration of shared content, admins should refer to the **Admin Panel > Settings**. - -:::info -**Unsharing is Local**: This dashboard manages links generated on your local Open WebUI instance. If you have shared a chat to the [Open WebUI Community](https://openwebui.com), you must manage those snapshots directly on the community platform (see [Deleting Shared Chats](#deleting-shared-chats)). -::: - -### Security Considerations - -The Shared Chat Management dashboard is a critical security tool for any organization: - -- **Link Persistence**: Shared links are persistent by default. If a user shares a chat and leaves the organization, the link remains active unless the chat is deleted or unshared. -- **Static Snapshots**: Remember that local share links are **static snapshots**. If you share a link and then continue the conversation, the shared link will *not* show the new messages unless you explicitly use "Update and Copy Link". -- **Access Control**: Users must be logged into your specific Open WebUI instance to view a local share link. This provides a layer of security over internal shared chats. - -### Best Practices - -1. **Regular Audits**: We recommend checking your Manage Shared Chats dashboard once a month to ensure you aren't inadvertently leaking internal project details. -2. **Descriptive Titles**: Give your chats clear titles. The management dashboard's search feature relies on the chat title, so "Project Alpha Design Review" is much easier to find later than "New Chat". -3. **Explicit Unsharing**: If a shared link was only needed for a temporary review, unshare it as soon as the review is complete to minimize your data footprint. -4. **Update vs New Link**: If you need to show someone the next step in a conversation, use the **Update** feature in the individual chat modal rather than generating a new link. This keeps your management dashboard clean and ensures the recipient always has the latest version on the same URL. +- **Pagination**: Efficiently browse through your history using the "Load More" functionality at the bottom of the list. ### Shared Management FAQ -**Q: Does unsharing a chat delete the conversation?** -**A:** No. Unsharing only deletes the public link. Your original conversation remains perfectly intact in your history. +**Q: Does unsharing a chat delete the original conversation?** +**A:** No. Unsharing only deletes the public link. Your original chat history remains completely intact. -**Q: Can I share a chat that has been archived?** -**A:** Yes. Archiving and Sharing are independent features. A chat can be both archived and shared. +**Q: Can I manage chats I've shared on the community platform here?** +**A:** No. This dashboard manages links generated on your local instance. For community-shared content, see [Deleting Shared Chats](#deleting-shared-chats). -**Q: If I delete a chat, what happens to the shared link?** +**Q: If I delete my original chat, what happens to the shared link?** **A:** Deleting a chat also immediately invalidates and deletes any associated share links. - -**Q: Can I see who has viewed my shared link?** -**A:** Currently, Open WebUI does not track view counts or recipient identities for shared links to prioritize privacy and performance. diff --git a/docs/features/index.mdx b/docs/features/index.mdx index 83db20536..3eca7414a 100644 --- a/docs/features/index.mdx +++ b/docs/features/index.mdx @@ -19,6 +19,10 @@ import { TopBanners } from "@site/src/components/TopBanners"; - 🔐 **SCIM 2.0 Provisioning**: Enterprise-grade user and group provisioning through SCIM 2.0 protocol, enabling seamless integration with identity providers like Okta, Azure AD, and Google Workspace for automated user lifecycle management. [Read the SCIM Guide](/features/auth/scim). +- 📂 **Centralized File Management**: A unified dashboard to search, view, and manage all your uploaded documents in one place. Includes automated cleanup of Knowledge Base associations and vector embeddings when deleting files. [Learn about File Management](/features/workspace/files). + +- 💬 **Shared Chat Management**: A centralized interface to audit every conversation you've ever shared. Easily search through your shared history, re-copy links, or revoke (unshare) access instantly from a single location. [Learn about Chat Sharing](/features/chat-features/chatshare#managing-shared-chats). + - 📱 **Responsive Design**: Enjoy a seamless experience across desktop PCs, laptops, and mobile devices. - 📱 **Progressive Web App for Mobile**: Enjoy a native progressive web application experience on your mobile device with offline access on `localhost` or a personal domain, and a smooth user interface. In order for our PWA to be installable on your device, it must be delivered in a secure context. This usually means that it must be served over HTTPS. @@ -424,6 +428,8 @@ import { TopBanners } from "@site/src/components/TopBanners"; - 🔒 **Default Sign-Up Role**: Specify the default role for new sign-ups to `pending`, `user`, or `admin`, providing flexibility in managing user permissions and access levels for new users. +- 🤖 **Bulk Model Management & Filtering**: Administrators can effortlessly manage large model collections from external providers with tools to bulk enable/disable models and filter the admin list by status (Enabled, Disabled, Hidden, etc.) to maintain a clean workspace. [Learn about Admin Models](/features/workspace/models#global-model-management-admin). + - 🔒 **Prevent New Sign-Ups**: Enable the option to disable new user sign-ups, restricting access to the platform and maintaining a fixed number of users. - 🔒 **Prevent Chat Deletion**: Ability for admins to toggle a setting that prevents all users from deleting their chat messages, ensuring that all chat messages are retained for audit or compliance purposes. diff --git a/docs/features/rag/index.md b/docs/features/rag/index.md index 816c1b7d9..6ea5468cf 100644 --- a/docs/features/rag/index.md +++ b/docs/features/rag/index.md @@ -17,6 +17,10 @@ One of the key advantages of RAG is its ability to access and integrate informat Local documents must first be uploaded via the Documents section of the Workspace area to access them using the `#` symbol before a query. Click on the formatted URL in the that appears above the chat box. Once selected, a document icon appears above `Send a message`, indicating successful retrieval. +:::tip Bulk File Management +Need to clean up multiple uploaded documents or audit your storage? You can now use the centralized **[File Manager](/features/workspace/files)** located in **Settings > Data > Manage Files**. Deleting files there will automatically clean up their corresponding RAG embeddings. +::: + You can also load documents into the workspace area with their access by starting a prompt with `#`, followed by a URL. This can help incorporate web content directly into your conversations. ## Web Search for RAG diff --git a/docs/features/workspace/files.md b/docs/features/workspace/files.md new file mode 100644 index 000000000..d93a0ba35 --- /dev/null +++ b/docs/features/workspace/files.md @@ -0,0 +1,65 @@ +--- +sidebar_position: 5 +title: "📁 File Management" +--- + +Open WebUI provides a comprehensive file management system that allows you to upload, organize, and utilize your documents across various features like Knowledge Bases and RAG. + +## Centralized File Manager + +The **Centralized File Manager** provides a unified interface to view, search, and manage every file you have uploaded to your Open WebUI instance, whether it was uploaded directly to a chat or into a Knowledge Base. + +### Accessing the File Manager + +1. Click on your **profile name** or avatar in the bottom-left corner. +2. Select **Settings** from the menu. +3. Navigate to the **Data** tab. +4. Locate the **Manage Files** row and click the **Manage** button. + +### Key Features + +The File Manager modal offers several powerful tools for maintaining your data: + +- **Universal Search**: Quickly find any file by its filename using the integrated search bar. +- **Advanced Sorting**: Organize your file list by: + - **Filename**: Sort alphabetically to find specific documents. + - **Created At**: See your most recent uploads or find older files. +- **File Details**: View important information at a glance, including: + - **File Size**: See how much space each document occupies (e.g., KB, MB). + - **Upload Date**: Track when each file was added to your instance. +- **Built-in Viewer**: Click on any file to open the **File Item Viewer**, which displays the file's metadata and specific details (such as size and type). +- **Safe Deletion**: Easily remove files you no longer need. + - :::info **Knowledge Base Cleanup** + When you delete a file through the File Manager, Open WebUI automatically performs a deep cleanup. It removes the file from all associated Knowledge Bases and deletes its corresponding vector embeddings, ensuring your database stays clean and efficient. + ::: + +## Using Files in Open WebUI + +Files are at the heart of the platform's advanced capabilities: + +### 1. Retrieval Augmented Generation (RAG) +By uploading documents (PDFs, Word docs, text files, etc.), you can ground your AI's responses in your own data. +- **Chat Uploads**: Simply drag and drop files into a chat or use the upload icon. +- **Knowledge Bases**: Add files to structured collections for more permanent and organized retrieval. + +### 2. File Metadata +Every file carries metadata that helps both you and the AI understand its context. This includes content type, original filename, and size. + +## Best Practices + +- **Naming Conventions**: Use clear, descriptive filenames. This improves the accuracy of the File Manager's search and helps you identify specific documents. +- **Regular Audits**: Periodically use the **Manage Files** dashboard to delete old or redundant documents. This saves disk/database space and improves the performance of your system by ensuring only relevant data is retained. + +## FAQ + +**Q: If I delete a file, is it gone from my chats?** +**A:** Yes. Deleting a file via the File Manager removes it from the system entirely. Any chat that referenced that file using RAG will no longer be able to pull information from it. + +**Q: Can I download my files back from the File Manager?** +**A:** Currently, the File Manager focuses on viewing metadata and management (deletion). To download a file, you should typically access it from the original chat or Knowledge Base where it was used. + +**Q: Are there limits on the number of files I can manage?** +**A:** There is no hard-coded limit in Open WebUI. The scalability depends on your storage (disk/S3) and your Vector Database (e.g., ChromaDB, PGVector). + +**Q: Does managing files require Admin privileges?** +**A:** Regular users can manage their *own* uploaded files. Administrators have additional tools to manage global files and configuration via the Admin Panel. diff --git a/docs/features/workspace/index.mdx b/docs/features/workspace/index.mdx index 6a08a8e30..46d6145d6 100644 --- a/docs/features/workspace/index.mdx +++ b/docs/features/workspace/index.mdx @@ -10,5 +10,6 @@ The Workspace in Open WebUI provides a comprehensive environment for managing yo - [🤖 Models](./models.md) - Create and manage custom models tailored to specific purposes - [🧠 Knowledge](./knowledge.md) - Manage your knowledge bases for retrieval augmented generation - [📚 Prompts](./prompts.md) - Create and organize reusable prompts +- [📁 Files](./files.md) - Centralized management for all your uploaded documents Each section of the Workspace is designed to give you fine-grained control over your Open WebUI experience, allowing for customization and optimization of your AI interactions. diff --git a/docs/features/workspace/models.md b/docs/features/workspace/models.md index d042124a0..b581a693e 100644 --- a/docs/features/workspace/models.md +++ b/docs/features/workspace/models.md @@ -116,6 +116,32 @@ A raw Base Model can be cloned as a custom Workspace model, but it will not clon To download new raw Base Models (like `Llama-3.2-3B-Instruct-GGUF:Q8_0` or `Mistral-7B-Instruct-v0.2-GGUF:Q4_K_M`), navigate to **Settings > Connections > Ollama**. Alternatively, type `ollama run hf.co/{username}/{repository}:{quantization}` in the model selector to pull directly from Hugging Face. This action will create a button within the model selector labeled "Pull [Model Name]" that will begin downloading the model from its source once clicked. ::: +## Global Model Management (Admin) + +Administrators have access to a centralized management interface via **Admin Panel > Settings > Models**. This page provides powerful tools for decluttering and organizing the model list, especially when connected to providers with hundreds of available models. + +### View Filtering + +The **Admin View Selector** allows you to filter the entire list of models by their operational status. This is located next to the search bar and includes the following views: + +- **All**: Shows every model available to the system. +- **Enabled**: Displays only models that are currently active and selectable by users. +- **Disabled**: Shows models that have been deactivated. +- **Visible**: Shows models that are currently visible in the user model selector. +- **Hidden**: Displays only the models that have been hidden (these appear with reduced opacity in the list). + +### Bulk Actions + +To streamline the management of large model collections, the Admin Panel includes **Bulk Actions** that apply to the models currently visible in your filtered view. + +1. **Filter your view** (e.g., select "Disabled" or "Hidden"). +2. **Open the Actions menu** (Ellipsis icon next to the search bar). +3. **Select an action**: + - **Enable All**: Activates all models in the current filtered list simultaneously. + - **Disable All**: Deactivates all models in the current filtered list. + +These tools are specifically designed to help administrators quickly manage external providers (like OpenAI or Anthropic) that expose a high volume of models, allowing for instant site-wide configuration changes. + ## Model Switching in Chat Open WebUI allows for dynamic model switching and parallel inference within a chat session. From e86756e2e35e32913e53ab26f192b0383d362ab8 Mon Sep 17 00:00:00 2001 From: DrMelone <27028174+Classic298@users.noreply.github.com> Date: Thu, 29 Jan 2026 20:08:02 +0100 Subject: [PATCH 7/8] fixes --- docs/features/chat-features/chatshare.md | 3 +-- docs/features/workspace/files.md | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/docs/features/chat-features/chatshare.md b/docs/features/chat-features/chatshare.md index ec49a660e..2ddb70161 100644 --- a/docs/features/chat-features/chatshare.md +++ b/docs/features/chat-features/chatshare.md @@ -119,7 +119,7 @@ Open WebUI provides a centralized dashboard to manage every chat conversation yo 1. Click on your **profile name** or avatar in the bottom-left corner of the sidebar. 2. Select **Settings** from the menu. -3. Navigate to the **Data** tab. +3. Navigate to the **Data Controls** tab. 4. Locate the **Shared Chats** row and click the **Manage** button. #### Dashboard Features @@ -130,7 +130,6 @@ The **Shared Chats** modal provides a unified interface for your public content: - **Search & Filter**: Quickly find specific shared chats by title. The search bar includes a **500ms debounce** to ensure smooth performance while typing. - **Advanced Sorting**: Organize your shared history by: - **Updated At** (Default) - - **Created At** - **Title** - **Copy Link**: Use the **Clipboard icon** next to any entry to instantly copy the share URL back to your clipboard. - **Revoke Access (Unshare)**: Use the **Unshare icon** (represented by a slashed link) to deactivate a share link. diff --git a/docs/features/workspace/files.md b/docs/features/workspace/files.md index d93a0ba35..b5ecbf6b8 100644 --- a/docs/features/workspace/files.md +++ b/docs/features/workspace/files.md @@ -13,7 +13,7 @@ The **Centralized File Manager** provides a unified interface to view, search, a 1. Click on your **profile name** or avatar in the bottom-left corner. 2. Select **Settings** from the menu. -3. Navigate to the **Data** tab. +3. Navigate to the **Data Controls** tab. 4. Locate the **Manage Files** row and click the **Manage** button. ### Key Features From 3091fa724e25411ecef58dc73174e5d5ec1c39e3 Mon Sep 17 00:00:00 2001 From: DrMelone <27028174+Classic298@users.noreply.github.com> Date: Thu, 29 Jan 2026 20:08:09 +0100 Subject: [PATCH 8/8] fixes --- docs/faq.mdx | 4 ++-- docs/features/rag/index.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/faq.mdx b/docs/faq.mdx index d401c914e..25d3448d8 100644 --- a/docs/faq.mdx +++ b/docs/faq.mdx @@ -19,11 +19,11 @@ For more details on enterprise solutions and branding customizations, [click her ### Q: How can I see a list of all the chats I've ever shared? -**A:** Open WebUI provides a centralized **Shared Chats** dashboard where you can see every link you've generated. This is available to all users via **Settings > Data > Shared Chats > Manage**. From there, you can search through your shared history, re-copy links, or revoke (unshare) access to any conversation instantly. +**A:** Open WebUI provides a centralized **Shared Chats** dashboard where you can see every link you've generated. This is available to all users via **Settings > Data Controls > Shared Chats > Manage**. From there, you can search through your shared history, re-copy links, or revoke (unshare) access to any conversation instantly. ### Q: How can I manage or delete files I've uploaded? -**A:** You can access the **File Manager** by going to **Settings > Data > Manage Files > Manage**. This dashboard allows you to search through all your uploaded documents, view their details, and delete them. Deleting a file here also automatically cleans up any associated Knowledge Base entries and vector embeddings. +**A:** You can access the **File Manager** by going to **Settings > Data Controls > Manage Files > Manage**. This dashboard allows you to search through all your uploaded documents, view their details, and delete them. Deleting a file here also automatically cleans up any associated Knowledge Base entries and vector embeddings. ### Q: Can I use Open WebUI in outer space (e.g., Mars and beyond) or other extreme environments? diff --git a/docs/features/rag/index.md b/docs/features/rag/index.md index 6ea5468cf..4e7c25231 100644 --- a/docs/features/rag/index.md +++ b/docs/features/rag/index.md @@ -18,7 +18,7 @@ One of the key advantages of RAG is its ability to access and integrate informat Local documents must first be uploaded via the Documents section of the Workspace area to access them using the `#` symbol before a query. Click on the formatted URL in the that appears above the chat box. Once selected, a document icon appears above `Send a message`, indicating successful retrieval. :::tip Bulk File Management -Need to clean up multiple uploaded documents or audit your storage? You can now use the centralized **[File Manager](/features/workspace/files)** located in **Settings > Data > Manage Files**. Deleting files there will automatically clean up their corresponding RAG embeddings. +Need to clean up multiple uploaded documents or audit your storage? You can now use the centralized **[File Manager](/features/workspace/files)** located in **Settings > Data Controls > Manage Files**. Deleting files there will automatically clean up their corresponding RAG embeddings. ::: You can also load documents into the workspace area with their access by starting a prompt with `#`, followed by a URL. This can help incorporate web content directly into your conversations.