# OpenHands - Doramagic AI Context Pack

> Purpose: pre-work context for the user's host AI. This pack does not prove that the project has been installed, run, or validated.

## Project

- canonical_name: `OpenHands/OpenHands`
- capability: 🙌 OpenHands: AI-Driven Development
- expected_user_outcome: 🙌 OpenHands: AI-Driven Development

## Operating Boundaries

- Do not claim that the project has been installed, run, called through an API, or used on local files unless separate evidence proves it.
- Project facts must come from repo evidence, Claim Graph, or explicit source references.
- When a capability is not verified, mark it as unverified instead of completing it as fact.
- publish_status: `publishable`
- blocking_gaps: none

---

## Doramagic Context Augmentation

The following sections strengthen the repository context for a host AI. Human Manual data is a reading route, and pitfall notes become operating constraints.

## Human Manual Outline

Usage rule: this is only a reading route and salience signal, not factual authority. Concrete claims must still return to repo evidence or Claim Graph.

Host AI hard rules:
- Do not treat page titles, section order, summaries, or importance values as factual project evidence.
- When explaining the Human Manual outline, state that it is only a reading route or salience signal.
- Capability, installation, compatibility, runtime state, and risk claims must cite repo evidence, source paths, or Claim Graph.

- **Overview and System Architecture**: importance `high`
  - source_paths: README.md, Development.md, CONTRIBUTING.md, AGENTS.md, docker-compose.yml
- **App Server, Sandbox Services, and Integrations**: importance `high`
  - source_paths: openhands/app_server/README.md, openhands/app_server/app.py, openhands/app_server/v1_router.py, openhands/app_server/sandbox/sandbox_service.py, openhands/app_server/sandbox/docker_sandbox_service.py
- **Frontend Application and User Experience**: importance `high`
  - source_paths: frontend/README.md, frontend/src/routes.ts, frontend/src/routes/conversation.tsx, frontend/src/routes/home.tsx, frontend/src/routes/settings.tsx
- **LLM Profiles, Models, and Sandbox Runtime**: importance `high`
  - source_paths: openhands/app_server/settings/llm_profiles.py, openhands/app_server/settings/settings_models.py, openhands/app_server/settings/settings_router.py, openhands/app_server/config_api/llm_model_service.py, openhands/app_server/config_api/default_llm_model_service.py

## Repo Inspection Evidence

- repo_clone_verified: true
- repo_inspection_verified: true
- repo_commit: `7b228db6ae143598b4caf65c6f7ed759b511f922`
- inspected_files: `README.md`, `docker-compose.yml`, `pyproject.toml`, `uv.lock`

Host AI hard rules:
- Without repo_clone_verified=true, do not claim that the source code has been read.
- Without repo_inspection_verified=true, do not write README, docs, or package-file conclusions as facts.
- Without quick_start_verified=true, do not claim that the Quick Start path has run successfully.

## Doramagic Pitfall Constraints

These rules come from Doramagic discovery, validation, or compilation findings. The host AI must treat them as operating constraints, not background notes.

### Constraint 1: Installation risk requires verification

- Trigger: Project evidence flags a installation risk. Review the linked source before relying on this workflow.
- Host AI rule: Reproduce the official install and quickstart path in an isolated environment.
- Why it matters: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/OpenHands/OpenHands/issues/13827
- Hard boundary: Do not present this pitfall as solved, verified, or ignorable unless later evidence explicitly closes it.

### Constraint 2: Installation risk requires verification

- Trigger: Project evidence flags a installation risk. Review the linked source before relying on this workflow.
- Host AI rule: Reproduce the official install and quickstart path in an isolated environment.
- Why it matters: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/OpenHands/OpenHands/issues/13647
- Hard boundary: Do not present this pitfall as solved, verified, or ignorable unless later evidence explicitly closes it.

### Constraint 3: Security or permission risk requires verification

- Trigger: Developers should check this security_permissions risk before relying on the project: [Bug] Conversation polling fails with ValidationError when secrets contain null values
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: [Bug] Conversation polling fails with ValidationError when secrets contain null values. Context: Observed when using python
- Why it matters: Developers may expose sensitive permissions or credentials: [Bug] Conversation polling fails with ValidationError when secrets contain null values
- Evidence: failure_mode_cluster:github_issue | https://github.com/OpenHands/OpenHands/issues/12714
- Hard boundary: Do not present this pitfall as solved, verified, or ignorable unless later evidence explicitly closes it.

### Constraint 4: Security or permission risk requires verification

- Trigger: Developers should check this security_permissions risk before relying on the project: [Feature]: Docker / Docker Compose Instructions
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: [Feature]: Docker / Docker Compose Instructions. Context: Observed when using docker, linux
- Why it matters: Developers may expose sensitive permissions or credentials: [Feature]: Docker / Docker Compose Instructions
- Evidence: failure_mode_cluster:github_issue | https://github.com/OpenHands/OpenHands/issues/14882
- Hard boundary: Do not present this pitfall as solved, verified, or ignorable unless later evidence explicitly closes it.

### Constraint 5: Security or permission risk requires verification

- Trigger: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow.
- Host AI rule: Reproduce the official install and quickstart path in an isolated environment.
- Why it matters: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/OpenHands/OpenHands/issues/14912
- Hard boundary: Do not present this pitfall as solved, verified, or ignorable unless later evidence explicitly closes it.

### Constraint 6: Security or permission risk requires verification

- Trigger: Project evidence flags a security or permission risk. Review the linked source before relying on this workflow.
- Host AI rule: Reproduce the official install and quickstart path in an isolated environment.
- Why it matters: May increase setup, validation, or first-run risk for the user.
- Evidence: community_evidence:github | https://github.com/OpenHands/OpenHands/issues/14882
- Hard boundary: Do not present this pitfall as solved, verified, or ignorable unless later evidence explicitly closes it.

### Constraint 7: Installation risk requires verification

- Trigger: Project evidence flags a installation risk. Review the linked source before relying on this workflow.
- Host AI rule: Reproduce the official install and quickstart path in an isolated environment.
- Why it matters: May increase setup, validation, or first-run risk for the user.
- Evidence: identity.distribution | https://github.com/OpenHands/OpenHands
- Hard boundary: Do not present this pitfall as solved, verified, or ignorable unless later evidence explicitly closes it.

### Constraint 8: Installation risk requires verification

- Trigger: Developers should check this installation risk before relying on the project: 1.5.0 - 2026-03-11
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: 1.5.0 - 2026-03-11. Context: Source discussion did not expose a precise runtime context.
- Why it matters: Upgrade or migration may change expected behavior: 1.5.0 - 2026-03-11
- Evidence: failure_mode_cluster:github_release | https://github.com/OpenHands/OpenHands/releases/tag/1.5.0
- Hard boundary: Do not present this pitfall as solved, verified, or ignorable unless later evidence explicitly closes it.

### Constraint 9: Installation risk requires verification

- Trigger: Developers should check this installation risk before relying on the project: 1.6.0 - 2026-03-30
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: 1.6.0 - 2026-03-30. Context: Source discussion did not expose a precise runtime context.
- Why it matters: Upgrade or migration may change expected behavior: 1.6.0 - 2026-03-30
- Evidence: failure_mode_cluster:github_release | https://github.com/OpenHands/OpenHands/releases/tag/1.6.0
- Hard boundary: Do not present this pitfall as solved, verified, or ignorable unless later evidence explicitly closes it.

### Constraint 10: Installation risk requires verification

- Trigger: Developers should check this installation risk before relying on the project: 1.7.0 - 2026-05-01
- Host AI rule: Before packaging this project, run the relevant install/config/quickstart check for: 1.7.0 - 2026-05-01. Context: Observed when using docker
- Why it matters: Upgrade or migration may change expected behavior: 1.7.0 - 2026-05-01
- Evidence: failure_mode_cluster:github_release | https://github.com/OpenHands/OpenHands/releases/tag/1.7.0
- Hard boundary: Do not present this pitfall as solved, verified, or ignorable unless later evidence explicitly closes it.