‹ OSS Reports
The Dispatch

OSS Report: stitionai/devika


Devika Faces Critical Security Vulnerability Amidst Active Development and Community Engagement

Devika, an open-source AI software engineer designed to interpret human instructions and generate code, is actively developed with substantial community involvement. However, a critical security vulnerability (#639) threatens its stability and requires immediate attention.

Recent Activity

Recent issues and pull requests (PRs) indicate a focus on installation challenges, model integration difficulties, and user interface bugs. Notable issues include installation errors (#629, #623), server connectivity problems (#499), and a critical security bug (#639). These highlight ongoing stability concerns typical of early-stage development.

Development Team and Recent Contributions

  1. Tosin Akinosho (tosin2013)

  2. Injae Ryou (sts07142)

    • Added gpt-4o-mini functionality in llm.py.
  3. Athulkrishna S (Athulkrishna-S)

  4. Ayush Rajgor (ARajgor)

    • Fixed CORS and YAML issues; improved error handling.
  5. Alan Sunny (nalaso)

    • Contributed UI enhancements and documentation updates.
  6. Vijayraju111222333

    • Added Gemini 1.5 configuration.
  7. Meltingscales

    • Fixed CORS and YAML issues.
  8. Chisun Joung

    • Addressed bug #550 related to model names.
  9. Kgott

    • Fixed list index out of range error in file parsing.

The team is actively engaged in both feature development and bug resolution, with Ayush Rajgor playing a key role in collaboration efforts.

Of Note

  1. Critical Security Vulnerability: Issue #639 highlights a potential for arbitrary code execution, necessitating urgent resolution.

  2. Installation Challenges: Multiple issues (#629, #623) report difficulties with dependencies like Numpy, affecting user onboarding.

  3. Community Engagement: High community involvement is evident through active discussions and contributions addressing various bugs and enhancements.

  4. Feature Expansion: PRs such as #563 introduce support for new models like LiteLLM, reflecting the project's experimental nature.

  5. Stability Concerns: Recurring issues with server connectivity (#499) and application responsiveness indicate ongoing stability challenges.

The Devika project continues to evolve with active contributions but must address critical vulnerabilities and stability issues to ensure its growth and reliability as an open-source AI solution.

Quantified Reports

Quantify Issues



Recent GitHub Issues Activity

Timespan Opened Closed Comments Labeled Milestones
7 Days 0 0 0 0 0
30 Days 3 4 0 3 1
90 Days 24 5 40 24 1
All Time 384 262 - - -

Like all software activity quantification, these numbers are imperfect but sometimes useful. Comments, Labels, and Milestones refer to those issues opened in the timespan in question.

Quantify commits



Quantified Commit Activity Over 30 Days

Developer Avatar Branches PRs Commits Files Changes
Athulkrishna S 1 0/1/0 1 1 24
Injae Ryou 1 0/1/0 1 1 1
Tosin Akinosho 1 0/1/0 1 1 1
Anurag sikdar (shvynu) 0 2/0/1 0 0 0
Alperen (alpernae) 0 0/0/1 0 0 0
Mike Gerade (MikG-MikG) 0 0/0/1 0 0 0
Jivesh Kalra (jiveshkalra) 0 0/0/1 0 0 0

PRs: created by that dev and opened/merged/closed-unmerged during the period

Detailed Reports

Report On: Fetch issues



Recent Activity Analysis

The GitHub repository for Devika has seen a total of 122 open issues, with a notable number of recent discussions focusing on installation problems, model integration issues, and user interface bugs. A recurring theme is the difficulty users face in getting the application to respond effectively, particularly when interacting with various LLMs or when using web search functionalities. There are also several reports of the application freezing or not executing commands as expected, indicating potential stability concerns.

Several issues highlight specific errors such as ModuleNotFoundError, IndexError, and problems related to API keys and model recognition. The community appears active, with users sharing workarounds and solutions, but there is a clear need for improved documentation and troubleshooting guidance.

Issue Details

Recent Issues

  1. Issue #629: The build process gets stuck at requirements.txt installation on Windows.

    • Priority: High
    • Status: Open
    • Created: 51 days ago
    • Updated: 12 days ago
  2. Issue #623: Getting error during installation - Numpy is not available.

    • Priority: Medium
    • Status: Open
    • Created: 72 days ago
    • Updated: 4 days ago
  3. Issue #499: Failed to connect to server.

    • Priority: High
    • Status: Open
    • Created: 143 days ago
    • Updated: 3 days ago
  4. Issue #642: Exception in Thread.

    • Priority: Medium
    • Status: Open
    • Created: 22 days ago
  5. Issue #641: Docker-compose.yaml doesn't allow using already installed Ollama.

    • Priority: Medium
    • Status: Open
    • Created: 26 days ago
  6. Issue #639: Security bug leading to arbitrary code execution.

    • Priority: Critical
    • Status: Open
    • Created: 34 days ago
  7. Issue #638: ModuleNotFoundError when running Devika.

    • Priority: Medium
    • Status: Open
    • Created: 36 days ago
  8. Issue #637: Feature request for real terminal integration.

    • Priority: Low
    • Status: Open
    • Created: 37 days ago
  9. Issue #636: Funraise integration with Salesforce.

    • Priority: Low
    • Status: Open
    • Created: 39 days ago
  10. Issue #632: Abandoned project? Concerns about lack of updates.

    • Priority: Low
    • Status: Open
    • Created: 46 days ago

Summary of Key Issues:

  • There are significant concerns regarding installation processes and dependencies, particularly with Python packages like Numpy and gevent.
  • Users frequently report issues with server connectivity and model integration, especially with Ollama.
  • Critical security vulnerabilities have been identified that could lead to arbitrary code execution, necessitating urgent attention from maintainers.
  • The user interface has been criticized for being unresponsive or glitchy, especially in mobile contexts.

Overall, while the project has garnered considerable interest and contributions from the community, it faces challenges typical of early-stage software development, particularly regarding stability and usability across different environments.

Report On: Fetch pull requests



Overview

The analysis of the pull requests (PRs) for the Devika project reveals a total of 37 open PRs, with a mix of documentation improvements, bug fixes, feature enhancements, and code refactoring efforts. The project appears to be actively developed, with contributions focusing on improving usability, performance, and integration with various AI models.

Summary of Pull Requests

  1. PR #643: search_engine.md - Created by Anurag Sikdar, this PR improves documentation clarity for setting up search engine API keys. It enhances user guidance through better formatting and step-by-step instructions.

  2. PR #618: fix: cors error - Mohamed Marzuq's PR addresses CORS issues by adding two origins for the front-end URL, ensuring the application functions seamlessly out of the box.

  3. PR #603: This PR fix devika - Younes Darrassi's PR includes multiple updates to various files to enhance functionality and resolve issues related to project management and compatibility.

  4. PR #567: Fix: Strip backquote from generated filenames - This PR by kgott resolves filename formatting issues by removing backquotes from generated filenames.

  5. PR #563: Adding Litellm client and some models/providers - O.S.H introduces support for the LiteLLM framework, enhancing model usage capabilities within the application.

  6. PR #562: adding a missing sample.config.toml file - IT Goldman adds a missing configuration file necessary for proper application setup.

  7. PR #558: Update README.md - Minor hyperlink changes were made by 0ccupi3R to improve documentation accuracy.

  8. PR #545: Docs: Fixes broken links in docs/architecture/README.md - Nilanjan De fixes broken links in documentation to enhance user navigation.

  9. PR #544: Refactor: Refactor the code by converting global variables to local members - Ryo Machida improves testability by refactoring global variables into class members.

  10. PR #539: Fix for Tokens Limit/Context issue | GPT4FREE | Auto Install Windows | Folders collapse/expand Monaco Editor - Reiko's extensive PR introduces several features including folder management in the editor and fixes for token limits.

  11. PR #526: fix typos - RainRat's PR focuses on correcting typographical errors across various documentation files.

  12. PR #520: Docs: corrected typo in README - Khaled M'hirsi makes minor corrections to enhance clarity in the README file.

  13. PR #514: [Improve] Improved Docker build - Antony Repin enhances Docker build processes with caching and environment configurations.

  14. PR #505: Docs: update ollama.md - Ikko Eltociear Ashimine makes minor updates to installation documentation for Ollama.

  15. PR #491: Fixed Bugs and Added some useful functions - RemY addresses bugs while introducing new functionalities aimed at improving user experience.

  16. PR #460: Language fixes - Dmitry Vasilev implements language corrections across various components of the application.

  17. PR #438: Update prompt.jinja2 with an example for more consistent format reply - Md Zuhair enhances response consistency in planning tasks by adding examples to prompts.

  18. PR #400: added openrouter support - ShahabSH94 adds support for OpenRouter integration within the application.

  19. PR #398: fix: #358 - This PR addresses a specific issue but lacks detailed context in its description.

  20. PR #397: Improvement for the issue : Not working with LLM #396 - This PR attempts to improve model response handling but notes that it may not fully resolve the underlying issue.

21-37. Additional PRs focus on various bug fixes, feature enhancements, documentation improvements, and code refactoring efforts aimed at improving overall project stability and usability.

Analysis of Pull Requests

The ongoing development of Devika is characterized by a diverse range of contributions that reflect both community engagement and a commitment to enhancing functionality. The majority of recent PRs focus on improving documentation (e.g., PRs #643, #558, and #545), which is crucial as it aids new users in understanding how to effectively utilize the software while also addressing existing issues related to clarity and accuracy in instructions.

A significant number of contributions also target bug fixes (e.g., PRs #618, #603, and others), indicating an active effort to stabilize the application as it evolves. For instance, PRs addressing CORS issues or fixing token limits highlight practical concerns that users may encounter during deployment or usage scenarios.

Feature enhancements are another prominent theme—several PRs introduce new capabilities such as improved model support (e.g., LiteLLM in PR #563) or enhanced user interface elements (e.g., folder management in PR #539). These additions not only expand Devika's functionality but also align with its goal of providing a competitive alternative to proprietary solutions like Devin by Cognition AI.

However, there are notable anomalies within this dataset as well—some older PRs remain open without significant activity or resolution (e.g., PRs like #400 or #398). This could indicate potential bottlenecks in review processes or prioritization challenges within the development team. Furthermore, there is a lack of recent merge activity across several older contributions, which may hinder progress if not addressed promptly.

In conclusion, while the Devika project exhibits strong community involvement and ongoing enhancements through its pull requests, attention must be given to maintaining momentum on older contributions and ensuring timely reviews to foster continued growth and stability in this ambitious open-source initiative.

Report On: Fetch commits



Repo Commits Analysis

Development Team and Recent Activity

Team Members and Recent Contributions

  1. Tosin Akinosho (tosin2013)

    • Recent Activity: Updated requirements.txt to include curl_cffi.
    • Collaboration: None noted.
  2. Injae Ryou (sts07142)

    • Recent Activity: Added gpt-4o-mini functionality in llm.py.
    • Collaboration: None noted.
  3. Athulkrishna S (Athulkrishna-S)

    • Recent Activity: Updated mistral_client.py, making significant changes (+14, -10).
    • Collaboration: None noted.
  4. Ayush Rajgor (ARajgor)

    • Recent Activity: Extensive contributions including fixes for various bugs, enhancements to error handling, and improvements in socket management. Notable recent commits include:
    • Fixing CORS and YAML issues.
    • Adding features like blocking message sending until agent completion.
    • Multiple updates to improve project management and error handling.
    • Collaboration: Worked with multiple team members on various features.
  5. Alan Sunny (nalaso)

    • Recent Activity: Contributed to multiple features and improvements, including UI enhancements and updates to documentation.
    • Collaboration: Co-authored several commits with Ayush Rajgor.
  6. Vijayraju111222333

    • Recent Activity: Added the latest Gemini 1.5 configuration.
    • Collaboration: None noted.
  7. Meltingscales

    • Recent Activity: Fixed CORS and YAML issues.
    • Collaboration: None noted.
  8. Chisun Joung

    • Recent Activity: Addressed bug #550 related to model names.
    • Collaboration: None noted.
  9. Kgott

    • Recent Activity: Fixed a list index out of range error related to file parsing.
    • Collaboration: None noted.
  10. Other contributors such as FroDK, Md Zuhair, and others have also made various contributions primarily focused on bug fixes and minor enhancements.

Patterns and Themes

  • The team is actively engaged in addressing both feature development and bug fixes, indicating a balanced approach to enhancing functionality while maintaining stability.
  • Ayush Rajgor appears to be a key contributor, frequently collaborating with others, suggesting a leadership role within the team.
  • Recent commits reflect a focus on improving user experience through UI enhancements and error handling, which aligns with the project's goal of being user-friendly.
  • There is a notable emphasis on integrating new AI models and improving existing functionalities, indicative of the project's experimental nature and ambition to compete with established solutions like Devin by Cognition AI.
  • The absence of recent activity from some team members suggests varying levels of engagement or focus within the team.

Overall, the development team is actively working on both new features and resolving existing issues, contributing to the ongoing evolution of the Devika project in its early stages.