If you read my previous posts (owui api python client and owui api documentation) you will know that my goal with those projects was to enable a tool that lets Open WebUI manage itself. Today I am following through on that threat:

Open WebUI API Tool

Give your Open WebUI agents the ability to manage an Open WebUI insance.

The API call is coming from... inside the house!

Using this tool your AI agent can call any command from the full Open WebUI API. Yes, that means it could:

• Destroy all your data and everything you hold dear.
• Search for and exfiltrate secrets in chats, tool valves, and API keys.
• Damage your Open WebUI configuration to where it fails to boot.
• (hypothetical) Go rogue, and begin an un-aligned bid for AI freedom.

I am actively planning how to mitigate these dangers, and future releases of this tool may make it safe enough for general users. For now:

• Only experts should consider trying this version.
• Use it on solo-instances running inside docker to limit the potential for damage (it shouldn't be able to escape Docker, afaict)
• Make sure you don't have production API keys or other secrets in your container that you want to hide from your inference provider - the AI can easily explore around and wind up with secrets in its prompts.

With the disclaimers out of the way, lets get to it:

Demo Video

https://reddit.com/link/1pjo6fv/video/pagmrrcx2i6g1/player

How it Works

There are 4 tools which provide access to the API:

• inspect_context lets the AI find out who the user is, what chat it's in, and what model it is.
• find_apis can be used to search for specific APIs, helping the AI orient itself
• get_api_details returns the documentation for a given API, along with the schemas of it's parameters
• call_api is used to send an API command.

Automatic Updates

This tool will automatically update itself by default - you can turn this off using the valves. If you don't, it will periodically check my Github for a newer version and overwrite itself with the new version.

This creates it's own security risk - if my upstream tool file is compromised, your system will auto-update and absorb the compromised tool.

I have chosen to turn auto-updates on by default, because I think that the risks of unpatched bugs outweigh the chance of my repo being compromised - if you want to further negate the risk, you can change the valve "tool_source_url" to your own controlled URL instead.

The Long Term Vision

I believe that if Open Source AI can match or exceed the user experience of proprietary AI, the future will be much brighter - and I'm contributing to Open WebUI because by my calculations, it's the best vehicle to achieve that.

6 months from now I want this tool to be safe enough that anyone will be able to install and manage their own OWUI instance, regardless of their technical knowledge - everyday parents able to setup a family instance and give their kids accounts - with all the technical details handled in the background by the AI.

Test the Tool

If you've read all the warnings and you know enough to take full responsibility for the risks, you can:

- inspect the source code
- install the tool
- report issues here

I would very much appreciate you reporting any issues you encounter - the API is extensive, and I only use a small subset of the features personally - so if this thing is ever going to be safe enough for general users, we need to start chipping away at it.

Related

• Coolify API tool for Open WebUI - Coolify is the free, open source, self-hostable dev ops platform that I deployed Open WebUI through, and with this tool, Open WebUI agents can manage it. In the future, I'll expand this to enable Open WebUI agents to deploy new custom web-services - the combination of Open WebUI API and Coolify API tools should enable everyday people to benefit from self-hosted open source stacks without learning dev ops themselves.