Commit Graph

97 Commits

Author SHA1 Message Date
2ec226b5eb fix(permission,docker): enforce docker-specific approval flow and polish permission menu layout
- Add docker risk markers config (config/docker_risk_markers.json) and load it in tools permission evaluation.

- In docker mode, pre-evaluate run_command/terminal_input: readonly-safe and no-risk -> direct run; otherwise require approval/auto-approval.

- Keep docker write_file/edit_file behavior aligned with agreed policy: approval requires review, auto_approval passes directly.

- Pass risk markers into auto approval payload and include current working directory context for approval agent.

- Fix permission dropdown layout: only use split two-column menu when execution mode section is enabled; remove empty right blank area in docker mode.

- Center mobile approval overlay to prevent sheet overflow on small screens.
2026-05-11 22:56:10 +08:00
a93f17010c feat(security): unify host sandbox controls across command/python/terminal/sub-agent and add path authorization UI
This commit lands a broad host-security architecture update focused on enforceable sandbox execution, clearer permission semantics, and operator usability.

Core execution/security changes
- Introduce and wire a unified host sandbox runner for multi-OS execution:
  - macOS: sandbox-exec
  - Linux: bubblewrap + seccomp
  - Windows: WSL2 path
- Remove silent fallback behavior in failure paths; sandbox-unavailable cases now fail closed instead of dropping to unsafe host execution.
- Ensure host execution mode (sandbox/direct) is propagated consistently into runtime components, including sub-agent startup.

Permission mode model upgrade
- Rework readonly/approval behavior for run_command from brittle command-text gating to execution-layer enforcement:
  - readonly: run_command executes in read-only sandbox profile.
  - approval: run_command first executes read-only; when permission-denied is detected, request approval and retry once with writable sandbox for that single call.
- Tool loop now returns final post-approval execution result, not intermediate permission-denied payloads.
- Update permission-mode system messaging to describe user-visible behavior without exposing internal implementation details.

Path authorization system
- Add dynamic host policy module and persisted policy file.
- Support dual path classes:
  - writable_paths (read+write)
  - readable_extra_paths (read-only)
- Enforce file access in file_manager by access type (read vs write) under host mode.
- Add host-only frontend 路径授权 management dialog (settings三级菜单入口), including mode switch between 可读可写 and 仅可读 with separate drafts and save flow.

Sub-agent and terminal alignment
- Sub-agent process launch now respects host execution mode and sandbox controls in host mode.
- Keep terminal session model compatible with sandbox-first behavior and execution-mode propagation.

Tool surface updates
- Remove legacy file-management tools from active tool definitions (create_file/create_folder/rename_file/delete_file) while preserving historical conversation compatibility.

Docs updates
- Add dedicated architecture doc: docs/host_sandbox_and_permission_model.md
- Refresh README and AGENTS sections to reflect updated permission/execution model and path-authorization semantics.

Validation performed
- python unittest smoke suite passes: test.test_server_refactor_smoke
- frontend build passes: npm run build
- syntax checks for touched Python modules completed
2026-05-11 13:41:30 +08:00
6ee8cda2a7 feat(security): harden host execution model with sandbox/direct controls
This commit introduces a substantial security and runtime architecture update for host mode, with three major goals: (1) enforce OS-level sandboxing by default, (2) support a controlled temporary direct-execution escape hatch for admin users, and (3) eliminate silent fallback behavior that could hide risk.

Backend/runtime changes:\n- Added a unified host sandbox runner (macOS sandbox-exec / Linux bubblewrap+seccomp / Windows WSL2).\n- Converted host terminal creation to sandboxed interactive shells by default.\n- Kept run_command/run_python on the same execution policy and added host execution mode plumbing (sandbox|direct).\n- Added session-scoped direct mode with TTL auto-revert (default 10 minutes), configurable via environment.\n- Added execution mode APIs (GET/POST /api/execution-mode), host+admin gating, status propagation, and rate limiting.\n- Added runtime refresh hooks so tool calls honor TTL expiration and mode transitions consistently.\n- Removed docker->host silent fallback paths: docker startup/runtime failures now fail fast instead of degrading silently.\n- Added host sandbox prompt injection (host-only) to guide agent behavior under permission constraints.

Configuration and policy changes:\n- Added HOST_EXECUTION_MODE_DEFAULT and HOST_EXECUTION_DIRECT_TTL_SECONDS.\n- Added HOST_SANDBOX_MACOS_WRITABLE_PATHS to support user-defined writable path allowlists.\n- Updated macOS sandbox profile generation to use minimal defaults (workspace + tmp + /dev/null) plus explicit allowlist extensions.\n- Updated .env.example documentation for new execution/sandbox controls.

Frontend changes:\n- Extended permission popover to a two-column model (Permission + Execution Environment) for host admin sessions.\n- Added execution mode state/options to app state, fetching, and status synchronization flows.\n- Added execution mode switching action and user feedback toasts.\n- Kept warning emphasis via text styling only (removed warning border per UX request).

Validation:\n- Python syntax checks passed for modified backend modules.\n- Existing smoke tests passed: python3 -m unittest test.test_server_refactor_smoke\n- Frontend production build passed: npm run build
2026-05-10 19:19:01 +08:00
8395cf8b4b fix(prompt): merge disabled-tool notice into leading system prompts 2026-05-09 18:56:49 +08:00
d406244604 fix(style): 修复空白页欢迎文字居中与换行适配 2026-04-28 17:57:16 +08:00
b151f8ff71 feat: add host workspace manager, mcp-tool-config skill, and UI enhancements 2026-04-28 13:04:51 +08:00
bb6bfff176 fix(ui): stabilize tool header icons and mcp completion label 2026-04-27 15:51:52 +08:00
9d8beacc8d fix: align thinking and tool status text in blocks 2026-04-27 15:35:10 +08:00
2c75bb01a0 feat(ui): cap tool toggle menu to five items with hidden scrollbar 2026-04-27 01:42:32 +08:00
3cd8bdabef feat(ui): add refresh button for showhtml cards 2026-04-27 01:42:24 +08:00
9199f5ca7c fix: unify show cards rendering and prompt constraints 2026-04-26 18:13:24 +08:00
24c702c0af fix(show_html): add js mode with sandbox iframe rendering 2026-04-26 17:13:08 +08:00
ac788daa03 fix(show_html): freeze completed card during streaming 2026-04-26 16:52:22 +08:00
383e68188c fix: stabilize show_html rendering and restore conversation mode state 2026-04-26 01:04:23 +08:00
33d270ff63 fix: stabilize show_html streaming rendering and recovery 2026-04-25 23:17:07 +08:00
1c928d7518 chore: backup snapshot before show_html scroll rework 2026-04-25 20:39:52 +08:00
13400f62d5 feat: add manage_personalization tool and fix personalization sync 2026-04-13 20:22:06 +08:00
2397e6ec1c feat: 添加拖拽上传图片/视频功能
- 支持拖拽图片到窗口自动上传到输入栏
- 支持拖拽视频到窗口自动上传到输入栏
- 支持拖拽其他文件触发普通上传
- 多主题适配:经典色(橙色)、浅色(黑色)、深色(白色)
- 修复浅色/经典色主题下提示文字看不清的问题
2026-04-12 15:55:00 +08:00
3a9b5388f9 style(mobile): 优化审批面板移动端样式
- 移除顶部灰色块,内容直接顶头显示
- 移除关闭按钮圆形外框,只保留×符号
- 统一配色与电脑端一致
2026-04-12 13:42:39 +08:00
3fee0ebf7d fix(mobile): 权限菜单自适应位置并优化审批面板样式
- 修复权限切换弹出菜单在移动端跑出屏幕右侧的问题
- 添加媒体查询使菜单自适应左右位置
2026-04-12 13:41:15 +08:00
6a21a642d0 fix(approval): 完整展示写入内容并隐藏内部滚动条 2026-04-11 18:59:40 +08:00
55feb36091 feat(versioning-ui): 优化版本不一致提示与回溯限制 2026-04-11 17:01:35 +08:00
6379f8c729 feat: complete conversation versioning UX and restore workflow 2026-04-11 16:16:40 +08:00
34a6577f3a feat: ship permission/approval UI with mobile support and context usage ring 2026-04-11 04:07:55 +08:00
4124faa040 feat(frontend): 优化聊天界面与监控交互体验 2026-04-10 14:34:18 +08:00
90233690ad feat: add json-based extensible model registry and dynamic model UI 2026-04-09 20:56:54 +08:00
a04eca3aab fix: unify background run_command notifications with sub-agent flow 2026-04-08 16:13:40 +08:00
7e1d9bfede fix: restore apk tutorial scrolling and bump app to 1.0.19 2026-04-07 17:56:05 +08:00
692a12affd feat: complete guided tutorial with mobile flow and ui polish 2026-04-07 17:03:37 +08:00
c88b3e9363 feat: inline workspace logo with theme adaptation and bump versions 2026-04-07 12:14:10 +08:00
3ae5be47d9 feat: add per-skill strict read-before-tool enforcement 2026-04-07 11:50:38 +08:00
39af4151d9 fix: enforce max-width hard wrapping in chat input and bubbles 2026-04-07 11:50:28 +08:00
1a3235be09 fix: add connection heartbeat and polish mobile tap feedback 2026-04-07 00:04:44 +08:00
81d4c17ae7 feat: update app refresh entry and release metadata 2026-04-06 19:51:56 +08:00
fafb0d35ad feat: add app update flow and apk deploy automation 2026-04-06 02:10:52 +08:00
6f2f854f6d fix: refine mobile assistant content spacing 2026-04-05 21:25:01 +08:00
6e3bdaa964 fix: constrain mobile overlay panel width 2026-04-05 20:57:29 +08:00
3e800609c5 fix: tighten mobile chat gutters and user bubble width 2026-04-05 20:54:57 +08:00
a5412dae34 fix: adjust sub-agent notice spacing in minimal mode 2026-04-05 16:58:22 +08:00
2700a25702 feat: add per-user-message work timer with persistence 2026-04-05 15:14:29 +08:00
0c213b0a9f feat: polish minimal summary loader interactions 2026-04-04 20:52:50 +08:00
321818f7ef feat: 新增极简模式(Minimal Mode)
新增了一个全新的消息显示模式,提供更简洁的对话体验。

主要功能:
- 新增 MinimalBlocks.vue 组件,实现极简风格的消息块展示
- 在 ChatArea.vue 中集成极简模式渲染逻辑
- 在个性化设置中添加"极简模式"选项(blockDisplayMode)
- 支持三种显示模式:堆叠模式、极简模式、传统模式

技术实现:
- 使用 personalization store 管理显示模式状态
- 通过 computed 属性动态切换渲染组件
- 保持与现有堆叠模式和传统模式的兼容性

用户体验:
- 更清爽的界面布局
- 减少视觉干扰
- 适合快速浏览对话内容

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-04-04 14:47:45 +08:00
f3179e2a97 feat: 优化滚动锁定和个性化称呼功能
滚动锁定优化:
- 滚动锁定默认始终启用,不再根据输出状态自动解锁
- 深色模式下锁定图标显示为白色,与箭头图标保持一致

个性化称呼功能:
- AI 助手名称根据个性化设置中的"自称"动态显示
- 用户名称根据个性化设置中的"称呼"动态显示
- 页面初始化时自动加载个性化设置,无需打开个人空间
- 在"模型行为"中新增"使用自定义称呼"开关
- 开关关闭时显示默认的"AI Assistant"和"用户"
- 修复保存后开关状态被重置的问题

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-03-13 12:10:08 +08:00
bd863f6d38 feat: 优化图片/视频上传和显示功能
- 支持从本地一次选择多个文件上传
- 图片选择器上传完成后自动关闭
- 输入框和用户消息块显示缩略图(60x60px)而非文件名
- 输入框缩略图悬停时显示删除按钮(右上角 × 符号)
- 统一图片/视频预览样式,提升用户体验

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-03-13 11:40:54 +08:00
ed82fc966e fix: improve sub-agent ui and state 2026-03-11 15:40:28 +08:00
b68dee9d98 chore: snapshot current changes 2026-03-10 23:48:40 +08:00
d71525a3c6 feat: add personal usage stats 2026-03-09 12:03:47 +08:00
77b96623ac feat: 优化手机端UI布局和样式
- 手机端对话内容左右边距减小,AI消息更贴近屏幕边缘
- 修复工具intent文本溢出显示省略号,保持箭头和图标位置不变
- 重构手机端左上角菜单为纵向下拉样式,新增"新建对话"选项
- 统一菜单图标大小和线条粗细,支持亮色/暗色主题自动适配
- 修复个人空间弹窗顶部被状态栏遮挡问题

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-03-09 00:20:47 +08:00
43409c523e fix: 移除错误的对话切换跳转逻辑并修复工具执行返回值问题
主要修复:
1. 移除前端"取消跳转到正在运行的对话"的错误逻辑
   - 删除 switchConversation 中的任务检查和确认提示
   - 删除 createNewConversation 中的跳转回运行对话逻辑
   - 删除 loadConversation 中对未定义变量 hasActiveTask 的引用

2. 修复后端工具执行返回值问题
   - 修复 execute_tool_calls 在用户停止时返回 None 的 bug
   - 确保所有返回路径都返回包含 stopped 和 last_tool_call_time 的字典

3. 其他改进
   - 添加代码复制功能 (handleCopyCodeClick)
   - 移除 FocusPanel 相关代码
   - 更新个性化配置 (enhanced_tool_display)
   - 样式和主题优化

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-03-08 17:42:07 +08:00
5ce21eb280 修复手机端个人空间选项卡滑动问题
- 为选项卡容器添加 width: 100% 和 max-width: 100% 限制宽度
- 添加 -webkit-overflow-scrolling: touch 启用 iOS 平滑滚动
- 添加 touch-action: pan-x 明确允许横向触摸滚动
- 添加 scroll-behavior: smooth 实现平滑滚动效果
- 添加 overscroll-behavior-x: contain 防止滚动溢出

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-03-08 04:52:30 +08:00