Commit Graph

318 Commits

Author SHA1 Message Date
469e804e38 fix(frontend): 工具块展开内部滚动条样式统一,滚动槽透明
- MinimalBlocks 思考内容(.thinking-content)补全自定义滚动条
- ToolAction 结构化显示三类滚动区(content/diff/code/output pre)统一样式
- 参考 git 状态侧边栏滚动条:10px 圆角胶囊滑块、半透明主题色
- 滚动槽(track)设为透明,贴合工具块灰色底色,避免明显槽体
- 颜色走 --claude-*/--theme-* 变量,三模式自适应

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-01 21:07:11 +08:00
548455f127 feat(frontend): 状态栏 +/- 行数变化加数字滚筒动画
新增 RollingNumber.vue:逐位纵向滚筒,值变大下面顶上来、变小上面压下来,
高位先动(38ms 错开),一次变化两格直达不路过中间数字。接入 InputComposer
状态栏的 +additions / -deletions 两处。

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-01 19:15:30 +08:00
f2d7d8f3b1 fix(ui): refresh git summary while idle 2026-05-31 23:28:10 +08:00
2f0e269788 fix(ui): adjust composer status layering 2026-05-31 22:14:57 +08:00
75594aa2aa fix(ui): 修复 write_file 内容在 diff grid 下被挤成多行
.diff-line 改为 grid 三列布局后,write_file 仍输出裸文本,整段
被塞进 5ch 宽的首列竖排折行。改为与 edit_file 一致的行号/标记/内容
三 span 结构,内容落在 1fr 列正常换行。

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-31 17:51:31 +08:00
6f78277a03 feat(ui): add project git status panel 2026-05-31 17:27:24 +08:00
6d5630c820 feat(file-edit): support batched replacements 2026-05-31 13:15:37 +08:00
fc70179b02 feat(web): 统一前端设计风格并重写回顾/版本管理弹窗
- 将 8 条前端设计风格原则写入 CLAUDE.md 与 AGENTS.md
- 重写对话回顾弹窗:扁平化去圆角套娃、移除彩色光晕、固定高度、
  自定义关闭按钮、滚动条隐藏、颜色全走三模式变量
- 回顾弹窗改用独立列表 state,加载更多改为追加不刷新、不复位滚动,
  按钮样式对齐侧边栏(全宽/文字靠左/固定高度)
- 后端 get_conversation_list 新增 non_empty 参数,回顾弹窗仅显示
  有内容的对话且分页数量一致(侧边栏不受影响)
- 重写版本管理弹窗:原生 select/checkbox 换自定义下拉与开关、
  拆圆角套娃、固定高度、颜色走变量(diff 红绿语义色保留)
- 版本管理开关旁文字随状态显示开启/关闭
- icons 注册 refreshCw 键

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-31 11:30:08 +08:00
59a79b0063 fix(web): align slash menu spacing, corners, and scroll step
- Add bottom padding so the last option has a gap below it
- Size max-height for 5 rows + 6 gaps (incl. border) so all 5 show
- Equalize side/row gaps at 5px and make first-item corners concentric
- Read row height + gap from CSS vars in scroll logic instead of hardcoded 41px

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-31 09:30:46 +08:00
50310a1bf8 feat(web): expand slash command menu 2026-05-31 00:06:48 +08:00
39328cf6a9 fix(web): use tiptap mention for skill input 2026-05-30 23:31:13 +08:00
8fddf0d1ed fix(frontend): refine personal space copy 2026-05-30 22:19:41 +08:00
9f37479272 chore: remove autosaved presentation 2026-05-30 22:10:45 +08:00
1702ccacd2 fix(ui): 目标横幅在队列/skill菜单展开时收起为圆点且不顶高布局
目标模式就绪横幅原为流内元素,撑高 stadium-input-wrapper,使锚定其顶部的
消息队列与 skill 菜单被顶起,且其高度被计入聊天区预留高度,进而抬高可滚动范围。

- 收起态切为 absolute 脱离文档流,锚定输入框上方,圆点位置不变、文字收拢
- collectComposerVisualHeight 排除收起态横幅,不再计入预留高度
- 新增 watch(goalBannerCollapsed) 在 skill 菜单开关时重新上报高度

队列为空且无 skill 选择时自动展开恢复原样。

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-30 21:51:32 +08:00
3fd2214da0 feat(compression): 深压缩改为 in-place 标记前缀,不再切换新对话
深压缩从"建新对话+切过去"重构为标记当前对话历史前缀(deep_compacted):
原文保留并照常显示,仅在 build_messages 构建请求时排除。conversation_id
不变,避免任务状态/目标模式/前端对话切换的大量适配带来的 bug。

- deep_compression.py: _mark_history_compacted 打标 + 重置 current_context_tokens
  防自动续接死循环;总结请求传入正常 tools 以 100% 命中前缀缓存
- context.py build_messages: 跳过 deep_compacted 消息
- conversation.py /compress: 去掉切对话,按 compress_behavior 决定续接/等待
- 新增个性化设置 deep_compress_form(file/inject) 与
  deep_compress_behavior(continue/wait,仅手动压缩生效)
- 前端去掉强制切换对话,改为重载当前对话刷新展示
- AGENTS.md/CLAUDE.md: 补充默认中文交流约定等说明

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-30 20:56:15 +08:00
f5e4541d83 feat(chat): add compact message display mode and goal-review/compression headers
- 审核(goal_review) user 消息气泡显示「审核 + circle-alert 图标」
- compact 消息新增「简略信息」显示形式(个人空间可切换),渲染为横线包裹的一行概要
- 压缩续接消息单独标记为 compression_handoff,visibility 改为 compact

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-05-30 19:05:59 +08:00
32865f6d6e fix(ui): refine message visibility and goal approval flow 2026-05-30 16:30:05 +08:00
e220b3703a feat(web): add skill slash selector 2026-05-30 14:50:00 +08:00
8a1e17b9a0 feat(goal): add autonomous goal mode workflow
Introduce workspace-level goal state persistence, goal prompt injection, and after-turn review handling so an active task can continue until the configured completion conditions are met.

Add a dedicated goal review agent with readonly and active evidence modes, configurable model settings, review prompt, token/turn boundaries, idle-no-tool protection, and progress/completed/stopped events.

Wire goal_mode through task creation, task restoration, compression handoff, runtime user messages, API message sanitization, and tool-call ordering so goal continuations survive long-running tasks and deep compression.

Add Vue UI for arming goal mode from the quick menu, showing running/completed banners, displaying progress metrics, restoring running goal state, and exposing personalization settings for review mode and stop limits.

Include goal mode research notes and default goal review configuration.
2026-05-30 12:51:42 +08:00
77752a22d4 fix(frontend): hide workspace status badges 2026-05-29 20:32:33 +08:00
b1cf4b9ff2 fix(frontend): restore conversation delete animation
Use a two-phase delete flow for conversation list items.

Instead of immediately removing the deleted conversation from the array and relying only on transition-group leave hooks, mark the target conversation as pending deletion first so it can play the left-slide animation, then remove it after the animation completes.

Also keep the list container mounted during delete mode so empty/loading branches do not interrupt the exit transition.

Validation: npm run build --silent 2>&1 | tail -n 20
2026-05-29 19:57:23 +08:00
08d9812f45 feat(docker): support isolated projects in web mode
Implement Docker Web project management on top of workspace_id while keeping host mode workspace behavior intact.

Backend changes:

- Move Docker user files to users/<user>/projects/<project_id>/{project,data,logs} and shared user state to users/<user>/personal.

- Add automatic legacy migration from old project/data/logs/agentskills layouts and from the temporary project/shared layout.

- Generate project IDs server-side from the project name, reserve internal IDs, and hide project paths from the UI.

- Add project rename/delete APIs; deleting a Docker project removes its project directory and releases terminal/container state.

- Add host workspace rename/delete APIs; deleting a host workspace only removes catalog entries and keeps files on disk.

- Scope Docker containers, terminals, uploads, conversations, storage, and running task metadata by workspace_id.

- Store private skills under users/<user>/personal/agentskills and sync them into each project workspace.

- Inject the current project/workspace name through prompts/workspace_system.txt.

Frontend changes:

- Replace Docker file-tree area with project management UX and reuse host multi-workspace running-task behavior.

- Add a management dialog for creating, renaming, and deleting projects/workspaces.

- Show project labels instead of internal IDs in toasts and project lists.

- Clear stale conversation history during project/workspace switching and show loading until the new list is ready.

- Keep running-task loader/check behavior consistent across host workspaces and Docker projects.

Validation:

- python3 -m py_compile modules/user_manager.py modules/host_workspace_manager.py modules/skills_manager.py core/main_terminal_parts/tools_execution.py server/auth.py server/context.py server/status.py server/conversation.py server/tasks.py utils/context_manager.py

- python3 -m unittest test.test_server_refactor_smoke

- npm run build --silent 2>&1 | tail -n 20
2026-05-29 19:49:48 +08:00
03cb39924a feat(host): support concurrent workspace conversations
Implement host-mode multi-workspace concurrency while preserving one active task per workspace. Host terminals are scoped by workspace id, host workspace switching no longer globally refreshes or blocks on tasks, and task APIs now expose workspace/conversation metadata for frontend coordination.

Update conversation navigation so creating/loading conversations during an active workspace task is view-only and does not mutate backend terminal context. This prevents running task output from being pushed into the currently viewed conversation after switching or creating a new conversation.

Add running task awareness to the frontend sidebar, composer, and polling flow. Running tasks can be shown across workspaces, current-workspace active conversations render inline loaders, completed unviewed tasks persist as check indicators across refresh, and completed tasks clear once viewed.

Restore running conversations correctly after switching workspace/conversation or refreshing during an active task. REST polling is rebound only for the matching conversation/task, stale poll responses are ignored, empty assistant placeholders are restored before first content, and completion clears loader/stop states without requiring page refresh.

Adjust host workspace UX so switching workspaces loads the active conversation if one is running, otherwise opens the new-conversation state. Other conversations in a busy workspace are view-only with disabled input instead of blocked navigation.

Validation: python3 -m py_compile server/auth.py server/context.py server/conversation.py server/status.py server/tasks.py; python3 -m unittest test.test_server_refactor_smoke; npm run build --silent 2>&1 | tail -n 12.
2026-05-29 17:54:11 +08:00
1c1aee090c fix(sidebar): highlight current conversation 2026-05-29 13:56:01 +08:00
69ae036f08 perf(status): defer docker stats on startup 2026-05-29 13:55:54 +08:00
eb00a3522a refactor(models): use dynamic api model registry 2026-05-29 00:20:54 +08:00
8da51b3b68 fix(ui): refine dark mode menu highlights 2026-05-29 00:20:31 +08:00
bed194386a fix(mobile): align conversation overlay in app 2026-05-28 20:50:44 +08:00
f61a8df6fa feat: add blocking user question tool 2026-05-28 16:30:55 +08:00
0b6b39f262 fix(ui): refine sidebar and personal space styling 2026-05-28 14:15:02 +08:00
ecba45da65 feat(ui): add sidebar list and workspace animations 2026-05-28 04:49:52 +08:00
3bc6f718eb feat(ui): refine sidebar workspace and code blocks 2026-05-28 03:53:49 +08:00
348cad2b1a fix(personalization): 调整个人空间头部对齐与内容区可视高度 2026-05-28 00:08:51 +08:00
cd82c6d658 fix(ui,runtime,search): merge runtime/frontend stabilization into main 2026-05-27 16:38:19 +08:00
e955ef73e0 feat(ui): redesign personal space settings 2026-05-27 16:15:21 +08:00
398ee6e760 feat(memory): refactor proactive memory and conversation recall
Refactor conversation persistence into workspace-scoped storage with host workspace legacy migration, current workspace filtering, and active host workspace state protection.

Add proactive recent-conversation prompt injection with personal-space controls, configurable item count, empty-conversation filtering, and frozen per-conversation prompt metadata to keep request caches stable.

Introduce conversation_search and conversation_review tools for current-workspace history: multi-keyword search, list mode, current conversation exclusion, message/tool counts, formatted model output, read/save review modes, long-review fallback, and .agents/review storage.

Move internal workspace artifacts under .agents, including uploads, skills, compact results, and reviews; update prompt file-tree visibility, compression output, upload paths, and hidden versioning exclusions.

Add create_skill workflow and a Skills tool category, move read_skill into Skills, validate/归档 skill folders, support host global skills and Docker/API private skills, and sync private skills into .agents/skills and skill prompts.

Update frontend tool icons, statuses, and expanded renderers for conversation recall and skills workflows; add workspace conversation and skills-manager tests.
2026-05-27 03:09:42 +08:00
aff972b218 fix(input): polish runtime queue rendering 2026-05-25 22:57:29 +08:00
41305ae2a8 fix(composer): avoid draft restore while busy 2026-05-25 22:57:29 +08:00
eaf270766f fix(frontend): sync generated conversation title 2026-05-25 22:52:03 +08:00
16473c824d chore: 合并多项独立 WIP 改动
- cli: 增加 layoutRefreshTick 与 IME 输入组件,处理 slash_menu 光标偏移
- config/auto_approval: 切到 opencode 中转端点
- modules/approval_agent: 调试 transcript 增加 trace / final_result 字段
- static/useLegacySocket: 重试 toast 显示具体错误信息

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-23 02:01:36 +08:00
67fdb715f5 refactor(messages): 统一运行期消息插入为 [系统通知|source] 前缀的 user 消息
- 新增 server/chat_flow_task_support.inject_runtime_user_message 作为唯一入口,
  统一处理 add_conversation + messages.insert + sender(user_message) 三件事
- 子智能体 / 后台 run_command / runtime_guidance / mode notice 全部走该入口,
  role 一律 user,inline 仅作 metadata 标记,不再复用 system role 表达语义
- inline poll 移出 tool 执行循环,改为整轮 tool 完成后批量注入,
  避免在 assistant.tool_calls 与 tool 序列之间插入 user 导致 API 报错
- 删除 _insert_completion_notice_message / _record_sub_agent_message
  以及 build_messages 中 system→user 的回转分支
- 移除已废弃的 wait_sub_agent 工具残留(后端注册、前端图标/动画、
  prompts、SKILL 文档;保留 sleep 的 wait_sub_agent_ids 参数)
- 前端取消对 is_auto_generated/auto_message_type 的过滤,
  让运行期注入的 user 消息在历史和实时推送中正常渲染

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-23 02:01:36 +08:00
e2bbd767f7 feat(host-security+ui): unify host execution/approval behavior, runtime notices, and approval overlay UX
This commit consolidates a large set of host-mode security and UX fixes across backend and frontend.

Security / execution model:
- Make permission/execution mode switches apply immediately (no deferred pending-only behavior).
- Keep runtime mode change notices durable and visible via user-message guidance path.
- Add explicit runtime message source taxonomy support and persistence:
  user / presend / guidance / notify / sub_agent / background_command.
- Ensure guidance/notify insertion is batched per tool-cycle so mid-run inserts are committed together.
- Separate notify from guidance semantics for mode-change notices.
- Add direct-mode auto-fallback handling visibility on frontend.

Approval and command gating:
- Align run_command approval pre-check logic with docker behavior for approval/auto_approval modes in host execution paths.
- Keep approval retry flow and final-result semantics intact when permission errors trigger approval.
- Externalize forbidden command keyword list into JSON config:
  config/forbidden_commands.json.
- Update forbidden command rejection message to user-facing wording:
  用户不允许执行包含“... ”的指令.

Prompt/runtime guidance:
- Refine execution-mode runtime rule text to avoid endless workaround loops:
  one safe alternative first, then request switching to direct mode when truly required.

Chat rendering / message UX:
- Prevent injected guidance/notify user-messages from incorrectly triggering assistant work header/timer chain.
- Restore correct visibility after history reload while preserving runtime-source behavior.
- Update user-header icon/label rendering by message source:
  - guidance -> 引导 + navigation icon
  - notify/sub_agent/background_command -> 通知 + bell icon
  - user/presend -> keep normal user header.
- Add new icons: static/icons/navigation.svg, static/icons/bell.svg.

Approval panel UX:
- Convert desktop approval panel from layout-compress sidebar to overlay + blur sheet.
- Fix panel transition behavior (remove unintended vertical motion; use dedicated desktop overlay transition).
- Improve approval result display:
  - decision and reason split lines,
  - green/red status styling,
  - multiline reason rendering,
  - auto-collapse delay adjusted to 3s.

Execution mode TTL feedback:
- When direct mode auto-expires to sandbox, frontend menu state is updated from status snapshot.
- Show non-auto-dismiss warning toast to explicitly notify auto-fallback.

Misc consistency updates:
- Execution mode label text cleanup in composer.
- Runtime notice wording normalization (权限模式修改为..., 执行环境修改为...).

Build/test notes:
- Frontend rebuilt after UI changes.
- Smoke tests passed for server refactor path.
2026-05-12 19:16:38 +08:00
2ec226b5eb fix(permission,docker): enforce docker-specific approval flow and polish permission menu layout
- Add docker risk markers config (config/docker_risk_markers.json) and load it in tools permission evaluation.

- In docker mode, pre-evaluate run_command/terminal_input: readonly-safe and no-risk -> direct run; otherwise require approval/auto-approval.

- Keep docker write_file/edit_file behavior aligned with agreed policy: approval requires review, auto_approval passes directly.

- Pass risk markers into auto approval payload and include current working directory context for approval agent.

- Fix permission dropdown layout: only use split two-column menu when execution mode section is enabled; remove empty right blank area in docker mode.

- Center mobile approval overlay to prevent sheet overflow on small screens.
2026-05-11 22:56:10 +08:00
8d665ad6de feat(permission): add auto-approval mode with approval agent, UI flow, and docs sync
Implemented a new permission mode  between  and , including backend policy, runtime behavior, frontend display, and documentation updates.

Backend & policy changes:

- Added  to permission mode validation and persistence paths.

- Updated tool permission evaluation: workspace-local  direct pass, out-of-workspace requires approval.

- Kept  readonly-first flow and added auto-approval decision path when permission denial occurs.

- Added approval reason/decider support in tool approval manager.

- Improved rejection tool-content format to natural language: '工具调用被拒绝\n原因:...'

- Fixed permission-mode sync edge cases on conversation create/load and restart-first-switch behavior.

Approval agent subsystem:

- Added  and .

- Added lightweight auto-approval config at  (name/url/key/model/extra_params + timeouts).

- Added optional transcript debug switch in code and transcript output under logs/approval_agent.

- Aligned transcript saving toward cumulative messages format and captured reasoning/content/tool_calls/tool sequence.

Frontend changes:

- Added  option to personalization and permission menus.

- Reworked approval panel auto-review display into a dedicated block with simplified lines: start, command, final approve/reject + reason.

- Added delayed sidebar auto-close (10s) after approval resolved.

- Added stricter permission-switch verification and rollback on mismatch/error.

Docs updated:

- Synced AGENTS.md, README.md, and docs/host_sandbox_and_permission_model.md with new permission mode, approval-agent behavior, config, and current constraints (including docker caveat).
2026-05-11 17:55:27 +08:00
a93f17010c feat(security): unify host sandbox controls across command/python/terminal/sub-agent and add path authorization UI
This commit lands a broad host-security architecture update focused on enforceable sandbox execution, clearer permission semantics, and operator usability.

Core execution/security changes
- Introduce and wire a unified host sandbox runner for multi-OS execution:
  - macOS: sandbox-exec
  - Linux: bubblewrap + seccomp
  - Windows: WSL2 path
- Remove silent fallback behavior in failure paths; sandbox-unavailable cases now fail closed instead of dropping to unsafe host execution.
- Ensure host execution mode (sandbox/direct) is propagated consistently into runtime components, including sub-agent startup.

Permission mode model upgrade
- Rework readonly/approval behavior for run_command from brittle command-text gating to execution-layer enforcement:
  - readonly: run_command executes in read-only sandbox profile.
  - approval: run_command first executes read-only; when permission-denied is detected, request approval and retry once with writable sandbox for that single call.
- Tool loop now returns final post-approval execution result, not intermediate permission-denied payloads.
- Update permission-mode system messaging to describe user-visible behavior without exposing internal implementation details.

Path authorization system
- Add dynamic host policy module and persisted policy file.
- Support dual path classes:
  - writable_paths (read+write)
  - readable_extra_paths (read-only)
- Enforce file access in file_manager by access type (read vs write) under host mode.
- Add host-only frontend 路径授权 management dialog (settings三级菜单入口), including mode switch between 可读可写 and 仅可读 with separate drafts and save flow.

Sub-agent and terminal alignment
- Sub-agent process launch now respects host execution mode and sandbox controls in host mode.
- Keep terminal session model compatible with sandbox-first behavior and execution-mode propagation.

Tool surface updates
- Remove legacy file-management tools from active tool definitions (create_file/create_folder/rename_file/delete_file) while preserving historical conversation compatibility.

Docs updates
- Add dedicated architecture doc: docs/host_sandbox_and_permission_model.md
- Refresh README and AGENTS sections to reflect updated permission/execution model and path-authorization semantics.

Validation performed
- python unittest smoke suite passes: test.test_server_refactor_smoke
- frontend build passes: npm run build
- syntax checks for touched Python modules completed
2026-05-11 13:41:30 +08:00
6ee8cda2a7 feat(security): harden host execution model with sandbox/direct controls
This commit introduces a substantial security and runtime architecture update for host mode, with three major goals: (1) enforce OS-level sandboxing by default, (2) support a controlled temporary direct-execution escape hatch for admin users, and (3) eliminate silent fallback behavior that could hide risk.

Backend/runtime changes:\n- Added a unified host sandbox runner (macOS sandbox-exec / Linux bubblewrap+seccomp / Windows WSL2).\n- Converted host terminal creation to sandboxed interactive shells by default.\n- Kept run_command/run_python on the same execution policy and added host execution mode plumbing (sandbox|direct).\n- Added session-scoped direct mode with TTL auto-revert (default 10 minutes), configurable via environment.\n- Added execution mode APIs (GET/POST /api/execution-mode), host+admin gating, status propagation, and rate limiting.\n- Added runtime refresh hooks so tool calls honor TTL expiration and mode transitions consistently.\n- Removed docker->host silent fallback paths: docker startup/runtime failures now fail fast instead of degrading silently.\n- Added host sandbox prompt injection (host-only) to guide agent behavior under permission constraints.

Configuration and policy changes:\n- Added HOST_EXECUTION_MODE_DEFAULT and HOST_EXECUTION_DIRECT_TTL_SECONDS.\n- Added HOST_SANDBOX_MACOS_WRITABLE_PATHS to support user-defined writable path allowlists.\n- Updated macOS sandbox profile generation to use minimal defaults (workspace + tmp + /dev/null) plus explicit allowlist extensions.\n- Updated .env.example documentation for new execution/sandbox controls.

Frontend changes:\n- Extended permission popover to a two-column model (Permission + Execution Environment) for host admin sessions.\n- Added execution mode state/options to app state, fetching, and status synchronization flows.\n- Added execution mode switching action and user feedback toasts.\n- Kept warning emphasis via text styling only (removed warning border per UX request).

Validation:\n- Python syntax checks passed for modified backend modules.\n- Existing smoke tests passed: python3 -m unittest test.test_server_refactor_smoke\n- Frontend production build passed: npm run build
2026-05-10 19:19:01 +08:00
8395cf8b4b fix(prompt): merge disabled-tool notice into leading system prompts 2026-05-09 18:56:49 +08:00
d406244604 fix(style): 修复空白页欢迎文字居中与换行适配 2026-04-28 17:57:16 +08:00
8814f963f5 fix(ux): 用户发送后即时显示 assistant 头部和等待提示 2026-04-28 17:56:52 +08:00
9a5a116fd6 feat(ui): 新增欢迎文字和等待提示文案 2026-04-28 17:56:14 +08:00