Commit Graph

35 Commits

Author SHA1 Message Date
15106e7d00 feat(branding): 将产品名统一为 Astrion
- 前端页面标题、登录/注册页、左侧栏、聊天头部、教程欢迎语全部改为 Astrion
- CLI 欢迎面板与状态栏改为 Astrion CLI
- 后端启动日志与 setup 向导改为 Astrion
- package.json 与 README 标题同步更新
- 主 system prompt 增加 Astrion 自我介绍,视觉模型 prompt 文件名从 qwenvl 改为 vl
- 项目记忆与 AGENTS.md/CLAUDE.md 新增产品名说明
2026-07-07 18:17:48 +08:00
f3e166e258 feat: 上传文件/图片路径提示 + 文件树去 emoji + CSV 预览优化 2026-06-24 20:44:26 +08:00
e4a663594d feat: Android App 原生 PDF 预览与前端 show_file 卡片
- 集成 AndroidPdfViewer (mhiew fork) 实现不依赖浏览器的 PDF 预览
- 新增 PdfPreviewActivity 与 JS Bridge (AndroidPdfBridge)
- ShowFileCard 在 Android App 内对 PDF 显示「预览」按钮,不内嵌 iframe
- 新增 /api/file/content 后端接口用于文件内容 inline 预览
- 前端支持 <show_file> 标签与 download:// 链接渲染
- 更新 Android 版本号至 1.0.35
2026-06-24 00:06:10 +08:00
78544cb205 refactor: remove run_python tool, consolidate all execution to run_command 2026-06-07 16:23:01 +08:00
67fdb715f5 refactor(messages): 统一运行期消息插入为 [系统通知|source] 前缀的 user 消息
- 新增 server/chat_flow_task_support.inject_runtime_user_message 作为唯一入口,
  统一处理 add_conversation + messages.insert + sender(user_message) 三件事
- 子智能体 / 后台 run_command / runtime_guidance / mode notice 全部走该入口,
  role 一律 user,inline 仅作 metadata 标记,不再复用 system role 表达语义
- inline poll 移出 tool 执行循环,改为整轮 tool 完成后批量注入,
  避免在 assistant.tool_calls 与 tool 序列之间插入 user 导致 API 报错
- 删除 _insert_completion_notice_message / _record_sub_agent_message
  以及 build_messages 中 system→user 的回转分支
- 移除已废弃的 wait_sub_agent 工具残留(后端注册、前端图标/动画、
  prompts、SKILL 文档;保留 sleep 的 wait_sub_agent_ids 参数)
- 前端取消对 is_auto_generated/auto_message_type 的过滤,
  让运行期注入的 user 消息在历史和实时推送中正常渲染

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-23 02:01:36 +08:00
a93f17010c feat(security): unify host sandbox controls across command/python/terminal/sub-agent and add path authorization UI
This commit lands a broad host-security architecture update focused on enforceable sandbox execution, clearer permission semantics, and operator usability.

Core execution/security changes
- Introduce and wire a unified host sandbox runner for multi-OS execution:
  - macOS: sandbox-exec
  - Linux: bubblewrap + seccomp
  - Windows: WSL2 path
- Remove silent fallback behavior in failure paths; sandbox-unavailable cases now fail closed instead of dropping to unsafe host execution.
- Ensure host execution mode (sandbox/direct) is propagated consistently into runtime components, including sub-agent startup.

Permission mode model upgrade
- Rework readonly/approval behavior for run_command from brittle command-text gating to execution-layer enforcement:
  - readonly: run_command executes in read-only sandbox profile.
  - approval: run_command first executes read-only; when permission-denied is detected, request approval and retry once with writable sandbox for that single call.
- Tool loop now returns final post-approval execution result, not intermediate permission-denied payloads.
- Update permission-mode system messaging to describe user-visible behavior without exposing internal implementation details.

Path authorization system
- Add dynamic host policy module and persisted policy file.
- Support dual path classes:
  - writable_paths (read+write)
  - readable_extra_paths (read-only)
- Enforce file access in file_manager by access type (read vs write) under host mode.
- Add host-only frontend 路径授权 management dialog (settings三级菜单入口), including mode switch between 可读可写 and 仅可读 with separate drafts and save flow.

Sub-agent and terminal alignment
- Sub-agent process launch now respects host execution mode and sandbox controls in host mode.
- Keep terminal session model compatible with sandbox-first behavior and execution-mode propagation.

Tool surface updates
- Remove legacy file-management tools from active tool definitions (create_file/create_folder/rename_file/delete_file) while preserving historical conversation compatibility.

Docs updates
- Add dedicated architecture doc: docs/host_sandbox_and_permission_model.md
- Refresh README and AGENTS sections to reflect updated permission/execution model and path-authorization semantics.

Validation performed
- python unittest smoke suite passes: test.test_server_refactor_smoke
- frontend build passes: npm run build
- syntax checks for touched Python modules completed
2026-05-11 13:41:30 +08:00
8395cf8b4b fix(prompt): merge disabled-tool notice into leading system prompts 2026-05-09 18:56:49 +08:00
ecca5da8ab fix: harden multimodal handling and sanitize mcp action results 2026-04-27 20:11:21 +08:00
ed5315eef6 feat: add MCP management and host-only runtime policy 2026-04-26 23:49:04 +08:00
9199f5ca7c fix: unify show cards rendering and prompt constraints 2026-04-26 18:13:24 +08:00
24c702c0af fix(show_html): add js mode with sandbox iframe rendering 2026-04-26 17:13:08 +08:00
383e68188c fix: stabilize show_html rendering and restore conversation mode state 2026-04-26 01:04:23 +08:00
1c928d7518 chore: backup snapshot before show_html scroll rework 2026-04-25 20:39:52 +08:00
070d77c070 fix: adapt deepseek custom models and harden todo/tool gating 2026-04-24 18:31:03 +08:00
9891f68aca fix: update run_command limits and planning guidance 2026-04-14 14:12:11 +08:00
3ae5be47d9 feat: add per-skill strict read-before-tool enforcement 2026-04-07 11:50:38 +08:00
5ab3acef9c feat: 添加 terminal-guide 和 sub-agent-guide skills
- 新增 terminal-guide skill: 持久化终端使用指南
- 新增 sub-agent-guide skill: 子智能体使用指南
- 优化终端工具定义和执行逻辑
- 更新系统提示词以引用新 skills
- 添加 utils/__init__.py 模块初始化文件

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-03-16 21:17:02 +08:00
4be61fe76e feat: unify terminal session controls 2026-03-04 23:49:10 +08:00
8f7e704a7a feat: refresh system prompts 2026-02-25 17:28:06 +08:00
08bc08b35f feat: update model support and multimodal 2026-02-25 01:41:05 +08:00
55ef45e04d feat: add silent disable option and workspace prompt split 2026-02-03 23:11:15 +08:00
406e777e22 feat: improve compression and context budgeting 2026-01-31 10:30:00 +08:00
453df30f45 refactor: replace file diff tools, simplify todos, disable typewriter 2026-01-29 14:20:01 +08:00
d0197c38c3 fix: expand workspace file access and paginate convo index 2026-01-25 16:13:32 +08:00
72cdd69f9b docs: add office file creation guidance 2026-01-20 21:10:00 +08:00
a089cdd853 fix: update prompt timeouts and pip mirror 2026-01-06 16:35:11 +08:00
e2ba632ac8 feat: expand model support and qwen-vl ux 2026-01-03 07:01:24 +08:00
f8683e8ebc docs: prefer Wikimedia Commons for image search 2026-01-02 14:50:28 +08:00
61aea509bd chore: prefer wiki sources for image links 2026-01-01 19:06:18 +08:00
7853830624 feat: improve vlm workflow and workspace image serving 2026-01-01 18:56:29 +08:00
f725212988 feat: support inline image rendering via show_image and user_upload route 2026-01-01 16:41:24 +08:00
b81d6760bd feat: containerize terminals and add resource controls 2025-11-23 18:49:35 +08:00
089a3ad0c9 feat: update prompts and backend 2025-11-22 18:17:24 +08:00
6921939c13 <fix thinking chunk> 2025-11-19 20:47:56 +08:00
fea932425a chore: initial import 2025-11-14 16:44:12 +08:00