Commit Graph

20 Commits

Author SHA1 Message Date
960d087db0 fix(sub-agent): stdout output, real-time progress, config externalization
- config/sub_agent: 子智能体模型配置走 deploy_config_path 直指,无回退
- easyagent/config: ensureConfig 文件不存在时 throw 而非自动创建
- easyagent/batch: 所有输出走 stdout JSONL (emit),不写文件;conversation 走 emit 不写工作区
- sub_agent_manager: 新增 conversation_file;运行期间 select 非阻塞 drain stdout 即时写 progress
2026-06-10 03:09:31 +08:00
b8a51c1c63 refactor(config): 移除硬编码模型残留,部署级配置外置到 ~/.agents
## 模型逻辑清理
早期把模型 API 端点/密钥/模型 ID 硬编码的残留(AGENT_API_* / THINKING_* /
TITLE_* 三件套)已彻底移除。模型配置统一由 config/custom_models.json
(经 model_profiles 解析为档案)描述,运行时通过 apply_profile 注入;
没有任何可用模型时按既定行为报错。

- config/api.py: 删 9 个三件套符号,仅保留 DEFAULT_RESPONSE_MAX_TOKENS
- utils/api_client.py: client 改为空配置起步,移除三件套 import
- server/chat_flow_helpers.py: 删死 import(TITLE_* 符号)

## 部署级配置外置(按"决策权归谁"分类)
config/*.json 不再一概锚定源码树:
- 程序能力(docker_risk_markers / skill_hints)留源码树,随版本演进
- 部署者自定义(custom_models / host_workspaces / auto_approval /
  goal_review / forbidden_commands / host_sandbox_policy)外置到
  ~/.agents/<mode>/config/

新增统一解析机制(config/paths.py):
- DEPLOY_CONFIG_DIR(默认 ~/.agents/<mode>/config,可用环境变量覆盖)
- resolve_deploy_config():只读,回退链 部署目录→源码树.json→源码树.example
  (开发环境不必先跑 setup 也能用源码树种子)
- deploy_config_path():写回用,稳定指向部署目录

6 个加载点改用上述解析;顺带修复 approval_agent / goal_review_agent 的
DEBUG_TRANSCRIPT_DIR 仍指旧源码树 logs/ 的漏迁问题。

## 安全与运维
- 含密钥/机器特定的 5 个文件停止 git 追踪(git rm --cached,本地保留)
  并加入 .gitignore,仓库仅留 .example 种子;forbidden_commands 保留
  追踪作默认黑名单
- scripts/setup.py: 模型配置写到部署目录(用与 paths 一致的独立推导,
  不 import config 以免过早锁定路径)
- scripts/migrate_runtime_data.py: 新增 config/*.json → 部署目录迁移
  (备份 + 不覆盖已存在)

## 关联:P1 配置收敛 + P2 首启向导
- config/server.py: Web 端口/监听地址/debug/NODE_BIN/PYTHON_BIN 单一事实源
- 消灭 8091 多处重复定义(state.py 死代码、app_legacy、main.py 各读各的)
- 修复 sub_agent_manager 命令数组硬编码 "node" → NODE_BIN(便携包内置
  Node 的前提)
- scripts/setup.py: 终端首启向导(模式/端口/管理员/密钥/模型)

## 测试
test_config_paths_resolution 更新以反映新行为(host_workspaces 锚定部署
目录、新增 DEPLOY_CONFIG_DIR 用例);全部离线用例通过。

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-01 16:59:34 +08:00
67fdb715f5 refactor(messages): 统一运行期消息插入为 [系统通知|source] 前缀的 user 消息
- 新增 server/chat_flow_task_support.inject_runtime_user_message 作为唯一入口,
  统一处理 add_conversation + messages.insert + sender(user_message) 三件事
- 子智能体 / 后台 run_command / runtime_guidance / mode notice 全部走该入口,
  role 一律 user,inline 仅作 metadata 标记,不再复用 system role 表达语义
- inline poll 移出 tool 执行循环,改为整轮 tool 完成后批量注入,
  避免在 assistant.tool_calls 与 tool 序列之间插入 user 导致 API 报错
- 删除 _insert_completion_notice_message / _record_sub_agent_message
  以及 build_messages 中 system→user 的回转分支
- 移除已废弃的 wait_sub_agent 工具残留(后端注册、前端图标/动画、
  prompts、SKILL 文档;保留 sleep 的 wait_sub_agent_ids 参数)
- 前端取消对 is_auto_generated/auto_message_type 的过滤,
  让运行期注入的 user 消息在历史和实时推送中正常渲染

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-23 02:01:36 +08:00
a93f17010c feat(security): unify host sandbox controls across command/python/terminal/sub-agent and add path authorization UI
This commit lands a broad host-security architecture update focused on enforceable sandbox execution, clearer permission semantics, and operator usability.

Core execution/security changes
- Introduce and wire a unified host sandbox runner for multi-OS execution:
  - macOS: sandbox-exec
  - Linux: bubblewrap + seccomp
  - Windows: WSL2 path
- Remove silent fallback behavior in failure paths; sandbox-unavailable cases now fail closed instead of dropping to unsafe host execution.
- Ensure host execution mode (sandbox/direct) is propagated consistently into runtime components, including sub-agent startup.

Permission mode model upgrade
- Rework readonly/approval behavior for run_command from brittle command-text gating to execution-layer enforcement:
  - readonly: run_command executes in read-only sandbox profile.
  - approval: run_command first executes read-only; when permission-denied is detected, request approval and retry once with writable sandbox for that single call.
- Tool loop now returns final post-approval execution result, not intermediate permission-denied payloads.
- Update permission-mode system messaging to describe user-visible behavior without exposing internal implementation details.

Path authorization system
- Add dynamic host policy module and persisted policy file.
- Support dual path classes:
  - writable_paths (read+write)
  - readable_extra_paths (read-only)
- Enforce file access in file_manager by access type (read vs write) under host mode.
- Add host-only frontend 路径授权 management dialog (settings三级菜单入口), including mode switch between 可读可写 and 仅可读 with separate drafts and save flow.

Sub-agent and terminal alignment
- Sub-agent process launch now respects host execution mode and sandbox controls in host mode.
- Keep terminal session model compatible with sandbox-first behavior and execution-mode propagation.

Tool surface updates
- Remove legacy file-management tools from active tool definitions (create_file/create_folder/rename_file/delete_file) while preserving historical conversation compatibility.

Docs updates
- Add dedicated architecture doc: docs/host_sandbox_and_permission_model.md
- Refresh README and AGENTS sections to reflect updated permission/execution model and path-authorization semantics.

Validation performed
- python unittest smoke suite passes: test.test_server_refactor_smoke
- frontend build passes: npm run build
- syntax checks for touched Python modules completed
2026-05-11 13:41:30 +08:00
8395cf8b4b fix(prompt): merge disabled-tool notice into leading system prompts 2026-05-09 18:56:49 +08:00
96d0e68347 fix: run sub-agent tools inside container 2026-03-14 21:13:27 +08:00
cd3f07bcc8 fix: enrich sub-agent results 2026-03-11 18:05:01 +08:00
ed82fc966e fix: improve sub-agent ui and state 2026-03-11 15:40:28 +08:00
f09621fd86 feat: 为子智能体添加思考模式参数
- 新增 thinking_mode 参数(fast/thinking),支持根据任务复杂度选择模式
- 优化子智能体工具说明,提供详细的使用场景示例
- 增强子智能体状态展示,添加统计信息摘要
- 完善交付目录验证,要求必须为不存在的新目录
- 优化子智能体完成/超时/失败的消息格式
- 同步更新前端和批处理相关代码

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-03-11 03:34:20 +08:00
b68dee9d98 chore: snapshot current changes 2026-03-10 23:48:40 +08:00
053db95fee feat: virtual monitor 2025-12-14 04:22:00 +08:00
71f24c2d72 fix: include completed sub agents in overview 2025-11-18 18:05:50 +08:00
1b69bc2719 fix: propagate manual termination status 2025-11-15 17:20:26 +08:00
f2bfa3f377 feat: add sub agent termination control 2025-11-15 17:10:58 +08:00
3100643534 feat: add close_sub_agent tool 2025-11-15 16:51:13 +08:00
3eec18b8a9 fix: per conversation sub agent limit and todo hints 2025-11-15 16:40:01 +08:00
1c4a7ba003 fix: isolate sub agent limits 2025-11-15 16:33:25 +08:00
01138d0881 fix: clean sub agent tooling 2025-11-15 15:51:17 +08:00
ba47147425 chore: snapshot sub agent baseline 2025-11-15 11:21:31 +08:00
0ac246c22b feat: integrate sub agent workflow 2025-11-15 02:41:13 +08:00