e2bbd767f7
2 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
| e2bbd767f7 |
feat(host-security+ui): unify host execution/approval behavior, runtime notices, and approval overlay UX
This commit consolidates a large set of host-mode security and UX fixes across backend and frontend. Security / execution model: - Make permission/execution mode switches apply immediately (no deferred pending-only behavior). - Keep runtime mode change notices durable and visible via user-message guidance path. - Add explicit runtime message source taxonomy support and persistence: user / presend / guidance / notify / sub_agent / background_command. - Ensure guidance/notify insertion is batched per tool-cycle so mid-run inserts are committed together. - Separate notify from guidance semantics for mode-change notices. - Add direct-mode auto-fallback handling visibility on frontend. Approval and command gating: - Align run_command approval pre-check logic with docker behavior for approval/auto_approval modes in host execution paths. - Keep approval retry flow and final-result semantics intact when permission errors trigger approval. - Externalize forbidden command keyword list into JSON config: config/forbidden_commands.json. - Update forbidden command rejection message to user-facing wording: 用户不允许执行包含“... ”的指令. Prompt/runtime guidance: - Refine execution-mode runtime rule text to avoid endless workaround loops: one safe alternative first, then request switching to direct mode when truly required. Chat rendering / message UX: - Prevent injected guidance/notify user-messages from incorrectly triggering assistant work header/timer chain. - Restore correct visibility after history reload while preserving runtime-source behavior. - Update user-header icon/label rendering by message source: - guidance -> 引导 + navigation icon - notify/sub_agent/background_command -> 通知 + bell icon - user/presend -> keep normal user header. - Add new icons: static/icons/navigation.svg, static/icons/bell.svg. Approval panel UX: - Convert desktop approval panel from layout-compress sidebar to overlay + blur sheet. - Fix panel transition behavior (remove unintended vertical motion; use dedicated desktop overlay transition). - Improve approval result display: - decision and reason split lines, - green/red status styling, - multiline reason rendering, - auto-collapse delay adjusted to 3s. Execution mode TTL feedback: - When direct mode auto-expires to sandbox, frontend menu state is updated from status snapshot. - Show non-auto-dismiss warning toast to explicitly notify auto-fallback. Misc consistency updates: - Execution mode label text cleanup in composer. - Runtime notice wording normalization (权限模式修改为..., 执行环境修改为...). Build/test notes: - Frontend rebuilt after UI changes. - Smoke tests passed for server refactor path. |
|||
| 8d665ad6de |
feat(permission): add auto-approval mode with approval agent, UI flow, and docs sync
Implemented a new permission mode between and , including backend policy, runtime behavior, frontend display, and documentation updates. Backend & policy changes: - Added to permission mode validation and persistence paths. - Updated tool permission evaluation: workspace-local direct pass, out-of-workspace requires approval. - Kept readonly-first flow and added auto-approval decision path when permission denial occurs. - Added approval reason/decider support in tool approval manager. - Improved rejection tool-content format to natural language: '工具调用被拒绝\n原因:...' - Fixed permission-mode sync edge cases on conversation create/load and restart-first-switch behavior. Approval agent subsystem: - Added and . - Added lightweight auto-approval config at (name/url/key/model/extra_params + timeouts). - Added optional transcript debug switch in code and transcript output under logs/approval_agent. - Aligned transcript saving toward cumulative messages format and captured reasoning/content/tool_calls/tool sequence. Frontend changes: - Added option to personalization and permission menus. - Reworked approval panel auto-review display into a dedicated block with simplified lines: start, command, final approve/reject + reason. - Added delayed sidebar auto-close (10s) after approval resolved. - Added stricter permission-switch verification and rollback on mismatch/error. Docs updated: - Synced AGENTS.md, README.md, and docs/host_sandbox_and_permission_model.md with new permission mode, approval-agent behavior, config, and current constraints (including docker caveat). |