Commit Graph

4 Commits

Author SHA1 Message Date
eb00a3522a refactor(models): use dynamic api model registry 2026-05-29 00:20:54 +08:00
16473c824d chore: 合并多项独立 WIP 改动
- cli: 增加 layoutRefreshTick 与 IME 输入组件,处理 slash_menu 光标偏移
- config/auto_approval: 切到 opencode 中转端点
- modules/approval_agent: 调试 transcript 增加 trace / final_result 字段
- static/useLegacySocket: 重试 toast 显示具体错误信息

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-23 02:01:36 +08:00
e2bbd767f7 feat(host-security+ui): unify host execution/approval behavior, runtime notices, and approval overlay UX
This commit consolidates a large set of host-mode security and UX fixes across backend and frontend.

Security / execution model:
- Make permission/execution mode switches apply immediately (no deferred pending-only behavior).
- Keep runtime mode change notices durable and visible via user-message guidance path.
- Add explicit runtime message source taxonomy support and persistence:
  user / presend / guidance / notify / sub_agent / background_command.
- Ensure guidance/notify insertion is batched per tool-cycle so mid-run inserts are committed together.
- Separate notify from guidance semantics for mode-change notices.
- Add direct-mode auto-fallback handling visibility on frontend.

Approval and command gating:
- Align run_command approval pre-check logic with docker behavior for approval/auto_approval modes in host execution paths.
- Keep approval retry flow and final-result semantics intact when permission errors trigger approval.
- Externalize forbidden command keyword list into JSON config:
  config/forbidden_commands.json.
- Update forbidden command rejection message to user-facing wording:
  用户不允许执行包含“... ”的指令.

Prompt/runtime guidance:
- Refine execution-mode runtime rule text to avoid endless workaround loops:
  one safe alternative first, then request switching to direct mode when truly required.

Chat rendering / message UX:
- Prevent injected guidance/notify user-messages from incorrectly triggering assistant work header/timer chain.
- Restore correct visibility after history reload while preserving runtime-source behavior.
- Update user-header icon/label rendering by message source:
  - guidance -> 引导 + navigation icon
  - notify/sub_agent/background_command -> 通知 + bell icon
  - user/presend -> keep normal user header.
- Add new icons: static/icons/navigation.svg, static/icons/bell.svg.

Approval panel UX:
- Convert desktop approval panel from layout-compress sidebar to overlay + blur sheet.
- Fix panel transition behavior (remove unintended vertical motion; use dedicated desktop overlay transition).
- Improve approval result display:
  - decision and reason split lines,
  - green/red status styling,
  - multiline reason rendering,
  - auto-collapse delay adjusted to 3s.

Execution mode TTL feedback:
- When direct mode auto-expires to sandbox, frontend menu state is updated from status snapshot.
- Show non-auto-dismiss warning toast to explicitly notify auto-fallback.

Misc consistency updates:
- Execution mode label text cleanup in composer.
- Runtime notice wording normalization (权限模式修改为..., 执行环境修改为...).

Build/test notes:
- Frontend rebuilt after UI changes.
- Smoke tests passed for server refactor path.
2026-05-12 19:16:38 +08:00
8d665ad6de feat(permission): add auto-approval mode with approval agent, UI flow, and docs sync
Implemented a new permission mode  between  and , including backend policy, runtime behavior, frontend display, and documentation updates.

Backend & policy changes:

- Added  to permission mode validation and persistence paths.

- Updated tool permission evaluation: workspace-local  direct pass, out-of-workspace requires approval.

- Kept  readonly-first flow and added auto-approval decision path when permission denial occurs.

- Added approval reason/decider support in tool approval manager.

- Improved rejection tool-content format to natural language: '工具调用被拒绝\n原因:...'

- Fixed permission-mode sync edge cases on conversation create/load and restart-first-switch behavior.

Approval agent subsystem:

- Added  and .

- Added lightweight auto-approval config at  (name/url/key/model/extra_params + timeouts).

- Added optional transcript debug switch in code and transcript output under logs/approval_agent.

- Aligned transcript saving toward cumulative messages format and captured reasoning/content/tool_calls/tool sequence.

Frontend changes:

- Added  option to personalization and permission menus.

- Reworked approval panel auto-review display into a dedicated block with simplified lines: start, command, final approve/reject + reason.

- Added delayed sidebar auto-close (10s) after approval resolved.

- Added stricter permission-switch verification and rollback on mismatch/error.

Docs updated:

- Synced AGENTS.md, README.md, and docs/host_sandbox_and_permission_model.md with new permission mode, approval-agent behavior, config, and current constraints (including docker caveat).
2026-05-11 17:55:27 +08:00