agent-Specialization/static
JOJO a93f17010c feat(security): unify host sandbox controls across command/python/terminal/sub-agent and add path authorization UI
This commit lands a broad host-security architecture update focused on enforceable sandbox execution, clearer permission semantics, and operator usability.

Core execution/security changes
- Introduce and wire a unified host sandbox runner for multi-OS execution:
  - macOS: sandbox-exec
  - Linux: bubblewrap + seccomp
  - Windows: WSL2 path
- Remove silent fallback behavior in failure paths; sandbox-unavailable cases now fail closed instead of dropping to unsafe host execution.
- Ensure host execution mode (sandbox/direct) is propagated consistently into runtime components, including sub-agent startup.

Permission mode model upgrade
- Rework readonly/approval behavior for run_command from brittle command-text gating to execution-layer enforcement:
  - readonly: run_command executes in read-only sandbox profile.
  - approval: run_command first executes read-only; when permission-denied is detected, request approval and retry once with writable sandbox for that single call.
- Tool loop now returns final post-approval execution result, not intermediate permission-denied payloads.
- Update permission-mode system messaging to describe user-visible behavior without exposing internal implementation details.

Path authorization system
- Add dynamic host policy module and persisted policy file.
- Support dual path classes:
  - writable_paths (read+write)
  - readable_extra_paths (read-only)
- Enforce file access in file_manager by access type (read vs write) under host mode.
- Add host-only frontend 路径授权 management dialog (settings三级菜单入口), including mode switch between 可读可写 and 仅可读 with separate drafts and save flow.

Sub-agent and terminal alignment
- Sub-agent process launch now respects host execution mode and sandbox controls in host mode.
- Keep terminal session model compatible with sandbox-first behavior and execution-mode propagation.

Tool surface updates
- Remove legacy file-management tools from active tool definitions (create_file/create_folder/rename_file/delete_file) while preserving historical conversation compatibility.

Docs updates
- Add dedicated architecture doc: docs/host_sandbox_and_permission_model.md
- Refresh README and AGENTS sections to reflect updated permission/execution model and path-authorization semantics.

Validation performed
- python unittest smoke suite passes: test.test_server_refactor_smoke
- frontend build passes: npm run build
- syntax checks for touched Python modules completed
2026-05-11 13:41:30 +08:00
..
admin_api feat: add api admin ui and container status fix 2026-01-25 10:49:52 +08:00
admin_dashboard fix: repair admin monitor auth and add invite CRUD 2026-04-07 18:23:09 +08:00
admin_policy feat: polish admin policy UI and tool selection 2026-01-05 13:34:00 +08:00
custom_tools feat: add custom tools guide and id validation 2026-01-05 21:46:55 +08:00
demo feat: add loaders 15-17 to minimal loader pool 2026-04-05 15:14:06 +08:00
easter-eggs feat: modularize easter egg effects 2025-11-22 13:07:54 +08:00
file_manager chore: snapshot before usage menu update 2025-11-24 00:47:17 +08:00
icons feat: add MCP management and host-only runtime policy 2026-04-26 23:49:04 +08:00
liquid-glass-demo feat: stable version before virtual monitor timing fix 2025-12-13 17:12:12 +08:00
logo feat: 整合test/agents功能并更新配置 2026-04-13 17:47:19 +08:00
old_version_backup feat: modularize frontend layout 2025-11-25 22:41:15 +08:00
src feat(security): unify host sandbox controls across command/python/terminal/sub-agent and add path authorization UI 2026-05-11 13:41:30 +08:00
vendor chore: initial import 2025-11-14 16:44:12 +08:00
debug-theme.html chore: snapshot current changes 2026-03-10 23:48:40 +08:00
index.html fix: 修复代码块复制、事件去重、任务结束、停止按钮bug 2026-04-04 01:03:06 +08:00
liquid-glass-demo.html feat: stable version before virtual monitor timing fix 2025-12-13 17:12:12 +08:00
liquid-glass-kube.html feat: stable version before virtual monitor timing fix 2025-12-13 17:12:12 +08:00
login.html fix: migrate auth pages to vue and bump android app to 1.0.17 2026-04-07 12:38:45 +08:00
mobile-overlay-demo.html feat: improve mobile overlays and focus panel 2025-11-26 23:50:57 +08:00
mobile-overlay-fab.html feat: improve mobile overlays and focus panel 2025-11-26 23:50:57 +08:00
register.html fix: migrate auth pages to vue and bump android app to 1.0.17 2026-04-07 12:38:45 +08:00
resource_busy.html feat: containerize terminals and add resource controls 2025-11-23 18:49:35 +08:00
security.js chore: snapshot before usage menu update 2025-11-24 00:47:17 +08:00
style.css chore: drop legacy css fallback 2025-11-25 21:15:32 +08:00
terminal.html fix: stabilize conversation loading 2025-11-29 23:13:11 +08:00