agent-Specialization/config/security.py
JOJO e2bbd767f7 feat(host-security+ui): unify host execution/approval behavior, runtime notices, and approval overlay UX
This commit consolidates a large set of host-mode security and UX fixes across backend and frontend.

Security / execution model:
- Make permission/execution mode switches apply immediately (no deferred pending-only behavior).
- Keep runtime mode change notices durable and visible via user-message guidance path.
- Add explicit runtime message source taxonomy support and persistence:
  user / presend / guidance / notify / sub_agent / background_command.
- Ensure guidance/notify insertion is batched per tool-cycle so mid-run inserts are committed together.
- Separate notify from guidance semantics for mode-change notices.
- Add direct-mode auto-fallback handling visibility on frontend.

Approval and command gating:
- Align run_command approval pre-check logic with docker behavior for approval/auto_approval modes in host execution paths.
- Keep approval retry flow and final-result semantics intact when permission errors trigger approval.
- Externalize forbidden command keyword list into JSON config:
  config/forbidden_commands.json.
- Update forbidden command rejection message to user-facing wording:
  用户不允许执行包含“... ”的指令.

Prompt/runtime guidance:
- Refine execution-mode runtime rule text to avoid endless workaround loops:
  one safe alternative first, then request switching to direct mode when truly required.

Chat rendering / message UX:
- Prevent injected guidance/notify user-messages from incorrectly triggering assistant work header/timer chain.
- Restore correct visibility after history reload while preserving runtime-source behavior.
- Update user-header icon/label rendering by message source:
  - guidance -> 引导 + navigation icon
  - notify/sub_agent/background_command -> 通知 + bell icon
  - user/presend -> keep normal user header.
- Add new icons: static/icons/navigation.svg, static/icons/bell.svg.

Approval panel UX:
- Convert desktop approval panel from layout-compress sidebar to overlay + blur sheet.
- Fix panel transition behavior (remove unintended vertical motion; use dedicated desktop overlay transition).
- Improve approval result display:
  - decision and reason split lines,
  - green/red status styling,
  - multiline reason rendering,
  - auto-collapse delay adjusted to 3s.

Execution mode TTL feedback:
- When direct mode auto-expires to sandbox, frontend menu state is updated from status snapshot.
- Show non-auto-dismiss warning toast to explicitly notify auto-fallback.

Misc consistency updates:
- Execution mode label text cleanup in composer.
- Runtime notice wording normalization (权限模式修改为..., 执行环境修改为...).

Build/test notes:
- Frontend rebuilt after UI changes.
- Smoke tests passed for server refactor path.
2026-05-12 19:16:38 +08:00

79 lines
1.6 KiB
Python

"""安全与确认策略配置。"""
from pathlib import Path
import json
def _load_forbidden_commands() -> list[str]:
"""从独立 JSON 文件加载命令拦截关键词。"""
fallback = [
"rm -rf /",
"rm -rf ~",
"format",
"shutdown",
"reboot",
"kill -9",
"dd if=",
]
cfg_path = Path(__file__).resolve().parent / "forbidden_commands.json"
if not cfg_path.exists():
return fallback
try:
payload = json.loads(cfg_path.read_text(encoding="utf-8"))
except Exception:
return fallback
if isinstance(payload, dict):
raw_items = payload.get("forbidden_commands")
elif isinstance(payload, list):
raw_items = payload
else:
raw_items = None
if not isinstance(raw_items, list):
return fallback
items: list[str] = []
for item in raw_items:
text = str(item or "").strip().lower()
if text:
items.append(text)
return items or fallback
FORBIDDEN_COMMANDS = _load_forbidden_commands()
FORBIDDEN_PATHS = [
"/System",
"/usr",
"/bin",
"/sbin",
"/etc",
"/var",
"/tmp",
"/Applications",
"/Library",
"C:\\Windows",
"C:\\Program Files",
"C:\\Program Files (x86)",
"C:\\ProgramData",
]
FORBIDDEN_ROOT_PATHS = [
"/",
"C:\\",
"~",
]
NEED_CONFIRMATION = [
"delete_file",
"delete_folder",
"clear_file",
"execute_terminal",
"batch_delete",
]
__all__ = [
"FORBIDDEN_COMMANDS",
"FORBIDDEN_PATHS",
"FORBIDDEN_ROOT_PATHS",
"NEED_CONFIRMATION",
]