agent-Specialization/modules
JOJO e2bbd767f7 feat(host-security+ui): unify host execution/approval behavior, runtime notices, and approval overlay UX
This commit consolidates a large set of host-mode security and UX fixes across backend and frontend.

Security / execution model:
- Make permission/execution mode switches apply immediately (no deferred pending-only behavior).
- Keep runtime mode change notices durable and visible via user-message guidance path.
- Add explicit runtime message source taxonomy support and persistence:
  user / presend / guidance / notify / sub_agent / background_command.
- Ensure guidance/notify insertion is batched per tool-cycle so mid-run inserts are committed together.
- Separate notify from guidance semantics for mode-change notices.
- Add direct-mode auto-fallback handling visibility on frontend.

Approval and command gating:
- Align run_command approval pre-check logic with docker behavior for approval/auto_approval modes in host execution paths.
- Keep approval retry flow and final-result semantics intact when permission errors trigger approval.
- Externalize forbidden command keyword list into JSON config:
  config/forbidden_commands.json.
- Update forbidden command rejection message to user-facing wording:
  用户不允许执行包含“... ”的指令.

Prompt/runtime guidance:
- Refine execution-mode runtime rule text to avoid endless workaround loops:
  one safe alternative first, then request switching to direct mode when truly required.

Chat rendering / message UX:
- Prevent injected guidance/notify user-messages from incorrectly triggering assistant work header/timer chain.
- Restore correct visibility after history reload while preserving runtime-source behavior.
- Update user-header icon/label rendering by message source:
  - guidance -> 引导 + navigation icon
  - notify/sub_agent/background_command -> 通知 + bell icon
  - user/presend -> keep normal user header.
- Add new icons: static/icons/navigation.svg, static/icons/bell.svg.

Approval panel UX:
- Convert desktop approval panel from layout-compress sidebar to overlay + blur sheet.
- Fix panel transition behavior (remove unintended vertical motion; use dedicated desktop overlay transition).
- Improve approval result display:
  - decision and reason split lines,
  - green/red status styling,
  - multiline reason rendering,
  - auto-collapse delay adjusted to 3s.

Execution mode TTL feedback:
- When direct mode auto-expires to sandbox, frontend menu state is updated from status snapshot.
- Show non-auto-dismiss warning toast to explicitly notify auto-fallback.

Misc consistency updates:
- Execution mode label text cleanup in composer.
- Runtime notice wording normalization (权限模式修改为..., 执行环境修改为...).

Build/test notes:
- Frontend rebuilt after UI changes.
- Smoke tests passed for server refactor path.
2026-05-12 19:16:38 +08:00
..
__pycache__ <fix thinking chunk> 2025-11-19 20:47:56 +08:00
admin_policy_manager.py fix(mcp): split categories by server and preserve toggle states 2026-04-27 01:42:40 +08:00
api_user_manager.py feat: add skills framework and controls 2026-02-07 00:20:35 +08:00
approval_agent.py feat(host-security+ui): unify host execution/approval behavior, runtime notices, and approval overlay UX 2026-05-12 19:16:38 +08:00
auto_approval_service.py fix(permission,docker): enforce docker-specific approval flow and polish permission menu layout 2026-05-11 22:56:10 +08:00
background_command_manager.py fix(prompt): merge disabled-tool notice into leading system prompts 2026-05-09 18:56:49 +08:00
balance_client.py fix: stop converting Kimi balance and switch Qwen endpoint to business.aliyuncs.com 2026-01-05 14:22:06 +08:00
container_file_proxy.py fix(prompt): merge disabled-tool notice into leading system prompts 2026-05-09 18:56:49 +08:00
container_monitor.py docs: refresh readme and phase2 summary 2025-11-23 21:24:09 +08:00
custom_tool_executor.py chore: sync pending changes 2026-01-05 21:48:55 +08:00
custom_tool_registry.py feat: add custom tools guide and id validation 2026-01-05 21:46:55 +08:00
easter_egg_manager.py feat: modularize easter egg effects 2025-11-22 13:07:54 +08:00
file_manager.py feat(security): unify host sandbox controls across command/python/terminal/sub-agent and add path authorization UI 2026-05-11 13:41:30 +08:00
gui_file_manager.py chore: initial import 2025-11-14 16:44:12 +08:00
host_sandbox_policy.py feat(security): unify host sandbox controls across command/python/terminal/sub-agent and add path authorization UI 2026-05-11 13:41:30 +08:00
host_sandbox_runner.py feat(security): unify host sandbox controls across command/python/terminal/sub-agent and add path authorization UI 2026-05-11 13:41:30 +08:00
host_workspace_manager.py fix(prompt): merge disabled-tool notice into leading system prompts 2026-05-09 18:56:49 +08:00
mcp_client_manager.py fix(prompt): merge disabled-tool notice into leading system prompts 2026-05-09 18:56:49 +08:00
mcp_server_registry.py fix(mcp): split categories by server and preserve toggle states 2026-04-27 01:42:40 +08:00
memory_manager.py feat: index-based memory tool with append/replace/delete 2025-12-14 17:56:18 +08:00
ocr_client.py feat: update model support and multimodal 2026-02-25 01:41:05 +08:00
persistent_terminal.py feat(security): harden host execution model with sandbox/direct controls 2026-05-10 19:19:01 +08:00
personalization_manager.py feat(permission): add auto-approval mode with approval agent, UI flow, and docs sync 2026-05-11 17:55:27 +08:00
search_engine.py fix(prompt): merge disabled-tool notice into leading system prompts 2026-05-09 18:56:49 +08:00
skill_hint_manager.py chore: add docs and remove sub_agent 2026-03-17 22:46:43 +08:00
skills_manager.py feat: add host workspace manager, mcp-tool-config skill, and UI enhancements 2026-04-28 13:04:51 +08:00
sub_agent_manager.py feat(security): unify host sandbox controls across command/python/terminal/sub-agent and add path authorization UI 2026-05-11 13:41:30 +08:00
terminal_manager.py feat(security): harden host execution model with sandbox/direct controls 2026-05-10 19:19:01 +08:00
terminal_ops.py feat(host-security+ui): unify host execution/approval behavior, runtime notices, and approval overlay UX 2026-05-12 19:16:38 +08:00
todo_manager.py feat: support batch todo updates 2026-01-30 18:50:02 +08:00
tool_approval_manager.py feat(permission): add auto-approval mode with approval agent, UI flow, and docs sync 2026-05-11 17:55:27 +08:00
toolbox_container.py fix: improve terminal timeouts and clean outputs 2025-12-15 18:13:53 +08:00
upload_security.py feat: add upload quarantine scanning and ui toasts 2025-11-24 14:31:13 +08:00
usage_tracker.py fix: improve api error diagnostics and raise model quotas 2026-03-06 17:02:19 +08:00
user_container_manager.py feat(security): harden host execution model with sandbox/direct controls 2026-05-10 19:19:01 +08:00
user_manager.py fix: persist onboarding prompt status and bump android app to 1.0.20 2026-04-07 20:08:33 +08:00
versioning_manager.py fix(prompt): merge disabled-tool notice into leading system prompts 2026-05-09 18:56:49 +08:00
webpage_extractor.py chore: initial import 2025-11-14 16:44:12 +08:00