@agentunion/kite 1.5.0 → 1.6.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/skills/kite/checklists/feature-checklist.md +496 -0
- package/.claude/skills/kite/references/event-patterns.md +180 -0
- package/.claude/skills/kite/references/health-check.md +202 -0
- package/.claude/skills/kite/references/http-service.md +199 -0
- package/.claude/skills/kite/references/module-md-spec.md +172 -0
- package/.claude/skills/kite/references/multi-connection.md +147 -0
- package/.claude/skills/kite/references/rpc-patterns.md +199 -0
- package/.claude/skills/kite/references/shutdown-sequence.md +146 -0
- package/.claude/skills/kite/references/stdin-protocol.md +147 -0
- package/.claude/skills/kite/references/test-center-integration.md +178 -0
- package/.claude/skills/kite/references/ws-lifecycle.md +301 -0
- package/.claude/skills/kite/skill.md +272 -0
- package/.claude/skills/kite/templates/go/README.md +20 -0
- package/.claude/skills/kite/templates/node/entry.js +134 -0
- package/.claude/skills/kite/templates/node/module.md +16 -0
- package/.claude/skills/kite/templates/node/server.js +351 -0
- package/.claude/skills/kite/templates/node/server_http.js +90 -0
- package/.claude/skills/kite/templates/python/entry.py +425 -0
- package/.claude/skills/kite/templates/python/module.md +26 -0
- package/.claude/skills/kite/templates/python/server.py +447 -0
- package/.claude/skills/kite/templates/python/server_http.py +433 -0
- package/cli.js +38 -4
- package/core/env_checker.py +96 -0
- package/docs/05-/347/237/255/344/277/241/350/256/244/350/257/201/344/270/216/347/224/250/346/210/267/344/277/241/346/201/257/346/216/245/345/217/243/346/226/207/346/241/243.md +507 -0
- package/docs/ACP/345/215/217/350/256/256/345/205/274/345/256/271/346/226/271/346/241/210.md +138 -0
- package/docs/CI/344/270/216AI/350/207/252/345/212/250/345/214/226/346/265/213/350/257/225/346/226/271/346/241/210.md +75 -0
- package/docs/CLI/345/274/200/345/217/221/350/256/241/345/210/222.md +595 -0
- package/docs/ClaudeCode/350/277/234/347/250/213/345/215/217/344/275/234/347/263/273/347/273/237-/346/212/200/346/234/257/350/257/204/344/274/260.md +535 -0
- package/docs/ClaudeCode/350/277/234/347/250/213/345/215/217/344/275/234/347/263/273/347/273/237/350/256/276/350/256/241.md +631 -0
- package/docs/Evol-App/344/275/277/347/224/250KernelClient/346/224/271/351/200/240/345/256/214/346/210/220.md +342 -0
- package/docs/Evol/346/216/247/345/210/266/345/217/260/346/217/222/344/273/266/345/214/226/346/236/266/346/236/204/346/246/202/350/246/201.md +604 -0
- package/docs/Evol/346/216/247/345/210/266/345/217/260/346/217/222/344/273/266/345/214/226/346/236/266/346/236/204/350/256/276/350/256/241.md +1708 -0
- package/docs/Evol/346/250/241/345/235/227/350/256/276/350/256/241/346/226/271/346/241/210.md +1154 -0
- package/docs/Evol/351/241/265/351/235/242/346/217/222/344/273/266/345/214/226-Evol/346/250/241/345/235/227/345/256/236/346/226/275/346/214/207/345/215/227.md +403 -0
- package/docs/Evol/351/241/265/351/235/242/346/217/222/344/273/266/345/214/226-/345/244/226/351/203/250/346/250/241/345/235/227/346/216/245/345/205/245/346/214/207/345/215/227.md +468 -0
- package/docs/HTTP-RPC/350/277/201/347/247/273/345/210/260WebSocket/350/256/241/345/210/222.md +318 -0
- package/docs/INDEX.md +388 -0
- package/docs/KITE_DOCS_GUIDE.md +33 -0
- package/docs/Kernel-Client-Kite-Token/346/224/257/346/214/201/345/256/236/346/226/275/345/256/214/346/210/220.md +330 -0
- package/docs/Kernel/344/270/273/345/212/250Ping/346/234/272/345/210/266-/346/255/243/347/241/256/345/256/236/347/216/260.md +235 -0
- package/docs/Kernel/344/270/273/345/212/250Ping/346/234/272/345/210/266/345/256/236/346/226/275/346/200/273/347/273/223.md +204 -0
- package/docs/Kite/345/256/211/350/243/205/351/227/256/351/242/230/350/247/243/345/206/263/346/226/271/346/241/210.md +362 -0
- package/docs/Kite/346/216/247/345/210/266/345/217/260/346/217/222/344/273/266/345/214/226/346/236/266/346/236/204/350/256/276/350/256/241-/347/273/210/346/236/201/347/233/256/346/240/207.md +721 -0
- package/docs/Kite/346/216/247/345/210/266/345/217/260/347/273/237/344/270/200WebSocket/346/224/271/351/200/240/346/226/271/346/241/210.md +821 -0
- package/docs/Kite/346/241/206/346/236/266/350/256/276/350/256/241/01-/346/241/206/346/236/266/345/256/232/344/275/215.md +12 -0
- package/docs/Kite/346/241/206/346/236/266/350/256/276/350/256/241/02-/346/240/270/345/277/203/346/246/202/345/277/265.md +341 -0
- package/docs/Kite/346/241/206/346/236/266/350/256/276/350/256/241/03-/347/263/273/347/273/237/346/236/266/346/236/204.md +257 -0
- package/docs/Kite/346/241/206/346/236/266/350/256/276/350/256/241/04-/346/250/241/345/235/227/350/247/204/350/214/203.md +263 -0
- package/docs/Kite/346/241/206/346/236/266/350/256/276/350/256/241/05-/346/240/270/345/277/203/346/265/201/347/250/213-/346/226/260/347/211/210.md +267 -0
- package/docs/Kite/346/241/206/346/236/266/350/256/276/350/256/241/05-/346/240/270/345/277/203/346/265/201/347/250/213.md +149 -0
- package/docs/Kite/346/241/206/346/236/266/350/256/276/350/256/241/06-/347/233/256/345/275/225/347/273/223/346/236/204.md +231 -0
- package/docs/Kite/346/241/206/346/236/266/350/256/276/350/256/241/07-/346/225/260/346/215/256/346/250/241/345/236/213.md +68 -0
- package/docs/Kite/346/241/206/346/236/266/350/256/276/350/256/241/08-/346/211/251/345/261/225/346/200/247.md +34 -0
- package/docs/Kite/346/241/206/346/236/266/350/256/276/350/256/241/09-/344/270/216/345/205/267/344/275/223/345/272/224/347/224/250/347/232/204/345/205/263/347/263/273.md +22 -0
- package/docs/Kite/346/241/206/346/236/266/350/256/276/350/256/241/README.md +46 -0
- package/docs/Kite/347/263/273/347/273/237/345/220/257/345/212/250/346/265/201/347/250/213.md +567 -0
- package/docs/Launcher/345/220/257/345/212/250/345/231/250/346/226/207/346/241/243.md +745 -0
- package/docs/Polyglot/350/277/220/350/241/214/346/227/266/344/270/216Clawdbot/345/205/274/345/256/271/346/200/247/350/256/276/350/256/241.md +321 -0
- package/docs/Redis/344/270/216/346/250/241/345/235/227/345/244/232/345/256/236/344/276/213/346/226/271/346/241/210.md +438 -0
- package/docs/Relay-Kite-Token/350/256/244/350/257/201/345/256/236/346/226/275/345/256/214/346/210/220.md +178 -0
- package/docs/Relay-Token/346/235/203/351/231/220/351/205/215/347/275/256/351/252/214/350/257/201.md +113 -0
- package/docs/Watchdog/345/201/245/345/272/267/346/243/200/346/237/245/344/270/216WebSocket-Ping/346/234/272/345/210/266/345/210/206/346/236/220.md +367 -0
- package/docs/Watchdog/350/265/204/346/272/220/347/233/221/346/216/247/347/255/226/347/225/245.md +92 -0
- package/docs/WebSocket/346/216/245/346/224/266/345/276/252/347/216/257/346/255/273/351/224/201/351/230/262/350/214/203/350/247/204/350/214/203.md +357 -0
- package/docs/WebSocket/350/277/236/346/216/245/351/237/247/346/200/247/344/270/216/351/207/215/350/277/236/346/234/272/345/210/266/345/256/214/346/225/264/346/226/271/346/241/210.md +531 -0
- package/docs/WebSocket/350/277/236/346/216/245/351/237/247/346/200/247/346/226/271/346/241/210.md +169 -0
- package/docs/WebSocket/351/207/215/350/277/236/346/234/272/345/210/266/346/265/213/350/257/225/346/212/245/345/221/212.md +169 -0
- package/docs/WebSocket/351/207/215/350/277/236/351/200/200/351/201/277/346/234/272/345/210/266/346/226/271/346/241/210.md +394 -0
- package/docs/Web/346/250/241/345/235/227/344/270/216Evol/346/250/241/345/235/227/351/207/215/346/236/204/345/210/206/346/236/220.md +521 -0
- package/docs/audit-api-guide.md +68 -0
- package/docs/audit-module-design.md +315 -0
- package/docs/audit-module-implementation-summary.md +149 -0
- package/docs/llm-context-design.md +52 -0
- package/docs/llm-test-enhancement-plan.md +970 -0
- package/docs/logs-api-guide.md +42 -0
- package/docs/npm/345/214/205Python/347/216/257/345/242/203/347/256/241/347/220/206/346/226/271/346/241/210.md +302 -0
- package/docs/npm/345/217/221/345/270/203/344/270/216CLI/344/275/277/347/224/250/346/214/207/345/215/227.md +245 -0
- package/docs/stdio/344/270/216/347/253/257/345/217/243/345/217/221/347/216/260/351/207/215/346/236/204.md +480 -0
- package/docs/web/346/250/241/345/235/227/344/270/255/350/275/254/346/234/215/345/212/241/350/256/276/350/256/241/346/226/271/346/241/210.md +449 -0
- package/docs//344/272/213/344/273/266/345/244/204/347/220/206/346/234/272/345/210/266.md +388 -0
- package/docs//344/272/213/344/273/266/345/244/204/347/220/206/350/247/204/350/214/203.md +113 -0
- package/docs//344/272/213/344/273/266/350/256/242/351/230/205/351/200/232/351/205/215/347/254/246/350/247/204/350/214/203.md +256 -0
- package/docs//344/272/213/344/273/266/351/230/237/345/210/227/345/274/271/346/200/247/347/256/241/347/220/206.md +449 -0
- package/docs//344/272/244/344/272/222/345/274/217/347/273/210/347/253/257/346/216/247/345/210/266/346/226/271/346/241/210.md +301 -0
- package/docs//344/273/243/347/220/206/345/220/257/345/212/250/345/231/250/344/270/216/345/256/271/345/231/250/345/214/226.md +140 -0
- package/docs//344/273/243/347/240/201/347/273/237/350/256/241/345/267/245/345/205/267/344/275/277/347/224/250/350/257/264/346/230/216.md +217 -0
- package/docs//344/274/230/351/233/205/351/200/200/345/207/272/350/247/204/350/214/203.md +362 -0
- package/docs//344/276/235/350/265/226/347/256/241/347/220/206/350/257/264/346/230/216.md +141 -0
- package/docs//344/277/256/345/244/215/346/235/203/351/231/220/351/227/256/351/242/230-evol-RPC/346/235/203/351/231/220.md +268 -0
- package/docs//345/210/240/351/231/244kernel-client-example/345/256/214/346/210/220.md +309 -0
- package/docs//345/210/240/351/231/244ws-management/345/256/214/346/210/220.md +418 -0
- package/docs//345/220/257/345/212/250/344/274/230/345/214/226/346/226/271/346/241/210.md +522 -0
- package/docs//345/220/257/345/212/250/344/276/235/350/265/226/344/270/216/346/216/222/345/272/217.md +105 -0
- package/docs//345/256/211/350/243/205/350/204/232/346/234/254/345/274/200/345/217/221/346/226/207/346/241/243.md +643 -0
- package/docs//345/256/214/346/225/264/345/220/257/345/212/250/346/265/201/347/250/213/350/256/276/350/256/241.md +452 -0
- package/docs//345/256/236/347/216/260/350/247/204/345/210/222.md +195 -0
- package/docs//345/277/203/350/267/263/346/234/272/345/210/266/351/207/215/346/236/204/346/200/273/347/273/223.md +166 -0
- package/docs//346/217/241/346/211/213/350/256/244/350/257/201/346/226/271/346/241/210-/345/256/211/345/205/250/345/256/241/346/237/245.md +176 -0
- package/docs//346/217/241/346/211/213/350/256/244/350/257/201/346/226/271/346/241/210.md +908 -0
- package/docs//346/226/207/346/241/243/346/233/264/346/226/260/346/270/205/345/215/225.md +83 -0
- package/docs//346/227/245/345/277/227/344/270/216/345/274/202/345/270/270/345/244/204/347/220/206/350/247/204/350/214/203.md +829 -0
- package/docs//346/227/245/345/277/227/350/260/203/350/257/225/345/256/236/346/210/230/346/214/207/345/215/227.md +25 -0
- package/docs//346/236/266/346/236/204/345/200/237/351/211/264/346/214/207/345/215/227.md +977 -0
- package/docs//346/236/266/346/236/204/346/224/271/351/200/240-/345/256/214/346/210/220/346/200/273/347/273/223.md +440 -0
- package/docs//346/236/266/346/236/204/347/216/260/347/212/266/344/270/216/347/273/210/346/236/201/347/233/256/346/240/207/345/257/271/346/257/224/345/210/206/346/236/220.md +508 -0
- package/docs//346/250/241/345/235/227/345/244/232/350/277/236/346/216/245/346/216/247/345/210/266/347/255/226/347/225/245.md +220 -0
- package/docs//346/250/241/345/235/227/345/256/211/350/243/205/346/234/272/345/210/266/350/256/276/350/256/241.md +500 -0
- package/docs//346/250/241/345/235/227/345/274/200/345/217/221/346/214/207/345/215/227.md +1824 -0
- package/docs//346/250/241/345/235/227/347/203/255/346/233/264/346/226/260.md +89 -0
- package/docs//346/250/241/345/235/227/350/277/234/347/250/213/351/203/250/347/275/262/345/274/200/345/217/221/350/247/204/350/214/203.md +460 -0
- package/docs//346/250/241/345/235/227/351/200/200/345/207/272/346/234/272/345/210/266/345/256/214/346/225/264/346/226/271/346/241/210.md +303 -0
- package/docs//346/250/241/345/235/227/351/205/215/347/275/256/345/212/240/350/275/275/344/270/216/347/203/255/351/207/215/350/275/275/350/247/204/350/214/203.md +369 -0
- package/docs//346/265/213/350/257/225/344/270/255/345/277/203/346/267/273/345/212/240/346/250/241/345/235/227/346/265/213/350/257/225/346/214/207/345/215/227.md +147 -0
- package/docs//347/211/210/346/234/254/351/224/201/345/256/232/347/216/257/345/242/203/347/256/241/347/220/206/346/226/271/346/241/210.md +331 -0
- package/docs//347/216/257/345/242/203/345/217/230/351/207/217/344/270/216/350/277/220/350/241/214/346/227/266/347/233/256/345/275/225/350/256/276/350/256/241.md +499 -0
- package/docs//347/216/257/345/242/203/347/256/241/347/220/206/345/256/214/346/225/264/346/226/271/346/241/210.md +334 -0
- package/docs//350/231/232/346/213/237/346/250/241/345/235/227/344/270/255/350/275/254/346/234/215/345/212/241/345/256/214/346/225/264/350/256/276/350/256/241.md +1496 -0
- package/docs//350/231/232/346/213/237/347/216/257/345/242/203/345/267/245/344/275/234/345/216/237/347/220/206.md +163 -0
- package/docs//350/256/241/345/210/222/347/256/241/347/220/206/345/231/250/344/275/277/347/224/250/346/214/207/345/215/227.md +196 -0
- package/docs//350/256/244/350/257/201/346/250/241/345/235/227/344/270/216Gateway/350/256/276/350/256/241/346/226/271/346/241/210.md +765 -0
- package/docs//350/277/234/347/250/213/346/250/241/345/235/227/350/256/276/350/256/241-/346/227/247/347/211/210.md +1117 -0
- package/docs//350/277/234/347/250/213/346/250/241/345/235/227/350/256/276/350/256/241.md +451 -0
- package/docs//351/207/215/346/236/204/346/234/272/345/210/266/346/270/205/345/215/225.md +192 -0
- package/docs//351/223/276/350/267/257/350/277/275/350/270/252/346/226/271/346/241/210.md +242 -0
- package/docs//351/231/215/347/272/247/347/255/226/347/225/245/350/256/276/350/256/241/346/226/271/346/241/210.md +618 -0
- package/extensions/agents/assistant/entry.py +113 -14
- package/extensions/agents/assistant/module.md +27 -22
- package/extensions/agents/assistant/server.py +291 -105
- package/extensions/channels/acp_channel/entry.py +114 -16
- package/extensions/channels/acp_channel/module.md +4 -0
- package/extensions/channels/acp_channel/server.py +396 -105
- package/extensions/channels/phone_channel/__init__.py +1 -0
- package/extensions/channels/phone_channel/entry.py +503 -0
- package/extensions/channels/phone_channel/module.md +31 -0
- package/extensions/channels/phone_channel/server.py +686 -0
- package/extensions/event_hub_bench/entry.py +55 -12
- package/extensions/event_hub_bench/module.md +27 -27
- package/extensions/services/audit/README.md +134 -0
- package/extensions/services/audit/collector.py +73 -0
- package/extensions/services/audit/entry.py +444 -0
- package/extensions/services/audit/module.md +66 -0
- package/extensions/services/audit/query_audit.py +111 -0
- package/extensions/services/audit/routes/__init__.py +1 -0
- package/extensions/services/audit/routes/routes_audit.py +113 -0
- package/extensions/services/audit/schemas/__init__.py +5 -0
- package/extensions/services/audit/schemas/audit_event.py +92 -0
- package/extensions/services/audit/server.py +542 -0
- package/extensions/services/audit/storage.py +95 -0
- package/extensions/services/auth/entry.py +1054 -0
- package/extensions/services/auth/module.md +31 -0
- package/extensions/services/auth/token_store.py +185 -0
- package/extensions/services/auth/verifiers/evol_account.py +101 -0
- package/extensions/services/auth/verifiers/kite_token.py +38 -0
- package/extensions/services/auth/verifiers/pairing_code.py +71 -0
- package/extensions/services/backup/entry.py +494 -197
- package/extensions/services/backup/module.md +4 -2
- package/extensions/services/dataclaw/api/__init__.py +0 -0
- package/extensions/services/dataclaw/api/admin.py +367 -0
- package/extensions/services/dataclaw/api/copyright.py +175 -0
- package/extensions/services/dataclaw/api/credits.py +177 -0
- package/extensions/services/dataclaw/api/data.py +179 -0
- package/extensions/services/dataclaw/api/demands.py +269 -0
- package/extensions/services/dataclaw/api/feeds.py +262 -0
- package/extensions/services/dataclaw/api/identity.py +505 -0
- package/extensions/services/dataclaw/api/notifications.py +104 -0
- package/extensions/services/dataclaw/api/reviews.py +138 -0
- package/extensions/services/dataclaw/api/search.py +153 -0
- package/extensions/services/dataclaw/api/subscriptions.py +157 -0
- package/extensions/services/dataclaw/config.json5 +96 -0
- package/extensions/services/dataclaw/core/__init__.py +0 -0
- package/extensions/services/dataclaw/core/auth.py +95 -0
- package/extensions/services/dataclaw/core/config.py +50 -0
- package/extensions/services/dataclaw/core/database.py +70 -0
- package/extensions/services/dataclaw/entry.py +416 -0
- package/extensions/services/dataclaw/gofeed/351/241/271/347/233/256/346/211/200/346/234/211/346/235/203/350/275/254/347/247/273/346/265/201/347/250/213/350/257/264/346/230/216.md +309 -0
- package/extensions/services/dataclaw/migrate.py +283 -0
- package/extensions/services/dataclaw/models/__init__.py +0 -0
- package/extensions/services/dataclaw/module.md +49 -0
- package/extensions/services/dataclaw/requirements.txt +18 -0
- package/extensions/services/dataclaw/server.py +759 -0
- package/extensions/services/dataclaw/services/__init__.py +0 -0
- package/extensions/services/dataclaw/services/agent_service.py +132 -0
- package/extensions/services/dataclaw/services/credit_service.py +235 -0
- package/extensions/services/dataclaw/services/email_service.py +140 -0
- package/extensions/services/dataclaw/services/feed_service.py +259 -0
- package/extensions/services/dataclaw/services/notification_service.py +209 -0
- package/extensions/services/dataclaw/services/oauth_service.py +275 -0
- package/extensions/services/dataclaw/services/pricing.py +102 -0
- package/extensions/services/dataclaw/services/quality.py +79 -0
- package/extensions/services/dataclaw/services/reputation.py +142 -0
- package/extensions/services/dataclaw/services/sms_service.py +174 -0
- package/extensions/services/dataclaw/static/css/common.css +853 -0
- package/extensions/services/dataclaw/static/css/themes/blue.css +42 -0
- package/extensions/services/dataclaw/static/css/themes/dark.css +42 -0
- package/extensions/services/dataclaw/static/css/themes/light.css +35 -0
- package/extensions/services/dataclaw/static/js/api.js +103 -0
- package/extensions/services/dataclaw/static/js/common.js +321 -0
- package/extensions/services/dataclaw/static/js/i18n.js +95 -0
- package/extensions/services/dataclaw/static/js/pages/admin.js +152 -0
- package/extensions/services/dataclaw/static/js/pages/dashboard.js +82 -0
- package/extensions/services/dataclaw/static/js/pages/feed-detail.js +180 -0
- package/extensions/services/dataclaw/static/js/pages/feed-manage.js +158 -0
- package/extensions/services/dataclaw/static/js/theme.js +46 -0
- package/extensions/services/dataclaw/static/locales/en-US.json +464 -0
- package/extensions/services/dataclaw/static/locales/ja-JP.json +464 -0
- package/extensions/services/dataclaw/static/locales/zh-CN.json +464 -0
- package/extensions/services/dataclaw/templates/admin/index.html +90 -0
- package/extensions/services/dataclaw/templates/base.html +136 -0
- package/extensions/services/dataclaw/templates/credits/balance.html +106 -0
- package/extensions/services/dataclaw/templates/credits/deposit.html +164 -0
- package/extensions/services/dataclaw/templates/credits/history.html +90 -0
- package/extensions/services/dataclaw/templates/dashboard.html +52 -0
- package/extensions/services/dataclaw/templates/demands/create.html +78 -0
- package/extensions/services/dataclaw/templates/demands/detail.html +136 -0
- package/extensions/services/dataclaw/templates/demands/list.html +94 -0
- package/extensions/services/dataclaw/templates/feeds/create.html +95 -0
- package/extensions/services/dataclaw/templates/feeds/detail.html +110 -0
- package/extensions/services/dataclaw/templates/feeds/list.html +110 -0
- package/extensions/services/dataclaw/templates/feeds/manage.html +88 -0
- package/extensions/services/dataclaw/templates/index.html +185 -0
- package/extensions/services/dataclaw/templates/login.html +246 -0
- package/extensions/services/dataclaw/templates/register.html +164 -0
- package/extensions/services/dataclaw/templates/settings/notifications.html +96 -0
- package/extensions/services/dataclaw/templates/settings/profile.html +167 -0
- package/extensions/services/dataclaw/templates/subscriptions/list.html +64 -0
- package/extensions/services/dataclaw/tests/__init__.py +0 -0
- package/extensions/services/dataclaw/tests/conftest.py +68 -0
- package/extensions/services/dataclaw/tests/integration/__init__.py +0 -0
- package/extensions/services/dataclaw/tests/integration/test_workflows.py +239 -0
- package/extensions/services/dataclaw/tests/unit/__init__.py +0 -0
- package/extensions/services/dataclaw/tests/unit/test_admin.py +70 -0
- package/extensions/services/dataclaw/tests/unit/test_copyright.py +63 -0
- package/extensions/services/dataclaw/tests/unit/test_credits.py +80 -0
- package/extensions/services/dataclaw/tests/unit/test_data.py +98 -0
- package/extensions/services/dataclaw/tests/unit/test_demands.py +106 -0
- package/extensions/services/dataclaw/tests/unit/test_feeds.py +98 -0
- package/extensions/services/dataclaw/tests/unit/test_identity.py +88 -0
- package/extensions/services/dataclaw/tests/unit/test_notifications.py +36 -0
- package/extensions/services/dataclaw/tests/unit/test_reviews.py +68 -0
- package/extensions/services/dataclaw/tests/unit/test_search.py +64 -0
- package/extensions/services/dataclaw/tests/unit/test_subscriptions.py +65 -0
- package/extensions/services/dataclaw/tests/unit/test_system.py +106 -0
- package/extensions/services/dataclaw/utils/__init__.py +0 -0
- package/extensions/services/dataclaw/utils/crypto.py +38 -0
- package/extensions/services/dataclaw/utils/id_generator.py +52 -0
- package/extensions/services/dataclaw/ws/__init__.py +0 -0
- package/extensions/services/dataclaw/ws/handler.py +163 -0
- package/extensions/services/dataclaw//345/215/217/350/256/2561-/351/241/271/347/233/256/346/235/241/344/273/266/346/216/210/346/235/203/344/270/216/350/202/241/346/235/203/345/257/271/344/273/267/345/215/217/350/256/256.md +243 -0
- package/extensions/services/dataclaw//345/215/217/350/256/2562-/351/241/271/347/233/256/350/264/255/344/271/260/346/235/203/344/270/216/345/244/226/345/214/205/345/247/224/346/211/230/345/274/200/345/217/221/345/215/217/350/256/256.md +434 -0
- package/extensions/services/evol/__init__.py +1 -0
- package/extensions/services/evol/async_http.py +551 -0
- package/extensions/services/evol/auth_manager.py +602 -443
- package/extensions/services/evol/config.json5 +16 -0
- package/extensions/services/evol/entry.py +568 -406
- package/extensions/services/evol/evol_api.py +969 -173
- package/extensions/services/evol/mfa_totp.py +77 -0
- package/extensions/services/evol/module.md +150 -32
- package/extensions/services/evol/nonce_pool.py +113 -0
- package/extensions/services/evol/oauth_manager.py +223 -0
- package/extensions/services/evol/pairing.py +3 -2
- package/extensions/services/evol/pairing_codes.jsonl +1 -0
- package/extensions/services/evol/relay.py +1031 -682
- package/extensions/services/evol/relay_config.json5 +85 -67
- package/extensions/services/evol/routes/routes_llm.py +231 -0
- package/extensions/services/evol/routes/routes_rpc.py +90 -89
- package/extensions/services/evol/routes/routes_test.py +11 -4
- package/extensions/services/evol/server.py +2426 -875
- package/extensions/services/evol/static/assets/CommissionView-Cs_ys6Gm.js +1 -0
- package/extensions/services/evol/static/assets/CommissionView-DACet_Oo.css +1 -0
- package/extensions/services/evol/static/assets/IframePage-DbO11U9G.js +1 -0
- package/extensions/services/evol/static/assets/IframePage-c572lT8i.css +1 -0
- package/extensions/services/evol/static/assets/TeamDetailView-DULrGD7k.css +1 -0
- package/extensions/services/evol/static/assets/TeamDetailView-gy_MBEqG.js +139 -0
- package/extensions/services/evol/static/assets/element-plus-Bd7pZkkM.js +63 -0
- package/extensions/services/evol/static/assets/index-CmMONKzG.css +1 -0
- package/extensions/services/evol/static/assets/index-D44bBe__.js +2 -0
- package/extensions/services/evol/static/assets/vue-vendor-DtF-__I4.js +29 -0
- package/extensions/services/evol/static/index.html +16 -781
- package/extensions/services/evol/static/logo.png +0 -0
- package/extensions/services/evol/stats_manager.py +243 -240
- package/extensions/services/evol/web/README.md +89 -0
- package/extensions/services/evol/web/build.bat +44 -0
- package/extensions/services/evol/web/index.html +13 -0
- package/extensions/services/evol/web/package-lock.json +1718 -0
- package/extensions/services/evol/web/package.json +26 -0
- package/extensions/services/evol/web/public/logo.png +0 -0
- package/extensions/services/evol/web/src/App.vue +7 -0
- package/extensions/services/evol/web/src/components/layout/AppHeader.vue +202 -0
- package/extensions/services/evol/web/src/components/layout/AppLayout.vue +61 -0
- package/extensions/services/evol/web/src/components/layout/AppSidebar.vue +115 -0
- package/extensions/services/evol/web/src/components/login/LoginPage.vue +271 -0
- package/extensions/services/evol/web/src/components/team/AddMemberModal.vue +181 -0
- package/extensions/services/evol/web/src/components/team/GroupTreeNode.vue +156 -0
- package/extensions/services/evol/web/src/components/team/TeamAlertConfig.vue +221 -0
- package/extensions/services/evol/web/src/components/team/TeamBillModal.vue +165 -0
- package/extensions/services/evol/web/src/components/team/TeamMembersAndGroups.vue +499 -0
- package/extensions/services/evol/web/src/components/team/TeamStatsPanel.vue +907 -0
- package/extensions/services/evol/web/src/components/team/TreeNode.vue +331 -0
- package/extensions/services/evol/web/src/components/team/stats/StatsExportProgress.vue +44 -0
- package/extensions/services/evol/web/src/components/team/stats/StatsHeader.vue +89 -0
- package/extensions/services/evol/web/src/components/team/stats/StatsMemberDetail.vue +415 -0
- package/extensions/services/evol/web/src/components/team/stats/StatsSummary.vue +42 -0
- package/extensions/services/evol/web/src/components/team/stats/helpers.ts +195 -0
- package/extensions/services/evol/web/src/components/team/stats/stats.css +741 -0
- package/extensions/services/evol/web/src/components/team/stats/useStatsApi.ts +114 -0
- package/extensions/services/evol/web/src/components/team/stats/useStatsCharts.ts +242 -0
- package/extensions/services/evol/web/src/components/team/stats/useStatsExport.ts +232 -0
- package/extensions/services/evol/web/src/composables/useFormatters.ts +42 -0
- package/extensions/services/evol/web/src/composables/useTheme.ts +52 -0
- package/extensions/services/evol/web/src/env.d.ts +7 -0
- package/extensions/services/evol/web/src/i18n/en.ts +361 -0
- package/extensions/services/evol/web/src/i18n/index.ts +36 -0
- package/extensions/services/evol/web/src/i18n/zh.ts +379 -0
- package/extensions/services/evol/web/src/main.ts +21 -0
- package/extensions/services/evol/web/src/router/index.ts +81 -0
- package/extensions/services/evol/web/src/services/kernel-client.ts +406 -0
- package/extensions/services/evol/web/src/stores/auth.ts +189 -0
- package/extensions/services/evol/web/src/stores/connection.ts +134 -0
- package/extensions/services/evol/web/src/stores/pages.ts +79 -0
- package/extensions/services/evol/web/src/styles/base.css +213 -0
- package/extensions/services/evol/web/src/styles/variables.css +138 -0
- package/extensions/services/evol/web/src/types/rpc.ts +35 -0
- package/extensions/services/evol/web/src/types/token.ts +87 -0
- package/extensions/services/evol/web/src/views/AccountView.vue +1532 -0
- package/extensions/services/evol/web/src/views/AiServiceView.vue +219 -0
- package/extensions/services/evol/web/src/views/CommissionView.vue +1220 -0
- package/extensions/services/evol/web/src/views/CreditsView.vue +131 -0
- package/extensions/services/evol/web/src/views/EndpointView.vue +163 -0
- package/extensions/services/evol/web/src/views/IframePage.vue +120 -0
- package/extensions/services/evol/web/src/views/TeamDetailView.vue +473 -0
- package/extensions/services/evol/web/src/views/TeamView.vue +332 -0
- package/extensions/services/evol/web/tsconfig.json +31 -0
- package/extensions/services/evol/web/tsconfig.node.json +10 -0
- package/extensions/services/evol/web/vite.config.ts +49 -0
- package/extensions/services/evolmem/__init__.py +0 -0
- package/extensions/services/evolmem/entry.py +387 -0
- package/extensions/services/evolmem/hooks/__init__.py +0 -0
- package/extensions/services/evolmem/hooks/assistant_stop.py +228 -0
- package/extensions/services/evolmem/hooks/common.py +76 -0
- package/extensions/services/evolmem/hooks/pre_tool_use.py +56 -0
- package/extensions/services/evolmem/hooks/session_end.py +133 -0
- package/extensions/services/evolmem/hooks/session_start.py +229 -0
- package/extensions/services/evolmem/hooks/user_prompt.py +122 -0
- package/extensions/services/evolmem/module.md +48 -0
- package/extensions/services/evolmem/prompts/00-server-info.md +28 -0
- package/extensions/services/evolmem/prompts/01-behavior.md +46 -0
- package/extensions/services/evolmem/prompts/02-summary-format.md +112 -0
- package/extensions/services/evolmem/prompts/03-file-query.md +92 -0
- package/extensions/services/evolmem/prompts/04-topic-stats.md +11 -0
- package/extensions/services/evolmem/prompts/05-recent-topics.md +84 -0
- package/extensions/services/evolmem/scripts/__init__.py +0 -0
- package/extensions/services/evolmem/scripts/extract_keywords.py +40 -0
- package/extensions/services/evolmem/scripts/search_topics.py +91 -0
- package/extensions/services/evolmem/server.py +641 -0
- package/extensions/services/gateway/entry.py +964 -0
- package/extensions/services/gateway/module.md +29 -0
- package/extensions/services/gateway/nonce_pool.py +65 -0
- package/extensions/services/gateway/relay.py +133 -0
- package/extensions/services/gateway/ws_server.py +285 -0
- package/extensions/services/kite_console/auth_manager.py +603 -0
- package/extensions/services/kite_console/config.json5 +19 -0
- package/extensions/services/kite_console/config_loader.py +117 -0
- package/extensions/services/kite_console/entry.py +528 -0
- package/extensions/services/kite_console/evol_api.py +179 -0
- package/extensions/services/kite_console/evol_config.json5 +29 -0
- package/extensions/services/kite_console/mfa_totp.py +77 -0
- package/extensions/services/kite_console/migrate_tokens.py +122 -0
- package/extensions/services/kite_console/module.md +37 -0
- package/extensions/services/kite_console/nonce_pool.py +113 -0
- package/extensions/services/kite_console/oauth_manager.py +223 -0
- package/extensions/services/kite_console/pairing.py +280 -0
- package/extensions/services/kite_console/pairing_codes.jsonl +2 -0
- package/extensions/services/kite_console/relay.py +1350 -0
- package/extensions/services/kite_console/relay_config.json5 +96 -0
- package/extensions/services/kite_console/routes/__init__.py +1 -0
- package/extensions/services/kite_console/routes/routes_llm.py +231 -0
- package/extensions/services/kite_console/routes/routes_proxy.py +115 -0
- package/extensions/services/kite_console/routes/routes_rpc.py +89 -0
- package/extensions/services/kite_console/routes/routes_test.py +68 -0
- package/extensions/services/kite_console/server.py +1742 -0
- package/extensions/services/{evol → kite_console}/static/css/style.css +656 -2
- package/extensions/services/kite_console/static/index.html +1524 -0
- package/extensions/services/{evol → kite_console}/static/js/dialog.js +11 -4
- package/extensions/services/kite_console/static/js/evol-app.js +7740 -0
- package/extensions/services/{evol/static/js/evol-app.js → kite_console/static/js/evol-app.js.backup} +2777 -1949
- package/extensions/services/kite_console/static/js/kernel-client.js +560 -0
- package/extensions/services/{evol/static/js/kernel-client.js → kite_console/static/js/kernel-client.js.backup} +41 -3
- package/extensions/services/{evol → kite_console}/static/js/registry-tests.js +7 -0
- package/extensions/services/kite_console/static/js/tests/ARCHITECTURE.md +67 -0
- package/extensions/services/kite_console/static/js/tests/README.md +140 -0
- package/extensions/services/kite_console/static/js/tests/index.js +161 -0
- package/extensions/services/kite_console/static/js/tests/integration/auth.js +120 -0
- package/extensions/services/kite_console/static/js/tests/integration/channel-interaction.js +188 -0
- package/extensions/services/kite_console/static/js/tests/integration/elastic-connection.js +115 -0
- package/extensions/services/kite_console/static/js/tests/integration/full-workflow.js +43 -0
- package/extensions/services/kite_console/static/js/tests/integration/multi-instance.js +304 -0
- package/extensions/services/kite_console/static/js/tests/integration/nested-rpc.js +266 -0
- package/extensions/services/kite_console/static/js/tests/integration/pingpong.js +25 -0
- package/extensions/services/kite_console/static/js/tests/integration/redis.js +227 -0
- package/extensions/services/kite_console/static/js/tests/integration/registry-core.js +52 -0
- package/extensions/services/kite_console/static/js/tests/integration/remote-deploy.js +85 -0
- package/extensions/services/kite_console/static/js/tests/integration/require-init.js +96 -0
- package/extensions/services/kite_console/static/js/tests/integration/scaling-control.js +193 -0
- package/extensions/services/kite_console/static/js/tests/integration/trace.js +109 -0
- package/extensions/services/kite_console/static/js/tests/modules/acp_channel.js +339 -0
- package/extensions/services/kite_console/static/js/tests/modules/auth.js +96 -0
- package/extensions/services/kite_console/static/js/tests/modules/backup.js +49 -0
- package/extensions/services/kite_console/static/js/tests/modules/gateway.js +41 -0
- package/extensions/services/kite_console/static/js/tests/modules/kernel.js +90 -0
- package/extensions/services/kite_console/static/js/tests/modules/launcher.js +75 -0
- package/extensions/services/kite_console/static/js/tests/modules/multi_instance.js +129 -0
- package/extensions/services/kite_console/static/js/tests/modules/phone_channel.js +364 -0
- package/extensions/services/kite_console/static/js/tests/modules/redis.js +178 -0
- package/extensions/services/kite_console/static/js/tests/modules/watchdog.js +60 -0
- package/extensions/services/kite_console/static/js/tests/modules/web.js +70 -0
- package/extensions/services/kite_console/static/js/tests/test-runner.js +123 -0
- package/extensions/services/kite_console/static/js/virtual-list.js +200 -0
- package/extensions/services/kite_console/static/test_kernel_client_token.html +352 -0
- package/extensions/services/kite_console/stats_manager.py +247 -0
- package/extensions/services/logs/README.md +215 -0
- package/extensions/services/logs/api_logger.py +37 -0
- package/extensions/services/logs/baseline.py +121 -0
- package/extensions/services/logs/cleaner.py +76 -0
- package/extensions/services/logs/entry.py +449 -0
- package/extensions/services/logs/formatter.py +129 -0
- package/extensions/services/logs/module.md +38 -0
- package/extensions/services/logs/quick_diagnostic.py +128 -0
- package/extensions/services/logs/routes/__init__.py +1 -0
- package/extensions/services/logs/routes/routes_logs.py +218 -0
- package/extensions/services/logs/routes/routes_logs.py.backup +173 -0
- package/extensions/services/logs/scanner.py +100 -0
- package/extensions/services/logs/searcher.py +263 -0
- package/extensions/services/logs/server.py +553 -0
- package/extensions/services/logs.zip +0 -0
- package/extensions/services/model_service/config.json5 +30 -0
- package/extensions/services/model_service/entry.py +620 -171
- package/extensions/services/model_service/module.md +11 -2
- package/extensions/services/proxy/__init__.py +0 -0
- package/extensions/services/proxy/aid_manager.py +419 -0
- package/extensions/services/proxy/auth_bridge.py +182 -0
- package/extensions/services/proxy/config_store.py +79 -0
- package/extensions/services/proxy/entry.py +528 -0
- package/extensions/services/proxy/evol/presenter/agentIdPresenter.py +2 -2
- package/extensions/services/proxy/evol/presenter/apikeyPresenter.py +18 -28
- package/extensions/services/proxy/evol/presenter/configPresenter.py +80 -1127
- package/extensions/services/proxy/evol/presenter/userPresenter.py +71 -477
- package/extensions/services/proxy/evol/server/claude_proxy_async.py +11 -7
- package/extensions/services/proxy/module.md +151 -0
- package/extensions/services/proxy/server.py +952 -271
- package/extensions/services/redis/ALIGNMENT_CHECKLIST.md +121 -0
- package/extensions/services/redis/ALIGNMENT_STATUS.md +548 -0
- package/extensions/services/redis/config.json5 +8 -0
- package/extensions/services/redis/entry.py +1509 -0
- package/extensions/services/redis/entry.py.backup +405 -0
- package/extensions/services/redis/module.md +48 -0
- package/extensions/services/redis/redis_builtin.py +332 -0
- package/extensions/services/redis/redis_external.py +164 -0
- package/extensions/services/testUi/entry.py +446 -0
- package/extensions/services/testUi/module.md +18 -0
- package/extensions/services/testUi/ui/cards.html +131 -0
- package/extensions/services/testUi/ui/index.html +22 -0
- package/extensions/services/testUi/ui/particles.html +143 -0
- package/extensions/services/watchdog/entry.py +1258 -793
- package/extensions/services/watchdog/module.md +2 -0
- package/extensions/services/watchdog/monitor.py +465 -87
- package/extensions/services/web/auth_manager.py +602 -0
- package/extensions/services/web/config.json5 +11 -0
- package/extensions/services/web/entry.py +598 -478
- package/extensions/services/web/mfa_totp.py +77 -0
- package/extensions/services/web/module.md +16 -13
- package/extensions/services/web/nonce_pool.py +113 -0
- package/extensions/services/web/oauth_manager.py +223 -0
- package/extensions/services/web/pairing.py +3 -2
- package/extensions/services/web/pairing_codes.jsonl +1 -0
- package/extensions/services/web/relay.py +442 -63
- package/extensions/services/web/relay_config.json5 +1 -2
- package/extensions/services/web/routes/routes_rpc.py +6 -6
- package/extensions/services/web/server.py +360 -173
- package/extensions/services/web/static/index.html +1752 -1738
- package/extensions/services/web/static/js/app.js +32 -0
- package/extensions/services/web/static/js/kernel-client.js +48 -9
- package/extensions/services/web/vendor/bluetooth/audio.py +1 -1
- package/extensions/services/web/vendor/config.py +2 -2
- package/extensions/services/web/vendor/storage/identity.py +1 -1
- package/kernel/entry.py +77 -23
- package/kernel/event_hub.py +1122 -74
- package/kernel/module.md +2 -1
- package/kernel/registry_store.py +208 -11
- package/kernel/rpc_router.py +1400 -491
- package/kernel/server.py +1021 -134
- package/kite_cli/__init__.py +9 -1
- package/kite_cli/builders/__init__.py +4 -0
- package/kite_cli/builders/base.py +67 -0
- package/kite_cli/builders/custom.py +31 -0
- package/kite_cli/builders/detector.py +56 -0
- package/kite_cli/builders/go.py +34 -0
- package/kite_cli/builders/gradle.py +41 -0
- package/kite_cli/builders/maven.py +36 -0
- package/kite_cli/builders/npm.py +44 -0
- package/kite_cli/builders/python.py +37 -0
- package/kite_cli/commands/BUILD_GUIDE.md +109 -0
- package/kite_cli/commands/build.py +142 -0
- package/kite_cli/commands/check.py +60 -0
- package/kite_cli/commands/config.py +156 -0
- package/kite_cli/commands/deps.py +58 -0
- package/kite_cli/commands/deps_install.py +7 -7
- package/kite_cli/commands/disable.py +162 -0
- package/kite_cli/commands/enable.py +162 -0
- package/kite_cli/commands/export.py +96 -0
- package/kite_cli/commands/import_cmd.py +110 -0
- package/kite_cli/commands/install.py +50 -23
- package/kite_cli/commands/install_skill.py +107 -0
- package/kite_cli/commands/list.py +128 -31
- package/kite_cli/commands/outdated.py +202 -0
- package/kite_cli/commands/search.py +33 -17
- package/kite_cli/commands/update.py +115 -2
- package/kite_cli/commands/venv_setup.py +6 -6
- package/kite_cli/commands/why.py +48 -0
- package/kite_cli/core/config_manager.py +145 -0
- package/kite_cli/core/downloader.py +32 -2
- package/kite_cli/main.py +153 -7
- package/kite_cli/utils/colors.py +153 -0
- package/kite_cli/utils/dependency_graph.py +209 -0
- package/kite_cli/utils/process.py +55 -0
- package/kite_cli/utils/progress.py +207 -0
- package/kite_cli/utils/table.py +101 -0
- package/launcher/count_lines.py +192 -43
- package/launcher/entry.py +4543 -2802
- package/launcher/logging_setup.py +54 -1
- package/launcher/module.md +32 -6
- package/launcher/module_scanner.py +93 -20
- package/launcher/process_manager.py +355 -76
- package/main.py +6 -0
- package/package.json +4 -1
- package/requirements.txt +41 -38
- package/scripts/auto-fix-deps.py +128 -0
- package/scripts/env-manager.js +25 -2
- package/scripts/final-test.js +78 -0
- package/scripts/setup-python-env.js +700 -191
- package/scripts/test-alluser.js +48 -0
- package/scripts/test-different-version.js +86 -0
- package/scripts/test-direct.js +63 -0
- package/scripts/test-extract-installer.js +28 -0
- package/scripts/test-install-log.js +54 -0
- package/scripts/test-installer.js +39 -0
- package/scripts/test-integration.js +250 -0
- package/scripts/test-real-install.js +210 -0
- package/scripts/test-targetdir.js +49 -0
- package/scripts/test-venv-real.js +47 -0
- package/scripts/test-venv-simple.js +57 -0
- package/scripts/test-wait.js +49 -0
- package/scripts/test-with-log.js +63 -0
- package/extensions/services/evol/config.yaml +0 -149
- package/extensions/services/evol/routes/routes_management_ws.py +0 -127
- package/extensions/services/evol/static/index_evol.html +0 -14
- package/extensions/services/evol/static/js/app.js +0 -6304
- package/extensions/services/evol/static/js/auth.js +0 -326
- package/extensions/services/evol/static/js/evol-app-fixed.js +0 -50
- package/extensions/services/evol/static/js/evol-app.js.bak +0 -1800
- package/extensions/services/evol/static/js/kernel-client-example.js +0 -228
- package/extensions/services/evol/static/js/main.js +0 -141
- package/extensions/services/evol/static/js/stats.js +0 -217
- package/extensions/services/evol/static/js/token-manager.js +0 -175
- package/extensions/services/proxy/CHANGELOG_20260308.md +0 -258
- package/extensions/services/proxy/_fix_prints.py +0 -133
- package/extensions/services/proxy/_fix_prints2.py +0 -87
- package/extensions/services/proxy/console_auth.py +0 -109
- package/extensions/services/proxy/logs/websocket.log +0 -260
- package/extensions/services/proxy/main.py +0 -240
- package/extensions/services/proxy/requirements.txt +0 -13
- package/extensions/services/web/config.yaml +0 -149
- /package/extensions/services/{evol → kite_console}/static/pairing.html +0 -0
- /package/extensions/services/{evol → kite_console}/static/test_registry.html +0 -0
- /package/extensions/services/{evol → kite_console}/static/test_relay.html +0 -0
|
@@ -0,0 +1,765 @@
|
|
|
1
|
+
# 认证模块与 Gateway 设计方案
|
|
2
|
+
|
|
3
|
+
## 1. 问题与目标
|
|
4
|
+
|
|
5
|
+
现有认证逻辑全部耦合在 `kite_console/relay.py` 中(配对码、Token、OAuth、MFA)。需要:
|
|
6
|
+
|
|
7
|
+
- 将认证逻辑抽离为独立的 **Auth 模块**(标准 Kite 模块)
|
|
8
|
+
- 新增独立的 **Gateway 模块**(标准 Kite 模块,独立端口)
|
|
9
|
+
- kite_console 的 Relay 组件保持为控制台内部组件,与 Gateway 在认证流程上行为一致
|
|
10
|
+
- 全程使用 **JSON-RPC 2.0** 格式,包括握手阶段
|
|
11
|
+
|
|
12
|
+
## 2. 系统拓扑
|
|
13
|
+
|
|
14
|
+
```
|
|
15
|
+
┌──────────────────────────────────────────────────────────────────┐
|
|
16
|
+
│ Kite 实例 │
|
|
17
|
+
│ │
|
|
18
|
+
│ ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────┐ │
|
|
19
|
+
│ │ Launcher │ │ Watchdog │ │ Web │ │ Backup │ ... │
|
|
20
|
+
│ └────┬─────┘ └────┬─────┘ └────┬─────┘ └────┬─────┘ │
|
|
21
|
+
│ └──────────────┼─────────────┼─────────────┘ │
|
|
22
|
+
│ │ stdin token│ │
|
|
23
|
+
│ ┌──────▼─────────────▼──────┐ │
|
|
24
|
+
│ │ Kernel │ │
|
|
25
|
+
│ │ Registry·EventHub·RPC │ │
|
|
26
|
+
│ └──┬──────────┬──────────┬──┘ │
|
|
27
|
+
│ │ │ │ │
|
|
28
|
+
│ ┌───────▼──┐ ┌───▼────┐ ┌──▼─────────────┐ │
|
|
29
|
+
│ │ Auth │ │Gateway │ │ Kite Console │ │
|
|
30
|
+
│ │ (认证服务)│ │ (网关) │ │ (控制台+Relay) │ │
|
|
31
|
+
│ │ 纯RPC服务 │ │WS+HTTP │ │ HTTP+WS │ │
|
|
32
|
+
│ └──────────┘ └───┬────┘ └──────┬─────────┘ │
|
|
33
|
+
│ │ │ │
|
|
34
|
+
└────────────────────────────┼──────────────┼─────────────────────┘
|
|
35
|
+
│ │
|
|
36
|
+
┌─────────▼──┐ ┌────────▼────────┐
|
|
37
|
+
│ 远程模块 │ │ 浏览器/远程客户端│
|
|
38
|
+
│ (卫星Kite) │ │ (控制台前端) │
|
|
39
|
+
└────────────┘ └─────────────────┘
|
|
40
|
+
```
|
|
41
|
+
|
|
42
|
+
### 2.1 三个角色
|
|
43
|
+
|
|
44
|
+
| 角色 | 性质 | 职责 | 对外端口 |
|
|
45
|
+
|------|------|------|----------|
|
|
46
|
+
| **Auth** | 标准 Kite 模块 | 认证逻辑 + Token 持久化 + 审计 | 无(纯 RPC) |
|
|
47
|
+
| **Gateway** | 标准 Kite 模块 | 远程接入网关(WS + OAuth HTTP 回调) | 独立端口 |
|
|
48
|
+
| **Relay** | kite_console 内部组件 | 控制台复用端口的接入层 | 复用控制台端口 |
|
|
49
|
+
|
|
50
|
+
### 2.2 状态分层
|
|
51
|
+
|
|
52
|
+
| 状态类型 | 归属 | 生命周期 | 重启后 |
|
|
53
|
+
|----------|------|----------|--------|
|
|
54
|
+
| nonce 池 | Gateway/Relay | 连接级,秒级 | 连接断了 nonce 自然失效 |
|
|
55
|
+
| session 映射 | Gateway/Relay | 连接级 | 连接断了 session 无意义 |
|
|
56
|
+
| 权限配置 | Gateway/Relay | 启动时加载 | 从配置重新加载 |
|
|
57
|
+
| 速率限制(IP/设备) | Gateway/Relay | 进程级 | 重置,可接受 |
|
|
58
|
+
| Token 记录 | Auth | 持久化(JSONL) | 不丢失 |
|
|
59
|
+
| 设备/账号注册 | Auth | 持久化 | 不丢失 |
|
|
60
|
+
| 审计日志 | Auth | 持久化 | 不丢失 |
|
|
61
|
+
| 速率限制(账号级) | Auth | 进程级 | 重置,可接受 |
|
|
62
|
+
|
|
63
|
+
Gateway/Relay 的状态全是**连接绑定的临时状态**。Gateway 重启 → 所有连接断开 → 所有状态自然失效 → 客户端重连重新认证。
|
|
64
|
+
|
|
65
|
+
## 3. 协议格式
|
|
66
|
+
|
|
67
|
+
**全程 JSON-RPC 2.0**,包括握手阶段。不引入非标消息格式。
|
|
68
|
+
|
|
69
|
+
### 3.1 challenge(JSON-RPC notification)
|
|
70
|
+
|
|
71
|
+
Gateway/Relay 在 accept 连接后主动推送:
|
|
72
|
+
|
|
73
|
+
```json
|
|
74
|
+
{
|
|
75
|
+
"jsonrpc": "2.0",
|
|
76
|
+
"method": "challenge",
|
|
77
|
+
"params": {
|
|
78
|
+
"nonce": "a1b2c3d4-uuid",
|
|
79
|
+
"ts": 1710000000000,
|
|
80
|
+
"timeout_ms": 10000,
|
|
81
|
+
"auth_methods": ["pairing_code", "sms", "email", "oauth", "kite_token"],
|
|
82
|
+
"protocol": { "version": 1 }
|
|
83
|
+
}
|
|
84
|
+
}
|
|
85
|
+
```
|
|
86
|
+
|
|
87
|
+
- notification(无 `id` 字段),不需要客户端回复
|
|
88
|
+
- `timeout_ms`:整个 pre-auth 阶段的超时,超时后关闭连接
|
|
89
|
+
- `auth_methods`:Gateway 启动时从 Auth 模块查询并缓存
|
|
90
|
+
|
|
91
|
+
### 3.2 pre-auth RPC(JSON-RPC request/response)
|
|
92
|
+
|
|
93
|
+
challenge 之后、auth.connect 之前,客户端可调用有限的 pre-auth 方法:
|
|
94
|
+
|
|
95
|
+
```json
|
|
96
|
+
{
|
|
97
|
+
"jsonrpc": "2.0",
|
|
98
|
+
"id": "req-1",
|
|
99
|
+
"method": "auth.request_pairing_code",
|
|
100
|
+
"params": {}
|
|
101
|
+
}
|
|
102
|
+
```
|
|
103
|
+
|
|
104
|
+
Gateway **透明转发**这些请求到 Auth 模块(通过 Kernel RPC 路由),返回结果后**关闭连接**,避免未认证客户端长时间占用网关资源。
|
|
105
|
+
|
|
106
|
+
### 3.3 auth.connect(JSON-RPC request)
|
|
107
|
+
|
|
108
|
+
客户端发起认证:
|
|
109
|
+
|
|
110
|
+
```json
|
|
111
|
+
{
|
|
112
|
+
"jsonrpc": "2.0",
|
|
113
|
+
"id": "connect-1",
|
|
114
|
+
"method": "auth.connect",
|
|
115
|
+
"params": {
|
|
116
|
+
"nonce": "a1b2c3d4-uuid",
|
|
117
|
+
"protocol": { "min": 1, "max": 1 },
|
|
118
|
+
"client": {
|
|
119
|
+
"id": "my-app",
|
|
120
|
+
"type": "frontend",
|
|
121
|
+
"version": "1.0.0",
|
|
122
|
+
"device": "browser-01",
|
|
123
|
+
"channel": "default"
|
|
124
|
+
},
|
|
125
|
+
"auth": {
|
|
126
|
+
"method": "pairing_code",
|
|
127
|
+
"code": "482916"
|
|
128
|
+
}
|
|
129
|
+
}
|
|
130
|
+
}
|
|
131
|
+
```
|
|
132
|
+
|
|
133
|
+
**`auth.connect` 不是透明转发**——Gateway 拦截处理:
|
|
134
|
+
1. 验证 nonce(本地消费)
|
|
135
|
+
2. 提取 auth 信息,调用 `auth.verify()` RPC(通过 Kernel 转发到 Auth 模块)
|
|
136
|
+
3. 成功后为客户端创建到 Kernel 的代理连接
|
|
137
|
+
4. 返回 hello-ok
|
|
138
|
+
|
|
139
|
+
### 3.4 hello-ok(JSON-RPC response)
|
|
140
|
+
|
|
141
|
+
```json
|
|
142
|
+
{
|
|
143
|
+
"jsonrpc": "2.0",
|
|
144
|
+
"id": "connect-1",
|
|
145
|
+
"result": {
|
|
146
|
+
"protocol": 1,
|
|
147
|
+
"kernel": { "version": "0.5.0", "instance_id": "kite-abc123" },
|
|
148
|
+
"identity": { "module_id": "frontend-xxx", "role": "admin" },
|
|
149
|
+
"token": "tok_xxx",
|
|
150
|
+
"policy": { "max_payload_bytes": 1048576, "ping_interval_ms": 5000 },
|
|
151
|
+
"features": { "events": ["module.*"], "rpc_namespaces": ["kernel", "auth"] }
|
|
152
|
+
}
|
|
153
|
+
}
|
|
154
|
+
```
|
|
155
|
+
|
|
156
|
+
### 3.5 pre-auth 方法分类
|
|
157
|
+
|
|
158
|
+
| 方法 | Gateway 行为 | 连接处理 |
|
|
159
|
+
|------|-------------|----------|
|
|
160
|
+
| `auth.request_pairing_code` | 透明转发到 Auth | 返回后**关闭连接** |
|
|
161
|
+
| `auth.send_sms_code` | 透明转发到 Auth | 返回后**关闭连接** |
|
|
162
|
+
| `auth.send_email_code` | 透明转发到 Auth | 返回后**关闭连接** |
|
|
163
|
+
| `auth.get_oauth_url` | 透明转发到 Auth | 返回后**关闭连接** |
|
|
164
|
+
| `auth.connect` | Gateway 拦截处理 | 成功→保持连接进入 relay;失败→关闭 |
|
|
165
|
+
| 其他任何方法 | **拒绝**(4001 Unauthorized) | — |
|
|
166
|
+
|
|
167
|
+
## 4. 完整认证时序图
|
|
168
|
+
|
|
169
|
+
### 4.1 配对码登录
|
|
170
|
+
|
|
171
|
+
```mermaid
|
|
172
|
+
sequenceDiagram
|
|
173
|
+
actor U as 用户
|
|
174
|
+
participant C as 远程客户端
|
|
175
|
+
participant GW as Gateway/Relay
|
|
176
|
+
participant K as Kernel
|
|
177
|
+
participant A as Auth 模块
|
|
178
|
+
|
|
179
|
+
Note over C,A: ── 阶段1:获取配对码(短连接)──
|
|
180
|
+
|
|
181
|
+
C->>GW: WS connect
|
|
182
|
+
GW->>GW: accept,生成 nonce
|
|
183
|
+
GW->>C: notification: challenge {nonce, ts, auth_methods}
|
|
184
|
+
C->>GW: request: auth.request_pairing_code()
|
|
185
|
+
GW->>K: RPC: auth.request_pairing_code()
|
|
186
|
+
K->>A: 转发
|
|
187
|
+
A->>A: 生成配对码 482916(5分钟过期)
|
|
188
|
+
A->>K: event.publish(auth.code_generated, {code})
|
|
189
|
+
A->>K: {code:"482916", expires_at:xxx}
|
|
190
|
+
K->>GW: 转发响应
|
|
191
|
+
GW->>C: response: {code:"482916", expires_at:xxx}
|
|
192
|
+
GW--xC: 关闭连接(pre-auth 短连接)
|
|
193
|
+
|
|
194
|
+
Note over U: 用户通过控制台/其他渠道看到配对码
|
|
195
|
+
|
|
196
|
+
Note over C,A: ── 阶段2:提交配对码认证(新连接)──
|
|
197
|
+
|
|
198
|
+
C->>GW: WS connect(新连接)
|
|
199
|
+
GW->>GW: accept,生成新 nonce
|
|
200
|
+
GW->>C: notification: challenge {nonce, ts, auth_methods}
|
|
201
|
+
C->>GW: request: auth.connect {nonce, client:{...}, auth:{method:"pairing_code", code:"482916"}}
|
|
202
|
+
GW->>GW: 验证 nonce ✓(消费后删除)
|
|
203
|
+
GW->>K: RPC: auth.verify({method:"pairing_code", code:"482916", client_info:{...}})
|
|
204
|
+
K->>A: 转发
|
|
205
|
+
A->>A: 验证配对码 ✓(消费后删除)
|
|
206
|
+
A->>K: RPC: kernel.generate_token({module_id:"frontend-xxx"})
|
|
207
|
+
K->>K: 生成 token,注册到 token_map
|
|
208
|
+
K->>A: {token:"tok_xxx"}
|
|
209
|
+
A->>A: 存储 token 元数据(auth_method, device, trust_level)
|
|
210
|
+
A->>K: event.publish(auth.success)
|
|
211
|
+
A->>K: {success:true, token:"tok_xxx", role:"admin", trust_level:"low"}
|
|
212
|
+
K->>GW: 转发响应
|
|
213
|
+
|
|
214
|
+
Note over GW,K: ── 阶段3:建立代理连接 ──
|
|
215
|
+
|
|
216
|
+
GW->>K: WS connect /ws?id=frontend-xxx
|
|
217
|
+
GW->>K: auth {token:"tok_xxx"}
|
|
218
|
+
K->>GW: auth ok
|
|
219
|
+
GW->>K: registry.register({module_id:"frontend-xxx"})
|
|
220
|
+
GW->>K: event.publish(module.ready)
|
|
221
|
+
GW->>C: response: hello-ok {protocol, kernel, identity, token:"tok_xxx"}
|
|
222
|
+
|
|
223
|
+
Note over C,K: ═══ 认证完成,进入 JSON-RPC 透传模式 ═══
|
|
224
|
+
```
|
|
225
|
+
|
|
226
|
+
### 4.2 短信验证码登录
|
|
227
|
+
|
|
228
|
+
```mermaid
|
|
229
|
+
sequenceDiagram
|
|
230
|
+
actor U as 用户
|
|
231
|
+
participant C as 远程客户端
|
|
232
|
+
participant GW as Gateway/Relay
|
|
233
|
+
participant K as Kernel
|
|
234
|
+
participant A as Auth 模块
|
|
235
|
+
participant SMS as 短信服务商
|
|
236
|
+
|
|
237
|
+
Note over C,A: ── 阶段1:请求发送验证码(短连接)──
|
|
238
|
+
|
|
239
|
+
C->>GW: WS connect
|
|
240
|
+
GW->>C: notification: challenge {nonce, ts, auth_methods}
|
|
241
|
+
C->>GW: request: auth.send_sms_code({phone:"138xxxx1234"})
|
|
242
|
+
GW->>K: RPC: auth.send_sms_code({phone:"138xxxx1234"})
|
|
243
|
+
K->>A: 转发
|
|
244
|
+
A->>A: 校验手机号在授权列表 ✓
|
|
245
|
+
A->>A: 账号级速率限制检查 ✓
|
|
246
|
+
A->>A: 生成验证码 592831(5分钟过期)
|
|
247
|
+
A->>SMS: 发送短信
|
|
248
|
+
A->>K: {sent:true, expires_at:xxx}
|
|
249
|
+
K->>GW: 转发响应
|
|
250
|
+
GW->>C: response: {sent:true, expires_at:xxx}
|
|
251
|
+
GW--xC: 关闭连接
|
|
252
|
+
|
|
253
|
+
Note over U: 用户收到短信
|
|
254
|
+
|
|
255
|
+
Note over C,A: ── 阶段2:提交验证码认证(新连接)──
|
|
256
|
+
|
|
257
|
+
C->>GW: WS connect
|
|
258
|
+
GW->>C: notification: challenge {nonce, ts, auth_methods}
|
|
259
|
+
C->>GW: request: auth.connect {nonce, auth:{method:"sms", phone:"138xxxx1234", code:"592831"}}
|
|
260
|
+
GW->>GW: 验证 nonce ✓
|
|
261
|
+
GW->>K: RPC: auth.verify({method:"sms", phone:"138xxxx1234", code:"592831", client_info:{...}})
|
|
262
|
+
K->>A: 转发
|
|
263
|
+
A->>A: 验证验证码 ✓ + 手机号授权 ✓
|
|
264
|
+
A->>K: kernel.generate_token(...)
|
|
265
|
+
K->>A: {token:"tok_xxx"}
|
|
266
|
+
A->>K: {success:true, token:"tok_xxx", role:"admin", trust_level:"low"}
|
|
267
|
+
K->>GW: 转发响应
|
|
268
|
+
GW->>K: 建立代理连接(同 4.1 阶段3)
|
|
269
|
+
GW->>C: response: hello-ok {token:"tok_xxx", ...}
|
|
270
|
+
```
|
|
271
|
+
|
|
272
|
+
### 4.3 OAuth 登录
|
|
273
|
+
|
|
274
|
+
```mermaid
|
|
275
|
+
sequenceDiagram
|
|
276
|
+
actor U as 用户
|
|
277
|
+
participant C as 远程客户端(浏览器)
|
|
278
|
+
participant GW as Gateway/Relay
|
|
279
|
+
participant K as Kernel
|
|
280
|
+
participant A as Auth 模块
|
|
281
|
+
participant O as OAuth Provider
|
|
282
|
+
|
|
283
|
+
Note over C,O: ── 阶段1:获取授权 URL(短连接)──
|
|
284
|
+
|
|
285
|
+
C->>GW: WS connect
|
|
286
|
+
GW->>C: notification: challenge {nonce, ts, auth_methods}
|
|
287
|
+
C->>GW: request: auth.get_oauth_url({provider:"github"})
|
|
288
|
+
GW->>K: RPC: auth.get_oauth_url({provider:"github", redirect_uri:"https://gw:28800/auth/oauth/callback"})
|
|
289
|
+
K->>A: 转发
|
|
290
|
+
A->>A: 生成 state(防 CSRF),存储
|
|
291
|
+
A->>K: {auth_url:"https://github.com/login/oauth/authorize?...", state:"xxx"}
|
|
292
|
+
K->>GW: 转发响应
|
|
293
|
+
GW->>C: response: {auth_url:"...", state:"xxx"}
|
|
294
|
+
GW--xC: 关闭连接
|
|
295
|
+
|
|
296
|
+
Note over C,O: ── 阶段2:用户在 OAuth Provider 授权 ──
|
|
297
|
+
|
|
298
|
+
C->>O: 跳转到授权页
|
|
299
|
+
U->>O: 授权
|
|
300
|
+
O->>GW: HTTP redirect: GET /auth/oauth/callback?code=abc&state=xxx
|
|
301
|
+
|
|
302
|
+
Note over GW,A: ── 阶段3:Gateway HTTP 回调处理 ──
|
|
303
|
+
|
|
304
|
+
GW->>K: RPC: auth.oauth_callback({provider:"github", code:"abc", state:"xxx"})
|
|
305
|
+
K->>A: 转发
|
|
306
|
+
A->>A: 验证 state ✓
|
|
307
|
+
A->>O: POST /access_token {code, client_secret}
|
|
308
|
+
O->>A: {access_token}
|
|
309
|
+
A->>O: GET /user
|
|
310
|
+
O->>A: {email, name, id}
|
|
311
|
+
A->>A: 校验授权列表 ✓
|
|
312
|
+
A->>A: 生成 auth_ticket(60s 有效,一次性)
|
|
313
|
+
A->>K: {ticket:"tic_xxx"}
|
|
314
|
+
K->>GW: 转发响应
|
|
315
|
+
GW->>C: HTTP 200 {ticket:"tic_xxx"}
|
|
316
|
+
|
|
317
|
+
Note over C,A: ── 阶段4:用 ticket 完成 WS 认证(新连接)──
|
|
318
|
+
|
|
319
|
+
C->>GW: WS connect
|
|
320
|
+
GW->>C: notification: challenge {nonce, ts, auth_methods}
|
|
321
|
+
C->>GW: request: auth.connect {nonce, auth:{method:"oauth", ticket:"tic_xxx"}}
|
|
322
|
+
GW->>GW: 验证 nonce ✓
|
|
323
|
+
GW->>K: RPC: auth.verify({method:"oauth", ticket:"tic_xxx", client_info:{...}})
|
|
324
|
+
K->>A: 转发
|
|
325
|
+
A->>A: 验证 ticket ✓(一次性消费)
|
|
326
|
+
A->>K: kernel.generate_token(...)
|
|
327
|
+
K->>A: {token:"tok_xxx"}
|
|
328
|
+
A->>K: {success:true, token:"tok_xxx", role:"admin", trust_level:"medium"}
|
|
329
|
+
K->>GW: 转发响应
|
|
330
|
+
GW->>K: 建立代理连接(同 4.1 阶段3)
|
|
331
|
+
GW->>C: response: hello-ok {token:"tok_xxx", ...}
|
|
332
|
+
```
|
|
333
|
+
|
|
334
|
+
### 4.4 已有 Token 重连
|
|
335
|
+
|
|
336
|
+
```mermaid
|
|
337
|
+
sequenceDiagram
|
|
338
|
+
participant C as 远程客户端
|
|
339
|
+
participant GW as Gateway/Relay
|
|
340
|
+
participant K as Kernel
|
|
341
|
+
participant A as Auth 模块
|
|
342
|
+
|
|
343
|
+
C->>GW: WS connect
|
|
344
|
+
GW->>C: notification: challenge {nonce, ts, auth_methods}
|
|
345
|
+
C->>GW: request: auth.connect {nonce, auth:{method:"kite_token", token:"tok_xxx"}}
|
|
346
|
+
GW->>GW: 验证 nonce ✓
|
|
347
|
+
GW->>K: RPC: auth.verify({method:"kite_token", token:"tok_xxx", client_info:{...}})
|
|
348
|
+
K->>A: 转发
|
|
349
|
+
A->>A: 验证 token(滑动30天 + 绝对180天)✓
|
|
350
|
+
A->>A: 更新 last_used_at
|
|
351
|
+
A->>K: {success:true, role:"admin", trust_level:"low"}
|
|
352
|
+
K->>GW: 转发响应
|
|
353
|
+
|
|
354
|
+
Note over GW: token 已存在,无需 kernel.generate_token
|
|
355
|
+
|
|
356
|
+
GW->>K: 建立代理连接(用已有 token)
|
|
357
|
+
GW->>C: response: hello-ok {...}
|
|
358
|
+
```
|
|
359
|
+
|
|
360
|
+
### 4.5 Token 撤销实时生效
|
|
361
|
+
|
|
362
|
+
```mermaid
|
|
363
|
+
sequenceDiagram
|
|
364
|
+
participant Admin as 管理员
|
|
365
|
+
participant KC as Kite Console
|
|
366
|
+
participant K as Kernel
|
|
367
|
+
participant A as Auth 模块
|
|
368
|
+
participant GW as Gateway
|
|
369
|
+
participant C as 远程客户端
|
|
370
|
+
|
|
371
|
+
Admin->>KC: Token 管理面板 → 撤销
|
|
372
|
+
KC->>K: RPC: auth.revoke_token({token:"tok_xxx"})
|
|
373
|
+
K->>A: 转发
|
|
374
|
+
A->>A: 标记 token 无效
|
|
375
|
+
A->>K: event.publish(auth.token.revoked, {token:"tok_xxx"})
|
|
376
|
+
A->>K: {success:true}
|
|
377
|
+
|
|
378
|
+
K->>GW: 事件: auth.token.revoked {token:"tok_xxx"}
|
|
379
|
+
GW->>GW: 查找使用该 token 的 session
|
|
380
|
+
GW->>C: notification: kicked {reason:"token_revoked"}
|
|
381
|
+
GW--xC: close (code=4001)
|
|
382
|
+
GW->>K: 清理代理连接
|
|
383
|
+
```
|
|
384
|
+
|
|
385
|
+
## 5. 速率限制分层
|
|
386
|
+
|
|
387
|
+
### 5.1 Gateway/Relay 层(连接级)
|
|
388
|
+
|
|
389
|
+
| 维度 | 策略 | 说明 |
|
|
390
|
+
|------|------|------|
|
|
391
|
+
| IP | 10s 内最多 200 次连接 | 防 DDoS |
|
|
392
|
+
| 设备 ID | 10s 内最多 20 次认证尝试 | 防暴力破解 |
|
|
393
|
+
| pre-auth 超时 | challenge 后 10s 内必须完成 | 防连接占用 |
|
|
394
|
+
|
|
395
|
+
### 5.2 Auth 模块层(账号级)
|
|
396
|
+
|
|
397
|
+
| 维度 | 策略 | 说明 |
|
|
398
|
+
|------|------|------|
|
|
399
|
+
| 手机号 | 60s 内最多 1 次发送 | 防短信轰炸 |
|
|
400
|
+
| 邮箱 | 60s 内最多 1 次发送 | 防邮件轰炸 |
|
|
401
|
+
| 配对码尝试 | 连续 5 次失败后指数退避 | 防猜码 |
|
|
402
|
+
| OAuth state | 60s 过期,一次性 | 防 CSRF 重放 |
|
|
403
|
+
| auth_ticket | 60s 过期,一次性 | 防 ticket 重放 |
|
|
404
|
+
|
|
405
|
+
Gateway 管连接级限流,Auth 管业务级限流,各司其职。
|
|
406
|
+
|
|
407
|
+
## 6. Gateway 模块设计
|
|
408
|
+
|
|
409
|
+
### 6.1 模块定义
|
|
410
|
+
|
|
411
|
+
```yaml
|
|
412
|
+
# extensions/services/gateway/module.md
|
|
413
|
+
---
|
|
414
|
+
name: gateway
|
|
415
|
+
display_name: Gateway
|
|
416
|
+
type: service
|
|
417
|
+
state: enabled
|
|
418
|
+
runtime: python
|
|
419
|
+
entry: entry.py
|
|
420
|
+
subscriptions:
|
|
421
|
+
- module.ready
|
|
422
|
+
- module.shutdown
|
|
423
|
+
- auth.token.revoked
|
|
424
|
+
config:
|
|
425
|
+
ws_port: 28800
|
|
426
|
+
ws_host: "0.0.0.0"
|
|
427
|
+
tls:
|
|
428
|
+
enabled: false
|
|
429
|
+
cert: ""
|
|
430
|
+
key: ""
|
|
431
|
+
max_connections: 1000
|
|
432
|
+
challenge_timeout_ms: 10000
|
|
433
|
+
nonce_pool_size: 10000
|
|
434
|
+
nonce_ttl: 600
|
|
435
|
+
---
|
|
436
|
+
```
|
|
437
|
+
|
|
438
|
+
### 6.2 Gateway 启动流程
|
|
439
|
+
|
|
440
|
+
```mermaid
|
|
441
|
+
sequenceDiagram
|
|
442
|
+
participant L as Launcher
|
|
443
|
+
participant GW as Gateway
|
|
444
|
+
participant K as Kernel
|
|
445
|
+
participant A as Auth 模块
|
|
446
|
+
|
|
447
|
+
L->>GW: stdin boot_info {token, kernel_host, kernel_port}
|
|
448
|
+
GW->>K: WS connect + token 认证
|
|
449
|
+
K->>GW: auth ok
|
|
450
|
+
GW->>K: registry.register({module_id:"gateway"})
|
|
451
|
+
GW->>K: event.subscribe({patterns:["auth.token.revoked"]})
|
|
452
|
+
GW->>K: RPC: auth.get_supported_methods()
|
|
453
|
+
K->>A: 转发
|
|
454
|
+
A->>K: {methods:["pairing_code","sms","email","oauth","kite_token"]}
|
|
455
|
+
K->>GW: 转发响应
|
|
456
|
+
GW->>GW: 缓存 auth_methods
|
|
457
|
+
GW->>GW: 启动 WS 服务器 :28800(+ OAuth HTTP 回调)
|
|
458
|
+
GW->>K: event.publish(module.ready)
|
|
459
|
+
```
|
|
460
|
+
|
|
461
|
+
### 6.3 Gateway 连接处理流程
|
|
462
|
+
|
|
463
|
+
```mermaid
|
|
464
|
+
flowchart TD
|
|
465
|
+
A[远程客户端 WS connect] --> B[accept]
|
|
466
|
+
B --> C[IP 速率限制检查]
|
|
467
|
+
C -->|超限| D[拒绝 4029]
|
|
468
|
+
C -->|通过| E[生成 nonce,发送 challenge]
|
|
469
|
+
E --> F{等待客户端消息}
|
|
470
|
+
F -->|超时| G[关闭 4003]
|
|
471
|
+
F -->|收到| H{method?}
|
|
472
|
+
|
|
473
|
+
H -->|auth.request_pairing_code<br/>auth.send_sms_code<br/>auth.send_email_code<br/>auth.get_oauth_url| I[透明转发到 Auth]
|
|
474
|
+
I --> J[返回结果]
|
|
475
|
+
J --> K[关闭连接]
|
|
476
|
+
|
|
477
|
+
H -->|auth.connect| L[验证 nonce]
|
|
478
|
+
L -->|无效| M[关闭 4010]
|
|
479
|
+
L -->|有效| N[调 auth.verify via Kernel]
|
|
480
|
+
N --> O{认证结果}
|
|
481
|
+
O -->|失败| P[返回错误,关闭 4001]
|
|
482
|
+
O -->|成功| Q[获取 token + role]
|
|
483
|
+
Q --> R[建立到 Kernel 的代理连接]
|
|
484
|
+
R --> S[返回 hello-ok]
|
|
485
|
+
S --> T[进入双向 JSON-RPC 透传]
|
|
486
|
+
|
|
487
|
+
H -->|其他方法| U[拒绝 4001 Unauthorized]
|
|
488
|
+
```
|
|
489
|
+
|
|
490
|
+
### 6.4 Gateway 与 Relay 的异同
|
|
491
|
+
|
|
492
|
+
| 维度 | Relay(kite_console 组件) | Gateway(独立模块) |
|
|
493
|
+
|------|--------------------------|-------------------|
|
|
494
|
+
| 端口 | 复用控制台 HTTP 端口 | 独立 WS/WSS 端口 |
|
|
495
|
+
| HTTP 能力 | 依赖 kite_console 的 FastAPI | 自带 OAuth 回调 HTTP 端口 |
|
|
496
|
+
| 客户端类型 | 浏览器前端 | 远程模块、卫星 Kite、App |
|
|
497
|
+
| 部署 | 随 kite_console 启动 | 独立模块,可选启用 |
|
|
498
|
+
| 认证流程 | 与 Gateway 完全一致 | 与 Relay 完全一致 |
|
|
499
|
+
| 代码关系 | 各自独立实现(零共享代码) | 各自独立实现 |
|
|
500
|
+
|
|
501
|
+
## 7. Auth 模块设计
|
|
502
|
+
|
|
503
|
+
### 7.1 模块定义
|
|
504
|
+
|
|
505
|
+
```yaml
|
|
506
|
+
# extensions/services/auth/module.md
|
|
507
|
+
---
|
|
508
|
+
name: auth
|
|
509
|
+
display_name: Auth
|
|
510
|
+
type: service
|
|
511
|
+
state: enabled
|
|
512
|
+
runtime: python
|
|
513
|
+
entry: entry.py
|
|
514
|
+
events:
|
|
515
|
+
- auth.success
|
|
516
|
+
- auth.failed
|
|
517
|
+
- auth.rate_limited
|
|
518
|
+
- auth.code_generated
|
|
519
|
+
- auth.token.created
|
|
520
|
+
- auth.token.revoked
|
|
521
|
+
- auth.token.expired
|
|
522
|
+
- auth.token.rotated
|
|
523
|
+
- auth.device.registered
|
|
524
|
+
- auth.anomaly.*
|
|
525
|
+
subscriptions:
|
|
526
|
+
- module.ready
|
|
527
|
+
- module.shutdown
|
|
528
|
+
---
|
|
529
|
+
```
|
|
530
|
+
|
|
531
|
+
### 7.2 RPC 方法
|
|
532
|
+
|
|
533
|
+
#### 认证类
|
|
534
|
+
|
|
535
|
+
| 方法 | 调用者 | 说明 |
|
|
536
|
+
|------|--------|------|
|
|
537
|
+
| `auth.verify` | Gateway/Relay | 统一认证入口,验证各种凭据 |
|
|
538
|
+
| `auth.request_pairing_code` | Gateway/Relay(代客户端) | 生成配对码 |
|
|
539
|
+
| `auth.send_sms_code` | Gateway/Relay(代客户端) | 发送短信验证码 |
|
|
540
|
+
| `auth.send_email_code` | Gateway/Relay(代客户端) | 发送邮箱验证码 |
|
|
541
|
+
| `auth.get_oauth_url` | Gateway/Relay(代客户端) | 生成 OAuth 授权 URL |
|
|
542
|
+
| `auth.oauth_callback` | Gateway(HTTP 回调) | 处理 OAuth 回调,返回 ticket |
|
|
543
|
+
| `auth.get_supported_methods` | Gateway/Relay(启动时) | 查询支持的认证方式 |
|
|
544
|
+
| `auth.register_aid` | 已认证客户端 | 注册 AID 设备密钥 |
|
|
545
|
+
| `auth.setup_mfa` | 已认证客户端 | 绑定 MFA |
|
|
546
|
+
|
|
547
|
+
#### Token 管理类
|
|
548
|
+
|
|
549
|
+
| 方法 | 调用者 | 说明 |
|
|
550
|
+
|------|--------|------|
|
|
551
|
+
| `auth.list_tokens` | 控制台前端 | 列出 token(支持按 auth_method 筛选) |
|
|
552
|
+
| `auth.revoke_token` | 控制台前端 | 撤销单个 token |
|
|
553
|
+
| `auth.revoke_tokens_by_method` | 控制台前端 | 按认证方式批量撤销 |
|
|
554
|
+
| `auth.refresh_token` | Gateway/Relay | 刷新 token 有效期 |
|
|
555
|
+
|
|
556
|
+
#### 审计类
|
|
557
|
+
|
|
558
|
+
| 方法 | 调用者 | 说明 |
|
|
559
|
+
|------|--------|------|
|
|
560
|
+
| `auth.query_logs` | 控制台前端 | 查询认证日志 |
|
|
561
|
+
| `auth.get_stats` | 控制台前端 | 认证统计 |
|
|
562
|
+
|
|
563
|
+
### 7.3 `auth.verify` 统一入口
|
|
564
|
+
|
|
565
|
+
```json
|
|
566
|
+
// 请求
|
|
567
|
+
{
|
|
568
|
+
"method": "pairing_code",
|
|
569
|
+
"code": "482916",
|
|
570
|
+
"client_info": {
|
|
571
|
+
"device": "browser-01",
|
|
572
|
+
"channel": "default",
|
|
573
|
+
"ip": "1.2.3.4",
|
|
574
|
+
"platform": "browser"
|
|
575
|
+
}
|
|
576
|
+
}
|
|
577
|
+
|
|
578
|
+
// 成功响应
|
|
579
|
+
{
|
|
580
|
+
"success": true,
|
|
581
|
+
"token": "tok_xxx",
|
|
582
|
+
"role": "admin",
|
|
583
|
+
"trust_level": "low",
|
|
584
|
+
"module_id": "frontend-xxx"
|
|
585
|
+
}
|
|
586
|
+
|
|
587
|
+
// 失败响应
|
|
588
|
+
{
|
|
589
|
+
"success": false,
|
|
590
|
+
"error": "invalid_code",
|
|
591
|
+
"retry_after_ms": 0
|
|
592
|
+
}
|
|
593
|
+
```
|
|
594
|
+
|
|
595
|
+
Auth 模块内部根据 `method` 分发到对应的 verifier。
|
|
596
|
+
|
|
597
|
+
### 7.4 Auth 模块文件结构
|
|
598
|
+
|
|
599
|
+
```
|
|
600
|
+
extensions/services/auth/
|
|
601
|
+
├── module.md
|
|
602
|
+
├── entry.py # 模块入口
|
|
603
|
+
├── rpc_handler.py # RPC 分发
|
|
604
|
+
├── verifiers/ # 各认证方式
|
|
605
|
+
│ ├── pairing_code.py
|
|
606
|
+
│ ├── sms.py
|
|
607
|
+
│ ├── email_code.py
|
|
608
|
+
│ ├── oauth.py
|
|
609
|
+
│ ├── kite_token.py
|
|
610
|
+
│ ├── aid.py
|
|
611
|
+
│ └── mfa.py
|
|
612
|
+
├── token_store.py # Token 持久化(JSONL)
|
|
613
|
+
├── audit_logger.py # 审计日志
|
|
614
|
+
└── anomaly_detector.py # 异常检测
|
|
615
|
+
```
|
|
616
|
+
|
|
617
|
+
## 8. 关键设计决策与挑剔评估
|
|
618
|
+
|
|
619
|
+
### 8.1 challenge 由接入层发,不经过 Auth
|
|
620
|
+
|
|
621
|
+
**决策**:Gateway/Relay 自己生成 nonce、发送 challenge、验证 nonce。Auth 模块不感知 nonce。
|
|
622
|
+
|
|
623
|
+
**理由**:
|
|
624
|
+
- nonce 是连接级防重放,与 TCP 连接绑定,天然属于接入层
|
|
625
|
+
- Gateway/Relay 已经是认证过的 Kite 模块,有自己的 Kernel 连接,调 `auth.verify()` 就是普通跨模块 RPC
|
|
626
|
+
- Kernel 不需要任何改动
|
|
627
|
+
|
|
628
|
+
**风险评估**:无。nonce 丢失(Gateway 重启)= 连接断开 = 客户端重连拿新 nonce,零代价。
|
|
629
|
+
|
|
630
|
+
### 8.2 pre-auth 短连接策略
|
|
631
|
+
|
|
632
|
+
**决策**:请求配对码/验证码/OAuth URL 后立即关闭连接。只有 `auth.connect` 成功后才保持长连接。
|
|
633
|
+
|
|
634
|
+
**理由**:未认证客户端不应长时间占用网关连接资源。恶意客户端可以大量建立连接但不认证,耗尽 Gateway 连接池。
|
|
635
|
+
|
|
636
|
+
**风险评估**:客户端需要建立两次连接(请求码 + 认证),多一次 TCP 握手开销。可接受——安全性优先于便利性。
|
|
637
|
+
|
|
638
|
+
### 8.3 auth.connect 由 Gateway 拦截,不透传
|
|
639
|
+
|
|
640
|
+
**决策**:`auth.connect` 不像其他 `auth.*` 方法那样透传到 Auth 模块。Gateway 拦截它,本地验证 nonce,然后调 `auth.verify()`。
|
|
641
|
+
|
|
642
|
+
**理由**:
|
|
643
|
+
- nonce 在 Gateway 本地,必须由 Gateway 验证
|
|
644
|
+
- 认证成功后 Gateway 需要创建代理连接,这是 Gateway 的职责
|
|
645
|
+
- Auth 模块不需要知道 `auth.connect` 的存在,它只回答 `auth.verify()`
|
|
646
|
+
|
|
647
|
+
**风险评估**:Gateway 和 Relay 都需要实现 `auth.connect` 的拦截逻辑。但这是接入层的核心职责,不可避免。
|
|
648
|
+
|
|
649
|
+
### 8.4 Auth 模块单点故障
|
|
650
|
+
|
|
651
|
+
**问题**:Auth 模块挂了会怎样?
|
|
652
|
+
|
|
653
|
+
**已登录客户端的通信链路**:
|
|
654
|
+
|
|
655
|
+
```
|
|
656
|
+
客户端 ←→ Gateway ←→ Kernel ←→ 目标模块
|
|
657
|
+
```
|
|
658
|
+
|
|
659
|
+
Auth 模块**不在这条链路上**。认证成功后,Gateway 已为客户端建立了独立的 Kernel 代理连接,后续通信直接透传,不经过 Auth。
|
|
660
|
+
|
|
661
|
+
**影响范围**:
|
|
662
|
+
|
|
663
|
+
| 场景 | Auth 挂了期间 | Auth 重启后 |
|
|
664
|
+
|------|-------------|------------|
|
|
665
|
+
| 已登录的远程客户端 | ✅ 不受影响,正常通信 | ✅ 无需重新登录 |
|
|
666
|
+
| 本地模块 | ✅ 不受影响(Launcher/Kernel 管理) | ✅ 无影响 |
|
|
667
|
+
| 新的远程登录请求 | ❌ 失败(auth.verify 返回 MODULE_OFFLINE) | ✅ 恢复 |
|
|
668
|
+
| Token 撤销操作 | ❌ 不可用 | ✅ 恢复 |
|
|
669
|
+
| Token 管理面板 | ❌ 不可用 | ✅ 恢复 |
|
|
670
|
+
|
|
671
|
+
**结论**:Auth 挂了的唯一影响是**这期间无法新登录**。Auth 重启后从 JSONL 恢复 token 记录,所有功能恢复,无需任何客户端重新登录。Watchdog 监控 Auth 模块,异常时自动重启。
|
|
672
|
+
|
|
673
|
+
### 8.5 Gateway 重启的重连风暴
|
|
674
|
+
|
|
675
|
+
**问题**:Gateway 重启 → 所有远程客户端同时断线 → 同时重连。
|
|
676
|
+
|
|
677
|
+
**评估**:
|
|
678
|
+
- 客户端已有指数退避 + jitter(`kernel-client.js`),重连自然错开
|
|
679
|
+
- 持有 kite_token 的客户端:`auth.verify({method:"kite_token"})` 验证很快,无用户交互
|
|
680
|
+
- 无 token 的客户端:需要重新走配对码/短信流程,但这种情况少
|
|
681
|
+
- Gateway 的 IP 速率限制会平滑突发流量
|
|
682
|
+
|
|
683
|
+
**结论**:可接受。
|
|
684
|
+
|
|
685
|
+
### 8.6 OAuth HTTP 回调在 Gateway 上
|
|
686
|
+
|
|
687
|
+
**问题**:Gateway 是 WS 网关,现在还要提供 HTTP 端口处理 OAuth 回调。
|
|
688
|
+
|
|
689
|
+
**评估**:
|
|
690
|
+
- OAuth 回调是标准 HTTP GET,逻辑极简(收到 code+state → 调 `auth.oauth_callback()` RPC → 返回 ticket)
|
|
691
|
+
- Gateway 可以在 WS 端口旁边开一个轻量 HTTP handler,或复用同一端口(如 aiohttp 同时支持 WS 和 HTTP)
|
|
692
|
+
- kite_console 的 Relay 不需要单独处理,因为 kite_console 本身就有 FastAPI HTTP 服务
|
|
693
|
+
|
|
694
|
+
**结论**:可接受。Gateway 增加一个 `/auth/oauth/callback` HTTP 路由即可。
|
|
695
|
+
|
|
696
|
+
### 8.7 auth_methods 缓存一致性
|
|
697
|
+
|
|
698
|
+
**问题**:Gateway 启动时查询 `auth.get_supported_methods()` 并缓存。如果 Auth 模块后续动态增减认证方式,Gateway 的缓存过期。
|
|
699
|
+
|
|
700
|
+
**评估**:
|
|
701
|
+
- 认证方式变更极低频(部署级别的变更)
|
|
702
|
+
- Auth 模块可以在方法变更时发布事件 `auth.methods_changed`,Gateway 订阅后刷新缓存
|
|
703
|
+
- 或者 Gateway 定期刷新(如每 5 分钟)
|
|
704
|
+
|
|
705
|
+
**结论**:初期不需要动态刷新,Gateway 重启即可。后续按需加事件通知。
|
|
706
|
+
|
|
707
|
+
### 8.8 Kernel 零改动确认
|
|
708
|
+
|
|
709
|
+
本方案 **Kernel 不需要任何改动**:
|
|
710
|
+
|
|
711
|
+
- Gateway/Relay 用自己的 token 连 Kernel → 已有机制
|
|
712
|
+
- 调 `auth.*` RPC → Kernel 标准跨模块转发,已有机制
|
|
713
|
+
- `kernel.generate_token()` → 已有内置方法
|
|
714
|
+
- 事件发布/订阅 → 已有机制
|
|
715
|
+
- 为客户端创建新的 Kernel 连接 → 已有机制(现有 Relay 就是这么做的)
|
|
716
|
+
|
|
717
|
+
### 8.9 Kernel 重启后的 Token 失效问题
|
|
718
|
+
|
|
719
|
+
**问题**:Kernel 重启后 `token_map`(内存)清空,但 Auth 的 JSONL 里还记着之前颁发的 token。客户端拿旧 token 重连时,Auth 说"有效",但 Kernel 不认识了。
|
|
720
|
+
|
|
721
|
+
**解决方案**:Auth 模块订阅 `module.ready`(kernel)事件。Kernel 重启后,Auth 检测到 kernel ready,将所有存活的 token 通过 `kernel.register_tokens()` 批量重新注册到 Kernel 的 `token_map`。
|
|
722
|
+
|
|
723
|
+
```mermaid
|
|
724
|
+
sequenceDiagram
|
|
725
|
+
participant K as Kernel(重启后)
|
|
726
|
+
participant A as Auth 模块
|
|
727
|
+
|
|
728
|
+
K->>K: 启动,token_map 为空
|
|
729
|
+
A->>A: 收到 module.ready(kernel) 事件
|
|
730
|
+
A->>A: 从 JSONL 加载所有存活 token
|
|
731
|
+
A->>K: RPC: kernel.register_tokens([{module_id, token}, ...])
|
|
732
|
+
K->>K: 批量注册到 token_map
|
|
733
|
+
K->>A: {registered: N}
|
|
734
|
+
Note over K,A: token_map 恢复,旧 token 重新可用
|
|
735
|
+
```
|
|
736
|
+
|
|
737
|
+
这样 Kernel 重启对已登录客户端透明——Gateway 重连 Kernel 后,客户端的 token 仍然有效。
|
|
738
|
+
|
|
739
|
+
## 9. 迁移路径
|
|
740
|
+
|
|
741
|
+
### 阶段一:Auth 模块
|
|
742
|
+
|
|
743
|
+
1. 创建 `extensions/services/auth/` 模块骨架
|
|
744
|
+
2. 实现 `auth.verify()`(先支持 pairing_code + kite_token)
|
|
745
|
+
3. 实现 `auth.request_pairing_code()`
|
|
746
|
+
4. 实现 `auth.list_tokens()` / `auth.revoke_token()`
|
|
747
|
+
5. 改造 kite_console Relay:认证逻辑改为调 `auth.*` RPC
|
|
748
|
+
6. 测试:现有配对码登录和 Token 登录流程不受影响
|
|
749
|
+
|
|
750
|
+
### 阶段二:Gateway 模块
|
|
751
|
+
|
|
752
|
+
1. 创建 `extensions/services/gateway/` 模块骨架
|
|
753
|
+
2. 实现 WS 服务器 + challenge/connect 握手
|
|
754
|
+
3. 实现 pre-auth 白名单 + 速率限制
|
|
755
|
+
4. 实现代理连接建立 + 双向 JSON-RPC 透传
|
|
756
|
+
5. 实现 OAuth HTTP 回调端点
|
|
757
|
+
6. 测试:远程模块通过 Gateway 端口接入
|
|
758
|
+
|
|
759
|
+
### 阶段三:扩展认证方式
|
|
760
|
+
|
|
761
|
+
1. Auth 模块新增 verifier:sms、email、oauth、aid
|
|
762
|
+
2. 前端增加多种登录方式 UI
|
|
763
|
+
3. 控制台增加 Token 管理界面增强
|
|
764
|
+
4. 异常检测后台任务
|
|
765
|
+
|