@aiyiran/myclaw 1.0.219 → 1.0.221

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/patches/patch.js +23 -12
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@aiyiran/myclaw",
3
- "version": "1.0.219",
3
+ "version": "1.0.221",
4
4
  "description": "",
5
5
  "main": "index.js",
6
6
  "bin": {
package/patches/patch.js CHANGED
@@ -121,7 +121,7 @@ function patch() {
121
121
  const version = getMyclawVersion();
122
122
 
123
123
  console.log('[myclaw-patch] → control-ui: ' + uiDir);
124
- console.log('[myclaw-patch] → MyClaw v' + version);
124
+ console.log('[myclaw-patch] → MyClaw v' + version + ' (patch-engine: 2026.04.14)');
125
125
 
126
126
  // 1. 备份原始 index.html(仅首次)
127
127
  if (!fs.existsSync(backupPath)) {
@@ -230,11 +230,14 @@ function patch() {
230
230
  const filePath = path.join(distParent, f);
231
231
  let content = fs.readFileSync(filePath, 'utf8');
232
232
 
233
- // 检查是否需要 patch
233
+ // 检查是否需要 patch(分别检测每项,避免部分已 patch 导致整体跳过)
234
234
  const needsMicrophonePatch = content.includes('microphone=()');
235
- const needsCspFramePatch = !content.includes('frame-src');
235
+ const needsFrameSrc = !content.includes('"frame-src');
236
+ const needsConnectSrc = content.includes('"connect-src \'self\' ws: wss:"');
237
+ const needsFrameAncestors = content.includes('"frame-ancestors \'none\'"');
238
+ const needsAnyCspPatch = needsFrameSrc || needsConnectSrc || needsFrameAncestors;
236
239
 
237
- if (needsMicrophonePatch || needsCspFramePatch) {
240
+ if (needsMicrophonePatch || needsAnyCspPatch) {
238
241
  // 备份
239
242
  const backupFile = filePath + BACKUP_SUFFIX;
240
243
  if (!fs.existsSync(backupFile)) {
@@ -251,31 +254,39 @@ function patch() {
251
254
  }
252
255
 
253
256
  // Patch 2: CSP - 在 buildControlUiCspHeader 的 CSP 数组中放宽限制
254
- // 原始: "default-src 'self'", "connect-src 'self' ws: wss:", "frame-ancestors 'none'"
255
- // 目标: 添加 frame-src, 放开 connect-src frame-ancestors
256
- if (needsCspFramePatch) {
257
- // 添加 frame-src 指令(允许 iframe 加载外部 https 资源)
257
+ const cspPatches = [];
258
+ // 添加 frame-src 指令(允许 iframe 加载外部 https 资源)
259
+ if (needsFrameSrc) {
258
260
  content = content.replace(
259
261
  '"default-src \'self\'"',
260
262
  '"default-src \'self\'",\n\t\t"frame-src \'self\' https:"'
261
263
  );
262
- // 放开 connect-src,允许 fetch/XHR 到外部 https API
264
+ cspPatches.push('frame-src');
265
+ }
266
+ // 放开 connect-src,允许 fetch/XHR 到外部 https API
267
+ if (needsConnectSrc) {
263
268
  content = content.replace(
264
269
  '"connect-src \'self\' ws: wss:"',
265
270
  '"connect-src \'self\' https: ws: wss:"'
266
271
  );
267
- // 放开 frame-ancestors,允许被外部 https 页面嵌入
272
+ cspPatches.push('connect-src');
273
+ }
274
+ // 放开 frame-ancestors,允许被外部 https 页面嵌入
275
+ if (needsFrameAncestors) {
268
276
  content = content.replace(
269
277
  '"frame-ancestors \'none\'"',
270
278
  '"frame-ancestors \'self\' https:"'
271
279
  );
272
- console.log('[myclaw-patch] ✅ 已修复 CSP (frame-src, connect-src, frame-ancestors): ' + f);
280
+ cspPatches.push('frame-ancestors');
281
+ }
282
+ if (cspPatches.length > 0) {
283
+ console.log('[myclaw-patch] ✅ 已修复 CSP (' + cspPatches.join(', ') + '): ' + f);
273
284
  }
274
285
 
275
286
  fs.writeFileSync(filePath, content, 'utf8');
276
287
  patched = true;
277
288
  } else {
278
- console.log('[myclaw-patch] ✅ Permissions-Policy (microphone) 和 CSP (frame-src) 已是允许状态');
289
+ console.log('[myclaw-patch] ✅ Permissions-Policy 和 CSP 已是允许状态 (无需修改): ' + f);
279
290
  patched = true;
280
291
  }
281
292
  }