@clawos-dev/clawd 0.2.152-beta.320.c7b0769 → 0.2.152-beta.321.8f612f5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.cjs +68 -14
- package/package.json +1 -1
package/dist/cli.cjs
CHANGED
|
@@ -35701,11 +35701,37 @@ var DEFAULT_PERSONAS = [
|
|
|
35701
35701
|
model: "opus",
|
|
35702
35702
|
iconKey: "doc",
|
|
35703
35703
|
public: false,
|
|
35704
|
-
//
|
|
35705
|
-
//
|
|
35704
|
+
// 与 app-builder 对齐"调用阿里云的工作方式"(owner 2026-06-17 要求):开发型 profile —— 放开文件/web
|
|
35705
|
+
// 工具 + node/pnpm 工具链精确路径 + 出站 TLD 通配白名单。html-slides 需要联网(git clone frontend-slides
|
|
35706
|
+
// skill、调阿里云 CLI/SDK)。
|
|
35707
|
+
// 阿里云凭证:**复用共享 deploy-kit 单源**($HOME/.clawd/deploy-kit/.secrets/aliyun.env,全 FC persona 共用、
|
|
35708
|
+
// seedDeployKit 每次安装都铺),不在 persona 目录另存一份。app-builder 的 FC 部署走 daemon 侧脚本(沙箱外)
|
|
35709
|
+
// 故其 profile 无需 carve 这个路径;html-slides 没有 daemon 侧流程、要在 cc 沙箱内直接 `set -a; . $HOME/.clawd/
|
|
35710
|
+
// deploy-kit/.secrets/aliyun.env; set +a` 后调 aliyun CLI(env 凭证绕过沙箱外的 ~/.aliyun/),所以这里**额外**把
|
|
35711
|
+
// 这个凭证文件加进 allowRead(denyRead '~/' 之上的精确凿洞,单文件、最小暴露,同 ~/.npmrc 先例)。
|
|
35712
|
+
// excludedCommands: ['aliyun *'] —— 额外把 aliyun CLI 放沙箱外跑(逃出 seatbelt 直接用宿主凭证/网络),
|
|
35713
|
+
// 与上面沙箱内 env 凭证方案并存,按运行时实际命令前缀匹配生效。
|
|
35706
35714
|
sandboxProfile: {
|
|
35707
|
-
permissions: {
|
|
35708
|
-
|
|
35715
|
+
permissions: {
|
|
35716
|
+
defaultMode: "bypassPermissions",
|
|
35717
|
+
allow: ["Read", "Edit", "Write", "Glob", "Grep", "WebFetch", "WebSearch"]
|
|
35718
|
+
},
|
|
35719
|
+
sandbox: {
|
|
35720
|
+
filesystem: {
|
|
35721
|
+
allowRead: ["~/.npmrc", "~/Library/Preferences/pnpm", "~/.nvm", "~/Library/pnpm", "~/.local/share/pnpm", "~/.local/state/pnpm", "~/.npm", "~/.pnpm-store", "~/.clawd/deploy-kit/.secrets/aliyun.env"],
|
|
35722
|
+
allowWrite: ["~/Library/pnpm", "~/.local/share/pnpm", "~/.local/state/pnpm", "~/.npm", "~/.pnpm-store"]
|
|
35723
|
+
},
|
|
35724
|
+
network: {
|
|
35725
|
+
allowedDomains: ["*.com", "*.org", "*.io", "*.net", "*.dev", "*.app", "*.cn", "*.co", "*.chat", "*.ai"],
|
|
35726
|
+
allowLocalBinding: true
|
|
35727
|
+
},
|
|
35728
|
+
excludedCommands: ["aliyun *"]
|
|
35729
|
+
}
|
|
35730
|
+
},
|
|
35731
|
+
codexSandbox: {
|
|
35732
|
+
writableRoots: ["~/Library/pnpm", "~/.local/share/pnpm", "~/.local/state/pnpm", "~/.npm", "~/.pnpm-store"],
|
|
35733
|
+
denyRead: [".secrets/**"],
|
|
35734
|
+
network: true
|
|
35709
35735
|
}
|
|
35710
35736
|
}
|
|
35711
35737
|
];
|
|
@@ -37172,40 +37198,68 @@ function observeReady(surface, opts) {
|
|
|
37172
37198
|
}
|
|
37173
37199
|
};
|
|
37174
37200
|
}
|
|
37201
|
+
var BYPASS_SETTLE_MS = 300;
|
|
37175
37202
|
function createBootGate(pty, logger) {
|
|
37176
37203
|
const stripAnsi = (s) => s.replace(/\x1b\[[0-9;?]*C/g, " ").replace(/\x1b\[[0-9;?]*[a-zA-Z]/g, "").replace(/\x1b\][^\x07]*\x07/g, "").replace(/\x1b[NOPM=>78]/g, "").replace(/[\x00-\x1f\x7f]/g, " ");
|
|
37177
37204
|
const popups = {
|
|
37178
|
-
trust: {
|
|
37205
|
+
trust: {
|
|
37206
|
+
handled: false,
|
|
37207
|
+
fired: false,
|
|
37208
|
+
timer: void 0,
|
|
37209
|
+
regex: /trust\s*this\s*folder/i,
|
|
37210
|
+
accept: "\r",
|
|
37211
|
+
settleMs: 0,
|
|
37212
|
+
label: "trust-folder"
|
|
37213
|
+
},
|
|
37179
37214
|
bypass: {
|
|
37180
37215
|
handled: false,
|
|
37181
|
-
|
|
37216
|
+
fired: false,
|
|
37217
|
+
timer: void 0,
|
|
37218
|
+
regex: /Bypass\s*Permissions\s*mode|By\s*proceeding/i,
|
|
37182
37219
|
accept: "2\r",
|
|
37220
|
+
settleMs: BYPASS_SETTLE_MS,
|
|
37183
37221
|
label: "bypass-warning"
|
|
37184
37222
|
}
|
|
37185
37223
|
};
|
|
37186
37224
|
let scanBuf = "";
|
|
37225
|
+
const press = (popup) => {
|
|
37226
|
+
popup.fired = true;
|
|
37227
|
+
logger?.debug(`${popup.label} popup auto-yes`);
|
|
37228
|
+
try {
|
|
37229
|
+
pty.write(popup.accept);
|
|
37230
|
+
} catch (err) {
|
|
37231
|
+
logger?.warn(`${popup.label} auto-yes write failed`, {
|
|
37232
|
+
error: err.message
|
|
37233
|
+
});
|
|
37234
|
+
}
|
|
37235
|
+
};
|
|
37236
|
+
let disposed = false;
|
|
37187
37237
|
return {
|
|
37188
37238
|
feedBytes(data) {
|
|
37239
|
+
if (disposed) return;
|
|
37189
37240
|
scanBuf += data.toString("utf8");
|
|
37190
37241
|
const cleanBuf = stripAnsi(scanBuf).replace(/\s+/g, " ");
|
|
37191
37242
|
for (const popup of Object.values(popups)) {
|
|
37192
37243
|
if (popup.handled) continue;
|
|
37193
37244
|
if (popup.regex.test(cleanBuf)) {
|
|
37194
37245
|
popup.handled = true;
|
|
37195
|
-
logger?.debug(`${popup.label} popup auto-yes`);
|
|
37196
|
-
try {
|
|
37197
|
-
pty.write(popup.accept);
|
|
37198
|
-
} catch (err) {
|
|
37199
|
-
logger?.warn(`${popup.label} auto-yes write failed`, {
|
|
37200
|
-
error: err.message
|
|
37201
|
-
});
|
|
37202
|
-
}
|
|
37203
37246
|
scanBuf = "";
|
|
37247
|
+
if (popup.settleMs === 0) press(popup);
|
|
37248
|
+
}
|
|
37249
|
+
}
|
|
37250
|
+
for (const popup of Object.values(popups)) {
|
|
37251
|
+
if (popup.handled && popup.settleMs > 0 && !popup.fired) {
|
|
37252
|
+
if (popup.timer) clearTimeout(popup.timer);
|
|
37253
|
+
popup.timer = setTimeout(() => press(popup), popup.settleMs);
|
|
37204
37254
|
}
|
|
37205
37255
|
}
|
|
37206
37256
|
if (scanBuf.length > 8192) scanBuf = scanBuf.slice(-4096);
|
|
37207
37257
|
},
|
|
37208
37258
|
dispose() {
|
|
37259
|
+
disposed = true;
|
|
37260
|
+
for (const popup of Object.values(popups)) {
|
|
37261
|
+
if (popup.timer) clearTimeout(popup.timer);
|
|
37262
|
+
}
|
|
37209
37263
|
}
|
|
37210
37264
|
};
|
|
37211
37265
|
}
|
package/package.json
CHANGED