npm - @comate/zulu - Versions diffs - 1.4.0-beta.4 → 1.4.0-beta.6 - Mend

@comate/zulu 1.4.0-beta.4 → 1.4.0-beta.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (53) hide show

package/comate-engine/assets/skills/code-security/scripts/credential_open_page.py ADDED Viewed

@@ -0,0 +1,125 @@
+#!/usr/bin/env python3
+"""
+打开硬编码风险治理界面 - 构建凭证配置网页 URL 并在 IDE 内嵌浏览器中打开。
+用法:
+    python3 credential_open_page.py --chat-id <chatID> --username <用户名> \
+        [--ide-name <ideType>] [--repo <repo>] [--project-dir <目录>]
+输出:
+    1. 可点击的 Markdown 链接（供用户手动打开）
+    2. 通过 comate-kernel socket 在 IDE 内嵌浏览器中自动打开网页
+"""
+import argparse
+import glob
+import json
+import os
+import socket
+import subprocess
+import sys
+# 导入公共 URL 构建模块
+sys.path.insert(0, os.path.dirname(__file__))
+from credential_url import build_url_from_args, build_markdown_link
+def open_in_ide(url: str) -> bool:
+    """通过 comate-kernel Unix Socket HTTP API 在 IDE 内嵌浏览器中打开网页。
+    传入 reuseExisting=True，若相同 URL 已在内嵌浏览器中打开则复用现有页签，不新建。
+    """
+    body = json.dumps({
+        "action": "executeVirtualEditor",
+        "method": "openUrlInEditorWebview",
+        "payload": {"url": url, "title": "凭证托管助手", "reuseExisting": True},
+    })
+    req = (
+        "POST /editor/command/ HTTP/1.1\r\n"
+        "Host: localhost\r\n"
+        "Content-Type: application/json\r\n"
+        f"Content-Length: {len(body.encode())}\r\n"
+        "Connection: close\r\n\r\n"
+        + body
+    )
+    tmpdir = os.environ.get("TMPDIR", "/tmp").rstrip("/")
+    ppid_sock = f"{tmpdir}/comate-kernel-{os.getppid()}.sock"
+    others = sorted(
+        set(
+            glob.glob(f"{tmpdir}/comate-kernel-*.sock")
+            + glob.glob("/tmp/comate-kernel-*.sock")
+        ),
+        key=os.path.getmtime,
+        reverse=True,
+    )
+    socks = ([ppid_sock] if os.path.exists(ppid_sock) else []) + [
+        s for s in others if s != ppid_sock
+    ]
+    for sock_path in socks:
+        try:
+            s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
+            s.settimeout(2)
+            s.connect(sock_path)
+            s.send(req.encode())
+            resp = b""
+            while True:
+                chunk = s.recv(4096)
+                if not chunk:
+                    break
+                resp += chunk
+            s.close()
+            if b"ok" in resp:
+                return True
+        except Exception:
+            pass
+    return False
+def open_via_cli(url: str) -> bool:
+    """降级方案：通过 IDE CLI --open-url 触发 SimpleBrowser。"""
+    import urllib.parse
+    enc = urllib.parse.quote(json.dumps([url]))
+    for cli in ["comate", "code"]:
+        try:
+            subprocess.run(
+                [cli, "--open-url", f"command:simpleBrowser.api.open?{enc}"],
+                timeout=3,
+                capture_output=True,
+            )
+            return True
+        except Exception:
+            pass
+    return False
+def main():
+    """入口函数：解析参数、构建 URL、输出链接并尝试在 IDE 内嵌浏览器中打开。"""
+    parser = argparse.ArgumentParser(description="打开硬编码风险治理界面")
+    parser.add_argument("--chat-id", required=True, help="会话 ID (_CHAT_ID)")
+    parser.add_argument("--username", required=True, help="用户名 (_USERNAME)")
+    parser.add_argument("--ide-name", default=os.environ.get("COMATE_IDE_NAME", "comate"), help="IDE 类型")
+    parser.add_argument("--repo", default="", help="仓库标识，留空则自动从 git remote 获取")
+    parser.add_argument("--project-dir", default=".", help="项目目录，用于自动获取 repo")
+    args = parser.parse_args()
+    url = build_url_from_args(args.chat_id, args.username, args.ide_name,
+                               args.project_dir, args.repo)
+    # 输出可点击链接（在 IDE 内嵌浏览器中打开）
+    print("请点击以下链接打开硬编码风险治理网页，配置凭证信息：")
+    print()
+    print(build_markdown_link(url))
+    print()
+    print("配置完成后请在网页中点击「生成代码」按钮，我会自动检测到配置完成并继续执行修复。")
+    print()
+    # 自动在 IDE 内嵌浏览器中打开
+    if not open_in_ide(url):
+        open_via_cli(url)
+if __name__ == "__main__":
+    main()

package/comate-engine/assets/skills/code-security/scripts/credential_poll.py CHANGED Viewed

@@ -14,7 +14,7 @@
 """
 import argparse
-import base64
+from utils import make_user_id, WS_HOST
 import json
 import logging
 import os
@@ -23,15 +23,16 @@ import struct
 import sys
 import time
+# 触发共享日志配置
+import http_client  # noqa: F401
 try:
     import ssl
     _SSL_AVAILABLE = True
 except ImportError:
     _SSL_AVAILABLE = False
-# 触发共享日志配置
-import http_client  # noqa: F401
-import utils
+USER_ID = ""
 logger = logging.getLogger("credential_poll")
@@ -49,6 +50,7 @@ OP_PONG = 0xA
 def _generate_ws_key():
     """生成随机的 Sec-WebSocket-Key。"""
+    import base64
     return base64.b64encode(os.urandom(16)).decode("ascii")
@@ -221,15 +223,15 @@ def _parse_ws_url(url):
     return host, port, path, use_ssl
-def poll_credential_config(chat_id, user_id):
+def poll_credential_config(chat_id):
     """通过 WebSocket 监听凭证配置，返回配置数据 dict 或 None。"""
-    url = "{}/api/v1/ws/credential/events".format(utils.WS_HOST)
+    url = "{}/api/v1/ws/credential/events".format(WS_HOST)
     host, port, path, use_ssl = _parse_ws_url(url)
     logger.info("credential_poll start: chat_id=%s", chat_id)
     ws_headers = {
         "SAST-Chat-ID": chat_id,
-        "Comate-User-Id": user_id,
+        "Comate-User-Id": USER_ID,
     }
     reconnect_attempts = 0
@@ -318,15 +320,16 @@ def poll_credential_config(chat_id, user_id):
 def main():
+    global USER_ID
     parser = argparse.ArgumentParser(description="凭证配置轮询工具")
     parser.add_argument("--chat-id", required=True, help="scanChatID，用于关联扫描会话")
     parser.add_argument("--username", required=True, help="Comate 用户名")
     parser.add_argument("--output", default=None, help="将结果保存到指定文件路径（同时仍输出到标准输出）")
     args = parser.parse_args()
-    user_id = utils.make_user_id(args.username)
+    USER_ID = make_user_id(args.username)
-    result = poll_credential_config(args.chat_id, user_id)
+    result = poll_credential_config(args.chat_id)
     if result:
         output_json = json.dumps(result, ensure_ascii=False, indent=2)
         print(output_json)

package/comate-engine/assets/skills/code-security/scripts/credential_url.py ADDED Viewed

@@ -0,0 +1,81 @@
+#!/usr/bin/env python3
+"""
+凭证配置网页 URL 构建工具（公共模块）
+被 credential_open_page.py 和 ducc/open_browser.py 共同使用。
+"""
+import hashlib
+import os
+import subprocess
+import urllib.parse
+import json
+from utils import HOST
+BASE_URL = f"{HOST}/app/credential"
+VERSION = "2.9.1"
+def compute_uid(username: str) -> str:
+    """计算用户 UID：username 的 MD5 前 12 位。"""
+    return hashlib.md5(username.encode()).hexdigest()[:12]
+def get_repo(project_dir: str) -> str:
+    """从 git remote 获取仓库三级路径标识，失败则回退到目录名。
+    SSH 格式（git@icode.baidu.com:baidu/scan/cnap-test.git）：取 : 后的部分，去掉 .git 后缀。
+    HTTP 格式（https://icode.baidu.com/baidu/scan/cnap-test）：取域名后的路径，去掉 .git 后缀。
+    """
+    try:
+        result = subprocess.run(
+            ["git", "remote", "get-url", "origin"],
+            cwd=project_dir,
+            capture_output=True,
+            text=True,
+            timeout=5,
+        )
+        remote = result.stdout.strip()
+        if remote:
+            if ":" in remote and not remote.startswith("http"):
+                # SSH 格式
+                remote = remote.split(":", 1)[1]
+            else:
+                # HTTP 格式
+                from urllib.parse import urlparse
+                remote = urlparse(remote).path.lstrip("/")
+            return remote.removesuffix(".git")
+    except Exception:
+        pass
+    return os.path.basename(os.path.abspath(project_dir))
+def build_url(chat_id: str, uid: str, ide_name: str, repo: str) -> str:
+    """构建完整的凭证配置网页 URL（参数中的特殊字符均已 URL 编码）。"""
+    params = urllib.parse.urlencode({
+        "chatID": chat_id,
+        "comateUID": uid,
+        "version": VERSION,
+        "repo": repo,
+        "ideType": ide_name,
+    })
+    return f"{BASE_URL}?{params}"
+def build_markdown_link(url: str) -> str:
+    """构建可点击的 Markdown 链接，点击后在 IDE SimpleBrowser 中打开。
+    对 URL 做完整特殊字符转码（safe=''），确保 &、=、/、()、# 等字符
+    不破坏 Markdown 链接语法或 command 参数解析。
+    """
+    enc = urllib.parse.quote(json.dumps([url]), safe="")
+    return f"[打开硬编码风险治理界面](command:simpleBrowser.api.open?{enc})"
+def build_url_from_args(chat_id: str, username: str, ide_name: str,
+                         project_dir: str, repo: str = "") -> str:
+    """从原始参数一步构建 URL（便捷方法）。"""
+    uid = compute_uid(username)
+    repo = repo or get_repo(project_dir)
+    return build_url(chat_id, uid, ide_name, repo)

package/comate-engine/assets/skills/code-security/scripts/ducc/get_claude_session_id.sh ADDED Viewed

@@ -0,0 +1,33 @@
+#!/bin/bash
+# 获取当前 Claude Code 会话 ID
+# 获取当前工作目录的绝对路径
+CURRENT_DIR=$(pwd)
+# 将路径中的斜杠替换为连字符，构建项目目录名
+PROJECT_DIR_NAME=$(echo "$CURRENT_DIR" | sed 's/\//-/g')
+# Claude projects 目录路径
+PROJECTS_DIR="$HOME/.claude/projects"
+PROJECT_PATH="$PROJECTS_DIR/$PROJECT_DIR_NAME"
+# 检查项目目录是否存在
+if [ ! -d "$PROJECT_PATH" ]; then
+    echo "Error: Project directory not found: $PROJECT_PATH"
+    exit 1
+fi
+# 找到最新的 .jsonl 文件（按修改时间排序）
+LATEST_JSONL=$(ls -t "$PROJECT_PATH"/*.jsonl 2>/dev/null | head -1)
+# 检查是否找到文件
+if [ -z "$LATEST_JSONL" ]; then
+    echo "Error: No session JSONL file found in $PROJECT_PATH"
+    exit 1
+fi
+# 从文件名中提取会话 ID（去掉路径和 .jsonl 后缀）
+SESSION_ID=$(basename "$LATEST_JSONL" .jsonl)
+# 输出会话 ID
+echo "$SESSION_ID"

package/comate-engine/assets/skills/code-security/scripts/ducc/open_browser.py ADDED Viewed

@@ -0,0 +1,191 @@
+#!/usr/bin/env python3
+"""
+在 DUCC 内嵌浏览器中打开硬编码风险治理网页。
+用法（凭证参数模式，与 credential_open_page.py 参数一致）:
+    python3 open_browser.py --chat-id <chatID> --username <用户名> \
+        [--ide-name <ideType>] [--repo <repo>] [--project-dir <目录>]
+用法（直接指定 URL 模式）:
+    python3 open_browser.py --url <url> [--title <标题>] [--pid <kernel_pid>]
+"""
+import argparse
+import glob
+import json
+import os
+import subprocess
+import socket
+import sys
+# 导入公共 URL 构建模块
+sys.path.insert(0, os.path.dirname(os.path.dirname(__file__)))
+from credential_url import build_url_from_args
+def get_parent_pid(pid: int) -> int | None:
+    """获取进程的父进程 PID"""
+    try:
+        result = subprocess.run(
+            ["ps", "-p", str(pid), "-o", "ppid="],
+            capture_output=True, text=True, timeout=5
+        )
+        val = result.stdout.strip()
+        return int(val) if val else None
+    except Exception:
+        return None
+def find_kernel_socket() -> str | None:
+    """沿进程树向上追溯，找到有对应 comate-kernel socket 文件的祖先进程。
+    适用于 DUCC/Comate 两种环境：无论脚本由哪个父进程调用，
+    都能找到当前 VSCode 窗口对应的 kernel socket。
+    """
+    tmpdir = os.environ.get("TMPDIR", "/tmp").rstrip("/")
+    pid = os.getpid()
+    for _ in range(20):  # 最多向上追溯 20 层
+        pid = get_parent_pid(pid)
+        if not pid or pid == 1:
+            break
+        for sock_dir in [tmpdir, "/tmp"]:
+            sock_path = f"{sock_dir}/comate-kernel-{pid}.sock"
+            if os.path.exists(sock_path):
+                return sock_path
+    return None
+def open_url(url: str, pid: str = None, title: str = "网页") -> bool:
+    """在当前 DUCC 聊天框所在 VSCode 窗口的内嵌浏览器中打开 URL"""
+    tmpdir = os.environ.get("TMPDIR", "/tmp").rstrip("/")
+    body = json.dumps({
+        "action": "executeVirtualEditor",
+        "method": "openUrlInEditorWebview",
+        "payload": {"url": url, "title": title, "reuseExisting": True},
+    })
+    req = (
+        "POST /editor/command/ HTTP/1.1\r\n"
+        "Host: localhost\r\n"
+        "Content-Type: application/json\r\n"
+        f"Content-Length: {len(body.encode())}\r\n"
+        "Connection: close\r\n\r\n"
+        + body
+    )
+    def send_request(sock_path: str) -> bool:
+        try:
+            s = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
+            s.settimeout(3)
+            s.connect(sock_path)
+            s.send(req.encode())
+            resp = b""
+            while True:
+                chunk = s.recv(4096)
+                if not chunk:
+                    break
+                resp += chunk
+            s.close()
+            return b"ok" in resp
+        except Exception:
+            return False
+    # 如果指定了 PID，直接使用
+    if pid:
+        for sock_dir in [tmpdir, "/tmp"]:
+            sock_path = f"{sock_dir}/comate-kernel-{pid}.sock"
+            if os.path.exists(sock_path) and send_request(sock_path):
+                print(f"✅ 已在内嵌浏览器中打开 (PID: {pid})")
+                return True
+        print(f"❌ 连接失败 (PID: {pid})")
+        return False
+    # 优先使用 init_env.sh 在 shell 层检测到的 kernel PID
+    env_kernel_pid = os.environ.get("_KERNEL_PID", "").strip()
+    if env_kernel_pid:
+        for sock_dir in [tmpdir, "/tmp"]:
+            sock_path = f"{sock_dir}/comate-kernel-{env_kernel_pid}.sock"
+            if os.path.exists(sock_path) and send_request(sock_path):
+                print(f"✅ 已在内嵌浏览器中打开 (当前窗口 PID: {env_kernel_pid})")
+                return True
+    # 次选：Python 进程树向上查找
+    kernel_sock = find_kernel_socket()
+    if kernel_sock and send_request(kernel_sock):
+        k_pid = kernel_sock.rsplit("-", 1)[-1].replace(".sock", "")
+        print(f"✅ 已在内嵌浏览器中打开 (当前窗口 PID: {k_pid})")
+        return True
+    # 降级：用最新的活跃 socket（只考虑进程仍存在的）
+    def is_process_alive(pid_str: str) -> bool:
+        try:
+            subprocess.run(["ps", "-p", pid_str], capture_output=True, timeout=2, check=True)
+            return True
+        except Exception:
+            return False
+    socket_candidates = set(glob.glob(f"{tmpdir}/comate-kernel-*.sock") +
+                               glob.glob("/tmp/comate-kernel-*.sock"))
+    active_sockets = []
+    for sock_path in socket_candidates:
+        k_pid = sock_path.rsplit("-", 1)[-1].replace(".sock", "")
+        if is_process_alive(k_pid):
+            active_sockets.append((sock_path, k_pid))
+    # 先按访问时间排序尝试，再按修改时间排序
+    tried_pids = set()
+    for sort_key in [os.path.getatime, os.path.getmtime]:
+        sorted_sockets = sorted(active_sockets, key=lambda x: sort_key(x[0]), reverse=True)
+        for sock_path, k_pid in sorted_sockets:
+            if k_pid in tried_pids:
+                continue
+            if send_request(sock_path):
+                mode = "修改时间" if sort_key == os.path.getmtime else "访问时间"
+                print(f"✅ 已在内嵌浏览器中打开 (PID: {k_pid}, 降级模式 - 按{mode})")
+                return True
+            tried_pids.add(k_pid)
+    print("❌ 无法打开")
+    return False
+"""
+入口函数
+    python3 open_browser.py --chat-id <chatID> --username <用户名> \
+        [--ide-name <ideType>] [--repo <repo>] [--project-dir <目录>]
+    ducc打开硬编码风险治理页面。
+"""
+def main():
+    """入口函数：解析参数并在 DUCC 内嵌浏览器中打开硬编码风险治理网页。"""
+    parser = argparse.ArgumentParser(description="在 DUCC 内嵌浏览器中打开硬编码风险治理网页")
+    # 凭证参数模式（与 credential_open_page.py 一致）
+    parser.add_argument("--chat-id", help="会话 ID (_CHAT_ID)")
+    parser.add_argument("--username", help="用户名 (_USERNAME)")
+    parser.add_argument("--ide-name", default="ducc", help="IDE 类型")
+    parser.add_argument("--repo", default="", help="仓库标识，留空则自动从 git remote 获取")
+    parser.add_argument("--project-dir", default=".", help="项目目录，用于自动获取 repo")
+    # 直接指定 URL 模式
+    parser.add_argument("--url", help="直接指定要打开的 URL（与凭证参数模式二选一）")
+    parser.add_argument("--title", default="硬编码风险治理", help="页面标题")
+    parser.add_argument("--pid", help="指定 comate-kernel 进程 PID")
+    args = parser.parse_args()
+    if args.url:
+        url = args.url
+    elif args.chat_id and args.username:
+        url = build_url_from_args(args.chat_id, args.username, args.ide_name,
+                                   args.project_dir, args.repo)
+    else:
+        parser.error("必须提供 --url 或同时提供 --chat-id 和 --username")
+    success = open_url(url, args.pid, args.title)
+    sys.exit(0 if success else 1)
+if __name__ == "__main__":
+    main()