@geeseeker/easyai-dev 3.0.0-alpha.1 → 3.0.1

package/lib/server/tools/worktree-tools.d.ts

@@ -0,0 +1,17 @@
+import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
+/**
+ * 注册 worktree_create 工具
+ * 为任务创建隔离的 Git worktree
+ */
+export declare function registerWorktreeCreate(server: McpServer): void;
+/**
+ * 注册 worktree_merge 工具
+ * 将 worktree 分支合并回目标分支
+ */
+export declare function registerWorktreeMerge(server: McpServer): void;
+/**
+ * 注册 worktree_cleanup 工具
+ * 清理已完成任务的 worktree
+ */
+export declare function registerWorktreeCleanup(server: McpServer): void;
+//# sourceMappingURL=worktree-tools.d.ts.map

package/lib/server/tools/worktree-tools.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"worktree-tools.d.ts","sourceRoot":"","sources":["../../src/tools/worktree-tools.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,MAAM,yCAAyC,CAAC;AAgEpE;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CAuG9D;AAED;;;GAGG;AACH,wBAAgB,qBAAqB,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CAsH7D;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CA6F/D"}

package/lib/server/tools/worktree-tools.js

@@ -0,0 +1,336 @@
+import { z } from "zod";
+import { execFileSync } from "node:child_process";
+import * as fs from "node:fs";
+import * as path from "node:path";
+import { getTaskDir } from "../utils/task-utils.js";
+import { checkCapability, capabilityError, isValidGitRef, } from "../utils/capability-gate.js";
+// ============ 内部工具函数 ============
+/**
+ * 获取 Git 仓库根目录
+ */
+function getGitRoot() {
+    return execFileSync("git", ["rev-parse", "--show-toplevel"], {
+        encoding: "utf-8",
+    }).trim();
+}
+/**
+ * 获取任务对应的 worktree 分支名
+ */
+function getWorktreeBranch(taskId) {
+    return `worktree/${taskId}`;
+}
+/**
+ * 获取任务对应的 worktree 目录路径
+ */
+function getWorktreePath(taskId) {
+    const gitRoot = getGitRoot();
+    return path.join(gitRoot, ".worktrees", taskId);
+}
+/**
+ * 校验 Git ref 合法性并返回错误响应（如果非法）
+ */
+function validateRef(ref, label) {
+    if (!isValidGitRef(ref)) {
+        return {
+            content: [
+                {
+                    type: "text",
+                    text: JSON.stringify({
+                        error: true,
+                        message: `非法的 ${label}: "${ref}"。` +
+                            "分支名不能包含特殊字符、空格或以 - 开头。",
+                    }),
+                },
+            ],
+            isError: true,
+        };
+    }
+    return null;
+}
+// ============ Tool 注册 ============
+/**
+ * 注册 worktree_create 工具
+ * 为任务创建隔离的 Git worktree
+ */
+export function registerWorktreeCreate(server) {
+    server.tool("worktree_create", "为指定任务创建 Git worktree，提供并行任务的物理隔离。", {
+        task_id: z.string(),
+        base_branch: z.string().optional(),
+        role: z.string().optional(),
+    }, async ({ task_id, base_branch, role }) => {
+        try {
+            // Capability Gate
+            const reject = checkCapability(role, "worktree_create");
+            if (reject) {
+                return capabilityError(reject);
+            }
+            // 检查任务是否存在
+            const taskDir = getTaskDir(task_id);
+            if (!fs.existsSync(taskDir)) {
+                return {
+                    content: [
+                        {
+                            type: "text",
+                            text: JSON.stringify({
+                                error: true,
+                                message: `任务 ${task_id} 不存在`,
+                            }),
+                        },
+                    ],
+                    isError: true,
+                };
+            }
+            const worktreePath = getWorktreePath(task_id);
+            const branch = getWorktreeBranch(task_id);
+            const baseBranch = base_branch || "main";
+            // 校验分支名合法性（防注入）
+            const refError = validateRef(baseBranch, "base_branch");
+            if (refError)
+                return refError;
+            // 检查 worktree 是否已存在
+            if (fs.existsSync(worktreePath)) {
+                return {
+                    content: [
+                        {
+                            type: "text",
+                            text: JSON.stringify({
+                                error: true,
+                                message: `任务 ${task_id} 的 worktree 已存在: ` + worktreePath,
+                            }),
+                        },
+                    ],
+                    isError: true,
+                };
+            }
+            // 创建 worktree 目录
+            fs.mkdirSync(path.dirname(worktreePath), { recursive: true });
+            // 使用 execFileSync 创建 worktree（防 shell 注入）
+            execFileSync("git", ["worktree", "add", "-b", branch, worktreePath, baseBranch], { encoding: "utf-8" });
+            return {
+                content: [
+                    {
+                        type: "text",
+                        text: JSON.stringify({
+                            task_id,
+                            worktree_path: worktreePath,
+                            branch,
+                            base_branch: baseBranch,
+                            message: `任务 ${task_id} 的 worktree 已创建`,
+                        }, null, 2),
+                    },
+                ],
+            };
+        }
+        catch (error) {
+            return {
+                content: [
+                    {
+                        type: "text",
+                        text: JSON.stringify({
+                            error: true,
+                            message: error instanceof Error ? error.message : String(error),
+                        }),
+                    },
+                ],
+                isError: true,
+            };
+        }
+    });
+}
+/**
+ * 注册 worktree_merge 工具
+ * 将 worktree 分支合并回目标分支
+ */
+export function registerWorktreeMerge(server) {
+    server.tool("worktree_merge", "将指定任务的 worktree 分支合并回目标分支。", {
+        task_id: z.string(),
+        target_branch: z.string().optional(),
+        role: z.string().optional(),
+    }, async ({ task_id, target_branch, role }) => {
+        try {
+            // Capability Gate
+            const reject = checkCapability(role, "worktree_merge");
+            if (reject) {
+                return capabilityError(reject);
+            }
+            const worktreePath = getWorktreePath(task_id);
+            const branch = getWorktreeBranch(task_id);
+            const target = target_branch || "main";
+            // 校验分支名合法性
+            const refError = validateRef(target, "target_branch");
+            if (refError)
+                return refError;
+            // 检查 worktree 是否存在
+            if (!fs.existsSync(worktreePath)) {
+                return {
+                    content: [
+                        {
+                            type: "text",
+                            text: JSON.stringify({
+                                error: true,
+                                message: `任务 ${task_id} 的 worktree 不存在`,
+                            }),
+                        },
+                    ],
+                    isError: true,
+                };
+            }
+            const gitRoot = getGitRoot();
+            // 先切换到目标分支再合并
+            execFileSync("git", ["checkout", target], {
+                encoding: "utf-8",
+                cwd: gitRoot,
+            });
+            // 执行合并
+            try {
+                const mergeMsg = `Merge ${branch} into ${target}`;
+                execFileSync("git", ["merge", branch, "--no-ff", "-m", mergeMsg], {
+                    encoding: "utf-8",
+                    cwd: gitRoot,
+                });
+            }
+            catch (mergeError) {
+                // 合并冲突时中止合并并报告
+                try {
+                    execFileSync("git", ["merge", "--abort"], {
+                        encoding: "utf-8",
+                        cwd: gitRoot,
+                    });
+                }
+                catch {
+                    // 忽略 --abort 错误
+                }
+                return {
+                    content: [
+                        {
+                            type: "text",
+                            text: JSON.stringify({
+                                error: true,
+                                message: "合并失败：可能存在冲突。" + "请手动解决冲突后重试。",
+                                details: mergeError instanceof Error
+                                    ? mergeError.message
+                                    : String(mergeError),
+                            }),
+                        },
+                    ],
+                    isError: true,
+                };
+            }
+            return {
+                content: [
+                    {
+                        type: "text",
+                        text: JSON.stringify({
+                            task_id,
+                            merged_branch: branch,
+                            target_branch: target,
+                            message: `分支 ${branch} 已合并到 ${target}`,
+                        }, null, 2),
+                    },
+                ],
+            };
+        }
+        catch (error) {
+            return {
+                content: [
+                    {
+                        type: "text",
+                        text: JSON.stringify({
+                            error: true,
+                            message: error instanceof Error ? error.message : String(error),
+                        }),
+                    },
+                ],
+                isError: true,
+            };
+        }
+    });
+}
+/**
+ * 注册 worktree_cleanup 工具
+ * 清理已完成任务的 worktree
+ */
+export function registerWorktreeCleanup(server) {
+    server.tool("worktree_cleanup", "清理指定任务的 worktree 及其分支。", {
+        task_id: z.string(),
+        delete_branch: z.boolean().optional(),
+        role: z.string().optional(),
+    }, async ({ task_id, delete_branch, role }) => {
+        try {
+            // Capability Gate
+            const reject = checkCapability(role, "worktree_cleanup");
+            if (reject) {
+                return capabilityError(reject);
+            }
+            const worktreePath = getWorktreePath(task_id);
+            const branch = getWorktreeBranch(task_id);
+            // 检查 worktree 是否存在
+            if (!fs.existsSync(worktreePath)) {
+                return {
+                    content: [
+                        {
+                            type: "text",
+                            text: JSON.stringify({
+                                error: true,
+                                message: `任务 ${task_id} 的 worktree 不存在`,
+                            }),
+                        },
+                    ],
+                    isError: true,
+                };
+            }
+            // 使用 execFileSync 移除 worktree（防 shell 注入）
+            execFileSync("git", ["worktree", "remove", worktreePath, "--force"], {
+                encoding: "utf-8",
+            });
+            // 可选：删除分支
+            const branchDeleted = delete_branch !== false;
+            if (branchDeleted) {
+                try {
+                    execFileSync("git", ["branch", "-d", branch], {
+                        encoding: "utf-8",
+                    });
+                }
+                catch {
+                    // 分支未合并时尝试强制删除
+                    try {
+                        execFileSync("git", ["branch", "-D", branch], {
+                            encoding: "utf-8",
+                        });
+                    }
+                    catch {
+                        // 分支已不存在，忽略
+                    }
+                }
+            }
+            return {
+                content: [
+                    {
+                        type: "text",
+                        text: JSON.stringify({
+                            task_id,
+                            worktree_removed: worktreePath,
+                            branch_deleted: branchDeleted ? branch : null,
+                            message: `任务 ${task_id} 的 worktree 已清理`,
+                        }, null, 2),
+                    },
+                ],
+            };
+        }
+        catch (error) {
+            return {
+                content: [
+                    {
+                        type: "text",
+                        text: JSON.stringify({
+                            error: true,
+                            message: error instanceof Error ? error.message : String(error),
+                        }),
+                    },
+                ],
+                isError: true,
+            };
+        }
+    });
+}
+//# sourceMappingURL=worktree-tools.js.map

package/lib/server/tools/worktree-tools.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"worktree-tools.js","sourceRoot":"","sources":["../../src/tools/worktree-tools.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAGxB,OAAO,EAAE,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAClD,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAElC,OAAO,EAAE,UAAU,EAAE,MAAM,wBAAwB,CAAC;AACpD,OAAO,EACL,eAAe,EACf,eAAe,EACf,aAAa,GACd,MAAM,6BAA6B,CAAC;AAErC,mCAAmC;AAEnC;;GAEG;AACH,SAAS,UAAU;IACjB,OAAO,YAAY,CAAC,KAAK,EAAE,CAAC,WAAW,EAAE,iBAAiB,CAAC,EAAE;QAC3D,QAAQ,EAAE,OAAO;KAClB,CAAC,CAAC,IAAI,EAAE,CAAC;AACZ,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,MAAc;IACvC,OAAO,YAAY,MAAM,EAAE,CAAC;AAC9B,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,MAAc;IACrC,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;IAC7B,OAAO,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,EAAE,MAAM,CAAC,CAAC;AAClD,CAAC;AAED;;GAEG;AACH,SAAS,WAAW,CAAC,GAAW,EAAE,KAAa;IAC7C,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,EAAE,CAAC;QACxB,OAAO;YACL,OAAO,EAAE;gBACP;oBACE,IAAI,EAAE,MAAe;oBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;wBACnB,KAAK,EAAE,IAAI;wBACX,OAAO,EACL,OAAO,KAAK,MAAM,GAAG,IAAI;4BACzB,wBAAwB;qBAC3B,CAAC;iBACH;aACF;YACD,OAAO,EAAE,IAAI;SACd,CAAC;IACJ,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,oCAAoC;AAEpC;;;GAGG;AACH,MAAM,UAAU,sBAAsB,CAAC,MAAiB;IACtD,MAAM,CAAC,IAAI,CACT,iBAAiB,EACjB,mCAAmC,EACnC;QACE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;QACnB,WAAW,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QAClC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KAC5B,EACD,KAAK,EAAE,EAAE,OAAO,EAAE,WAAW,EAAE,IAAI,EAAE,EAAE,EAAE;QACvC,IAAI,CAAC;YACH,kBAAkB;YAClB,MAAM,MAAM,GAAG,eAAe,CAAC,IAAI,EAAE,iBAAiB,CAAC,CAAC;YACxD,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO,eAAe,CAAC,MAAM,CAAC,CAAC;YACjC,CAAC;YAED,WAAW;YACX,MAAM,OAAO,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC;YACpC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;gBAC5B,OAAO;oBACL,OAAO,EAAE;wBACP;4BACE,IAAI,EAAE,MAAe;4BACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gCACnB,KAAK,EAAE,IAAI;gCACX,OAAO,EAAE,MAAM,OAAO,MAAM;6BAC7B,CAAC;yBACH;qBACF;oBACD,OAAO,EAAE,IAAI;iBACd,CAAC;YACJ,CAAC;YAED,MAAM,YAAY,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;YAC9C,MAAM,MAAM,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;YAC1C,MAAM,UAAU,GAAG,WAAW,IAAI,MAAM,CAAC;YAEzC,gBAAgB;YAChB,MAAM,QAAQ,GAAG,WAAW,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;YACxD,IAAI,QAAQ;gBAAE,OAAO,QAAQ,CAAC;YAE9B,oBAAoB;YACpB,IAAI,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;gBAChC,OAAO;oBACL,OAAO,EAAE;wBACP;4BACE,IAAI,EAAE,MAAe;4BACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gCACnB,KAAK,EAAE,IAAI;gCACX,OAAO,EACL,MAAM,OAAO,mBAAmB,GAAG,YAAY;6BAClD,CAAC;yBACH;qBACF;oBACD,OAAO,EAAE,IAAI;iBACd,CAAC;YACJ,CAAC;YAED,iBAAiB;YACjB,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAE9D,0CAA0C;YAC1C,YAAY,CACV,KAAK,EACL,CAAC,UAAU,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,YAAY,EAAE,UAAU,CAAC,EAC3D,EAAE,QAAQ,EAAE,OAAO,EAAE,CACtB,CAAC;YAEF,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAe;wBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAClB;4BACE,OAAO;4BACP,aAAa,EAAE,YAAY;4BAC3B,MAAM;4BACN,WAAW,EAAE,UAAU;4BACvB,OAAO,EAAE,MAAM,OAAO,iBAAiB;yBACxC,EACD,IAAI,EACJ,CAAC,CACF;qBACF;iBACF;aACF,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAe;wBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;4BACnB,KAAK,EAAE,IAAI;4BACX,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;yBAChE,CAAC;qBACH;iBACF;gBACD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;IACH,CAAC,CACF,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,qBAAqB,CAAC,MAAiB;IACrD,MAAM,CAAC,IAAI,CACT,gBAAgB,EAChB,4BAA4B,EAC5B;QACE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;QACnB,aAAa,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;QACpC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KAC5B,EACD,KAAK,EAAE,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,EAAE,EAAE;QACzC,IAAI,CAAC;YACH,kBAAkB;YAClB,MAAM,MAAM,GAAG,eAAe,CAAC,IAAI,EAAE,gBAAgB,CAAC,CAAC;YACvD,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO,eAAe,CAAC,MAAM,CAAC,CAAC;YACjC,CAAC;YAED,MAAM,YAAY,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;YAC9C,MAAM,MAAM,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;YAC1C,MAAM,MAAM,GAAG,aAAa,IAAI,MAAM,CAAC;YAEvC,WAAW;YACX,MAAM,QAAQ,GAAG,WAAW,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;YACtD,IAAI,QAAQ;gBAAE,OAAO,QAAQ,CAAC;YAE9B,mBAAmB;YACnB,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;gBACjC,OAAO;oBACL,OAAO,EAAE;wBACP;4BACE,IAAI,EAAE,MAAe;4BACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gCACnB,KAAK,EAAE,IAAI;gCACX,OAAO,EAAE,MAAM,OAAO,iBAAiB;6BACxC,CAAC;yBACH;qBACF;oBACD,OAAO,EAAE,IAAI;iBACd,CAAC;YACJ,CAAC;YAED,MAAM,OAAO,GAAG,UAAU,EAAE,CAAC;YAE7B,cAAc;YACd,YAAY,CAAC,KAAK,EAAE,CAAC,UAAU,EAAE,MAAM,CAAC,EAAE;gBACxC,QAAQ,EAAE,OAAO;gBACjB,GAAG,EAAE,OAAO;aACb,CAAC,CAAC;YAEH,OAAO;YACP,IAAI,CAAC;gBACH,MAAM,QAAQ,GAAG,SAAS,MAAM,SAAS,MAAM,EAAE,CAAC;gBAClD,YAAY,CAAC,KAAK,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,SAAS,EAAE,IAAI,EAAE,QAAQ,CAAC,EAAE;oBAChE,QAAQ,EAAE,OAAO;oBACjB,GAAG,EAAE,OAAO;iBACb,CAAC,CAAC;YACL,CAAC;YAAC,OAAO,UAAU,EAAE,CAAC;gBACpB,eAAe;gBACf,IAAI,CAAC;oBACH,YAAY,CAAC,KAAK,EAAE,CAAC,OAAO,EAAE,SAAS,CAAC,EAAE;wBACxC,QAAQ,EAAE,OAAO;wBACjB,GAAG,EAAE,OAAO;qBACb,CAAC,CAAC;gBACL,CAAC;gBAAC,MAAM,CAAC;oBACP,gBAAgB;gBAClB,CAAC;gBACD,OAAO;oBACL,OAAO,EAAE;wBACP;4BACE,IAAI,EAAE,MAAe;4BACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gCACnB,KAAK,EAAE,IAAI;gCACX,OAAO,EACL,cAAc,GAAG,aAAa;gCAChC,OAAO,EACL,UAAU,YAAY,KAAK;oCACzB,CAAC,CAAC,UAAU,CAAC,OAAO;oCACpB,CAAC,CAAC,MAAM,CAAC,UAAU,CAAC;6BACzB,CAAC;yBACH;qBACF;oBACD,OAAO,EAAE,IAAI;iBACd,CAAC;YACJ,CAAC;YAED,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAe;wBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAClB;4BACE,OAAO;4BACP,aAAa,EAAE,MAAM;4BACrB,aAAa,EAAE,MAAM;4BACrB,OAAO,EAAE,MAAM,MAAM,SAAS,MAAM,EAAE;yBACvC,EACD,IAAI,EACJ,CAAC,CACF;qBACF;iBACF;aACF,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAe;wBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;4BACnB,KAAK,EAAE,IAAI;4BACX,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;yBAChE,CAAC;qBACH;iBACF;gBACD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;IACH,CAAC,CACF,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,uBAAuB,CAAC,MAAiB;IACvD,MAAM,CAAC,IAAI,CACT,kBAAkB,EAClB,wBAAwB,EACxB;QACE,OAAO,EAAE,CAAC,CAAC,MAAM,EAAE;QACnB,aAAa,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE;QACrC,IAAI,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;KAC5B,EACD,KAAK,EAAE,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,EAAE,EAAE;QACzC,IAAI,CAAC;YACH,kBAAkB;YAClB,MAAM,MAAM,GAAG,eAAe,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC;YACzD,IAAI,MAAM,EAAE,CAAC;gBACX,OAAO,eAAe,CAAC,MAAM,CAAC,CAAC;YACjC,CAAC;YAED,MAAM,YAAY,GAAG,eAAe,CAAC,OAAO,CAAC,CAAC;YAC9C,MAAM,MAAM,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;YAE1C,mBAAmB;YACnB,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;gBACjC,OAAO;oBACL,OAAO,EAAE;wBACP;4BACE,IAAI,EAAE,MAAe;4BACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gCACnB,KAAK,EAAE,IAAI;gCACX,OAAO,EAAE,MAAM,OAAO,iBAAiB;6BACxC,CAAC;yBACH;qBACF;oBACD,OAAO,EAAE,IAAI;iBACd,CAAC;YACJ,CAAC;YAED,0CAA0C;YAC1C,YAAY,CAAC,KAAK,EAAE,CAAC,UAAU,EAAE,QAAQ,EAAE,YAAY,EAAE,SAAS,CAAC,EAAE;gBACnE,QAAQ,EAAE,OAAO;aAClB,CAAC,CAAC;YAEH,UAAU;YACV,MAAM,aAAa,GAAG,aAAa,KAAK,KAAK,CAAC;YAC9C,IAAI,aAAa,EAAE,CAAC;gBAClB,IAAI,CAAC;oBACH,YAAY,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE,IAAI,EAAE,MAAM,CAAC,EAAE;wBAC5C,QAAQ,EAAE,OAAO;qBAClB,CAAC,CAAC;gBACL,CAAC;gBAAC,MAAM,CAAC;oBACP,eAAe;oBACf,IAAI,CAAC;wBACH,YAAY,CAAC,KAAK,EAAE,CAAC,QAAQ,EAAE,IAAI,EAAE,MAAM,CAAC,EAAE;4BAC5C,QAAQ,EAAE,OAAO;yBAClB,CAAC,CAAC;oBACL,CAAC;oBAAC,MAAM,CAAC;wBACP,YAAY;oBACd,CAAC;gBACH,CAAC;YACH,CAAC;YAED,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAe;wBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAClB;4BACE,OAAO;4BACP,gBAAgB,EAAE,YAAY;4BAC9B,cAAc,EAAE,aAAa,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI;4BAC7C,OAAO,EAAE,MAAM,OAAO,iBAAiB;yBACxC,EACD,IAAI,EACJ,CAAC,CACF;qBACF;iBACF;aACF,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,OAAO;gBACL,OAAO,EAAE;oBACP;wBACE,IAAI,EAAE,MAAe;wBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;4BACnB,KAAK,EAAE,IAAI;4BACX,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;yBAChE,CAAC;qBACH;iBACF;gBACD,OAAO,EAAE,IAAI;aACd,CAAC;QACJ,CAAC;IACH,CAAC,CACF,CAAC;AACJ,CAAC"}

package/lib/server/utils/capability-gate.d.ts

@@ -0,0 +1,50 @@
+/**
+ * 角色类型
+ */
+type Role = "pm" | "组长" | "组员" | "worker";
+/**
+ * 受限工具名称
+ */
+type RestrictedTool = "task_create" | "task_transition_completed" | "task_transition_archived" | "task_cancel" | "subtask_create" | "subtask_dependency_graph" | "conflict_check" | "worktree_create" | "worktree_merge" | "worktree_cleanup";
+/**
+ * 角色权限矩阵（来自 architecture §7.1）
+ *
+ * true = 允许, false = 拒绝
+ */
+declare const CAPABILITY_MATRIX: Record<RestrictedTool, Record<Role, boolean>>;
+/**
+ * 校验角色是否有权调用指定工具
+ *
+ * ⚠️ 诚实的局限性说明（architecture §7.1）：
+ * - 角色来源：AI 在 Workflow 触发时自行解析用户输入并写入 Artifacts
+ * - 信任模型：MCP Server 信任 AI 传入的 role 参数，无法独立验证 AI 角色
+ * - 防护强度：可防止"无意越权"，无法防止"故意越权"
+ *
+ * @param role - 调用者角色（未提供时拒绝受限操作）
+ * @param toolName - 受限工具名称
+ * @returns null 表示通过，string 表示拒绝理由
+ */
+declare function checkCapability(role: string | undefined, toolName: RestrictedTool): string | null;
+/**
+ * 规范化角色名（支持多种写法）
+ */
+declare function normalizeRole(role: string): Role | null;
+/**
+ * 校验 Git ref 名称是否合法（防注入）
+ * @param ref - 分支名或标签名
+ * @returns true 表示合法
+ */
+declare function isValidGitRef(ref: string): boolean;
+/**
+ * 生成 Capability Gate 拒绝的标准 MCP 错误响应
+ */
+declare function capabilityError(rejectReason: string): {
+    content: {
+        type: "text";
+        text: string;
+    }[];
+    isError: boolean;
+};
+export type { Role, RestrictedTool };
+export { CAPABILITY_MATRIX, checkCapability, normalizeRole, isValidGitRef, capabilityError, };
+//# sourceMappingURL=capability-gate.d.ts.map

package/lib/server/utils/capability-gate.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"capability-gate.d.ts","sourceRoot":"","sources":["../../src/utils/capability-gate.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,KAAK,IAAI,GAAG,IAAI,GAAG,IAAI,GAAG,IAAI,GAAG,QAAQ,CAAC;AAE1C;;GAEG;AACH,KAAK,cAAc,GACf,aAAa,GACb,2BAA2B,GAC3B,0BAA0B,GAC1B,aAAa,GACb,gBAAgB,GAChB,0BAA0B,GAC1B,gBAAgB,GAChB,iBAAiB,GACjB,gBAAgB,GAChB,kBAAkB,CAAC;AAEvB;;;;GAIG;AACH,QAAA,MAAM,iBAAiB,EAAE,MAAM,CAAC,cAAc,EAAE,MAAM,CAAC,IAAI,EAAE,OAAO,CAAC,CA0BpE,CAAC;AAIF;;;;;;;;;;;GAWG;AACH,iBAAS,eAAe,CACtB,IAAI,EAAE,MAAM,GAAG,SAAS,EACxB,QAAQ,EAAE,cAAc,GACvB,MAAM,GAAG,IAAI,CAoCf;AAED;;GAEG;AACH,iBAAS,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,IAAI,GAAG,IAAI,CAkChD;AAED;;;;GAIG;AACH,iBAAS,aAAa,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAY3C;AAED;;GAEG;AACH,iBAAS,eAAe,CAAC,YAAY,EAAE,MAAM;;;;;;EAc5C;AAID,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,CAAC;AACrC,OAAO,EACL,iBAAiB,EACjB,eAAe,EACf,aAAa,EACb,aAAa,EACb,eAAe,GAChB,CAAC"}

package/lib/server/utils/capability-gate.js

@@ -0,0 +1,146 @@
+// ============ 类型定义 ============
+/**
+ * 角色权限矩阵（来自 architecture §7.1）
+ *
+ * true = 允许, false = 拒绝
+ */
+const CAPABILITY_MATRIX = {
+    task_create: { pm: true, 组长: false, 组员: false, worker: false },
+    task_transition_completed: {
+        pm: true,
+        组长: false,
+        组员: false,
+        worker: false,
+    },
+    task_transition_archived: {
+        pm: true,
+        组长: false,
+        组员: false,
+        worker: false,
+    },
+    task_cancel: { pm: true, 组长: false, 组员: false, worker: false },
+    subtask_create: { pm: false, 组长: true, 组员: false, worker: false },
+    subtask_dependency_graph: {
+        pm: true,
+        组长: true,
+        组员: false,
+        worker: false,
+    },
+    conflict_check: { pm: true, 组长: true, 组员: false, worker: false },
+    worktree_create: { pm: true, 组长: false, 组员: false, worker: false },
+    worktree_merge: { pm: true, 组长: false, 组员: false, worker: false },
+    worktree_cleanup: { pm: true, 组长: false, 组员: false, worker: false },
+};
+// ============ 校验函数 ============
+/**
+ * 校验角色是否有权调用指定工具
+ *
+ * ⚠️ 诚实的局限性说明（architecture §7.1）：
+ * - 角色来源：AI 在 Workflow 触发时自行解析用户输入并写入 Artifacts
+ * - 信任模型：MCP Server 信任 AI 传入的 role 参数，无法独立验证 AI 角色
+ * - 防护强度：可防止"无意越权"，无法防止"故意越权"
+ *
+ * @param role - 调用者角色（未提供时拒绝受限操作）
+ * @param toolName - 受限工具名称
+ * @returns null 表示通过，string 表示拒绝理由
+ */
+function checkCapability(role, toolName) {
+    // 受限工具必须提供角色参数
+    if (!role) {
+        return (`调用 ${toolName} 需要提供 role 参数。` +
+            "请在 Workflow 触发时传入角色标识（pm / 组长 / 组员 / worker）。" +
+            "（Capability Gate, architecture §7.1）");
+    }
+    // 规范化角色名
+    const normalizedRole = normalizeRole(role);
+    if (!normalizedRole) {
+        return `未识别的角色: "${role}"。合法角色: pm, 组长, 组员, worker`;
+    }
+    // 查询权限矩阵
+    const toolPermissions = CAPABILITY_MATRIX[toolName];
+    if (!toolPermissions) {
+        // 非受限工具，不做限制
+        return null;
+    }
+    if (!toolPermissions[normalizedRole]) {
+        const allowedRoles = Object.entries(toolPermissions)
+            .filter(([, allowed]) => allowed)
+            .map(([r]) => r);
+        return (`角色"${normalizedRole}"无权调用 ${toolName}。` +
+            ` 允许的角色: ${allowedRoles.join(", ")}。` +
+            "（Capability Gate, architecture §7.1）");
+    }
+    return null;
+}
+/**
+ * 规范化角色名（支持多种写法）
+ */
+function normalizeRole(role) {
+    const lower = role.toLowerCase().trim();
+    // PM 角色
+    if (lower === "pm" || lower === "项目经理" || lower === "project_manager") {
+        return "pm";
+    }
+    // 组长
+    if (lower === "组长" || lower === "leader" || lower === "team_lead") {
+        return "组长";
+    }
+    // 组员（支持 "组员", "组员A", "组员1" 等变体）
+    if (lower.startsWith("组员") ||
+        lower === "member" ||
+        lower === "team_member" ||
+        /^组员\d+$/.test(lower)) {
+        return "组员";
+    }
+    // Worker / 独立执行者
+    if (lower === "worker" ||
+        lower === "独立执行者" ||
+        lower === "执行者" ||
+        lower === "executor") {
+        return "worker";
+    }
+    return null;
+}
+/**
+ * 校验 Git ref 名称是否合法（防注入）
+ * @param ref - 分支名或标签名
+ * @returns true 表示合法
+ */
+function isValidGitRef(ref) {
+    // 禁止空字符串
+    if (!ref || ref.trim() === "")
+        return false;
+    // 禁止包含 shell 特殊字符
+    if (/[;&|`$(){}[\]!'"\\<>]/.test(ref))
+        return false;
+    // 禁止路径遍历
+    if (ref.includes(".."))
+        return false;
+    // 禁止以 - 开头（防止被解析为命令行参数）
+    if (ref.startsWith("-"))
+        return false;
+    // 禁止空格和控制字符
+    if (/[\s\x00-\x1f\x7f]/.test(ref))
+        return false;
+    return true;
+}
+/**
+ * 生成 Capability Gate 拒绝的标准 MCP 错误响应
+ */
+function capabilityError(rejectReason) {
+    return {
+        content: [
+            {
+                type: "text",
+                text: JSON.stringify({
+                    error: true,
+                    gate: "capability",
+                    message: rejectReason,
+                }),
+            },
+        ],
+        isError: true,
+    };
+}
+export { CAPABILITY_MATRIX, checkCapability, normalizeRole, isValidGitRef, capabilityError, };
+//# sourceMappingURL=capability-gate.js.map

package/lib/server/utils/capability-gate.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"capability-gate.js","sourceRoot":"","sources":["../../src/utils/capability-gate.ts"],"names":[],"mappings":"AAAA,iCAAiC;AAsBjC;;;;GAIG;AACH,MAAM,iBAAiB,GAAkD;IACvE,WAAW,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE;IAC9D,yBAAyB,EAAE;QACzB,EAAE,EAAE,IAAI;QACR,EAAE,EAAE,KAAK;QACT,EAAE,EAAE,KAAK;QACT,MAAM,EAAE,KAAK;KACd;IACD,wBAAwB,EAAE;QACxB,EAAE,EAAE,IAAI;QACR,EAAE,EAAE,KAAK;QACT,EAAE,EAAE,KAAK;QACT,MAAM,EAAE,KAAK;KACd;IACD,WAAW,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE;IAC9D,cAAc,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE;IACjE,wBAAwB,EAAE;QACxB,EAAE,EAAE,IAAI;QACR,EAAE,EAAE,IAAI;QACR,EAAE,EAAE,KAAK;QACT,MAAM,EAAE,KAAK;KACd;IACD,cAAc,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE;IAChE,eAAe,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE;IAClE,cAAc,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE;IACjE,gBAAgB,EAAE,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE;CACpE,CAAC;AAEF,iCAAiC;AAEjC;;;;;;;;;;;GAWG;AACH,SAAS,eAAe,CACtB,IAAwB,EACxB,QAAwB;IAExB,eAAe;IACf,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,CACL,MAAM,QAAQ,gBAAgB;YAC9B,+CAA+C;YAC/C,sCAAsC,CACvC,CAAC;IACJ,CAAC;IAED,SAAS;IACT,MAAM,cAAc,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC;IAC3C,IAAI,CAAC,cAAc,EAAE,CAAC;QACpB,OAAO,YAAY,IAAI,4BAA4B,CAAC;IACtD,CAAC;IAED,SAAS;IACT,MAAM,eAAe,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC;IACpD,IAAI,CAAC,eAAe,EAAE,CAAC;QACrB,aAAa;QACb,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC,eAAe,CAAC,cAAc,CAAC,EAAE,CAAC;QACrC,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,CAAC,eAAe,CAAC;aACjD,MAAM,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC;aAChC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC;QAEnB,OAAO,CACL,MAAM,cAAc,SAAS,QAAQ,GAAG;YACxC,WAAW,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG;YACrC,sCAAsC,CACvC,CAAC;IACJ,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,aAAa,CAAC,IAAY;IACjC,MAAM,KAAK,GAAG,IAAI,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,CAAC;IAExC,QAAQ;IACR,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,MAAM,IAAI,KAAK,KAAK,iBAAiB,EAAE,CAAC;QACtE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,KAAK;IACL,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,QAAQ,IAAI,KAAK,KAAK,WAAW,EAAE,CAAC;QAClE,OAAO,IAAI,CAAC;IACd,CAAC;IAED,gCAAgC;IAChC,IACE,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC;QACtB,KAAK,KAAK,QAAQ;QAClB,KAAK,KAAK,aAAa;QACvB,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,EACrB,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED,iBAAiB;IACjB,IACE,KAAK,KAAK,QAAQ;QAClB,KAAK,KAAK,OAAO;QACjB,KAAK,KAAK,KAAK;QACf,KAAK,KAAK,UAAU,EACpB,CAAC;QACD,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;;;GAIG;AACH,SAAS,aAAa,CAAC,GAAW;IAChC,SAAS;IACT,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,IAAI,EAAE,KAAK,EAAE;QAAE,OAAO,KAAK,CAAC;IAC5C,kBAAkB;IAClB,IAAI,uBAAuB,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IACpD,SAAS;IACT,IAAI,GAAG,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IACrC,wBAAwB;IACxB,IAAI,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IACtC,YAAY;IACZ,IAAI,mBAAmB,CAAC,IAAI,CAAC,GAAG,CAAC;QAAE,OAAO,KAAK,CAAC;IAChD,OAAO,IAAI,CAAC;AACd,CAAC;AAED;;GAEG;AACH,SAAS,eAAe,CAAC,YAAoB;IAC3C,OAAO;QACL,OAAO,EAAE;YACP;gBACE,IAAI,EAAE,MAAe;gBACrB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;oBACnB,KAAK,EAAE,IAAI;oBACX,IAAI,EAAE,YAAY;oBAClB,OAAO,EAAE,YAAY;iBACtB,CAAC;aACH;SACF;QACD,OAAO,EAAE,IAAI;KACd,CAAC;AACJ,CAAC;AAKD,OAAO,EACL,iBAAiB,EACjB,eAAe,EACf,aAAa,EACb,aAAa,EACb,eAAe,GAChB,CAAC"}

package/lib/server/utils/git-utils.d.ts

@@ -0,0 +1,33 @@
+/**
+ * Git commit 信息接口
+ */
+interface GitCommit {
+    hash: string;
+    message: string;
+    date: string;
+    author: string;
+}
+/**
+ * 获取当前 Git 分支名
+ * @returns 当前分支名，失败返回 'HEAD'
+ */
+declare function getGitBranch(): string;
+/**
+ * 获取 Git 状态（简短格式）
+ * @returns `git status --short` 输出，失败返回空字符串
+ */
+declare function getGitStatus(): string;
+/**
+ * 获取最近 N 条 commit 记录
+ * @param count - 获取的 commit 数量，默认为 10
+ * @returns commit 信息列表
+ */
+declare function getRecentCommits(count?: number): GitCommit[];
+/**
+ * 检查当前目录是否在 Git 仓库中
+ * @returns 是否在 Git 仓库中
+ */
+declare function isGitRepo(): boolean;
+export type { GitCommit };
+export { getGitBranch, getGitStatus, getRecentCommits, isGitRepo, };
+//# sourceMappingURL=git-utils.d.ts.map

package/lib/server/utils/git-utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"git-utils.d.ts","sourceRoot":"","sources":["../../src/utils/git-utils.ts"],"names":[],"mappings":"AAIA;;GAEG;AACH,UAAU,SAAS;IACjB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,MAAM,CAAC;IACb,MAAM,EAAE,MAAM,CAAC;CAChB;AAID;;;GAGG;AACH,iBAAS,YAAY,IAAI,MAAM,CAU9B;AAED;;;GAGG;AACH,iBAAS,YAAY,IAAI,MAAM,CAU9B;AAED;;;;GAIG;AACH,iBAAS,gBAAgB,CAAC,KAAK,GAAE,MAAW,GAAG,SAAS,EAAE,CA4BzD;AAED;;;GAGG;AACH,iBAAS,SAAS,IAAI,OAAO,CAU5B;AAID,YAAY,EAAE,SAAS,EAAE,CAAC;AAC1B,OAAO,EACL,YAAY,EACZ,YAAY,EACZ,gBAAgB,EAChB,SAAS,GACV,CAAC"}