@ian2018cs/agenthub 0.1.55 → 0.1.56

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ian2018cs/agenthub",
-  "version": "0.1.55",
+  "version": "0.1.56",
   "description": "A web-based UI for AI Agents",
   "type": "module",
   "main": "server/index.js",
@@ -19,13 +19,13 @@
     "dist/",
     "README.md"
   ],
-  "homepage": "https://github.com/IAn2018cs/claudecodeui",
+  "homepage": "https://github.com/IAn2018cs/AgentHub",
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/IAn2018cs/claudecodeui.git"
+    "url": "git+https://github.com/IAn2018cs/AgentHub.git"
   },
   "bugs": {
-    "url": "https://github.com/IAn2018cs/claudecodeui/issues"
+    "url": "https://github.com/IAn2018cs/AgentHub/issues"
   },
   "scripts": {
     "dev": "concurrently --kill-others \"npm run server\" \"npm run client\"",
@@ -34,8 +34,7 @@
     "build": "vite build",
     "preview": "vite preview",
     "start": "npm run build && npm run server",
-    "release": "./release.sh",
-    "setup-feishu-cards": "node scripts/setup-feishu-cards.mjs"
+    "release": "./release.sh"
   },
   "keywords": [
     "claude coode",
@@ -44,7 +43,7 @@
     "ui",
     "mobile"
   ],
-  "author": "Claude Code UI Contributors",
+  "author": "IAn2018cs",
   "license": "MIT",
   "publishConfig": {
     "registry": "https://registry.npmjs.org",

package/server/claude-sdk.js

@@ -205,10 +205,12 @@ function mapCliOptionsToSDK(options = {}) {
   console.log(`Using model: ${sdkOptions.model}`);
 
   // Map system prompt configuration
+  const baseAppend = 'You are an AI assistant running inside AgentHub, a platform that supports diverse work tasks beyond coding.';
+  const extraAppend = options.appendSystemPrompt ? `\n\n${options.appendSystemPrompt}` : '';
   sdkOptions.systemPrompt = {
     type: 'preset',
     preset: 'claude_code',  // Required to use CLAUDE.md
-    ...(options.appendSystemPrompt ? { append: options.appendSystemPrompt } : {}),
+    append: baseAppend + extraAppend,
   };
 
   // Map setting sources for CLAUDE.md loading

package/server/cli.js

@@ -135,9 +135,9 @@ function showStatus() {
 
     console.log('\n' + c.dim('═'.repeat(60)));
     console.log(`\n${c.tip('[TIP]')} Hints:`);
-    console.log(`      ${c.dim('>')} Use ${c.bright('cloudcli --port 8080')} to run on a custom port`);
-    console.log(`      ${c.dim('>')} Use ${c.bright('cloudcli --database-path /path/to/db')} for custom database`);
-    console.log(`      ${c.dim('>')} Run ${c.bright('cloudcli help')} for all options`);
+    console.log(`      ${c.dim('>')} Use ${c.bright('agenthub --port 8080')} to run on a custom port`);
+    console.log(`      ${c.dim('>')} Use ${c.bright('agenthub --database-path /path/to/db')} for custom database`);
+    console.log(`      ${c.dim('>')} Run ${c.bright('agenthub help')} for all options`);
     console.log(`      ${c.dim('>')} Access the UI at http://localhost:${process.env.PORT || '3001'}\n`);
 }
 
@@ -149,8 +149,7 @@ function showHelp() {
 ╚═══════════════════════════════════════════════════════════════╝
 
 Usage:
-  claude-code-ui [command] [options]
-  cloudcli [command] [options]
+  agenthub [command] [options]
 
 Commands:
   start                 Start the Claude Code UI server (default)
@@ -167,11 +166,11 @@ Options:
   -v, --version               Show version information
 
 Examples:
-  $ cloudcli                        # Start with defaults
-  $ cloudcli --port 8080            # Start on port 8080
-  $ cloudcli -p 3000                # Short form for port
-  $ cloudcli start --port 4000      # Explicit start command
-  $ cloudcli status                 # Show configuration
+  $ agenthub                        # Start with defaults
+  $ agenthub --port 8080            # Start on port 8080
+  $ agenthub -p 3000                # Short form for port
+  $ agenthub start --port 4000      # Explicit start command
+  $ agenthub status                 # Show configuration
 
 Environment Variables:
   PORT                Set server port (default: 3001)
@@ -180,10 +179,10 @@ Environment Variables:
   CONTEXT_WINDOW      Set context window size (default: 160000)
 
 Documentation:
-  ${packageJson.homepage || 'https://github.com/siteboon/claudecodeui'}
+  ${packageJson.homepage || 'https://github.com/IAn2018cs/AgentHub'}
 
 Report Issues:
-  ${packageJson.bugs?.url || 'https://github.com/siteboon/claudecodeui/issues'}
+  ${packageJson.bugs?.url || 'https://github.com/IAn2018cs/AgentHub/issues'}
 `);
 }
 
@@ -203,17 +202,49 @@ function isNewerVersion(v1, v2) {
     return false;
 }
 
+// Download a file with optional GitHub token auth, following redirects
+async function downloadWithAuth(url, destPath, token) {
+    const https = await import('https');
+    const fs = await import('fs');
+    return new Promise((resolve, reject) => {
+        const headers = { 'User-Agent': 'agenthub-cli' };
+        if (token) headers['Authorization'] = `Bearer ${token}`;
+        const download = (downloadUrl) => {
+            const req = https.get(downloadUrl, { headers }, (res) => {
+                if (res.statusCode === 301 || res.statusCode === 302) {
+                    download(res.headers.location);
+                    return;
+                }
+                if (res.statusCode !== 200) {
+                    reject(new Error(`HTTP ${res.statusCode}`));
+                    return;
+                }
+                const file = fs.createWriteStream(destPath);
+                res.pipe(file);
+                file.on('finish', () => file.close(resolve));
+                file.on('error', reject);
+            });
+            req.on('error', reject);
+            req.setTimeout(60000, () => { req.destroy(); reject(new Error('Download timeout')); });
+        };
+        download(url);
+    });
+}
+
 // Check for updates via GitHub Releases
 async function checkForUpdates(silent = false) {
     try {
         const https = await import('https');
-        const REPO = 'IAn2018cs/claudecodeui';
+        const REPO = 'IAn2018cs/AgentHub';
         const currentVersion = packageJson.version;
+        const githubToken = process.env.GITHUB_TOKEN;
+        const headers = { 'User-Agent': 'agenthub-cli' };
+        if (githubToken) headers['Authorization'] = `Bearer ${githubToken}`;
 
         const latestVersion = await new Promise((resolve, reject) => {
             const req = https.get(
                 `https://api.github.com/repos/${REPO}/releases/latest`,
-                { headers: { 'User-Agent': 'agenthub-cli' } },
+                { headers },
                 (res) => {
                     let data = '';
                     res.on('data', chunk => data += chunk);
@@ -270,15 +301,27 @@ async function updatePackage() {
 
         console.log(`${c.info('[INFO]')} Updating from ${currentVersion} to ${latestVersion}...`);
         const tgzName = `ian2018cs-agenthub-${latestVersion}.tgz`;
-        const url = `https://github.com/IAn2018cs/claudecodeui/releases/download/v${latestVersion}/${tgzName}`;
-        execSync(`npm install -g "${url}"`, { stdio: 'inherit' });
+        const url = `https://github.com/IAn2018cs/AgentHub/releases/download/v${latestVersion}/${tgzName}`;
+        const githubToken = process.env.GITHUB_TOKEN;
+        if (githubToken) {
+            const os = await import('os');
+            const path = await import('path');
+            const fsSync = await import('fs');
+            const tmpFile = path.join(os.tmpdir(), tgzName);
+            console.log(`${c.info('[INFO]')} Downloading with GitHub token...`);
+            await downloadWithAuth(url, tmpFile, githubToken);
+            execSync(`npm install -g "${tmpFile}"`, { stdio: 'inherit' });
+            fsSync.unlinkSync(tmpFile);
+        } else {
+            execSync(`npm install -g "${url}"`, { stdio: 'inherit' });
+        }
         console.log(`${c.ok('[OK]')} Update complete!`);
         console.log(`         Please restart the server to use the new version:`);
         console.log(`         - pm2: ${c.bright('pm2 restart agenthub')} or ${c.bright('./pm2.sh restart')}`);
         console.log(`         - manual: stop and run ${c.bright('agenthub')} again`);
     } catch (e) {
         console.error(`${c.error('[ERROR]')} Update failed: ${e.message}`);
-        console.log(`${c.tip('[TIP]')} Check releases: https://github.com/IAn2018cs/claudecodeui/releases`);
+        console.log(`${c.tip('[TIP]')} Check releases: https://github.com/IAn2018cs/AgentHub/releases`);
     }
 }
 
@@ -392,7 +435,7 @@ async function main() {
             break;
         default:
             console.error(`\n❌ Unknown command: ${command}`);
-            console.log('   Run "cloudcli help" for usage information.\n');
+            console.log('   Run "agenthub help" for usage information.\n');
             process.exit(1);
     }
 }

package/server/index.js

@@ -38,7 +38,6 @@ import os from 'os';
 import http from 'http';
 import cors from 'cors';
 import { promises as fsPromises } from 'fs';
-import { spawn } from 'child_process';
 import pty from 'node-pty';
 import fetch from 'node-fetch';
 import mime from 'mime-types';
@@ -225,19 +224,6 @@ const wss = new WebSocketServer({
     verifyClient: (info) => {
         console.log('WebSocket connection attempt to:', info.req.url);
 
-        // Platform mode: always allow connection
-        if (process.env.VITE_IS_PLATFORM === 'true') {
-            const user = authenticateWebSocket(null); // Will return first user
-            if (!user) {
-                console.log('[WARN] Platform mode: No user found in database');
-                return false;
-            }
-            info.req.user = user;
-            console.log('[OK] Platform mode WebSocket authenticated for user:', user.username);
-            return true;
-        }
-
-        // Normal mode: verify token
         // Extract token from query parameters or headers
         const url = new URL(info.req.url, 'http://localhost');
         const token = url.searchParams.get('token') ||
@@ -2359,7 +2345,7 @@ async function startServer() {
             console.log('');
             console.log(`${c.info('[INFO]')} Server URL:  ${c.bright('http://0.0.0.0:' + PORT)}`);
             console.log(`${c.info('[INFO]')} Installed at: ${c.dim(appInstallPath)}`);
-            console.log(`${c.tip('[TIP]')}  Run "cloudcli status" for full configuration details`);
+            console.log(`${c.tip('[TIP]')}  Run "agenthub status" for full configuration details`);
             console.log('');
 
             // Start usage scanner service

package/server/middleware/auth.js

@@ -20,22 +20,6 @@ const validateApiKey = (req, res, next) => {
 
 // JWT authentication middleware
 const authenticateToken = async (req, res, next) => {
-  // Platform mode:  use single database user
-  if (process.env.VITE_IS_PLATFORM === 'true') {
-    try {
-      const user = userDb.getFirstUser();
-      if (!user) {
-        return res.status(500).json({ error: 'Platform mode: No user found in database' });
-      }
-      req.user = user;
-      return next();
-    } catch (error) {
-      console.error('Platform mode error:', error);
-      return res.status(500).json({ error: 'Platform mode: Failed to fetch user' });
-    }
-  }
-
-  // Normal OSS JWT validation
   const authHeader = req.headers['authorization'];
   const token = authHeader && authHeader.split(' ')[1]; // Bearer TOKEN
 
@@ -88,21 +72,6 @@ const generateToken = (user) => {
 
 // WebSocket authentication function
 const authenticateWebSocket = (token) => {
-  // Platform mode: bypass token validation, return first user
-  if (process.env.VITE_IS_PLATFORM === 'true') {
-    try {
-      const user = userDb.getFirstUser();
-      if (user) {
-        return { userId: user.id, username: user.username };
-      }
-      return null;
-    } catch (error) {
-      console.error('Platform mode WebSocket error:', error);
-      return null;
-    }
-  }
-
-  // Normal OSS JWT validation
   if (!token) {
     return null;
   }

package/server/projects.js

@@ -888,7 +888,7 @@ async function addProjectManually(projectPath, displayName = null, userUuid) {
   }
 
   // Allow adding projects even if the directory exists - this enables tracking
-  // existing Claude Code or Cursor projects in the UI
+  // existing Claude Code projects in the UI
 
   const createdAt = new Date().toISOString();
 

package/server/services/feishu/command-handler.js

@@ -2,7 +2,7 @@
  * command-handler.js — 飞书斜杠命令处理
  *
  * 支持命令：
- *   /auth <token>        绑定 claudecodeui 账号
+ *   /auth <token>        绑定 agenthub 账号
  *   /unbind              解除绑定
  *   /new                 新建 Claude 会话
  *   /list                列出当前项目的会话

package/server/services/feishu/sdk-bridge.js

@@ -397,7 +397,7 @@ class FakeSendWriter {
  * @param {string} opts.messageId          原始消息 ID
  * @param {string} opts.content            用户输入文字
  * @param {Array|null} opts.images         图片附件（已转换为 data URI 格式）
- * @param {string} opts.userUuid           claudecodeui 用户 UUID
+ * @param {string} opts.userUuid           agenthub 用户 UUID
  * @param {Object} opts.state              feishu_session_state 行
  * @param {Object} opts.larkClient         LarkClient 实例
  * @param {Map}    opts.pendingApprovals   engine 共享的 pendingApprovals Map

package/server/services/tool-guard/llm-reviewer.js

@@ -73,7 +73,7 @@ function buildSystemPrompt(userUuid, allowedPrefixes, cwd) {
 2. 临时目录（/tmp/、/var/tmp/）必须使用用户 ID 子文件夹（/tmp/${userUuid}/）
 3. 不允许修改系统配置（nginx、docker、systemd、防火墙等）
 4. 不允许执行危险命令（sudo、kill 系统进程、rm -rf /、shutdown 等）
-5. 不允许全局安装包（npm -g、pip 非虚拟环境等），本地安装允许
+5. 不允许全局安装包（npm -g、pip 非虚拟环境、pip --user 等）；pip 必须在虚拟环境内执行（venv/bin/pip 或 .venv/bin/pip）
 6. 允许的操作：运行用户自己项目（node/npm/python）、本地安装依赖、git 操作、创建虚拟环境
 
 ## 判断原则

package/server/services/tool-guard/rules.js

@@ -8,7 +8,7 @@
  */
 
 import path from 'path';
-import { readFileSync, statSync } from 'fs';
+import { readFileSync, statSync, existsSync } from 'fs';
 
 // ─── 脚本内容审查模式（供 script-execution-guard 和 write-content-guard 复用）───
 
@@ -77,15 +77,27 @@ function checkSystemPortsInContent(content) {
  * 检查文本内容中的绝对路径是否越界（复用白名单逻辑）
  */
 function checkPathsInContent(content, context) {
+  // 去除注释行（# 开头的行），避免示例路径被误判
+  const nonCommentContent = content
+    .split('\n')
+    .filter(line => !/^\s*#/.test(line))
+    .join('\n');
+
   const pathPattern = /(?:^|\s|=|"|')(\/[^\s"'`;|&><){}$]+)/gm;
   let match;
-  while ((match = pathPattern.exec(content)) !== null) {
+  while ((match = pathPattern.exec(nonCommentContent)) !== null) {
     const resolvedPath = path.resolve(match[1]);
     // 安全路径跳过
     if (SAFE_SPECIAL_PATHS.includes(resolvedPath)) continue;
     if (SAFE_COMMAND_PATHS.some(prefix => resolvedPath.startsWith(prefix))) continue;
     if (isPathAllowed(resolvedPath, context)) continue;
     if (isInTempDir(resolvedPath, context)) continue;
+    // 占位符/示例路径跳过
+    if (PLACEHOLDER_PATH_PREFIXES.some(prefix => resolvedPath.startsWith(prefix))) continue;
+    // API 端点路径跳过（/v1/..., /api/... 等，不是文件系统路径）
+    if (API_PATH_PATTERN.test(resolvedPath)) continue;
+    // 路径在文件系统上不存在 → 不是真实文件（API 路径、变量占位符等），无法被访问
+    if (!existsSync(resolvedPath)) continue;
     return { denied: true, reason: `访问项目目录之外的路径: ${resolvedPath}` };
   }
   return { denied: false };
@@ -148,6 +160,12 @@ const SAFE_COMMAND_PATHS = ['/usr/bin/', '/usr/local/bin/', '/bin/', '/sbin/', '
 /** 安全的特殊路径 */
 const SAFE_SPECIAL_PATHS = ['/dev/null', '/dev/stdin', '/dev/stdout', '/dev/stderr', '/dev/zero', '/dev/urandom', '/dev/random'];
 
+/** 常见占位符路径前缀（示例/文档用途，不应被视为真实访问路径） */
+const PLACEHOLDER_PATH_PREFIXES = ['/path/to/', '/your/', '/example/', '/placeholder/'];
+
+/** API 路径模式：匹配 REST API 风格路径（如 /v1/images/generations），不是文件系统路径 */
+const API_PATH_PATTERN = /^\/(?:v\d+|api|graphql|rpc|rest|openapi|swagger)\//;
+
 /**
  * 检查单个文件路径的安全性
  * @returns {{ result: 'allow'|'deny'|'uncertain', reason?: string }}
@@ -430,9 +448,9 @@ const rules = [
         if (/venv\/bin\/pip|\.venv\/bin\/pip|virtualenv/.test(command)) {
           return { result: 'allow' };
         }
-        // 如果有 --user 标志，允许
+        // --user 仍然写入服务器宿主机 ~/.local/，多用户平台下污染共享环境
         if (/--user\b/.test(command)) {
-          return { result: 'allow' };
+          return { result: 'deny', reason: '不允许使用 pip install --user（会写入服务器共享的 ~/.local/），请在虚拟环境内安装' };
         }
         // 其他情况交给 LLM 判断
         return { result: 'uncertain', reason: 'pip install 可能在虚拟环境外执行，需要 LLM 审查' };