@ian2018cs/agenthub 0.1.61 → 0.1.63
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -2
- package/dist/assets/index-Bih5jXn3.js +162 -0
- package/dist/assets/index-DSfWrrLR.css +32 -0
- package/dist/assets/{vendor-icons-BSeZkdSJ.js → vendor-icons-D0W5CcE4.js} +91 -71
- package/dist/index.html +3 -3
- package/package.json +1 -1
- package/server/claude-sdk.js +48 -15
- package/server/database/db.js +69 -5
- package/server/routes/admin.js +187 -0
- package/server/routes/agents.js +98 -5
- package/server/routes/auth.js +21 -1
- package/server/services/feature-permissions.js +92 -0
- package/server/services/tool-guard/index.js +2 -0
- package/dist/assets/index-B65OoZ2-.js +0 -162
- package/dist/assets/index-BW9F1hzB.css +0 -32
|
@@ -0,0 +1,92 @@
|
|
|
1
|
+
import { settingsDb } from '../database/db.js';
|
|
2
|
+
|
|
3
|
+
/**
|
|
4
|
+
* 全量功能权限 key 及硬编码默认值
|
|
5
|
+
*/
|
|
6
|
+
export const ALL_FEATURE_PERMISSIONS = {
|
|
7
|
+
claude_shell: true, // Claude Code Shell 访问权限
|
|
8
|
+
codex_shell: true, // Codex Shell 访问权限
|
|
9
|
+
gemini_shell: true, // Gemini CLI Shell 访问权限
|
|
10
|
+
submit_agent: true, // 设置 > Agents > 提交 Agent
|
|
11
|
+
tab_models: true, // 设置 > Agent > 模型 tab
|
|
12
|
+
tab_skills: true, // 设置 > Agent > 技能 tab
|
|
13
|
+
tab_mcp: true, // 设置 > Agent > MCP 服务器 tab
|
|
14
|
+
tab_permissions: true, // 设置 > Agent > 权限设置 tab
|
|
15
|
+
feishu_binding: true, // 设置 > 账户 > 绑定飞书账号
|
|
16
|
+
create_project: true, // 侧边栏 > 新建项目
|
|
17
|
+
};
|
|
18
|
+
|
|
19
|
+
/**
|
|
20
|
+
* 权限中文标签
|
|
21
|
+
*/
|
|
22
|
+
export const PERMISSION_LABELS = {
|
|
23
|
+
claude_shell: 'Claude Code Shell',
|
|
24
|
+
codex_shell: 'Codex Shell',
|
|
25
|
+
gemini_shell: 'Gemini CLI Shell',
|
|
26
|
+
submit_agent: '提交 Agent',
|
|
27
|
+
tab_models: '模型设置',
|
|
28
|
+
tab_skills: '技能设置',
|
|
29
|
+
tab_mcp: 'MCP 服务器设置',
|
|
30
|
+
tab_permissions: '权限设置',
|
|
31
|
+
feishu_binding: '绑定飞书账号',
|
|
32
|
+
create_project: '新建项目',
|
|
33
|
+
};
|
|
34
|
+
|
|
35
|
+
/**
|
|
36
|
+
* 安全解析 JSON 字符串为权限对象,解析失败返回 null
|
|
37
|
+
*/
|
|
38
|
+
function parsePermissionsJson(jsonStr) {
|
|
39
|
+
if (!jsonStr) return null;
|
|
40
|
+
try {
|
|
41
|
+
const parsed = JSON.parse(jsonStr);
|
|
42
|
+
if (typeof parsed === 'object' && parsed !== null && !Array.isArray(parsed)) {
|
|
43
|
+
return parsed;
|
|
44
|
+
}
|
|
45
|
+
} catch (_) {
|
|
46
|
+
// ignore
|
|
47
|
+
}
|
|
48
|
+
return null;
|
|
49
|
+
}
|
|
50
|
+
|
|
51
|
+
/**
|
|
52
|
+
* 获取系统默认权限(admin UI 配置 → 环境变量 → 硬编码全 true)
|
|
53
|
+
*/
|
|
54
|
+
export function getDefaultPermissions() {
|
|
55
|
+
// 1. 先查 system_settings 表
|
|
56
|
+
const dbValue = settingsDb.get('default_feature_permissions');
|
|
57
|
+
const fromDb = parsePermissionsJson(dbValue);
|
|
58
|
+
if (fromDb) {
|
|
59
|
+
return { ...ALL_FEATURE_PERMISSIONS, ...fromDb };
|
|
60
|
+
}
|
|
61
|
+
|
|
62
|
+
// 2. 再查环境变量
|
|
63
|
+
const envValue = process.env.DEFAULT_FEATURE_PERMISSIONS;
|
|
64
|
+
const fromEnv = parsePermissionsJson(envValue);
|
|
65
|
+
if (fromEnv) {
|
|
66
|
+
return { ...ALL_FEATURE_PERMISSIONS, ...fromEnv };
|
|
67
|
+
}
|
|
68
|
+
|
|
69
|
+
// 3. 硬编码全 true
|
|
70
|
+
return { ...ALL_FEATURE_PERMISSIONS };
|
|
71
|
+
}
|
|
72
|
+
|
|
73
|
+
/**
|
|
74
|
+
* 解析用户最终权限
|
|
75
|
+
* @param {object} user - 用户对象,需包含 role 和 feature_permissions 字段
|
|
76
|
+
* @returns {object} 解析后的权限对象
|
|
77
|
+
*/
|
|
78
|
+
export function resolvePermissions(user) {
|
|
79
|
+
// admin / super_admin 始终全部权限
|
|
80
|
+
if (user.role === 'super_admin' || user.role === 'admin') {
|
|
81
|
+
return { ...ALL_FEATURE_PERMISSIONS };
|
|
82
|
+
}
|
|
83
|
+
|
|
84
|
+
// 用户个性化权限优先
|
|
85
|
+
const userPerms = parsePermissionsJson(user.feature_permissions);
|
|
86
|
+
if (userPerms) {
|
|
87
|
+
return { ...ALL_FEATURE_PERMISSIONS, ...userPerms };
|
|
88
|
+
}
|
|
89
|
+
|
|
90
|
+
// 回退到系统默认
|
|
91
|
+
return getDefaultPermissions();
|
|
92
|
+
}
|
|
@@ -78,6 +78,8 @@ export async function evaluate(toolName, input, { userUuid, cwd }) {
|
|
|
78
78
|
const rewrittenInput = rewriteClaudePaths(toolName, input, claudeDir);
|
|
79
79
|
const effectiveInput = rewrittenInput || input;
|
|
80
80
|
|
|
81
|
+
if (VERBOSE) console.log(`[ToolGuard] INPUT ${toolName}:`, JSON.stringify(effectiveInput));
|
|
82
|
+
|
|
81
83
|
if (rewrittenInput && VERBOSE) {
|
|
82
84
|
console.log(`[ToolGuard] PATH-REWRITE ${toolName}: .claude paths → ${claudeDir}`);
|
|
83
85
|
}
|