npm - @ian2018cs/agenthub - Versions diffs - 0.2.11 → 0.2.12 - Mend

@ian2018cs/agenthub 0.2.11 → 0.2.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/dist/assets/{index-C2Iik5Ac.js → index-CTsndL0V.js} +56 -56
package/dist/index.html +1 -1
package/package.json +1 -1
package/server/claude-sdk.js +5 -3
package/server/database/db.js +1 -1
package/server/index.js +7 -0
package/server/routes/mcp-proxy.js +166 -0
package/server/routes/mcp-repos.js +6 -3
package/server/routes/mcp.js +49 -1
package/server/routes/skill-suite.js +1 -4
package/server/services/system-agent-repo.js +2 -4
package/server/services/system-mcp-repo.js +2 -5
package/server/services/system-repo.js +2 -5
package/server/utils/aes-encrypt.js +45 -0
package/server/utils/mcp-proxy-header.js +39 -0
package/shared/brand.js +21 -0

package/dist/index.html CHANGED Viewed

@@ -25,7 +25,7 @@
     <!-- Prevent zoom on iOS -->
     <meta name="format-detection" content="telephone=no" />
-    <script type="module" crossorigin src="/assets/index-C2Iik5Ac.js"></script>
+    <script type="module" crossorigin src="/assets/index-CTsndL0V.js"></script>
     <link rel="modulepreload" crossorigin href="/assets/vendor-react-C_uEg43g.js">
     <link rel="modulepreload" crossorigin href="/assets/vendor-codemirror-B2saKA4-.js">
     <link rel="modulepreload" crossorigin href="/assets/vendor-utils-00TdZexr.js">

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@ian2018cs/agenthub",
-  "version": "0.2.11",
+  "version": "0.2.12",
   "description": "A web-based UI for AI Agents",
   "type": "module",
   "main": "server/index.js",

package/server/claude-sdk.js CHANGED Viewed

@@ -972,13 +972,15 @@ async function queryClaudeSDK(command, options = {}, ws) {
     // Clean up temporary image files on error
     await cleanupTempFiles(tempImagePaths, tempDir);
-    // Send error to WebSocket
+    // Send error to WebSocket — do NOT re-throw, as that would cause the
+    // outer catch in index.js to send a second `{type:'error'}` message.
+    // React 18 batching can merge both WS messages into one render cycle,
+    // causing the frontend to only process the unhandled `error` type and
+    // miss the `claude-error` that resets isLoading.
     mutableWriter.send({
       type: 'claude-error',
       error: error.message
     });
-    throw error;
   }
 }

package/server/database/db.js CHANGED Viewed

@@ -456,7 +456,7 @@ const userDb = {
   // Get user by ID
   getUserById: (userId) => {
     try {
-      const row = db.prepare('SELECT id, username, uuid, role, status, created_at, last_login FROM users WHERE id = ? AND is_active = 1').get(userId);
+      const row = db.prepare('SELECT id, username, email, uuid, role, status, created_at, last_login FROM users WHERE id = ? AND is_active = 1').get(userId);
       return row;
     } catch (err) {
       throw err;

package/server/index.js CHANGED Viewed

@@ -76,6 +76,7 @@ import builtinTools, {
 import authRoutes from './routes/auth.js';
 import mcpRoutes from './routes/mcp.js';
 import mcpUtilsRoutes from './routes/mcp-utils.js';
+import mcpProxyRoutes from './routes/mcp-proxy.js';
 import commandsRoutes from './routes/commands.js';
 import projectsRoutes from './routes/projects.js';
 import adminRoutes from './routes/admin.js';
@@ -471,6 +472,12 @@ wss.on('close', () => {
 });
 app.use(cors());
+// MCP reverse proxy must be mounted before body parsers so the raw request
+// stream is not consumed before the proxy can forward it to the upstream.
+// Identity is via x-proxy-user header; access is restricted to localhost only.
+app.use('/api/mcp-proxy', mcpProxyRoutes);
 app.use(express.json({
     limit: '50mb',
     type: (req) => {

package/server/routes/mcp-proxy.js ADDED Viewed

@@ -0,0 +1,166 @@
+/**
+ * MCP HTTP/SSE 反向代理路由
+ *
+ * 从请求 headers 读取目标 URL 和用户身份，AES 加密用户邮箱后注入到转发请求中。
+ * 仅允许本地（localhost）访问。
+ */
+import { Router } from 'express';
+import fetch from 'node-fetch';
+import { userDb } from '../database/db.js';
+import { encryptEmail, isProxyEnabled } from '../utils/aes-encrypt.js';
+import { PRODUCT_NAME } from '../../shared/brand.js';
+const router = Router();
+const TOKEN_HEADER = `x-${PRODUCT_NAME.toLowerCase()}-token`;
+// 仅允许本地访问的 IP 白名单
+const LOCALHOST_IPS = new Set(['127.0.0.1', '::1', '::ffff:127.0.0.1']);
+// 不转发给上游的 hop-by-hop / 内部 headers
+const SKIP_HEADERS = new Set([
+  'connection', 'keep-alive', 'host', 'authorization',
+  'proxy-authenticate', 'proxy-authorization',
+  'te', 'trailer', 'transfer-encoding', 'upgrade',
+  'x-proxy-user', 'x-proxy-target'
+]);
+async function handleProxy(req, res) {
+  // 1. 仅允许本地访问
+  if (!LOCALHOST_IPS.has(req.ip)) {
+    return res.status(403).json({ error: 'Proxy only accessible from localhost' });
+  }
+  // 2. 检查加密配置
+  if (!isProxyEnabled()) {
+    return res.status(503).json({ error: 'MCP proxy encryption not configured' });
+  }
+  // 3. 读取目标 URL
+  const proxyTarget = req.headers['x-proxy-target'];
+  if (!proxyTarget) {
+    return res.status(400).json({ error: 'Missing x-proxy-target header' });
+  }
+  // 4. 读取用户身份
+  const userUuid = req.headers['x-proxy-user'];
+  if (!userUuid) {
+    return res.status(401).json({ error: 'Missing x-proxy-user header' });
+  }
+  const user = userDb.getUserByUuid(userUuid);
+  if (!user?.email) {
+    return res.status(401).json({ error: 'Invalid user or missing email' });
+  }
+  // 5. AES 加密邮箱
+  let token;
+  try {
+    token = encryptEmail(user.email);
+  } catch (err) {
+    console.error('[MCP-Proxy] Encryption error:', err.message);
+    return res.status(503).json({ error: 'Proxy encryption failed' });
+  }
+  // 6. 构造目标 URL（追加 /api/mcp-proxy 之后的路径，避免多余尾部斜杠）
+  let targetUrl;
+  try {
+    const parsed = new URL(proxyTarget);
+    const remainingPath = req.params[0] || '';
+    if (remainingPath) {
+      // 拼接剩余路径，避免双斜杠
+      const basePath = parsed.pathname.replace(/\/$/, '');
+      const subPath = remainingPath.replace(/^\//, '');
+      parsed.pathname = `${basePath}/${subPath}`;
+    }
+    // 保留原始 query string
+    parsed.search = new URL(req.url, 'http://localhost').search;
+    targetUrl = parsed;
+  } catch (err) {
+    return res.status(400).json({ error: `Invalid proxy target URL: ${err.message}` });
+  }
+  // 7. 构造转发 headers
+  const forwardHeaders = {};
+  for (const [key, value] of Object.entries(req.headers)) {
+    if (!SKIP_HEADERS.has(key.toLowerCase())) {
+      forwardHeaders[key] = value;
+    }
+  }
+  forwardHeaders[TOKEN_HEADER] = token;
+  // console.log(`[MCP-Proxy] injected header: ${TOKEN_HEADER} = ${token}`);
+  // 8. 缓冲请求 body（避免 stream 在重定向时无法重用）
+  const isSSERequest = req.headers.accept?.includes('text/event-stream');
+  let requestBody = undefined;
+  if (!['GET', 'HEAD'].includes(req.method)) {
+    requestBody = await new Promise((resolve, reject) => {
+      const chunks = [];
+      req.on('data', chunk => chunks.push(chunk));
+      req.on('end', () => resolve(Buffer.concat(chunks)));
+      req.on('error', reject);
+    });
+  }
+  const startTime = Date.now();
+  try {
+    const upstreamRes = await fetch(targetUrl.toString(), {
+      method: req.method,
+      headers: forwardHeaders,
+      body: requestBody,
+      timeout: isSSERequest ? 0 : 30000,
+    });
+    const duration = Date.now() - startTime;
+    console.log(`[MCP-Proxy] ${req.method} → ${targetUrl.pathname} ${upstreamRes.status} ${duration}ms`);
+    // 9. 复制响应状态和 headers
+    res.status(upstreamRes.status);
+    const responseSkipHeaders = new Set(['connection', 'keep-alive', 'transfer-encoding']);
+    for (const [k, v] of upstreamRes.headers.entries()) {
+      if (!responseSkipHeaders.has(k.toLowerCase())) {
+        res.setHeader(k, v);
+      }
+    }
+    // 10. SSE 特殊处理
+    const isSSEResponse = upstreamRes.headers.get('content-type')?.includes('text/event-stream');
+    if (isSSEResponse) {
+      res.setHeader('Cache-Control', 'no-cache');
+      res.setHeader('Connection', 'keep-alive');
+      res.flushHeaders();
+    }
+    // 11. 流式管道转发（HTTP 和 SSE 统一处理）
+    upstreamRes.body.pipe(res);
+    req.on('close', () => {
+      upstreamRes.body.destroy();
+    });
+    upstreamRes.body.on('error', (err) => {
+      console.error('[MCP-Proxy] Upstream stream error:', err.message);
+      if (!res.headersSent) {
+        res.status(502).json({ error: 'Upstream stream error' });
+      } else {
+        res.end();
+      }
+    });
+  } catch (err) {
+    const duration = Date.now() - startTime;
+    console.error(`[MCP-Proxy] ${req.method} → ${targetUrl.pathname} FAILED ${duration}ms:`, err.message);
+    if (!res.headersSent) {
+      const status = err.type === 'request-timeout' ? 504 : 502;
+      const message = err.type === 'request-timeout'
+        ? 'Upstream timeout'
+        : `Failed to connect to upstream: ${err.message}`;
+      res.status(status).json({ error: message });
+    }
+  }
+}
+// 匹配 /api/mcp-proxy 和 /api/mcp-proxy/* 两种路径
+router.all('/', handleProxy);
+router.all('/*', handleProxy);
+export default router;

package/server/routes/mcp-repos.js CHANGED Viewed

@@ -5,6 +5,7 @@ import { spawn } from 'child_process';
 import { getUserPaths, getPublicPaths } from '../services/user-directories.js';
 import { SYSTEM_MCP_REPO_OWNER, SYSTEM_MCP_REPO_NAME } from '../services/system-mcp-repo.js';
 import { addToCodexConfig, removeFromCodexConfig } from '../services/codex-mcp.js';
+import { applyProxyConfig } from '../utils/mcp-proxy-header.js';
 const router = express.Router();
@@ -478,6 +479,8 @@ router.post('/install', async (req, res) => {
     // Install each server entry
     for (const [serverName, serverConfig] of Object.entries(mcpJson)) {
+      // Auto-inject MCP proxy config for http/sse types
+      const finalConfig = applyProxyConfig(serverConfig, userUuid);
       try {
         if (scope === 'local' && projectPath) {
           // Bypass Claude CLI for local scope: directly write to .claude.json projects[projectPath].mcpServers
@@ -492,11 +495,11 @@ router.post('/install', async (req, res) => {
           if (!claudeConfig.projects) claudeConfig.projects = {};
           if (!claudeConfig.projects[projectPath]) claudeConfig.projects[projectPath] = {};
           if (!claudeConfig.projects[projectPath].mcpServers) claudeConfig.projects[projectPath].mcpServers = {};
-          claudeConfig.projects[projectPath].mcpServers[serverName] = serverConfig;
+          claudeConfig.projects[projectPath].mcpServers[serverName] = finalConfig;
           await fs.writeFile(claudeJsonPath, JSON.stringify(claudeConfig, null, 2), 'utf-8');
           installedServers.push(serverName);
         } else {
-          await addMcpServerViaJson(serverName, serverConfig, scope, userPaths.claudeDir);
+          await addMcpServerViaJson(serverName, finalConfig, scope, userPaths.claudeDir);
           installedServers.push(serverName);
         }
       } catch (err) {
@@ -510,7 +513,7 @@ router.post('/install', async (req, res) => {
           } catch {
             claudeConfig = { hasCompletedOnboarding: true };
           }
-          claudeConfig.mcpServers = { ...(claudeConfig.mcpServers || {}), [serverName]: serverConfig };
+          claudeConfig.mcpServers = { ...(claudeConfig.mcpServers || {}), [serverName]: finalConfig };
           await fs.writeFile(claudeJsonPath, JSON.stringify(claudeConfig, null, 2), 'utf-8');
           installedServers.push(serverName);
         } catch (fallbackErr) {

package/server/routes/mcp.js CHANGED Viewed

@@ -5,6 +5,8 @@ import { fileURLToPath } from 'url';
 import { dirname } from 'path';
 import { getUserPaths } from '../services/user-directories.js';
 import { addToCodexConfig, removeFromCodexConfig } from '../services/codex-mcp.js';
+import { applyProxyConfig } from '../utils/mcp-proxy-header.js';
+import { isProxyEnabled } from '../utils/aes-encrypt.js';
 const router = express.Router();
 const __filename = fileURLToPath(import.meta.url);
@@ -93,6 +95,9 @@ router.post('/cli/add', async (req, res) => {
         serverEntry = { command, ...(args?.length ? { args } : {}), ...(Object.keys(env).length ? { env } : {}) };
       }
+      // Auto-inject MCP proxy config for http/sse types
+      serverEntry = applyProxyConfig(serverEntry, userUuid);
       if (!claudeConfig.projects) claudeConfig.projects = {};
       if (!claudeConfig.projects[projectPath]) claudeConfig.projects[projectPath] = {};
       if (!claudeConfig.projects[projectPath].mcpServers) claudeConfig.projects[projectPath].mcpServers = {};
@@ -105,6 +110,26 @@ router.post('/cli/add', async (req, res) => {
     const { spawn } = await import('child_process');
+    // For http/sse types with proxy enabled, bypass CLI and write directly to .claude.json
+    // (Claude CLI doesn't support custom proxy headers like x-proxy-target / x-proxy-user)
+    if ((type === 'http' || type === 'sse') && isProxyEnabled()) {
+      const claudeJsonPath = path.join(userPaths.claudeDir, '.claude.json');
+      let claudeConfig = {};
+      try {
+        claudeConfig = JSON.parse(await fs.readFile(claudeJsonPath, 'utf-8'));
+      } catch { /* start fresh if missing */ }
+      let serverEntry = { transport: type, url, ...(Object.keys(headers).length ? { headers } : {}) };
+      serverEntry = applyProxyConfig(serverEntry, userUuid);
+      if (!claudeConfig.mcpServers) claudeConfig.mcpServers = {};
+      claudeConfig.mcpServers[name] = serverEntry;
+      await fs.writeFile(claudeJsonPath, JSON.stringify(claudeConfig, null, 2), 'utf-8');
+      console.log(`[MCP] Wrote user-scoped MCP "${name}" with proxy config`);
+      return res.json({ success: true, message: `MCP server "${name}" added successfully` });
+    }
     let cliArgs = ['mcp', 'add', '--scope', scope];
     if (type === 'http') {
@@ -192,7 +217,7 @@ router.post('/cli/add-json', async (req, res) => {
       if (!claudeConfig.projects) claudeConfig.projects = {};
       if (!claudeConfig.projects[projectPath]) claudeConfig.projects[projectPath] = {};
       if (!claudeConfig.projects[projectPath].mcpServers) claudeConfig.projects[projectPath].mcpServers = {};
-      claudeConfig.projects[projectPath].mcpServers[name] = parsedConfig;
+      claudeConfig.projects[projectPath].mcpServers[name] = applyProxyConfig(parsedConfig, userUuid);
       await fs.writeFile(claudeJsonPath, JSON.stringify(claudeConfig, null, 2), 'utf-8');
       console.log(`[MCP] Wrote local-scoped MCP "${name}" (JSON) for project ${projectPath}`);
@@ -207,6 +232,29 @@ router.post('/cli/add-json', async (req, res) => {
     const { spawn } = await import('child_process');
+    // For http/sse types with proxy enabled, bypass CLI and write directly to .claude.json
+    if ((parsedConfig.type === 'http' || parsedConfig.type === 'sse') && isProxyEnabled()) {
+      const claudeJsonPath = path.join(userPaths.claudeDir, '.claude.json');
+      let claudeConfig = {};
+      try {
+        claudeConfig = JSON.parse(await fs.readFile(claudeJsonPath, 'utf-8'));
+      } catch { /* start fresh if missing */ }
+      const proxiedConfig = applyProxyConfig(parsedConfig, userUuid);
+      if (!claudeConfig.mcpServers) claudeConfig.mcpServers = {};
+      claudeConfig.mcpServers[name] = proxiedConfig;
+      await fs.writeFile(claudeJsonPath, JSON.stringify(claudeConfig, null, 2), 'utf-8');
+      console.log(`[MCP] Wrote user-scoped MCP "${name}" (JSON) with proxy config`);
+      const codexConfigPath = path.join(userPaths.codexHomeDir, '.codex', 'config.toml');
+      addToCodexConfig(codexConfigPath, { [name]: proxiedConfig }).catch(err =>
+        console.error('[MCP] Failed to sync to Codex config.toml:', err.message)
+      );
+      return res.json({ success: true, message: `MCP server "${name}" added successfully via JSON` });
+    }
     const cliArgs = ['mcp', 'add-json', '--scope', scope, name, JSON.stringify(parsedConfig)];
     console.log('🔧 Running Claude CLI command:', 'claude', cliArgs[0], cliArgs[1], cliArgs[2], cliArgs[3], cliArgs[4]);

package/server/routes/skill-suite.js CHANGED Viewed

@@ -3,6 +3,7 @@ import { promises as fs } from 'fs';
 import path from 'path';
 import { spawn, exec } from 'child_process';
 import { getUserPaths, getPublicPaths } from '../services/user-directories.js';
+import { LARK_CLI_REPO_URL, LARK_CLI_REPO_OWNER, LARK_CLI_REPO_NAME } from '../../shared/brand.js';
 const router = express.Router();
@@ -16,10 +17,6 @@ const LARK_CLI_SKILLS = [
   'lark-workflow-standup-report',
 ];
-const LARK_CLI_REPO_URL = 'https://github.com/larksuite/cli';
-const LARK_CLI_REPO_OWNER = 'larksuite';
-const LARK_CLI_REPO_NAME = 'cli';
 // ─── 认证策略表（便于未来扩展其他套装） ────────────────────────────────────
 const AUTH_STRATEGIES = {

package/server/services/system-agent-repo.js CHANGED Viewed

@@ -2,10 +2,8 @@ import { promises as fs } from 'fs';
 import path from 'path';
 import { spawn } from 'child_process';
 import { getPublicPaths } from './user-directories.js';
-export const SYSTEM_AGENT_REPO_URL = 'git@git.amberweather.com:mcp-server/hupoer-agents.git';
-export const SYSTEM_AGENT_REPO_OWNER = 'mcp-server';
-export const SYSTEM_AGENT_REPO_NAME = 'hupoer-agents';
+import { SYSTEM_AGENT_REPO_URL, SYSTEM_AGENT_REPO_OWNER, SYSTEM_AGENT_REPO_NAME } from '../../shared/brand.js';
+export { SYSTEM_AGENT_REPO_URL, SYSTEM_AGENT_REPO_OWNER, SYSTEM_AGENT_REPO_NAME };
 function runGit(args, cwd = null) {

package/server/services/system-mcp-repo.js CHANGED Viewed

@@ -2,10 +2,8 @@ import { promises as fs } from 'fs';
 import path from 'path';
 import { spawn } from 'child_process';
 import { getUserPaths, getPublicPaths } from './user-directories.js';
-const SYSTEM_MCP_REPO_URL = 'git@git.amberweather.com:mcp-server/hupoer-mcps.git';
-const SYSTEM_MCP_REPO_OWNER = 'mcp-server';
-const SYSTEM_MCP_REPO_NAME = 'hupoer-mcps';
+import { SYSTEM_MCP_REPO_URL, SYSTEM_MCP_REPO_OWNER, SYSTEM_MCP_REPO_NAME } from '../../shared/brand.js';
+export { SYSTEM_MCP_REPO_URL, SYSTEM_MCP_REPO_OWNER, SYSTEM_MCP_REPO_NAME };
 function runGit(args, cwd) {
   return new Promise((resolve, reject) => {
@@ -98,4 +96,3 @@ export async function initSystemMcpRepoForUser(userUuid) {
   }
 }
-export { SYSTEM_MCP_REPO_OWNER, SYSTEM_MCP_REPO_NAME, SYSTEM_MCP_REPO_URL };

package/server/services/system-repo.js CHANGED Viewed

@@ -2,10 +2,8 @@ import { promises as fs } from 'fs';
 import path from 'path';
 import { spawn } from 'child_process';
 import { getUserPaths, getPublicPaths } from './user-directories.js';
-const SYSTEM_REPO_URL = 'git@git.amberweather.com:mcp-server/hupoer-skills.git';
-const SYSTEM_REPO_OWNER = 'mcp-server';
-const SYSTEM_REPO_NAME = 'hupoer-skills';
+import { SYSTEM_REPO_URL, SYSTEM_REPO_OWNER, SYSTEM_REPO_NAME } from '../../shared/brand.js';
+export { SYSTEM_REPO_URL, SYSTEM_REPO_OWNER, SYSTEM_REPO_NAME };
 function runGit(args, cwd) {
   return new Promise((resolve, reject) => {
@@ -105,4 +103,3 @@ export async function initSystemRepoForUser(userUuid) {
   }
 }
-export { SYSTEM_REPO_OWNER, SYSTEM_REPO_NAME, SYSTEM_REPO_URL };

package/server/utils/aes-encrypt.js ADDED Viewed

@@ -0,0 +1,45 @@
+/**
+ * AES-256-CBC 加密工具
+ * 用于 MCP 反向代理，加密用户邮箱作为身份令牌。
+ *
+ * 算法：AES-256-CBC
+ * 密钥派生：crypto.scryptSync(AES_KEY, AES_SALT, 32)
+ * IV：每次随机 16 字节
+ * 输出：base64(iv_16bytes + ciphertext)
+ */
+import crypto from 'crypto';
+const AES_KEY = process.env.MCP_PROXY_AES_KEY || '';
+const AES_SALT = process.env.MCP_PROXY_AES_SALT || '';
+// 模块加载时一次性派生密钥
+let derivedKey = null;
+if (AES_KEY && AES_SALT) {
+  try {
+    derivedKey = crypto.scryptSync(AES_KEY, AES_SALT, 32);
+  } catch (err) {
+    console.error('[MCP-Proxy] Failed to derive AES key:', err.message);
+  }
+}
+/**
+ * 检查代理加密是否已配置（AES_KEY + AES_SALT 都存在）
+ */
+export function isProxyEnabled() {
+  return derivedKey !== null;
+}
+/**
+ * AES-256-CBC 加密用户邮箱
+ * @param {string} email - 用户邮箱明文
+ * @returns {string} base64(iv + ciphertext)
+ */
+export function encryptEmail(email) {
+  if (!derivedKey) {
+    throw new Error('MCP proxy encryption not configured (MCP_PROXY_AES_KEY and MCP_PROXY_AES_SALT required)');
+  }
+  const iv = crypto.randomBytes(16);
+  const cipher = crypto.createCipheriv('aes-256-cbc', derivedKey, iv);
+  const encrypted = Buffer.concat([cipher.update(email, 'utf8'), cipher.final()]);
+  return Buffer.concat([iv, encrypted]).toString('base64');
+}

package/server/utils/mcp-proxy-header.js ADDED Viewed

@@ -0,0 +1,39 @@
+/**
+ * MCP 代理配置注入
+ * 在安装 http/sse 类型 MCP 时，自动注入代理 headers 并替换 URL。
+ */
+import { isProxyEnabled } from './aes-encrypt.js';
+const PROXY_BASE_PATH = '/api/mcp-proxy';
+/**
+ * 如果代理已启用且配置是 http/sse 类型，自动注入代理 headers 并替换 URL。
+ * @param {object} serverConfig - MCP 服务器配置
+ * @param {string} userUuid - 用户 UUID
+ * @returns {object} 处理后的配置（可能是原样返回）
+ */
+export function applyProxyConfig(serverConfig, userUuid) {
+  if (!isProxyEnabled()) return serverConfig;
+  const type = serverConfig.type || serverConfig.transport;
+  if (type !== 'http' && type !== 'sse') return serverConfig;
+  const originalUrl = serverConfig.url;
+  if (!originalUrl) return serverConfig;
+  // 已经是代理地址的不重复处理
+  if (originalUrl.includes(PROXY_BASE_PATH)) return serverConfig;
+  const port = process.env.PORT || 3001;
+  const proxyUrl = `http://localhost:${port}${PROXY_BASE_PATH}`;
+  return {
+    ...serverConfig,
+    url: proxyUrl,
+    headers: {
+      ...(serverConfig.headers || {}),
+      'x-proxy-target': originalUrl,
+      'x-proxy-user': userUuid
+    }
+  };
+}

package/shared/brand.js CHANGED Viewed

@@ -31,6 +31,27 @@ export const CHAT_EXAMPLE_PROMPTS = [
 // 可选值: 'default'（默认模式）| 'acceptEdits'（接受编辑）| 'bypassPermissions'（跳过权限）| 'plan'（计划模式）
 export const DEFAULT_PERMISSION_MODE = 'default';
+// ─── 内置仓库地址 ─────────────────────────────────────────────────────────────
+// Skills 内置仓库
+export const SYSTEM_REPO_URL = 'git@git.amberweather.com:mcp-server/hupoer-skills.git';
+export const SYSTEM_REPO_OWNER = 'mcp-server';
+export const SYSTEM_REPO_NAME = 'hupoer-skills';
+// MCP 内置仓库
+export const SYSTEM_MCP_REPO_URL = 'git@git.amberweather.com:mcp-server/agenthub-mcps.git';
+export const SYSTEM_MCP_REPO_OWNER = 'mcp-server';
+export const SYSTEM_MCP_REPO_NAME = 'agenthub-mcps';
+// Agents 内置仓库
+export const SYSTEM_AGENT_REPO_URL = 'git@git.amberweather.com:mcp-server/agenthub-agents.git';
+export const SYSTEM_AGENT_REPO_OWNER = 'mcp-server';
+export const SYSTEM_AGENT_REPO_NAME = 'agenthub-agents';
+// Lark CLI 技能套装仓库
+export const LARK_CLI_REPO_URL = 'https://github.com/larksuite/cli';
+export const LARK_CLI_REPO_OWNER = 'larksuite';
+export const LARK_CLI_REPO_NAME = 'cli';
 // 飞书绑定引导文案（出现 3 次，统一成函数避免漂移）
 export const feishuBindingGuide = () =>
   `👋 你好！请先完成账号绑定：\n\n` +