npm - @jingyi0605/codingns - Versions diffs - 1.0.0-beta.2 → 1.0.0-beta.3 - Mend

@jingyi0605/codingns 1.0.0-beta.2 → 1.0.0-beta.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (75) hide show

package/dist/server/modules/sessions/session-live-runtime-service.d.ts CHANGED Viewed

@@ -99,6 +99,16 @@ export interface SessionRuntimeStatusView {
     updatedAt: string;
     watchdogTriggeredAt: string | null;
     contextUsage: ContextUsageSnapshot | null;
+    permissionStatus: SessionRuntimePermissionStatusView | null;
+}
+export interface SessionRuntimePermissionStatusView {
+    requestedPermissionMode: string | null;
+    effectivePermissionMode: "default" | "acceptEdits" | "bypassPermissions";
+    effectiveSandboxMode: "read-only" | "workspace-write" | "danger-full-access" | null;
+    effectiveApprovalPolicy: "never" | "cli-default" | null;
+    source: "codex-cli-default" | "codingns-override" | "provider-non-codex";
+    summary: string;
+    detail: string;
 }
 export interface InterruptSessionResult {
     sessionId: string;
@@ -221,6 +231,7 @@ export declare class SessionLiveRuntimeService {
     private readonly queueRetryTimers;
     private readonly pendingSendDebugTracesBySessionId;
     private readonly runtimePersistenceQueues;
+    private readonly sessionPermissionRuntimeStates;
     constructor(sessionHistoryService: SessionHistoryService, sessionMessageAttachmentService: SessionMessageAttachmentService, workspaceService: WorkspaceService, sessionChangedFileService: SessionChangedFileService, sessionBindingRepository: SessionBindingRepository, authUserRepository: AuthUserRepository, sessionSendQueueRepository: SessionSendQueueRepository, sessionIndexRepository: SessionIndexRepository, sessionStateRepository: SessionStateRepository, sessionStatusSnapshotRepository: SessionStatusSnapshotRepository, sessionProviderConfigService: SessionProviderConfigService, config: HostConfig, sessionActivityAuthorityService?: SessionActivityAuthorityService, openCliSessionPromptService?: OpenCliSessionPromptService | null, workspaceSessionRuntimeContextService?: Pick<WorkspaceSessionRuntimeContextService, "prepareWorkspaceInstructionBundle"> | null);
     startLiveSession(input: StartLiveSessionInput): Promise<LiveMessageAcceptedResult>;
     sendLiveMessage(input: SendLiveMessageInput): Promise<LiveMessageAcceptedResult>;
@@ -246,6 +257,9 @@ export declare class SessionLiveRuntimeService {
     private subscribeExternalRuntime;
     private emitExternalRuntimeEnvelope;
     private getLiveRuntimeSnapshot;
+    private resolveRequestedPermissionMode;
+    private rememberRequestedPermissionMode;
+    private logSessionPermissionStatus;
     private demoteDeadRuntimeSnapshot;
     private scheduleDeadRuntimeReconciliation;
     private reconcileDeadRuntimeSession;

package/dist/server/modules/sessions/session-live-runtime-service.js CHANGED Viewed

@@ -1,7 +1,8 @@
 import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
 import path from "node:path";
+import { fileURLToPath } from "node:url";
 import { performance } from "node:perf_hooks";
-import { ClaudeRuntimeAdapter, CodexRuntimeAdapter, GeminiRuntimeAdapter, KimiRuntimeAdapter, LegnaRuntimeAdapter, OpenCodeRuntimeAdapter, ProviderRuntimeService } from "@codingns/session-sync-core";
+import { ClaudeRuntimeAdapter, CodexRuntimeAdapter, GeminiRuntimeAdapter, KimiRuntimeAdapter, LegnaRuntimeAdapter, OpenCodeRuntimeAdapter, ProviderRuntimeService, resolveCodexPermissionResolution } from "@codingns/session-sync-core";
 import { AppError, isAppError } from "../../shared/errors/app-error.js";
 import { createId } from "../../shared/utils/id.js";
 import { isPerfDebugEnabled, logPerformance } from "../../shared/utils/perf-log.js";
@@ -17,6 +18,42 @@ import { ClaudeRuntimeHelperAdapter } from "./claude-runtime-helper-client.js";
 import { CodexAppServerHelperClient } from "./codex-app-server-helper-client.js";
 const OPENCODE_ORDER_DEBUG_ENABLED = /^(1|true|yes)$/i.test(process.env.CODINGNS_OPENCODE_ORDER_DEBUG?.trim() ?? "");
 const RUNTIME_EVENT_SQLITE_BUSY_RETRY_DELAYS_MS = [100, 250, 500, 1_000, 1_500, 2_000];
+function buildSessionRuntimePermissionStatus(input) {
+    if (input.provider !== "codex") {
+        return {
+            requestedPermissionMode: input.requestedPermissionMode,
+            effectivePermissionMode: "default",
+            effectiveSandboxMode: null,
+            effectiveApprovalPolicy: null,
+            source: "provider-non-codex",
+            summary: "当前 provider 不使用 Codex 沙箱权限映射。",
+            detail: "这份权限说明只对 Codex 会话生效，其他 provider 仍沿用各自的权限体系。"
+        };
+    }
+    const resolution = resolveCodexPermissionResolution(input.requestedPermissionMode);
+    if (resolution.effectivePermissionMode === "default") {
+        return {
+            requestedPermissionMode: input.requestedPermissionMode,
+            effectivePermissionMode: resolution.effectivePermissionMode,
+            effectiveSandboxMode: resolution.sandboxMode,
+            effectiveApprovalPolicy: resolution.approvalPolicy ? "never" : "cli-default",
+            source: "codex-cli-default",
+            summary: "当前会话跟随 Codex CLI 默认权限。",
+            detail: resolution.reasoning
+        };
+    }
+    return {
+        requestedPermissionMode: input.requestedPermissionMode,
+        effectivePermissionMode: resolution.effectivePermissionMode,
+        effectiveSandboxMode: resolution.sandboxMode,
+        effectiveApprovalPolicy: resolution.approvalPolicy ? "never" : "cli-default",
+        source: "codingns-override",
+        summary: resolution.effectivePermissionMode === "acceptEdits"
+            ? "当前会话已切到工作区可写权限。"
+            : "当前会话已切到完整权限。",
+        detail: resolution.reasoning
+    };
+}
 const RUNTIME_START_BINDING_WAIT_TIMEOUT_MS = 10_000;
 const START_BINDING_POLL_INTERVAL_MS = 50;
 const EXTERNAL_RUNTIME_INTERRUPT_SUPPRESSION_MS = 30_000;
@@ -51,6 +88,7 @@ export class SessionLiveRuntimeService {
     queueRetryTimers = new Map();
     pendingSendDebugTracesBySessionId = new Map();
     runtimePersistenceQueues = new Map();
+    sessionPermissionRuntimeStates = new Map();
     constructor(sessionHistoryService, sessionMessageAttachmentService, workspaceService, sessionChangedFileService, sessionBindingRepository, authUserRepository, sessionSendQueueRepository, sessionIndexRepository, sessionStateRepository, sessionStatusSnapshotRepository, sessionProviderConfigService, config, sessionActivityAuthorityService = new SessionActivityAuthorityService(), openCliSessionPromptService = null, workspaceSessionRuntimeContextService = null) {
         this.sessionHistoryService = sessionHistoryService;
         this.sessionMessageAttachmentService = sessionMessageAttachmentService;
@@ -90,6 +128,7 @@ export class SessionLiveRuntimeService {
             clientRequestId: input.clientRequestId
         });
         try {
+            this.rememberRequestedPermissionMode(sessionId, input.runtimeOptions?.permissionMode ?? null, "start_live");
             const capabilities = this.sessionHistoryService.getProviderCapabilitiesSnapshot(input.provider);
             const providerBinding = this.sessionProviderConfigService.prepareSessionBinding({
                 sessionId,
@@ -534,6 +573,12 @@ export class SessionLiveRuntimeService {
         this.maybeDispatchQueuedMessages(session);
         const capabilities = await this.sessionHistoryService.getSessionCapabilities(sessionId, userId);
         const contextUsage = await this.sessionHistoryService.getSessionContextUsage(sessionId).catch(() => null);
+        const requestedPermissionMode = this.resolveRequestedPermissionMode(sessionId);
+        const permissionStatus = buildSessionRuntimePermissionStatus({
+            provider: session.provider,
+            requestedPermissionMode
+        });
+        this.logSessionPermissionStatus(sessionId, session.provider, permissionStatus);
         const resolution = runtimeSnapshot
             ? this.sessionActivityAuthorityService.observe(createRuntimeActivityObservation(runtimeSessionId, runtimeSnapshot))
             : externalRuntimeSnapshot
@@ -562,7 +607,8 @@ export class SessionLiveRuntimeService {
                     : null,
                 updatedAt: resolution.updatedAt,
                 watchdogTriggeredAt: resolution.watchdogTriggeredAt,
-                contextUsage
+                contextUsage,
+                permissionStatus
             };
         }
         if (externalRuntimeSnapshot) {
@@ -584,7 +630,8 @@ export class SessionLiveRuntimeService {
                 errorDetail: resolution.runningState === "failed" ? resolution.detail ?? session.lastErrorDetail : null,
                 updatedAt: resolution.updatedAt,
                 watchdogTriggeredAt: resolution.watchdogTriggeredAt,
-                contextUsage
+                contextUsage,
+                permissionStatus
             };
         }
         const persistedErrorCode = resolution.runningState === "failed" ? resolution.errorCode ?? session.lastErrorCode : null;
@@ -607,7 +654,8 @@ export class SessionLiveRuntimeService {
             errorDetail: persistedErrorDetail,
             updatedAt: resolution.updatedAt,
             watchdogTriggeredAt: resolution.watchdogTriggeredAt,
-            contextUsage
+            contextUsage,
+            permissionStatus
         };
     }
     resolveLiveActivityObservation(sessionId) {
@@ -829,6 +877,48 @@ export class SessionLiveRuntimeService {
         }
         return snapshot;
     }
+    resolveRequestedPermissionMode(sessionId) {
+        const runtimeState = this.sessionPermissionRuntimeStates.get(sessionId);
+        if (runtimeState?.requestedPermissionMode?.trim()) {
+            return runtimeState.requestedPermissionMode.trim();
+        }
+        const queuedItems = this.sessionSendQueueRepository.listBySessionId(sessionId);
+        const dispatchingItem = queuedItems.find((item) => item.status === "dispatching");
+        if (dispatchingItem?.permissionMode?.trim()) {
+            return dispatchingItem.permissionMode.trim();
+        }
+        const latestPermissionItem = [...queuedItems]
+            .reverse()
+            .find((item) => item.permissionMode?.trim());
+        if (latestPermissionItem?.permissionMode?.trim()) {
+            return latestPermissionItem.permissionMode.trim();
+        }
+        return null;
+    }
+    rememberRequestedPermissionMode(sessionId, permissionMode, source) {
+        this.sessionPermissionRuntimeStates.set(sessionId, {
+            requestedPermissionMode: permissionMode?.trim() || null,
+            updatedAt: nowIso(),
+            source
+        });
+    }
+    logSessionPermissionStatus(sessionId, provider, permissionStatus) {
+        if (!permissionStatus) {
+            return;
+        }
+        const runtimeState = this.sessionPermissionRuntimeStates.get(sessionId);
+        logPermissionDebug("session_runtime.permission_status", {
+            sessionId,
+            provider,
+            requestedPermissionMode: permissionStatus.requestedPermissionMode,
+            effectivePermissionMode: permissionStatus.effectivePermissionMode,
+            effectiveSandboxMode: permissionStatus.effectiveSandboxMode,
+            effectiveApprovalPolicy: permissionStatus.effectiveApprovalPolicy,
+            source: permissionStatus.source,
+            runtimeStateSource: runtimeState?.source ?? null,
+            runtimeStateUpdatedAt: runtimeState?.updatedAt ?? null
+        });
+    }
     demoteDeadRuntimeSnapshot(snapshot) {
         const updatedAt = nowIso();
         for (const userId of this.authUserRepository.listIds()) {
@@ -1122,6 +1212,7 @@ export class SessionLiveRuntimeService {
         }
     }
     async startRuntimeRun(request, userId, mode, providerBinding) {
+        this.rememberRequestedPermissionMode(request.sessionId, request.options.permissionMode ?? null, "runtime_snapshot");
         this.runtimeMessageSeenSessions.delete(request.sessionId);
         this.runtimeHistoryFallbackSentSessions.delete(request.sessionId);
         this.clearExternalRuntimeInterruptSuppression(request.sessionId);
@@ -1160,6 +1251,7 @@ export class SessionLiveRuntimeService {
             clientRequestId: input.clientRequestId
         });
         try {
+            this.rememberRequestedPermissionMode(input.sessionId, input.runtimeOptions?.permissionMode ?? null, "send_live");
             const capabilities = await this.sessionHistoryService.getSessionCapabilities(input.sessionId, input.userId);
             const workspace = this.workspaceService.getWorkspaceOrThrow(session.workspaceId);
             const runtimeMode = shouldStartNativeSessionOnFirstMessage(session);
@@ -1396,6 +1488,7 @@ export class SessionLiveRuntimeService {
                 runtimeAttachments: restoredAttachments
             };
             try {
+                this.rememberRequestedPermissionMode(nextQueueItem.sessionId, nextQueueItem.permissionMode, "queue_dispatch");
                 await this.sendLiveMessageDirect({
                     sessionId: nextQueueItem.sessionId,
                     userId: nextQueueItem.userId,
@@ -3158,7 +3251,13 @@ function buildClaudeHookBridgeConfig(config, provider) {
     };
 }
 function resolveClaudeHookBridgeScriptPath() {
+    const currentFilePath = fileURLToPath(import.meta.url);
+    const currentDir = path.dirname(currentFilePath);
+    const packageRoot = path.resolve(currentDir, "..", "..", "..", "..");
+    const workspaceRoot = path.resolve(packageRoot, "..", "..", "..");
     const candidates = [
+        path.resolve(packageRoot, "scripts", "claude-hook-bridge.cjs"),
+        path.resolve(workspaceRoot, "scripts", "claude-hook-bridge.cjs"),
         path.resolve(process.cwd(), "scripts", "claude-hook-bridge.cjs"),
         path.resolve(process.cwd(), "..", "scripts", "claude-hook-bridge.cjs"),
         path.resolve(process.cwd(), "..", "..", "scripts", "claude-hook-bridge.cjs")