@kafca/agentdock 0.1.41 → 0.1.43
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +10 -0
- package/dist/renderer/assets/{Badge-BX3RC8l6.js → Badge-CbG6yRSm.js} +1 -1
- package/dist/renderer/assets/{Chat-DJwIciel.js → Chat-BvNNWGGX.js} +1 -1
- package/dist/renderer/assets/{ChatMarkdown-DfGbRR0S.js → ChatMarkdown-Ct-PvJB8.js} +1 -1
- package/dist/renderer/assets/{Config-2x2RDL3j.js → Config-lQX2qVVV.js} +2 -2
- package/dist/renderer/assets/CronList-Dj_3muVG.js +1 -0
- package/dist/renderer/assets/{Dashboard-2Wcx_bvJ.js → Dashboard-eh_RhGYb.js} +2 -2
- package/dist/renderer/assets/{EmptyState-DoCpF2tn.js → EmptyState-Bn2Qh14U.js} +1 -1
- package/dist/renderer/assets/{KnowledgeDetail-CBRu2bXX.js → KnowledgeDetail-Bsz6Ou41.js} +2 -2
- package/dist/renderer/assets/{KnowledgeHome-CItdlDVR.js → KnowledgeHome-Cgj4XFXn.js} +2 -2
- package/dist/renderer/assets/{Logs-Cd_7ZOXc.js → Logs-Dp-NF6GN.js} +1 -1
- package/dist/renderer/assets/{Modal-B4eOiBsB.js → Modal-B6YPPBN6.js} +1 -1
- package/dist/renderer/assets/MonitorList-xEZWg460.js +1 -0
- package/dist/renderer/assets/{Page-C5VH4D9U.js → Page-Bn7RjGOS.js} +1 -1
- package/dist/renderer/assets/{ProjectDetail-D_DA--IP.js → ProjectDetail-Cv_jIE61.js} +2 -2
- package/dist/renderer/assets/{ProjectList-CtCXJ50u.js → ProjectList-BDk5_gqY.js} +1 -1
- package/dist/renderer/assets/{Select-B6E68LcN.js → Select-xshfMIEQ.js} +1 -1
- package/dist/renderer/assets/SessionChat-BkHy90z3.js +1 -0
- package/dist/renderer/assets/{SessionList-Do-5-Xx6.js → SessionList-BZyXT92L.js} +1 -1
- package/dist/renderer/assets/{ThreadChat-B1tEtE3V.js → ThreadChat-DUOIyXrS.js} +7 -7
- package/dist/renderer/assets/{Workspace-BlhS2RFw.js → Workspace-Dl80fNEC.js} +1 -1
- package/dist/renderer/assets/{arrow-left-DF1_F9Pk.js → arrow-left-C54ZI-AS.js} +1 -1
- package/dist/renderer/assets/{book-open-DxRTGpWO.js → book-open-Dl7GO0zn.js} +1 -1
- package/dist/renderer/assets/{check-BAqPPYkf.js → check-CiqgtrOL.js} +1 -1
- package/dist/renderer/assets/{chevron-down-DIZZgSb3.js → chevron-down-DTL2OuVh.js} +1 -1
- package/dist/renderer/assets/{circle-B5raL_XK.js → circle-DaVKfa3P.js} +1 -1
- package/dist/renderer/assets/desktop-C6q6wBae.js +5 -0
- package/dist/renderer/assets/desktop-jaAiayNB.js +1 -0
- package/dist/renderer/assets/en-D2SkCrhG.js +1 -0
- package/dist/renderer/assets/{funnel-BPjLpVSB.js → funnel-CrmnLMJI.js} +1 -1
- package/dist/renderer/assets/{heart-D2M1xN1N.js → heart-BMfQI7y_.js} +1 -1
- package/dist/renderer/assets/{index-Cx71F_Lz.js → index-HPNb1zfx.js} +39 -34
- package/dist/renderer/assets/{index-BijJAYmo.js → index-nreiKY1f.js} +3 -3
- package/dist/renderer/assets/{pencil-DlDr8Mmp.js → pencil-wTQ4l465.js} +1 -1
- package/dist/renderer/assets/{play-BOEG_mY8.js → play-BK--MXmw.js} +1 -1
- package/dist/renderer/assets/{plug-BI27elC-.js → plug-BIx9fjip.js} +1 -1
- package/dist/renderer/assets/{plus-BhURuFIQ.js → plus-Dn7JFWQ8.js} +1 -1
- package/dist/renderer/assets/projects-brJZgwEJ.js +1 -0
- package/dist/renderer/assets/{save-RwkHNm9e.js → save-CC3zOSWb.js} +1 -1
- package/dist/renderer/assets/{search-DMNtm2WP.js → search-CDTy9Czu.js} +1 -1
- package/dist/renderer/assets/{server-CNaxKyAq.js → server-DtQk3t2a.js} +1 -1
- package/dist/renderer/assets/{session-utils-vsALZkZN.js → session-utils-4ep5D66T.js} +1 -1
- package/dist/renderer/assets/{sessions-BY-R1IL_.js → sessions-Dor1LteH.js} +1 -1
- package/dist/renderer/assets/{shield-check-BF-4oJbj.js → shield-check-Cz2LpU6r.js} +1 -1
- package/dist/renderer/assets/{trash-2-DduflM4q.js → trash-2-C2EmWFZV.js} +1 -1
- package/dist/renderer/assets/{user-DBcvnuW4.js → user-I8B-cs5A.js} +1 -1
- package/dist/renderer/assets/{wifi-off-X1nXESYu.js → wifi-off-CPevTQJn.js} +1 -1
- package/dist/renderer/assets/zh-DIcdHycM.js +1 -0
- package/dist/renderer/index.html +1 -1
- package/dist-electron/packages/contracts/src/local-core.js +28 -0
- package/dist-electron/packages/core-sdk/src/index.js +32 -0
- package/dist-electron/services/local-ai-core/src/acp/local-core-acp-backend.js +76 -39
- package/dist-electron/services/local-ai-core/src/acp/local-core-acp-session-coordinator.js +13 -0
- package/dist-electron/services/local-ai-core/src/acp/local-core-acp-store.js +4 -1357
- package/dist-electron/services/local-ai-core/src/acp/local-core-slash-commands.js +28 -0
- package/dist-electron/services/local-ai-core/src/acp/store/agent-task-store.js +166 -0
- package/dist-electron/services/local-ai-core/src/acp/store/automation-monitor-store.js +231 -0
- package/dist-electron/services/local-ai-core/src/acp/store/local-core-acp-store.js +263 -0
- package/dist-electron/services/local-ai-core/src/acp/store/platform-store.js +186 -0
- package/dist-electron/services/local-ai-core/src/acp/store/scheduler-store.js +201 -0
- package/dist-electron/services/local-ai-core/src/acp/store/schema.js +275 -0
- package/dist-electron/services/local-ai-core/src/acp/store/security-store.js +266 -0
- package/dist-electron/services/local-ai-core/src/acp/store/thread-store.js +232 -0
- package/dist-electron/services/local-ai-core/src/acp/store/utils.js +47 -0
- package/dist-electron/services/local-ai-core/src/acp/store/workspace-registry-store.js +109 -0
- package/dist-electron/services/local-ai-core/src/automation/automation-conversation-executor.js +136 -0
- package/dist-electron/services/local-ai-core/src/automation/automation-monitor-repository.js +56 -0
- package/dist-electron/services/local-ai-core/src/automation/automation-monitor-service.js +359 -0
- package/dist-electron/services/local-ai-core/src/automation/condition-evaluator.js +77 -0
- package/dist-electron/services/local-ai-core/src/automation/mock-stock-provider.js +40 -0
- package/dist-electron/services/local-ai-core/src/automation/monitor-id.js +10 -0
- package/dist-electron/services/local-ai-core/src/channel/lark/cards.js +55 -0
- package/dist-electron/services/local-ai-core/src/channel/lark/local-core-lark-gateway.js +101 -29
- package/dist-electron/services/local-ai-core/src/channel/shared/session-command-runtime.js +53 -0
- package/dist-electron/services/local-ai-core/src/channel/weixin/local-core-weixin-gateway.js +51 -33
- package/dist-electron/services/local-ai-core/src/cli/lac.js +196 -0
- package/dist-electron/services/local-ai-core/src/cli/monitor-cli-parsers.js +37 -0
- package/dist-electron/services/local-ai-core/src/kernel/bootstrap.js +43 -0
- package/dist-electron/services/local-ai-core/src/kernel/capability-registry.js +12 -0
- package/dist-electron/services/local-ai-core/src/plugins/builtin/monitor-stock-plugin.js +30 -0
- package/dist-electron/services/local-ai-core/src/router/workspace-router.js +40 -4
- package/dist-electron/services/local-ai-core/src/runtime/local-core-controller.js +41 -0
- package/dist-electron/services/local-ai-core/src/runtime/server-routes.js +31 -0
- package/dist-electron/services/local-ai-core/src/runtime/server.js +36 -0
- package/dist-electron/services/local-ai-core/src/scheduler/scheduled-bridge-session.js +25 -11
- package/dist-electron/services/local-ai-core/src/thread/session-command-service.js +275 -0
- package/dist-electron/services/local-ai-core/src/thread/slash-command-registry.js +27 -0
- package/dist-electron/services/local-ai-core/src/thread/thread-command-service.js +134 -0
- package/dist-electron/shared/desktop.js +21 -1
- package/dist-electron/tests/contracts/local-core-contracts.test.js +9 -0
- package/dist-electron/tests/electron/automation-monitor.test.js +38 -0
- package/dist-electron/tests/electron/lac-cli.test.js +146 -0
- package/dist-electron/tests/electron/plugin-kernel.test.js +26 -0
- package/dist-electron/tests/integration/local-core-refactor.test.js +359 -0
- package/package.json +1 -1
- package/dist/renderer/assets/CronList-C6nPAmEo.js +0 -1
- package/dist/renderer/assets/SessionChat-D1HtMdQS.js +0 -1
- package/dist/renderer/assets/desktop-CFcnzwcY.js +0 -1
- package/dist/renderer/assets/desktop-O8_6ZCVZ.js +0 -4
- package/dist/renderer/assets/en-CKhCF6St.js +0 -1
- package/dist/renderer/assets/projects-DpR972HM.js +0 -1
- package/dist/renderer/assets/zh-Dz5FLTBV.js +0 -1
|
@@ -0,0 +1,275 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.ensureLocalCoreAcpSchema = ensureLocalCoreAcpSchema;
|
|
4
|
+
function ensureLocalCoreAcpSchema(db) {
|
|
5
|
+
db.exec(`
|
|
6
|
+
PRAGMA foreign_keys = ON;
|
|
7
|
+
CREATE TABLE IF NOT EXISTS threads (
|
|
8
|
+
id TEXT PRIMARY KEY,
|
|
9
|
+
workspace_id TEXT NOT NULL,
|
|
10
|
+
session_id TEXT NOT NULL,
|
|
11
|
+
bridge_session_key TEXT NOT NULL,
|
|
12
|
+
title TEXT NOT NULL,
|
|
13
|
+
agent_type TEXT NOT NULL,
|
|
14
|
+
created_at TEXT NOT NULL,
|
|
15
|
+
updated_at TEXT NOT NULL,
|
|
16
|
+
history_count INTEGER NOT NULL DEFAULT 0,
|
|
17
|
+
excerpt TEXT NOT NULL DEFAULT '',
|
|
18
|
+
acp_session_id TEXT,
|
|
19
|
+
acp_supports_load INTEGER NOT NULL DEFAULT 0,
|
|
20
|
+
agent_mode TEXT NOT NULL DEFAULT 'default'
|
|
21
|
+
);
|
|
22
|
+
CREATE INDEX IF NOT EXISTS idx_threads_workspace_updated ON threads (workspace_id, updated_at DESC);
|
|
23
|
+
CREATE TABLE IF NOT EXISTS messages (
|
|
24
|
+
id TEXT PRIMARY KEY,
|
|
25
|
+
thread_id TEXT NOT NULL,
|
|
26
|
+
role TEXT NOT NULL,
|
|
27
|
+
content TEXT NOT NULL,
|
|
28
|
+
tool_call_json TEXT,
|
|
29
|
+
bridge_kind TEXT,
|
|
30
|
+
bridge_status TEXT,
|
|
31
|
+
timestamp TEXT NOT NULL,
|
|
32
|
+
kind TEXT NOT NULL,
|
|
33
|
+
seq INTEGER NOT NULL,
|
|
34
|
+
FOREIGN KEY (thread_id) REFERENCES threads(id) ON DELETE CASCADE
|
|
35
|
+
);
|
|
36
|
+
CREATE INDEX IF NOT EXISTS idx_messages_thread_seq ON messages (thread_id, seq ASC);
|
|
37
|
+
CREATE TABLE IF NOT EXISTS runs (
|
|
38
|
+
id TEXT PRIMARY KEY,
|
|
39
|
+
thread_id TEXT NOT NULL,
|
|
40
|
+
status TEXT NOT NULL,
|
|
41
|
+
started_at TEXT NOT NULL,
|
|
42
|
+
updated_at TEXT NOT NULL,
|
|
43
|
+
FOREIGN KEY (thread_id) REFERENCES threads(id) ON DELETE CASCADE
|
|
44
|
+
);
|
|
45
|
+
CREATE INDEX IF NOT EXISTS idx_runs_thread_updated ON runs (thread_id, updated_at DESC);
|
|
46
|
+
CREATE TABLE IF NOT EXISTS platform_pairings (
|
|
47
|
+
code TEXT PRIMARY KEY,
|
|
48
|
+
workspace_id TEXT NOT NULL,
|
|
49
|
+
platform TEXT NOT NULL,
|
|
50
|
+
platform_user_id TEXT NOT NULL,
|
|
51
|
+
chat_id TEXT NOT NULL,
|
|
52
|
+
display_name TEXT NOT NULL,
|
|
53
|
+
requested_at TEXT NOT NULL,
|
|
54
|
+
expires_at TEXT NOT NULL,
|
|
55
|
+
status TEXT NOT NULL
|
|
56
|
+
);
|
|
57
|
+
CREATE INDEX IF NOT EXISTS idx_platform_pairings_workspace_status ON platform_pairings (workspace_id, status, expires_at DESC);
|
|
58
|
+
CREATE TABLE IF NOT EXISTS platform_users (
|
|
59
|
+
id TEXT PRIMARY KEY,
|
|
60
|
+
workspace_id TEXT NOT NULL,
|
|
61
|
+
platform TEXT NOT NULL,
|
|
62
|
+
platform_user_id TEXT NOT NULL,
|
|
63
|
+
chat_id TEXT NOT NULL,
|
|
64
|
+
display_name TEXT NOT NULL,
|
|
65
|
+
thread_id TEXT,
|
|
66
|
+
authorized_at TEXT NOT NULL,
|
|
67
|
+
UNIQUE(workspace_id, platform, platform_user_id)
|
|
68
|
+
);
|
|
69
|
+
CREATE INDEX IF NOT EXISTS idx_platform_users_workspace_platform ON platform_users (workspace_id, platform);
|
|
70
|
+
CREATE TABLE IF NOT EXISTS platform_thread_bindings (
|
|
71
|
+
workspace_id TEXT NOT NULL,
|
|
72
|
+
platform TEXT NOT NULL,
|
|
73
|
+
chat_id TEXT NOT NULL,
|
|
74
|
+
platform_user_id TEXT NOT NULL,
|
|
75
|
+
thread_id TEXT NOT NULL,
|
|
76
|
+
last_platform_message_id TEXT,
|
|
77
|
+
created_at TEXT NOT NULL,
|
|
78
|
+
updated_at TEXT NOT NULL,
|
|
79
|
+
PRIMARY KEY (workspace_id, platform, chat_id, platform_user_id)
|
|
80
|
+
);
|
|
81
|
+
CREATE INDEX IF NOT EXISTS idx_platform_thread_bindings_thread ON platform_thread_bindings (thread_id);
|
|
82
|
+
CREATE TABLE IF NOT EXISTS scheduled_jobs (
|
|
83
|
+
id TEXT PRIMARY KEY,
|
|
84
|
+
workspace_id TEXT NOT NULL,
|
|
85
|
+
platform TEXT NOT NULL,
|
|
86
|
+
route_type TEXT NOT NULL,
|
|
87
|
+
route_config TEXT NOT NULL,
|
|
88
|
+
execution_mode TEXT NOT NULL DEFAULT 'same-thread',
|
|
89
|
+
trigger_type TEXT NOT NULL,
|
|
90
|
+
cron_expr TEXT,
|
|
91
|
+
run_at TEXT,
|
|
92
|
+
prompt_template TEXT NOT NULL,
|
|
93
|
+
description TEXT NOT NULL DEFAULT '',
|
|
94
|
+
enabled INTEGER NOT NULL DEFAULT 1,
|
|
95
|
+
concurrency_policy TEXT NOT NULL DEFAULT 'skip_if_running',
|
|
96
|
+
created_at TEXT NOT NULL,
|
|
97
|
+
updated_at TEXT NOT NULL,
|
|
98
|
+
last_run_at TEXT,
|
|
99
|
+
last_status TEXT,
|
|
100
|
+
last_error TEXT
|
|
101
|
+
);
|
|
102
|
+
CREATE INDEX IF NOT EXISTS idx_scheduled_jobs_workspace_updated ON scheduled_jobs (workspace_id, updated_at DESC);
|
|
103
|
+
CREATE INDEX IF NOT EXISTS idx_scheduled_jobs_enabled ON scheduled_jobs (enabled, trigger_type, run_at);
|
|
104
|
+
CREATE TABLE IF NOT EXISTS scheduled_job_runs (
|
|
105
|
+
id TEXT PRIMARY KEY,
|
|
106
|
+
job_id TEXT NOT NULL,
|
|
107
|
+
status TEXT NOT NULL,
|
|
108
|
+
triggered_at TEXT NOT NULL,
|
|
109
|
+
started_at TEXT,
|
|
110
|
+
finished_at TEXT,
|
|
111
|
+
error TEXT,
|
|
112
|
+
thread_id TEXT,
|
|
113
|
+
run_id TEXT,
|
|
114
|
+
platform_message_id TEXT,
|
|
115
|
+
platform_message_ids_json TEXT,
|
|
116
|
+
delivery_mode TEXT,
|
|
117
|
+
delivery_status TEXT,
|
|
118
|
+
delivery_error TEXT,
|
|
119
|
+
last_bridge_event_at TEXT,
|
|
120
|
+
FOREIGN KEY (job_id) REFERENCES scheduled_jobs(id) ON DELETE CASCADE
|
|
121
|
+
);
|
|
122
|
+
CREATE INDEX IF NOT EXISTS idx_scheduled_job_runs_job_triggered ON scheduled_job_runs (job_id, triggered_at DESC);
|
|
123
|
+
CREATE TABLE IF NOT EXISTS automation_monitors (
|
|
124
|
+
id TEXT PRIMARY KEY,
|
|
125
|
+
workspace_id TEXT NOT NULL,
|
|
126
|
+
title TEXT NOT NULL,
|
|
127
|
+
source_type TEXT NOT NULL,
|
|
128
|
+
source_config_json TEXT NOT NULL DEFAULT '{}',
|
|
129
|
+
condition_json TEXT NOT NULL,
|
|
130
|
+
prompt_template TEXT NOT NULL,
|
|
131
|
+
platform TEXT NOT NULL,
|
|
132
|
+
route_type TEXT NOT NULL,
|
|
133
|
+
route_config TEXT NOT NULL,
|
|
134
|
+
execution_mode TEXT NOT NULL DEFAULT 'side-thread',
|
|
135
|
+
enabled INTEGER NOT NULL DEFAULT 1,
|
|
136
|
+
cooldown_ms INTEGER NOT NULL DEFAULT 900000,
|
|
137
|
+
concurrency_policy TEXT NOT NULL DEFAULT 'skip_if_running',
|
|
138
|
+
last_state_json TEXT,
|
|
139
|
+
created_at TEXT NOT NULL,
|
|
140
|
+
updated_at TEXT NOT NULL,
|
|
141
|
+
last_triggered_at TEXT,
|
|
142
|
+
last_status TEXT,
|
|
143
|
+
last_error TEXT
|
|
144
|
+
);
|
|
145
|
+
CREATE INDEX IF NOT EXISTS idx_automation_monitors_workspace_updated ON automation_monitors (workspace_id, updated_at DESC);
|
|
146
|
+
CREATE INDEX IF NOT EXISTS idx_automation_monitors_enabled ON automation_monitors (enabled, source_type);
|
|
147
|
+
CREATE TABLE IF NOT EXISTS automation_monitor_runs (
|
|
148
|
+
id TEXT PRIMARY KEY,
|
|
149
|
+
monitor_id TEXT NOT NULL,
|
|
150
|
+
status TEXT NOT NULL,
|
|
151
|
+
triggered_at TEXT NOT NULL,
|
|
152
|
+
started_at TEXT,
|
|
153
|
+
finished_at TEXT,
|
|
154
|
+
error TEXT,
|
|
155
|
+
event_snapshot_json TEXT,
|
|
156
|
+
thread_id TEXT,
|
|
157
|
+
run_id TEXT,
|
|
158
|
+
delivery_mode TEXT,
|
|
159
|
+
delivery_status TEXT,
|
|
160
|
+
delivery_error TEXT,
|
|
161
|
+
last_bridge_event_at TEXT,
|
|
162
|
+
FOREIGN KEY (monitor_id) REFERENCES automation_monitors(id) ON DELETE CASCADE
|
|
163
|
+
);
|
|
164
|
+
CREATE INDEX IF NOT EXISTS idx_automation_monitor_runs_monitor_triggered ON automation_monitor_runs (monitor_id, triggered_at DESC);
|
|
165
|
+
CREATE TABLE IF NOT EXISTS workspace_registry (
|
|
166
|
+
id TEXT PRIMARY KEY,
|
|
167
|
+
display_name TEXT NOT NULL,
|
|
168
|
+
path TEXT NOT NULL,
|
|
169
|
+
device_id TEXT NOT NULL,
|
|
170
|
+
default_runtime_id TEXT,
|
|
171
|
+
git_json TEXT NOT NULL DEFAULT '{}',
|
|
172
|
+
health_json TEXT NOT NULL DEFAULT '{}',
|
|
173
|
+
metadata_json TEXT NOT NULL DEFAULT '{}',
|
|
174
|
+
created_at TEXT NOT NULL,
|
|
175
|
+
updated_at TEXT NOT NULL,
|
|
176
|
+
last_opened_at TEXT
|
|
177
|
+
);
|
|
178
|
+
CREATE INDEX IF NOT EXISTS idx_workspace_registry_updated ON workspace_registry (updated_at DESC);
|
|
179
|
+
CREATE TABLE IF NOT EXISTS agent_tasks (
|
|
180
|
+
id TEXT PRIMARY KEY,
|
|
181
|
+
workspace_id TEXT NOT NULL,
|
|
182
|
+
device_id TEXT NOT NULL,
|
|
183
|
+
runtime_id TEXT NOT NULL,
|
|
184
|
+
thread_id TEXT,
|
|
185
|
+
run_id TEXT,
|
|
186
|
+
title TEXT NOT NULL,
|
|
187
|
+
prompt TEXT,
|
|
188
|
+
status TEXT NOT NULL,
|
|
189
|
+
created_at TEXT NOT NULL,
|
|
190
|
+
updated_at TEXT NOT NULL,
|
|
191
|
+
queued_at TEXT,
|
|
192
|
+
started_at TEXT,
|
|
193
|
+
completed_at TEXT,
|
|
194
|
+
summary TEXT,
|
|
195
|
+
error TEXT,
|
|
196
|
+
timeline_json TEXT NOT NULL DEFAULT '[]',
|
|
197
|
+
logs_json TEXT NOT NULL DEFAULT '[]',
|
|
198
|
+
artifacts_json TEXT NOT NULL DEFAULT '[]',
|
|
199
|
+
approval_ids_json TEXT NOT NULL DEFAULT '[]',
|
|
200
|
+
metadata_json TEXT NOT NULL DEFAULT '{}'
|
|
201
|
+
);
|
|
202
|
+
CREATE INDEX IF NOT EXISTS idx_agent_tasks_workspace_updated ON agent_tasks (workspace_id, updated_at DESC);
|
|
203
|
+
CREATE INDEX IF NOT EXISTS idx_agent_tasks_status_updated ON agent_tasks (status, updated_at DESC);
|
|
204
|
+
CREATE INDEX IF NOT EXISTS idx_agent_tasks_run ON agent_tasks (run_id);
|
|
205
|
+
CREATE TABLE IF NOT EXISTS workspace_security_settings (
|
|
206
|
+
workspace_id TEXT PRIMARY KEY,
|
|
207
|
+
permissions_json TEXT NOT NULL,
|
|
208
|
+
allow_paths_json TEXT NOT NULL DEFAULT '[]',
|
|
209
|
+
deny_paths_json TEXT NOT NULL DEFAULT '[]',
|
|
210
|
+
updated_at TEXT NOT NULL,
|
|
211
|
+
updated_by TEXT
|
|
212
|
+
);
|
|
213
|
+
CREATE TABLE IF NOT EXISTS approval_requests (
|
|
214
|
+
id TEXT PRIMARY KEY,
|
|
215
|
+
workspace_id TEXT NOT NULL,
|
|
216
|
+
task_id TEXT,
|
|
217
|
+
thread_id TEXT,
|
|
218
|
+
run_id TEXT,
|
|
219
|
+
device_id TEXT NOT NULL,
|
|
220
|
+
kind TEXT NOT NULL,
|
|
221
|
+
status TEXT NOT NULL,
|
|
222
|
+
risk_level TEXT NOT NULL,
|
|
223
|
+
title TEXT NOT NULL,
|
|
224
|
+
description TEXT NOT NULL,
|
|
225
|
+
requested_action TEXT NOT NULL,
|
|
226
|
+
command TEXT,
|
|
227
|
+
scopes_json TEXT NOT NULL DEFAULT '[]',
|
|
228
|
+
options_json TEXT NOT NULL DEFAULT '[]',
|
|
229
|
+
requested_by TEXT,
|
|
230
|
+
resolved_by TEXT,
|
|
231
|
+
resolution TEXT,
|
|
232
|
+
created_at TEXT NOT NULL,
|
|
233
|
+
updated_at TEXT NOT NULL,
|
|
234
|
+
resolved_at TEXT,
|
|
235
|
+
expires_at TEXT,
|
|
236
|
+
metadata_json TEXT NOT NULL DEFAULT '{}'
|
|
237
|
+
);
|
|
238
|
+
CREATE INDEX IF NOT EXISTS idx_approval_requests_workspace_updated ON approval_requests (workspace_id, updated_at DESC);
|
|
239
|
+
CREATE INDEX IF NOT EXISTS idx_approval_requests_status_updated ON approval_requests (status, updated_at DESC);
|
|
240
|
+
CREATE INDEX IF NOT EXISTS idx_approval_requests_task ON approval_requests (task_id);
|
|
241
|
+
CREATE INDEX IF NOT EXISTS idx_approval_requests_run ON approval_requests (run_id);
|
|
242
|
+
CREATE TABLE IF NOT EXISTS audit_events (
|
|
243
|
+
id TEXT PRIMARY KEY,
|
|
244
|
+
type TEXT NOT NULL,
|
|
245
|
+
workspace_id TEXT,
|
|
246
|
+
task_id TEXT,
|
|
247
|
+
approval_id TEXT,
|
|
248
|
+
actor TEXT,
|
|
249
|
+
summary TEXT NOT NULL,
|
|
250
|
+
risk_level TEXT,
|
|
251
|
+
created_at TEXT NOT NULL,
|
|
252
|
+
metadata_json TEXT NOT NULL DEFAULT '{}'
|
|
253
|
+
);
|
|
254
|
+
CREATE INDEX IF NOT EXISTS idx_audit_events_workspace_created ON audit_events (workspace_id, created_at DESC);
|
|
255
|
+
CREATE INDEX IF NOT EXISTS idx_audit_events_task_created ON audit_events (task_id, created_at DESC);
|
|
256
|
+
CREATE INDEX IF NOT EXISTS idx_audit_events_type_created ON audit_events (type, created_at DESC);
|
|
257
|
+
`);
|
|
258
|
+
ensureColumn(db, 'messages', 'tool_call_json', 'TEXT');
|
|
259
|
+
ensureColumn(db, 'messages', 'bridge_kind', 'TEXT');
|
|
260
|
+
ensureColumn(db, 'messages', 'bridge_status', 'TEXT');
|
|
261
|
+
ensureColumn(db, 'scheduled_jobs', 'execution_mode', "TEXT NOT NULL DEFAULT 'same-thread'");
|
|
262
|
+
ensureColumn(db, 'scheduled_job_runs', 'platform_message_ids_json', 'TEXT');
|
|
263
|
+
ensureColumn(db, 'scheduled_job_runs', 'delivery_mode', 'TEXT');
|
|
264
|
+
ensureColumn(db, 'scheduled_job_runs', 'delivery_status', 'TEXT');
|
|
265
|
+
ensureColumn(db, 'scheduled_job_runs', 'delivery_error', 'TEXT');
|
|
266
|
+
ensureColumn(db, 'scheduled_job_runs', 'last_bridge_event_at', 'TEXT');
|
|
267
|
+
ensureColumn(db, 'threads', 'agent_mode', "TEXT NOT NULL DEFAULT 'default'");
|
|
268
|
+
}
|
|
269
|
+
function ensureColumn(db, table, column, definition) {
|
|
270
|
+
const rows = db.prepare(`PRAGMA table_info(${table})`).all();
|
|
271
|
+
if (rows.some((row) => row.name === column)) {
|
|
272
|
+
return;
|
|
273
|
+
}
|
|
274
|
+
db.exec(`ALTER TABLE ${table} ADD COLUMN ${column} ${definition}`);
|
|
275
|
+
}
|
|
@@ -0,0 +1,266 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.LocalSecurityStore = void 0;
|
|
4
|
+
const node_crypto_1 = require("node:crypto");
|
|
5
|
+
const index_js_1 = require("../../../../../packages/contracts/src/index.js");
|
|
6
|
+
const utils_js_1 = require("./utils.js");
|
|
7
|
+
class LocalSecurityStore {
|
|
8
|
+
db;
|
|
9
|
+
updateAgentTask;
|
|
10
|
+
constructor(db, updateAgentTask) {
|
|
11
|
+
this.db = db;
|
|
12
|
+
this.updateAgentTask = updateAgentTask;
|
|
13
|
+
}
|
|
14
|
+
getWorkspaceSecuritySettings(workspaceId) {
|
|
15
|
+
const row = this.db.prepare(`
|
|
16
|
+
SELECT workspace_id, permissions_json, allow_paths_json, deny_paths_json, updated_at, updated_by
|
|
17
|
+
FROM workspace_security_settings
|
|
18
|
+
WHERE workspace_id = ?
|
|
19
|
+
`).get(workspaceId);
|
|
20
|
+
if (row) {
|
|
21
|
+
return this.toWorkspaceSecuritySettings(row);
|
|
22
|
+
}
|
|
23
|
+
const now = new Date().toISOString();
|
|
24
|
+
return {
|
|
25
|
+
workspaceId,
|
|
26
|
+
permissions: (0, utils_js_1.defaultPermissions)(),
|
|
27
|
+
allowPaths: [],
|
|
28
|
+
denyPaths: [],
|
|
29
|
+
updatedAt: now,
|
|
30
|
+
};
|
|
31
|
+
}
|
|
32
|
+
updateWorkspaceSecuritySettings(workspaceId, input) {
|
|
33
|
+
const existing = this.getWorkspaceSecuritySettings(workspaceId);
|
|
34
|
+
const now = new Date().toISOString();
|
|
35
|
+
const next = {
|
|
36
|
+
workspaceId,
|
|
37
|
+
permissions: {
|
|
38
|
+
...existing.permissions,
|
|
39
|
+
...(input.permissions || {}),
|
|
40
|
+
},
|
|
41
|
+
allowPaths: Array.isArray(input.allowPaths) ? input.allowPaths : existing.allowPaths,
|
|
42
|
+
denyPaths: Array.isArray(input.denyPaths) ? input.denyPaths : existing.denyPaths,
|
|
43
|
+
updatedAt: now,
|
|
44
|
+
updatedBy: input.updatedBy || existing.updatedBy,
|
|
45
|
+
};
|
|
46
|
+
this.db.prepare(`
|
|
47
|
+
INSERT INTO workspace_security_settings (workspace_id, permissions_json, allow_paths_json, deny_paths_json, updated_at, updated_by)
|
|
48
|
+
VALUES (?, ?, ?, ?, ?, ?)
|
|
49
|
+
ON CONFLICT(workspace_id) DO UPDATE SET
|
|
50
|
+
permissions_json = excluded.permissions_json,
|
|
51
|
+
allow_paths_json = excluded.allow_paths_json,
|
|
52
|
+
deny_paths_json = excluded.deny_paths_json,
|
|
53
|
+
updated_at = excluded.updated_at,
|
|
54
|
+
updated_by = excluded.updated_by
|
|
55
|
+
`).run(workspaceId, JSON.stringify(next.permissions), JSON.stringify(next.allowPaths), JSON.stringify(next.denyPaths), now, next.updatedBy || null);
|
|
56
|
+
this.createAuditEvent({
|
|
57
|
+
type: 'permission.changed',
|
|
58
|
+
workspaceId,
|
|
59
|
+
actor: next.updatedBy || 'local',
|
|
60
|
+
summary: 'Workspace security settings changed.',
|
|
61
|
+
metadata: {
|
|
62
|
+
permissions: next.permissions,
|
|
63
|
+
allowPaths: next.allowPaths,
|
|
64
|
+
denyPaths: next.denyPaths,
|
|
65
|
+
},
|
|
66
|
+
});
|
|
67
|
+
return this.getWorkspaceSecuritySettings(workspaceId);
|
|
68
|
+
}
|
|
69
|
+
createApprovalRequest(input) {
|
|
70
|
+
const id = `approval:${(0, node_crypto_1.randomUUID)()}`;
|
|
71
|
+
const now = new Date().toISOString();
|
|
72
|
+
this.db.prepare(`
|
|
73
|
+
INSERT INTO approval_requests (
|
|
74
|
+
id, workspace_id, task_id, thread_id, run_id, device_id, kind, status, risk_level, title, description,
|
|
75
|
+
requested_action, command, scopes_json, options_json, requested_by, created_at, updated_at, expires_at, metadata_json
|
|
76
|
+
) VALUES (?, ?, ?, ?, ?, ?, ?, 'pending', ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
|
|
77
|
+
`).run(id, input.workspaceId, input.taskId || null, input.threadId || null, input.runId || null, input.deviceId || 'local', input.kind, input.riskLevel, input.title, (0, utils_js_1.redactSecrets)(input.description), (0, utils_js_1.redactSecrets)(input.requestedAction), input.command ? (0, utils_js_1.redactSecrets)(input.command) : null, JSON.stringify(input.scopes || []), JSON.stringify(input.options || []), input.requestedBy || null, now, now, input.expiresAt || null, JSON.stringify(input.metadata || {}));
|
|
78
|
+
const approval = this.getApprovalRequest(id);
|
|
79
|
+
this.createAuditEvent({
|
|
80
|
+
type: 'approval.requested',
|
|
81
|
+
workspaceId: approval.workspaceId,
|
|
82
|
+
taskId: approval.taskId,
|
|
83
|
+
approvalId: approval.approvalId,
|
|
84
|
+
actor: approval.requestedBy || 'agent',
|
|
85
|
+
summary: approval.title,
|
|
86
|
+
riskLevel: approval.riskLevel,
|
|
87
|
+
metadata: {
|
|
88
|
+
kind: approval.kind,
|
|
89
|
+
requestedAction: approval.requestedAction,
|
|
90
|
+
scopes: approval.scopes,
|
|
91
|
+
},
|
|
92
|
+
});
|
|
93
|
+
if (approval.taskId) {
|
|
94
|
+
this.updateAgentTask(approval.taskId, {
|
|
95
|
+
approvalId: approval.approvalId,
|
|
96
|
+
timelineItem: {
|
|
97
|
+
type: 'approval_requested',
|
|
98
|
+
title: approval.title,
|
|
99
|
+
description: approval.description,
|
|
100
|
+
metadata: { approvalId: approval.approvalId, riskLevel: approval.riskLevel },
|
|
101
|
+
},
|
|
102
|
+
});
|
|
103
|
+
}
|
|
104
|
+
return approval;
|
|
105
|
+
}
|
|
106
|
+
listApprovalRequests(query = {}) {
|
|
107
|
+
const predicates = [];
|
|
108
|
+
const params = [];
|
|
109
|
+
if (query.workspaceId) {
|
|
110
|
+
predicates.push('workspace_id = ?');
|
|
111
|
+
params.push(query.workspaceId);
|
|
112
|
+
}
|
|
113
|
+
if (query.taskId) {
|
|
114
|
+
predicates.push('task_id = ?');
|
|
115
|
+
params.push(query.taskId);
|
|
116
|
+
}
|
|
117
|
+
if (query.status) {
|
|
118
|
+
const statuses = (Array.isArray(query.status) ? query.status : [query.status]).map((status) => (0, index_js_1.normalizeApprovalRequestStatus)(status));
|
|
119
|
+
predicates.push(`status IN (${statuses.map(() => '?').join(', ')})`);
|
|
120
|
+
params.push(...statuses);
|
|
121
|
+
}
|
|
122
|
+
const limit = Math.max(1, Math.min(Number(query.limit || 50), 100));
|
|
123
|
+
const where = predicates.length ? `WHERE ${predicates.join(' AND ')}` : '';
|
|
124
|
+
const rows = this.db.prepare(`
|
|
125
|
+
SELECT *
|
|
126
|
+
FROM approval_requests
|
|
127
|
+
${where}
|
|
128
|
+
ORDER BY updated_at DESC
|
|
129
|
+
LIMIT ?
|
|
130
|
+
`).all(...params, limit);
|
|
131
|
+
return { approvals: rows.map((row) => this.toApprovalRequest(row)) };
|
|
132
|
+
}
|
|
133
|
+
getApprovalRequest(approvalId) {
|
|
134
|
+
const row = this.db.prepare('SELECT * FROM approval_requests WHERE id = ?').get(approvalId);
|
|
135
|
+
return row ? this.toApprovalRequest(row) : undefined;
|
|
136
|
+
}
|
|
137
|
+
resolveApprovalRequest(approvalId, input) {
|
|
138
|
+
const existing = this.getApprovalRequest(approvalId);
|
|
139
|
+
if (!existing) {
|
|
140
|
+
throw new Error(`Approval not found: ${approvalId}`);
|
|
141
|
+
}
|
|
142
|
+
const now = new Date().toISOString();
|
|
143
|
+
this.db.prepare(`
|
|
144
|
+
UPDATE approval_requests
|
|
145
|
+
SET status = ?, resolved_by = ?, resolution = ?, resolved_at = ?, updated_at = ?
|
|
146
|
+
WHERE id = ?
|
|
147
|
+
`).run(input.status, input.resolvedBy || existing.resolvedBy || 'local', input.resolution || existing.resolution || null, now, now, approvalId);
|
|
148
|
+
const approval = this.getApprovalRequest(approvalId);
|
|
149
|
+
this.createAuditEvent({
|
|
150
|
+
type: input.status === 'rejected' ? 'approval.rejected' : 'approval.resolved',
|
|
151
|
+
workspaceId: approval.workspaceId,
|
|
152
|
+
taskId: approval.taskId,
|
|
153
|
+
approvalId: approval.approvalId,
|
|
154
|
+
actor: approval.resolvedBy || 'local',
|
|
155
|
+
summary: `Approval ${input.status}: ${approval.title}`,
|
|
156
|
+
riskLevel: approval.riskLevel,
|
|
157
|
+
metadata: { resolution: approval.resolution },
|
|
158
|
+
});
|
|
159
|
+
if (approval.taskId) {
|
|
160
|
+
this.updateAgentTask(approval.taskId, {
|
|
161
|
+
timelineItem: {
|
|
162
|
+
type: 'approval_resolved',
|
|
163
|
+
title: `Approval ${input.status}`,
|
|
164
|
+
description: approval.resolution || approval.title,
|
|
165
|
+
metadata: { approvalId: approval.approvalId, status: input.status },
|
|
166
|
+
},
|
|
167
|
+
});
|
|
168
|
+
}
|
|
169
|
+
return approval;
|
|
170
|
+
}
|
|
171
|
+
createAuditEvent(input) {
|
|
172
|
+
const id = `audit:${(0, node_crypto_1.randomUUID)()}`;
|
|
173
|
+
const now = new Date().toISOString();
|
|
174
|
+
this.db.prepare(`
|
|
175
|
+
INSERT INTO audit_events (id, type, workspace_id, task_id, approval_id, actor, summary, risk_level, created_at, metadata_json)
|
|
176
|
+
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
|
|
177
|
+
`).run(id, input.type, input.workspaceId || null, input.taskId || null, input.approvalId || null, input.actor || null, (0, utils_js_1.redactSecrets)(input.summary), input.riskLevel || null, now, JSON.stringify(input.metadata || {}));
|
|
178
|
+
return this.toAuditEvent(this.db.prepare('SELECT * FROM audit_events WHERE id = ?').get(id));
|
|
179
|
+
}
|
|
180
|
+
listAuditEvents(query = {}) {
|
|
181
|
+
const predicates = [];
|
|
182
|
+
const params = [];
|
|
183
|
+
if (query.workspaceId) {
|
|
184
|
+
predicates.push('workspace_id = ?');
|
|
185
|
+
params.push(query.workspaceId);
|
|
186
|
+
}
|
|
187
|
+
if (query.taskId) {
|
|
188
|
+
predicates.push('task_id = ?');
|
|
189
|
+
params.push(query.taskId);
|
|
190
|
+
}
|
|
191
|
+
if (query.approvalId) {
|
|
192
|
+
predicates.push('approval_id = ?');
|
|
193
|
+
params.push(query.approvalId);
|
|
194
|
+
}
|
|
195
|
+
if (query.type) {
|
|
196
|
+
const types = Array.isArray(query.type) ? query.type : [query.type];
|
|
197
|
+
predicates.push(`type IN (${types.map(() => '?').join(', ')})`);
|
|
198
|
+
params.push(...types);
|
|
199
|
+
}
|
|
200
|
+
const limit = Math.max(1, Math.min(Number(query.limit || 50), 100));
|
|
201
|
+
const where = predicates.length ? `WHERE ${predicates.join(' AND ')}` : '';
|
|
202
|
+
const rows = this.db.prepare(`
|
|
203
|
+
SELECT *
|
|
204
|
+
FROM audit_events
|
|
205
|
+
${where}
|
|
206
|
+
ORDER BY created_at DESC
|
|
207
|
+
LIMIT ?
|
|
208
|
+
`).all(...params, limit);
|
|
209
|
+
return { events: rows.map((row) => this.toAuditEvent(row)) };
|
|
210
|
+
}
|
|
211
|
+
toWorkspaceSecuritySettings(row) {
|
|
212
|
+
return {
|
|
213
|
+
workspaceId: row.workspace_id,
|
|
214
|
+
permissions: {
|
|
215
|
+
...(0, utils_js_1.defaultPermissions)(),
|
|
216
|
+
...(0, utils_js_1.parseJson)(row.permissions_json, {}),
|
|
217
|
+
},
|
|
218
|
+
allowPaths: (0, utils_js_1.parseJson)(row.allow_paths_json, []),
|
|
219
|
+
denyPaths: (0, utils_js_1.parseJson)(row.deny_paths_json, []),
|
|
220
|
+
updatedAt: row.updated_at,
|
|
221
|
+
updatedBy: row.updated_by || undefined,
|
|
222
|
+
};
|
|
223
|
+
}
|
|
224
|
+
toApprovalRequest(row) {
|
|
225
|
+
return {
|
|
226
|
+
approvalId: row.id,
|
|
227
|
+
workspaceId: row.workspace_id,
|
|
228
|
+
taskId: row.task_id || undefined,
|
|
229
|
+
threadId: row.thread_id || undefined,
|
|
230
|
+
runId: row.run_id || undefined,
|
|
231
|
+
deviceId: row.device_id,
|
|
232
|
+
kind: row.kind,
|
|
233
|
+
status: (0, index_js_1.normalizeApprovalRequestStatus)(row.status),
|
|
234
|
+
riskLevel: row.risk_level,
|
|
235
|
+
title: row.title,
|
|
236
|
+
description: row.description,
|
|
237
|
+
requestedAction: row.requested_action,
|
|
238
|
+
command: row.command || undefined,
|
|
239
|
+
scopes: (0, utils_js_1.parseJson)(row.scopes_json, []),
|
|
240
|
+
options: (0, utils_js_1.parseJson)(row.options_json, []),
|
|
241
|
+
requestedBy: row.requested_by || undefined,
|
|
242
|
+
resolvedBy: row.resolved_by || undefined,
|
|
243
|
+
resolution: row.resolution || undefined,
|
|
244
|
+
createdAt: row.created_at,
|
|
245
|
+
updatedAt: row.updated_at,
|
|
246
|
+
resolvedAt: row.resolved_at || undefined,
|
|
247
|
+
expiresAt: row.expires_at || undefined,
|
|
248
|
+
metadata: (0, utils_js_1.parseJson)(row.metadata_json, {}),
|
|
249
|
+
};
|
|
250
|
+
}
|
|
251
|
+
toAuditEvent(row) {
|
|
252
|
+
return {
|
|
253
|
+
auditId: row.id,
|
|
254
|
+
type: row.type,
|
|
255
|
+
workspaceId: row.workspace_id || undefined,
|
|
256
|
+
taskId: row.task_id || undefined,
|
|
257
|
+
approvalId: row.approval_id || undefined,
|
|
258
|
+
actor: row.actor || undefined,
|
|
259
|
+
summary: row.summary,
|
|
260
|
+
riskLevel: row.risk_level || undefined,
|
|
261
|
+
createdAt: row.created_at,
|
|
262
|
+
metadata: (0, utils_js_1.parseJson)(row.metadata_json, {}),
|
|
263
|
+
};
|
|
264
|
+
}
|
|
265
|
+
}
|
|
266
|
+
exports.LocalSecurityStore = LocalSecurityStore;
|