npm - @lobehub/lobehub - Versions diffs - 2.0.0-next.47 → 2.0.0-next.48 - Mend

@lobehub/lobehub 2.0.0-next.47 → 2.0.0-next.48

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (228) hide show

package/packages/model-runtime/src/providers/zhipu/index.test.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 // @vitest-environment node
-import { LobeOpenAICompatibleRuntime } from '@lobechat/model-runtime';
 import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest';
+import { LobeOpenAICompatibleRuntime } from '../../core/BaseAI';
 import { testProvider } from '../../providerTestUtils';
 import { LobeZhipuAI, params } from './index';

package/packages/model-runtime/src/utils/errorResponse.test.ts CHANGED Viewed

@@ -1,7 +1,7 @@
-import { AgentRuntimeErrorType } from '@lobechat/model-runtime';
 import { ChatErrorType } from '@lobechat/types';
 import { describe, expect, it, vi } from 'vitest';
+import { AgentRuntimeErrorType } from '../types/error';
 import { createErrorResponse } from './errorResponse';
 describe('createErrorResponse', () => {

package/packages/ssrf-safe-fetch/index.browser.ts ADDED Viewed

@@ -0,0 +1,14 @@
+/**
+ * Browser version of SSRF-safe fetch
+ * In browser environments, we simply use the native fetch API
+ * as SSRF attacks are not applicable in client-side code
+ */
+/**
+ * Browser-safe fetch implementation
+ * Uses native fetch API in browser environments
+ */
+// eslint-disable-next-line no-undef
+export const ssrfSafeFetch = async (url: string, options?: RequestInit): Promise<Response> => {
+  return fetch(url, options);
+};

package/packages/ssrf-safe-fetch/package.json CHANGED Viewed

@@ -2,7 +2,14 @@
   "name": "ssrf-safe-fetch",
   "version": "1.0.0",
   "private": true,
-  "description": "",
+  "description": "SSRF-safe fetch implementation with browser/node conditional exports",
+  "exports": {
+    ".": {
+      "browser": "./index.browser.ts",
+      "node": "./index.ts",
+      "default": "./index.ts"
+    }
+  },
   "main": "index.ts",
   "scripts": {
     "test": "vitest run"

package/packages/types/src/discover/assistants.ts CHANGED Viewed

@@ -24,6 +24,7 @@ export enum AssistantSorts {
   CreatedAt = 'createdAt',
   Identifier = 'identifier',
   KnowledgeCount = 'knowledgeCount',
+  MyOwn = 'myown',
   PluginCount = 'pluginCount',
   Title = 'title',
   TokenUsage = 'tokenUsage',
@@ -34,6 +35,7 @@ export enum AssistantNavKey {
   Overview = 'overview',
   Related = 'related',
   SystemRole = 'systemRole',
+  Version = 'version'
 }
 export interface DiscoverAssistantItem extends Omit<LobeAgentSettings, 'meta'>, MetaData {
@@ -47,14 +49,18 @@ export interface DiscoverAssistantItem extends Omit<LobeAgentSettings, 'meta'>,
   tokenUsage: number;
 }
+export type AssistantMarketSource = 'legacy' | 'new';
 export interface AssistantQueryParams {
   category?: string;
   locale?: string;
   order?: 'asc' | 'desc';
+  ownerId?: string;
   page?: number;
   pageSize?: number;
   q?: string;
   sort?: AssistantSorts;
+  source?: AssistantMarketSource;
 }
 export interface AssistantListResponse {
@@ -66,7 +72,17 @@ export interface AssistantListResponse {
 }
 export interface DiscoverAssistantDetail extends DiscoverAssistantItem {
+  currentVersion?: string;
   examples?: FewShots;
   related: DiscoverAssistantItem[];
   summary?: string;
+  versions?: DiscoverAssistantVersion[];
+}
+export interface DiscoverAssistantVersion {
+  createdAt?: string;
+  isLatest?: boolean;
+  isValidated?: boolean;
+  status?: 'published' | 'unpublished' | 'archived' | 'deprecated';
+  version: string;
 }

package/packages/types/src/index.ts CHANGED Viewed

@@ -30,5 +30,6 @@ export * from './user';
 // it more likes the UI message payload
 export * from './openai/chat';
 export * from './openai/plugin';
+export * from './subscription';
 export * from './trace';
 export * from './zustand';

package/packages/types/src/message/common/tools.ts CHANGED Viewed

@@ -103,3 +103,13 @@ export interface ChatMessagePluginError {
   message: string;
   type: IPluginErrorType;
 }
+export interface ToolIntervention {
+  rejectedReason?: string;
+  status?: 'pending' | 'approved' | 'rejected' | 'none';
+}
+export const ToolInterventionSchema = z.object({
+  rejectedReason: z.string().optional(),
+  status: z.enum(['pending', 'approved', 'rejected', 'none']).optional(),
+});

package/packages/types/src/message/db/item.ts CHANGED Viewed

@@ -1,6 +1,6 @@
 /* eslint-disable sort-keys-fix/sort-keys-fix , typescript-sort-keys/interface */
 import { GroundingSearch } from '../../search';
-import { MessageMetadata, ModelReasoning } from '../common';
+import { MessageMetadata, ModelReasoning, ToolIntervention } from '../common';
 export interface DBMessageItem {
   id: string;
@@ -33,3 +33,17 @@ export interface DBMessageItem {
   updatedAt: Date;
   createdAt: Date;
 }
+export interface MessagePluginItem {
+  id: string;
+  toolCallId?: string;
+  type: string;
+  intervention?: ToolIntervention;
+  apiName?: string;
+  arguments?: string;
+  identifier?: string;
+  state?: any;
+  error?: any;
+  clientId?: string;
+  userId: string;
+}

package/packages/types/src/message/ui/params.ts CHANGED Viewed

@@ -4,7 +4,7 @@ import { z } from 'zod';
 import { UploadFileItem } from '../../files';
 import { MessageSemanticSearchChunk } from '../../rag';
 import { ChatMessageError, ChatMessageErrorSchema } from '../common/base';
-import { ChatPluginPayload } from '../common/tools';
+import { ChatPluginPayload, ToolInterventionSchema } from '../common/tools';
 import { UIChatMessage } from './chat';
 import { SemanticSearchChunkSchema } from './rag';
@@ -148,3 +148,17 @@ export const CreateNewMessageParamsSchema = z
     fileChunks: z.array(SemanticSearchChunkSchema).optional(),
   })
   .passthrough();
+export const UpdateMessagePluginSchema = z.object({
+  id: z.string().optional(),
+  toolCallId: z.string().optional(),
+  type: z.string().optional(),
+  intervention: ToolInterventionSchema.optional(),
+  apiName: z.string().optional(),
+  arguments: z.string().optional(),
+  identifier: z.string().optional(),
+  state: z.any().optional(),
+  error: z.any().optional(),
+  clientId: z.string().optional(),
+  userId: z.string().optional(),
+});

package/packages/types/src/meta.ts CHANGED Viewed

@@ -10,6 +10,10 @@ export const LobeMetaDataSchema = z.object({
    */
   backgroundColor: z.string().optional(),
   description: z.string().optional(),
+  /**
+   * Market agent identifier for published agents
+   */
+  marketIdentifier: z.string().optional(),
   tags: z.array(z.string()).optional(),
   /**

package/packages/types/src/session/agentSession.ts CHANGED Viewed

@@ -20,6 +20,8 @@ export interface LobeAgentSession {
   createdAt: Date;
   group?: string;
   id: string;
+  /** Market agent identifier for published agents */
+  marketIdentifier?: string;
   meta: MetaData;
   model: string;
   pinned?: boolean;

package/packages/utils/src/imageToBase64.ts CHANGED Viewed

@@ -36,23 +36,30 @@ export const imageToBase64 = ({
   return canvas.toDataURL(type);
 };
+/**
+ * Convert image URL to base64
+ * Uses SSRF-safe fetch on server-side to prevent SSRF attacks
+ */
 export const imageUrlToBase64 = async (
   imageUrl: string,
 ): Promise<{ base64: string; mimeType: string }> => {
   try {
-    const res = await fetch(imageUrl);
+    const isServer = typeof window === 'undefined';
+    // Use SSRF-safe fetch on server-side to prevent SSRF attacks
+    const res = isServer
+      ? await import('ssrf-safe-fetch').then((m) => m.ssrfSafeFetch(imageUrl))
+      : await fetch(imageUrl);
     const blob = await res.blob();
     const arrayBuffer = await blob.arrayBuffer();
-    const base64 =
-      typeof btoa === 'function'
-        ? btoa(
-            new Uint8Array(arrayBuffer).reduce(
-              (data, byte) => data + String.fromCharCode(byte),
-              '',
-            ),
-          )
-        : Buffer.from(arrayBuffer).toString('base64');
+    // Client-side uses btoa, server-side uses Buffer
+    const base64 = isServer
+      ? Buffer.from(arrayBuffer).toString('base64')
+      : btoa(
+          new Uint8Array(arrayBuffer).reduce((data, byte) => data + String.fromCharCode(byte), ''),
+        );
     return { base64, mimeType: blob.type };
   } catch (error) {

package/packages/utils/src/index.ts CHANGED Viewed

@@ -4,9 +4,9 @@ export * from './detectChinese';
 export * from './format';
 export * from './imageToBase64';
 export * from './keyboard';
+export * from './merge';
 export * from './number';
 export * from './object';
-export * from './parseModels';
 export * from './pricing';
 export * from './safeParseJSON';
 export * from './sleep';

package/src/app/(backend)/market/agent/[[...segments]]/route.ts ADDED Viewed

@@ -0,0 +1,153 @@
+import { MarketSDK } from '@lobehub/market-sdk';
+import { NextRequest, NextResponse } from 'next/server';
+type RouteContext = {
+  params: Promise<{
+    segments?: string[];
+  }>;
+};
+const MARKET_BASE_URL = process.env.NEXT_PUBLIC_MARKET_BASE_URL || 'http://127.0.0.1:8787';
+const extractAccessToken = (req: NextRequest) => {
+  const authorization = req.headers.get('authorization');
+  if (!authorization) return undefined;
+  const [scheme, token] = authorization.split(' ');
+  if (scheme?.toLowerCase() !== 'bearer' || !token) return undefined;
+  return token;
+};
+const methodNotAllowed = (methods: string[]) =>
+  NextResponse.json(
+    {
+      error: 'method_not_allowed',
+      message: `Allowed methods: ${methods.join(', ')}`,
+      status: 'error',
+    },
+    {
+      headers: { Allow: methods.join(', ') },
+      status: 405,
+    },
+  );
+const badRequest = (error: string, message: string) =>
+  NextResponse.json(
+    {
+      error,
+      message,
+      status: 'error',
+    },
+    { status: 400 },
+  );
+const notFound = (reason: string) =>
+  NextResponse.json(
+    {
+      error: 'not_found',
+      message: reason,
+      status: 'error',
+    },
+    { status: 404 },
+  );
+const handleAgent = async (req: NextRequest, segments: string[]) => {
+  const accessToken = extractAccessToken(req);
+  const market = new MarketSDK({
+    accessToken,
+    baseURL: MARKET_BASE_URL,
+  });
+  if (segments.length === 0) {
+    return notFound('Missing agent action.');
+  }
+  const [action, ...rest] = segments;
+  if (action === 'create') {
+    if (req.method !== 'POST') return methodNotAllowed(['POST']);
+    try {
+      const payload = await req.json();
+      const response = await market.agents.createAgent(payload);
+      return NextResponse.json(response);
+    } catch (error) {
+      console.error('[Market] Failed to create agent:', error);
+      return NextResponse.json(
+        {
+          error: 'create_agent_failed',
+          message: error instanceof Error ? error.message : 'Unknown error',
+          status: 'error',
+        },
+        { status: 500 },
+      );
+    }
+  }
+  if (action === 'versions') {
+    if (rest.length !== 1 || rest[0] !== 'create') {
+      return notFound('Requested agent version endpoint is not available.');
+    }
+    if (req.method !== 'POST') return methodNotAllowed(['POST']);
+    try {
+      const payload = await req.json();
+      if (typeof payload !== 'object' || payload === null) {
+        return badRequest('invalid_payload', 'Request body must be a JSON object.');
+      }
+      const identifier = (payload as { identifier?: string }).identifier;
+      if (!identifier) {
+        return badRequest('missing_identifier', 'Identifier is required to create agent version.');
+      }
+      const response = await market.agents.createAgentVersion(payload);
+      return NextResponse.json(response);
+    } catch (error) {
+      console.error('[Market] Failed to create agent version:', error);
+      return NextResponse.json(
+        {
+          error: 'create_agent_version_failed',
+          message: error instanceof Error ? error.message : 'Unknown error',
+          status: 'error',
+        },
+        { status: 500 },
+      );
+    }
+  }
+  if (segments.length === 1) {
+    if (req.method !== 'GET') return methodNotAllowed(['GET']);
+    try {
+      const response = await market.agents.getAgentDetail(action);
+      return NextResponse.json(response);
+    } catch (error) {
+      console.error('[Market] Failed to get agent detail:', error);
+      return NextResponse.json(
+        {
+          error: 'get_agent_detail_failed',
+          message: error instanceof Error ? error.message : 'Unknown error',
+          status: 'error',
+        },
+        { status: 500 },
+      );
+    }
+  }
+  return notFound('Requested agent endpoint is not available.');
+};
+const handleProxy = async (req: NextRequest, context: RouteContext) => {
+  const { segments } = await context.params;
+  const normalizedSegments = segments?.map((segment) => decodeURIComponent(segment)) ?? [];
+  return handleAgent(req, normalizedSegments);
+};
+export const GET = (req: NextRequest, context: RouteContext) => handleProxy(req, context);
+export const POST = (req: NextRequest, context: RouteContext) => handleProxy(req, context);
+export const dynamic = 'force-dynamic';

package/src/app/(backend)/market/oidc/[[...segments]]/route.ts ADDED Viewed

@@ -0,0 +1,207 @@
+import { MarketSDK } from '@lobehub/market-sdk';
+import { NextRequest, NextResponse } from 'next/server';
+type RouteContext = {
+  params: Promise<{
+    segments?: string[];
+  }>;
+};
+const MARKET_BASE_URL = process.env.NEXT_PUBLIC_MARKET_BASE_URL || 'http://127.0.0.1:8787';
+const ALLOWED_ENDPOINTS = new Set(['handoff', 'token', 'userinfo']);
+const ensureEndpoint = (segments?: string[]) => {
+  if (!segments || segments.length === 0) {
+    return { error: 'missing_endpoint', status: 404 } as const;
+  }
+  if (segments.length !== 1) {
+    return { error: 'unsupported_nested_path', status: 404 } as const;
+  }
+  const endpoint = segments[0];
+  if (!ALLOWED_ENDPOINTS.has(endpoint)) {
+    return { error: 'unknown_endpoint', status: 404 } as const;
+  }
+  return { endpoint } as const;
+};
+const methodNotAllowed = (allowed: string[]) =>
+  NextResponse.json(
+    {
+      error: 'method_not_allowed',
+      message: `Allowed methods: ${allowed.join(', ')}`,
+      status: 'error',
+    },
+    {
+      headers: { Allow: allowed.join(', ') },
+      status: 405,
+    },
+  );
+const handleProxy = async (req: NextRequest, context: RouteContext) => {
+  const market = new MarketSDK({
+    baseURL: MARKET_BASE_URL,
+  });
+  const { segments } = await context.params;
+  const endpointResult = ensureEndpoint(segments);
+  if ('error' in endpointResult) {
+    return NextResponse.json(
+      {
+        error: endpointResult.error,
+        message: 'Requested endpoint is not available.',
+        status: 'error',
+      },
+      { status: endpointResult.status },
+    );
+  }
+  const endpoint = endpointResult.endpoint;
+  switch (endpoint) {
+    case 'handoff': {
+      try {
+        const id = req.nextUrl.searchParams.get('id');
+        if (id) {
+          const handoff = await market.auth.getOAuthHandoff(id);
+          return new NextResponse(JSON.stringify(handoff), { status: 200 });
+        } else {
+          return NextResponse.json(
+            {
+              error: 'missing_id',
+              message: 'ID is required for handoff proxy.',
+              status: 'error',
+            },
+            { status: 400 },
+          );
+        }
+      } catch (error) {
+        return NextResponse.json(
+          {
+            error: 'handoff_proxy_failed',
+            message: error instanceof Error ? error.message : 'Unknown error',
+            status: 'error',
+          },
+          { status: 500 },
+        );
+      }
+    }
+    case 'token': {
+      if (req.method !== 'POST') {
+        return methodNotAllowed(['POST']);
+      }
+      try {
+        const body = await req.text();
+        const form = new URLSearchParams(body);
+        const grantType = (form.get('grant_type') || 'authorization_code') as
+          | 'authorization_code'
+          | 'refresh_token';
+        if (grantType === 'authorization_code') {
+          const clientId = form.get('client_id');
+          const code = form.get('code');
+          const codeVerifier = form.get('code_verifier');
+          const redirectUri = form.get('redirect_uri');
+          const response = await market.auth.exchangeOAuthToken({
+            clientId: clientId as string,
+            code: code as string,
+            codeVerifier: codeVerifier as string,
+            grantType: 'authorization_code',
+            redirectUri: redirectUri as string,
+          });
+          return NextResponse.json(response);
+        }
+        if (grantType === 'refresh_token') {
+          const refreshToken = form.get('refresh_token');
+          const clientId = form.get('client_id');
+          const response = await market.auth.exchangeOAuthToken({
+            clientId: clientId ?? undefined,
+            grantType: 'refresh_token',
+            refreshToken: refreshToken as string,
+          });
+          return NextResponse.json(response);
+        }
+        return NextResponse.json(
+          {
+            error: 'unsupported_grant_type',
+            message: `Unsupported grant_type: ${grantType}`,
+            status: 'error',
+          },
+          { status: 400 },
+        );
+      } catch (error) {
+        console.error('[MarketOIDC] Failed to proxy token request:', error);
+        return NextResponse.json(
+          {
+            error: 'token_proxy_failed',
+            message: error instanceof Error ? error.message : 'Unknown error',
+            status: 'error',
+          },
+          { status: 500 },
+        );
+      }
+    }
+    case 'userinfo': {
+      if (req.method !== 'POST') {
+        return methodNotAllowed(['POST']);
+      }
+      try {
+        const { token } = (await req.json()) as { token?: string };
+        if (!token) {
+          return NextResponse.json(
+            {
+              error: 'missing_token',
+              message: 'Token is required for userinfo proxy.',
+              status: 'error',
+            },
+            { status: 400 },
+          );
+        }
+        const response = await market.auth.getUserInfo(token);
+        return NextResponse.json(response);
+      } catch (error) {
+        console.error('[MarketOIDC] Failed to proxy userinfo request:', error);
+        return NextResponse.json(
+          {
+            error: 'userinfo_proxy_failed',
+            message: error instanceof Error ? error.message : 'Unknown error',
+            status: 'error',
+          },
+          { status: 500 },
+        );
+      }
+    }
+    default: {
+      return NextResponse.json(
+        {
+          error: 'unsupported_endpoint',
+          message: 'Requested endpoint is not supported.',
+          status: 'error',
+        },
+        { status: 404 },
+      );
+    }
+  }
+};
+export const GET = (req: NextRequest, context: RouteContext) => handleProxy(req, context);
+export const POST = (req: NextRequest, context: RouteContext) => handleProxy(req, context);
+export const dynamic = 'force-dynamic';

package/src/app/[variants]/(main)/(mobile)/me/settings/features/useCategory.tsx CHANGED Viewed

@@ -1,6 +1,7 @@
 import { Bot, Brain, Info, Mic2, Settings2, Sparkles } from 'lucide-react';
 import { useRouter } from 'next/navigation';
 import { useTranslation } from 'react-i18next';
 import { CellProps } from '@/components/Cell';
 import { isDeprecatedEdition } from '@/const/version';
 import { SettingsTabs } from '@/store/global/initialState';

package/src/app/[variants]/(main)/_layout/Desktop/SideBar/PinList/index.tsx CHANGED Viewed

@@ -82,12 +82,14 @@ const PinList = () => {
     hasList && (
       <>
         <Divider style={{ marginBottom: 8, marginTop: 4 }} />
-        <ScrollShadow height={"100%"} hideScrollBar={true} size={40}>
+        <ScrollShadow height={'100%'} hideScrollBar={true} size={40}>
           <Flexbox gap={12} style={{ padding: '0' }}>
             {list.map((item, index) => (
               <Flexbox key={item.id} style={{ position: 'relative' }}>
                 <Tooltip
-                  hotkey={index < 9 ? hotkey.replaceAll(KeyEnum.Number, String(index + 1)) : undefined}
+                  hotkey={
+                    index < 9 ? hotkey.replaceAll(KeyEnum.Number, String(index + 1)) : undefined
+                  }
                   placement={'right'}
                   title={sessionHelpers.getTitle(item.meta)}
                 >