npm - @lobehub/lobehub - Versions diffs - 2.0.0-next.93 → 2.0.0-next.95 - Mend

@lobehub/lobehub 2.0.0-next.93 → 2.0.0-next.95

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

package/.github/workflows/issue-auto-comments.yml CHANGED Viewed

@@ -20,15 +20,6 @@ jobs:
       pull-requests: write # for actions-cool/issues-helper to update PRs
     runs-on: ubuntu-latest
     steps:
-      - name: Auto Comment on Issues Opened
-        uses: wow-actions/auto-comment@v1
-        with:
-          GITHUB_TOKEN: ${{ secrets.GH_TOKEN}}
-          issuesOpened: |
-            👀 @{{ author }}
-            Thank you for raising an issue. We will investigate into the matter and get back to you as soon as possible.
-            Please make sure you have given us as much context as possible.
       - name: Auto Comment on Issues Closed
         uses: wow-actions/auto-comment@v1
         with:
@@ -37,16 +28,6 @@ jobs:
             ✅ @{{ author }}
             This issue is closed, If you have any questions, you can comment and reply.
-      - name: Auto Comment on Pull Request Opened
-        uses: wow-actions/auto-comment@v1
-        with:
-          GITHUB_TOKEN: ${{ secrets.GH_TOKEN}}
-          pullRequestOpened: |
-            👍 @{{ author }}
-            Thank you for raising your pull request and contributing to our Community
-            Please make sure you have followed our contributing guidelines. We will review it as soon as possible.
-            If you encounter any problems, please feel free to connect with us.
       - name: Auto Comment on Pull Request Merged
         uses: actions-cool/pr-welcome@main
         if: github.event.pull_request.merged == true

package/CHANGELOG.md CHANGED Viewed

@@ -2,6 +2,56 @@
 # Changelog
+## [Version 2.0.0-next.95](https://github.com/lobehub/lobe-chat/compare/v2.0.0-next.94...v2.0.0-next.95)
+<sup>Released on **2025-11-20**</sup>
+#### ✨ Features
+- **misc**: Add Security Blacklist for agent runtime.
+<br/>
+<details>
+<summary><kbd>Improvements and Fixes</kbd></summary>
+#### What's improved
+- **misc**: Add Security Blacklist for agent runtime, closes [#10325](https://github.com/lobehub/lobe-chat/issues/10325) ([deab4d0](https://github.com/lobehub/lobe-chat/commit/deab4d0))
+</details>
+<div align="right">
+[![](https://img.shields.io/badge/-BACK_TO_TOP-151515?style=flat-square)](#readme-top)
+</div>
+## [Version 2.0.0-next.94](https://github.com/lobehub/lobe-chat/compare/v2.0.0-next.93...v2.0.0-next.94)
+<sup>Released on **2025-11-20**</sup>
+#### 🐛 Bug Fixes
+- **misc**: Provider settings button unable to redirect.
+<br/>
+<details>
+<summary><kbd>Improvements and Fixes</kbd></summary>
+#### What's fixed
+- **misc**: Provider settings button unable to redirect, closes [#10319](https://github.com/lobehub/lobe-chat/issues/10319) ([e025fec](https://github.com/lobehub/lobe-chat/commit/e025fec))
+</details>
+<div align="right">
+[![](https://img.shields.io/badge/-BACK_TO_TOP-151515?style=flat-square)](#readme-top)
+</div>
 ## [Version 2.0.0-next.93](https://github.com/lobehub/lobe-chat/compare/v2.0.0-next.92...v2.0.0-next.93)
 <sup>Released on **2025-11-20**</sup>

package/changelog/v1.json CHANGED Viewed

@@ -1,4 +1,22 @@
 [
+  {
+    "children": {
+      "features": [
+        "Add Security Blacklist for agent runtime."
+      ]
+    },
+    "date": "2025-11-20",
+    "version": "2.0.0-next.95"
+  },
+  {
+    "children": {
+      "fixes": [
+        "Provider settings button unable to redirect."
+      ]
+    },
+    "date": "2025-11-20",
+    "version": "2.0.0-next.94"
+  },
   {
     "children": {
       "improvements": [

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@lobehub/lobehub",
-  "version": "2.0.0-next.93",
+  "version": "2.0.0-next.95",
   "description": "LobeHub - an open-source,comprehensive AI Agent framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application.",
   "keywords": [
     "framework",

package/packages/agent-runtime/src/core/InterventionChecker.ts CHANGED Viewed

@@ -2,14 +2,56 @@ import type {
   ArgumentMatcher,
   HumanInterventionPolicy,
   HumanInterventionRule,
+  SecurityBlacklistRule,
   ShouldInterveneParams,
 } from '@lobechat/types';
+import { DEFAULT_SECURITY_BLACKLIST } from './defaultSecurityBlacklist';
+/**
+ * Result of security blacklist check
+ */
+export interface SecurityCheckResult {
+  /**
+   * Whether the operation is blocked by security rules
+   */
+  blocked: boolean;
+  /**
+   * Reason for blocking (if blocked)
+   */
+  reason?: string;
+}
 /**
  * Intervention Checker
  * Determines whether a tool call requires human intervention
  */
 export class InterventionChecker {
+  /**
+   * Check if tool call is blocked by security blacklist
+   * This check runs BEFORE all other intervention checks
+   *
+   * @param securityBlacklist - Security blacklist rules
+   * @param toolArgs - Tool call arguments
+   * @returns Security check result
+   */
+  static checkSecurityBlacklist(
+    securityBlacklist: SecurityBlacklistRule[] = [],
+    toolArgs: Record<string, any> = {},
+  ): SecurityCheckResult {
+    for (const rule of securityBlacklist) {
+      if (this.matchesSecurityRule(rule, toolArgs)) {
+        return {
+          blocked: true,
+          reason: rule.description,
+        };
+      }
+    }
+    return { blocked: false };
+  }
   /**
    * Check if a tool call requires intervention
    *
@@ -19,6 +61,19 @@ export class InterventionChecker {
   static shouldIntervene(params: ShouldInterveneParams): HumanInterventionPolicy {
     const { config, toolArgs = {} } = params;
+    // Use default blacklist if not provided
+    const securityBlacklist =
+      params.securityBlacklist !== undefined
+        ? params.securityBlacklist
+        : DEFAULT_SECURITY_BLACKLIST;
+    // CRITICAL: Check security blacklist first - this overrides ALL other settings
+    const securityCheck = this.checkSecurityBlacklist(securityBlacklist, toolArgs);
+    if (securityCheck.blocked) {
+      // Security blacklist always requires intervention, even in auto-run mode
+      return 'required';
+    }
     // No config means never intervene (auto-execute)
     if (!config) return 'never';
@@ -38,6 +93,36 @@ export class InterventionChecker {
     return 'required';
   }
+  /**
+   * Check if tool arguments match a security blacklist rule
+   *
+   * @param rule - Security rule to check
+   * @param toolArgs - Tool call arguments
+   * @returns true if matches (should be blocked)
+   */
+  private static matchesSecurityRule(
+    rule: SecurityBlacklistRule,
+    toolArgs: Record<string, any>,
+  ): boolean {
+    // Security rules must have match criteria
+    if (!rule.match) return false;
+    // All matchers must match (AND logic)
+    for (const [paramName, matcher] of Object.entries(rule.match)) {
+      const paramValue = toolArgs[paramName];
+      // Parameter not present in args - rule doesn't match
+      if (paramValue === undefined) return false;
+      // Check if value matches
+      if (!this.matchesArgument(matcher, paramValue)) {
+        return false;
+      }
+    }
+    return true;
+  }
   /**
    * Check if tool arguments match a rule
    *