@lobehub/lobehub 2.0.0-next.93 → 2.0.0-next.95

package/packages/agent-runtime/src/core/defaultSecurityBlacklist.ts

@@ -0,0 +1,335 @@
+import type { SecurityBlacklistConfig } from '@lobechat/types';
+
+/**
+ * Default Security Blacklist
+ * These rules will ALWAYS block execution and require human intervention,
+ * regardless of user settings (even in auto-run mode)
+ *
+ * This is the last line of defense against dangerous operations
+ */
+export const DEFAULT_SECURITY_BLACKLIST: SecurityBlacklistConfig = [
+  // ==================== File System Dangers ====================
+  {
+    description: 'Recursive deletion of home directory is extremely dangerous',
+    match: {
+      command: {
+        pattern: 'rm.*-r.*(~|\\$HOME|/Users/[^/]+|/home/[^/]+)/?\\s*$',
+        type: 'regex',
+      },
+    },
+  },
+  {
+    description: 'Recursive deletion of root directory will destroy the system',
+    match: {
+      command: {
+        pattern: 'rm.*-r.*/\\s*$',
+        type: 'regex',
+      },
+    },
+  },
+  {
+    description: 'Force recursive deletion without specific target is too dangerous',
+    match: {
+      command: {
+        pattern: 'rm\\s+-rf\\s+[~./]\\s*$',
+        type: 'regex',
+      },
+    },
+  },
+
+  // ==================== System Configuration Dangers ====================
+  {
+    description: 'Modifying /etc/passwd could lock you out of the system',
+    match: {
+      command: {
+        pattern: '.*(/etc/passwd|/etc/shadow).*',
+        type: 'regex',
+      },
+    },
+  },
+  {
+    description: 'Modifying sudoers file without proper validation is dangerous',
+    match: {
+      command: {
+        pattern: '.*/etc/sudoers.*',
+        type: 'regex',
+      },
+    },
+  },
+
+  // ==================== Dangerous Commands ====================
+  {
+    description: 'Fork bomb can crash the system',
+    match: {
+      command: {
+        pattern: '.*:\\(\\).*\\{.*\\|.*&.*\\};.*:.*',
+        type: 'regex',
+      },
+    },
+  },
+  {
+    description: 'Writing random data to disk devices can destroy data',
+    match: {
+      command: {
+        pattern: 'dd.*of=/dev/(sd|hd|nvme).*',
+        type: 'regex',
+      },
+    },
+  },
+  {
+    description: 'Formatting system partitions will destroy data',
+    match: {
+      command: {
+        pattern: '(mkfs|fdisk|parted).*(/dev/(sd|hd|nvme)|/)',
+        type: 'regex',
+      },
+    },
+  },
+
+  // ==================== Network & Remote Access Dangers ====================
+  {
+    description: 'Disabling firewall exposes system to attacks',
+    match: {
+      command: {
+        pattern: '(ufw\\s+disable|iptables\\s+-F|systemctl\\s+stop\\s+firewalld)',
+        type: 'regex',
+      },
+    },
+  },
+  {
+    description: 'Changing SSH configuration could lock you out',
+    match: {
+      command: {
+        pattern: '.*(/etc/ssh/sshd_config).*',
+        type: 'regex',
+      },
+    },
+  },
+
+  // ==================== Package Manager Dangers ====================
+  {
+    description: 'Removing essential system packages can break the system',
+    match: {
+      command: {
+        pattern: '(apt|yum|dnf|pacman)\\s+(remove|purge|erase).*(systemd|kernel|glibc|bash|sudo)',
+        type: 'regex',
+      },
+    },
+  },
+
+  // ==================== Kernel & System Core Dangers ====================
+  {
+    description: 'Modifying kernel parameters without understanding can crash the system',
+    match: {
+      command: {
+        pattern: 'echo.*>/proc/sys/.*',
+        type: 'regex',
+      },
+    },
+  },
+  {
+    description: 'Direct memory access is extremely dangerous',
+    match: {
+      command: {
+        pattern: '.*(/dev/(mem|kmem|port)).*',
+        type: 'regex',
+      },
+    },
+  },
+
+  // ==================== Privilege Escalation Dangers ====================
+  {
+    description: 'Changing file ownership of system directories is dangerous',
+    match: {
+      command: {
+        pattern: 'chown.*-R.*(/(etc|bin|sbin|usr|var|sys|proc)|~).*',
+        type: 'regex',
+      },
+    },
+  },
+  {
+    description: 'Setting SUID on shells or interpreters is a security risk',
+    match: {
+      command: {
+        pattern: 'chmod.*(4755|u\\+s).*(sh|bash|python|perl|ruby|node)',
+        type: 'regex',
+      },
+    },
+  },
+
+  // ==================== Sensitive Information Leakage ====================
+  {
+    description: 'Reading .env files may leak sensitive credentials and API keys',
+    match: {
+      command: {
+        pattern: '(cat|less|more|head|tail|vim|nano|vi|emacs|code).*\\.env.*',
+        type: 'regex',
+      },
+    },
+  },
+  {
+    description: 'Reading .env files may leak sensitive credentials and API keys',
+    match: {
+      path: {
+        pattern: '.*\\.env.*',
+        type: 'regex',
+      },
+    },
+  },
+  {
+    description: 'Reading SSH private keys can compromise system security',
+    match: {
+      command: {
+        pattern:
+          '(cat|less|more|head|tail|vim|nano|vi|emacs|code).*(id_rsa|id_ed25519|id_ecdsa)(?!\\.pub).*',
+        type: 'regex',
+      },
+    },
+  },
+  {
+    description: 'Reading SSH private keys can compromise system security',
+    match: {
+      path: {
+        pattern: '.*/\\.ssh/(id_rsa|id_ed25519|id_ecdsa)$',
+        type: 'regex',
+      },
+    },
+  },
+  {
+    description: 'Accessing AWS credentials can leak cloud access keys',
+    match: {
+      command: {
+        pattern: '(cat|less|more|head|tail|vim|nano|vi|emacs|code).*/\\.aws/credentials.*',
+        type: 'regex',
+      },
+    },
+  },
+  {
+    description: 'Accessing AWS credentials can leak cloud access keys',
+    match: {
+      path: {
+        pattern: '.*/\\.aws/credentials.*',
+        type: 'regex',
+      },
+    },
+  },
+  {
+    description: 'Reading Docker config may expose registry credentials',
+    match: {
+      command: {
+        pattern: '(cat|less|more|head|tail|vim|nano|vi|emacs|code).*/\\.docker/config\\.json.*',
+        type: 'regex',
+      },
+    },
+  },
+  {
+    description: 'Reading Docker config may expose registry credentials',
+    match: {
+      path: {
+        pattern: '.*/\\.docker/config\\.json$',
+        type: 'regex',
+      },
+    },
+  },
+  {
+    description: 'Reading Kubernetes config may expose cluster credentials',
+    match: {
+      command: {
+        pattern: '(cat|less|more|head|tail|vim|nano|vi|emacs|code).*/\\.kube/config.*',
+        type: 'regex',
+      },
+    },
+  },
+  {
+    description: 'Reading Kubernetes config may expose cluster credentials',
+    match: {
+      path: {
+        pattern: '.*/\\.kube/config$',
+        type: 'regex',
+      },
+    },
+  },
+  {
+    description: 'Reading Git credentials file may leak access tokens',
+    match: {
+      command: {
+        pattern: '(cat|less|more|head|tail|vim|nano|vi|emacs|code).*/\\.git-credentials.*',
+        type: 'regex',
+      },
+    },
+  },
+  {
+    description: 'Reading Git credentials file may leak access tokens',
+    match: {
+      path: {
+        pattern: '.*/\\.git-credentials$',
+        type: 'regex',
+      },
+    },
+  },
+  {
+    description: 'Reading npm token file may expose package registry credentials',
+    match: {
+      command: {
+        pattern: '(cat|less|more|head|tail|vim|nano|vi|emacs|code).*/\\.npmrc.*',
+        type: 'regex',
+      },
+    },
+  },
+  {
+    description: 'Reading npm token file may expose package registry credentials',
+    match: {
+      path: {
+        pattern: '.*/\\.npmrc$',
+        type: 'regex',
+      },
+    },
+  },
+  {
+    description: 'Reading history files may expose sensitive commands and credentials',
+    match: {
+      command: {
+        pattern:
+          '(cat|less|more|head|tail|vim|nano|vi|emacs|code).*/\\.(bash_history|zsh_history|history).*',
+        type: 'regex',
+      },
+    },
+  },
+  {
+    description: 'Reading history files may expose sensitive commands and credentials',
+    match: {
+      path: {
+        pattern: '.*/\\.(bash_history|zsh_history|history)$',
+        type: 'regex',
+      },
+    },
+  },
+  {
+    description: 'Accessing browser credential storage may leak passwords',
+    match: {
+      command: {
+        pattern:
+          '(cat|less|more|head|tail|vim|nano|vi|emacs|code).*(Cookies|Login Data|Web Data).*',
+        type: 'regex',
+      },
+    },
+  },
+  {
+    description: 'Reading GCP credentials may leak cloud service account keys',
+    match: {
+      command: {
+        pattern: '(cat|less|more|head|tail|vim|nano|vi|emacs|code).*/\\.config/gcloud/.*\\.json.*',
+        type: 'regex',
+      },
+    },
+  },
+  {
+    description: 'Reading GCP credentials may leak cloud service account keys',
+    match: {
+      path: {
+        pattern: '.*/\\.config/gcloud/.*\\.json$',
+        type: 'regex',
+      },
+    },
+  },
+];

package/packages/agent-runtime/src/core/index.ts

@@ -1,3 +1,4 @@
+export * from './defaultSecurityBlacklist';
 export * from './InterventionChecker';
 export * from './runtime';
 export * from './UsageCounter';

package/packages/agent-runtime/src/types/state.ts

@@ -1,5 +1,5 @@
 /* eslint-disable sort-keys-fix/sort-keys-fix, typescript-sort-keys/interface */
-import { ChatToolPayload, UserInterventionConfig } from '@lobechat/types';
+import { ChatToolPayload, SecurityBlacklistConfig, UserInterventionConfig } from '@lobechat/types';
 
 import type { Cost, CostLimit, Usage } from './usage';
 
@@ -23,6 +23,15 @@ export interface AgentState {
    * Controls how tools requiring approval are handled
    */
   userInterventionConfig?: UserInterventionConfig;
+
+  /**
+   * Security blacklist configuration
+   * These rules will ALWAYS block execution and require human intervention,
+   * regardless of user settings (even in auto-run mode).
+   * If not provided, DEFAULT_SECURITY_BLACKLIST will be used.
+   */
+  securityBlacklist?: SecurityBlacklistConfig;
+
   // --- Execution Tracking ---
   /**
    * Number of execution steps in this session.

package/packages/model-bank/src/aiModels/xai.ts

@@ -6,13 +6,94 @@ const xaiChatModels: AIChatModelCard[] = [
     abilities: {
       functionCall: true,
       search: true,
+      structuredOutput: true,
       vision: true,
     },
     contextWindowTokens: 2_000_000,
-    description:
-      '我们很高兴发布 Grok 4 Fast，这是我们在成本效益推理模型方面的最新进展。',
-    displayName: 'Grok 4 Fast (Non-Reasoning)',
+    description: '前沿多模态模型，专门针对高性能代理工具调用进行优化。',
+    displayName: 'Grok 4.1 Fast (Non-Reasoning)',
+    enabled: true,
+    id: 'grok-4-1-fast-non-reasoning',
+    pricing: {
+      units: [
+        { name: 'textInput_cacheRead', rate: 0.05, strategy: 'fixed', unit: 'millionTokens' },
+        {
+          name: 'textInput',
+          strategy: 'tiered',
+          tiers: [
+            { rate: 0.2, upTo: 0.128 },
+            { rate: 0.4, upTo: 'infinity' },
+          ],
+          unit: 'millionTokens',
+        },
+        {
+          name: 'textOutput',
+          strategy: 'tiered',
+          tiers: [
+            { rate: 0.5, upTo: 0.128 },
+            { rate: 1, upTo: 'infinity' },
+          ],
+          unit: 'millionTokens',
+        },
+      ],
+    },
+    releasedAt: '2025-11-20',
+    settings: {
+      searchImpl: 'params',
+    },
+    type: 'chat',
+  },
+  {
+    abilities: {
+      functionCall: true,
+      reasoning: true,
+      search: true,
+      structuredOutput: true,
+      vision: true,
+    },
+    contextWindowTokens: 2_000_000,
+    description: '前沿多模态模型，专门针对高性能代理工具调用进行优化。',
+    displayName: 'Grok 4.1 Fast',
     enabled: true,
+    id: 'grok-4-1-fast-reasoning',
+    pricing: {
+      units: [
+        { name: 'textInput_cacheRead', rate: 0.05, strategy: 'fixed', unit: 'millionTokens' },
+        {
+          name: 'textInput',
+          strategy: 'tiered',
+          tiers: [
+            { rate: 0.2, upTo: 0.128 },
+            { rate: 0.4, upTo: 'infinity' },
+          ],
+          unit: 'millionTokens',
+        },
+        {
+          name: 'textOutput',
+          strategy: 'tiered',
+          tiers: [
+            { rate: 0.5, upTo: 0.128 },
+            { rate: 1, upTo: 'infinity' },
+          ],
+          unit: 'millionTokens',
+        },
+      ],
+    },
+    releasedAt: '2025-11-20',
+    settings: {
+      searchImpl: 'params',
+    },
+    type: 'chat',
+  },
+  {
+    abilities: {
+      functionCall: true,
+      search: true,
+      vision: true,
+    },
+    contextWindowTokens: 2_000_000,
+    description: '我们很高兴发布 Grok 4 Fast，这是我们在成本效益推理模型方面的最新进展。',
+    displayName: 'Grok 4 Fast (Non-Reasoning)',
     id: 'grok-4-fast-non-reasoning',
     pricing: {
       units: [
@@ -51,10 +132,8 @@ const xaiChatModels: AIChatModelCard[] = [
       vision: true,
     },
     contextWindowTokens: 2_000_000,
-    description:
-      '我们很高兴发布 Grok 4 Fast，这是我们在成本效益推理模型方面的最新进展。',
+    description: '我们很高兴发布 Grok 4 Fast，这是我们在成本效益推理模型方面的最新进展。',
     displayName: 'Grok 4 Fast',
-    enabled: true,
     id: 'grok-4-fast-reasoning',
     pricing: {
       units: [

package/packages/types/src/tool/intervention.ts

@@ -146,6 +146,36 @@ export const UserInterventionConfigSchema = z.object({
   approvalMode: z.enum(['auto-run', 'allow-list', 'manual']),
 });
 
+/**
+ * Security Blacklist Rule
+ * Used to forcefully block dangerous operations regardless of user settings
+ */
+export interface SecurityBlacklistRule {
+  /**
+   * Description of why this rule exists (for error messages)
+   */
+  description: string;
+
+  /**
+   * Parameter filter - matches against tool call arguments
+   * Same format as HumanInterventionRule.match
+   */
+  match: Record<string, ArgumentMatcher>;
+}
+
+export const SecurityBlacklistRuleSchema = z.object({
+  description: z.string(),
+  match: z.record(z.string(), ArgumentMatcherSchema),
+});
+
+/**
+ * Security Blacklist Configuration
+ * A list of rules that will always block execution and require intervention
+ */
+export type SecurityBlacklistConfig = SecurityBlacklistRule[];
+
+export const SecurityBlacklistConfigSchema = z.array(SecurityBlacklistRuleSchema);
+
 /**
  * Parameters for shouldIntervene method
  */
@@ -161,6 +191,13 @@ export interface ShouldInterveneParams {
    */
   confirmedHistory?: string[];
 
+  /**
+   * Security blacklist rules that will be checked first
+   * These rules override all other settings including auto-run mode
+   * @default []
+   */
+  securityBlacklist?: SecurityBlacklistConfig;
+
   /**
    * Tool call arguments to check against rules
    * @default {}
@@ -177,6 +214,7 @@ export interface ShouldInterveneParams {
 export const ShouldInterveneParamsSchema = z.object({
   config: HumanInterventionConfigSchema.optional(),
   confirmedHistory: z.array(z.string()).optional(),
+  securityBlacklist: SecurityBlacklistConfigSchema.optional(),
   toolArgs: z.record(z.string(), z.any()).optional(),
   toolKey: z.string().optional(),
 });

package/src/features/Conversation/MarkdownElements/remarkPlugins/createRemarkSelfClosingTagPlugin.test.ts

@@ -249,4 +249,29 @@ describe('createRemarkSelfClosingTagPlugin', () => {
 
     expect(tree).toMatchSnapshot();
   });
+
+  it('should handle tags wrapped in backticks (code)', () => {
+    const markdown = `Use this file: \`<${tagName} name="config.json" path="/app/config.json" />\` in your code.`;
+    const tree = processMarkdown(markdown, tagName);
+
+    expect(tree.children).toHaveLength(1);
+    expect(tree.children[0].type).toBe('paragraph');
+
+    const paragraphChildren = tree.children[0].children;
+    expect(paragraphChildren).toHaveLength(3);
+
+    expect(paragraphChildren[0].type).toBe('text');
+    expect(paragraphChildren[0].value).toBe('Use this file: ');
+
+    // The tag should be parsed even inside backticks
+    const tagNode = paragraphChildren[1];
+    expect(tagNode.type).toBe(tagName);
+    expect(tagNode.data?.hProperties).toEqual({
+      name: 'config.json',
+      path: '/app/config.json',
+    });
+
+    expect(paragraphChildren[2].type).toBe('text');
+    expect(paragraphChildren[2].value).toBe(' in your code.');
+  });
 });

package/src/features/Conversation/MarkdownElements/remarkPlugins/createRemarkSelfClosingTagPlugin.ts

@@ -130,5 +130,33 @@ export const createRemarkSelfClosingTagPlugin =
           return [SKIP, index + newChildren.length]; // Skip new nodes
         }
       });
+
+      // 3. Visit inlineCode nodes (backtick-wrapped tags like `<localFile ... />`)
+      // @ts-ignore
+      visit(tree, 'inlineCode', (node: any, index: number, parent) => {
+        log('>>> Visiting inlineCode node: "%s"', node.value);
+
+        if (!parent || typeof index !== 'number' || !node.value?.includes(`<${tagName}`)) {
+          return;
+        }
+
+        const match = node.value.match(exactTagRegex);
+        if (match) {
+          const [, attributesString] = match;
+          const properties = attributesString ? parseAttributes(attributesString.trim()) : {};
+
+          const newNode = {
+            data: {
+              hName: tagName,
+              hProperties: properties,
+            },
+            type: tagName,
+          };
+
+          log('Replacing inlineCode node at index %d with %s node: %o', index, tagName, newNode);
+          parent.children.splice(index, 1, newNode);
+          return [SKIP, index + 1];
+        }
+      });
     };
   };

package/src/features/ModelSwitchPanel/index.tsx

@@ -2,11 +2,10 @@ import { ActionIcon, Icon } from '@lobehub/ui';
 import { createStyles } from 'antd-style';
 import type { ItemType } from 'antd/es/menu/interface';
 import { LucideArrowRight, LucideBolt } from 'lucide-react';
-import Link from 'next/link';
-import { useRouter } from 'next/navigation';
 import { type ReactNode, memo, useMemo } from 'react';
 import { useTranslation } from 'react-i18next';
 import { Flexbox } from 'react-layout-kit';
+import { useNavigate } from 'react-router-dom';
 
 import { ModelItemRender, ProviderItemRender } from '@/components/ModelSelect';
 import ActionDropdown from '@/features/ChatInput/ActionBar/components/ActionDropdown';
@@ -53,7 +52,7 @@ const ModelSwitchPanel = memo<IProps>(({ children, onOpenChange, open }) => {
     agentSelectors.currentAgentModelProvider(s),
     s.updateAgentConfig,
   ]);
-  const router = useRouter();
+  const navigate = useNavigate();
   const enabledList = useEnabledChatModels();
 
   const items = useMemo<ItemType[]>(() => {
@@ -78,7 +77,7 @@ const ModelSwitchPanel = memo<IProps>(({ children, onOpenChange, open }) => {
               </Flexbox>
             ),
             onClick: () => {
-              router.push(`/settings?active=provider&provider=${provider.id}`);
+              navigate(`/settings?active=provider&provider=${provider.id}`);
             },
           },
         ];
@@ -97,7 +96,7 @@ const ModelSwitchPanel = memo<IProps>(({ children, onOpenChange, open }) => {
             </Flexbox>
           ),
           onClick: () => {
-            router.push('/settings?active=provider');
+            navigate('/settings?active=provider');
           },
         },
       ];
@@ -114,18 +113,21 @@ const ModelSwitchPanel = memo<IProps>(({ children, onOpenChange, open }) => {
             provider={provider.id}
             source={provider.source}
           />
-          <Link href={`/settings?active=provider&provider=${provider.id}`}>
-            <ActionIcon
-              icon={LucideBolt}
-              size={'small'}
-              title={t('ModelSwitchPanel.goToSettings')}
-            />
-          </Link>
+          <ActionIcon
+            icon={LucideBolt}
+            onClick={(e) => {
+              e.preventDefault();
+              e.stopPropagation();
+              navigate(`/settings?active=provider&provider=${provider.id}`);
+            }}
+            size={'small'}
+            title={t('ModelSwitchPanel.goToSettings')}
+          />
         </Flexbox>
       ),
       type: 'group',
     }));
-  }, [enabledList]);
+  }, [enabledList, navigate, t, theme.colorTextTertiary]);
 
   const icon = <div className={styles.tag}>{children}</div>;