@lobehub/lobehub 2.0.0-next.93 → 2.0.0-next.95
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.github/workflows/issue-auto-comments.yml +0 -19
- package/CHANGELOG.md +50 -0
- package/changelog/v1.json +18 -0
- package/package.json +1 -1
- package/packages/agent-runtime/src/core/InterventionChecker.ts +85 -0
- package/packages/agent-runtime/src/core/__tests__/InterventionChecker.test.ts +492 -22
- package/packages/agent-runtime/src/core/defaultSecurityBlacklist.ts +335 -0
- package/packages/agent-runtime/src/core/index.ts +1 -0
- package/packages/agent-runtime/src/types/state.ts +10 -1
- package/packages/model-bank/src/aiModels/xai.ts +85 -6
- package/packages/types/src/tool/intervention.ts +38 -0
- package/src/features/Conversation/MarkdownElements/remarkPlugins/createRemarkSelfClosingTagPlugin.test.ts +25 -0
- package/src/features/Conversation/MarkdownElements/remarkPlugins/createRemarkSelfClosingTagPlugin.ts +28 -0
- package/src/features/ModelSwitchPanel/index.tsx +15 -13
- package/src/store/chat/agents/GeneralChatAgent.ts +22 -8
|
@@ -3,6 +3,7 @@ import {
|
|
|
3
3
|
AgentInstruction,
|
|
4
4
|
AgentRuntimeContext,
|
|
5
5
|
AgentState,
|
|
6
|
+
DEFAULT_SECURITY_BLACKLIST,
|
|
6
7
|
GeneralAgentCallLLMInstructionPayload,
|
|
7
8
|
GeneralAgentCallLLMResultPayload,
|
|
8
9
|
GeneralAgentCallToolResultPayload,
|
|
@@ -65,6 +66,9 @@ export class GeneralChatAgent implements Agent {
|
|
|
65
66
|
const toolsNeedingIntervention: ChatToolPayload[] = [];
|
|
66
67
|
const toolsToExecute: ChatToolPayload[] = [];
|
|
67
68
|
|
|
69
|
+
// Get security blacklist (use default if not provided)
|
|
70
|
+
const securityBlacklist = state.securityBlacklist ?? DEFAULT_SECURITY_BLACKLIST;
|
|
71
|
+
|
|
68
72
|
// Get user config (default to 'manual' mode)
|
|
69
73
|
const userConfig = state.userInterventionConfig || { approvalMode: 'manual' };
|
|
70
74
|
const { approvalMode, allowList = [] } = userConfig;
|
|
@@ -73,6 +77,23 @@ export class GeneralChatAgent implements Agent {
|
|
|
73
77
|
const { identifier, apiName } = toolCalling;
|
|
74
78
|
const toolKey = `${identifier}/${apiName}`;
|
|
75
79
|
|
|
80
|
+
// Parse arguments for intervention checking
|
|
81
|
+
let toolArgs: Record<string, any> = {};
|
|
82
|
+
try {
|
|
83
|
+
toolArgs = JSON.parse(toolCalling.arguments || '{}');
|
|
84
|
+
} catch {
|
|
85
|
+
// Invalid JSON, treat as empty args
|
|
86
|
+
}
|
|
87
|
+
|
|
88
|
+
// Priority 0: CRITICAL - Check security blacklist FIRST
|
|
89
|
+
// This overrides ALL other settings, including auto-run mode
|
|
90
|
+
const securityCheck = InterventionChecker.checkSecurityBlacklist(securityBlacklist, toolArgs);
|
|
91
|
+
if (securityCheck.blocked) {
|
|
92
|
+
// Security blacklist always requires intervention
|
|
93
|
+
toolsNeedingIntervention.push(toolCalling);
|
|
94
|
+
continue;
|
|
95
|
+
}
|
|
96
|
+
|
|
76
97
|
// Priority 1: User config is 'auto-run', all tools execute directly
|
|
77
98
|
if (approvalMode === 'auto-run') {
|
|
78
99
|
toolsToExecute.push(toolCalling);
|
|
@@ -92,16 +113,9 @@ export class GeneralChatAgent implements Agent {
|
|
|
92
113
|
// Priority 3: User config is 'manual' (default), use tool's own config
|
|
93
114
|
const config = this.getToolInterventionConfig(toolCalling, state);
|
|
94
115
|
|
|
95
|
-
// Parse arguments for intervention checking
|
|
96
|
-
let toolArgs: Record<string, any> = {};
|
|
97
|
-
try {
|
|
98
|
-
toolArgs = JSON.parse(toolCalling.arguments || '{}');
|
|
99
|
-
} catch {
|
|
100
|
-
// Invalid JSON, treat as empty args
|
|
101
|
-
}
|
|
102
|
-
|
|
103
116
|
const policy = InterventionChecker.shouldIntervene({
|
|
104
117
|
config,
|
|
118
|
+
securityBlacklist,
|
|
105
119
|
toolArgs,
|
|
106
120
|
});
|
|
107
121
|
|