@myassis/gateway 1.0.0 → 1.0.2

package/dist/api/index.js

@@ -1,7 +1,7 @@
 /**
  * Gateway 统一 API 调用模块
  * 负责与后端 Server 通信
- * 自动从 authStore 获取 Token 并注入到请求头
+ * 多用户模式：每个请求显式传 token（替代 authStore）
  *
  * 服务端路由结构：
  * - /api/v1/auth/*    - 认证路由
@@ -9,7 +9,12 @@
  * - /api/v1/skill-hubs/* - 技能库路由
  */
 import crypto from 'crypto';
-import { authStore } from '../stores';
+import { AsyncLocalStorage } from 'async_hooks';
+// 多用户模式请求上下文：存储当前请求的 token
+const requestContext = new AsyncLocalStorage();
+export function runWithToken(token, fn) {
+    return requestContext.run({ token }, fn);
+}
 // Server 服务地址（从环境变量读取）
 const SERVER_BASE_URL = process.env.SERVER_BASE_URL || 'http://localhost:3000';
 // 签名密钥（用于请求签名）
@@ -35,16 +40,15 @@ function generateSignature(params, timestamp) {
     return crypto.createHash('sha256').update(signString).digest('hex');
 }
 // 基础请求方法工厂
-// prefix: 路由前缀，如 '/api/v1/auth', '/api/v1/data', '/api/v1/skill-hubs'
 function createRequest(prefix) {
     return async function (path, options = {}) {
-        const { method = 'GET', body, headers = {}, params, skipAuth = false } = options;
+        const { method = 'GET', body, headers = {}, params, skipAuth = false, token, } = options;
         // 构建 URL
         let url = `${SERVER_BASE_URL}${prefix}${path}`;
         // 添加查询参数
         if (params) {
             const queryString = Object.entries(params)
-                .filter(([_, v]) => v !== undefined && v !== null)
+                .filter(([, v]) => v !== undefined && v !== null)
                 .map(([k, v]) => `${encodeURIComponent(k)}=${encodeURIComponent(v)}`)
                 .join('&');
             if (queryString) {
@@ -63,10 +67,12 @@ function createRequest(prefix) {
             ...headers
         };
         // 自动注入 Token（除非明确跳过）
+        // 优先级：显式参数 > AsyncLocalStorage 上下文 > authStore（降级兼容）
         if (!skipAuth) {
-            const token = authStore.getToken();
-            if (token) {
-                requestHeaders['Authorization'] = `Bearer ${token}`;
+            const ctx = requestContext.getStore();
+            const authToken = token || ctx?.token;
+            if (authToken) {
+                requestHeaders['Authorization'] = `Bearer ${authToken}`;
             }
         }
         try {
@@ -90,40 +96,44 @@ function createRequest(prefix) {
     };
 }
 // 创建不同前缀的请求方法
-const authRequest = createRequest('/api/v1/auth'); // /api/v1/auth/*
-const dataRequest = createRequest('/api/v1/data'); // /api/v1/data/*
-const skillHubRequest = createRequest('/api/v1/skill-hubs'); // /api/v1/skill-hubs/*
+const _authRequest = createRequest('/api/v1/auth');
+const _dataRequest = createRequest('/api/v1/data');
+const _skillHubRequest = createRequest('/api/v1/skill-hubs');
+function authRequest(path, options) {
+    return _authRequest(path, options || {});
+}
+function dataRequest(path, options) {
+    return _dataRequest(path, options || {});
+}
+function skillHubRequest(path, options) {
+    return _skillHubRequest(path, options || {});
+}
 // ============ 认证 API ============
 export const authApi = {
     login: (data) => authRequest('/login', { method: 'POST', body: data, skipAuth: true }),
     register: (data) => authRequest('/register', { method: 'POST', body: data, skipAuth: true }),
-    logout: () => authRequest('/logout', { method: 'POST', body: {} }),
+    logout: (token) => authRequest('/logout', { method: 'POST', body: {}, token }),
     refresh: (refreshToken) => authRequest('/refresh', { method: 'POST', body: { refreshToken }, skipAuth: true }),
-    me: () => authRequest('/me'),
-    updateProfile: (data) => authRequest('/profile', { method: 'PUT', body: data }),
-    changePassword: (data) => authRequest('/password', { method: 'PUT', body: data }),
-    deleteAccount: (data, token) => {
-        const headers = {};
-        if (token)
-            headers['Authorization'] = `Bearer ${token}`;
-        return authRequest('/account/delete', { method: 'POST', body: data, headers });
-    },
+    me: (token) => authRequest('/me', { token }),
+    updateProfile: (data, token) => authRequest('/profile', { method: 'PUT', body: data, token }),
+    changePassword: (data, token) => authRequest('/password', { method: 'PUT', body: data, token }),
+    deleteAccount: (data, token) => authRequest('/account/delete', { method: 'POST', body: data, token }),
 };
 // ============ 技能 API (data) ============
 export const skillsApi = {
-    list: () => dataRequest('/skills?brief=true'),
-    get: (skillId) => dataRequest(`/skills/${skillId}`),
-    install: (data) => dataRequest('/skills', { method: 'POST', body: data }),
-    create: (data) => dataRequest('/skills', { method: 'POST', body: data }),
-    update: (skillId, data) => dataRequest(`/skills/${skillId}`, { method: 'PUT', body: data }),
-    uninstall: (skillId) => dataRequest(`/skills/${skillId}`, { method: 'DELETE' }),
-    setApiKey: (skillId, data) => dataRequest(`/skills/${skillId}/api-key`, { method: 'POST', body: data }),
-    rate: (skillId, data) => dataRequest(`/skills/${skillId}/rating`, { method: 'POST', body: data }),
-    parse: (data) => dataRequest('/skills/parse', { method: 'POST', body: data }),
+    list: (token) => dataRequest('/skills?brief=true', { token }),
+    get: (skillId, token) => dataRequest(`/skills/${skillId}`, { token }),
+    install: (data, token) => dataRequest('/skills', { method: 'POST', body: data, token }),
+    create: (data, token) => dataRequest('/skills', { method: 'POST', body: data, token }),
+    update: (skillId, data, token) => dataRequest(`/skills/${skillId}`, { method: 'PUT', body: data, token }),
+    uninstall: (skillId, token) => dataRequest(`/skills/${skillId}`, { method: 'DELETE', token }),
+    setApiKey: (skillId, data, token) => dataRequest(`/skills/${skillId}/api-key`, { method: 'POST', body: data, token }),
+    rate: (skillId, data, token) => dataRequest(`/skills/${skillId}/rating`, { method: 'POST', body: data, token }),
+    parse: (data, token) => dataRequest('/skills/parse', { method: 'POST', body: data, token }),
 };
 // ============ 技能库 API (skill-hubs) ============
 export const skillHubApi = {
-    list: (params) => {
+    list: (params, token) => {
         const queryParams = {};
         if (params?.page)
             queryParams.page = String(params.page);
@@ -133,44 +143,44 @@ export const skillHubApi = {
             queryParams.keyword = params.keyword;
         if (params?.category)
             queryParams.category = params.category;
-        return skillHubRequest('/', { params: queryParams });
+        return skillHubRequest('/', { params: queryParams, token });
     },
-    get: (hubId) => skillHubRequest(`/${hubId}`),
-    categories: () => skillHubRequest('/categories'),
-    preinstalled: () => skillHubRequest('/preinstalled'),
-    user: () => skillHubRequest(`/user`),
-    checkUsed: (hubId) => skillHubRequest(`/${hubId}/used`),
-    rate: (hubId, rating) => skillHubRequest(`/${hubId}/rate`, { method: 'POST', body: { rating } }),
-    userRating: (hubId) => skillHubRequest(`/${hubId}/user-rating`),
-    install: (hubId) => skillHubRequest(`/${hubId}/install`, { method: 'POST', body: {} }),
-    use: (hubId) => skillHubRequest(`/${hubId}/use`, { method: 'POST', body: {} }),
+    get: (hubId, token) => skillHubRequest(`/${hubId}`, { token }),
+    categories: (token) => skillHubRequest('/categories', { token }),
+    preinstalled: (token) => skillHubRequest('/preinstalled', { token }),
+    user: (token) => skillHubRequest(`/user`, { token }),
+    checkUsed: (hubId, token) => skillHubRequest(`/${hubId}/used`, { token }),
+    rate: (hubId, rating, token) => skillHubRequest(`/${hubId}/rate`, { method: 'POST', body: { rating }, token }),
+    userRating: (hubId, token) => skillHubRequest(`/${hubId}/user-rating`, { token }),
+    install: (hubId, token) => skillHubRequest(`/${hubId}/install`, { method: 'POST', body: {}, token }),
+    use: (hubId, token) => skillHubRequest(`/${hubId}/use`, { method: 'POST', body: {}, token }),
 };
 // ============ 模型 API (data) ============
 export const modelsApi = {
-    list: () => dataRequest('/models'),
-    get: (modelId) => dataRequest(`/models/${modelId}`),
-    create: (data) => dataRequest('/models', { method: 'POST', body: data }),
-    update: (modelId, data) => dataRequest(`/models/${modelId}`, { method: 'PUT', body: data }),
-    delete: (modelId) => dataRequest(`/models/${modelId}`, { method: 'DELETE' }),
-    setPrimary: (modelId) => dataRequest(`/models/${modelId}/primary`, { method: 'POST', body: {} }),
+    list: (token) => dataRequest('/models', { token }),
+    get: (modelId, token) => dataRequest(`/models/${modelId}`, { token }),
+    create: (data, token) => dataRequest('/models', { method: 'POST', body: data, token }),
+    update: (modelId, data, token) => dataRequest(`/models/${modelId}`, { method: 'PUT', body: data, token }),
+    delete: (modelId, token) => dataRequest(`/models/${modelId}`, { method: 'DELETE', token }),
+    setPrimary: (modelId, token) => dataRequest(`/models/${modelId}/primary`, { method: 'POST', body: {}, token }),
 };
 // ============ 任务 API (data) ============
 export const tasksApi = {
-    list: (params) => dataRequest('/tasks', { params }),
-    get: (taskId) => dataRequest(`/tasks/${taskId}`),
-    create: (data) => dataRequest('/tasks', { method: 'POST', body: data }),
-    update: (taskId, data) => dataRequest(`/tasks/${taskId}`, { method: 'PUT', body: data }),
-    delete: (taskId) => dataRequest(`/tasks/${taskId}`, { method: 'DELETE' }),
-    complete: (taskId) => dataRequest(`/tasks/${taskId}/complete`, { method: 'POST', body: {} }),
-    cancel: (taskId) => dataRequest(`/tasks/${taskId}/cancel`, { method: 'POST', body: {} }),
-    updateStatus: (taskId, data) => dataRequest(`/tasks/${taskId}/status`, { method: 'POST', body: data }),
-    notifying: () => dataRequest('/tasks/notifying'),
-    resetSession: () => dataRequest('/reset-session', { method: 'POST', body: {} }),
+    list: (params, token) => dataRequest('/tasks', { params, token }),
+    get: (taskId, token) => dataRequest(`/tasks/${taskId}`, { token }),
+    create: (data, token) => dataRequest('/tasks', { method: 'POST', body: data, token }),
+    update: (taskId, data, token) => dataRequest(`/tasks/${taskId}`, { method: 'PUT', body: data, token }),
+    delete: (taskId, token) => dataRequest(`/tasks/${taskId}`, { method: 'DELETE', token }),
+    complete: (taskId, token) => dataRequest(`/tasks/${taskId}/complete`, { method: 'POST', body: {}, token }),
+    cancel: (taskId, token) => dataRequest(`/tasks/${taskId}/cancel`, { method: 'POST', body: {}, token }),
+    updateStatus: (taskId, data, token) => dataRequest(`/tasks/${taskId}/status`, { method: 'POST', body: data, token }),
+    notifying: (token) => dataRequest('/tasks/notifying', { token }),
+    resetSession: (token) => dataRequest('/reset-session', { method: 'POST', body: {}, token }),
 };
 // ============ 设置 API (data) ============
 export const settingsApi = {
-    get: () => dataRequest('/settings'),
-    update: (data) => dataRequest('/settings', { method: 'PUT', body: data }),
+    get: (token) => dataRequest('/settings', { token }),
+    update: (data, token) => dataRequest('/settings', { method: 'PUT', body: data, token }),
 };
 export default {
     authApi,

package/dist/config/index.js

@@ -1,4 +1,4 @@
-import { getLogger } from '@pocketclaw/shared';
+import { getLogger } from '@myassis/shared';
 const logger = getLogger('GatewayConfig');
 import { config as dotenvConfig } from 'dotenv';
 import * as path from 'path';
@@ -36,6 +36,6 @@ export const appConfig = {
     clientUrl: process.env.CLIENT_URL || 'http://localhost:3000',
     nodeEnv: process.env.NODE_ENV || defaultEnv,
     messageKeep: 4,
-    appName: 'MyClaw'
+    appName: '我的助手'
 };
 export default appConfig;

package/dist/index.js

@@ -1,10 +1,11 @@
+#!/usr/bin/env node
 import express from 'express';
 import cors from 'cors';
 import helmet from 'helmet';
 import compression from 'compression';
 import http from 'http';
 import { appConfig } from './config/index.js';
-import { getLogger } from '@pocketclaw/shared';
+import { getLogger } from '@myassis/shared';
 import authRoutes from './routes/auth.js';
 import agentRoutes from './routes/agent.js';
 import modelsRoutes from './routes/models.js';
@@ -19,9 +20,10 @@ import uploadRoutes from './routes/upload.js';
 import versionRoutes from './routes/version.js';
 import { errorHandler } from './middleware/errorHandler.js';
 import { authStore } from './stores/index.js';
+import { persistStore } from './stores/persistStore.js';
 import { webSocketService } from './services/WebSocketService.js';
 import { taskSchedulerService } from './services/TaskSchedulerService.js';
-import { getServiceInfo, installService, uninstallService, startService, stopService, updateService, } from './services/ServiceManager.js';
+import { getServiceInfo, installService, uninstallService, startService, stopService, restartService, updateService, } from './services/ServiceManager.js';
 const logger = getLogger('index');
 // ─── CLI 模式 ─────────────────────────────────────────
 // gateway install | start | stop | uninstall | status | update
@@ -39,17 +41,87 @@ if (cliCommand) {
                 if (!info.canManage)
                     console.log(`(当前平台不支持服务管理)`);
             }
+            else if (cliCommand === 'addCors') {
+                const domain = process.argv[3];
+                if (!domain) {
+                    console.log('用法: gateway addCors <域名>');
+                    process.exit(1);
+                }
+                const added = persistStore.addCorsDomain(domain);
+                if (added) {
+                    console.log(`✅ 已添加 CORS 域名: ${domain}`);
+                }
+                else {
+                    console.log(`⚠️  域名已存在: ${domain}`);
+                }
+            }
+            else if (cliCommand === 'removeCors') {
+                const domain = process.argv[3];
+                if (!domain) {
+                    console.log('用法: gateway removeCors <域名>');
+                    process.exit(1);
+                }
+                const removed = persistStore.removeCorsDomain(domain);
+                if (removed) {
+                    console.log(`✅ 已移除 CORS 域名: ${domain}`);
+                }
+                else {
+                    console.log(`⚠️  域名不存在: ${domain}`);
+                }
+            }
+            else if (cliCommand === 'listCors') {
+                const domains = persistStore.getCorsDomains();
+                if (domains.length === 0) {
+                    console.log('暂无自定义 CORS 域名（仅使用内置内网规则）');
+                }
+                else {
+                    console.log(`自定义 CORS 域名 (${domains.length}):`);
+                    domains.forEach(d => console.log(`  - ${d}`));
+                }
+            }
+            else if (cliCommand === '--help' || cliCommand === '-h') {
+                console.log(`我的助手 Gateway CLI
+
+用法: gateway <命令>
+
+服务管理命令:
+  install       安装 Gateway 服务（后台运行）
+  uninstall     卸载 Gateway 服务
+  start         启动 Gateway 服务
+  stop          停止 Gateway 服务
+  restart       重启 Gateway 服务
+  update        更新 Gateway（需重新安装）
+  status        查看服务状态
+
+CORS 管理命令:
+  addCors <域名>      添加允许的跨域域名
+  removeCors <域名>    移除允许的跨域域名
+  listCors            列出所有自定义跨域域名
+
+其他:
+  --help, -h          显示本帮助信息
+`);
+                const domains = persistStore.getCorsDomains();
+                if (domains.length === 0) {
+                    console.log('暂无自定义 CORS 域名（仅使用内置内网规则）');
+                }
+                else {
+                    console.log(`自定义 CORS 域名 (${domains.length}):`);
+                    domains.forEach(d => console.log(`  - ${d}`));
+                }
+            }
             else {
                 const fnMap = {
                     install: installService,
                     uninstall: uninstallService,
                     start: startService,
                     stop: stopService,
+                    restart: restartService,
                     update: updateService,
                 };
                 const handler = fnMap[cliCommand];
                 if (!handler) {
-                    console.log(`未知命令: ${cliCommand}\n可用命令: install | start | stop | uninstall | status | update`);
+                    console.log(`未知命令: ${cliCommand}。输入 "gateway --help" 查看帮助。`);
                     process.exit(1);
                 }
                 const result = await handler();
@@ -93,6 +165,15 @@ else {
             if (lanPatterns.some(pattern => pattern.test(origin))) {
                 return callback(null, true);
             }
+            // 检查自定义域名（支持子域名匹配）
+            const customDomains = persistStore.getCorsDomains();
+            const originLower = origin.toLowerCase();
+            if (customDomains.some(d => {
+                const dLower = d.toLowerCase();
+                return originLower === dLower || originLower.endsWith('.' + dLower);
+            })) {
+                return callback(null, true);
+            }
             callback(new Error('Not allowed by CORS'));
         },
         credentials: true,
@@ -134,14 +215,7 @@ else {
             if (port !== appConfig.port) {
                 logger.info(`Port ${appConfig.port} is in use, fallback to port ${port}`);
             }
-            logger.info(`MyClaw Gateway Service running on port ${port}`);
-            if (authStore.isAuthenticated()) {
-                const user = authStore.getUser();
-                logger.info(`User logged in: ${user?.nickname || user?.email} (ID: ${user?.id})`);
-            }
-            else {
-                logger.info(`No user logged in`);
-            }
+            logger.info(`我的助手 Gateway Service running on port ${port}`);
         }).on('error', (err) => {
             if (err.code === 'EADDRINUSE') {
                 const nextPort = port + 1;

package/dist/middleware/auth.js

@@ -1,4 +1,11 @@
-import jwt from 'jsonwebtoken';
+/**
+ * 认证中间件
+ * 从请求头 Authorization: Bearer <token> 解码 JWT，提取 userId
+ * 同时保留原始 token 供路由转发给 Server
+ */
+import { authStore } from '@/stores';
+import { getLogger } from '@myassis/shared';
+const logger = getLogger('middleware/auth');
 const JWT_SECRET = process.env.JWT_SECRET || 'your-secret-key-change-in-production';
 /**
  * 从请求头提取 Bearer token
@@ -10,18 +17,6 @@ function extractToken(req) {
     }
     return undefined;
 }
-/**
- * 解码 JWT，提取 userId
- */
-function decodeUserId(token) {
-    try {
-        const payload = jwt.verify(token, JWT_SECRET);
-        return payload.userId;
-    }
-    catch {
-        return undefined;
-    }
-}
 /**
  * 需要认证：token 无效返回 401
  */
@@ -31,7 +26,7 @@ export function requireAuth(req, res, next) {
         res.status(401).json({ success: false, error: 'Unauthorized' });
         return;
     }
-    const userId = decodeUserId(token);
+    const userId = authStore.getUserId(token);
     if (!userId) {
         res.status(401).json({ success: false, error: 'Unauthorized' });
         return;
@@ -40,14 +35,3 @@ export function requireAuth(req, res, next) {
     req.token = token;
     next();
 }
-/**
- * 可选认证：token 存在则解码，不存在也放行
- */
-export function optionalAuth(req, _res, next) {
-    const token = extractToken(req);
-    if (token) {
-        req.userId = decodeUserId(token);
-        req.token = token;
-    }
-    next();
-}

package/dist/middleware/errorHandler.js

@@ -1,4 +1,4 @@
-import { getLogger } from '@pocketclaw/shared';
+import { getLogger } from '@myassis/shared';
 const logger = getLogger('ErrorHandler');
 export const errorHandler = (err, req, res, next) => {
     logger.error('[Gateway Error]', err.message, err.stack);

package/dist/routes/agent.js

@@ -1,26 +1,26 @@
 import { Router } from 'express';
 import { requireAuth } from '@/middleware/auth.js';
-import { sessionManager } from '@/services/session';
-import { initAgentManager, agentManager } from '@/services/agent/AgentManager';
+import { runWithToken } from '@/api/index.js';
+import { getSessionManager } from '@/services/session';
+import { initAgentManager, agentManagerMap } from '@/services/agent/AgentManager';
 import { AgentStore } from '@/services/agent/AgentStore';
-import { getLogger } from '@pocketclaw/shared';
+import { getLogger } from '@myassis/shared';
 const logger = getLogger('AgentRoutes');
 import { sessionStore } from '@/services/session/SessionStore';
 const router = Router();
 // 所有路由需要认证
-router.use(requireAuth);
+router.use(requireAuth, (req, _res, next) => {
+    void runWithToken(req.token, async () => { next(); });
+});
 // Middleware: ensure agentManager is initialized
 function ensureAgentManager(req, res, next) {
     try {
         // Get or create AgentStore using SessionStore's db instance
         const db = sessionStore.getDb();
         const agentStore = new AgentStore(db);
-        // Initialize AgentManager if not already done
-        if (!agentManager) {
-            initAgentManager(agentStore);
-        }
+        const agentManager = initAgentManager(agentStore, req.userId);
         agentManager.initialize();
-        req.agentManager = agentManager;
+        req.agentManager = agentManagerMap;
         next();
     }
     catch (error) {
@@ -36,6 +36,7 @@ function ensureAgentManager(req, res, next) {
 router.get('/list', ensureAgentManager, async (req, res) => {
     try {
         const userId = req.userId;
+        const agentManager = agentManagerMap.get(userId);
         const agentList = agentManager.getAgentList();
         res.json({ success: true, data: agentList });
     }
@@ -51,6 +52,7 @@ router.get('/list', ensureAgentManager, async (req, res) => {
 router.get('/:id', ensureAgentManager, async (req, res) => {
     try {
         const userId = req.userId;
+        const agentManager = agentManagerMap.get(userId);
         const agent = agentManager.getAgent(req.params.id);
         if (!agent) {
             return res.status(404).json({ success: false, error: 'Agent not found' });
@@ -85,6 +87,7 @@ router.post('/create', ensureAgentManager, async (req, res) => {
         if (!name) {
             return res.status(400).json({ success: false, error: 'Name is required' });
         }
+        const agentManager = agentManagerMap.get(userId);
         const agent = agentManager.createAgent({
             name,
             description,
@@ -120,6 +123,7 @@ router.put('/:id', ensureAgentManager, async (req, res) => {
         const userId = req.userId;
         logger.debug('update agent', req.body);
         const { name, description, systemPrompt, avatar, config } = req.body;
+        const agentManager = agentManagerMap.get(userId);
         const agent = agentManager.updateAgent(req.params.id, {
             name,
             description,
@@ -155,6 +159,7 @@ router.put('/:id', ensureAgentManager, async (req, res) => {
 router.delete('/:id', ensureAgentManager, async (req, res) => {
     try {
         const userId = req.userId;
+        const agentManager = agentManagerMap.get(userId);
         const deleted = agentManager.deleteAgent(req.params.id);
         if (!deleted) {
             return res.status(404).json({ success: false, error: 'Agent not found' });
@@ -175,6 +180,7 @@ router.delete('/:id', ensureAgentManager, async (req, res) => {
 router.get('/current', ensureAgentManager, async (req, res) => {
     try {
         const userId = req.userId;
+        const agentManager = agentManagerMap.get(userId);
         const current = agentManager.getCurrentAgent();
         res.json({
             success: true, data: current ? {
@@ -203,6 +209,7 @@ router.post('/set-current', ensureAgentManager, async (req, res) => {
     try {
         const userId = req.userId;
         const { agentId } = req.body;
+        const agentManager = agentManagerMap.get(userId);
         agentManager.setCurrentAgent(agentId || null);
         res.json({ success: true });
     }
@@ -219,6 +226,7 @@ router.post('/set-current', ensureAgentManager, async (req, res) => {
 router.get('/:id/sessions', ensureAgentManager, async (req, res) => {
     try {
         const userId = req.userId;
+        const agentManager = agentManagerMap.get(userId);
         const agent = agentManager.getAgent(req.params.id);
         if (!agent) {
             return res.status(404).json({ success: false, error: 'Agent not found' });
@@ -238,6 +246,7 @@ router.get('/:id/sessions', ensureAgentManager, async (req, res) => {
 router.post('/:id/sessions', ensureAgentManager, async (req, res) => {
     try {
         const userId = req.userId;
+        const agentManager = agentManagerMap.get(userId);
         const agent = agentManager.getAgent(req.params.id);
         if (!agent) {
             return res.status(404).json({ success: false, error: 'Agent not found' });
@@ -270,6 +279,7 @@ router.post('/:id/sessions', ensureAgentManager, async (req, res) => {
 router.put('/:id/sessions/:sessionId', ensureAgentManager, async (req, res) => {
     try {
         const userId = req.userId;
+        const agentManager = agentManagerMap.get(userId);
         const agent = agentManager.getAgent(req.params.id);
         if (!agent) {
             return res.status(404).json({ success: false, error: 'Agent not found' });
@@ -299,6 +309,7 @@ router.put('/:id/sessions/:sessionId', ensureAgentManager, async (req, res) => {
 router.delete('/:id/sessions/:sessionId', ensureAgentManager, async (req, res) => {
     try {
         const userId = req.userId;
+        const agentManager = agentManagerMap.get(userId);
         const agent = agentManager.getAgent(req.params.id);
         if (!agent) {
             return res.status(404).json({ success: false, error: 'Agent not found' });
@@ -323,7 +334,7 @@ router.get('/sessions/:sessionId/messages', ensureAgentManager, async (req, res)
         const page = parseInt(req.query.page) || 1;
         const pageSize = parseInt(req.query.pageSize) || 20;
         // Find session directly
-        const session = sessionManager.getSession(sessionId);
+        const session = getSessionManager(userId).getSession(sessionId);
         if (session) {
             session.loadMessages(); // Ensure messages are loaded
             const messages = session.getMessagesByPage(page, pageSize);
@@ -354,7 +365,7 @@ router.delete('/sessions/:sessionId/messages/:messageId', ensureAgentManager, as
         const userId = req.userId;
         const { sessionId, messageId } = req.params;
         // Find session directly
-        const session = sessionManager.getSession(sessionId);
+        const session = getSessionManager(userId).getSession(sessionId);
         if (session) {
             session.deleteMessage(messageId);
             return res.json({ success: true });
@@ -378,7 +389,7 @@ router.put('/sessions/:sessionId/messages/:messageId/feedback', ensureAgentManag
         if (feedback !== null && feedback !== 'like' && feedback !== 'dislike') {
             return res.status(400).json({ success: false, error: 'Invalid feedback value. Must be "like", "dislike", or null' });
         }
-        const session = sessionManager.getSession(sessionId);
+        const session = getSessionManager(userId).getSession(sessionId);
         if (session) {
             session.updateMessageFeedback(messageId, feedback);
             return res.json({ success: true, data: { messageId, feedback } });
@@ -399,7 +410,7 @@ router.delete('/sessions/:sessionId/messages', ensureAgentManager, async (req, r
         const userId = req.userId;
         const { sessionId } = req.params;
         // Find session directly
-        const session = sessionManager.getSession(sessionId);
+        const session = getSessionManager(userId).getSession(sessionId);
         if (session) {
             session.clearMessages();
             return res.json({ success: true });
@@ -419,12 +430,12 @@ router.post('/sessions/:sessionId/stream', ensureAgentManager, async (req, res)
     try {
         const userId = req.userId;
         const { sessionId } = req.params;
-        const { content, attachments, userMessageId, assistantMessageId, taskId } = req.body;
+        const { content, attachments, userMessageId, assistantMessageId } = req.body;
         if (!content) {
             return res.status(400).json({ success: false, error: 'Content is required' });
         }
         // Find session directly
-        const session = sessionManager.getSession(sessionId);
+        const session = getSessionManager(userId).getSession(sessionId);
         if (session) {
             // Set SSE headers
             res.setHeader('Content-Type', 'text/event-stream');
@@ -464,7 +475,7 @@ router.post('/sessions/:sessionId/reset', async (req, res) => {
     try {
         const userId = req.userId;
         const { sessionId } = req.params;
-        const stopped = sessionManager.stopSession(sessionId);
+        const stopped = getSessionManager(userId).stopSession(sessionId);
         res.json({ success: true, data: { stopped } });
     }
     catch (error) {
@@ -481,9 +492,9 @@ router.post('/sessions/:sessionId/set-current', async (req, res) => {
     try {
         const userId = req.userId;
         const { sessionId } = req.params;
-        sessionManager.setCurrentSession(sessionId);
+        getSessionManager(userId).setCurrentSession(sessionId);
         // 同步清除 session 的未读数
-        const session = sessionManager.getSession(sessionId);
+        const session = getSessionManager(userId).getSession(sessionId);
         if (session) {
             session.clearUnreadCount();
         }
@@ -502,7 +513,7 @@ router.post('/sessions/:sessionId/set-current', async (req, res) => {
 router.get('/sessions/unread-count', async (req, res) => {
     try {
         const userId = req.userId;
-        const total = sessionManager.getTotalUnreadCount();
+        const total = getSessionManager(userId).getTotalUnreadCount();
         res.json({ success: true, data: { total } });
     }
     catch (error) {