@xcanwin/manyoyo 5.3.7 → 5.3.10

package/README.md

@@ -125,6 +125,8 @@ manyoyo rm my-dev
 # Web 模式
 manyoyo serve 127.0.0.1:3000
 manyoyo serve 127.0.0.1:3000 -U admin -P 123456
+manyoyo serve 127.0.0.1:3000 -U admin -P 123456 -d
+manyoyo serve 127.0.0.1:3000 -d   # 未设置密码时会打印本次随机密码
 
 # 查看配置与命令拼装
 manyoyo config show

package/bin/manyoyo.js

@@ -1,6 +1,6 @@
 #!/usr/bin/env node
 
-const { spawnSync } = require('child_process');
+const { spawn, spawnSync } = require('child_process');
 const fs = require('fs');
 const path = require('path');
 const os = require('os');
@@ -16,6 +16,12 @@ const { buildImage } = require('../lib/image-build');
 const { resolveAgentResumeArg, buildAgentResumeCommand } = require('../lib/agent-resume');
 const { runPluginCommand } = require('../lib/plugin');
 const { buildManyoyoLogPath } = require('../lib/log-path');
+const {
+    sanitizeSensitiveData,
+    sanitizeServeLogText,
+    formatServeLogValue,
+    getServeProcessSnapshot
+} = require('../lib/serve-log');
 const { version: BIN_VERSION, imageVersion: IMAGE_VERSION_DEFAULT } = require('../package.json');
 const IMAGE_VERSION_BASE = String(IMAGE_VERSION_DEFAULT || '1.0.0').split('-')[0];
 const IMAGE_VERSION_HELP_EXAMPLE = IMAGE_VERSION_DEFAULT || `${IMAGE_VERSION_BASE}-common`;
@@ -190,93 +196,6 @@ function ensureWebServerAuthCredentials() {
     }
 }
 
-/**
- * 敏感信息脱敏（用于 config show 输出）
- * @param {Object} obj - 配置对象
- * @returns {Object} 脱敏后的配置对象
- */
-function sanitizeSensitiveData(obj) {
-    const sensitiveKeys = ['KEY', 'TOKEN', 'SECRET', 'PASSWORD', 'PASS', 'AUTH', 'CREDENTIAL'];
-
-    function sanitizeValue(key, value) {
-        if (typeof value !== 'string') return value;
-        const upperKey = key.toUpperCase();
-        if (sensitiveKeys.some(k => upperKey.includes(k))) {
-            if (value.length <= 8) return '****';
-            return value.slice(0, 4) + '****' + value.slice(-4);
-        }
-        return value;
-    }
-
-    function sanitizeArray(arr) {
-        return arr.map(item => {
-            if (typeof item === 'string' && item.includes('=')) {
-                const idx = item.indexOf('=');
-                const key = item.slice(0, idx);
-                const value = item.slice(idx + 1);
-                return `${key}=${sanitizeValue(key, value)}`;
-            }
-            return item;
-        });
-    }
-
-    const result = {};
-    for (const [key, value] of Object.entries(obj)) {
-        if (Array.isArray(value)) {
-            result[key] = sanitizeArray(value);
-        } else if (typeof value === 'object' && value !== null) {
-            result[key] = sanitizeSensitiveData(value);
-        } else {
-            result[key] = sanitizeValue(key, value);
-        }
-    }
-    return result;
-}
-
-function stripAnsi(text) {
-    if (typeof text !== 'string') return '';
-    return text.replace(/\x1b\[[0-9;]*m/g, '');
-}
-
-function sanitizeServeLogText(input) {
-    let text = stripAnsi(String(input || ''));
-    if (!text) return text;
-
-    text = text.replace(/(--pass|-P)\s+\S+/gi, '$1 ****');
-    text = text.replace(
-        /\b(MANYOYO_SERVER_PASS|OPENAI_API_KEY|ANTHROPIC_AUTH_TOKEN|GEMINI_API_KEY|GOOGLE_API_KEY|OPENCODE_API_KEY)\s*=\s*([^\s'"]+)/gi,
-        '$1=****'
-    );
-    text = text.replace(
-        /("?(?:password|pass|token|api[_-]?key|authorization|cookie)"?\s*[:=]\s*)("[^"]*"|'[^']*'|[^,\s]+)/gi,
-        '$1"****"'
-    );
-    return text;
-}
-
-function formatServeLogValue(value) {
-    if (value instanceof Error) {
-        return sanitizeServeLogText(value.stack || value.message || String(value));
-    }
-    if (typeof value === 'object' && value !== null) {
-        try {
-            return sanitizeServeLogText(JSON.stringify(sanitizeSensitiveData(value)));
-        } catch (e) {
-            return sanitizeServeLogText(String(value));
-        }
-    }
-    return sanitizeServeLogText(String(value));
-}
-
-function getServeProcessSnapshot() {
-    return {
-        pid: process.pid,
-        ppid: process.ppid,
-        cwd: process.cwd(),
-        argv: Array.isArray(process.argv) ? process.argv.slice() : []
-    };
-}
-
 function createServeLogger() {
     function formatLocalTimestamp(date = new Date()) {
         const y = date.getFullYear();
@@ -1120,7 +1039,8 @@ async function setupCommander() {
   ${MANYOYO_NAME} run -n test -- -c                   恢复之前会话
   ${MANYOYO_NAME} run -x "echo 123"                   使用完整命令
   ${MANYOYO_NAME} serve 127.0.0.1:3000                启动本机网页服务
-  ${MANYOYO_NAME} serve 0.0.0.0:3000 -U admin -P 123 &>/dev/null &  后台启动并监听全部网卡
+  ${MANYOYO_NAME} serve 127.0.0.1:3000 -d             后台启动；未设密码时会打印本次随机密码
+  ${MANYOYO_NAME} serve 0.0.0.0:3000 -U admin -P 123 -d  后台启动并监听全部网卡
   ${MANYOYO_NAME} playwright up host-headless         启动 playwright 默认场景（推荐）
   ${MANYOYO_NAME} plugin playwright up host-headless  通过 plugin 命名空间启动
   ${MANYOYO_NAME} run -n test -q tip -q cmd           多次使用静默选项
@@ -1163,6 +1083,7 @@ Notes:
 
     const serveCommand = program.command('serve [listen]').description('启动网页交互服务 (默认 127.0.0.1:3000)');
     applyRunStyleOptions(serveCommand, { includeRmOnExit: false, includeWebAuthOptions: true });
+    serveCommand.option('-d, --detach', '后台启动网页服务并立即返回');
     serveCommand.action((listen, options) => {
         selectAction('serve', {
             ...options,
@@ -1498,6 +1419,7 @@ Notes:
         isRemoveMode,
         isShowCommandMode,
         isServerMode,
+        isServerDetach: Boolean(selectedAction === 'serve' && options.detach),
         isPluginMode: false
     };
 }
@@ -1524,6 +1446,7 @@ function createRuntimeContext(modeState = {}) {
         showCommand: Boolean(modeState.isShowCommandMode),
         rmOnExit: RM_ON_EXIT,
         serverMode: Boolean(modeState.isServerMode),
+        serverDetach: Boolean(modeState.isServerDetach),
         serverHost: SERVER_HOST,
         serverPort: SERVER_PORT,
         serverAuthUser: SERVER_AUTH_USER,
@@ -1558,6 +1481,62 @@ function validateHostPath(runtime) {
     }
 }
 
+function validateHostPathOrThrow(hostPath) {
+    if (!fs.existsSync(hostPath)) {
+        throw new Error(`宿主机路径不存在: ${hostPath}`);
+    }
+    const realHostPath = fs.realpathSync(hostPath);
+    const homeDir = process.env.HOME || '/home';
+    if (realHostPath === '/' || realHostPath === '/home' || realHostPath === homeDir) {
+        throw new Error('不允许挂载根目录或home目录。');
+    }
+}
+
+function buildDetachedServeArgv(argv) {
+    const result = [];
+    for (let i = 0; i < argv.length; i++) {
+        const arg = String(argv[i] || '');
+        if (arg === '-d' || arg === '--detach') {
+            continue;
+        }
+        result.push(arg);
+    }
+    return result;
+}
+
+function buildDetachedServeEnv(runtime) {
+    const env = { ...process.env };
+    if (runtime.serverAuthUser) {
+        env.MANYOYO_SERVER_USER = runtime.serverAuthUser;
+    }
+    if (runtime.serverAuthPass) {
+        env.MANYOYO_SERVER_PASS = runtime.serverAuthPass;
+    }
+    return env;
+}
+
+function relaunchServeDetached(runtime) {
+    const serveLog = buildManyoyoLogPath('serve');
+    fs.mkdirSync(serveLog.dir, { recursive: true });
+
+    const child = spawn(process.argv[0], buildDetachedServeArgv(process.argv.slice(1)), {
+        detached: true,
+        stdio: 'ignore',
+        env: buildDetachedServeEnv(runtime)
+    });
+    child.unref();
+
+    console.log(`${GREEN}✅ serve 已转入后台运行${NC}`);
+    console.log(`PID: ${child.pid}`);
+    console.log(`日志: ${serveLog.path}`);
+    console.log(`登录用户名: ${runtime.serverAuthUser}`);
+    if (runtime.serverAuthPassAuto) {
+        console.log(`登录密码(本次随机): ${runtime.serverAuthPass}`);
+    } else {
+        console.log('登录密码: 使用你配置的 serve -P / serverPass / MANYOYO_SERVER_PASS');
+    }
+}
+
 /**
  * 等待容器就绪（使用指数退避算法）
  * @param {string} containerName - 容器名称
@@ -1850,7 +1829,7 @@ async function runWebServerMode(runtime) {
         containerEnvs: runtime.containerEnvs,
         containerVolumes: runtime.containerVolumes,
         containerPorts: runtime.containerPorts,
-        validateHostPath: () => validateHostPath(runtime),
+        validateHostPath: value => validateHostPathOrThrow(value),
         formatDate,
         isValidContainerName,
         containerExists,
@@ -1892,6 +1871,10 @@ async function main() {
 
         // 2. Start web server mode
         if (runtime.serverMode) {
+            if (runtime.serverDetach) {
+                relaunchServeDetached(runtime);
+                return;
+            }
             const serveLogger = createServeLogger();
             runtime.logger = serveLogger;
             installServeProcessDiagnostics(serveLogger);

package/docker/res/claude/claude.json

@@ -0,0 +1,9 @@
+{
+    "bypassPermissionsModeAccepted": true,
+    "hasCompletedOnboarding": true,
+    "env": {
+        "CLAUDE_CODE_DISABLE_NONESSENTIAL_TRAFFIC": "1",
+        "CLAUDE_CODE_HIDE_ACCOUNT_INFO": "1",
+        "DISABLE_AUTOUPDATER": "1"
+    }
+}

package/docker/res/claude/settings.json

@@ -0,0 +1,6 @@
+{
+    "statusLine": {
+        "type": "command",
+        "command": "bash /root/.claude/statusline.sh"
+    }
+}

package/docker/res/claude/statusline.sh

@@ -0,0 +1,58 @@
+#!/usr/bin/env bash
+# Claude Code status line script
+# Items: used-tokens, context-used, model-with-reasoning, current-dir
+
+input=$(cat)
+
+total_input=$(echo "$input" | jq -r '.context_window.total_input_tokens // 0')
+total_output=$(echo "$input" | jq -r '.context_window.total_output_tokens // 0')
+used_pct=$(echo "$input" | jq -r '.context_window.used_percentage // empty')
+model_id=$(echo "$input" | jq -r '.model.id // ""')
+model_name=$(echo "$input" | jq -r '.model.display_name // ""')
+cwd=$(echo "$input" | jq -r '.workspace.current_dir // .cwd // ""')
+
+# used-tokens (omit when zero)
+used_tokens=$((total_input + total_output))
+if [ "$used_tokens" -ge 1000000 ]; then
+    used_tokens_str="$(awk "BEGIN {printf \"%.1fM\", $used_tokens/1000000}") used"
+elif [ "$used_tokens" -ge 1000 ]; then
+    used_tokens_str="$(awk "BEGIN {printf \"%.1fk\", $used_tokens/1000}") used"
+elif [ "$used_tokens" -gt 0 ]; then
+    used_tokens_str="${used_tokens} used"
+else
+    used_tokens_str=""
+fi
+
+# context-used (omit when unknown)
+if [ -n "$used_pct" ]; then
+    context_used_str="$(printf "%.0f" "$used_pct")% used"
+else
+    context_used_str=""
+fi
+
+# model-with-reasoning
+if echo "$model_id" | grep -qi "thinking\|extended"; then
+    model_str="${model_name}[T]"
+else
+    model_str="${model_name}"
+fi
+
+# current-dir (absolute path)
+if [ -n "$cwd" ]; then
+    current_dir="$cwd"
+else
+    current_dir="$PWD"
+fi
+
+# Assemble (skip empty parts)
+parts=()
+[ -n "$used_tokens_str" ] && parts+=("$used_tokens_str")
+[ -n "$context_used_str" ] && parts+=("$context_used_str")
+[ -n "$model_str" ] && parts+=("$model_str")
+[ -n "$current_dir" ] && parts+=("$current_dir")
+
+result=""
+for part in "${parts[@]}"; do
+    [ -z "$result" ] && result="$part" || result="$result · $part"
+done
+printf "%s" "$result"

package/docker/res/codex/config.toml

@@ -0,0 +1,7 @@
+check_for_update_on_startup = false
+
+[analytics]
+enabled = false
+
+[tui]
+status_line = ["used-tokens", "context-used", "model-with-reasoning", "current-dir", "five-hour-limit", "weekly-limit"]

package/docker/res/gemini/settings.json

@@ -0,0 +1,21 @@
+{
+    "privacy": {
+        "usageStatisticsEnabled": false
+    },
+    "general": {
+        "previewFeatures": true,
+        "enableAutoUpdate": false,
+        "enableAutoUpdateNotification": false
+    },
+    "ui": {
+        "showLineNumbers": false
+    },
+    "security": {
+        "auth": {
+            "selectedType": "oauth-personal"
+        }
+    },
+    "model": {
+        "name": "gemini-3-pro-preview"
+    }
+}

package/docker/res/opencode/opencode.json

@@ -0,0 +1,22 @@
+{
+    "$schema": "https://opencode.ai/config.json",
+    "autoupdate": false,
+    "model": "Custom_Provider/{env:OPENAI_MODEL}",
+    "provider": {
+        "Custom_Provider": {
+            "npm": "@ai-sdk/openai-compatible",
+            "options": {
+                "baseURL": "{env:OPENAI_BASE_URL}",
+                "apiKey": "{env:OPENAI_API_KEY}",
+                "headers": {
+                   "User-Agent": "opencode"
+                }
+            },
+            "models": {
+                "{env:OPENAI_MODEL}": {},
+                "claude-sonnet-4-5-20250929": {},
+                "gpt-5.2": {}
+            }
+        }
+    }
+}

package/docker/res/supervisor/s.conf

@@ -0,0 +1,3 @@
+[supervisord]
+user=root
+nodaemon=true

package/lib/serve-log.js

@@ -0,0 +1,116 @@
+function stripAnsi(text) {
+    if (typeof text !== 'string') return '';
+    return text.replace(/\x1b\[[0-9;]*m/g, '');
+}
+
+function sanitizeProcessArgv(argv) {
+    if (!Array.isArray(argv)) {
+        return [];
+    }
+
+    const result = [];
+    for (let i = 0; i < argv.length; i++) {
+        const arg = String(argv[i] || '');
+        if (arg === '--pass' || arg === '-P') {
+            result.push(arg);
+            if (i + 1 < argv.length) {
+                result.push('****');
+                i += 1;
+            }
+            continue;
+        }
+        if (arg.startsWith('--pass=')) {
+            result.push('--pass=****');
+            continue;
+        }
+        result.push(arg);
+    }
+    return result;
+}
+
+function sanitizeServeLogText(input) {
+    let text = stripAnsi(String(input || ''));
+    if (!text) return text;
+
+    text = text.replace(/(--pass|-P)\s+\S+/gi, '$1 ****');
+    text = text.replace(/("--pass"|"-P")\s*,\s*"[^"]*"/gi, '$1,"****"');
+    text = text.replace(/--pass=([^\s'"]+)/gi, '--pass=****');
+    text = text.replace(
+        /\b(MANYOYO_SERVER_PASS|OPENAI_API_KEY|ANTHROPIC_AUTH_TOKEN|GEMINI_API_KEY|GOOGLE_API_KEY|OPENCODE_API_KEY)\s*=\s*([^\s'"]+)/gi,
+        '$1=****'
+    );
+    text = text.replace(
+        /(?<![-\w])("?(?:password|pass|token|api[_-]?key|authorization|cookie)"?\s*[:=]\s*)("[^"]*"|'[^']*'|[^,\s]+)/gi,
+        '$1"****"'
+    );
+    return text;
+}
+
+function sanitizeSensitiveData(obj) {
+    const sensitiveKeys = ['KEY', 'TOKEN', 'SECRET', 'PASSWORD', 'PASS', 'AUTH', 'CREDENTIAL'];
+
+    function sanitizeValue(key, value) {
+        if (typeof value !== 'string') return value;
+        const upperKey = key.toUpperCase();
+        if (sensitiveKeys.some(k => upperKey.includes(k))) {
+            if (value.length <= 8) return '****';
+            return value.slice(0, 4) + '****' + value.slice(-4);
+        }
+        return value;
+    }
+
+    function sanitizeArray(arr) {
+        return arr.map(item => {
+            if (typeof item === 'string' && item.includes('=')) {
+                const idx = item.indexOf('=');
+                const key = item.slice(0, idx);
+                const value = item.slice(idx + 1);
+                return `${key}=${sanitizeValue(key, value)}`;
+            }
+            return item;
+        });
+    }
+
+    const result = {};
+    for (const [key, value] of Object.entries(obj || {})) {
+        if (Array.isArray(value)) {
+            result[key] = sanitizeArray(value);
+        } else if (typeof value === 'object' && value !== null) {
+            result[key] = sanitizeSensitiveData(value);
+        } else {
+            result[key] = sanitizeValue(key, value);
+        }
+    }
+    return result;
+}
+
+function formatServeLogValue(value) {
+    if (value instanceof Error) {
+        return sanitizeServeLogText(value.stack || value.message || String(value));
+    }
+    if (typeof value === 'object' && value !== null) {
+        try {
+            return sanitizeServeLogText(JSON.stringify(sanitizeSensitiveData(value)));
+        } catch (e) {
+            return sanitizeServeLogText(String(value));
+        }
+    }
+    return sanitizeServeLogText(String(value));
+}
+
+function getServeProcessSnapshot(processRef = process) {
+    return {
+        pid: processRef.pid,
+        ppid: processRef.ppid,
+        cwd: typeof processRef.cwd === 'function' ? processRef.cwd() : '',
+        argv: sanitizeProcessArgv(Array.isArray(processRef.argv) ? processRef.argv.slice() : [])
+    };
+}
+
+module.exports = {
+    sanitizeProcessArgv,
+    sanitizeServeLogText,
+    sanitizeSensitiveData,
+    formatServeLogValue,
+    getServeProcessSnapshot
+};

package/lib/web/server.js

@@ -812,7 +812,11 @@ function buildCreateRuntime(ctx, state, payload) {
     validateContainerNameStrict(containerName);
 
     const hostPath = pickFirstString(requestOptions.hostPath, config.hostPath, ctx.hostPath);
-    validateWebHostPath(hostPath);
+    if (typeof ctx.validateHostPath === 'function') {
+        ctx.validateHostPath(hostPath);
+    } else {
+        validateWebHostPath(hostPath);
+    }
 
     const containerPath = pickFirstString(requestOptions.containerPath, config.containerPath, ctx.containerPath, hostPath) || hostPath;
     const imageName = pickFirstString(requestOptions.imageName, config.imageName, ctx.imageName);
@@ -1798,7 +1802,6 @@ async function startWebServer(options) {
         terminalSessions: new Map()
     };
 
-    ctx.validateHostPath();
     ensureWebHistoryDir(state.webHistoryDir);
 
     const wsServer = new WebSocket.Server({

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@xcanwin/manyoyo",
-    "version": "5.3.7",
+    "version": "5.3.10",
     "imageVersion": "1.8.4-common",
     "description": "AI Agent CLI Security Sandbox for Docker and Podman",
     "keywords": [
@@ -50,6 +50,7 @@
         "README.md",
         "LICENSE",
         "docker/manyoyo.Dockerfile",
+        "docker/res/**",
         "manyoyo.example.json"
     ],
     "dependencies": {