npm - agim-cli - Versions diffs - 1.0.7 → 1.0.9 - Mend

agim-cli 1.0.7 → 1.0.9

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (50) hide show

package/CHANGELOG.md +49 -0
package/dist/cli.js +51 -0
package/dist/cli.js.map +1 -1
package/dist/core/admin-allowlist.d.ts +11 -0
package/dist/core/admin-allowlist.d.ts.map +1 -0
package/dist/core/admin-allowlist.js +77 -0
package/dist/core/admin-allowlist.js.map +1 -0
package/dist/core/approval-router.d.ts.map +1 -1
package/dist/core/approval-router.js +15 -0
package/dist/core/approval-router.js.map +1 -1
package/dist/core/commands/builtin.d.ts +1 -1
package/dist/core/commands/builtin.d.ts.map +1 -1
package/dist/core/commands/builtin.js +6 -4
package/dist/core/commands/builtin.js.map +1 -1
package/dist/core/commands/service.d.ts +14 -0
package/dist/core/commands/service.d.ts.map +1 -0
package/dist/core/commands/service.js +85 -0
package/dist/core/commands/service.js.map +1 -0
package/dist/core/restart-completion.d.ts +5 -0
package/dist/core/restart-completion.d.ts.map +1 -0
package/dist/core/restart-completion.js +156 -0
package/dist/core/restart-completion.js.map +1 -0
package/dist/core/restart-flow.d.ts +40 -0
package/dist/core/restart-flow.d.ts.map +1 -0
package/dist/core/restart-flow.js +177 -0
package/dist/core/restart-flow.js.map +1 -0
package/dist/core/restart-preflight.d.ts +7 -0
package/dist/core/restart-preflight.d.ts.map +1 -0
package/dist/core/restart-preflight.js +95 -0
package/dist/core/restart-preflight.js.map +1 -0
package/dist/core/router.d.ts.map +1 -1
package/dist/core/router.js +16 -2
package/dist/core/router.js.map +1 -1
package/dist/core/self-protect.d.ts +8 -0
package/dist/core/self-protect.d.ts.map +1 -0
package/dist/core/self-protect.js +119 -0
package/dist/core/self-protect.js.map +1 -0
package/dist/core/service-intent.d.ts +17 -0
package/dist/core/service-intent.d.ts.map +1 -0
package/dist/core/service-intent.js +87 -0
package/dist/core/service-intent.js.map +1 -0
package/dist/core/types.d.ts +5 -1
package/dist/core/types.d.ts.map +1 -1
package/dist/plugins/agents/claude-code/index.d.ts.map +1 -1
package/dist/plugins/agents/claude-code/index.js +44 -14
package/dist/plugins/agents/claude-code/index.js.map +1 -1
package/dist/web/public/settings.html +117 -0
package/dist/web/server.js +15 -39
package/dist/web/server.js.map +1 -1
package/package.json +1 -1

package/dist/web/public/settings.html CHANGED Viewed

@@ -128,6 +128,17 @@
         svcRestarted: '✓ Service restarted',
         svcStopped: '✓ Service stopped (this page is now disconnected)',
         svcFgWarning: 'Foreground service is running in another terminal — restart it there.',
+        // ── Safety / approval gating ─────────────────────────────
+        safetyTitle: 'Safety',
+        safetySkipLabel: 'Skip permission prompts for Claude Code (Dangerous)',
+        safetySkipHint: 'When ON, Claude Code launches with --dangerously-skip-permissions. Every tool call (Bash, Edit, Write, …) runs without approval and without honoring PreToolUse hooks. Only enable on private / sandboxed deployments you fully trust.',
+        safetySkipStatusOn: 'Currently: SKIPPING approvals — DANGEROUS',
+        safetySkipStatusOff: 'Currently: approval prompts enforced (default)',
+        safetySkipConfirmOn: 'Turn OFF approval prompts for Claude Code? Every tool call will run without confirmation. Click OK only if this deployment is private / sandboxed.',
+        safetyRestartHint: 'Click Save & Restart to apply.',
+        safetySaveRestart: 'Save & Restart',
+        safetySaved: '✓ Setting saved',
       },
       zh: {
         title: 'Agim — 设置',
@@ -242,6 +253,17 @@
         svcRestarted: '✓ 服务已重启',
         svcStopped: '✓ 服务已停止（页面已断开连接）',
         svcFgWarning: '前台服务在另一个终端运行——回那个终端重启。',
+        // ── Safety / approval gating ─────────────────────────────
+        safetyTitle: '安全',
+        safetySkipLabel: '免审批：Claude Code（危险）',
+        safetySkipHint: '打开后 Claude Code 以 --dangerously-skip-permissions 启动，所有工具调用（Bash / Edit / Write …）不再申请审批，也不走 PreToolUse hooks。仅推荐在你完全信任的私人 / 沙箱环境使用。',
+        safetySkipStatusOn: '当前：免审批 — 危险',
+        safetySkipStatusOff: '当前：审批正常生效（默认）',
+        safetySkipConfirmOn: '关闭 Claude Code 审批？所有工具调用都会不经确认直接执行。仅当此部署是私人 / 沙箱环境时点确定。',
+        safetyRestartHint: '点「保存并重启」让改动生效。',
+        safetySaveRestart: '保存并重启',
+        safetySaved: '✓ 设置已保存',
       },
     };
     function t(key) { return T[window.__lang][key] || T.en[key] || key; }
@@ -682,6 +704,7 @@
       app.innerHTML = `
         <h1>${t('h1')}</h1>
         ${renderServiceCard()}
+        ${renderSafetyCard()}
         ${renderAgentsCard()}
         ${renderMessengersCard()}
         ${renderAcpCard()}
@@ -692,6 +715,67 @@
       // Service status loads asynchronously; the card renders with a
       // placeholder, populated by the first /api/service/status response.
       void loadServiceStatus();
+      // Safety toggle reflects the current env value; load once on render.
+      void loadSafetyState();
+    }
+    // ==========================================
+    // Safety card — operator-level approval policy switches.
+    // Right now this has a single toggle (Claude --dangerously-skip-
+    // permissions). Future: codex / opencode equivalents, per-platform
+    // user allowlist, etc.
+    // ==========================================
+    function renderSafetyCard() {
+      return `
+        <div class="card">
+          <h2>${t('safetyTitle')} ⚠️</h2>
+          <div class="agent-row" style="border-bottom:none;padding:8px 0">
+            <div class="left" style="max-width:calc(100% - 60px)">
+              <div>
+                <div class="name">${t('safetySkipLabel')}</div>
+                <div class="hint" style="white-space:normal;line-height:1.5">${t('safetySkipHint')}</div>
+                <div class="hint" id="safety-skip-status" style="margin-top:6px">—</div>
+              </div>
+            </div>
+            <div class="toggle" id="safety-skip-toggle" data-active="0"></div>
+          </div>
+          <div class="hint" style="margin-top:10px">${t('safetyRestartHint')}</div>
+          <div class="actions">
+            <button type="button" class="btn btn-primary" id="safety-save-restart">${t('safetySaveRestart')}</button>
+          </div>
+        </div>
+      `;
+    }
+    // Pending state — what the toggle is set to RIGHT NOW (before save).
+    // Diffed against the on-disk env value to decide if Save-and-Restart
+    // should fire the restart.
+    let safetySkipCurrent = false;
+    let safetySkipPending = false;
+    async function loadSafetyState() {
+      try {
+        const data = await authFetch('/api/env').then(r => r.json());
+        // Treat env value '1' as on, anything else as off. /api/env masks
+        // sensitive values but plain '1'/'0' come through verbatim.
+        const v = data && data.env && data.env.IMHUB_DANGEROUSLY_SKIP_PERMISSIONS;
+        safetySkipCurrent = v === '1';
+        safetySkipPending = safetySkipCurrent;
+        renderSafetyToggleState();
+      } catch (err) {
+        const el = document.getElementById('safety-skip-status');
+        if (el) el.textContent = (t('error') + ': ' + (err && err.message ? err.message : err));
+      }
+    }
+    function renderSafetyToggleState() {
+      const toggle = document.getElementById('safety-skip-toggle');
+      const status = document.getElementById('safety-skip-status');
+      if (!toggle || !status) return;
+      toggle.classList.toggle('active', safetySkipPending);
+      toggle.setAttribute('data-active', safetySkipPending ? '1' : '0');
+      status.textContent = safetySkipPending ? t('safetySkipStatusOn') : t('safetySkipStatusOff');
+      status.style.color = safetySkipPending ? 'var(--red)' : 'var(--text-dim)';
     }
     // ==========================================
@@ -1219,6 +1303,39 @@
       document.getElementById('svc-stop')?.addEventListener('click', () => svcAction('stop'));
       document.getElementById('svc-start')?.addEventListener('click', () => svcAction('start'));
+      // Safety toggle — flip pending state. Save & Restart commits to env.
+      document.getElementById('safety-skip-toggle')?.addEventListener('click', () => {
+        // Going from OFF → ON crosses a security boundary; double-check.
+        if (!safetySkipPending && !confirm(t('safetySkipConfirmOn'))) return;
+        safetySkipPending = !safetySkipPending;
+        renderSafetyToggleState();
+      });
+      document.getElementById('safety-save-restart')?.addEventListener('click', async () => {
+        const wantedOn = safetySkipPending;
+        try {
+          const updates = wantedOn
+            ? { IMHUB_DANGEROUSLY_SKIP_PERMISSIONS: '1' }
+            : { IMHUB_DANGEROUSLY_SKIP_PERMISSIONS: null };
+          const res = await authFetch('/api/env', {
+            method: 'PUT',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({ updates }),
+          });
+          if (!res.ok) {
+            const j = await res.json().catch(() => ({}));
+            throw new Error(j.error || res.statusText);
+          }
+          toast(t('safetySaved'), 'success');
+          safetySkipCurrent = wantedOn;
+          // The env file write only takes effect on the next start. Reuse the
+          // service-control restart path so the user gets the same overlay /
+          // auto-reconnect they get clicking the Restart button manually.
+          await svcAction('restart');
+        } catch (err) {
+          toast(`${t('error')}: ${err && err.message ? err.message : err}`, 'error');
+        }
+      });
       // Agent toggles — flip config.agents in memory + auto-manage
       // defaultAgent (promote / demote as needed), then re-render so the
       // default-agent dropdown reflects the new eligible set.

package/dist/web/server.js CHANGED Viewed

@@ -1039,7 +1039,7 @@ async function handleServiceStop(res) {
     }, 200);
 }
 async function handleServiceRestart(res) {
-    const { detectService, PID_FILE, LOG_FILE } = await import('../cli-ui/service.js');
+    const { detectService } = await import('../cli-ui/service.js');
     const st = detectService();
     if (st.mode === 'systemd') {
         try {
@@ -1060,44 +1060,17 @@ async function handleServiceRestart(res) {
         sendJson(res, 409, { error: 'foreground service is running in another terminal; restart it manually (Ctrl-C + re-run)' });
         return;
     }
-    // background or 'none': spawn a detached node -e helper that waits
-    // for our PID to die, then starts a fresh daemon. Then SIGTERM self
-    // so the helper's wait-loop unblocks and the new daemon takes over.
-    const __dn = dirname(fileURLToPath(import.meta.url));
-    const cliJs = join(__dn, '..', 'cli.js');
-    const parentPid = process.pid;
-    const helperCode = 'const{spawn}=require("child_process");' +
-        'const fs=require("fs");' +
-        `const pid=${parentPid};` +
-        'let n=0;' +
-        'const t=setInterval(()=>{' +
-        '  try{process.kill(pid,0)}catch{' +
-        '    clearInterval(t);' +
-        `    const fd=fs.openSync(${JSON.stringify(LOG_FILE)},"a");` +
-        `    const c=spawn(${JSON.stringify(process.execPath)},[${JSON.stringify(cliJs)},"start"],{detached:true,stdio:["ignore",fd,fd],env:process.env});` +
-        '    c.unref();' +
-        `    fs.writeFileSync(${JSON.stringify(PID_FILE)},String(c.pid)+"\\n");` +
-        '    fs.closeSync(fd);' +
-        '    process.exit(0);' +
-        '  }' +
-        '  if(++n>150){clearInterval(t);process.exit(1)}' +
-        '},200);';
-    const { spawn: spawnChild } = await import('node:child_process');
-    const helper = spawnChild(process.execPath, ['-e', helperCode], {
-        detached: true,
-        stdio: 'ignore',
-        env: process.env,
-    });
-    helper.unref();
-    sendJson(res, 200, { ok: true, mode: st.mode, restarting: true });
-    setTimeout(() => {
-        try {
-            process.kill(process.pid, 'SIGTERM');
-        }
-        catch {
-            process.exit(0);
-        }
-    }, 300);
+    // background or 'none': delegate to the shared restart-flow. The flow
+    // runs pre-flight checks, writes restart-pending.json with source='web'
+    // (so the new daemon doesn't try to push an IM completion message —
+    // browser polling handles that), and spawns the detached helper.
+    const { initiateRestart } = await import('../core/restart-flow.js');
+    const result = await initiateRestart({ source: 'web' });
+    if (!result.ok) {
+        sendJson(res, 409, { error: result.message, details: result.errors });
+        return;
+    }
+    sendJson(res, 200, { ok: true, mode: st.mode, restarting: true, message: result.message });
 }
 /**
  * POST /api/notify  → push a message to an IM thread.
@@ -1468,6 +1441,9 @@ const ENV_EDITABLE_KEYS = [
     'IMHUB_SMTP_FROM', 'IMHUB_SMTP_SECURE',
     'IMHUB_BAIDU_MAP_AK',
     'IMHUB_LOC_BASE_URL', 'IMHUB_TZ_OFFSET_HOURS',
+    // Safety card toggle — drives the Claude --dangerously-skip-permissions
+    // branch in plugins/agents/claude-code/index.ts. Not a secret, plain '1'/'0'.
+    'IMHUB_DANGEROUSLY_SKIP_PERMISSIONS',
 ];
 const SECRET_KEYS = new Set(['IMHUB_SMTP_PASS', 'IMHUB_BAIDU_MAP_AK']);
 function maskSecret(v) {