agim-cli 1.1.0 → 1.1.2

package/dist/web/public/settings.html

@@ -141,6 +141,16 @@
         adminConfirmRemove: 'Remove admin {p}:{u}?',
         adminPublicBindWarn: '⚠️ Web is bound publicly — admin editor disabled to prevent random visitors from granting themselves access. Bind to 127.0.0.1 to enable.',
         adminBootstrapHint: 'Bootstrap token exists at {path}. Run `cat` on the server, then send `/setup admin <token>` in IM to self-onboard.',
+
+        // ── Approval policy (timeout default) ─────────────────────
+        approvalPolicyTitle: 'Approval Policy',
+        approvalPolicyHint: 'What does Agim do when a tool-use approval times out (no IM reply within the budget)? Default deny is strict; switch to allow when you\'ll be away from IM and want the agent to keep moving.',
+        approvalTimeoutDefaultLabel: 'On approval timeout',
+        approvalTimeoutDeny: 'Deny (default — strict, human in the loop)',
+        approvalTimeoutAllow: 'Allow (user-away mode — agent proceeds silently)',
+        approvalPolicySave: 'Save',
+        approvalPolicySaved: 'Saved — applies to the next pending approval, no restart needed.',
+        approvalPolicyLoadFailed: 'Failed to load approval policy',
       },
       zh: {
         title: 'Agim — 设置',
@@ -268,6 +278,16 @@
         adminConfirmRemove: '移除管理员 {p}:{u}？',
         adminPublicBindWarn: '⚠️ web 控制台目前监听公开地址 — 为防止陌生访问者擅自给自己加 admin，此编辑器已禁用。绑回 127.0.0.1 后启用。',
         adminBootstrapHint: '检测到一次性 token 文件在 {path}。在服务器上 `cat` 该文件取 token，然后在 IM 里发 /setup admin <token> 即可把自己设为 admin。',
+
+        // ── 审批策略 (超时默认决策) ───────────────────────────────
+        approvalPolicyTitle: '审批策略',
+        approvalPolicyHint: '当工具调用审批超时（IM 端没在限定时间内回复）时 Agim 该怎么办？默认 deny 严格、人在回路；切到 allow 是"出门模式"，让 agent 继续跑、不卡你。',
+        approvalTimeoutDefaultLabel: '审批超时时',
+        approvalTimeoutDeny: '拒绝（默认 — 严格，人工把关）',
+        approvalTimeoutAllow: '放行（出门模式 — agent 静默继续）',
+        approvalPolicySave: '保存',
+        approvalPolicySaved: '已保存 — 下一个挂起的审批起就生效，无需重启。',
+        approvalPolicyLoadFailed: '加载审批策略失败',
       },
     };
     function t(key) { return T[window.__lang][key] || T.en[key] || key; }
@@ -709,6 +729,7 @@
         <h1>${t('h1')}</h1>
         ${renderServiceCard()}
         ${renderSafetyCard()}
+        ${renderApprovalPolicyCard()}
         ${renderAgentsCard()}
         ${renderMessengersCard()}
         ${renderAcpCard()}
@@ -721,6 +742,8 @@
       void loadServiceStatus();
       // Admin allowlist list — loads via /api/admin-allowlist.
       void loadAdminList();
+      // Approval policy (IMHUB_TIMEOUT_DEFAULT) — loaded via /api/env.
+      void loadApprovalPolicy();
     }
 
     // ==========================================
@@ -840,6 +863,69 @@
       `;
     }
 
+    // ==========================================
+    // Approval Policy card — IMHUB_TIMEOUT_DEFAULT (deny|allow).
+    // Hot-reloads via process.env mutation in handlePutEnv, no restart.
+    // ==========================================
+    function renderApprovalPolicyCard() {
+      return `
+        <div class="card">
+          <h2>${t('approvalPolicyTitle')}</h2>
+          <div class="hint" style="margin-bottom:10px">${t('approvalPolicyHint')}</div>
+          <div style="margin-bottom:8px">
+            <label for="approval-timeout-default">${t('approvalTimeoutDefaultLabel')}</label>
+            <select id="approval-timeout-default">
+              <option value="deny">${t('approvalTimeoutDeny')}</option>
+              <option value="allow">${t('approvalTimeoutAllow')}</option>
+            </select>
+          </div>
+          <div class="actions">
+            <button type="button" class="btn btn-primary" id="approval-policy-save">${t('approvalPolicySave')}</button>
+            <span id="approval-policy-status" class="hint" style="margin-left:10px"></span>
+          </div>
+        </div>
+      `;
+    }
+
+    async function loadApprovalPolicy() {
+      const sel = document.getElementById('approval-timeout-default');
+      const status = document.getElementById('approval-policy-status');
+      if (!sel) return;
+      try {
+        const res = await authFetch('/api/env?reveal=1');
+        if (!res.ok) throw new Error('HTTP ' + res.status);
+        const data = await res.json();
+        const v = (data.env && typeof data.env.IMHUB_TIMEOUT_DEFAULT === 'string')
+          ? data.env.IMHUB_TIMEOUT_DEFAULT.toLowerCase()
+          : 'deny';
+        sel.value = v === 'allow' ? 'allow' : 'deny';
+      } catch (err) {
+        if (status) status.textContent = t('approvalPolicyLoadFailed');
+      }
+    }
+
+    async function saveApprovalPolicy() {
+      const sel = document.getElementById('approval-timeout-default');
+      const status = document.getElementById('approval-policy-status');
+      if (!sel || !status) return;
+      const v = sel.value === 'allow' ? 'allow' : 'deny';
+      try {
+        // authFetch is a thin fetch wrapper that doesn't check res.ok — a
+        // 5xx from the server still resolves the promise. Without this guard
+        // the UI would lie ("已保存") on a failed write.
+        const res = await authFetch('/api/env', {
+          method: 'PUT',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({ updates: { IMHUB_TIMEOUT_DEFAULT: v } }),
+        });
+        if (!res.ok) throw new Error('HTTP ' + res.status);
+        status.textContent = t('approvalPolicySaved');
+        setTimeout(() => { status.textContent = ''; }, 4000);
+      } catch (err) {
+        status.textContent = t('saveFailed');
+      }
+    }
+
     // ==========================================
     // Agents card
     // ==========================================
@@ -1346,6 +1432,9 @@
       document.getElementById('svc-stop')?.addEventListener('click', () => svcAction('stop'));
       document.getElementById('svc-start')?.addEventListener('click', () => svcAction('start'));
 
+      // Approval Policy card — IMHUB_TIMEOUT_DEFAULT toggle.
+      document.getElementById('approval-policy-save')?.addEventListener('click', saveApprovalPolicy);
+
       // Add admin (Safety card → Admin Allowlist).
       document.getElementById('admin-add')?.addEventListener('click', async () => {
         const platform = (document.getElementById('admin-platform')?.value || '').trim();

package/dist/web/server.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/web/server.ts"],"names":[],"mappings":"AAqDA,wBAAgB,iBAAiB,IAAI,CAAC,EAAE,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,KAAK,IAAI,CAOrE;AAED;;GAEG;AACH,wBAAsB,cAAc,CAAC,OAAO,EAAE;IAC5C,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,YAAY,EAAE,MAAM,CAAA;CACrB,GAAG,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,IAAI,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,CAAC,CAgoB/C"}
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../../src/web/server.ts"],"names":[],"mappings":"AAsDA,wBAAgB,iBAAiB,IAAI,CAAC,EAAE,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,KAAK,IAAI,CAOrE;AAED;;GAEG;AACH,wBAAsB,cAAc,CAAC,OAAO,EAAE;IAC5C,IAAI,CAAC,EAAE,MAAM,CAAA;IACb,YAAY,EAAE,MAAM,CAAA;CACrB,GAAG,OAAO,CAAC;IAAE,KAAK,EAAE,MAAM,IAAI,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,CAAC,CAmoB/C"}

package/dist/web/server.js

@@ -9,6 +9,7 @@ import { WebSocketServer } from 'ws';
 import { parseMessage, routeMessage } from '../core/router.js';
 import { sessionManager } from '../core/session.js';
 import { registry } from '../core/registry.js';
+import { sink, resolveMessenger } from '../core/message-sink.js';
 import { generateTraceId, createLogger, logger as rootLogger } from '../core/logger.js';
 import { validateConfig } from '../core/config-schema.js';
 import { consumeToken, peekToken } from '../core/location-token.js';
@@ -229,8 +230,6 @@ export async function startWebServer(options) {
             catch (err) {
                 webLog.warn({ event: 'web.loc.memo_failed', err: String(err) }, 'failed to write/update memo');
             }
-            const messengerName = ctx.platform === 'wechat' ? 'wechat-ilink' : ctx.platform;
-            const messenger = registry.getMessenger(messengerName);
             const idTag = memoId ? `#${memoId}` : '';
             const accTxt = accuracy > 0 ? ` (±${Math.round(accuracy)}m)` : '';
             const headLabel = displayWhat ? `'${displayWhat}'` : '';
@@ -242,14 +241,18 @@ export async function startWebServer(options) {
                 '',
                 `   🗺 [百度地图](${urls.baidu}) · [高德地图](${urls.amap}) · [Google](${urls.google})`,
             ].filter(Boolean).join('\n');
-            if (messenger) {
-                messenger.sendMessage(ctx.threadId, reply).catch((err) => {
-                    webLog.warn({ event: 'web.loc.dispatch_failed', threadId: ctx.threadId, err: String(err) });
-                });
-            }
-            else {
-                webLog.warn({ event: 'web.loc.no_messenger', platform: ctx.platform });
-            }
+            // Route via sink — adapter resolution (e.g. 'wechat' → 'wechat-ilink')
+            // happens inside resolveMessenger(). priority='normal': location replies
+            // are non-urgent, queue is fine.
+            sink.deliver({
+                platform: ctx.platform,
+                channelId: ctx.channelId,
+                threadId: ctx.threadId,
+                payload: reply,
+                kind: 'text',
+            }).catch((err) => {
+                webLog.warn({ event: 'web.loc.dispatch_failed', threadId: ctx.threadId, err: String(err) });
+            });
             sendJson(res, 200, { ok: true, id: memoId, lat, lng });
             return;
         }
@@ -1187,9 +1190,10 @@ async function handleNotify(req, res) {
             sendJson(res, 400, { error: 'Missing platform / threadId / (text|card)' });
             return;
         }
-        // Map platform name to messenger plugin name.
-        const messengerName = platform === 'wechat' ? 'wechat-ilink' : platform;
-        const messenger = registry.getMessenger(messengerName);
+        // Pre-flight: confirm a messenger exists so we can return a clean 404
+        // synchronously. sink will resolve again at delivery time — but the
+        // synchronous 404 is part of the API contract.
+        const messenger = resolveMessenger(platform);
         if (!messenger) {
             sendJson(res, 404, { error: `Messenger "${platform}" not registered` });
             return;
@@ -1197,11 +1201,19 @@ async function handleNotify(req, res) {
         const traceId = generateTraceId();
         const log = createLogger({ traceId, platform, component: 'notify' });
         log.info({ threadId, hasCard: !!card, textLen: text?.length || 0 }, 'notify in');
-        if (card && typeof messenger.sendCard === 'function') {
-            await messenger.sendCard(threadId, card);
+        // External /api/notify callers don't know the IM channelId, so we pass
+        // 'rest' as a sentinel (consistent with other web-originated rows).
+        if (card) {
+            await sink.deliver({
+                platform, channelId: 'rest', threadId,
+                payload: card, kind: 'card',
+            });
         }
         else if (text) {
-            await messenger.sendMessage(threadId, text);
+            await sink.deliver({
+                platform, channelId: 'rest', threadId,
+                payload: text, kind: 'text',
+            });
         }
         else {
             sendJson(res, 400, { error: 'card requires sendCard support, otherwise text is required' });
@@ -1544,6 +1556,11 @@ const ENV_EDITABLE_KEYS = [
     // Safety card toggle — drives the Claude --dangerously-skip-permissions
     // branch in plugins/agents/claude-code/index.ts. Not a secret, plain '1'/'0'.
     'IMHUB_DANGEROUSLY_SKIP_PERMISSIONS',
+    // Approval Policy card — 'allow' | 'deny' (default deny). Decides what the
+    // approval bus does when a tool-use prompt times out with no human reply.
+    // Hot-reload: handlePutEnv mutates process.env so approval-bus picks up the
+    // new value on the next timer fire, no restart needed.
+    'IMHUB_TIMEOUT_DEFAULT',
 ];
 const SECRET_KEYS = new Set(['IMHUB_SMTP_PASS', 'IMHUB_BAIDU_MAP_AK']);
 function maskSecret(v) {
@@ -1594,6 +1611,17 @@ async function handlePutEnv(req, res) {
         }
         const { updateEnvFile } = await import('../cli-ui/env-file.js');
         updateEnvFile(safe);
+        // Hot-reload: mutate process.env so modules that re-read on use (e.g.
+        // approval-bus's isTimeoutDefaultAllow) pick up the change without
+        // waiting for a service restart. Modules that capture at module load
+        // (most SMTP / Baidu callers) still need a restart to see the new value
+        // — that's a per-module decision, not enforced here.
+        for (const [k, v] of Object.entries(safe)) {
+            if (v === null)
+                delete process.env[k];
+            else
+                process.env[k] = v;
+        }
         sendJson(res, 200, { ok: true, updated: Object.keys(safe) });
     }
     catch (err) {