agim-cli 1.4.9 → 1.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +415 -402
- package/README.md +4 -4
- package/bin/agim_rpc.py +12 -12
- package/dist/cli-ui/cmd-handlers.d.ts +3 -3
- package/dist/cli-ui/cmd-handlers.d.ts.map +1 -1
- package/dist/cli-ui/cmd-handlers.js +11 -19
- package/dist/cli-ui/cmd-handlers.js.map +1 -1
- package/dist/cli-ui/config-wizard.js +27 -27
- package/dist/cli-ui/config-wizard.js.map +1 -1
- package/dist/cli-ui/env-file.d.ts +4 -4
- package/dist/cli-ui/env-file.js +13 -13
- package/dist/cli-ui/env-file.js.map +1 -1
- package/dist/cli-ui/i18n.d.ts +2 -2
- package/dist/cli-ui/i18n.js +9 -9
- package/dist/cli-ui/i18n.js.map +1 -1
- package/dist/cli-ui/lang-picker.js +1 -1
- package/dist/cli-ui/lang-picker.js.map +1 -1
- package/dist/cli-ui/paths.d.ts.map +1 -1
- package/dist/cli-ui/paths.js +2 -4
- package/dist/cli-ui/paths.js.map +1 -1
- package/dist/cli-ui/service.d.ts +7 -7
- package/dist/cli-ui/service.d.ts.map +1 -1
- package/dist/cli-ui/service.js +57 -72
- package/dist/cli-ui/service.js.map +1 -1
- package/dist/cli-ui/tui/app.js +2 -2
- package/dist/cli-ui/tui/app.js.map +1 -1
- package/dist/cli-ui/tui/index.js +6 -6
- package/dist/cli-ui/tui/index.js.map +1 -1
- package/dist/cli-ui/tui/mouse-stdin.js +1 -1
- package/dist/cli-ui/tui/mouse-stdin.js.map +1 -1
- package/dist/cli-ui/tui/stream-reveal.d.ts +2 -2
- package/dist/cli-ui/tui/stream-reveal.d.ts.map +1 -1
- package/dist/cli-ui/tui/stream-reveal.js +4 -4
- package/dist/cli-ui/tui/stream-reveal.js.map +1 -1
- package/dist/cli.js +24 -45
- package/dist/cli.js.map +1 -1
- package/dist/core/a2a-notify.js +5 -5
- package/dist/core/a2a-notify.js.map +1 -1
- package/dist/core/a2a.d.ts +2 -2
- package/dist/core/a2a.d.ts.map +1 -1
- package/dist/core/a2a.js +12 -12
- package/dist/core/a2a.js.map +1 -1
- package/dist/core/access-token.d.ts +1 -1
- package/dist/core/access-token.js +7 -7
- package/dist/core/access-token.js.map +1 -1
- package/dist/core/acp-server.js +5 -5
- package/dist/core/acp-server.js.map +1 -1
- package/dist/core/admin-allowlist.js +5 -5
- package/dist/core/admin-allowlist.js.map +1 -1
- package/dist/core/agent-base.d.ts +1 -1
- package/dist/core/agent-base.js +3 -3
- package/dist/core/agent-base.js.map +1 -1
- package/dist/core/agent-cwd.d.ts +5 -6
- package/dist/core/agent-cwd.d.ts.map +1 -1
- package/dist/core/agent-cwd.js +15 -16
- package/dist/core/agent-cwd.js.map +1 -1
- package/dist/core/agim-paths.d.ts +1 -4
- package/dist/core/agim-paths.d.ts.map +1 -1
- package/dist/core/agim-paths.js +18 -35
- package/dist/core/agim-paths.js.map +1 -1
- package/dist/core/approval-bus.d.ts +4 -4
- package/dist/core/approval-bus.d.ts.map +1 -1
- package/dist/core/approval-bus.js +14 -14
- package/dist/core/approval-bus.js.map +1 -1
- package/dist/core/approval-router.js +2 -2
- package/dist/core/artifacts.js +3 -3
- package/dist/core/artifacts.js.map +1 -1
- package/dist/core/ask-user-rpc.js +1 -1
- package/dist/core/ask-user-rpc.js.map +1 -1
- package/dist/core/audit-log.js +2 -2
- package/dist/core/audit-log.js.map +1 -1
- package/dist/core/bgjob-reader.d.ts +1 -1
- package/dist/core/bgjob-reader.js +4 -4
- package/dist/core/bgjob-reader.js.map +1 -1
- package/dist/core/commands/approval.js +2 -2
- package/dist/core/commands/approval.js.map +1 -1
- package/dist/core/commands/heartbeat.js +2 -2
- package/dist/core/commands/heartbeat.js.map +1 -1
- package/dist/core/commands/memo.js +1 -1
- package/dist/core/commands/memo.js.map +1 -1
- package/dist/core/commands/model.js +1 -1
- package/dist/core/commands/model.js.map +1 -1
- package/dist/core/commands/plan.js +3 -3
- package/dist/core/commands/plan.js.map +1 -1
- package/dist/core/commands/router-compare.js +3 -3
- package/dist/core/commands/router-compare.js.map +1 -1
- package/dist/core/commands/service.d.ts.map +1 -1
- package/dist/core/commands/service.js +1 -3
- package/dist/core/commands/service.js.map +1 -1
- package/dist/core/commands/sessions.js +4 -4
- package/dist/core/commands/sessions.js.map +1 -1
- package/dist/core/commands/skill.js +1 -1
- package/dist/core/commands/skill.js.map +1 -1
- package/dist/core/commands/stats.js +1 -1
- package/dist/core/commands/stats.js.map +1 -1
- package/dist/core/commands/web.js +5 -5
- package/dist/core/commands/web.js.map +1 -1
- package/dist/core/config-schema.js +1 -1
- package/dist/core/coord-systems.d.ts +1 -1
- package/dist/core/coord-systems.js +4 -4
- package/dist/core/coord-systems.js.map +1 -1
- package/dist/core/event-bus.d.ts +5 -5
- package/dist/core/event-bus.d.ts.map +1 -1
- package/dist/core/event-bus.js +3 -3
- package/dist/core/event-bus.js.map +1 -1
- package/dist/core/feature-flags.d.ts +2 -2
- package/dist/core/feature-flags.js +4 -4
- package/dist/core/feature-flags.js.map +1 -1
- package/dist/core/goal-rpc.js +2 -2
- package/dist/core/goal-rpc.js.map +1 -1
- package/dist/core/goals.d.ts +1 -1
- package/dist/core/goals.js +3 -3
- package/dist/core/goals.js.map +1 -1
- package/dist/core/heartbeat-store.d.ts +1 -1
- package/dist/core/heartbeat-store.d.ts.map +1 -1
- package/dist/core/heartbeat-store.js +3 -3
- package/dist/core/heartbeat-store.js.map +1 -1
- package/dist/core/heartbeat.js +4 -4
- package/dist/core/heartbeat.js.map +1 -1
- package/dist/core/intent-llm.d.ts +2 -2
- package/dist/core/intent-llm.js +5 -5
- package/dist/core/intent-llm.js.map +1 -1
- package/dist/core/job-board.d.ts +5 -5
- package/dist/core/job-board.d.ts.map +1 -1
- package/dist/core/job-board.js +17 -17
- package/dist/core/job-board.js.map +1 -1
- package/dist/core/llm/agent-loop.d.ts +3 -3
- package/dist/core/llm/agent-loop.js +14 -14
- package/dist/core/llm/agent-loop.js.map +1 -1
- package/dist/core/llm/{imhub-dispatcher.d.ts → agim-dispatcher.d.ts} +4 -4
- package/dist/core/llm/agim-dispatcher.d.ts.map +1 -0
- package/dist/core/llm/{imhub-dispatcher.js → agim-dispatcher.js} +43 -43
- package/dist/core/llm/agim-dispatcher.js.map +1 -0
- package/dist/core/llm/agim-rpc-server.js +17 -17
- package/dist/core/llm/agim-rpc-server.js.map +1 -1
- package/dist/core/llm/auto-compact.d.ts +3 -3
- package/dist/core/llm/auto-compact.d.ts.map +1 -1
- package/dist/core/llm/auto-compact.js +5 -5
- package/dist/core/llm/auto-compact.js.map +1 -1
- package/dist/core/llm/builtin-dispatcher.js +3 -3
- package/dist/core/llm/builtin-dispatcher.js.map +1 -1
- package/dist/core/llm/exec-dispatcher.d.ts +2 -2
- package/dist/core/llm/exec-dispatcher.d.ts.map +1 -1
- package/dist/core/llm/exec-dispatcher.js +20 -22
- package/dist/core/llm/exec-dispatcher.js.map +1 -1
- package/dist/core/llm/fs-dispatcher.js +8 -8
- package/dist/core/llm/fs-dispatcher.js.map +1 -1
- package/dist/core/llm/goal-critic.js +4 -4
- package/dist/core/llm/goal-critic.js.map +1 -1
- package/dist/core/llm/hallucination-detector.js +2 -2
- package/dist/core/llm/hallucination-detector.js.map +1 -1
- package/dist/core/llm/mcp-client.d.ts +1 -1
- package/dist/core/llm/mcp-client.js +3 -3
- package/dist/core/llm/mcp-client.js.map +1 -1
- package/dist/core/llm/mcp-registry.js +3 -3
- package/dist/core/llm/mcp-registry.js.map +1 -1
- package/dist/core/llm/openai-compat-provider.d.ts +1 -1
- package/dist/core/llm/openai-compat-provider.js +2 -2
- package/dist/core/llm/openai-compat-provider.js.map +1 -1
- package/dist/core/llm/provider-base.d.ts +1 -1
- package/dist/core/llm/secrets.d.ts +2 -2
- package/dist/core/llm/secrets.d.ts.map +1 -1
- package/dist/core/llm/tool-dispatcher.d.ts +1 -1
- package/dist/core/llm/web-dispatcher.d.ts +1 -1
- package/dist/core/llm/web-dispatcher.js +15 -15
- package/dist/core/llm/web-dispatcher.js.map +1 -1
- package/dist/core/logger.d.ts +1 -1
- package/dist/core/logger.js +3 -3
- package/dist/core/logger.js.map +1 -1
- package/dist/core/memo-rpc.js +3 -3
- package/dist/core/memo-rpc.js.map +1 -1
- package/dist/core/memory-consolidate.js +4 -4
- package/dist/core/memory-consolidate.js.map +1 -1
- package/dist/core/memory-distill.js +4 -4
- package/dist/core/memory-distill.js.map +1 -1
- package/dist/core/memory-distiller.js +9 -9
- package/dist/core/memory-distiller.js.map +1 -1
- package/dist/core/memory-vector.js +9 -9
- package/dist/core/memory-vector.js.map +1 -1
- package/dist/core/memory.js +2 -2
- package/dist/core/memory.js.map +1 -1
- package/dist/core/memos.js +6 -6
- package/dist/core/memos.js.map +1 -1
- package/dist/core/message-sink.js +13 -13
- package/dist/core/message-sink.js.map +1 -1
- package/dist/core/notification-evaluator.d.ts +2 -2
- package/dist/core/notification-evaluator.js +4 -4
- package/dist/core/notification-evaluator.js.map +1 -1
- package/dist/core/onboarding.js +3 -3
- package/dist/core/onboarding.js.map +1 -1
- package/dist/core/outbox.js +2 -2
- package/dist/core/outbox.js.map +1 -1
- package/dist/core/persona.d.ts +1 -1
- package/dist/core/persona.d.ts.map +1 -1
- package/dist/core/persona.js +2 -2
- package/dist/core/persona.js.map +1 -1
- package/dist/core/plan-history.js +1 -1
- package/dist/core/plan-history.js.map +1 -1
- package/dist/core/plan-intent.js +5 -5
- package/dist/core/plan-intent.js.map +1 -1
- package/dist/core/plan-mode-state.d.ts +1 -1
- package/dist/core/plan-mode-state.js +4 -4
- package/dist/core/plan-mode-state.js.map +1 -1
- package/dist/core/push-rpc.d.ts +1 -1
- package/dist/core/push-rpc.js +6 -6
- package/dist/core/push-rpc.js.map +1 -1
- package/dist/core/registry.d.ts +4 -4
- package/dist/core/registry.js +10 -10
- package/dist/core/registry.js.map +1 -1
- package/dist/core/reminders.js +1 -1
- package/dist/core/reminders.js.map +1 -1
- package/dist/core/restart-flow.d.ts.map +1 -1
- package/dist/core/restart-flow.js +5 -7
- package/dist/core/restart-flow.js.map +1 -1
- package/dist/core/router.d.ts +1 -1
- package/dist/core/router.js +5 -5
- package/dist/core/router.js.map +1 -1
- package/dist/core/schedule.d.ts +2 -2
- package/dist/core/schedule.js +4 -4
- package/dist/core/schedule.js.map +1 -1
- package/dist/core/self-protect.js +3 -3
- package/dist/core/self-protect.js.map +1 -1
- package/dist/core/sender-allowlist.js +7 -7
- package/dist/core/sender-allowlist.js.map +1 -1
- package/dist/core/sensitive-paths.d.ts.map +1 -1
- package/dist/core/sensitive-paths.js +1 -2
- package/dist/core/sensitive-paths.js.map +1 -1
- package/dist/core/session.js +2 -2
- package/dist/core/session.js.map +1 -1
- package/dist/core/skills/builtin/ECC_NOTICE.md +1 -1
- package/dist/core/skills/builtin/agim-memory/SKILL.md +1 -1
- package/dist/core/skills/builtin/agim-reminders/SKILL.md +2 -2
- package/dist/core/skills/builtin/agim-self/SKILL.md +9 -9
- package/dist/core/skills/builtin/agim-skill-discovery/SKILL.md +5 -5
- package/dist/core/skills/builtin/image-generation/SKILL.md +2 -2
- package/dist/core/skills/builtin/long-goal/SKILL.md +7 -7
- package/dist/core/skills/builtin/my/SKILL.md +2 -2
- package/dist/core/skills/builtin/skill-creator/SKILL.md +2 -2
- package/dist/core/skills/loader.d.ts +4 -4
- package/dist/core/skills/loader.js +22 -22
- package/dist/core/skills/loader.js.map +1 -1
- package/dist/core/skills-rpc.js +1 -1
- package/dist/core/skills-rpc.js.map +1 -1
- package/dist/core/transcribe.js +13 -13
- package/dist/core/transcribe.js.map +1 -1
- package/dist/core/tunnel.js +1 -1
- package/dist/core/tunnel.js.map +1 -1
- package/dist/core/types.d.ts +2 -2
- package/dist/core/types.d.ts.map +1 -1
- package/dist/core/user-coord-prefs.js +1 -1
- package/dist/core/user-coord-prefs.js.map +1 -1
- package/dist/core/viewer-config.d.ts +8 -8
- package/dist/core/viewer-config.js +17 -17
- package/dist/core/viewer-config.js.map +1 -1
- package/dist/core/viewer-local.js +4 -4
- package/dist/core/viewer-local.js.map +1 -1
- package/dist/core/viewer-remote.js +1 -1
- package/dist/core/viewer-remote.js.map +1 -1
- package/dist/plugins/agents/acp/url-guard.d.ts +1 -1
- package/dist/plugins/agents/acp/url-guard.js +2 -2
- package/dist/plugins/agents/acp/url-guard.js.map +1 -1
- package/dist/plugins/agents/antigravity/ensure-mcp-config.d.ts +6 -6
- package/dist/plugins/agents/antigravity/ensure-mcp-config.d.ts.map +1 -1
- package/dist/plugins/agents/antigravity/ensure-mcp-config.js +12 -12
- package/dist/plugins/agents/antigravity/ensure-mcp-config.js.map +1 -1
- package/dist/plugins/agents/antigravity/index.js +10 -10
- package/dist/plugins/agents/antigravity/index.js.map +1 -1
- package/dist/plugins/agents/claude-code/index.d.ts +2 -2
- package/dist/plugins/agents/claude-code/index.js +16 -16
- package/dist/plugins/agents/claude-code/index.js.map +1 -1
- package/dist/plugins/agents/claude-code/mcp-approval-server.js +13 -13
- package/dist/plugins/agents/claude-code/mcp-approval-server.js.map +1 -1
- package/dist/plugins/agents/codex/build-mcp-cli-args.d.ts +4 -4
- package/dist/plugins/agents/codex/build-mcp-cli-args.js +14 -14
- package/dist/plugins/agents/codex/build-mcp-cli-args.js.map +1 -1
- package/dist/plugins/agents/codex/index.d.ts +3 -3
- package/dist/plugins/agents/codex/index.js +14 -14
- package/dist/plugins/agents/codex/index.js.map +1 -1
- package/dist/plugins/agents/cursor/ensure-mcp-config.d.ts +5 -5
- package/dist/plugins/agents/cursor/ensure-mcp-config.d.ts.map +1 -1
- package/dist/plugins/agents/cursor/ensure-mcp-config.js +11 -11
- package/dist/plugins/agents/cursor/ensure-mcp-config.js.map +1 -1
- package/dist/plugins/agents/cursor/index.d.ts +1 -1
- package/dist/plugins/agents/cursor/index.js +12 -12
- package/dist/plugins/agents/cursor/index.js.map +1 -1
- package/dist/plugins/agents/native/index.js +14 -14
- package/dist/plugins/agents/native/index.js.map +1 -1
- package/dist/plugins/agents/native/tool-registry.d.ts +3 -3
- package/dist/plugins/agents/native/tool-registry.d.ts.map +1 -1
- package/dist/plugins/agents/native/tool-registry.js +5 -5
- package/dist/plugins/agents/native/tool-registry.js.map +1 -1
- package/dist/plugins/agents/opencode/ensure-mcp-config.d.ts +1 -1
- package/dist/plugins/agents/opencode/ensure-mcp-config.js +9 -9
- package/dist/plugins/agents/opencode/ensure-mcp-config.js.map +1 -1
- package/dist/plugins/agents/opencode/index.js +3 -3
- package/dist/plugins/agents/opencode/index.js.map +1 -1
- package/dist/plugins/agents/opencode/opencode-http-adapter.d.ts +4 -0
- package/dist/plugins/agents/opencode/opencode-http-adapter.d.ts.map +1 -1
- package/dist/plugins/agents/opencode/opencode-http-adapter.js +16 -12
- package/dist/plugins/agents/opencode/opencode-http-adapter.js.map +1 -1
- package/dist/plugins/agents/opencode/opencode-stdio-adapter.d.ts +2 -2
- package/dist/plugins/agents/opencode/opencode-stdio-adapter.d.ts.map +1 -1
- package/dist/plugins/agents/opencode/opencode-stdio-adapter.js +7 -5
- package/dist/plugins/agents/opencode/opencode-stdio-adapter.js.map +1 -1
- package/dist/plugins/agents/opencode/serve-manager.d.ts +1 -1
- package/dist/plugins/agents/opencode/serve-manager.d.ts.map +1 -1
- package/dist/plugins/agents/opencode/serve-manager.js +10 -10
- package/dist/plugins/agents/opencode/serve-manager.js.map +1 -1
- package/dist/plugins/agents/pi-native/factory.js +10 -10
- package/dist/plugins/agents/pi-native/factory.js.map +1 -1
- package/dist/plugins/agents/pi-native/index.d.ts +3 -3
- package/dist/plugins/agents/pi-native/index.d.ts.map +1 -1
- package/dist/plugins/agents/pi-native/index.js +2 -2
- package/dist/plugins/agents/pi-native/index.js.map +1 -1
- package/dist/plugins/agents/pi-native/tool-bridge.js +1 -1
- package/dist/plugins/agents/pi-native/tool-bridge.js.map +1 -1
- package/dist/plugins/agents/pi-native/tools.js +4 -4
- package/dist/plugins/agents/pi-native/tools.js.map +1 -1
- package/dist/plugins/messengers/dingtalk/dingtalk-adapter.d.ts +1 -1
- package/dist/plugins/messengers/dingtalk/dingtalk-adapter.js +2 -2
- package/dist/plugins/messengers/dingtalk/dingtalk-adapter.js.map +1 -1
- package/dist/plugins/messengers/email/email-adapter.js +15 -15
- package/dist/plugins/messengers/email/email-adapter.js.map +1 -1
- package/dist/plugins/messengers/telegram/media-download.d.ts +1 -1
- package/dist/plugins/messengers/telegram/media-download.js +4 -4
- package/dist/plugins/messengers/telegram/media-download.js.map +1 -1
- package/dist/plugins/messengers/telegram/telegram-adapter.d.ts +1 -1
- package/dist/plugins/messengers/telegram/telegram-adapter.js +3 -3
- package/dist/plugins/messengers/telegram/telegram-adapter.js.map +1 -1
- package/dist/plugins/messengers/wechat/context-store.js +1 -1
- package/dist/plugins/messengers/wechat/context-store.js.map +1 -1
- package/dist/plugins/messengers/wechat/ilink-adapter.js +1 -1
- package/dist/plugins/messengers/wechat/ilink-adapter.js.map +1 -1
- package/dist/plugins/messengers/wechat/ilink-client.js +1 -1
- package/dist/plugins/messengers/wechat/ilink-client.js.map +1 -1
- package/dist/plugins/messengers/wechat/media-download.js +1 -1
- package/dist/plugins/messengers/wechat/media-download.js.map +1 -1
- package/dist/scripts/migrate-gcj02-to-wgs84.js +1 -1
- package/dist/scripts/migrate-gcj02-to-wgs84.js.map +1 -1
- package/dist/web/public/assets/{a2a-CZxwvgvh.js → a2a-D7MoJ1iT.js} +2 -2
- package/dist/web/public/assets/{a2a-CZxwvgvh.js.map → a2a-D7MoJ1iT.js.map} +1 -1
- package/dist/web/public/assets/{activity-BnlFGipw.js → activity-BAgb2WZC.js} +2 -2
- package/dist/web/public/assets/{activity-BnlFGipw.js.map → activity-BAgb2WZC.js.map} +1 -1
- package/dist/web/public/assets/{admins-CH84Rw1d.js → admins-CZYANmhn.js} +2 -2
- package/dist/web/public/assets/{admins-CH84Rw1d.js.map → admins-CZYANmhn.js.map} +1 -1
- package/dist/web/public/assets/{agents-CFB4Uj6b.js → agents-BXThDW6f.js} +2 -2
- package/dist/web/public/assets/agents-BXThDW6f.js.map +1 -0
- package/dist/web/public/assets/{approvals-DnzjbDR6.js → approvals-ByPXIYVl.js} +2 -2
- package/dist/web/public/assets/{approvals-DnzjbDR6.js.map → approvals-ByPXIYVl.js.map} +1 -1
- package/dist/web/public/assets/{arrow-down-DxlRHrs8.js → arrow-down-B8DkdbEY.js} +2 -2
- package/dist/web/public/assets/{arrow-down-DxlRHrs8.js.map → arrow-down-B8DkdbEY.js.map} +1 -1
- package/dist/web/public/assets/{arrow-up-CAiQ2jy-.js → arrow-up-i_dEdXkz.js} +2 -2
- package/dist/web/public/assets/{arrow-up-CAiQ2jy-.js.map → arrow-up-i_dEdXkz.js.map} +1 -1
- package/dist/web/public/assets/{asks-DyUQopay.js → asks-yD_inOnM.js} +2 -2
- package/dist/web/public/assets/{asks-DyUQopay.js.map → asks-yD_inOnM.js.map} +1 -1
- package/dist/web/public/assets/{audit-BVHTMS82.js → audit-teCIRtgN.js} +2 -2
- package/dist/web/public/assets/{audit-BVHTMS82.js.map → audit-teCIRtgN.js.map} +1 -1
- package/dist/web/public/assets/{bell-D7iS7ctN.js → bell-CeWDMs8_.js} +2 -2
- package/dist/web/public/assets/{bell-D7iS7ctN.js.map → bell-CeWDMs8_.js.map} +1 -1
- package/dist/web/public/assets/{bgjobs-BYCQhd_1.js → bgjobs-Rc05aEy9.js} +2 -2
- package/dist/web/public/assets/bgjobs-Rc05aEy9.js.map +1 -0
- package/dist/web/public/assets/{brain-CCF25Egu.js → brain-BQqv0Zhc.js} +2 -2
- package/dist/web/public/assets/{brain-CCF25Egu.js.map → brain-BQqv0Zhc.js.map} +1 -1
- package/dist/web/public/assets/{briefcase-BMLMD8nM.js → briefcase-DUXbR4xs.js} +2 -2
- package/dist/web/public/assets/{briefcase-BMLMD8nM.js.map → briefcase-DUXbR4xs.js.map} +1 -1
- package/dist/web/public/assets/{chat-DPkKy5y_.js → chat-DQpQLW9j.js} +2 -2
- package/dist/web/public/assets/{chat-DPkKy5y_.js.map → chat-DQpQLW9j.js.map} +1 -1
- package/dist/web/public/assets/{chevron-left-BDO3vw8G.js → chevron-left-RC6mMSiX.js} +2 -2
- package/dist/web/public/assets/{chevron-left-BDO3vw8G.js.map → chevron-left-RC6mMSiX.js.map} +1 -1
- package/dist/web/public/assets/{chevron-right-5ZUC2opg.js → chevron-right-DrkYVi19.js} +2 -2
- package/dist/web/public/assets/{chevron-right-5ZUC2opg.js.map → chevron-right-DrkYVi19.js.map} +1 -1
- package/dist/web/public/assets/{circle-check-COhM5JsK.js → circle-check-DZnkaUdk.js} +2 -2
- package/dist/web/public/assets/{circle-check-COhM5JsK.js.map → circle-check-DZnkaUdk.js.map} +1 -1
- package/dist/web/public/assets/{circle-check-big-DHAHqUlS.js → circle-check-big-BC8ntMsz.js} +2 -2
- package/dist/web/public/assets/{circle-check-big-DHAHqUlS.js.map → circle-check-big-BC8ntMsz.js.map} +1 -1
- package/dist/web/public/assets/{circle-x-7VaoZ7dY.js → circle-x-DHK7ypFY.js} +2 -2
- package/dist/web/public/assets/{circle-x-7VaoZ7dY.js.map → circle-x-DHK7ypFY.js.map} +1 -1
- package/dist/web/public/assets/{clock-ZPVXnd6V.js → clock-DXHhWqJH.js} +2 -2
- package/dist/web/public/assets/{clock-ZPVXnd6V.js.map → clock-DXHhWqJH.js.map} +1 -1
- package/dist/web/public/assets/{confirm-dialog-CgpJL9oN.js → confirm-dialog-gPKJnvEW.js} +2 -2
- package/dist/web/public/assets/{confirm-dialog-CgpJL9oN.js.map → confirm-dialog-gPKJnvEW.js.map} +1 -1
- package/dist/web/public/assets/{copy-BaZl52tH.js → copy-DtQxgcR0.js} +2 -2
- package/dist/web/public/assets/{copy-BaZl52tH.js.map → copy-DtQxgcR0.js.map} +1 -1
- package/dist/web/public/assets/{data-table-BLYG79TX.js → data-table-DOKUic1J.js} +2 -2
- package/dist/web/public/assets/{data-table-BLYG79TX.js.map → data-table-DOKUic1J.js.map} +1 -1
- package/dist/web/public/assets/distill-p6P7-1UR.js +7 -0
- package/dist/web/public/assets/distill-p6P7-1UR.js.map +1 -0
- package/dist/web/public/assets/{download-bzCepctg.js → download-CqNiIHa8.js} +2 -2
- package/dist/web/public/assets/{download-bzCepctg.js.map → download-CqNiIHa8.js.map} +1 -1
- package/dist/web/public/assets/email-DwbfTUlV.js +7 -0
- package/dist/web/public/assets/email-DwbfTUlV.js.map +1 -0
- package/dist/web/public/assets/{empty-state-96qpPTNg.js → empty-state-CTwOQemt.js} +2 -2
- package/dist/web/public/assets/{empty-state-96qpPTNg.js.map → empty-state-CTwOQemt.js.map} +1 -1
- package/dist/web/public/assets/{external-link-J4nIlCem.js → external-link-BY7Ye8yi.js} +2 -2
- package/dist/web/public/assets/{external-link-J4nIlCem.js.map → external-link-BY7Ye8yi.js.map} +1 -1
- package/dist/web/public/assets/{eye-BvsBLK42.js → eye-6RUADoDS.js} +2 -2
- package/dist/web/public/assets/{eye-BvsBLK42.js.map → eye-6RUADoDS.js.map} +1 -1
- package/dist/web/public/assets/{facts-DMucDXYd.js → facts-DXE0aJmb.js} +2 -2
- package/dist/web/public/assets/{facts-DMucDXYd.js.map → facts-DXE0aJmb.js.map} +1 -1
- package/dist/web/public/assets/{goals-B9ETHgL0.js → goals-C1LCm3qL.js} +2 -2
- package/dist/web/public/assets/{goals-B9ETHgL0.js.map → goals-C1LCm3qL.js.map} +1 -1
- package/dist/web/public/assets/{health-DLzZ7KHc.js → health-wqCp-K_o.js} +2 -2
- package/dist/web/public/assets/{health-DLzZ7KHc.js.map → health-wqCp-K_o.js.map} +1 -1
- package/dist/web/public/assets/{heart-pulse-CVEeD2sz.js → heart-pulse-DfqI4GF7.js} +2 -2
- package/dist/web/public/assets/{heart-pulse-CVEeD2sz.js.map → heart-pulse-DfqI4GF7.js.map} +1 -1
- package/dist/web/public/assets/{heartbeat-B1BEBHge.js → heartbeat-Bumv4XtQ.js} +2 -2
- package/dist/web/public/assets/{heartbeat-B1BEBHge.js.map → heartbeat-Bumv4XtQ.js.map} +1 -1
- package/dist/web/public/assets/{hot-Yc7iad0D.js → hot-B-CMjQIr.js} +2 -2
- package/dist/web/public/assets/{hot-Yc7iad0D.js.map → hot-B-CMjQIr.js.map} +1 -1
- package/dist/web/public/assets/{index-DY2Zglku.js → index-DHh1LYlA.js} +29 -29
- package/dist/web/public/assets/{index-DY2Zglku.js.map → index-DHh1LYlA.js.map} +1 -1
- package/dist/web/public/assets/{injection-Ca-9gbo0.js → injection-Dn_XqgLG.js} +2 -2
- package/dist/web/public/assets/{injection-Ca-9gbo0.js.map → injection-Dn_XqgLG.js.map} +1 -1
- package/dist/web/public/assets/{installed-Zz34apdi.js → installed-Cet-1M2Q.js} +2 -2
- package/dist/web/public/assets/{installed-Zz34apdi.js.map → installed-Cet-1M2Q.js.map} +1 -1
- package/dist/web/public/assets/{jobs-CtVRpl0r.js → jobs-CfEzOOAC.js} +2 -2
- package/dist/web/public/assets/{jobs-CtVRpl0r.js.map → jobs-CfEzOOAC.js.map} +1 -1
- package/dist/web/public/assets/{layout-DnANw2Q2.js → layout-BX43KyXM.js} +2 -2
- package/dist/web/public/assets/{layout-DnANw2Q2.js.map → layout-BX43KyXM.js.map} +1 -1
- package/dist/web/public/assets/{layout-Cxch59sI.js → layout-BcYZlaqf.js} +2 -2
- package/dist/web/public/assets/{layout-Cxch59sI.js.map → layout-BcYZlaqf.js.map} +1 -1
- package/dist/web/public/assets/{layout-BTCLgkgN.js → layout-Cb7looUv.js} +2 -2
- package/dist/web/public/assets/{layout-BTCLgkgN.js.map → layout-Cb7looUv.js.map} +1 -1
- package/dist/web/public/assets/{layout-yIZG87fq.js → layout-D7xH78OU.js} +2 -2
- package/dist/web/public/assets/{layout-yIZG87fq.js.map → layout-D7xH78OU.js.map} +1 -1
- package/dist/web/public/assets/{layout-CtDc2i7w.js → layout-D_3ZcVG7.js} +2 -2
- package/dist/web/public/assets/{layout-CtDc2i7w.js.map → layout-D_3ZcVG7.js.map} +1 -1
- package/dist/web/public/assets/llm-BZ9qqp-D.js +27 -0
- package/dist/web/public/assets/llm-BZ9qqp-D.js.map +1 -0
- package/dist/web/public/assets/{loader-circle-D8L1w9c1.js → loader-circle-DgdBWYl0.js} +2 -2
- package/dist/web/public/assets/{loader-circle-D8L1w9c1.js.map → loader-circle-DgdBWYl0.js.map} +1 -1
- package/dist/web/public/assets/{map-pin--GMunU9n.js → map-pin-3QS1A0-I.js} +2 -2
- package/dist/web/public/assets/{map-pin--GMunU9n.js.map → map-pin-3QS1A0-I.js.map} +1 -1
- package/dist/web/public/assets/{mcp-DhnXhO9B.js → mcp-DwKZULET.js} +2 -2
- package/dist/web/public/assets/{mcp-DhnXhO9B.js.map → mcp-DwKZULET.js.map} +1 -1
- package/dist/web/public/assets/{memos-DQZc7llR.js → memos-BBtqFcoH.js} +2 -2
- package/dist/web/public/assets/{memos-DQZc7llR.js.map → memos-BBtqFcoH.js.map} +1 -1
- package/dist/web/public/assets/{messengers-DwSmauLs.js → messengers-i7WvNT3o.js} +2 -2
- package/dist/web/public/assets/messengers-i7WvNT3o.js.map +1 -0
- package/dist/web/public/assets/{mobile-CUZ359rQ.js → mobile-Bq0FH9JV.js} +2 -2
- package/dist/web/public/assets/{mobile-CUZ359rQ.js.map → mobile-Bq0FH9JV.js.map} +1 -1
- package/dist/web/public/assets/{network-BBdRdrH_.js → network--s113Jkm.js} +2 -2
- package/dist/web/public/assets/{network-BBdRdrH_.js.map → network--s113Jkm.js.map} +1 -1
- package/dist/web/public/assets/{outbox-CmN0U35l.js → outbox-BbfC5kuG.js} +2 -2
- package/dist/web/public/assets/{outbox-CmN0U35l.js.map → outbox-BbfC5kuG.js.map} +1 -1
- package/dist/web/public/assets/{pagination-DcsgDXXM.js → pagination-DkdCTctJ.js} +2 -2
- package/dist/web/public/assets/{pagination-DcsgDXXM.js.map → pagination-DkdCTctJ.js.map} +1 -1
- package/dist/web/public/assets/{persona-ig2ac4mY.js → persona-BvtcZh6G.js} +2 -2
- package/dist/web/public/assets/{persona-ig2ac4mY.js.map → persona-BvtcZh6G.js.map} +1 -1
- package/dist/web/public/assets/{plans-Bzbk8eUr.js → plans-i3a6lrqF.js} +2 -2
- package/dist/web/public/assets/{plans-Bzbk8eUr.js.map → plans-i3a6lrqF.js.map} +1 -1
- package/dist/web/public/assets/{play-Di1jqulh.js → play-CPoE_JnS.js} +2 -2
- package/dist/web/public/assets/{play-Di1jqulh.js.map → play-CPoE_JnS.js.map} +1 -1
- package/dist/web/public/assets/{plus-C2zyJ1mF.js → plus-CfzKV_0u.js} +2 -2
- package/dist/web/public/assets/{plus-C2zyJ1mF.js.map → plus-CfzKV_0u.js.map} +1 -1
- package/dist/web/public/assets/policy-Cm88P8LO.js +2 -0
- package/dist/web/public/assets/policy-Cm88P8LO.js.map +1 -0
- package/dist/web/public/assets/{qr-code-C-ACsKv_.js → qr-code-DMkV8nv2.js} +2 -2
- package/dist/web/public/assets/{qr-code-C-ACsKv_.js.map → qr-code-DMkV8nv2.js.map} +1 -1
- package/dist/web/public/assets/{refresh-ccw-7HdadG5V.js → refresh-ccw-nBMm5Xal.js} +2 -2
- package/dist/web/public/assets/{refresh-ccw-7HdadG5V.js.map → refresh-ccw-nBMm5Xal.js.map} +1 -1
- package/dist/web/public/assets/{reminders-BDeiVYTC.js → reminders-DjEujanC.js} +2 -2
- package/dist/web/public/assets/{reminders-BDeiVYTC.js.map → reminders-DjEujanC.js.map} +1 -1
- package/dist/web/public/assets/{save-BYFmz9gD.js → save-DbrrCFDM.js} +2 -2
- package/dist/web/public/assets/{save-BYFmz9gD.js.map → save-DbrrCFDM.js.map} +1 -1
- package/dist/web/public/assets/{schedules-BddzBrxI.js → schedules-DzwDWykc.js} +2 -2
- package/dist/web/public/assets/{schedules-BddzBrxI.js.map → schedules-DzwDWykc.js.map} +1 -1
- package/dist/web/public/assets/search-5q3dkINm.js +17 -0
- package/dist/web/public/assets/search-5q3dkINm.js.map +1 -0
- package/dist/web/public/assets/{search-DxkvV-8p.js → search-DbE4VEm9.js} +2 -2
- package/dist/web/public/assets/{search-DxkvV-8p.js.map → search-DbE4VEm9.js.map} +1 -1
- package/dist/web/public/assets/security-BIcnUrAs.js +2 -0
- package/dist/web/public/assets/security-BIcnUrAs.js.map +1 -0
- package/dist/web/public/assets/{service-BsY8CaNG.js → service-CnorFHzZ.js} +2 -2
- package/dist/web/public/assets/{service-BsY8CaNG.js.map → service-CnorFHzZ.js.map} +1 -1
- package/dist/web/public/assets/{shield-alert-DXGk9Rak.js → shield-alert-WOa69jy3.js} +2 -2
- package/dist/web/public/assets/{shield-alert-DXGk9Rak.js.map → shield-alert-WOa69jy3.js.map} +1 -1
- package/dist/web/public/assets/{status-badge-D0nbFSom.js → status-badge-D5xhwquL.js} +2 -2
- package/dist/web/public/assets/{status-badge-D0nbFSom.js.map → status-badge-D5xhwquL.js.map} +1 -1
- package/dist/web/public/assets/{subtasks-DFiAXvDp.js → subtasks-DMRyk6YS.js} +2 -2
- package/dist/web/public/assets/{subtasks-DFiAXvDp.js.map → subtasks-DMRyk6YS.js.map} +1 -1
- package/dist/web/public/assets/{table-_WsrnZ_T.js → table-Dx65w6V0.js} +2 -2
- package/dist/web/public/assets/{table-_WsrnZ_T.js.map → table-Dx65w6V0.js.map} +1 -1
- package/dist/web/public/assets/{topn-C2PHE4tX.js → topn-L7Juczp3.js} +2 -2
- package/dist/web/public/assets/{topn-C2PHE4tX.js.map → topn-L7Juczp3.js.map} +1 -1
- package/dist/web/public/assets/{trash-2-1Km439fW.js → trash-2-7xrfqd-v.js} +2 -2
- package/dist/web/public/assets/{trash-2-1Km439fW.js.map → trash-2-7xrfqd-v.js.map} +1 -1
- package/dist/web/public/assets/{use-agim-skills-COSqZrdH.js → use-agim-skills-pFjfgqMF.js} +2 -2
- package/dist/web/public/assets/{use-agim-skills-COSqZrdH.js.map → use-agim-skills-pFjfgqMF.js.map} +1 -1
- package/dist/web/public/assets/{use-background-tasks-wCL7jn68.js → use-background-tasks-D1--hHjp.js} +2 -2
- package/dist/web/public/assets/{use-background-tasks-wCL7jn68.js.map → use-background-tasks-D1--hHjp.js.map} +1 -1
- package/dist/web/public/assets/{use-memory-B9oRyQC8.js → use-memory-Bz1Zao7g.js} +2 -2
- package/dist/web/public/assets/{use-memory-B9oRyQC8.js.map → use-memory-Bz1Zao7g.js.map} +1 -1
- package/dist/web/public/assets/{use-observability-DGkN80qa.js → use-observability-DtqSWVjM.js} +2 -2
- package/dist/web/public/assets/{use-observability-DGkN80qa.js.map → use-observability-DtqSWVjM.js.map} +1 -1
- package/dist/web/public/assets/{use-settings-Co-iafXD.js → use-settings-DKbDqCEJ.js} +2 -2
- package/dist/web/public/assets/{use-settings-Co-iafXD.js.map → use-settings-DKbDqCEJ.js.map} +1 -1
- package/dist/web/public/assets/{use-workspace-BDXP5XO1.js → use-workspace-CConjEx0.js} +2 -2
- package/dist/web/public/assets/{use-workspace-BDXP5XO1.js.map → use-workspace-CConjEx0.js.map} +1 -1
- package/dist/web/public/assets/vector-D8sEa2W-.js +2 -0
- package/dist/web/public/assets/vector-D8sEa2W-.js.map +1 -0
- package/dist/web/public/assets/viewer-aSIjAKVA.js +12 -0
- package/dist/web/public/assets/viewer-aSIjAKVA.js.map +1 -0
- package/dist/web/public/assets/{workspace-BbCchiHE.js → workspace-BqwWoinI.js} +2 -2
- package/dist/web/public/assets/{workspace-BbCchiHE.js.map → workspace-BqwWoinI.js.map} +1 -1
- package/dist/web/public/assets/{workspaces-5HE7pjdA.js → workspaces-ChsJcrav.js} +2 -2
- package/dist/web/public/assets/{workspaces-5HE7pjdA.js.map → workspaces-ChsJcrav.js.map} +1 -1
- package/dist/web/public/index.html +1 -1
- package/dist/web/public/loc.html +1 -1
- package/dist/web/public/login.html +2 -2
- package/dist/web/server.d.ts +2 -2
- package/dist/web/server.js +118 -119
- package/dist/web/server.js.map +1 -1
- package/package.json +2 -3
- package/dist/core/llm/imhub-dispatcher.d.ts.map +0 -1
- package/dist/core/llm/imhub-dispatcher.js.map +0 -1
- package/dist/web/public/assets/agents-CFB4Uj6b.js.map +0 -1
- package/dist/web/public/assets/bgjobs-BYCQhd_1.js.map +0 -1
- package/dist/web/public/assets/distill-D9p8O8Jf.js +0 -7
- package/dist/web/public/assets/distill-D9p8O8Jf.js.map +0 -1
- package/dist/web/public/assets/email-Douv-rZ5.js +0 -7
- package/dist/web/public/assets/email-Douv-rZ5.js.map +0 -1
- package/dist/web/public/assets/llm-CMMa85Ig.js +0 -27
- package/dist/web/public/assets/llm-CMMa85Ig.js.map +0 -1
- package/dist/web/public/assets/messengers-DwSmauLs.js.map +0 -1
- package/dist/web/public/assets/policy-yD1c2Pcn.js +0 -2
- package/dist/web/public/assets/policy-yD1c2Pcn.js.map +0 -1
- package/dist/web/public/assets/search-B8PlbtLg.js +0 -17
- package/dist/web/public/assets/search-B8PlbtLg.js.map +0 -1
- package/dist/web/public/assets/security-DpOGp3nS.js +0 -2
- package/dist/web/public/assets/security-DpOGp3nS.js.map +0 -1
- package/dist/web/public/assets/vector-BfIEx8xX.js +0 -2
- package/dist/web/public/assets/vector-BfIEx8xX.js.map +0 -1
- package/dist/web/public/assets/viewer-BPMZkT05.js +0 -12
- package/dist/web/public/assets/viewer-BPMZkT05.js.map +0 -1
package/dist/web/server.js
CHANGED
|
@@ -109,7 +109,7 @@ function hasForwardedPeerHeaders(req) {
|
|
|
109
109
|
function isTrustedLoopbackPeer(req) {
|
|
110
110
|
if (!isLoopbackPeer(req))
|
|
111
111
|
return false;
|
|
112
|
-
if (isEnvOff('
|
|
112
|
+
if (isEnvOff('AGIM_TRUST_LOOPBACK'))
|
|
113
113
|
return false;
|
|
114
114
|
// A reverse proxy on the same host makes remote users appear as
|
|
115
115
|
// 127.0.0.1. Treat forwarded requests as network traffic and require
|
|
@@ -183,7 +183,7 @@ function extractToken(req, url) {
|
|
|
183
183
|
/** Returns true if the request is authenticated (or auth not required). */
|
|
184
184
|
function checkAuth(req, res, url) {
|
|
185
185
|
// 1. Disabled by env → pass through.
|
|
186
|
-
if ((process.env.
|
|
186
|
+
if ((process.env.AGIM_WEB_AUTH || '').toLowerCase() === 'off')
|
|
187
187
|
return true;
|
|
188
188
|
// 2. Trusted loopback → pass through (local CLI / browser-on-same-host).
|
|
189
189
|
if (isTrustedLoopbackPeer(req))
|
|
@@ -242,7 +242,7 @@ function verifyTokenSync(raw) {
|
|
|
242
242
|
* - otherwise → 'web:unknown' (request should already have been rejected
|
|
243
243
|
* by checkAuth — this branch exists for defensive logging). */
|
|
244
244
|
function getRequestActor(req) {
|
|
245
|
-
if ((process.env.
|
|
245
|
+
if ((process.env.AGIM_WEB_AUTH || '').toLowerCase() === 'off')
|
|
246
246
|
return 'web:auth-off';
|
|
247
247
|
if (isTrustedLoopbackPeer(req))
|
|
248
248
|
return 'web:loopback';
|
|
@@ -266,17 +266,17 @@ function getRequestActor(req) {
|
|
|
266
266
|
* can't elevate to control plane (R13 A1).
|
|
267
267
|
*
|
|
268
268
|
* Trust order:
|
|
269
|
-
* 1.
|
|
269
|
+
* 1. AGIM_WEB_AUTH=off → admin (operator explicitly disabled auth)
|
|
270
270
|
* 2. Trusted loopback → admin (operator on the host)
|
|
271
271
|
* 3. Bearer token → token.role === 'admin'
|
|
272
272
|
* 4. Otherwise → not admin
|
|
273
273
|
*
|
|
274
274
|
* Note: when no token has been created yet (pre-bootstrap), the
|
|
275
275
|
* trusted-loopback branch still grants admin so the CLI bootstrap flow
|
|
276
|
-
* works. Disable it with
|
|
276
|
+
* works. Disable it with AGIM_TRUST_LOOPBACK=off. Reverse-proxied
|
|
277
277
|
* requests with Forwarded / X-Forwarded-* peer headers never qualify. */
|
|
278
278
|
function isRequestAdmin(req) {
|
|
279
|
-
if ((process.env.
|
|
279
|
+
if ((process.env.AGIM_WEB_AUTH || '').toLowerCase() === 'off')
|
|
280
280
|
return true;
|
|
281
281
|
if (isTrustedLoopbackPeer(req))
|
|
282
282
|
return true;
|
|
@@ -332,7 +332,7 @@ export function createSerialQueue() {
|
|
|
332
332
|
*/
|
|
333
333
|
export async function startWebServer(options) {
|
|
334
334
|
const port = options.port || DEFAULT_PORT;
|
|
335
|
-
const bindHost = process.env.
|
|
335
|
+
const bindHost = process.env.AGIM_WEB_BIND || '127.0.0.1';
|
|
336
336
|
const clients = new Map();
|
|
337
337
|
// R9: threadId → tokenId ownership. A WS peer claims a threadId on
|
|
338
338
|
// first connection (verifyClient already verified the token); later
|
|
@@ -344,7 +344,7 @@ export async function startWebServer(options) {
|
|
|
344
344
|
// v1.1.10+: token-based auth for the web console.
|
|
345
345
|
// ─ loopback peers (127.0.0.1 / ::1) bypass auth (local CLI / curl)
|
|
346
346
|
// ─ public viewer pages (/v/:id, /loc, /l/<token>) remain public
|
|
347
|
-
// ─
|
|
347
|
+
// ─ AGIM_WEB_AUTH=off disables the gate entirely (for ops with proxy auth)
|
|
348
348
|
// On first start, bootstrapIfEmpty() generates a one-time bootstrap token
|
|
349
349
|
// and prints it to stdout + the logger so the operator finds it in journalctl.
|
|
350
350
|
const accessTokenModule = await import('../core/access-token.js');
|
|
@@ -361,16 +361,16 @@ export async function startWebServer(options) {
|
|
|
361
361
|
webLog.warn({
|
|
362
362
|
event: 'web.auth_disabled_on_public_bind',
|
|
363
363
|
bind: bindHost,
|
|
364
|
-
}, '
|
|
364
|
+
}, 'AGIM_WEB_AUTH=off + public bind — auth deliberately off, ensure your reverse proxy handles access control');
|
|
365
365
|
}
|
|
366
366
|
// R13 C2 — when binding to a non-loopback address, the operator
|
|
367
367
|
// almost certainly intends to put a TLS-terminating reverse proxy
|
|
368
368
|
// in front of agim. We can't reliably detect from inside whether
|
|
369
369
|
// that's been done (X-Forwarded-Proto could be forged), so we
|
|
370
370
|
// surface a one-time banner + audit row at boot. Suppress with
|
|
371
|
-
//
|
|
371
|
+
// AGIM_WEB_TLS_ACK=1 for the operator who's already done the
|
|
372
372
|
// checklist and wants quiet logs.
|
|
373
|
-
if (isPublicBind && process.env.
|
|
373
|
+
if (isPublicBind && process.env.AGIM_WEB_TLS_ACK !== '1') {
|
|
374
374
|
const banner = [
|
|
375
375
|
'',
|
|
376
376
|
'━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━',
|
|
@@ -383,7 +383,7 @@ export async function startWebServer(options) {
|
|
|
383
383
|
' any network you do not control.',
|
|
384
384
|
'',
|
|
385
385
|
' Silence this banner once your terminator is verified:',
|
|
386
|
-
'
|
|
386
|
+
' AGIM_WEB_TLS_ACK=1',
|
|
387
387
|
'━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━',
|
|
388
388
|
'',
|
|
389
389
|
].join('\n');
|
|
@@ -392,7 +392,7 @@ export async function startWebServer(options) {
|
|
|
392
392
|
event: 'web.public_bind_no_tls_ack',
|
|
393
393
|
bind: bindHost,
|
|
394
394
|
port,
|
|
395
|
-
}, `non-loopback bind without
|
|
395
|
+
}, `non-loopback bind without AGIM_WEB_TLS_ACK=1 — confirm reverse-proxy TLS termination`);
|
|
396
396
|
try {
|
|
397
397
|
void (async () => {
|
|
398
398
|
const { logAuditEvent } = await import('../core/audit-log.js');
|
|
@@ -411,8 +411,8 @@ export async function startWebServer(options) {
|
|
|
411
411
|
event: 'web.auth_mode',
|
|
412
412
|
bind: bindHost,
|
|
413
413
|
enabled: isAuthEnabled(),
|
|
414
|
-
trustLoopback: !isEnvOff('
|
|
415
|
-
}, `Web console auth: ${isAuthEnabled() ? 'token-gated' : 'disabled (
|
|
414
|
+
trustLoopback: !isEnvOff('AGIM_TRUST_LOOPBACK'),
|
|
415
|
+
}, `Web console auth: ${isAuthEnabled() ? 'token-gated' : 'disabled (AGIM_WEB_AUTH=off)'}`);
|
|
416
416
|
// HTTP request handler — static files + REST API
|
|
417
417
|
const httpServer = createServer(async (req, res) => {
|
|
418
418
|
const url = new URL(req.url || '/', `http://localhost:${port}`);
|
|
@@ -423,7 +423,7 @@ export async function startWebServer(options) {
|
|
|
423
423
|
return;
|
|
424
424
|
// v1.2.72 — v2 SPA is the only web admin. The legacy v1 monolithic
|
|
425
425
|
// HTML pages (settings.html / tasks.html / reminders.html /
|
|
426
|
-
// memos.html / _app.js) have been removed; the `
|
|
426
|
+
// memos.html / _app.js) have been removed; the `AGIM_WEB_V2` env
|
|
427
427
|
// gate is gone — there is no v1 fallback anymore. Operators who
|
|
428
428
|
// were on the legacy layout flipped over automatically when they
|
|
429
429
|
// upgraded past 1.2.21 (default switch); the env knob remained as
|
|
@@ -591,7 +591,7 @@ export async function startWebServer(options) {
|
|
|
591
591
|
// - PC browsers anywhere: WGS-84.
|
|
592
592
|
// Default to WGS-84 pass-through (matches the most common Chinese
|
|
593
593
|
// mobile path — WeChat — which was silently miscalibrated before
|
|
594
|
-
// the 2026-05-12 fix). iOS users in China set
|
|
594
|
+
// the 2026-05-12 fix). iOS users in China set AGIM_H5_COORDS_GCJ02=1
|
|
595
595
|
// to restore the GCJ→WGS path. See core/coord-systems.ts.
|
|
596
596
|
const norm = normalizeIncomingCoords('h5-browser-geolocation', rawLat, rawLng);
|
|
597
597
|
const lat = norm.lat;
|
|
@@ -775,7 +775,7 @@ export async function startWebServer(options) {
|
|
|
775
775
|
return;
|
|
776
776
|
return handleDeleteMemo(req, res, Number.parseInt(memoIdMatch[1], 10));
|
|
777
777
|
}
|
|
778
|
-
// /api/env — read/write SMTP + Baidu AK +
|
|
778
|
+
// /api/env — read/write SMTP + Baidu AK + AGIM_WEB_BIND. Values
|
|
779
779
|
// sensitive enough that GET returns them masked (only the last 4 chars
|
|
780
780
|
// visible) unless an explicit ?reveal=1 is passed. Keep the settings
|
|
781
781
|
// surface admin-only: even masked values disclose configured providers.
|
|
@@ -791,7 +791,7 @@ export async function startWebServer(options) {
|
|
|
791
791
|
}
|
|
792
792
|
// v1.2.67 — Security diagnostics. Surfaces boot-time observations the
|
|
793
793
|
// Security UI page renders as read-only badges (uid, env file perms,
|
|
794
|
-
// bwrap availability,
|
|
794
|
+
// bwrap availability, AGIM_ALLOWED_USERS configured? …).
|
|
795
795
|
if (url.pathname === '/api/security/diagnostics' && req.method === 'GET') {
|
|
796
796
|
if (!requireAdmin(req, res))
|
|
797
797
|
return;
|
|
@@ -1232,7 +1232,7 @@ export async function startWebServer(options) {
|
|
|
1232
1232
|
}
|
|
1233
1233
|
// Auth-off / trusted-loopback bypass — mirror checkAuth's two short-circuits
|
|
1234
1234
|
// so dev / local CLI sessions still work without a token.
|
|
1235
|
-
if ((process.env.
|
|
1235
|
+
if ((process.env.AGIM_WEB_AUTH || '').toLowerCase() === 'off')
|
|
1236
1236
|
return cb(true);
|
|
1237
1237
|
if (isTrustedLoopbackPeer(info.req))
|
|
1238
1238
|
return cb(true);
|
|
@@ -1270,9 +1270,9 @@ export async function startWebServer(options) {
|
|
|
1270
1270
|
// M3: cap concurrent WS clients so a leaked / shared web token can't OOM
|
|
1271
1271
|
// the host by opening unbounded connections. Default 100 is generous for
|
|
1272
1272
|
// a single-user / small-team setup; production multi-tenant should set
|
|
1273
|
-
//
|
|
1273
|
+
// AGIM_MAX_WS_CLIENTS to a higher value.
|
|
1274
1274
|
const maxWsClients = (() => {
|
|
1275
|
-
const raw = process.env.
|
|
1275
|
+
const raw = process.env.AGIM_MAX_WS_CLIENTS;
|
|
1276
1276
|
if (raw) {
|
|
1277
1277
|
const n = parseInt(raw, 10);
|
|
1278
1278
|
if (Number.isFinite(n) && n > 0)
|
|
@@ -1285,14 +1285,14 @@ export async function startWebServer(options) {
|
|
|
1285
1285
|
// token can still spawn N parallel browser tabs / processes and
|
|
1286
1286
|
// saturate the file-descriptor pool.
|
|
1287
1287
|
//
|
|
1288
|
-
//
|
|
1289
|
-
//
|
|
1288
|
+
// AGIM_WS_MAX_PER_IP active connections per IP (default 20)
|
|
1289
|
+
// AGIM_WS_MAX_NEW_PER_IP_PER_MIN new connections per IP per minute (default 30)
|
|
1290
1290
|
//
|
|
1291
1291
|
// Trusted loopback bypasses both — local dev / CLI tooling makes many
|
|
1292
1292
|
// short connections legitimately. Reverse-proxied loopback traffic is
|
|
1293
1293
|
// still counted as network traffic.
|
|
1294
1294
|
const wsMaxPerIp = (() => {
|
|
1295
|
-
const raw = process.env.
|
|
1295
|
+
const raw = process.env.AGIM_WS_MAX_PER_IP;
|
|
1296
1296
|
if (raw) {
|
|
1297
1297
|
const n = parseInt(raw, 10);
|
|
1298
1298
|
if (Number.isFinite(n) && n > 0)
|
|
@@ -1301,7 +1301,7 @@ export async function startWebServer(options) {
|
|
|
1301
1301
|
return 20;
|
|
1302
1302
|
})();
|
|
1303
1303
|
const wsMaxNewPerIpPerMin = (() => {
|
|
1304
|
-
const raw = process.env.
|
|
1304
|
+
const raw = process.env.AGIM_WS_MAX_NEW_PER_IP_PER_MIN;
|
|
1305
1305
|
if (raw) {
|
|
1306
1306
|
const n = parseInt(raw, 10);
|
|
1307
1307
|
if (Number.isFinite(n) && n > 0)
|
|
@@ -1546,7 +1546,7 @@ export async function startWebServer(options) {
|
|
|
1546
1546
|
});
|
|
1547
1547
|
});
|
|
1548
1548
|
// Default to loopback; operators can opt into LAN/public exposure with
|
|
1549
|
-
//
|
|
1549
|
+
// AGIM_WEB_BIND=0.0.0.0 behind their firewall/reverse proxy.
|
|
1550
1550
|
await new Promise((resolve, reject) => {
|
|
1551
1551
|
httpServer.on('error', reject);
|
|
1552
1552
|
httpServer.listen(port, bindHost, () => resolve());
|
|
@@ -1700,7 +1700,7 @@ async function handleGetConfig(_req, res) {
|
|
|
1700
1700
|
const showGlobalIm = isGlobalImEnabled();
|
|
1701
1701
|
const showRemoteAgent = isRemoteAgentEnabled();
|
|
1702
1702
|
// v1.2.69 — IM platform blacklist. When an operator sets
|
|
1703
|
-
//
|
|
1703
|
+
// AGIM_PLATFORM_BLACKLIST=telegram,discord (etc.), those platforms
|
|
1704
1704
|
// are hidden from the admin SPA entirely — credentials still live
|
|
1705
1705
|
// on disk but the UI shows nothing for that platform AND the
|
|
1706
1706
|
// registry refuses to register the adapter at boot. Default empty.
|
|
@@ -2227,7 +2227,7 @@ async function handleServiceStart(res) {
|
|
|
2227
2227
|
}
|
|
2228
2228
|
try {
|
|
2229
2229
|
const { spawn } = await import('node:child_process');
|
|
2230
|
-
const unitName =
|
|
2230
|
+
const unitName = 'agim.service';
|
|
2231
2231
|
// Detached + fire-and-forget so the HTTP response isn't held
|
|
2232
2232
|
// for the full systemd activation timeline.
|
|
2233
2233
|
const child = spawn('systemctl', ['start', unitName], { detached: true, stdio: 'ignore' });
|
|
@@ -2261,8 +2261,7 @@ async function handleServiceStop(res) {
|
|
|
2261
2261
|
// systemctl stop handles the kill for us — no self-exit needed.
|
|
2262
2262
|
try {
|
|
2263
2263
|
const { execSync } = await import('node:child_process');
|
|
2264
|
-
|
|
2265
|
-
const unitName = existsSync('/etc/systemd/system/agim.service') ? 'agim.service' : 'im-hub.service';
|
|
2264
|
+
const unitName = 'agim.service';
|
|
2266
2265
|
execSync(`systemctl stop ${unitName}`);
|
|
2267
2266
|
// R14 §四 — sweep stray pids after systemctl stop, same way
|
|
2268
2267
|
// restart does pre-stop. systemctl reports success when its
|
|
@@ -2345,7 +2344,7 @@ async function handleServiceRestart(res) {
|
|
|
2345
2344
|
}
|
|
2346
2345
|
try {
|
|
2347
2346
|
const { spawn } = await import('node:child_process');
|
|
2348
|
-
const unitName =
|
|
2347
|
+
const unitName = 'agim.service';
|
|
2349
2348
|
// v1.5 — fire-and-forget. execSync blocked the HTTP response until
|
|
2350
2349
|
// systemctl had finished stop+start (5-10s), making the web button
|
|
2351
2350
|
// look frozen to the user. Detach the child so we can ACK the
|
|
@@ -2822,82 +2821,82 @@ async function handleDeleteMemo(_req, res, id) {
|
|
|
2822
2821
|
}
|
|
2823
2822
|
// ─── env file (SMTP + Baidu AK + …) ────────────────────────────────────
|
|
2824
2823
|
const ENV_EDITABLE_KEYS = [
|
|
2825
|
-
'
|
|
2826
|
-
'
|
|
2827
|
-
'
|
|
2828
|
-
'
|
|
2824
|
+
'AGIM_SMTP_HOST', 'AGIM_SMTP_PORT', 'AGIM_SMTP_USER', 'AGIM_SMTP_PASS',
|
|
2825
|
+
'AGIM_SMTP_FROM', 'AGIM_SMTP_SECURE',
|
|
2826
|
+
'AGIM_BAIDU_MAP_AK',
|
|
2827
|
+
'AGIM_LOC_BASE_URL', 'AGIM_TZ_OFFSET_HOURS',
|
|
2829
2828
|
// Safety card toggle — drives the Claude --dangerously-skip-permissions
|
|
2830
2829
|
// branch in plugins/agents/claude-code/index.ts. Not a secret, plain '1'/'0'.
|
|
2831
|
-
'
|
|
2830
|
+
'AGIM_DANGEROUSLY_SKIP_PERMISSIONS',
|
|
2832
2831
|
// Approval Policy card — 'allow' | 'deny' (default deny). Decides what the
|
|
2833
2832
|
// approval bus does when a tool-use prompt times out with no human reply.
|
|
2834
2833
|
// Hot-reload: handlePutEnv mutates process.env so approval-bus picks up the
|
|
2835
2834
|
// new value on the next timer fire, no restart needed.
|
|
2836
|
-
'
|
|
2835
|
+
'AGIM_TIMEOUT_DEFAULT',
|
|
2837
2836
|
// v1.2 — IM long-message viewer. Operator sets the public URL pointing at
|
|
2838
2837
|
// their reverse-proxied agim web port; thresholds tune when routing kicks
|
|
2839
2838
|
// in. Hot-reload works because viewer-config reads process.env every call.
|
|
2840
|
-
'
|
|
2841
|
-
'
|
|
2842
|
-
'
|
|
2843
|
-
'
|
|
2844
|
-
'
|
|
2845
|
-
'
|
|
2846
|
-
'
|
|
2839
|
+
'AGIM_VIEWER_ENABLED',
|
|
2840
|
+
'AGIM_VIEWER_PUBLIC_BASE_URL',
|
|
2841
|
+
'AGIM_VIEWER_CHARS',
|
|
2842
|
+
'AGIM_VIEWER_LINES',
|
|
2843
|
+
'AGIM_VIEWER_CODE_LINES',
|
|
2844
|
+
'AGIM_VIEWER_MAX_PASTES',
|
|
2845
|
+
'AGIM_VIEWER_TUNNEL_MODE',
|
|
2847
2846
|
// v1.2.43 — opt out of community default paste server (viewer.iclaw.host).
|
|
2848
|
-
'
|
|
2847
|
+
'AGIM_VIEWER_NO_DEFAULT_REMOTE',
|
|
2849
2848
|
// v1.1.10 — A2A notification settings (see src/core/a2a-notify.ts).
|
|
2850
|
-
'
|
|
2851
|
-
'
|
|
2852
|
-
'
|
|
2853
|
-
'
|
|
2854
|
-
'
|
|
2849
|
+
'AGIM_A2A_TIMEOUT_DEFAULT_MS',
|
|
2850
|
+
'AGIM_A2A_MAX_TIMEOUT_MS',
|
|
2851
|
+
'AGIM_A2A_NOTIFY_MODE',
|
|
2852
|
+
'AGIM_A2A_NOTIFY_MAX_DEPTH',
|
|
2853
|
+
'AGIM_A2A_HEARTBEAT_MIN',
|
|
2855
2854
|
// v1.5 — long-term memory (see src/core/memory.ts + persona.ts).
|
|
2856
|
-
'
|
|
2855
|
+
'AGIM_MEMORY_ENABLED',
|
|
2857
2856
|
// P1/P2 — dream distillation (background fact extraction; see
|
|
2858
2857
|
// src/core/memory-distiller.ts).
|
|
2859
|
-
'
|
|
2860
|
-
'
|
|
2861
|
-
'
|
|
2862
|
-
'
|
|
2863
|
-
'
|
|
2864
|
-
'
|
|
2865
|
-
'
|
|
2858
|
+
'AGIM_MEMORY_DISTILL_ENABLED',
|
|
2859
|
+
'AGIM_MEMORY_DISTILL_SOURCE',
|
|
2860
|
+
'AGIM_MEMORY_DISTILL_AGENT',
|
|
2861
|
+
'AGIM_MEMORY_DISTILL_INTERVAL_MS',
|
|
2862
|
+
'AGIM_MEMORY_DISTILL_FLOOR_MIN',
|
|
2863
|
+
'AGIM_MEMORY_DISTILL_BATCH_MAX',
|
|
2864
|
+
'AGIM_MEMORY_DISTILL_MAX_PENDING',
|
|
2866
2865
|
// v1.6 — vector retrieval (opt-in, OFF by default).
|
|
2867
|
-
'
|
|
2868
|
-
'
|
|
2869
|
-
'
|
|
2870
|
-
'
|
|
2871
|
-
'
|
|
2872
|
-
'
|
|
2873
|
-
'
|
|
2866
|
+
'AGIM_MEMORY_VECTOR_BACKEND',
|
|
2867
|
+
'AGIM_MEMORY_VECTOR_LOCAL_MODEL',
|
|
2868
|
+
'AGIM_MEMORY_VECTOR_OPENAI_BASE_URL',
|
|
2869
|
+
'AGIM_MEMORY_VECTOR_OPENAI_MODEL',
|
|
2870
|
+
'AGIM_MEMORY_VECTOR_OPENAI_API_KEY',
|
|
2871
|
+
'AGIM_MEMORY_VECTOR_BATCH_SIZE',
|
|
2872
|
+
'AGIM_MEMORY_VECTOR_HYBRID_WEIGHT',
|
|
2874
2873
|
// v1.2.67 — Security page surfaces these (added in v1.2.58–v1.2.66).
|
|
2875
2874
|
// Sender allowlist — who can talk to the bot at all.
|
|
2876
|
-
'
|
|
2875
|
+
'AGIM_ALLOWED_USERS',
|
|
2877
2876
|
// Native fs tools — workspace restriction + per-tool timeout.
|
|
2878
|
-
'
|
|
2879
|
-
'
|
|
2877
|
+
'AGIM_NATIVE_FS_RESTRICT',
|
|
2878
|
+
'AGIM_NATIVE_FS_TIMEOUT_MS',
|
|
2880
2879
|
// Native web tools — SSRF guards.
|
|
2881
|
-
'
|
|
2882
|
-
'
|
|
2883
|
-
'
|
|
2880
|
+
'AGIM_NATIVE_WEB_ALLOW_PRIVATE',
|
|
2881
|
+
'AGIM_NATIVE_WEB_SSRF_WHITELIST',
|
|
2882
|
+
'AGIM_NATIVE_WEB_TIMEOUT_MS',
|
|
2884
2883
|
// Native exec tool — bwrap sandbox + sub-knobs.
|
|
2885
|
-
'
|
|
2886
|
-
'
|
|
2887
|
-
'
|
|
2888
|
-
'
|
|
2884
|
+
'AGIM_EXEC_SANDBOX',
|
|
2885
|
+
'AGIM_EXEC_SANDBOX_NET',
|
|
2886
|
+
'AGIM_EXEC_TIMEOUT_MS',
|
|
2887
|
+
'AGIM_EXEC_MAX_OUTPUT',
|
|
2889
2888
|
// Native call_agent per-turn cap.
|
|
2890
|
-
'
|
|
2889
|
+
'AGIM_NATIVE_CALL_AGENT_MAX_PER_TURN',
|
|
2891
2890
|
// v1.2.69 — IM platform blacklist (CSV of platform ids). Default
|
|
2892
2891
|
// empty (no blocks); listed platforms vanish from web + CLI + are
|
|
2893
2892
|
// refused at registry.registerMessenger.
|
|
2894
|
-
'
|
|
2893
|
+
'AGIM_PLATFORM_BLACKLIST',
|
|
2895
2894
|
// v1.2.126 — web_search provider chain (CSV) + each provider's API
|
|
2896
|
-
// key. `
|
|
2895
|
+
// key. `AGIM_WEB_SEARCH_PROVIDERS` orders the fallback chain (e.g.
|
|
2897
2896
|
// 'tavily,brave,duckduckgo'); a missing/empty value falls back to
|
|
2898
2897
|
// DEFAULT_PROVIDER_ORDER in web-dispatcher. The 5 *_API_KEY values
|
|
2899
2898
|
// gate per-provider availability (duckduckgo needs no key).
|
|
2900
|
-
'
|
|
2899
|
+
'AGIM_WEB_SEARCH_PROVIDERS',
|
|
2901
2900
|
'TAVILY_API_KEY',
|
|
2902
2901
|
'BRAVE_API_KEY',
|
|
2903
2902
|
'SERPER_API_KEY',
|
|
@@ -2907,47 +2906,47 @@ const ENV_EDITABLE_KEYS = [
|
|
|
2907
2906
|
// timeout / blank-response retry / length-recovery retry). Hot-
|
|
2908
2907
|
// reload: each subsystem re-reads process.env on every call, so
|
|
2909
2908
|
// editing these takes effect without a restart.
|
|
2910
|
-
'
|
|
2911
|
-
'
|
|
2912
|
-
'
|
|
2913
|
-
'
|
|
2909
|
+
'AGIM_NATIVE_TOOL_RESULT_MAX_CHARS',
|
|
2910
|
+
'AGIM_NATIVE_TOOL_TIMEOUT_MS',
|
|
2911
|
+
'AGIM_NATIVE_BLANK_RETRY_MAX',
|
|
2912
|
+
'AGIM_NATIVE_LENGTH_RECOVERY_MAX',
|
|
2914
2913
|
// v1.2.127 — A2A sub-agent spawn (depth / timeout / in-process /
|
|
2915
2914
|
// per-turn cap). All hot-read; flipping in-process to 'off' makes
|
|
2916
2915
|
// the next call_agent('native', …) reboot via the subprocess CLI
|
|
2917
2916
|
// adapter instead of the v1.2.121 fast path.
|
|
2918
|
-
'
|
|
2919
|
-
'
|
|
2920
|
-
'
|
|
2921
|
-
'
|
|
2917
|
+
'AGIM_A2A_MAX_DEPTH',
|
|
2918
|
+
'AGIM_A2A_TIMEOUT_DEFAULT_MS',
|
|
2919
|
+
'AGIM_NATIVE_CALL_AGENT_IN_PROCESS',
|
|
2920
|
+
'AGIM_NATIVE_CALL_AGENT_MAX_PER_TURN',
|
|
2922
2921
|
// v1.2.127 — early-stop + critic. Semantic stuck-loop default ON
|
|
2923
2922
|
// catches the v1.2.122 case (3 different tools, same salient arg).
|
|
2924
2923
|
// Critic default OFF — opt-in goal-divergence detector.
|
|
2925
|
-
'
|
|
2926
|
-
'
|
|
2927
|
-
'
|
|
2928
|
-
'
|
|
2924
|
+
'AGIM_NATIVE_SEMANTIC_STUCK_LOOP',
|
|
2925
|
+
'AGIM_NATIVE_CRITIC',
|
|
2926
|
+
'AGIM_NATIVE_CRITIC_ROLE',
|
|
2927
|
+
'AGIM_NATIVE_PLAN_MODE',
|
|
2929
2928
|
// v1.2.135 — auto-enter heuristic + custom phrase list.
|
|
2930
|
-
'
|
|
2931
|
-
'
|
|
2929
|
+
'AGIM_PLAN_INTENT_AUTO',
|
|
2930
|
+
'AGIM_PLAN_INTENT_PHRASES',
|
|
2932
2931
|
// v1.2.127 — auto-compact 4 sliders (OpenHands Condenser pattern).
|
|
2933
2932
|
// KEEP_FIRST defaults to 1 since v1.2.125 (original user goal at idx 0).
|
|
2934
|
-
'
|
|
2935
|
-
'
|
|
2936
|
-
'
|
|
2937
|
-
'
|
|
2933
|
+
'AGIM_NATIVE_COMPACT_TRIGGER_CHARS',
|
|
2934
|
+
'AGIM_NATIVE_COMPACT_KEEP_TURNS',
|
|
2935
|
+
'AGIM_NATIVE_COMPACT_KEEP_FIRST',
|
|
2936
|
+
'AGIM_NATIVE_COMPACT_SUMMARY_CHARS',
|
|
2938
2937
|
// v1.2.127 — streaming + iteration cap. STREAM_PARTIAL default ON
|
|
2939
2938
|
// preserves partial assistant text on IM's 30-min hard timeout.
|
|
2940
|
-
'
|
|
2941
|
-
'
|
|
2939
|
+
'AGIM_NATIVE_STREAM_PARTIAL',
|
|
2940
|
+
'AGIM_NATIVE_AGENT_MAX_ITER',
|
|
2942
2941
|
// v1.2.138 — first-token retry on transient stream errors (terminated /
|
|
2943
2942
|
// ECONNRESET / fetch failed / socket hang up). Default retries once.
|
|
2944
|
-
'
|
|
2945
|
-
'
|
|
2943
|
+
'AGIM_NATIVE_FIRSTTOKEN_RETRY_MAX',
|
|
2944
|
+
'AGIM_NATIVE_FIRSTTOKEN_RETRY_DELAY_MS',
|
|
2946
2945
|
];
|
|
2947
2946
|
const SECRET_KEYS = new Set([
|
|
2948
|
-
'
|
|
2949
|
-
'
|
|
2950
|
-
'
|
|
2947
|
+
'AGIM_SMTP_PASS',
|
|
2948
|
+
'AGIM_BAIDU_MAP_AK',
|
|
2949
|
+
'AGIM_MEMORY_VECTOR_OPENAI_API_KEY',
|
|
2951
2950
|
// v1.2.126 — web search keys are bearer tokens / API keys, so
|
|
2952
2951
|
// they're masked on GET and refused if echoed back on PUT.
|
|
2953
2952
|
'TAVILY_API_KEY',
|
|
@@ -3002,10 +3001,10 @@ async function handleSecurityDiagnostics(_req, res) {
|
|
|
3002
3001
|
// (process.env, which is what runtime sees) without round-tripping
|
|
3003
3002
|
// through the env file.
|
|
3004
3003
|
liveEnv: {
|
|
3005
|
-
|
|
3006
|
-
|
|
3007
|
-
|
|
3008
|
-
|
|
3004
|
+
AGIM_EXEC_SANDBOX: process.env.AGIM_EXEC_SANDBOX ?? null,
|
|
3005
|
+
AGIM_NATIVE_FS_RESTRICT: process.env.AGIM_NATIVE_FS_RESTRICT ?? null,
|
|
3006
|
+
AGIM_TIMEOUT_DEFAULT: process.env.AGIM_TIMEOUT_DEFAULT ?? null,
|
|
3007
|
+
AGIM_DANGEROUSLY_SKIP_PERMISSIONS: process.env.AGIM_DANGEROUSLY_SKIP_PERMISSIONS ?? null,
|
|
3009
3008
|
},
|
|
3010
3009
|
},
|
|
3011
3010
|
});
|
|
@@ -3100,9 +3099,9 @@ async function handleEmailTest(req, res) {
|
|
|
3100
3099
|
// Drain body even though we don't use it, so the connection doesn't
|
|
3101
3100
|
// stall under keep-alive.
|
|
3102
3101
|
await readBody(req, res);
|
|
3103
|
-
const host = process.env.
|
|
3104
|
-
const user = process.env.
|
|
3105
|
-
const pass = process.env.
|
|
3102
|
+
const host = process.env.AGIM_SMTP_HOST?.trim();
|
|
3103
|
+
const user = process.env.AGIM_SMTP_USER?.trim();
|
|
3104
|
+
const pass = process.env.AGIM_SMTP_PASS;
|
|
3106
3105
|
if (!host || !user || !pass) {
|
|
3107
3106
|
sendError(res, 400, 'EMAIL_NOT_CONFIGURED', {
|
|
3108
3107
|
message: 'SMTP not configured (host / user / pass required)',
|
|
@@ -3110,10 +3109,10 @@ async function handleEmailTest(req, res) {
|
|
|
3110
3109
|
});
|
|
3111
3110
|
return;
|
|
3112
3111
|
}
|
|
3113
|
-
const portRaw = process.env.
|
|
3112
|
+
const portRaw = process.env.AGIM_SMTP_PORT?.trim();
|
|
3114
3113
|
const portNum = portRaw ? Number.parseInt(portRaw, 10) : 465;
|
|
3115
3114
|
const port = Number.isFinite(portNum) && portNum > 0 && portNum <= 65535 ? portNum : 465;
|
|
3116
|
-
const secureRaw = process.env.
|
|
3115
|
+
const secureRaw = process.env.AGIM_SMTP_SECURE?.trim().toLowerCase();
|
|
3117
3116
|
const secure = secureRaw !== undefined
|
|
3118
3117
|
? (secureRaw === '1' || secureRaw === 'true' || secureRaw === 'yes')
|
|
3119
3118
|
: port === 465;
|
|
@@ -3989,7 +3988,7 @@ async function handleSkillsList(_req, res) {
|
|
|
3989
3988
|
// install still happens via the skillhub CLI on the host (see docs).
|
|
3990
3989
|
//
|
|
3991
3990
|
// Enterprise / air-gapped deployments can disable this endpoint via
|
|
3992
|
-
// `
|
|
3991
|
+
// `AGIM_SKILLHUB_ENABLED=0`. When disabled, the API returns a stub
|
|
3993
3992
|
// shape `{ disabled: true, items: [] }` so the UI can show "disabled
|
|
3994
3993
|
// by enterprise policy" without breaking the page. This is the only
|
|
3995
3994
|
// product-default outbound call to a non-IM domain, so the toggle
|
|
@@ -3997,7 +3996,7 @@ async function handleSkillsList(_req, res) {
|
|
|
3997
3996
|
let remoteHotCache = null;
|
|
3998
3997
|
const REMOTE_HOT_TTL_MS = 5 * 60_000;
|
|
3999
3998
|
function isSkillhubEnabled() {
|
|
4000
|
-
const v = (process.env.
|
|
3999
|
+
const v = (process.env.AGIM_SKILLHUB_ENABLED ?? '1').trim().toLowerCase();
|
|
4001
4000
|
return v !== '0' && v !== 'false' && v !== 'no' && v !== 'off';
|
|
4002
4001
|
}
|
|
4003
4002
|
async function handleSkillsRemoteHot(_req, res) {
|
|
@@ -4006,7 +4005,7 @@ async function handleSkillsRemoteHot(_req, res) {
|
|
|
4006
4005
|
// so the SPA can render "disabled" copy without a network error
|
|
4007
4006
|
// toast. Status 200 because this is a deliberate operator choice,
|
|
4008
4007
|
// not a transient failure.
|
|
4009
|
-
sendJson(res, 200, { disabled: true, items: [], reason: '
|
|
4008
|
+
sendJson(res, 200, { disabled: true, items: [], reason: 'AGIM_SKILLHUB_ENABLED=0' });
|
|
4010
4009
|
return;
|
|
4011
4010
|
}
|
|
4012
4011
|
try {
|
|
@@ -5448,14 +5447,14 @@ function sendToClient(ws, data) {
|
|
|
5448
5447
|
*
|
|
5449
5448
|
* Polls every 50 ms — node's `ws` doesn't emit a `drain` event we can hook,
|
|
5450
5449
|
* but the buffered amount drops monotonically once the kernel ACKs flush.
|
|
5451
|
-
* Bounded by
|
|
5450
|
+
* Bounded by AGIM_WS_BACKPRESSURE_TIMEOUT_MS (default 5 s) so a frozen
|
|
5452
5451
|
* client can't wedge the agent's chunk producer indefinitely.
|
|
5453
5452
|
*/
|
|
5454
5453
|
async function awaitWsDrain(ws) {
|
|
5455
5454
|
if (ws.bufferedAmount < WS_BACKPRESSURE_HIGHWATER_BYTES)
|
|
5456
5455
|
return;
|
|
5457
5456
|
const timeoutMs = (() => {
|
|
5458
|
-
const raw = process.env.
|
|
5457
|
+
const raw = process.env.AGIM_WS_BACKPRESSURE_TIMEOUT_MS;
|
|
5459
5458
|
if (raw) {
|
|
5460
5459
|
const n = parseInt(raw, 10);
|
|
5461
5460
|
if (Number.isFinite(n) && n > 0)
|