dominds 1.25.19 → 1.26.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +17 -0
- package/README.zh.md +17 -0
- package/dist/apps/runtime.d.ts +2 -4
- package/dist/apps-host/client.d.ts +2 -5
- package/dist/apps-host/ipc-types.d.ts +2 -5
- package/dist/apps-host/ipc-types.js +5 -1
- package/dist/bootstrap/rtws-cli.d.ts +1 -0
- package/dist/bootstrap/rtws-cli.js +8 -8
- package/dist/cli/cert.d.ts +4 -0
- package/dist/cli/cert.js +247 -0
- package/dist/cli/create.d.ts +1 -1
- package/dist/cli/create.js +1 -1
- package/dist/cli/read.js +1 -1
- package/dist/cli/tui.js +1 -1
- package/dist/cli/webui.d.ts +1 -1
- package/dist/cli/webui.js +35 -5
- package/dist/cli-runner.d.ts +31 -0
- package/dist/cli-runner.js +349 -0
- package/dist/cli.d.ts +0 -30
- package/dist/cli.js +540 -292
- package/dist/docs/cli-usage.md +40 -3
- package/dist/docs/cli-usage.zh.md +40 -3
- package/dist/docs/dialog-persistence.md +1 -1
- package/dist/docs/dominds-terminology.md +2 -2
- package/dist/llm/kernel-driver/drive.js +19 -14
- package/dist/runtime/driver-messages.d.ts +2 -0
- package/dist/runtime/driver-messages.js +24 -4
- package/dist/server/auth.d.ts +7 -0
- package/dist/server/auth.js +15 -4
- package/dist/server/certificates.d.ts +61 -0
- package/dist/server/certificates.js +418 -0
- package/dist/server/dominds-self-update.js +33 -121
- package/dist/server/network-hosts.d.ts +5 -0
- package/dist/server/network-hosts.js +277 -0
- package/dist/server/server-core.d.ts +12 -1
- package/dist/server/server-core.js +26 -4
- package/dist/server/websocket-handler.d.ts +3 -2
- package/dist/server/websocket-handler.js +15 -8
- package/dist/server-debug.d.ts +2 -0
- package/dist/server-debug.js +79 -0
- package/dist/server.d.ts +5 -0
- package/dist/server.js +101 -126
- package/dist/supervisor-protocol.d.ts +15 -0
- package/dist/supervisor-protocol.js +4 -0
- package/package.json +6 -5
- package/dist/server/dominds-self-update-restart-helper.d.ts +0 -15
- package/dist/server/dominds-self-update-restart-helper.js +0 -305
package/dist/docs/cli-usage.md
CHANGED
|
@@ -4,7 +4,9 @@ Chinese version: [中文版](./cli-usage.zh.md)
|
|
|
4
4
|
|
|
5
5
|
The `dominds` CLI provides a unified entry point, but the **primary interaction experience is the Web UI** (the default `dominds` command). This guide focuses on the Web UI workflow.
|
|
6
6
|
|
|
7
|
-
> Note: In this document, **rtws (runtime workspace)** refers to the runtime root directory Dominds uses (by default `
|
|
7
|
+
> Note: In this document, **rtws (runtime workspace)** refers to the runtime root directory Dominds uses (by default the directory where `dominds` is launched, switchable via `-C <dir>`). Relative `-C` paths are resolved against the original launch directory by the `dominds` supervisor before the runner starts.
|
|
8
|
+
|
|
9
|
+
> Process model: in production, `dominds` is a lightweight supervisor. It parses global options such as `-C`, starts `dominds-runner` in the resolved rtws, keeps the terminal stdio attached to the runner, and restarts long-running WebUI runners after crashes with exponential backoff starting at 1 second and capped at 30 minutes. Self-update restarts are coordinated by this supervisor, so the old runner can fully exit and release server resources before the new runner starts; if the old runner does not exit after a restart request, the supervisor terminates it before starting the next runner. Development WebUI runs (`NODE_ENV=dev` or `--mode dev`, including `dev-server.sh`) bypass the supervisor and are managed by the development launcher instead.
|
|
8
10
|
|
|
9
11
|
> Note: `dominds tui` / `dominds run` are currently reserved subcommand names and do not have a stable implementation yet. As a result, this guide does not document TUI options or detailed usage.
|
|
10
12
|
|
|
@@ -18,6 +20,7 @@ The `dominds` CLI provides a unified entry point, but the **primary interaction
|
|
|
18
20
|
- [Web UI Interface](#web-ui-interface)
|
|
19
21
|
- [Text User Interface (TUI) (Not Implemented Yet)](#text-user-interface-tui-not-implemented-yet)
|
|
20
22
|
- [Minds Reader](#minds-reader)
|
|
23
|
+
- [Certificate Tools](#certificate-tools)
|
|
21
24
|
- [rtws Creation](#rtws-creation)
|
|
22
25
|
- [Usage Examples](#usage-examples)
|
|
23
26
|
- [Dialog Storage](#dialog-storage)
|
|
@@ -32,6 +35,7 @@ The `dominds` package provides a unified CLI with subcommands:
|
|
|
32
35
|
| `dominds` or `dominds webui` | Start Web UI (default, recommended) | Web UI |
|
|
33
36
|
| `dominds tui` or `dominds run` | Terminal UI (planned; no stable implementation at the moment) | N/A |
|
|
34
37
|
| `dominds read` | Read and inspect rtws/team minds configuration | CLI |
|
|
38
|
+
| `dominds cert` | Create and inspect local WebUI HTTPS certificates | CLI |
|
|
35
39
|
| `dominds create` or `dominds new` | Create a new rtws (runtime workspace) from a template | CLI |
|
|
36
40
|
| `dominds help` | Show help message | CLI |
|
|
37
41
|
| `dominds --version` | Show version information | CLI |
|
|
@@ -54,6 +58,10 @@ dominds webui -C /path/to/my-rtws
|
|
|
54
58
|
# Minds reader: inspect team configuration
|
|
55
59
|
dominds read [options] [member-id]
|
|
56
60
|
|
|
61
|
+
# Certificate tools: create/inspect local HTTPS certificates
|
|
62
|
+
dominds cert create [--host <host>] [--days <days>] [--force]
|
|
63
|
+
dominds cert status [--host <host>] [--port <port>] [--origin]
|
|
64
|
+
|
|
57
65
|
# rtws creation: scaffold a new runtime workspace
|
|
58
66
|
dominds create <template> [directory]
|
|
59
67
|
dominds new <template> [directory] # alias for create
|
|
@@ -83,7 +91,7 @@ Start the web-based user interface for the current rtws. This provides a graphic
|
|
|
83
91
|
|
|
84
92
|
- `-p, --port <port>` - Port to listen on; a bare port binds strictly, suffix `+` tries higher ports, and suffix `-` tries lower ports (omitting `--port` is equivalent to `5666-`)
|
|
85
93
|
- `-h, --host <host>` - Host to bind to (default: localhost)
|
|
86
|
-
- `-C, --cwd <
|
|
94
|
+
- `-C, --cwd <dir>` - Change to rtws directory before starting; relative paths are resolved against the original launch directory
|
|
87
95
|
- `--help` - Show help message
|
|
88
96
|
|
|
89
97
|
**Examples:**
|
|
@@ -93,6 +101,7 @@ dominds
|
|
|
93
101
|
dominds webui -p 8080
|
|
94
102
|
dominds webui -p 8080+
|
|
95
103
|
dominds webui -C /path/to/my-rtws
|
|
104
|
+
dominds -C ux-rtws webui
|
|
96
105
|
```
|
|
97
106
|
|
|
98
107
|
**Common use cases:**
|
|
@@ -122,7 +131,7 @@ Read and inspect agent prompts/configuration for the rtws. This is commonly used
|
|
|
122
131
|
|
|
123
132
|
**Options:**
|
|
124
133
|
|
|
125
|
-
- `-C, --cwd <
|
|
134
|
+
- `-C, --cwd <dir>` - Change to rtws directory before reading; relative paths are resolved against the original launch directory
|
|
126
135
|
- `--only-prompt` - Show only system prompts
|
|
127
136
|
- `--only-mem` - Show only memory
|
|
128
137
|
- `--help` - Show help message
|
|
@@ -137,6 +146,34 @@ dominds read --only-prompt
|
|
|
137
146
|
dominds read --only-mem
|
|
138
147
|
```
|
|
139
148
|
|
|
149
|
+
### Certificate Tools
|
|
150
|
+
|
|
151
|
+
```bash
|
|
152
|
+
dominds cert create [--host <host>] [--days <days>] [--force]
|
|
153
|
+
dominds cert status [--host <host>] [--port <port>] [--origin]
|
|
154
|
+
```
|
|
155
|
+
|
|
156
|
+
Create or inspect local HTTPS certificates for the Dominds WebUI. Certificates live in `~/.dominds/certs/` and match DNS/IP hostnames, not ports; one certificate covers every WebUI port on that host.
|
|
157
|
+
|
|
158
|
+
**Options:**
|
|
159
|
+
|
|
160
|
+
- `--host <host>` - Certificate SAN hostname or IP; repeatable for certificate creation; defaults to one or more detected non-loopback LAN hosts
|
|
161
|
+
- `--days <days>` - Certificate validity in days (default: 3650, or 10 years)
|
|
162
|
+
- `--force` - Overwrite existing generated files
|
|
163
|
+
- `--port <port>` - Port used when formatting `status --origin`
|
|
164
|
+
- `--origin` - Print only the effective origin; HTTPS when a cert matches, HTTP otherwise
|
|
165
|
+
|
|
166
|
+
**Examples:**
|
|
167
|
+
|
|
168
|
+
```bash
|
|
169
|
+
dominds cert create
|
|
170
|
+
dominds cert create --host 192.168.1.10 --host my-host.local
|
|
171
|
+
dominds cert status
|
|
172
|
+
dominds cert status --port 5666 --origin
|
|
173
|
+
```
|
|
174
|
+
|
|
175
|
+
`localhost`, `loopback`, `127.0.0.0/8`, `169.254.0.0/16`, `::1`, `fe80::/10`, `0.0.0.0`, and `::` are not certificate hosts. `0.0.0.0` / `::` only mean bind-all; certificate matching uses detected non-loopback LAN hosts.
|
|
176
|
+
|
|
140
177
|
### rtws Creation
|
|
141
178
|
|
|
142
179
|
```bash
|
|
@@ -4,7 +4,9 @@
|
|
|
4
4
|
|
|
5
5
|
`dominds` 提供统一的命令行入口,但**主要交互界面是 Web UI**(默认命令 `dominds`)。本文档以 Web UI 工作流为主。
|
|
6
6
|
|
|
7
|
-
> 注:本文统一使用 **rtws(运行时工作区)** 表示 Dominds
|
|
7
|
+
> 注:本文统一使用 **rtws(运行时工作区)** 表示 Dominds 运行时使用的根目录(默认是启动 `dominds` 时所在目录,可通过 `-C <dir>` 切换)。相对路径形式的 `-C` 由 `dominds` supervisor 按原始启动目录解析为绝对路径,再启动 runner。
|
|
8
|
+
|
|
9
|
+
> 进程模型:生产模式下,`dominds` 是轻量 supervisor,负责解析 `-C` 等全局选项、在解析后的 rtws 中启动 `dominds-runner`、让 runner 继承当前终端 stdio,并在长期运行的 WebUI runner 崩溃后用指数退避保活重启(初始 1 秒,最长 30 分钟)。self-update 重启也由 supervisor 协调,因此旧 runner 可以完整退出并释放 server 资源,再启动新版 runner;如果旧 runner 在发出重启请求后仍不退出,supervisor 会终止它再启动下一轮 runner。开发模式 WebUI(`NODE_ENV=dev` 或 `--mode dev`,包括 `dev-server.sh`)不走 supervisor,由开发启动器自行管理。
|
|
8
10
|
|
|
9
11
|
> 说明:`dominds tui` / `dominds run` 相关功能目前尚未提供稳定实现(子命令名保留用于未来规划),因此本指南不再展开 TUI 的命令选项与用法细节。
|
|
10
12
|
|
|
@@ -18,6 +20,7 @@
|
|
|
18
20
|
- [Web UI 界面](#web-ui-界面)
|
|
19
21
|
- [文本用户界面 (TUI)(尚未实现)](#文本用户界面-tui尚未实现)
|
|
20
22
|
- [Minds 阅读器](#minds-阅读器)
|
|
23
|
+
- [证书工具](#证书工具)
|
|
21
24
|
- [rtws 创建](#rtws-创建)
|
|
22
25
|
- [使用示例](#使用示例)
|
|
23
26
|
- [对话存储](#对话存储)
|
|
@@ -32,6 +35,7 @@
|
|
|
32
35
|
| `dominds` 或 `dominds webui` | 启动 Web UI(默认、推荐) | Web UI |
|
|
33
36
|
| `dominds tui` 或 `dominds run` | 终端界面(规划中;当前版本暂不提供稳定) | N/A |
|
|
34
37
|
| `dominds read` | 读取/分析团队 minds 配置 | CLI |
|
|
38
|
+
| `dominds cert` | 创建/检查本机 WebUI HTTPS 证书 | CLI |
|
|
35
39
|
| `dominds create` 或 `dominds new` | 从模板创建新 rtws(运行时工作区) | CLI |
|
|
36
40
|
| `dominds help` | 显示帮助消息 | CLI |
|
|
37
41
|
| `dominds --version` | 显示版本信息 | CLI |
|
|
@@ -54,6 +58,10 @@ dominds webui -C /path/to/my-rtws
|
|
|
54
58
|
# Minds 阅读器:分析团队配置
|
|
55
59
|
dominds read [options] [member-id]
|
|
56
60
|
|
|
61
|
+
# 证书工具:创建/检查本机 HTTPS 证书
|
|
62
|
+
dominds cert create [--host <host>] [--days <days>] [--force]
|
|
63
|
+
dominds cert status [--host <host>] [--port <port>] [--origin]
|
|
64
|
+
|
|
57
65
|
# rtws 创建:搭建新项目/运行时工作区
|
|
58
66
|
dominds create <template> [directory]
|
|
59
67
|
dominds new <template> [directory] # create 的别名
|
|
@@ -83,7 +91,7 @@ dominds webui [options]
|
|
|
83
91
|
|
|
84
92
|
- `-p, --port <port>` - 监听端口;裸端口严格绑定,后缀 `+` 向更大端口自动尝试,后缀 `-` 向更小端口自动尝试(未指定时等价于 `5666-`)
|
|
85
93
|
- `-h, --host <host>` - 绑定的主机(默认:localhost)
|
|
86
|
-
- `-C, --cwd <
|
|
94
|
+
- `-C, --cwd <dir>` - 启动前更改 rtws 目录;相对路径按原始启动目录解析
|
|
87
95
|
- `--help` - 显示帮助消息
|
|
88
96
|
|
|
89
97
|
**示例:**
|
|
@@ -100,6 +108,7 @@ dominds webui -p 8080+
|
|
|
100
108
|
|
|
101
109
|
# 在特定 rtws 启动 Web UI
|
|
102
110
|
dominds webui -C /path/to/my-rtws
|
|
111
|
+
dominds -C ux-rtws webui
|
|
103
112
|
```
|
|
104
113
|
|
|
105
114
|
**常见用途:**
|
|
@@ -129,7 +138,7 @@ dominds read [options] [member-id]
|
|
|
129
138
|
|
|
130
139
|
**选项:**
|
|
131
140
|
|
|
132
|
-
- `-C, --cwd <
|
|
141
|
+
- `-C, --cwd <dir>` - 读取前更改 rtws 目录;相对路径按原始启动目录解析
|
|
133
142
|
- `--only-prompt` - 仅显示系统提示词
|
|
134
143
|
- `--only-mem` - 仅显示内存
|
|
135
144
|
- `--help` - 显示帮助消息
|
|
@@ -144,6 +153,34 @@ dominds read --only-prompt
|
|
|
144
153
|
dominds read --only-mem
|
|
145
154
|
```
|
|
146
155
|
|
|
156
|
+
### 证书工具
|
|
157
|
+
|
|
158
|
+
```bash
|
|
159
|
+
dominds cert create [--host <host>] [--days <days>] [--force]
|
|
160
|
+
dominds cert status [--host <host>] [--port <port>] [--origin]
|
|
161
|
+
```
|
|
162
|
+
|
|
163
|
+
创建或检查 Dominds WebUI 的本机 HTTPS 证书。证书保存在 `~/.dominds/certs/`,按 DNS/IP 主机名匹配,不绑定端口;同一张证书可覆盖该主机上的所有 WebUI 端口。
|
|
164
|
+
|
|
165
|
+
**选项:**
|
|
166
|
+
|
|
167
|
+
- `--host <host>` - 证书 SAN 主机名或 IP;创建证书时可重复指定;未指定时使用检测到的一个或多个非 loopback LAN 主机
|
|
168
|
+
- `--days <days>` - 证书有效天数(默认:3650,即 10 年)
|
|
169
|
+
- `--force` - 覆盖已有的同名生成文件
|
|
170
|
+
- `--port <port>` - `status --origin` 输出 URL 时使用的端口
|
|
171
|
+
- `--origin` - 仅输出有效访问 origin;找到证书时输出 HTTPS,否则输出 HTTP
|
|
172
|
+
|
|
173
|
+
**示例:**
|
|
174
|
+
|
|
175
|
+
```bash
|
|
176
|
+
dominds cert create
|
|
177
|
+
dominds cert create --host 192.168.1.10 --host my-host.local
|
|
178
|
+
dominds cert status
|
|
179
|
+
dominds cert status --port 5666 --origin
|
|
180
|
+
```
|
|
181
|
+
|
|
182
|
+
`localhost`、`loopback`、`127.0.0.0/8`、`169.254.0.0/16`、`::1`、`fe80::/10`、`0.0.0.0`、`::` 不会作为 HTTPS 证书主机。`0.0.0.0` / `::` 只表示绑定所有地址,匹配证书时会使用检测到的非 loopback LAN 主机。
|
|
183
|
+
|
|
147
184
|
### rtws 创建
|
|
148
185
|
|
|
149
186
|
```bash
|
|
@@ -4,7 +4,7 @@ Chinese version: [中文版](./dialog-persistence.zh.md)
|
|
|
4
4
|
|
|
5
5
|
This document describes the persistence layer and storage mechanisms for the Dominds dialog system, including file system conventions, data structures, and storage patterns.
|
|
6
6
|
|
|
7
|
-
> Note: In this document, **rtws (runtime workspace)** refers to Dominds' runtime root directory (by default `
|
|
7
|
+
> Note: In this document, **rtws (runtime workspace)** refers to Dominds' runtime root directory (by default the directory where `dominds` is launched, switchable via `-C <dir>`; relative `-C` paths are resolved against the original launch directory).
|
|
8
8
|
|
|
9
9
|
## Current Implementation Status
|
|
10
10
|
|
|
@@ -264,8 +264,8 @@ Example / 示例(概念):
|
|
|
264
264
|
|
|
265
265
|
### rtws(运行时工作区)
|
|
266
266
|
|
|
267
|
-
- EN: **rtws** (runtime workspace) is the directory Dominds treats as its runtime root (by default it is `
|
|
268
|
-
- ZH: **rtws(运行时工作区)**是 Dominds
|
|
267
|
+
- EN: **rtws** (runtime workspace) is the directory Dominds treats as its runtime root (by default it is the directory where `dominds` is launched, and can be changed via `-C <dir>`; relative `-C` paths are resolved against the original launch directory). Files like `.minds/` and `.dialogs/` live under the rtws.
|
|
268
|
+
- ZH: **rtws(运行时工作区)**是 Dominds 运行时使用的根目录(默认是启动 `dominds` 时所在目录,可通过 `-C <dir>` 切换;相对路径形式的 `-C` 按原始启动目录解析)。诸如 `.minds/`、`.dialogs/` 等运行态目录均位于 rtws 下。
|
|
269
269
|
|
|
270
270
|
- EN: Wording rule: when the meaning is **rtws**, prefer writing “rtws (runtime workspace)” (or just “rtws” after the first mention) rather than the ambiguous generic “workspace”.
|
|
271
271
|
- ZH: 用词规则:当语义指向 **rtws** 时,优先写“rtws(运行时工作区)”(或在已定义后只写“rtws”),避免在对外提示/文档中只写“工作区”从而与其他语境的 workspace/workdir 混淆。
|
|
@@ -259,6 +259,10 @@ function resolveReminderContextFollowingDialogState(prompt, currentTurnDialogMsg
|
|
|
259
259
|
return 'none';
|
|
260
260
|
return prompt.origin === 'user' ? 'user_message' : 'runtime_notice';
|
|
261
261
|
}
|
|
262
|
+
function resolveReminderContextHealthState(snapshot) {
|
|
263
|
+
const remediationLevel = getContextHealthRemediationLevel(snapshot);
|
|
264
|
+
return remediationLevel === undefined ? 'normal' : remediationLevel;
|
|
265
|
+
}
|
|
262
266
|
async function resolveReminderContextFooterState(args) {
|
|
263
267
|
const latest = await persistence_1.DialogPersistence.loadDialogLatest(args.dlg.id, args.dlg.status);
|
|
264
268
|
const deferredReplyReassertion = latest?.deferredReplyReassertion;
|
|
@@ -273,6 +277,7 @@ async function resolveReminderContextFooterState(args) {
|
|
|
273
277
|
followingDialogState: resolveReminderContextFollowingDialogState(args.prompt, args.currentTurnDialogMsgsForContext),
|
|
274
278
|
pendingUserInterjectionReply,
|
|
275
279
|
interDialogReplyObligation,
|
|
280
|
+
contextHealthState: resolveReminderContextHealthState(args.dlg.getLastContextHealth()),
|
|
276
281
|
};
|
|
277
282
|
}
|
|
278
283
|
function splitDialogMsgsForReminderInsertion(args) {
|
|
@@ -715,8 +720,8 @@ const TELLASK_SPECIAL_VIRTUAL_TOOLS = [
|
|
|
715
720
|
},
|
|
716
721
|
];
|
|
717
722
|
const CONTEXT_HEALTH_TOOL_RESULT_VISIBLE_BYTE_LIMIT = 2000;
|
|
718
|
-
const CONTEXT_HEALTH_LARGE_TOOL_RETURN_UNAVAILABLE_ZH = '
|
|
719
|
-
const CONTEXT_HEALTH_LARGE_TOOL_RETURN_UNAVAILABLE_EN = 'This function returned too much content
|
|
723
|
+
const CONTEXT_HEALTH_LARGE_TOOL_RETURN_UNAVAILABLE_ZH = '这次函数返回内容太大,清理头脑之前不会显示给你。';
|
|
724
|
+
const CONTEXT_HEALTH_LARGE_TOOL_RETURN_UNAVAILABLE_EN = 'This function returned too much content. It will not be shown to you before you clear your mind.';
|
|
720
725
|
function getContextHealthRemediationLevel(snapshot) {
|
|
721
726
|
if (snapshot?.kind !== 'available') {
|
|
722
727
|
return undefined;
|
|
@@ -736,9 +741,9 @@ function formatContextHealthLargeToolReturnUnavailable(args) {
|
|
|
736
741
|
return [
|
|
737
742
|
CONTEXT_HEALTH_LARGE_TOOL_RETURN_UNAVAILABLE_ZH,
|
|
738
743
|
'',
|
|
739
|
-
'
|
|
744
|
+
'不要再尝试获取各种大段的输出,都不会显示给你。现在先做两件事:',
|
|
740
745
|
'1. 把需要回传给主线对话的结论、证据定位和风险整理清楚。',
|
|
741
|
-
'2.
|
|
746
|
+
'2. 对于下一程恢复工作需要的信息,写入提醒项。',
|
|
742
747
|
'',
|
|
743
748
|
'然后尽快完成当前支线回复;如果你有 clear_mind({}),再调用它开启新一程。',
|
|
744
749
|
'',
|
|
@@ -748,9 +753,9 @@ function formatContextHealthLargeToolReturnUnavailable(args) {
|
|
|
748
753
|
return [
|
|
749
754
|
CONTEXT_HEALTH_LARGE_TOOL_RETURN_UNAVAILABLE_ZH,
|
|
750
755
|
'',
|
|
751
|
-
'
|
|
752
|
-
'1.
|
|
753
|
-
'2.
|
|
756
|
+
'不要再尝试获取各种大段的输出,都不会显示给你。现在先做两件事:',
|
|
757
|
+
'1. 把下一程对话需要知道的此程细节信息写入差遣牒合适章节。',
|
|
758
|
+
'2. 对于不适合差遣牒章节覆盖、但下一程恢复工作需要的信息写入提醒项。',
|
|
754
759
|
'',
|
|
755
760
|
'然后调用 clear_mind({}) 开启新一程。',
|
|
756
761
|
'',
|
|
@@ -761,11 +766,11 @@ function formatContextHealthLargeToolReturnUnavailable(args) {
|
|
|
761
766
|
return [
|
|
762
767
|
CONTEXT_HEALTH_LARGE_TOOL_RETURN_UNAVAILABLE_EN,
|
|
763
768
|
'',
|
|
764
|
-
'Do not
|
|
765
|
-
'1. Organize the
|
|
766
|
-
'2.
|
|
769
|
+
'Do not try again to fetch any kind of large output; it still will not be shown. Do two things now:',
|
|
770
|
+
'1. Organize the conclusions, evidence pointers, and risks that need to go back to the Mainline dialog.',
|
|
771
|
+
'2. Write any details needed to resume the next course into reminders.',
|
|
767
772
|
'',
|
|
768
|
-
'Then finish the current
|
|
773
|
+
'Then finish the current Sideline dialog reply as soon as possible; if you have clear_mind({}), call it to start a new course.',
|
|
769
774
|
'',
|
|
770
775
|
`Detail: this return was about ${approxBytes} bytes.`,
|
|
771
776
|
].join('\n');
|
|
@@ -773,9 +778,9 @@ function formatContextHealthLargeToolReturnUnavailable(args) {
|
|
|
773
778
|
return [
|
|
774
779
|
CONTEXT_HEALTH_LARGE_TOOL_RETURN_UNAVAILABLE_EN,
|
|
775
780
|
'',
|
|
776
|
-
'Do not
|
|
777
|
-
'1. Write the
|
|
778
|
-
'2. Write
|
|
781
|
+
'Do not try again to fetch any kind of large output; it still will not be shown. Do two things now:',
|
|
782
|
+
'1. Write the details from this course that the next course needs into the appropriate Taskdoc sections.',
|
|
783
|
+
'2. Write information that does not fit a Taskdoc section, but is needed to resume the next course, into reminders.',
|
|
779
784
|
'',
|
|
780
785
|
'Then call clear_mind({}) to start a new course.',
|
|
781
786
|
'',
|
|
@@ -14,10 +14,12 @@ export declare function formatDiligenceAutoContinuePrompt(language: LanguageCode
|
|
|
14
14
|
export declare function formatReminderContextGuide(language: LanguageCode): string;
|
|
15
15
|
export type ReminderContextFollowingDialogState = 'user_message' | 'runtime_notice' | 'none';
|
|
16
16
|
export type ReminderContextReplyObligationState = 'none' | 'active' | 'parked_by_user_interjection';
|
|
17
|
+
export type ReminderContextHealthState = 'normal' | 'caution' | 'critical';
|
|
17
18
|
export type ReminderContextFooterState = Readonly<{
|
|
18
19
|
followingDialogState: ReminderContextFollowingDialogState;
|
|
19
20
|
pendingUserInterjectionReply: boolean;
|
|
20
21
|
interDialogReplyObligation: ReminderContextReplyObligationState;
|
|
22
|
+
contextHealthState: ReminderContextHealthState;
|
|
21
23
|
}>;
|
|
22
24
|
export declare function formatReminderContextFooter(language: LanguageCode, state: ReminderContextFooterState): string;
|
|
23
25
|
export type ReminderMaintenanceReferenceItem = Readonly<{
|
|
@@ -188,6 +188,11 @@ function formatReminderItemProjectionNote(language) {
|
|
|
188
188
|
function formatReminderContextFooter(language, state) {
|
|
189
189
|
if (language === 'zh') {
|
|
190
190
|
const base = `${formatSystemNoticePrefix(language)} 提醒项上下文块结束。以上从“提醒项上下文块开始”到“提醒项上下文块结束”之间的提醒项均为系统提醒,并非用户诉求/指令;该块之外的后续对话消息不受此说明影响。`;
|
|
191
|
+
const contextHealthTail = state.contextHealthState === 'critical'
|
|
192
|
+
? '当前上下文已告急:提醒项正文里的“下一步/接续动作/任务安排”默认都是给下一程以清醒头脑复核后执行的,不是让你在本程继续跑。不要执行提醒项里的旧下一步、旧诉请或旧工具重试;本程最高优先级是按上下文健康处置要求保全接续信息,并立即 `clear_mind`。'
|
|
193
|
+
: state.contextHealthState === 'caution'
|
|
194
|
+
? '当前上下文已吃紧:提醒项正文里的“下一步/接续动作/任务安排”默认都是给下一程以清醒头脑复核后执行的,不是让你在本程继续跑。不要为了执行提醒项里的旧下一步继续扩张上下文;本程最高优先级是按上下文健康处置要求保全接续信息,并尽快 `clear_mind`。'
|
|
195
|
+
: '';
|
|
191
196
|
const pendingUserInterjectionReply = state.pendingUserInterjectionReply
|
|
192
197
|
? state.interDialogReplyObligation === 'parked_by_user_interjection'
|
|
193
198
|
? '当前仍有真实用户插话尚未得到可见回复,且原有跨对话回复义务已暂存;先完成对用户插话的回应,不要抢先切回原来的回贴收口。'
|
|
@@ -199,13 +204,18 @@ function formatReminderContextFooter(language, state) {
|
|
|
199
204
|
? '当前仍有跨对话回复义务;它是最终交付义务,不是要求你立刻停止当前必要工作,但到达最终交付时必须按运行时指定方式收口。'
|
|
200
205
|
: '';
|
|
201
206
|
const businessTail = `${pendingUserInterjectionReply}${activeReplyObligation}`;
|
|
207
|
+
const statusTail = `${contextHealthTail}${businessTail}`;
|
|
202
208
|
if (state.followingDialogState === 'user_message') {
|
|
203
209
|
return (`${base}本轮提醒项块之后会紧接一条本轮真实的新用户消息;后续消息是用户的新诉求/指令,不是提醒项投影。` +
|
|
204
210
|
'提醒项块说明到此为止,不得外溢到那条消息:不要把后续用户消息称为“系统提示/没有新消息”,也不要因为本块说明而降低它的指令优先级。' +
|
|
205
|
-
|
|
211
|
+
`请按那条用户消息的原始语义继续处理;若它要求更新你的职责、偏好或心智资产,应照常落实;上下文健康处置要求仍按系统提示优先于普通任务动作。${statusTail}`);
|
|
206
212
|
}
|
|
207
213
|
if (state.followingDialogState === 'runtime_notice') {
|
|
208
|
-
return `${base}本轮提醒项块之后会接着出现一条运行时提示;它不是用户的新诉求/指令,请按其中的运行时要求继续推进。${
|
|
214
|
+
return `${base}本轮提醒项块之后会接着出现一条运行时提示;它不是用户的新诉求/指令,请按其中的运行时要求继续推进。${statusTail}`;
|
|
215
|
+
}
|
|
216
|
+
if (state.contextHealthState !== 'normal') {
|
|
217
|
+
return (`${base}本轮没有新的用户消息或运行时提示;这是工具调用后的自动续推。` +
|
|
218
|
+
`不要把“没有新消息”理解为空系统提示。${statusTail}`);
|
|
209
219
|
}
|
|
210
220
|
return (`${base}本轮没有新的用户消息或运行时提示;这是工具调用后的自动续推。` +
|
|
211
221
|
'请基于已有任务状态判断下一步:若已有明确、相关且有价值的动作,就继续执行;若当前确实只能等待外部结果或用户输入,不要为了避免“等待”而寻找无关小事。' +
|
|
@@ -214,6 +224,11 @@ function formatReminderContextFooter(language, state) {
|
|
|
214
224
|
const base = `${formatSystemNoticePrefix(language)} Reminder context block ends. The reminder items between ` +
|
|
215
225
|
'"Reminder context block begins" and "Reminder context block ends" are system reminders, ' +
|
|
216
226
|
'not user requests/instructions; this reminder-block guidance does not apply to subsequent dialog messages outside this block. ';
|
|
227
|
+
const contextHealthTail = state.contextHealthState === 'critical'
|
|
228
|
+
? 'Context health is critical: any "next step", continuation action, or task plan inside reminders is meant for the next course to review and run with a clear head, not for this course to keep executing. Do not perform old next steps, old inter-dialog requests, or old tool retries from reminders; this course must first preserve the continuation details required by the context-health guidance, then call `clear_mind` immediately. '
|
|
229
|
+
: state.contextHealthState === 'caution'
|
|
230
|
+
? 'Context health is tight: any "next step", continuation action, or task plan inside reminders is meant for the next course to review and run with a clear head, not for this course to keep executing. Do not expand context by performing old next steps from reminders; this course must first preserve the continuation details required by the context-health guidance, then call `clear_mind` soon. '
|
|
231
|
+
: '';
|
|
217
232
|
const pendingUserInterjectionReply = state.pendingUserInterjectionReply
|
|
218
233
|
? state.interDialogReplyObligation === 'parked_by_user_interjection'
|
|
219
234
|
? "There is still a real user interjection without a visible reply, and the earlier inter-dialog reply obligation is parked; finish answering the user's interjection first, and do not switch back to closing the earlier reply yet. "
|
|
@@ -225,13 +240,18 @@ function formatReminderContextFooter(language, state) {
|
|
|
225
240
|
? 'An inter-dialog reply obligation is still active; it is a final delivery obligation, not a demand to stop necessary current work immediately, but final delivery must close through the runtime-specified path. '
|
|
226
241
|
: '';
|
|
227
242
|
const businessTail = `${pendingUserInterjectionReply}${activeReplyObligation}`;
|
|
243
|
+
const statusTail = `${contextHealthTail}${businessTail}`;
|
|
228
244
|
if (state.followingDialogState === 'user_message') {
|
|
229
245
|
return (`${base}A real new user message for this round immediately follows this reminder block; the following message is a new user request/instruction, not a reminder projection. ` +
|
|
230
246
|
'The reminder-block guidance ends here and must not spill over onto that message: do not label the following user message as a "system notice" or "no new message", and do not lower its instruction priority because of this block. ' +
|
|
231
|
-
`Handle that user message according to its original meaning; if it asks you to update your responsibilities, preferences, or mind assets, carry that out normally. ${
|
|
247
|
+
`Handle that user message according to its original meaning; if it asks you to update your responsibilities, preferences, or mind assets, carry that out normally. Context-health remediation still takes system-guided priority over ordinary task actions. ${statusTail}`);
|
|
232
248
|
}
|
|
233
249
|
if (state.followingDialogState === 'runtime_notice') {
|
|
234
|
-
return `${base}A runtime notice follows this reminder block in this round; it is not a new user request/instruction, so follow that runtime guidance and continue the work. ${
|
|
250
|
+
return `${base}A runtime notice follows this reminder block in this round; it is not a new user request/instruction, so follow that runtime guidance and continue the work. ${statusTail}`;
|
|
251
|
+
}
|
|
252
|
+
if (state.contextHealthState !== 'normal') {
|
|
253
|
+
return (`${base}There is no new user message or runtime notice in this round; this is an automatic continuation after a tool call. ` +
|
|
254
|
+
`Do not interpret the absence of a new message as an empty system notice. ${statusTail}`);
|
|
235
255
|
}
|
|
236
256
|
return (`${base}There is no new user message or runtime notice in this round; this is an automatic continuation after a tool call. ` +
|
|
237
257
|
'Judge the next step from the existing task state: if there is a clear, relevant, valuable action, continue with it; if the work genuinely can only wait for an external result or user input, do not invent unrelated work just to avoid "waiting". ' +
|
package/dist/server/auth.d.ts
CHANGED
|
@@ -37,7 +37,14 @@ export declare function isAuthEnabled(auth: AuthConfig): auth is Extract<AuthCon
|
|
|
37
37
|
export declare function getHttpAuthCheck(req: IncomingMessage, auth: AuthConfig): AuthCheckResult;
|
|
38
38
|
export declare function getHttpAuthCheckAllowUrlParam(req: IncomingMessage, auth: AuthConfig, requestUrl: URL): AuthCheckResult;
|
|
39
39
|
export declare function getWebSocketAuthCheck(req: IncomingMessage, auth: AuthConfig): AuthCheckResult;
|
|
40
|
+
export type ServerUrlScheme = 'http' | 'https';
|
|
41
|
+
export declare function formatServerOrigin(params: {
|
|
42
|
+
scheme: ServerUrlScheme;
|
|
43
|
+
host: string;
|
|
44
|
+
port: number;
|
|
45
|
+
}): string;
|
|
40
46
|
export declare function formatAutoAuthUrl(params: {
|
|
47
|
+
scheme?: ServerUrlScheme;
|
|
41
48
|
host: string;
|
|
42
49
|
port: number;
|
|
43
50
|
authKey: string;
|
package/dist/server/auth.js
CHANGED
|
@@ -53,6 +53,7 @@ exports.isAuthEnabled = isAuthEnabled;
|
|
|
53
53
|
exports.getHttpAuthCheck = getHttpAuthCheck;
|
|
54
54
|
exports.getHttpAuthCheckAllowUrlParam = getHttpAuthCheckAllowUrlParam;
|
|
55
55
|
exports.getWebSocketAuthCheck = getWebSocketAuthCheck;
|
|
56
|
+
exports.formatServerOrigin = formatServerOrigin;
|
|
56
57
|
exports.formatAutoAuthUrl = formatAutoAuthUrl;
|
|
57
58
|
const crypto = __importStar(require("crypto"));
|
|
58
59
|
function computeAuthConfig(params) {
|
|
@@ -129,14 +130,24 @@ function getWebSocketAuthCheck(req, auth) {
|
|
|
129
130
|
? { kind: 'ok' }
|
|
130
131
|
: { kind: 'unauthorized', reason: 'invalid' };
|
|
131
132
|
}
|
|
133
|
+
function formatServerOrigin(params) {
|
|
134
|
+
const visibleHost = normalizeHostForUrl(params.host, params.scheme);
|
|
135
|
+
return `${params.scheme}://${visibleHost}:${params.port}`;
|
|
136
|
+
}
|
|
132
137
|
function formatAutoAuthUrl(params) {
|
|
133
|
-
|
|
134
|
-
|
|
138
|
+
return `${formatServerOrigin({
|
|
139
|
+
scheme: params.scheme ?? 'http',
|
|
140
|
+
host: params.host,
|
|
141
|
+
port: params.port,
|
|
142
|
+
})}/?auth=${encodeURIComponent(params.authKey)}`;
|
|
135
143
|
}
|
|
136
|
-
function normalizeHostForUrl(host) {
|
|
144
|
+
function normalizeHostForUrl(host, scheme) {
|
|
137
145
|
// Binding to 0.0.0.0/:: is common, but not a browsable "host".
|
|
138
|
-
|
|
146
|
+
// For HTTPS, preserve the certificate-matched bind host to avoid creating a hostname mismatch.
|
|
147
|
+
if (scheme === 'http' && (host === '0.0.0.0' || host === '::'))
|
|
139
148
|
return 'localhost';
|
|
149
|
+
if (host.includes(':') && !host.startsWith('['))
|
|
150
|
+
return `[${host}]`;
|
|
140
151
|
return host;
|
|
141
152
|
}
|
|
142
153
|
function generateAuthKey() {
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
export declare const DEFAULT_SELF_SIGNED_CERT_DAYS = 3650;
|
|
2
|
+
export type HttpsCertificateMaterial = {
|
|
3
|
+
cert: string;
|
|
4
|
+
key: string;
|
|
5
|
+
certPath: string;
|
|
6
|
+
keyPath: string;
|
|
7
|
+
matchedHost: string;
|
|
8
|
+
matchedHostPriority: number;
|
|
9
|
+
validTo: Date;
|
|
10
|
+
};
|
|
11
|
+
export type CertificateLookupEndpoint = Readonly<{
|
|
12
|
+
bindHost: string;
|
|
13
|
+
urlHost: string;
|
|
14
|
+
}>;
|
|
15
|
+
export type CertificateLookupDiagnostic = {
|
|
16
|
+
level: 'warn';
|
|
17
|
+
code: 'invalid_cert_file' | 'missing_key_file' | 'invalid_key_pair' | 'expired_or_not_yet_valid';
|
|
18
|
+
message: string;
|
|
19
|
+
certPath: string;
|
|
20
|
+
keyPath?: string;
|
|
21
|
+
} | {
|
|
22
|
+
level: 'warn';
|
|
23
|
+
code: 'multiple_matching_certs';
|
|
24
|
+
message: string;
|
|
25
|
+
host: string;
|
|
26
|
+
certPaths: readonly string[];
|
|
27
|
+
};
|
|
28
|
+
export type CertificateLookupResult = {
|
|
29
|
+
kind: 'found';
|
|
30
|
+
certsDirAbs: string;
|
|
31
|
+
endpoint: CertificateLookupEndpoint;
|
|
32
|
+
certificate: HttpsCertificateMaterial;
|
|
33
|
+
diagnostics: readonly CertificateLookupDiagnostic[];
|
|
34
|
+
} | {
|
|
35
|
+
kind: 'not_found';
|
|
36
|
+
certsDirAbs: string;
|
|
37
|
+
endpoint: CertificateLookupEndpoint;
|
|
38
|
+
diagnostics: readonly CertificateLookupDiagnostic[];
|
|
39
|
+
};
|
|
40
|
+
export type CreatedSelfSignedCertificate = {
|
|
41
|
+
host: string;
|
|
42
|
+
hosts: readonly string[];
|
|
43
|
+
days: number;
|
|
44
|
+
certsDirAbs: string;
|
|
45
|
+
certPath: string;
|
|
46
|
+
keyPath: string;
|
|
47
|
+
metadataPath: string;
|
|
48
|
+
};
|
|
49
|
+
export declare function getDefaultDomindsCertsDir(): string;
|
|
50
|
+
export declare function findAutoHttpsCertificateForHost(params: {
|
|
51
|
+
host: string;
|
|
52
|
+
certsDirAbs?: string;
|
|
53
|
+
now?: Date;
|
|
54
|
+
}): Promise<CertificateLookupResult>;
|
|
55
|
+
export declare function createSelfSignedCertificate(params: {
|
|
56
|
+
host?: string;
|
|
57
|
+
altHosts?: readonly string[];
|
|
58
|
+
days?: number;
|
|
59
|
+
certsDirAbs?: string;
|
|
60
|
+
force?: boolean;
|
|
61
|
+
}): Promise<CreatedSelfSignedCertificate>;
|