jishushell 0.4.30 → 0.5.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (182) hide show
  1. package/apps/anythingllm-container.yaml +287 -0
  2. package/apps/browserless-chromium-container.yaml +18 -6
  3. package/apps/filebrowser-container.yaml +163 -0
  4. package/apps/openclaw-binary.yaml +8 -0
  5. package/apps/openclaw-container.yaml +9 -1
  6. package/apps/openclaw-with-searxng-container.yaml +4 -0
  7. package/apps/searxng-container.yaml +5 -4
  8. package/apps/weknora-container.yaml +471 -0
  9. package/dist/cli/panel.js.map +1 -1
  10. package/dist/config.d.ts +19 -0
  11. package/dist/config.js +99 -1
  12. package/dist/config.js.map +1 -1
  13. package/dist/install.js +3 -3
  14. package/dist/install.js.map +1 -1
  15. package/dist/routes/auth.js +2 -2
  16. package/dist/routes/auth.js.map +1 -1
  17. package/dist/routes/backup.js +64 -11
  18. package/dist/routes/backup.js.map +1 -1
  19. package/dist/routes/external-mounts.d.ts +17 -0
  20. package/dist/routes/external-mounts.js +73 -0
  21. package/dist/routes/external-mounts.js.map +1 -0
  22. package/dist/routes/file-mounts.d.ts +13 -0
  23. package/dist/routes/file-mounts.js +90 -0
  24. package/dist/routes/file-mounts.js.map +1 -0
  25. package/dist/routes/files-organize.d.ts +28 -0
  26. package/dist/routes/files-organize.js +167 -0
  27. package/dist/routes/files-organize.js.map +1 -0
  28. package/dist/routes/files.d.ts +31 -0
  29. package/dist/routes/files.js +321 -0
  30. package/dist/routes/files.js.map +1 -0
  31. package/dist/routes/instances.js +45 -7
  32. package/dist/routes/instances.js.map +1 -1
  33. package/dist/routes/internal.d.ts +2 -0
  34. package/dist/routes/internal.js +59 -0
  35. package/dist/routes/internal.js.map +1 -0
  36. package/dist/routes/setup.js +9 -9
  37. package/dist/routes/setup.js.map +1 -1
  38. package/dist/routes/system.js +1 -1
  39. package/dist/routes/system.js.map +1 -1
  40. package/dist/routes/webdav.d.ts +17 -0
  41. package/dist/routes/webdav.js +114 -0
  42. package/dist/routes/webdav.js.map +1 -0
  43. package/dist/server.js +341 -3
  44. package/dist/server.js.map +1 -1
  45. package/dist/services/app/app-compiler.d.ts +1 -1
  46. package/dist/services/app/app-compiler.js +5 -5
  47. package/dist/services/app/app-compiler.js.map +1 -1
  48. package/dist/services/app/app-manager.d.ts +1 -0
  49. package/dist/services/app/app-manager.js +172 -41
  50. package/dist/services/app/app-manager.js.map +1 -1
  51. package/dist/services/app/custom-manager.js.map +1 -1
  52. package/dist/services/app/hermes-agent-manager.js +1 -0
  53. package/dist/services/app/hermes-agent-manager.js.map +1 -1
  54. package/dist/services/app/ollama-manager.js +1 -1
  55. package/dist/services/app/ollama-manager.js.map +1 -1
  56. package/dist/services/app/openclaw-manager.js +20 -3
  57. package/dist/services/app/openclaw-manager.js.map +1 -1
  58. package/dist/services/app/platform-transform.d.ts +32 -0
  59. package/dist/services/app/platform-transform.js +65 -0
  60. package/dist/services/app/platform-transform.js.map +1 -0
  61. package/dist/services/app-passwords.d.ts +61 -0
  62. package/dist/services/app-passwords.js +173 -0
  63. package/dist/services/app-passwords.js.map +1 -0
  64. package/dist/services/backup-manager.d.ts +11 -0
  65. package/dist/services/backup-manager.js +177 -4
  66. package/dist/services/backup-manager.js.map +1 -1
  67. package/dist/services/connection-apply.d.ts +2 -0
  68. package/dist/services/connection-apply.js +55 -1
  69. package/dist/services/connection-apply.js.map +1 -1
  70. package/dist/services/connection-resolver.js +1 -1
  71. package/dist/services/connection-resolver.js.map +1 -1
  72. package/dist/services/connection-transactor.d.ts +2 -0
  73. package/dist/services/connection-transactor.js +12 -2
  74. package/dist/services/connection-transactor.js.map +1 -1
  75. package/dist/services/external-mounts.d.ts +40 -0
  76. package/dist/services/external-mounts.js +187 -0
  77. package/dist/services/external-mounts.js.map +1 -0
  78. package/dist/services/files-manager.d.ts +252 -0
  79. package/dist/services/files-manager.js +1075 -0
  80. package/dist/services/files-manager.js.map +1 -0
  81. package/dist/services/files-mounts.d.ts +42 -0
  82. package/dist/services/files-mounts.js +207 -0
  83. package/dist/services/files-mounts.js.map +1 -0
  84. package/dist/services/instance-manager.js +1 -23
  85. package/dist/services/instance-manager.js.map +1 -1
  86. package/dist/services/llm-proxy/index.js.map +1 -1
  87. package/dist/services/llm-proxy/ssrf.js +6 -2
  88. package/dist/services/llm-proxy/ssrf.js.map +1 -1
  89. package/dist/services/nomad-manager.d.ts +4 -0
  90. package/dist/services/nomad-manager.js +53 -19
  91. package/dist/services/nomad-manager.js.map +1 -1
  92. package/dist/services/organize/applier.d.ts +46 -0
  93. package/dist/services/organize/applier.js +218 -0
  94. package/dist/services/organize/applier.js.map +1 -0
  95. package/dist/services/organize/rules.d.ts +57 -0
  96. package/dist/services/organize/rules.js +286 -0
  97. package/dist/services/organize/rules.js.map +1 -0
  98. package/dist/services/organize/scanner.d.ts +50 -0
  99. package/dist/services/organize/scanner.js +366 -0
  100. package/dist/services/organize/scanner.js.map +1 -0
  101. package/dist/services/organize/store.d.ts +14 -0
  102. package/dist/services/organize/store.js +82 -0
  103. package/dist/services/organize/store.js.map +1 -0
  104. package/dist/services/panel-manager.js +20 -1
  105. package/dist/services/panel-manager.js.map +1 -1
  106. package/dist/services/process-manager.js +3 -2
  107. package/dist/services/process-manager.js.map +1 -1
  108. package/dist/services/runtime/adapters/hermes.js +1 -1
  109. package/dist/services/runtime/adapters/hermes.js.map +1 -1
  110. package/dist/services/runtime/adapters/openclaw-routes.d.ts +8 -2
  111. package/dist/services/runtime/adapters/openclaw-routes.js +68 -0
  112. package/dist/services/runtime/adapters/openclaw-routes.js.map +1 -1
  113. package/dist/services/runtime/adapters/openclaw.d.ts +90 -0
  114. package/dist/services/runtime/adapters/openclaw.js +957 -45
  115. package/dist/services/runtime/adapters/openclaw.js.map +1 -1
  116. package/dist/services/runtime/instance.d.ts +1 -1
  117. package/dist/services/runtime/instance.js +1 -1
  118. package/dist/services/runtime/instance.js.map +1 -1
  119. package/dist/services/runtime/mcp-shims/anythingllm-shim.d.ts +46 -0
  120. package/dist/services/runtime/mcp-shims/anythingllm-shim.js +281 -0
  121. package/dist/services/runtime/mcp-shims/anythingllm-shim.js.map +1 -0
  122. package/dist/services/runtime/mcp-shims/drive-shim.d.ts +54 -0
  123. package/dist/services/runtime/mcp-shims/drive-shim.js +489 -0
  124. package/dist/services/runtime/mcp-shims/drive-shim.js.map +1 -0
  125. package/dist/services/runtime/types.d.ts +31 -0
  126. package/dist/services/setup-manager.js +93 -18
  127. package/dist/services/setup-manager.js.map +1 -1
  128. package/dist/services/suggestions.js.map +1 -1
  129. package/dist/services/webdav/server.d.ts +24 -0
  130. package/dist/services/webdav/server.js +420 -0
  131. package/dist/services/webdav/server.js.map +1 -0
  132. package/dist/services/webdav/xml-builder.d.ts +73 -0
  133. package/dist/services/webdav/xml-builder.js +156 -0
  134. package/dist/services/webdav/xml-builder.js.map +1 -0
  135. package/dist/services/workspace-builder.d.ts +29 -0
  136. package/dist/services/workspace-builder.js +188 -0
  137. package/dist/services/workspace-builder.js.map +1 -0
  138. package/dist/types.d.ts +60 -0
  139. package/dist/utils/path-locks.d.ts +30 -0
  140. package/dist/utils/path-locks.js +63 -0
  141. package/dist/utils/path-locks.js.map +1 -0
  142. package/dist/utils/path-safety.d.ts +41 -0
  143. package/dist/utils/path-safety.js +119 -0
  144. package/dist/utils/path-safety.js.map +1 -0
  145. package/dist/utils/safe-write.d.ts +24 -0
  146. package/dist/utils/safe-write.js +82 -0
  147. package/dist/utils/safe-write.js.map +1 -0
  148. package/package.json +16 -1
  149. package/public/assets/Dashboard-BdWPtroF.js +1 -0
  150. package/public/assets/{HermesChatPanel-_GHoklgo.js → HermesChatPanel-B_2HlVBQ.js} +1 -1
  151. package/public/assets/{HermesConfigForm-anDnwUp_.js → HermesConfigForm-DVlhg3WV.js} +2 -2
  152. package/public/assets/{InitPassword-ZU9_-hDr.js → InitPassword-D7glTExX.js} +1 -1
  153. package/public/assets/InstanceDetail-CxSy2cpe.js +92 -0
  154. package/public/assets/{Login-BItXqYAJ.js → Login-Cfr5c2sv.js} +1 -1
  155. package/public/assets/NewInstance-BIYDmJis.js +1 -0
  156. package/public/assets/{ProviderRecommendations-DFYj7Fb6.js → ProviderRecommendations-BuRnvRcI.js} +1 -1
  157. package/public/assets/{Settings-Bttc6QmM.js → Settings-Cc-tYBil.js} +1 -1
  158. package/public/assets/{Setup-Bsxx1zgj.js → Setup-lGZEk5jq.js} +1 -1
  159. package/public/assets/{WeixinLoginPanel-DPZpAKgO.js → WeixinLoginPanel-CoGqzxeV.js} +2 -2
  160. package/public/assets/index-87IJXG-w.css +1 -0
  161. package/public/assets/index-BZc5zH7u.js +19 -0
  162. package/public/assets/{registry-5s2UB6is.js → registry-BWnkJgZ1.js} +2 -2
  163. package/public/assets/{usePolling-Do5Erqm_.js → usePolling-CwwT9KrC.js} +1 -1
  164. package/public/assets/{vendor-i18n-ucpM0OR0.js → vendor-i18n-y9V7Sfuu.js} +1 -1
  165. package/public/assets/{vendor-react-Bk1hRGiY.js → vendor-react-BWrEVJVb.js} +6 -6
  166. package/public/index.html +4 -4
  167. package/scripts/check-app-spec.mjs +18 -4
  168. package/scripts/check-new-file-tests.mjs +230 -0
  169. package/scripts/check-quarantine-expiry.mjs +105 -0
  170. package/scripts/perf/README.md +49 -0
  171. package/scripts/perf/auth.js +99 -0
  172. package/scripts/perf/config.js +63 -0
  173. package/scripts/perf/instances.js +143 -0
  174. package/scripts/perf/proxy.js +96 -0
  175. package/scripts/smoke/files-w1.sh +142 -0
  176. package/scripts/smoke-backend.mjs +122 -0
  177. package/scripts/smoke-post-publish.mjs +346 -0
  178. package/public/assets/Dashboard-rkWp-CXd.js +0 -1
  179. package/public/assets/InstanceDetail-CN0FH1aw.js +0 -92
  180. package/public/assets/NewInstance-BousE6kY.js +0 -1
  181. package/public/assets/index-8xZy1z5k.css +0 -1
  182. package/public/assets/index-Dw3HhUYE.js +0 -19
@@ -0,0 +1,252 @@
1
+ import { Readable } from "node:stream";
2
+ import { isHidden } from "../utils/path-safety.js";
3
+ import { type ExternalMount } from "./external-mounts.js";
4
+ export interface DirEntry {
5
+ name: string;
6
+ is_dir: boolean;
7
+ size: number;
8
+ mtime: number;
9
+ etag: string;
10
+ mime?: string;
11
+ child_count?: number;
12
+ }
13
+ export interface DirListing {
14
+ path: string;
15
+ entries: DirEntry[];
16
+ quota_mb: number;
17
+ used_mb: number;
18
+ available_mb: number;
19
+ }
20
+ export interface ReadStreamResult {
21
+ /** Lazy: opens the file only when called. Avoids leaking fds in 304 paths. */
22
+ openStream: () => Readable;
23
+ etag: string;
24
+ mime: string;
25
+ size: number;
26
+ mtime: number;
27
+ }
28
+ export interface ReadSmallResult {
29
+ buf: Buffer;
30
+ etag: string;
31
+ mime: string;
32
+ truncated: boolean;
33
+ size: number;
34
+ }
35
+ export interface WriteOptions {
36
+ ifMatch?: string;
37
+ overwrite?: boolean;
38
+ expectedSize?: number;
39
+ }
40
+ export interface WriteResult {
41
+ etag: string;
42
+ size: number;
43
+ mime: string;
44
+ }
45
+ export interface QuotaInfo {
46
+ quota_mb: number;
47
+ used_mb: number;
48
+ available_mb: number;
49
+ trash_mb: number;
50
+ }
51
+ export interface FilesManagerConfig {
52
+ filesRoot?: string;
53
+ trashRoot?: string;
54
+ auditLog?: string;
55
+ quotaMb?: number;
56
+ maxUploadMb?: number;
57
+ textPreviewMaxKb?: number;
58
+ blockedExtensions?: Set<string>;
59
+ /**
60
+ * External mount points — virtual subtrees of files/ that resolve
61
+ * to host paths outside FILES_ROOT. Validated by the caller (typically
62
+ * loaded from panel.json:external_mounts).
63
+ */
64
+ externalMounts?: ExternalMount[];
65
+ }
66
+ export declare class FilesError extends Error {
67
+ code: string;
68
+ httpStatus: number;
69
+ constructor(message: string, code: string, httpStatus: number);
70
+ }
71
+ export interface SidecarMeta {
72
+ schema_version: 1;
73
+ sha256: string;
74
+ size: number;
75
+ mtime: number;
76
+ indexed_at: number;
77
+ tags?: string[];
78
+ summary?: string;
79
+ links?: Array<{
80
+ path: string;
81
+ rel: string;
82
+ }>;
83
+ agent_notes?: string;
84
+ [key: string]: any;
85
+ }
86
+ export interface SearchHit {
87
+ path: string;
88
+ sha256: string;
89
+ snippet: string;
90
+ score: number;
91
+ }
92
+ export interface ReindexResult {
93
+ indexed: number;
94
+ skipped: number;
95
+ errors: number;
96
+ }
97
+ export declare class FilesManager {
98
+ private filesRoot;
99
+ private trashRoot;
100
+ private auditLog;
101
+ private quotaMb;
102
+ private maxUploadMb;
103
+ private textPreviewMaxKb;
104
+ private blockedExtensions;
105
+ private externalMounts;
106
+ private _indexDb;
107
+ private _indexDbRegistered;
108
+ constructor(cfg?: FilesManagerConfig);
109
+ /**
110
+ * Replace the current external-mount set; used when panel.json is
111
+ * mutated through routes/external-mounts.ts so a new mount becomes
112
+ * visible without restarting the server.
113
+ */
114
+ setExternalMounts(mounts: ExternalMount[]): void;
115
+ list(relPath: string, opts?: {
116
+ showHidden?: boolean;
117
+ }): Promise<DirListing>;
118
+ readStream(relPath: string): Promise<ReadStreamResult>;
119
+ readSmall(relPath: string, maxBytes: number): Promise<ReadSmallResult>;
120
+ writeStream(relPath: string, source: Readable, opts?: WriteOptions): Promise<WriteResult>;
121
+ mkdir(relPath: string): Promise<void>;
122
+ move(fromRel: string, toRel: string, overwrite?: boolean): Promise<void>;
123
+ remove(relPath: string): Promise<void>;
124
+ private removeInternal;
125
+ /**
126
+ * Resolve a files/-relative path to its absolute host filesystem path.
127
+ *
128
+ * Why a public API: the drive-shim (and the agents that call it via MCP)
129
+ * needs to hand the resulting absolute path to IM channel plugins
130
+ * (Feishu / WeChat / Telegram / ...) that send files. Those plugins read
131
+ * from the local filesystem, not via HTTP. The OpenClaw container runs
132
+ * with host==container bind mounts (see buildVolumes in
133
+ * src/services/runtime/adapters/openclaw.ts), so the same absolute
134
+ * string is valid on both sides; raw_exec / process service managers
135
+ * run the agent natively on the host, where the path is also directly
136
+ * usable.
137
+ *
138
+ * External mounts: a path whose first segment is an external mount
139
+ * alias resolves into the mount's host_path. The returned abs_path
140
+ * points at the real host location; external_mount is set so the
141
+ * caller can warn the user that this is outside files/. mode is
142
+ * propagated so writers know if it's read-only.
143
+ *
144
+ * Symlink policy: if the path resolves to a symlink we still surface
145
+ * the abs_path (callers may legitimately want to know where it points
146
+ * conceptually), but exists is reported as false to discourage handing
147
+ * symlinks to channel plugins.
148
+ */
149
+ resolveLocalPath(relPath: string): Promise<{
150
+ abs_path: string;
151
+ exists: boolean;
152
+ external_mount?: string;
153
+ external_mount_mode?: "ro" | "rw";
154
+ is_dir?: boolean;
155
+ size?: number;
156
+ mtime?: number;
157
+ }>;
158
+ quota(): Promise<QuotaInfo>;
159
+ private assertQuotaAvailable;
160
+ audit(op: string, relPath: string, meta?: Record<string, any>): void;
161
+ /**
162
+ * Resolve a files/-relative path. If the first segment matches a
163
+ * registered external mount alias the path is virtualized into the
164
+ * mount's host_path; otherwise the path resolves under FILES_ROOT.
165
+ *
166
+ * Symlink defense (assertNoSymlinkInAncestors) and lstat checks in
167
+ * the calling op still run on the absolute path returned here, so
168
+ * symlinks INSIDE an external mount are still rejected.
169
+ */
170
+ private resolve;
171
+ private resolveOp;
172
+ /**
173
+ * Refuse mutations that target a read-only external mount. Called by
174
+ * write / move / delete / mkdir before any fs work.
175
+ */
176
+ private assertWritable;
177
+ /**
178
+ * Defense layer 3 (per path-safety.ts header): refuse symlinks at the
179
+ * target path AND refuse paths that traverse a symlink in their parent
180
+ * chain inside the trust root.
181
+ *
182
+ * For external mounts the trust root is the mount's host_path (the
183
+ * user explicitly chose that directory; symlinks inside it are their
184
+ * own filesystem and not an attack we need to defend against). For
185
+ * regular files/ paths the trust root is FILES_ROOT.
186
+ */
187
+ private statOrThrow;
188
+ /**
189
+ * Walk up from `abs` toward the relevant trust root and refuse if any
190
+ * intermediate component is a symlink. Trust root is FILES_ROOT for
191
+ * regular paths and the matching external-mount host_path for paths
192
+ * that fall inside an external mount.
193
+ */
194
+ private assertNoSymlinkInAncestors;
195
+ /**
196
+ * Find the trust root for an absolute path: either an external mount's
197
+ * host_path (if abs is inside one) or FILES_ROOT.
198
+ */
199
+ private trustRootFor;
200
+ private checkExtension;
201
+ /**
202
+ * Returns the knowledge directory path (does NOT create it).
203
+ */
204
+ private get knowledgeDir();
205
+ /**
206
+ * Returns the SQLite DB path.
207
+ */
208
+ private get indexDbPath();
209
+ /**
210
+ * Returns the sidecar path for a given sha256.
211
+ */
212
+ private sidecarPath;
213
+ /**
214
+ * Creates ~/.jishushell/files/.knowledge/ (mode 0700) and, on first
215
+ * creation only, writes a README.md explaining the directory is
216
+ * panel-private metadata. README is idempotent: only written when the
217
+ * file doesn't already exist, never overwritten.
218
+ */
219
+ private ensureKnowledgeDir;
220
+ /**
221
+ * Lazy-initialize the SQLite FTS5 handle. Creates the .knowledge dir
222
+ * and the schema on first call.
223
+ */
224
+ private getIndexDb;
225
+ /**
226
+ * Search the FTS5 index.
227
+ */
228
+ searchIndex(query: string, opts?: {
229
+ limit?: number;
230
+ pathPrefix?: string;
231
+ }): Promise<SearchHit[]>;
232
+ /**
233
+ * Read a sidecar JSON for a file identified by sha256 or path.
234
+ */
235
+ getMeta(args: {
236
+ sha256?: string;
237
+ path?: string;
238
+ }): Promise<SidecarMeta | null>;
239
+ /**
240
+ * Write (merge or replace) a sidecar for a given sha256.
241
+ */
242
+ setMeta(sha256: string, payload: Partial<SidecarMeta>, opts?: {
243
+ merge?: boolean;
244
+ }): Promise<SidecarMeta>;
245
+ /**
246
+ * Walk the file tree and upsert text-indexable files into the FTS5 index.
247
+ */
248
+ reindex(opts?: {
249
+ pathPrefix?: string;
250
+ }): Promise<ReindexResult>;
251
+ }
252
+ export { isHidden };