npm - koishi-plugin-new-auth - Versions diffs - 0.1.0 → 0.2.0 - Mend

koishi-plugin-new-auth 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md CHANGED Viewed

@@ -10,7 +10,8 @@ It implements the first usable version described in `newauth.md`:
 - Koishi's legacy `authority` value is recorded as a suggestion, not used as the final grant;
 - policies are evaluated by `scope + role + command`;
 - guild owner/admin/member roles are separated from Bot administrator;
-- custom roles and role members can be managed from Koishi commands.
+- custom roles and role members can be managed from Koishi commands;
+- Koishi Console WebUI is available when `@koishijs/plugin-console` is installed.
 ## Configuration
@@ -67,3 +68,18 @@ guest
 ```
 Custom roles do not inherit from other roles. To give a custom role access to a command, add an explicit policy with `newauth.allow`.
+## WebUI
+Install Koishi Console and open the `⌗ 新权限` page.
+The page provides:
+- role-first command policy editing;
+- global and guild scope switching;
+- pending command review;
+- legacy `authority` suggestions;
+- AI-style automatic assignment for pending commands;
+- command status and guild override toggles.
+The automatic assignment advisor is conservative: dangerous instance-level commands are kept for `bot-admin`, group moderation commands go to `guild-admin` and `guild-owner`, normal user commands go to `guild-member` and above, and unclear commands fall back to the legacy authority suggestion.

package/dist/index.js ADDED Viewed

@@ -0,0 +1 @@

+ import{defineComponent as H,ref as v,computed as c,watch as J,openBlock as o,createElementBlock as a,createElementVNode as t,toDisplayString as s,withDirectives as y,Fragment as m,renderList as x,vModelSelect as U,normalizeClass as g,createCommentVNode as G,vModelCheckbox as K,createTextVNode as T,vModelText as D}from"vue";import{store as E,send as k}from"@koishijs/client";const Q={class:"new-auth-page"},W={class:"topbar"},X={class:"top-actions"},Y=["value"],Z=["disabled"],ee=["disabled"],te={class:"tabs"},le={key:0,class:"error"},ne={key:1,class:"role-layout"},se={class:"role-list"},oe=["onClick"],ae={key:0,class:"detail"},ie={class:"detail-head"},ue={class:"check"},de={class:"filters"},re={class:"command-list"},ce={class:"command-main"},ve={class:"state-buttons"},pe=["onClick"],ge=["onClick"],he=["onClick"],_e={key:2,class:"pending-grid"},fe={class:"row-actions"},be=["disabled","onClick"],ye=["disabled","onClick"],ke={key:0,class:"empty"},Ce={key:3,class:"commands-table"},we={class:"filters"},me={class:"command-main"},xe={class:"command-controls"},Ae={class:"check"},Ie=["checked","onChange"],Ve=["value","onChange"],$e=H({__name:"new-auth",setup(C){const i=v("roles"),u=v("global"),d=v(""),p=v(""),h=v("all"),$=v(false),_=v(false),A=v(""),w=c(()=>E.newauth||{roles:[],commands:[],policies:[],scopes:[{id:"global",name:"全局默认"}],pendingCount:0}),I=c(()=>w.value.roles),P=c(()=>w.value.commands),L=c(()=>w.value.policies),B=c(()=>{var n;return(n=w.value.scopes)!=null&&n.length?w.value.scopes:[{id:"global",name:"全局默认"}]}),V=c(()=>P.value.filter(n=>n.status==="pending")),f=c(()=>I.value.find(n=>n.id===d.value));J(I,n=>{!d.value&&n.length&&(d.value=n[0].id)},{immediate:true});const M=c(()=>{const n=p.value.toLowerCase();return P.value.filter(l=>h.value!=="all"&&l.status!==h.value?false:n?[l.id,l.name,l.commandPath,l.plugin,l.description].some(e=>e==null?void 0:e.toLowerCase().includes(n)):true)}),F=c(()=>f.value?M.value.filter(n=>{var l,e;return $.value||((l=f.value)==null?void 0:l.id)==="bot-admin"||((e=f.value)==null?void 0:e.scopeType)==="global"?true:n.allowGuildOverride}):[]);function S(n){const l=L.value.find(e=>e.scope===u.value&&e.roleId===d.value&&e.commandId===n);return(l==null?void 0:l.state)||"inherit"}async function b(n){_.value=true,A.value="";try{await n}catch(l){A.value=l instanceof Error?l.message:String(l)}finally{_.value=false}}async function R(){return b((async()=>{const n=await k("newauth/getData");E.newauth=n})())}function O(n,l){return b(k("newauth/setPolicy",{scope:u.value,roleId:d.value,commandId:n,state:l}))}function N(n,l){return b(k("newauth/applySuggestion",{commandId:n,scope:u.value,mode:l}))}function q(){return b(k("newauth/autoAssignPending",{scope:u.value,mode:"advisor"}))}function z(n,l){const e=l.target;return b(k("newauth/setGuildOverride",{commandId:n.id,allowGuildOverride:e.checked}))}function j(n,l){const e=l.target;return b(k("newauth/setCommandStatus",{commandId:n.id,status:e.value}))}return(n,l)=>(o(),a("main",Q,[t("header",W,[t("div",null,[l[9]||(l[9]=t("h1",null,"新权限",-1)),t("p",null,s(I.value.length)+" 个角色 / "+s(P.value.length)+" 个指令 / "+s(V.value.length)+" 个待配置",1)]),t("div",X,[y(t("select",{"onUpdate:modelValue":l[0]||(l[0]=e=>u.value=e),class:"scope-select"},[(o(true),a(m,null,x(B.value,e=>(o(),a("option",{key:e.id,value:e.id},s(e.name),9,Y))),128))],512),[[U,u.value]]),t("button",{class:"primary",disabled:_.value||!V.value.length,onClick:q}," AI 自动分配待配置 ",8,Z),t("button",{disabled:_.value,onClick:R},"刷新",8,ee)])]),t("nav",te,[t("button",{class:g({active:i.value==="roles"}),onClick:l[1]||(l[1]=e=>i.value="roles")},"角色",2),t("button",{class:g({active:i.value==="pending"}),onClick:l[2]||(l[2]=e=>i.value="pending")},"待配置",2),t("button",{class:g({active:i.value==="commands"}),onClick:l[3]||(l[3]=e=>i.value="commands")},"指令",2)]),A.value?(o(),a("p",le,s(A.value),1)):G("v-if",true),i.value==="roles"?(o(),a("section",ne,[t("aside",se,[(o(true),a(m,null,x(I.value,e=>(o(),a("button",{key:e.id,class:g(["role-item",{active:e.id===d.value}]),onClick:r=>d.value=e.id},[t("span",null,[t("strong",null,s(e.name),1),t("small",null,s(e.builtin?"内置角色":"自定义角色")+" / "+s(e.scopeType),1)]),t("em",null,s(e.allowCount),1)],10,oe))),128))]),f.value?(o(),a("section",ae,[t("div",ie,[t("div",null,[t("h2",null,s(f.value.name),1),t("p",null,s(f.value.id),1)]),t("label",ue,[y(t("input",{type:"checkbox","onUpdate:modelValue":l[4]||(l[4]=e=>$.value=e)},null,512),[[K,$.value]]),l[10]||(l[10]=T(" 审计模式 ",-1))])]),t("div",de,[y(t("input",{"onUpdate:modelValue":l[5]||(l[5]=e=>p.value=e),placeholder:"搜索指令、插件、描述"},null,512),[[D,p.value,void 0,{trim:true}]]),y(t("select",{"onUpdate:modelValue":l[6]||(l[6]=e=>h.value=e)},[...l[11]||(l[11]=[t("option",{value:"all"},"全部状态",-1),t("option",{value:"pending"},"待配置",-1),t("option",{value:"configured"},"已配置",-1),t("option",{value:"disabled"},"已禁用",-1)])],512),[[U,h.value]])]),t("div",re,[(o(true),a(m,null,x(F.value,e=>(o(),a("article",{key:e.id,class:"command-row"},[t("div",ce,[t("strong",null,s(e.name),1),t("span",null,s(e.commandPath),1),t("small",null,s(e.plugin)+" / legacy "+s(e.legacyAuthority)+" / "+s(e.suggestion.label),1)]),t("div",ve,[t("button",{class:g({active:S(e.id)==="inherit"}),onClick:r=>O(e.id,"inherit")}," 继承 ",10,pe),t("button",{class:g({active:S(e.id)==="allow"}),onClick:r=>O(e.id,"allow")}," 开 ",10,ge),t("button",{class:g({active:S(e.id)==="deny"}),onClick:r=>O(e.id,"deny")}," 关 ",10,he)])]))),128))])])):G("v-if",true)])):i.value==="pending"?(o(),a("section",_e,[(o(true),a(m,null,x(V.value,e=>(o(),a("article",{key:e.id,class:"pending-item"},[t("div",null,[t("strong",null,s(e.name),1),t("span",null,s(e.commandPath),1),t("small",null,s(e.plugin)+" / legacy "+s(e.legacyAuthority),1)]),t("dl",null,[l[12]||(l[12]=t("dt",null,"旧建议",-1)),t("dd",null,s(e.suggestion.label),1),l[13]||(l[13]=t("dt",null,"AI 建议",-1)),t("dd",null,s(e.autoAssign.label)+"："+s(e.autoAssign.reason),1)]),t("div",fe,[t("button",{disabled:_.value,onClick:r=>N(e.id,"legacy")},"采用旧建议",8,be),t("button",{class:"primary",disabled:_.value,onClick:r=>N(e.id,"advisor")},"采用 AI 建议",8,ye)])]))),128)),V.value.length?G("v-if",true):(o(),a("p",ke,"没有待配置指令。"))])):(o(),a("section",Ce,[t("div",we,[y(t("input",{"onUpdate:modelValue":l[7]||(l[7]=e=>p.value=e),placeholder:"搜索指令、插件、描述"},null,512),[[D,p.value,void 0,{trim:true}]]),y(t("select",{"onUpdate:modelValue":l[8]||(l[8]=e=>h.value=e)},[...l[14]||(l[14]=[t("option",{value:"all"},"全部状态",-1),t("option",{value:"pending"},"待配置",-1),t("option",{value:"configured"},"已配置",-1),t("option",{value:"disabled"},"已禁用",-1)])],512),[[U,h.value]])]),(o(true),a(m,null,x(M.value,e=>(o(),a("article",{key:e.id,class:"command-row"},[t("div",me,[t("strong",null,s(e.name),1),t("span",null,s(e.id),1),t("small",null,s(e.plugin)+" / "+s(e.commandPath)+" / "+s(e.autoAssign.label),1)]),t("div",xe,[t("label",Ae,[t("input",{type:"checkbox",checked:e.allowGuildOverride,onChange:r=>z(e,r)},null,40,Ie),l[15]||(l[15]=T(" 群内自治 ",-1))]),t("select",{value:e.status,onChange:r=>j(e,r)},[...l[16]||(l[16]=[t("option",{value:"pending"},"待配置",-1),t("option",{value:"configured"},"已配置",-1),t("option",{value:"disabled"},"已禁用",-1)])],40,Ve)])]))),128))]))]))}}),Pe=(C,i)=>{const u=C.__vccOpts||C;for(const[d,p]of i)u[d]=p;return u},Se=Pe($e,[["__scopeId","data-v-b49c6f52"]]),Ge=C=>{C.page({name:"新权限",path:"/new-auth",icon:"⌗",fields:["newauth"],authority:4,component:Se})};export{Ge as default};

package/dist/style.css ADDED Viewed

@@ -0,0 +1 @@

+ .new-auth-page[data-v-b49c6f52]{min-height:100vh;background:#f6f7f4;color:#1f2523;padding:20px}.topbar[data-v-b49c6f52],.detail-head[data-v-b49c6f52],.filters[data-v-b49c6f52],.row-actions[data-v-b49c6f52],.command-controls[data-v-b49c6f52],.top-actions[data-v-b49c6f52]{display:flex;align-items:center;gap:12px}.topbar[data-v-b49c6f52]{justify-content:space-between;border-bottom:1px solid #d9ded6;padding-bottom:16px}h1[data-v-b49c6f52],h2[data-v-b49c6f52],p[data-v-b49c6f52]{margin:0}h1[data-v-b49c6f52]{font-size:26px;line-height:1.2}h2[data-v-b49c6f52]{font-size:20px}p[data-v-b49c6f52],small[data-v-b49c6f52],span[data-v-b49c6f52],dd[data-v-b49c6f52],dt[data-v-b49c6f52]{color:#63706a}button[data-v-b49c6f52],select[data-v-b49c6f52],input[data-v-b49c6f52]{border:1px solid #c7cec8;border-radius:6px;background:#fff;color:#1f2523;min-height:34px;padding:0 10px;font:inherit}button[data-v-b49c6f52]{cursor:pointer}button[data-v-b49c6f52]:disabled{cursor:not-allowed;opacity:.55}.primary[data-v-b49c6f52]{background:#285e54;border-color:#285e54;color:#fff}.tabs[data-v-b49c6f52]{display:flex;gap:6px;margin:16px 0}.tabs button.active[data-v-b49c6f52],.state-buttons button.active[data-v-b49c6f52]{background:#25312d;border-color:#25312d;color:#fff}.role-layout[data-v-b49c6f52]{display:grid;grid-template-columns:minmax(220px,280px) 1fr;gap:16px}.role-list[data-v-b49c6f52]{display:grid;gap:8px;align-content:start}.role-item[data-v-b49c6f52]{display:flex;justify-content:space-between;align-items:center;min-height:58px;text-align:left}.role-item span[data-v-b49c6f52],.command-main[data-v-b49c6f52]{display:grid;gap:3px;min-width:0}.role-item.active[data-v-b49c6f52]{border-color:#285e54;box-shadow:inset 3px 0 #285e54}.role-item em[data-v-b49c6f52]{font-style:normal;color:#8b4a2f}.detail[data-v-b49c6f52]{min-width:0}.detail-head[data-v-b49c6f52]{justify-content:space-between;margin-bottom:12px}.filters[data-v-b49c6f52]{margin-bottom:12px}.filters input[data-v-b49c6f52]{flex:1;min-width:180px}.command-list[data-v-b49c6f52],.pending-grid[data-v-b49c6f52],.commands-table[data-v-b49c6f52]{display:grid;gap:8px}.command-row[data-v-b49c6f52],.pending-item[data-v-b49c6f52]{background:#fff;border:1px solid #d9ded6;border-radius:8px;padding:12px}.command-row[data-v-b49c6f52]{display:grid;grid-template-columns:minmax(0,1fr) auto;gap:12px;align-items:center}.command-main strong[data-v-b49c6f52],.command-main span[data-v-b49c6f52],.command-main small[data-v-b49c6f52]{overflow:hidden;text-overflow:ellipsis;white-space:nowrap}.state-buttons[data-v-b49c6f52]{display:grid;grid-template-columns:repeat(3,54px);gap:6px}.pending-grid[data-v-b49c6f52]{grid-template-columns:repeat(auto-fill,minmax(300px,1fr))}.pending-item[data-v-b49c6f52]{display:grid;gap:10px}dl[data-v-b49c6f52]{display:grid;grid-template-columns:58px 1fr;gap:4px 8px;margin:0}dd[data-v-b49c6f52]{margin:0}.check[data-v-b49c6f52]{display:inline-flex;align-items:center;gap:6px;white-space:nowrap}.check input[data-v-b49c6f52]{min-height:0}.error[data-v-b49c6f52]{border:1px solid #d9a09a;background:#fff1ef;color:#8a2d22;border-radius:6px;padding:10px;margin-bottom:12px}.empty[data-v-b49c6f52]{padding:24px 0}@media (max-width: 760px){.new-auth-page[data-v-b49c6f52]{padding:12px}.topbar[data-v-b49c6f52],.detail-head[data-v-b49c6f52],.command-row[data-v-b49c6f52]{grid-template-columns:1fr;display:grid}.top-actions[data-v-b49c6f52],.filters[data-v-b49c6f52],.command-controls[data-v-b49c6f52]{flex-wrap:wrap}.role-layout[data-v-b49c6f52]{grid-template-columns:1fr}.state-buttons[data-v-b49c6f52]{grid-template-columns:repeat(3,minmax(0,1fr))}}

package/lib/index.d.ts CHANGED Viewed

@@ -1,11 +1,15 @@
 import { Command, Context, Schema, Session } from 'koishi';
 import type { Argv } from 'koishi';
 export declare const name = "new-auth";
-export declare const inject: string[];
+export declare const inject: {
+    required: string[];
+    optional: string[];
+};
 type RoleType = 'builtin' | 'custom';
 type ScopeType = 'global' | 'guild';
 type CommandStatus = 'pending' | 'configured' | 'disabled';
 type PolicyState = 'inherit' | 'allow' | 'deny';
+type AutoAssignKind = 'public' | 'moderation' | 'owner' | 'admin' | 'legacy';
 export interface NewAuthCommandRecord {
     id: string;
     name: string;
@@ -53,6 +57,112 @@ declare module 'koishi' {
         newauth: NewAuthService;
     }
 }
+declare module '@koishijs/plugin-console' {
+    namespace Console {
+        interface Services {
+            newauth: NewAuthConsoleService;
+        }
+    }
+    interface Events {
+        'newauth/getData'(): Promise<NewAuthConsoleData>;
+        'newauth/setPolicy'(payload: SetPolicyPayload): Promise<{
+            success: true;
+        }>;
+        'newauth/setCommandStatus'(payload: SetCommandStatusPayload): Promise<{
+            success: true;
+        }>;
+        'newauth/setGuildOverride'(payload: SetGuildOverridePayload): Promise<{
+            success: true;
+        }>;
+        'newauth/applySuggestion'(payload: ApplySuggestionPayload): Promise<{
+            success: true;
+        }>;
+        'newauth/autoAssignPending'(payload?: AutoAssignPayload): Promise<{
+            success: true;
+            count: number;
+        }>;
+        'newauth/createRole'(payload: CreateRolePayload): Promise<{
+            success: true;
+        }>;
+        'newauth/addMember'(payload: MemberPayload): Promise<{
+            success: true;
+        }>;
+        'newauth/removeMember'(payload: MemberPayload): Promise<{
+            success: true;
+        }>;
+        'newauth/copyRolePolicies'(payload: CopyRolePoliciesPayload): Promise<{
+            success: true;
+            count: number;
+        }>;
+    }
+}
+export interface NewAuthConsoleData {
+    roles: RoleView[];
+    commands: CommandView[];
+    policies: NewAuthPolicyRecord[];
+    members: NewAuthRoleMemberRecord[];
+    scopes: ScopeView[];
+    pendingCount: number;
+    autoAssignAvailable: boolean;
+}
+export interface RoleView extends NewAuthRoleRecord {
+    allowCount: number;
+}
+export interface CommandView extends NewAuthCommandRecord {
+    suggestion: RoleSuggestion;
+    autoAssign: AutoAssignSuggestion;
+}
+export interface ScopeView {
+    id: string;
+    name: string;
+    type: ScopeType;
+}
+export interface RoleSuggestion {
+    roles: string[];
+    label: string;
+}
+export interface AutoAssignSuggestion extends RoleSuggestion {
+    kind: AutoAssignKind;
+    reason: string;
+}
+interface SetPolicyPayload {
+    scope: string;
+    roleId: string;
+    commandId: string;
+    state: PolicyState;
+}
+interface SetCommandStatusPayload {
+    commandId: string;
+    status: CommandStatus;
+}
+interface SetGuildOverridePayload {
+    commandId: string;
+    allowGuildOverride: boolean;
+}
+interface ApplySuggestionPayload {
+    commandId: string;
+    scope?: string;
+    mode?: 'legacy' | 'advisor';
+}
+interface AutoAssignPayload {
+    scope?: string;
+    mode?: 'legacy' | 'advisor';
+}
+interface CreateRolePayload {
+    id: string;
+    name: string;
+    scopeType: ScopeType;
+}
+interface MemberPayload {
+    roleId: string;
+    uid: string;
+    scope: string;
+}
+interface CopyRolePoliciesPayload {
+    sourceRoleId: string;
+    targetRoleId: string;
+    scope: string;
+}
 export interface Config {
     botAdmins: string[];
     trustLegacyAuthorityAsAdmin: boolean;
@@ -128,24 +238,36 @@ export declare class NewAuthService {
         query?: string;
     }): Promise<NewAuthCommandRecord[]>;
     listRoles(): Promise<NewAuthRoleRecord[]>;
+    listPolicies(): Promise<NewAuthPolicyRecord[]>;
+    listMembers(): Promise<NewAuthRoleMemberRecord[]>;
+    listScopes(): Promise<ScopeView[]>;
+    getConsoleData(): Promise<NewAuthConsoleData>;
     addBotAdmin(uid: string): Promise<void>;
     removeBotAdmin(uid: string): Promise<void>;
     createCustomRole(id: string, name: string, scopeType?: ScopeType): Promise<void>;
     addRoleMember(roleId: string, uid: string, scope?: string): Promise<void>;
     removeRoleMember(roleId: string, uid: string, scope?: string): Promise<void>;
+    copyRolePolicies(sourceRoleId: string, targetRoleId: string, scope?: string): Promise<number>;
     setCommandStatus(input: string, status: CommandStatus): Promise<NewAuthCommandRecord>;
+    setCommandGuildOverride(input: string, allowGuildOverride: boolean): Promise<NewAuthCommandRecord>;
     setCommandPolicy(scope: string, roleId: string, input: string, state: PolicyState): Promise<NewAuthCommandRecord>;
+    applySuggestedPolicy(input: string, scope?: string, mode?: 'legacy' | 'advisor'): Promise<NewAuthCommandRecord>;
+    autoAssignPending(scope?: string, mode?: 'legacy' | 'advisor'): Promise<number>;
     getCommand(input: string): Promise<NewAuthCommandRecord>;
     private ensureBuiltinRoles;
+    private applyRolesToCommand;
     private createCommandRecord;
     private getDescription;
     private resolveCommandInput;
     private setPolicy;
     private getEffectivePolicy;
+    private getAutoAssignSuggestion;
     private ensureRoleMember;
+    private ensureRoleExists;
     private hasPlatformRole;
     private grantRuntimeCommandPermission;
     private getCommandList;
     private isSelfCommand;
 }
+export type NewAuthConsoleService = any;
 export {};

package/lib/index.js CHANGED Viewed

@@ -3,8 +3,9 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.NewAuthService = exports.Config = exports.inject = exports.name = void 0;
 exports.apply = apply;
 const koishi_1 = require("koishi");
+const path_1 = require("path");
 exports.name = 'new-auth';
-exports.inject = ['database'];
+exports.inject = { required: ['database'], optional: ['console'] };
 const BUILTIN_ROLES = [
     {
         id: 'bot-admin',
@@ -125,6 +126,9 @@ function apply(ctx, config) {
         return service.intercept(argv);
     });
     registerManagementCommands(ctx, config, service);
+    ctx.inject(['console'], (ctx) => {
+        registerConsole(ctx, service);
+    });
 }
 class NewAuthService {
     constructor(ctx, config) {
@@ -290,6 +294,62 @@ class NewAuthService {
         const records = await this.ctx.database.get('new_auth_role', {});
         return records.sort((a, b) => Number(a.builtin) - Number(b.builtin) || a.id.localeCompare(b.id));
     }
+    async listPolicies() {
+        return this.ctx.database.get('new_auth_policy', {});
+    }
+    async listMembers() {
+        return this.ctx.database.get('new_auth_role_member', {});
+    }
+    async listScopes() {
+        const scopes = [{ id: 'global', name: '全局默认', type: 'global' }];
+        const seen = new Set(['global']);
+        const channels = await this.ctx.database.get('channel', {}, ['id', 'platform', 'guildId']);
+        for (const channel of channels) {
+            const guildId = channel.guildId || channel.id;
+            if (!channel.platform || !guildId)
+                continue;
+            const id = `guild:${channel.platform}:${guildId}`;
+            if (seen.has(id))
+                continue;
+            seen.add(id);
+            scopes.push({
+                id,
+                name: `${channel.platform}:${guildId}`,
+                type: 'guild',
+            });
+        }
+        return scopes;
+    }
+    async getConsoleData() {
+        const [roles, commands, policies, members, scopes] = await Promise.all([
+            this.listRoles(),
+            this.listCommands({ all: true }),
+            this.listPolicies(),
+            this.listMembers(),
+            this.listScopes(),
+        ]);
+        const globalAllow = new Set(policies
+            .filter(policy => policy.scope === 'global' && policy.state === 'allow')
+            .map(policy => `${policy.roleId}:${policy.commandId}`));
+        return {
+            roles: roles.map(role => ({
+                ...role,
+                allowCount: role.id === 'bot-admin'
+                    ? commands.filter(command => command.status !== 'disabled').length
+                    : commands.filter(command => globalAllow.has(`${role.id}:${command.id}`)).length,
+            })),
+            commands: commands.map(command => ({
+                ...command,
+                suggestion: getLegacySuggestion(command.legacyAuthority),
+                autoAssign: this.getAutoAssignSuggestion(command),
+            })),
+            policies,
+            members,
+            scopes,
+            pendingCount: commands.filter(command => command.status === 'pending').length,
+            autoAssignAvailable: true,
+        };
+    }
     async addBotAdmin(uid) {
         const parsed = parseUid(uid);
         await this.ensureRoleMember('bot-admin', parsed.platform, parsed.userId, 'global');
@@ -338,6 +398,18 @@ class NewAuthService {
             scope,
         });
     }
+    async copyRolePolicies(sourceRoleId, targetRoleId, scope = 'global') {
+        await this.ensureRoleExists(sourceRoleId);
+        await this.ensureRoleExists(targetRoleId);
+        const policies = await this.ctx.database.get('new_auth_policy', {
+            scope,
+            roleId: sourceRoleId,
+        });
+        for (const policy of policies) {
+            await this.setPolicy(scope, targetRoleId, policy.commandId, policy.state);
+        }
+        return policies.length;
+    }
     async setCommandStatus(input, status) {
         const command = await this.resolveCommandInput(input);
         await this.ctx.database.set('new_auth_command', command.id, {
@@ -347,6 +419,15 @@ class NewAuthService {
         this.commandCache.delete(command.id);
         return command;
     }
+    async setCommandGuildOverride(input, allowGuildOverride) {
+        const command = await this.resolveCommandInput(input);
+        await this.ctx.database.set('new_auth_command', command.id, {
+            allowGuildOverride,
+            updatedAt: new Date(),
+        });
+        this.commandCache.delete(command.id);
+        return command;
+    }
     async setCommandPolicy(scope, roleId, input, state) {
         const command = await this.resolveCommandInput(input);
         await this.setPolicy(scope, roleId, command.id, state);
@@ -355,6 +436,24 @@ class NewAuthService {
         }
         return command;
     }
+    async applySuggestedPolicy(input, scope = 'global', mode = 'legacy') {
+        const command = await this.resolveCommandInput(input);
+        const suggestion = mode === 'advisor'
+            ? this.getAutoAssignSuggestion(command)
+            : getLegacySuggestion(command.legacyAuthority);
+        await this.applyRolesToCommand(scope, command.id, suggestion.roles);
+        if (command.status === 'pending') {
+            await this.setCommandStatus(command.id, 'configured');
+        }
+        return command;
+    }
+    async autoAssignPending(scope = 'global', mode = 'advisor') {
+        const commands = await this.listCommands({ pending: true });
+        for (const command of commands) {
+            await this.applySuggestedPolicy(command.id, scope, mode);
+        }
+        return commands.length;
+    }
     async getCommand(input) {
         const cached = this.commandCache.get(input);
         if (cached)
@@ -382,6 +481,15 @@ class NewAuthService {
             }
         }
     }
+    async applyRolesToCommand(scope, commandId, roleIds) {
+        const roles = await this.listRoles();
+        const knownRoles = new Set(roles.map(role => role.id));
+        for (const roleId of roleIds) {
+            if (!knownRoles.has(roleId))
+                continue;
+            await this.setPolicy(scope, roleId, commandId, 'allow');
+        }
+    }
     createCommandRecord(command, now) {
         const plugin = inferPlugin(command);
         const legacyAuthority = inferLegacyAuthority(command);
@@ -444,16 +552,84 @@ class NewAuthService {
         });
         return global?.state ?? 'inherit';
     }
+    getAutoAssignSuggestion(command) {
+        const text = normalizeKey([
+            command.commandPath,
+            command.name,
+            command.plugin,
+            command.description,
+            command.aliases.join(' '),
+        ].join(' '));
+        const dangerous = [
+            'plugin', 'market', 'install', 'uninstall', 'reload', 'restart',
+            'config', 'database', 'db', 'file', 'delete', 'remove', 'exec',
+            'eval', 'shell', 'token', 'env', 'broadcast',
+            '插件', '市场', '安装', '卸载', '重载', '重启', '配置', '数据库',
+            '文件', '删除', '执行', '脚本', '令牌', '环境变量', '广播',
+        ];
+        if (dangerous.some(keyword => text.includes(keyword))) {
+            return {
+                kind: 'admin',
+                roles: ['bot-admin'],
+                label: '仅 Bot 管理员',
+                reason: '命中实例级或高危操作关键词。',
+            };
+        }
+        const moderation = [
+            'ban', 'mute', 'kick', 'warn', 'recall', 'approve', 'blacklist',
+            '禁言', '踢', '封禁', '警告', '撤回', '审核', '黑名单',
+        ];
+        if (moderation.some(keyword => text.includes(keyword))) {
+            return {
+                kind: 'moderation',
+                roles: ['guild-admin', 'guild-owner'],
+                label: '群管理员和群主',
+                reason: '命中群管理操作关键词。',
+            };
+        }
+        const ownerOnly = ['welcome', 'setting', 'notice', 'announce', '欢迎', '公告', '群设置'];
+        if (ownerOnly.some(keyword => text.includes(keyword))) {
+            return {
+                kind: 'owner',
+                roles: ['guild-owner'],
+                label: '群主',
+                reason: '更适合群主进行群内自治配置。',
+            };
+        }
+        const publicUse = [
+            'help', 'sign', 'rank', 'weather', 'search', 'music', 'play', 'query',
+            '帮助', '签到', '排行', '天气', '搜索', '点歌', '播放', '查询',
+        ];
+        if (publicUse.some(keyword => text.includes(keyword))) {
+            return {
+                kind: 'public',
+                roles: ['guild-member', 'guild-admin', 'guild-owner'],
+                label: '群成员及以上',
+                reason: '命中普通用户功能关键词。',
+            };
+        }
+        const fallback = getLegacySuggestion(command.legacyAuthority);
+        return {
+            kind: 'legacy',
+            roles: fallback.roles,
+            label: fallback.label,
+            reason: '未命中明确语义，回退到旧 authority 建议。',
+        };
+    }
     async ensureRoleMember(roleId, platform, userId, scope) {
-        const [role] = await this.ctx.database.get('new_auth_role', { id: roleId });
-        if (!role)
-            throw new Error(`role not found: ${roleId}`);
+        await this.ensureRoleExists(roleId);
         const query = { roleId, platform, userId, scope };
         const [existing] = await this.ctx.database.get('new_auth_role_member', query);
         if (!existing) {
             await this.ctx.database.create('new_auth_role_member', { ...query, createdAt: new Date() });
         }
     }
+    async ensureRoleExists(roleId) {
+        const [role] = await this.ctx.database.get('new_auth_role', { id: roleId });
+        if (!role)
+            throw new Error(`role not found: ${roleId}`);
+        return role;
+    }
     hasPlatformRole(session, roleNames) {
         const values = new Set();
         const author = session.author;
@@ -486,6 +662,66 @@ class NewAuthService {
     }
 }
 exports.NewAuthService = NewAuthService;
+function createConsoleServiceClass() {
+    const { DataService } = require('@koishijs/plugin-console');
+    return class NewAuthConsoleDataService extends DataService {
+        constructor(ctx) {
+            super(ctx, 'newauth', {
+                immediate: true,
+                authority: 4,
+            });
+        }
+        async get(_forced, _client) {
+            return this.ctx.newauth.getConsoleData();
+        }
+    };
+}
+function registerConsole(ctx, service) {
+    ctx.console.addEntry({
+        dev: (0, path_1.resolve)(__dirname, '../client/index.ts'),
+        prod: (0, path_1.resolve)(__dirname, '../dist'),
+    });
+    ctx.plugin(createConsoleServiceClass());
+    const ok = async (task) => {
+        await task;
+        ctx.console.refresh('newauth');
+        return { success: true };
+    };
+    ctx.console.addListener('newauth/getData', async () => {
+        return service.getConsoleData();
+    }, { authority: 4 });
+    ctx.console.addListener('newauth/setPolicy', async (payload) => {
+        return ok(service.setCommandPolicy(payload.scope, payload.roleId, payload.commandId, payload.state));
+    }, { authority: 4 });
+    ctx.console.addListener('newauth/setCommandStatus', async (payload) => {
+        return ok(service.setCommandStatus(payload.commandId, payload.status));
+    }, { authority: 4 });
+    ctx.console.addListener('newauth/setGuildOverride', async (payload) => {
+        return ok(service.setCommandGuildOverride(payload.commandId, payload.allowGuildOverride));
+    }, { authority: 4 });
+    ctx.console.addListener('newauth/applySuggestion', async (payload) => {
+        return ok(service.applySuggestedPolicy(payload.commandId, payload.scope, payload.mode));
+    }, { authority: 4 });
+    ctx.console.addListener('newauth/autoAssignPending', async (payload = {}) => {
+        const count = await service.autoAssignPending(payload.scope, payload.mode);
+        ctx.console.refresh('newauth');
+        return { success: true, count };
+    }, { authority: 4 });
+    ctx.console.addListener('newauth/createRole', async (payload) => {
+        return ok(service.createCustomRole(payload.id, payload.name, payload.scopeType));
+    }, { authority: 4 });
+    ctx.console.addListener('newauth/addMember', async (payload) => {
+        return ok(service.addRoleMember(payload.roleId, payload.uid, payload.scope));
+    }, { authority: 4 });
+    ctx.console.addListener('newauth/removeMember', async (payload) => {
+        return ok(service.removeRoleMember(payload.roleId, payload.uid, payload.scope));
+    }, { authority: 4 });
+    ctx.console.addListener('newauth/copyRolePolicies', async (payload) => {
+        const count = await service.copyRolePolicies(payload.sourceRoleId, payload.targetRoleId, payload.scope);
+        ctx.console.refresh('newauth');
+        return { success: true, count };
+    }, { authority: 4 });
+}
 function registerManagementCommands(ctx, config, service) {
     const authority = config.legacyAdminAuthority;
     ctx.command('newauth', '管理新权限系统', { authority })
@@ -575,6 +811,11 @@ function registerManagementCommands(ctx, config, service) {
         await service.removeRoleMember(roleId, uid, scope);
         return `已移除成员：${roleId} ${uid} ${scope}`;
     });
+    ctx.command('newauth.role.copy <sourceRoleId> <targetRoleId> [scope]', '复制角色权限', { authority })
+        .action(async (_, sourceRoleId, targetRoleId, scope = 'global') => {
+        const count = await service.copyRolePolicies(sourceRoleId, targetRoleId, scope);
+        return `已复制 ${count} 条策略：${sourceRoleId} -> ${targetRoleId} (${scope})`;
+    });
 }
 function inferLegacyAuthority(command) {
     if (typeof command.config.authority === 'number')
@@ -586,6 +827,36 @@ function inferLegacyAuthority(command) {
     }
     return 1;
 }
+function getLegacySuggestion(authority) {
+    if (authority <= 0) {
+        return {
+            roles: ['guest', 'guild-member', 'guild-admin', 'guild-owner'],
+            label: '访客/群成员及以上',
+        };
+    }
+    if (authority === 1) {
+        return {
+            roles: ['guild-member', 'guild-admin', 'guild-owner'],
+            label: '群成员及以上',
+        };
+    }
+    if (authority === 2) {
+        return {
+            roles: ['guild-admin', 'guild-owner'],
+            label: '群管理员及以上',
+        };
+    }
+    if (authority === 3) {
+        return {
+            roles: ['guild-owner'],
+            label: '群主',
+        };
+    }
+    return {
+        roles: ['bot-admin'],
+        label: '仅 Bot 管理员',
+    };
+}
 function inferPlugin(command) {
     const source = command.caller?.scope || command.ctx?.scope;
     const plugin = source?.plugin?.name || source?.uid || source?.id || 'unknown';

package/package.json CHANGED Viewed

@@ -1,16 +1,19 @@
 {
   "name": "koishi-plugin-new-auth",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "description": "Role and scope based command permission layer for Koishi.",
   "main": "lib/index.js",
   "types": "lib/index.d.ts",
   "files": [
     "lib",
+    "dist",
     "README.md",
     "newauth.md"
   ],
   "scripts": {
-    "build": "tsc -p tsconfig.json",
+    "build": "npm run build:server && npm run build:client",
+    "build:server": "tsc -p tsconfig.json",
+    "build:client": "node scripts/build-client.mjs",
     "typecheck": "tsc -p tsconfig.json --noEmit",
     "prepack": "npm run build"
   },
@@ -23,9 +26,17 @@
   ],
   "license": "MIT",
   "peerDependencies": {
+    "@koishijs/plugin-console": "^5.30.0",
     "koishi": "^4.18.0"
   },
+  "peerDependenciesMeta": {
+    "@koishijs/plugin-console": {
+      "optional": true
+    }
+  },
   "devDependencies": {
+    "@koishijs/client": "^5.30.11",
+    "@koishijs/plugin-console": "^5.30.11",
     "@types/node": "^22.0.0",
     "koishi": "4.18.11",
     "typescript": "^5.8.0"