ltcai 0.1.19 → 0.1.22

package/README.md

@@ -14,10 +14,10 @@ Lattice AI는 개인 개발자가 로컬 모델, 클라우드 모델, 에이전
 
 ### 현재 배포 버전
 
-- `PyPI`: `ltcai==0.1.18`
-- `npm`: `ltcai@0.1.18`
-- `VS Code Marketplace`: `parktaesoo.ltcai@0.1.18`
-- `Open VSX`: `parktaesoo.ltcai@0.1.18`
+- `PyPI`: `ltcai==0.1.22`
+- `npm`: `ltcai@0.1.22`
+- `VS Code Marketplace`: `parktaesoo.ltcai@0.1.22`
+- `Open VSX`: `parktaesoo.ltcai@0.1.22`
 
 ### 왜 Lattice AI인가
 
@@ -126,6 +126,7 @@ LATTICEAI_TELEGRAM_BOT_TOKEN=your-token LTCAI
 | 기능 | 설명 |
 |------|------|
 | **웹 UI** | 반응형 채팅 + 어드민 패널 + 그래프 시각화 |
+| **Auto Setup Wizard** | 구성요소 감지 → 공식 다운로드 연결 → 설치 감지 → PATH/env 세팅 → 동작 테스트 → 자동 복구 |
 | **VS Code / Cursor 확장** | 채팅, Edit Selection, Diff 뷰, 파일 첨부 |
 | **Telegram 봇** | 로컬 AI 미러 + Codex 클라우드 봇 |
 | **MCP 서버** | Claude Desktop / Cursor에서 직접 도구 사용 |
@@ -214,11 +215,13 @@ docker run --rm -p 4825:4825 \
 ## 보안
 
 - **바인딩**: 기본 `127.0.0.1:4825` (로컬 전용) — 같은 Wi-Fi 기기 접근 허용 시 `LATTICEAI_HOST=0.0.0.0` 설정
-- **인증**: 모든 민감 엔드포인트 로그인 세션 필요 (`REQUIRE_AUTH=true` 기본)
+- **인증**: 퍼블릭 모드 또는 `0.0.0.0` 등 네트워크 노출 호스트에서는 로그인 세션이 기본으로 필요합니다
 - **세션**: 24시간 TTL + sliding refresh, 서버 디스크 저장 (재시작 후에도 유지)
-- **CORS**: 기본 localhost만 허용 — 외부 허용 시 `LATTICEAI_CORS_ALLOW_NETWORK=true`
+- **CORS**: 기본 localhost만 허용 — 외부 브라우저 origin은 `LATTICEAI_CORS_ALLOWED_ORIGINS`에 명시
 - **API 키**: OS keyring/Keychain 저장 (평문 미저장)
-- **쿠키**: `HttpOnly + SameSite=Lax` (CSRF 방어)
+- **쿠키**: `HttpOnly + SameSite=Lax` (세션 토큰은 localStorage에 저장하지 않음)
+- **로컬 파일 접근**: list/read/write/preview는 서버 발급 approval token으로 경로·사용자·작업 범위를 검증하고, 웹 UI 또는 Discord permission flow에서 승인 후 실행
+- **채팅 경로 자동 읽기**: 기본 OFF. `LATTICEAI_AUTO_READ_CHAT_PATHS=true`로 명시한 경우에만 `/path` 또는 `~/path` 내용을 모델 컨텍스트에 주입
 - **Rate limit**: `/chat` 30/분, `/agent` 6/분, `/upload` 12/분 (per user)
 - **파일 업로드**: magic-number 시그니처 검증 (확장자 위조 차단)
 - **텔레메트리**: 없음. 모든 데이터는 로컬(`~/.ltcai/`)에만 저장됩니다.
@@ -251,7 +254,7 @@ docker run --rm -p 4825:4825 \
 
 ### 릴리스 체크
 
-`0.1.17 릴리스는 아래 네 채널을 동일 버전으로 맞춥니다.
+`0.1.22` 릴리스는 아래 네 채널을 동일 버전으로 맞춥니다.
 
 - `npm`
 - `PyPI`
@@ -368,7 +371,7 @@ launchctl load ~/Library/LaunchAgents/com.ltcai.plist
 
 ## 릴리스 노트
 
-현재 버전: **0.1.18** — 자세한 변경 이력은 [docs/CHANGELOG.md](docs/CHANGELOG.md) 참고.
+현재 버전: **0.1.22** — 자세한 변경 이력은 [docs/CHANGELOG.md](docs/CHANGELOG.md) 참고.
 
 ## 라이선스
 

package/bin/ltcai.js

@@ -12,6 +12,33 @@ const managedPython = process.platform === "win32"
   ? path.join(managedVenv, "Scripts", "python.exe")
   : path.join(managedVenv, "bin", "python");
 
+function loadDotEnv(file) {
+  if (!fs.existsSync(file)) return;
+  for (const rawLine of fs.readFileSync(file, "utf8").split(/\r?\n/)) {
+    const line = rawLine.trim();
+    if (!line || line.startsWith("#") || !line.includes("=")) continue;
+    const index = line.indexOf("=");
+    const key = line.slice(0, index).trim();
+    const value = line.slice(index + 1).trim().replace(/^["']|["']$/g, "");
+    if (key && process.env[key] === undefined) process.env[key] = value;
+  }
+}
+
+function applyExtraPath() {
+  const extra = process.env.LATTICEAI_EXTRA_PATH;
+  if (!extra) return;
+  const sep = path.delimiter;
+  const current = (process.env.PATH || "").split(sep).filter(Boolean);
+  for (const item of extra.split(sep).filter(Boolean).reverse()) {
+    const expanded = item.replace(/^~(?=$|\/|\\)/, os.homedir());
+    if (fs.existsSync(expanded) && !current.includes(expanded)) current.unshift(expanded);
+  }
+  process.env.PATH = current.join(sep);
+}
+
+loadDotEnv(path.join(root, ".env"));
+applyExtraPath();
+
 function runSync(cmd, args, options = {}) {
   const result = spawnSync(cmd, args, { stdio: "inherit", ...options });
   return result.status === 0;

package/docs/CHANGELOG.md

@@ -1,12 +1,89 @@
 # Changelog
 
-## [0.1.19] - 2026-05-23
+## [0.1.22] - 2026-05-24
 
-### Publisher 변경
+### Release preparation
 
-- VS Code extension publisher `parktaesoo` → `TaeSooPark-PTS` 로 변경
-- Extension ID: `parktaesoo.ltcai` → `TaeSooPark-PTS.ltcai`
-- Open VSX namespace 통일 (`TaeSooPark-PTS`)
+- 배포 버전을 `0.1.22`로 상향
+  - `package.json`
+  - `pyproject.toml`
+  - `vscode-extension/package.json`
+- README 현재 배포 버전과 릴리스 체크 섹션을 `0.1.22` 기준으로 갱신
+- npm / PyPI / VS Code Marketplace / Open VSX 배포 전 빌드 산출물 생성
+
+### Verification
+
+- Python compile check 통과
+- unit tests 통과
+- root npm package 생성
+- Python wheel / sdist 생성
+- VS Code / Open VSX용 VSIX 생성
+
+## [0.1.21] - 2026-05-24
+
+### Setup Wizard — 자동 설치 · 연결 · 검증 · 복구
+
+- **구성요소 자동 감지** — Homebrew, Python, Git, Node/npm, Ollama, LM Studio, Tesseract, MLX 계열 탐지
+  - `COMMON_PATH_DIRS` 확장: `/opt/homebrew/bin`, `~/.local/bin`, `~/.latticeai/bin` 등 자동 포함
+  - `PACKAGE_MODULES` 맵으로 pip 패키지 → import 이름 변환 (mlx-lm, mlx-vlm, openai-whisper 등)
+- **공식 다운로드 연결** — 자동 설치 실패 시 OS별 공식 페이지(`OFFICIAL_DOWNLOADS`) 자동 오픈
+- **설치 완료 자동 감지** — binary / Python 모듈 재탐색 폴링으로 설치 완료 감지
+- **환경 변수 / PATH 자동 세팅** — PATH 누락 디렉토리를 `.env`의 `LATTICEAI_EXTRA_PATH`에 자동 저장
+  - `_update_env_file()` 헬퍼로 `.env` 파일 안전 갱신 (중복 없이 key 업데이트)
+- **동작 테스트** — binary는 `--version`, Python 패키지는 `import` smoke test
+- **실패 시 자동 복구** — PATH 재보정, pip 재시도, brew 실패 시 공식 다운로드 fallback
+
+### 보안 강화 — 로컬 파일 접근 승인 시스템
+
+- **토큰 기반 로컬 파일 승인** — `_local_permission_response()` / `_require_local_approval()`
+  - 5분(300초) TTL 만료 토큰으로 read / write / list 각 액션을 별도 승인
+  - write 승인 시 `content_hash`(SHA-256)로 내용 위변조 방지
+  - 만료 토큰 자동 정리(lazy GC)
+  - Discord permission monitor 또는 웹 UI 승인 후에만 토큰 활성화
+- **로컬 파일 미리보기 보호** — `/local/serve`, `/tools/read_document`, `/tools/pdf_pages`도 서버 발급 approval token 없이는 로컬 절대 경로를 열지 않도록 변경
+- **workspace 정적 노출 제거** — `/agent-files` `StaticFiles` mount 제거, 인증이 있는 다운로드 라우트만 사용
+- **세션 토큰 저장 강화** — 로그인 응답 body에서 bearer token 제거, 웹 UI는 HttpOnly cookie 기반 인증만 사용
+  - `static/account.html`, `static/chat.html`, `static/admin.html`, `static/graph.html`의 `localStorage` 세션 토큰 의존 제거
+- **loopback 감지** — `_host_is_loopback()` + `ipaddress` 표준 라이브러리로 네트워크 노출 여부 판단
+  - `REQUIRE_AUTH` 기본값: 퍼블릭 모드 또는 네트워크 노출 시 `true` 자동 적용
+  - `OPEN_REGISTRATION`: 네트워크 노출/퍼블릭 모드에서 기본 `false` (초대 코드 필요)
+- **CORS 세밀 제어** — wildcard credential CORS 대신 `LATTICEAI_CORS_ALLOWED_ORIGINS` 환경변수로 허용 출처 추가 설정 가능
+- **파일 자동 주입(opt-in)** — `LATTICEAI_AUTO_READ_CHAT_PATHS=true` 설정 시에만 채팅 메시지의 로컬 경로를 컨텍스트에 주입 (기본 OFF — 클라우드 모델 파일 누출 방지)
+
+### 어드민 대시보드 — Audit & Data Governance
+
+- **감사 로그 섹션** — 사용자별 AI 사용량, 업로드 문서 수, 민감정보 감지, clear/delete 이벤트, 최근 감사 이벤트 표시
+- **데이터 보존 정책** — `/clear`, `/clear_all`, 대화 삭제는 화면 정리만 수행; Data Graph / RAG / 감사 로그는 보존
+  - clear 동작을 `ClearEvent` 노드로 그래프에 기록 (언제 누가 clear 했는지 감사 추적)
+- **민감정보 검사** — 문서 업로드 텍스트를 감사 로그에 기록
+
+### Graph RAG / Data Graph
+
+- **한국어 단어 검색 개선** — 2글자 키워드(`문서`, `모델` 등) RAG 검색 누락 문제 수정
+- **`graph.html` 독립 페이지 유지** — 채팅 사이드바 `Data Graph` 버튼으로 연결, New Chat 버튼은 대화 검색 아래로 이동
+
+### CLI / Node.js 래퍼
+
+- `ltcai_cli.py` — `doctor` 명령어에 확장된 구성요소 탐지 통합
+- `bin/ltcai.js` — Node.js 래퍼 PATH 보정 로직 개선
+
+### 테스트
+
+- `tests/unit/test_security.py` — loopback 감지, 로컬 파일 접근 approval token, write content hash 검증 추가
+- `tests/unit/test_setup_wizard.py` — 자동 설정 구성요소 감지와 PATH 보정 검증 추가
+
+### 환경변수 추가 (`.env.example`)
+
+| 변수 | 기본값 | 설명 |
+|------|--------|------|
+| `LATTICEAI_AUTO_READ_CHAT_PATHS` | `false` | 채팅 메시지 내 로컬 경로 자동 주입 |
+| `LATTICEAI_CORS_ALLOWED_ORIGINS` | `` | 추가 허용 CORS 출처 (콤마 구분) |
+| `LATTICEAI_EXTRA_PATH` | `` | 추가 PATH 디렉토리 (Setup Wizard 자동 기록) |
+
+## [0.1.20] - 2026-05-23
+
+### Release
+- 배포 버전을 `0.1.19`로 상향
 - 대상 채널: `npm` · `PyPI` · `VS Code Marketplace` · `Open VSX`
 
 ## [0.1.18] - 2026-05-23

package/ltcai_cli.py

@@ -18,6 +18,32 @@ import urllib.request
 from pathlib import Path
 
 
+def _load_env_file(path: Path) -> None:
+    if not path.exists():
+        return
+    for raw_line in path.read_text(encoding="utf-8").splitlines():
+        line = raw_line.strip()
+        if not line or line.startswith("#") or "=" not in line:
+            continue
+        key, value = line.split("=", 1)
+        key = key.strip()
+        value = value.strip().strip('"').strip("'")
+        if key and key not in os.environ:
+            os.environ[key] = value
+
+
+def _apply_extra_path() -> None:
+    extra = os.getenv("LATTICEAI_EXTRA_PATH", "")
+    if not extra:
+        return
+    current = [p for p in os.environ.get("PATH", "").split(os.pathsep) if p]
+    for item in reversed([p for p in extra.split(os.pathsep) if p]):
+        expanded = str(Path(item).expanduser())
+        if Path(expanded).exists() and expanded not in current:
+            current.insert(0, expanded)
+    os.environ["PATH"] = os.pathsep.join(current)
+
+
 def _has_module(name: str) -> bool:
     return importlib.util.find_spec(name) is not None
 
@@ -200,6 +226,10 @@ def _start_tunnel(port: int) -> str | None:
 # ─────────────────────────────────────────────────────────────────────────────
 
 def main() -> None:
+    app_dir = Path(__file__).resolve().parent
+    _load_env_file(app_dir / ".env")
+    _apply_extra_path()
+
     parser = argparse.ArgumentParser(prog="LTCAI", description="Run the Lattice AI local server.")
     subparsers = parser.add_subparsers(dest="command")
     subparsers.add_parser("doctor", help="Check local runtime dependencies and configuration.")
@@ -216,7 +246,6 @@ def main() -> None:
     if args.command == "doctor":
         raise SystemExit(doctor())
 
-    app_dir = Path(__file__).resolve().parent
     os.chdir(app_dir)
 
     # --tunnel forces 0.0.0.0 so cloudflared can reach the server

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ltcai",
-  "version": "0.1.19",
+  "version": "0.1.22",
   "description": "Lattice AI local MLX/cloud LLM workspace server",
   "homepage": "https://github.com/TaeSooPark-PTS/LatticeAI#readme",
   "repository": {

package/server.py

@@ -22,6 +22,7 @@ import tempfile
 import time
 import urllib.error
 import urllib.request
+import ipaddress
 from contextlib import asynccontextmanager
 from pathlib import Path
 
@@ -170,14 +171,28 @@ if APP_MODE not in {"local", "public"}:
 IS_PUBLIC_MODE = APP_MODE == "public"
 DEFAULT_HOST = env_value("LATTICEAI_HOST", "127.0.0.1")
 DEFAULT_PORT = int(env_value("LATTICEAI_PORT", "4825"))
+def _host_is_loopback(host: str) -> bool:
+    if host in {"localhost", "127.0.0.1", "::1"}:
+        return True
+    try:
+        return ipaddress.ip_address(host).is_loopback
+    except ValueError:
+        return False
+
+NETWORK_EXPOSED = not _host_is_loopback(DEFAULT_HOST)
 ENABLE_TELEGRAM = env_bool("LATTICEAI_ENABLE_TELEGRAM", default=not IS_PUBLIC_MODE)
 ENABLE_GRAPH    = env_bool("LATTICEAI_ENABLE_GRAPH",    default=True)
 AUTOLOAD_MODELS = env_bool("LATTICEAI_AUTOLOAD_MODELS", default=IS_PUBLIC_MODE)
 MODEL_IDLE_UNLOAD_SECONDS = int(env_value("LATTICEAI_MODEL_IDLE_UNLOAD_SECONDS", "0"))
 ALLOW_LOCAL_MODELS = env_bool("LATTICEAI_ALLOW_LOCAL_MODELS", default=not IS_PUBLIC_MODE)
-REQUIRE_AUTH = env_bool("LATTICEAI_REQUIRE_AUTH", default=IS_PUBLIC_MODE)
+REQUIRE_AUTH = env_bool("LATTICEAI_REQUIRE_AUTH", default=IS_PUBLIC_MODE or NETWORK_EXPOSED)
 ALLOW_PLAINTEXT_API_KEYS = env_bool("LATTICEAI_ALLOW_PLAINTEXT_API_KEYS", default=False)
 CORS_ALLOW_NETWORK = env_bool("LATTICEAI_CORS_ALLOW_NETWORK", default=False)
+CORS_EXTRA_ORIGINS = [
+    item.strip()
+    for item in env_value("LATTICEAI_CORS_ALLOWED_ORIGINS", "").split(",")
+    if item.strip()
+]
 PUBLIC_MODEL = env_value("LATTICEAI_PUBLIC_MODEL", env_value("LATTICEAI_DEFAULT_MODEL", "openai:gpt-4o-mini"))
 LOCAL_MODEL = env_value("LATTICEAI_LOCAL_MODEL", "mlx-community/gemma-4-26b-a4b-it-4bit")
 LOCAL_DRAFT_MODEL = env_value("LATTICEAI_LOCAL_DRAFT_MODEL", "")
@@ -1928,9 +1943,16 @@ async def lifespan(app: FastAPI):
 
 app = FastAPI(title=f"Lattice AI Server ({APP_MODE})", version="2.1.0", lifespan=lifespan)
 
-CORS_ALLOWED_ORIGINS = ["http://localhost:4825", "http://127.0.0.1:4825"]
+CORS_ALLOWED_ORIGINS = [
+    f"http://localhost:{DEFAULT_PORT}",
+    f"http://127.0.0.1:{DEFAULT_PORT}",
+    *CORS_EXTRA_ORIGINS,
+]
 if CORS_ALLOW_NETWORK:
-    CORS_ALLOWED_ORIGINS = ["*"]
+    CORS_ALLOWED_ORIGINS = CORS_ALLOWED_ORIGINS + [
+        f"http://{DEFAULT_HOST}:{DEFAULT_PORT}",
+        f"https://{DEFAULT_HOST}:{DEFAULT_PORT}",
+    ]
 
 app.add_middleware(
     CORSMiddleware,
@@ -1948,9 +1970,8 @@ _ICONS_DIR = STATIC_DIR / "icons"
 if _ICONS_DIR.exists():
     app.mount("/icons", StaticFiles(directory=str(_ICONS_DIR)), name="icons")
 ensure_agent_root()
-app.mount("/agent-files", StaticFiles(directory=str(AGENT_ROOT)), name="agent-files")
 
-OPEN_REGISTRATION = env_bool("LATTICEAI_OPEN_REGISTRATION", default=True)
+OPEN_REGISTRATION = env_bool("LATTICEAI_OPEN_REGISTRATION", default=not NETWORK_EXPOSED and not IS_PUBLIC_MODE)
 
 @app.post("/register")
 async def register(req: UserRegister, request: Request):
@@ -1993,7 +2014,6 @@ async def login(req: UserLogin, request: Request):
         "email": req.email,
         "role": role,
         "is_admin": role == "admin",
-        "token": token,
     })
     response.set_cookie(key="session_token", value=token, httponly=True, samesite="lax", max_age=_SESSION_TTL)
     return response
@@ -2459,6 +2479,7 @@ _pending_agents_lock = threading.Lock()
 
 class ToolPathRequest(BaseModel):
     path: str = "."
+    approval_token: Optional[str] = None
 
 
 class ToolWriteFileRequest(BaseModel):
@@ -2556,12 +2577,14 @@ class ToolPdfRequest(BaseModel):
 class LocalAccessRequest(BaseModel):
     path: str
     approved: bool = False
+    approval_token: Optional[str] = None
 
 
 class LocalWriteRequest(BaseModel):
     path: str
     content: str
     approved: bool = False
+    approval_token: Optional[str] = None
 
 
 class McpCallRequest(BaseModel):
@@ -2588,7 +2611,7 @@ class ToolGitShowRequest(BaseModel):
 
 ENGINE_INSTALLERS = {
     "local_mlx": {
-        "command": [sys.executable, "-m", "pip", "install", "-r", "requirements.txt"],
+        "command": [sys.executable, "-m", "pip", "install", "--upgrade", "mlx-lm", "mlx-vlm", "huggingface_hub[cli]"],
         "label": "Install MLX runtime",
     },
     "openai": {
@@ -3980,18 +4003,19 @@ async def chat(req: ChatRequest, request: Request):
         if screenshot_context:
             context += f"\n\n{screenshot_context}"
 
-    # 메시지 안에 절대 경로나 ~/... 경로가 있으면 자동으로 파일 읽어서 컨텍스트 주입
-    _file_path_re = re.compile(r'(?:^|[\s\'\"(])((~|/[\w.])[^\s\'")\]]*)', re.MULTILINE)
-    for _m in _file_path_re.finditer(req.message or ""):
-        _fpath = _m.group(1).strip()
-        try:
-            _result = local_read(_fpath)
-            _fcontent = _result.get("content", "")
-            if _fcontent:
-                context += f"\n\n[FILE: {_fpath}]\n```\n{_fcontent[:6000]}\n```"
-                print(f"📂 Auto-injected file context: {_fpath}")
-        except Exception:
-            pass
+    if env_bool("LATTICEAI_AUTO_READ_CHAT_PATHS", default=False):
+        # Off by default: automatic local-file injection can leak files to cloud models.
+        _file_path_re = re.compile(r'(?:^|[\s\'\"(])((~|/[\w.])[^\s\'")\]]*)', re.MULTILINE)
+        for _m in _file_path_re.finditer(req.message or ""):
+            _fpath = _m.group(1).strip()
+            try:
+                _result = local_read(_fpath)
+                _fcontent = _result.get("content", "")
+                if _fcontent:
+                    context += f"\n\n[FILE: {_fpath}]\n```\n{_fcontent[:6000]}\n```"
+                    print(f"📂 Auto-injected file context: {_fpath}")
+            except Exception:
+                pass
 
     history_message = f"{req.message}\n[Image attached]" if req.image_data else req.message
     save_to_history("user", history_message, source=req.source or "web", conversation_id=req.conversation_id, **history_user)
@@ -5313,14 +5337,17 @@ async def tools_create_pdf(req: ToolPdfRequest, request: Request):
 
 @app.post("/tools/read_document")
 async def tools_read_document(req: ToolPathRequest, request: Request):
-    require_user(request)
+    current_user = require_user(request)
+    if Path(req.path).expanduser().is_absolute():
+        _require_local_approval(token=req.approval_token, path=req.path, action="read", user_email=current_user)
     return _tool_response(read_document, req.path)
 
 
 @app.get("/tools/pdf_pages")
-async def tools_pdf_pages(path: str, request: Request):
+async def tools_pdf_pages(path: str, request: Request, approval_token: Optional[str] = None):
     """Render PDF pages as base64 PNG images using PyMuPDF."""
-    require_user(request)
+    current_user = require_user(request)
+    _require_local_approval(token=approval_token, path=path, action="read", user_email=current_user)
     target = Path(path).expanduser().resolve()
     if not target.exists() or not target.is_file():
         raise HTTPException(status_code=404, detail="File not found")
@@ -5444,36 +5471,329 @@ _PERMISSION_ACTION_LABELS = {
     "write": "파일 쓰기",
 }
 
-def _local_permission_response(path: str, action: str) -> dict:
+_LOCAL_APPROVAL_TTL_SECONDS = 5 * 60
+_local_approval_lock = threading.Lock()
+_local_approvals: Dict[str, Dict[str, object]] = {}
+
+# Discord bot / webhook settings for permission notifications (optional)
+DISCORD_PERMISSION_WEBHOOK_URL = env_value("LATTICEAI_DISCORD_PERMISSION_WEBHOOK", "")
+DISCORD_BOT_TOKEN = env_value("LATTICEAI_DISCORD_BOT_TOKEN", "")
+DISCORD_PERMISSION_CHANNEL = env_value("LATTICEAI_DISCORD_PERMISSION_CHANNEL", "")
+
+# Secret token that allows permission monitor script to call approve/deny endpoints
+# without an admin user session (used by perm_monitor.py).
+PERMISSION_MONITOR_SECRET = env_value("LATTICEAI_PERMISSION_SECRET", "")
+
+# Local queue file — written by server, read by perm_monitor.py
+_PERM_QUEUE_FILE = DATA_DIR / "permission_queue.json"
+
+
+def _perm_queue_write(token: str, record: Dict[str, object]) -> None:
+    """Append a permission request to the local queue file for the monitor script."""
+    try:
+        queue: Dict = {}
+        if _PERM_QUEUE_FILE.exists():
+            try:
+                queue = json.loads(_PERM_QUEUE_FILE.read_text(encoding="utf-8"))
+            except Exception:
+                queue = {}
+        queue[token] = {**record, "notified": False}
+        _PERM_QUEUE_FILE.write_text(json.dumps(queue, ensure_ascii=False, indent=2), encoding="utf-8")
+    except Exception as exc:
+        logging.warning("perm_queue_write failed: %s", exc)
+
+
+def _perm_queue_remove(token: str) -> None:
+    """Remove a token from the queue file after approval or denial."""
+    try:
+        if not _PERM_QUEUE_FILE.exists():
+            return
+        queue: Dict = json.loads(_PERM_QUEUE_FILE.read_text(encoding="utf-8"))
+        queue.pop(token, None)
+        _PERM_QUEUE_FILE.write_text(json.dumps(queue, ensure_ascii=False, indent=2), encoding="utf-8")
+    except Exception as exc:
+        logging.warning("perm_queue_remove failed: %s", exc)
+
+
+def _normalize_local_path_for_approval(path: str) -> str:
+    return str(Path(path).expanduser().resolve())
+
+
+def _content_fingerprint(content: str = "") -> str:
+    return hashlib.sha256(content.encode("utf-8")).hexdigest()
+
+
+def _notify_discord_permission_sync(token: str, path: str, action: str, user_email: str) -> None:
+    """Fire-and-forget Discord bot/webhook notification for permission requests."""
+    # Try Discord bot API first (sends to a specific channel), then fall back to webhook
+    sent = False
+    if DISCORD_BOT_TOKEN and DISCORD_PERMISSION_CHANNEL:
+        action_label = _PERMISSION_ACTION_LABELS.get(action, action)
+        expires_at_iso = time.strftime(
+            "%Y-%m-%d %H:%M:%S UTC",
+            time.gmtime(time.time() + _LOCAL_APPROVAL_TTL_SECONDS),
+        )
+        msg = (
+            f"🔐 **파일 접근 권한 요청**\n"
+            f"**경로:** `{path}`\n"
+            f"**작업:** {action_label}\n"
+            f"**요청자:** {user_email}\n"
+            f"**토큰:** `{token}`\n"
+            f"**만료:** {expires_at_iso}\n\n"
+            f"승인하려면 `승인 {token[:8]}` / 거부하려면 `거부 {token[:8]}` 라고 답장하세요."
+        )
+        payload = json.dumps({"content": msg}, ensure_ascii=False).encode("utf-8")
+        try:
+            req = urllib.request.Request(
+                f"https://discord.com/api/v10/channels/{DISCORD_PERMISSION_CHANNEL}/messages",
+                data=payload,
+                headers={
+                    "Content-Type": "application/json",
+                    "Authorization": f"Bot {DISCORD_BOT_TOKEN}",
+                },
+                method="POST",
+            )
+            with urllib.request.urlopen(req, timeout=5):
+                pass
+            sent = True
+        except Exception as exc:
+            logging.warning("Discord bot permission notify failed: %s", exc)
+
+    if not sent and DISCORD_PERMISSION_WEBHOOK_URL:
+        action_label = _PERMISSION_ACTION_LABELS.get(action, action)
+        expires_at_iso = time.strftime(
+            "%Y-%m-%d %H:%M:%S UTC",
+            time.gmtime(time.time() + _LOCAL_APPROVAL_TTL_SECONDS),
+        )
+        payload = json.dumps({
+            "embeds": [
+                {
+                    "title": "🔐 파일 접근 권한 요청",
+                    "color": 0xFF9900,
+                    "fields": [
+                        {"name": "경로", "value": f"`{path}`", "inline": False},
+                        {"name": "작업", "value": action_label, "inline": True},
+                        {"name": "요청자", "value": user_email, "inline": True},
+                        {"name": "토큰", "value": f"`{token}`", "inline": False},
+                        {"name": "만료", "value": expires_at_iso, "inline": True},
+                    ],
+                    "footer": {
+                        "text": (
+                            "승인: POST /permissions/approve/{token}  |  "
+                            "거부: POST /permissions/deny/{token}  |  "
+                            "목록: GET /permissions/pending"
+                        )
+                    },
+                }
+            ]
+        }, ensure_ascii=False).encode("utf-8")
+        try:
+            req = urllib.request.Request(
+                DISCORD_PERMISSION_WEBHOOK_URL,
+                data=payload,
+                headers={"Content-Type": "application/json"},
+                method="POST",
+            )
+            with urllib.request.urlopen(req, timeout=5):
+                pass
+        except Exception as exc:  # pylint: disable=broad-except
+            logging.warning("Discord permission webhook failed: %s", exc)
+
+
+def _local_permission_response(path: str, action: str, user_email: str, content: str = "") -> dict:
+    normalized = _normalize_local_path_for_approval(path)
+    token = secrets.token_urlsafe(24)
+    record: Dict[str, object] = {
+        "path": normalized,
+        "action": action,
+        "user_email": user_email,
+        "expires_at": time.time() + _LOCAL_APPROVAL_TTL_SECONDS,
+        # approved=False until user explicitly confirms (Discord, web UI, etc.)
+        "approved": False,
+    }
+    if action == "write":
+        record["content_hash"] = _content_fingerprint(content)
+    with _local_approval_lock:
+        _local_approvals[token] = record
+    # Write to local queue file — perm_monitor.py or Claude Code reads this
+    # and relays the notification to Discord via the Discord MCP plugin.
+    _perm_queue_write(token, record)
+    action_label = _PERMISSION_ACTION_LABELS.get(action, action)
     return {
         "permission_required": True,
         "path": path,
         "action": action,
-        "action_label": _PERMISSION_ACTION_LABELS.get(action, action),
-        "message": f"AI가 '{path}' 에 대한 {_PERMISSION_ACTION_LABELS.get(action, action)} 권한을 요청합니다.",
+        "action_label": action_label,
+        "approval_token": token,
+        "expires_in": _LOCAL_APPROVAL_TTL_SECONDS,
+        "message": f"AI가 '{path}' 에 대한 {action_label} 권한을 요청합니다.",
+        "check_status_url": f"/permissions/status/{token}",
+    }
+
+
+def _require_local_approval(
+    *,
+    token: Optional[str],
+    path: str,
+    action: str,
+    user_email: str,
+    content: str = "",
+) -> None:
+    if not token:
+        raise HTTPException(status_code=403, detail="파일 접근 승인 토큰이 필요합니다.")
+    normalized = _normalize_local_path_for_approval(path)
+    now = time.time()
+    with _local_approval_lock:
+        expired = [key for key, value in _local_approvals.items() if float(value.get("expires_at", 0)) < now]
+        for key in expired:
+            _local_approvals.pop(key, None)
+        record = _local_approvals.get(token)
+    if not record:
+        raise HTTPException(status_code=403, detail="파일 접근 승인이 만료되었거나 유효하지 않습니다.")
+    if not record.get("approved"):
+        raise HTTPException(status_code=403, detail="파일 접근이 아직 승인되지 않았습니다. Discord 또는 UI에서 승인해주세요.")
+    if record.get("user_email") != user_email:
+        raise HTTPException(status_code=403, detail="다른 사용자의 파일 접근 승인은 사용할 수 없습니다.")
+    if record.get("path") != normalized or record.get("action") != action:
+        raise HTTPException(status_code=403, detail="파일 접근 승인 범위가 일치하지 않습니다.")
+    if action == "write" and record.get("content_hash") != _content_fingerprint(content):
+        raise HTTPException(status_code=403, detail="승인된 파일 내용과 요청 내용이 다릅니다.")
+
+
+# ── Permission management endpoints ──────────────────────────────────────────
+
+@app.get("/permissions/pending")
+async def permissions_pending(request: Request):
+    """List all pending (not yet approved) permission requests. Admin only."""
+    require_admin(request)
+    now = time.time()
+    with _local_approval_lock:
+        result = {}
+        for tok, rec in list(_local_approvals.items()):
+            expires_at = float(rec.get("expires_at", 0))
+            if expires_at < now:
+                continue
+            result[tok] = {
+                "path": rec.get("path"),
+                "action": rec.get("action"),
+                "action_label": _PERMISSION_ACTION_LABELS.get(str(rec.get("action", "")), str(rec.get("action", ""))),
+                "user_email": rec.get("user_email"),
+                "approved": bool(rec.get("approved")),
+                "expires_in": round(expires_at - now),
+            }
+    return {"pending": result, "count": len(result)}
+
+
+def _check_permission_auth(request: Request, token: Optional[str] = None) -> None:
+    """Allow access if requester is admin OR presents the LATTICEAI_PERMISSION_SECRET.
+    Used by approve/deny endpoints so the permission monitor script can call them."""
+    # Check secret header first (monitor script path)
+    if PERMISSION_MONITOR_SECRET:
+        auth_header = request.headers.get("Authorization", "")
+        if auth_header == f"Bearer {PERMISSION_MONITOR_SECRET}":
+            return  # Authorized via secret
+    if token:
+        current_user = get_current_user(request)
+        with _local_approval_lock:
+            record = _local_approvals.get(token)
+        if current_user and record and record.get("user_email") == current_user:
+            return
+    # Fall back to admin session
+    require_admin(request)
+
+
+@app.post("/permissions/approve/{token}")
+async def permissions_approve(token: str, request: Request):
+    """Approve a pending permission request. Admin or permission-monitor secret.
+    Called by Discord (via Claude Code) or web UI after user confirmation."""
+    _check_permission_auth(request, token)
+    with _local_approval_lock:
+        record = _local_approvals.get(token)
+        if not record:
+            raise HTTPException(status_code=404, detail="토큰이 없거나 만료되었습니다.")
+        if float(record.get("expires_at", 0)) < time.time():
+            _local_approvals.pop(token, None)
+            raise HTTPException(status_code=410, detail="토큰이 만료되었습니다.")
+        record["approved"] = True
+    _perm_queue_remove(token)
+    logging.info(
+        "Permission approved: token=%s path=%s action=%s user=%s",
+        token, record.get("path"), record.get("action"), record.get("user_email"),
+    )
+    return {
+        "ok": True,
+        "token": token,
+        "path": record.get("path"),
+        "action": record.get("action"),
+        "user_email": record.get("user_email"),
+    }
+
+
+@app.post("/permissions/deny/{token}")
+async def permissions_deny(token: str, request: Request):
+    """Deny/revoke a pending permission request. Admin or permission-monitor secret."""
+    _check_permission_auth(request, token)
+    with _local_approval_lock:
+        record = _local_approvals.pop(token, None)
+    _perm_queue_remove(token)
+    if not record:
+        raise HTTPException(status_code=404, detail="토큰이 없거나 이미 처리되었습니다.")
+    logging.info(
+        "Permission denied: token=%s path=%s action=%s user=%s",
+        token, record.get("path"), record.get("action"), record.get("user_email"),
+    )
+    return {
+        "ok": True,
+        "denied": True,
+        "token": token,
+        "path": record.get("path"),
+        "action": record.get("action"),
+    }
+
+
+@app.get("/permissions/status/{token}")
+async def permissions_status(token: str, request: Request):
+    """Check approval status of a token. Used by AI agents to poll for approval."""
+    require_user(request)
+    now = time.time()
+    with _local_approval_lock:
+        record = _local_approvals.get(token)
+    if not record:
+        return {"status": "denied_or_expired", "token": token}
+    if float(record.get("expires_at", 0)) < now:
+        return {"status": "expired", "token": token}
+    if record.get("approved"):
+        return {"status": "approved", "token": token}
+    return {
+        "status": "pending",
+        "token": token,
+        "expires_in": round(float(record.get("expires_at", 0)) - now),
     }
 
 
 @app.post("/local/list")
 async def local_list_endpoint(req: LocalAccessRequest, request: Request):
-    require_user(request)
+    current_user = require_user(request)
     if not req.approved:
-        return _local_permission_response(req.path, "list")
+        return _local_permission_response(req.path, "list", current_user)
+    _require_local_approval(token=req.approval_token, path=req.path, action="list", user_email=current_user)
     return _tool_response(local_list, req.path)
 
 
 @app.post("/local/read")
 async def local_read_endpoint(req: LocalAccessRequest, request: Request):
-    require_user(request)
+    current_user = require_user(request)
     if not req.approved:
-        return _local_permission_response(req.path, "read")
+        return _local_permission_response(req.path, "read", current_user)
+    _require_local_approval(token=req.approval_token, path=req.path, action="read", user_email=current_user)
     return _tool_response(local_read, req.path)
 
 
 @app.get("/local/serve")
-async def local_serve_file(path: str, request: Request):
+async def local_serve_file(path: str, request: Request, approval_token: Optional[str] = None):
     """Serve a local file (images etc.) directly for browser preview."""
-    require_user(request)
+    current_user = require_user(request)
+    _require_local_approval(token=approval_token, path=path, action="read", user_email=current_user)
     target = Path(path).expanduser().resolve()
     if not target.exists() or not target.is_file():
         raise HTTPException(status_code=404, detail="File not found")
@@ -5482,9 +5802,16 @@ async def local_serve_file(path: str, request: Request):
 
 @app.post("/local/write")
 async def local_write_endpoint(req: LocalWriteRequest, request: Request):
-    require_user(request)
+    current_user = require_user(request)
     if not req.approved:
-        return _local_permission_response(req.path, "write")
+        return _local_permission_response(req.path, "write", current_user, req.content)
+    _require_local_approval(
+        token=req.approval_token,
+        path=req.path,
+        action="write",
+        user_email=current_user,
+        content=req.content,
+    )
     return _tool_response(local_write, req.path, req.content)
 
 

package/static/account.html

@@ -309,8 +309,6 @@
         const API_BASE = window.location.protocol === 'file:' ? 'http://localhost:4825' : '';
         function apiFetch(path, opts = {}) {
             const headers = { ...(opts.headers || {}) };
-            const token = localStorage.getItem('ltcai_session_token') || '';
-            if (token && !headers.Authorization) headers.Authorization = `Bearer ${token}`;
             return fetch(API_BASE + path, { credentials: 'include', ...opts, headers });
         }
 
@@ -443,7 +441,6 @@
                     localStorage.setItem('ltcai_user_email', data.email);
                     localStorage.setItem('ltcai_user_nickname', data.nickname || data.name || data.email);
                     localStorage.setItem('ltcai_is_admin', data.is_admin ? 'true' : 'false');
-                    if (data.token) localStorage.setItem('ltcai_session_token', data.token);
                     window.location.href = '/chat';
                 } else {
                     const data = await res.json().catch(() => ({}));
@@ -486,7 +483,6 @@
                             localStorage.setItem('ltcai_user_email', data.email);
                             localStorage.setItem('ltcai_user_nickname', data.nickname || data.name || data.email);
                             localStorage.setItem('ltcai_is_admin', data.is_admin ? 'true' : 'false');
-                            if (data.token) localStorage.setItem('ltcai_session_token', data.token);
                             window.location.href = '/chat';
                         }
                     });

package/static/admin.html

@@ -829,8 +829,6 @@
 
         function apiFetch(path, options = {}) {
             const headers = { ...(options.headers || {}) };
-            const token = localStorage.getItem('ltcai_session_token') || '';
-            if (token && !headers.Authorization) headers.Authorization = `Bearer ${token}`;
             return fetch(`${API_BASE}${path}`, { credentials: 'include', ...options, headers });
         }
 
@@ -852,20 +850,17 @@
             sessionStorage.removeItem('ltcai_admin_handoff');
             let data;
             try { data = JSON.parse(raw); } catch { return; }
-            const { email, nickname, is_admin, token } = data;
+            const { email, nickname, is_admin } = data;
             if (!email) return;
             localStorage.setItem('ltcai_user_email', email);
             if (nickname) localStorage.setItem('ltcai_user_nickname', nickname);
             if (is_admin === 'true' || is_admin === 'false') localStorage.setItem('ltcai_is_admin', is_admin);
-            if (token) localStorage.setItem('ltcai_session_token', token);
         }
 
         function adminHeaders() {
-            const token = localStorage.getItem('ltcai_session_token') || '';
             return {
                 'Content-Type': 'application/json',
                 'X-Admin-Email': currentUserEmail(),
-                ...(token ? { Authorization: `Bearer ${token}` } : {})
             };
         }
 
@@ -1450,7 +1445,6 @@
             localStorage.removeItem('ltcai_user_email');
             localStorage.removeItem('ltcai_user_nickname');
             localStorage.removeItem('ltcai_is_admin');
-            localStorage.removeItem('ltcai_session_token');
             window.location.href = '/';
         }
 

package/static/chat.html

@@ -3805,8 +3805,6 @@
 
         function apiFetch(path, options = {}) {
             const headers = { ...(options.headers || {}) };
-            const token = localStorage.getItem('ltcai_session_token') || '';
-            if (token && !headers.Authorization) headers.Authorization = `Bearer ${token}`;
             return fetch(`${API_BASE}${path}`, { credentials: 'include', ...options, headers });
         }
 
@@ -3837,7 +3835,6 @@
             localStorage.removeItem('ltcai_user_email');
             localStorage.removeItem('ltcai_user_nickname');
             localStorage.removeItem('ltcai_is_admin');
-            localStorage.removeItem('ltcai_session_token');
             window.location.href = '/account';
         }
 
@@ -4089,11 +4086,9 @@
         }
 
         function adminHeaders() {
-            const token = localStorage.getItem('ltcai_session_token') || '';
             return {
                 'Content-Type': 'application/json',
                 'X-Admin-Email': currentUserEmail,
-                ...(token ? { Authorization: `Bearer ${token}` } : {})
             };
         }
 
@@ -4486,7 +4481,6 @@
                 email: currentUserEmail || '',
                 nickname: currentUserNickname || '',
                 is_admin: isAdmin ? 'true' : 'false',
-                token: localStorage.getItem('ltcai_session_token') || '',
             }));
             window.location.href = `${API_BASE || ''}/admin`;
         }
@@ -4873,31 +4867,46 @@
             await localNav(parts.join('/') || '/');
         }
 
-        async function browseLocalPath(path) {
-            path = path ?? _localCurrentPath;
-            const resultEl = document.getElementById('local-browser-result');
-            resultEl.innerHTML = '<div class="sensitivity-preview">불러오는 중...</div>';
-
-            const probe = await apiFetch('/local/list', {
+        async function getLocalApprovalToken(path, action = 'read', content = '') {
+            const endpoint = action === 'write' ? '/local/write' : action === 'list' ? '/local/list' : '/local/read';
+            const payload = action === 'write'
+                ? { path, content, approved: false }
+                : { path, approved: false };
+            const probe = await apiFetch(endpoint, {
                 method: 'POST',
                 headers: { 'Content-Type': 'application/json' },
-                body: JSON.stringify({ path, approved: false })
+                body: JSON.stringify(payload)
             });
             const probeData = await probe.json();
+            if (!probeData.permission_required) return probeData.approval_token || '';
+            const allowed = await requestPermission(probeData.path, probeData.action, probeData.action_label);
+            if (!allowed) return '';
+            const token = probeData.approval_token || '';
+            if (!token) return '';
+            const approval = await apiFetch(`/permissions/approve/${encodeURIComponent(token)}`, { method: 'POST' });
+            if (!approval.ok) {
+                const data = await approval.json().catch(() => ({}));
+                throw new Error(data.detail || '파일 접근 승인 실패');
+            }
+            return token;
+        }
 
-            if (probeData.permission_required) {
-                const allowed = await requestPermission(probeData.path, probeData.action, probeData.action_label);
-                if (!allowed) {
-                    resultEl.innerHTML = '<div class="sensitivity-preview">접근이 거부되었습니다.</div>';
-                    return;
-                }
+        async function browseLocalPath(path) {
+            path = path ?? _localCurrentPath;
+            const resultEl = document.getElementById('local-browser-result');
+            resultEl.innerHTML = '<div class="sensitivity-preview">불러오는 중...</div>';
+
+            const approvalToken = await getLocalApprovalToken(path, 'list');
+            if (!approvalToken) {
+                resultEl.innerHTML = '<div class="sensitivity-preview">접근이 거부되었습니다.</div>';
+                return;
             }
 
             try {
                 const res = await apiFetch('/local/list', {
                     method: 'POST',
                     headers: { 'Content-Type': 'application/json' },
-                    body: JSON.stringify({ path, approved: true })
+                    body: JSON.stringify({ path, approved: true, approval_token: approvalToken })
                 });
                 const data = await res.json();
                 if (!res.ok || data.error) throw new Error(data.error || data.detail || '오류');
@@ -4945,13 +4954,18 @@
             const path = decodeURIComponent(encodedPath);
             const resultEl = document.getElementById('local-browser-result');
             const ext = path.split('.').pop().toLowerCase();
+            const readApprovalToken = await getLocalApprovalToken(path, 'read');
+            if (!readApprovalToken) {
+                resultEl.innerHTML = '<div class="sensitivity-preview">접근이 거부되었습니다.</div>';
+                return;
+            }
+            const localServeUrl = `/local/serve?path=${encodeURIComponent(path)}&approval_token=${encodeURIComponent(readApprovalToken)}`;
 
             // 이미지 파일: 미리보기 + AI 전송
             if (IMAGE_EXTS.has(ext)) {
-                const safeEnc = encodeURIComponent(path);
                 resultEl.innerHTML = `
                     <div style="text-align:center;padding:12px">
-                        <img src="/local/serve?path=${safeEnc}" alt="${escapeHtml(path.split('/').pop())}"
+                        <img src="${localServeUrl}" alt="${escapeHtml(path.split('/').pop())}"
                              style="max-width:100%;max-height:280px;border-radius:8px;border:1px solid var(--border)"
                              onerror="this.parentElement.innerHTML='<div style=color:var(--faint)>이미지 미리보기 불가</div>'">
                         <div style="color:var(--faint);font-size:11px;margin-top:8px">${escapeHtml(path.split('/').pop())}</div>
@@ -4971,11 +4985,10 @@
 
             // 동영상: HTML5 플레이어
             if (VIDEO_EXTS.has(ext)) {
-                const safeEnc = encodeURIComponent(path);
                 resultEl.innerHTML = `
                     <div style="text-align:center;padding:8px">
                         <video controls style="max-width:100%;max-height:280px;border-radius:8px;border:1px solid var(--border)"
-                               src="/local/serve?path=${safeEnc}">지원하지 않는 형식</video>
+                               src="${localServeUrl}">지원하지 않는 형식</video>
                         <div style="color:var(--faint);font-size:11px;margin-top:6px">${escapeHtml(path.split('/').pop())}</div>
                         <button class="status-btn" style="font-size:12px;margin-top:8px"
                             onclick="sendArchiveToChat('${path.replace(/'/g,"\\'")}','video')">
@@ -4987,11 +5000,10 @@
 
             // PDF: 브라우저 내장 뷰어 + AI 전송 (페이지 이미지 + 텍스트)
             if (ext === 'pdf') {
-                const safeEnc = encodeURIComponent(path);
                 const safePath = path.replace(/\\/g,'\\\\').replace(/'/g,"\\'");
                 resultEl.innerHTML = `
                     <div style="display:flex;flex-direction:column;gap:10px">
-                        <embed src="/local/serve?path=${safeEnc}#toolbar=0"
+                        <embed src="${localServeUrl}#toolbar=0"
                                type="application/pdf"
                                style="width:100%;height:340px;border-radius:8px;border:1px solid var(--border)">
                         <div style="display:flex;gap:8px">
@@ -5016,7 +5028,7 @@
                     const res = await apiFetch('/tools/read_document', {
                         method: 'POST',
                         headers: { 'Content-Type': 'application/json' },
-                        body: JSON.stringify({ path })
+                        body: JSON.stringify({ path, approval_token: readApprovalToken })
                     });
                     const data = await res.json();
                     if (!res.ok || data.error) throw new Error(data.error || data.detail || '읽기 실패');
@@ -5062,25 +5074,11 @@
 
             resultEl.innerHTML = '<div class="sensitivity-preview">읽는 중...</div>';
 
-            const probe = await apiFetch('/local/read', {
-                method: 'POST',
-                headers: { 'Content-Type': 'application/json' },
-                body: JSON.stringify({ path, approved: false })
-            });
-            const probeData = await probe.json();
-            if (probeData.permission_required) {
-                const allowed = await requestPermission(probeData.path, probeData.action, probeData.action_label);
-                if (!allowed) {
-                    resultEl.innerHTML = '<div class="sensitivity-preview">접근이 거부되었습니다.</div>';
-                    return;
-                }
-            }
-
             try {
                 const res = await apiFetch('/local/read', {
                     method: 'POST',
                     headers: { 'Content-Type': 'application/json' },
-                    body: JSON.stringify({ path, approved: true })
+                    body: JSON.stringify({ path, approved: true, approval_token: readApprovalToken })
                 });
                 const data = await res.json();
                 if (!res.ok || data.error) throw new Error(data.error || data.detail || '오류');
@@ -5108,22 +5106,18 @@
             statusEl.style.color = 'var(--accent)';
             statusEl.textContent = '저장 중...';
 
-            const probe = await apiFetch('/local/write', {
-                method: 'POST',
-                headers: { 'Content-Type': 'application/json' },
-                body: JSON.stringify({ path, content, approved: false })
-            });
-            const probeData = await probe.json();
-            if (probeData.permission_required) {
-                const allowed = await requestPermission(probeData.path, probeData.action, probeData.action_label);
-                if (!allowed) { statusEl.style.color = 'var(--danger)'; statusEl.textContent = '저장 취소됨'; return; }
+            const approvalToken = await getLocalApprovalToken(path, 'write', content);
+            if (!approvalToken) {
+                statusEl.style.color = 'var(--danger)';
+                statusEl.textContent = '저장 취소됨';
+                return;
             }
 
             try {
                 const res = await apiFetch('/local/write', {
                     method: 'POST',
                     headers: { 'Content-Type': 'application/json' },
-                    body: JSON.stringify({ path, content, approved: true })
+                    body: JSON.stringify({ path, content, approved: true, approval_token: approvalToken })
                 });
                 const data = await res.json();
                 if (!res.ok || data.error) throw new Error(data.error || data.detail || '오류');
@@ -5140,8 +5134,10 @@
             const statusEl = document.getElementById('pdf-send-status');
             if (statusEl) statusEl.textContent = '페이지 렌더링 중...';
             try {
+                const approvalToken = await getLocalApprovalToken(path, 'read');
+                if (!approvalToken) throw new Error('파일 접근이 거부되었습니다.');
                 // 1. 페이지 이미지 가져오기
-                const res = await apiFetch('/tools/pdf_pages?path=' + encodeURIComponent(path));
+                const res = await apiFetch('/tools/pdf_pages?path=' + encodeURIComponent(path) + '&approval_token=' + encodeURIComponent(approvalToken));
                 const data = await res.json();
                 const pages = data.pages || [];
 
@@ -5149,7 +5145,7 @@
                 const textRes = await apiFetch('/tools/read_document', {
                     method: 'POST',
                     headers: { 'Content-Type': 'application/json' },
-                    body: JSON.stringify({ path })
+                    body: JSON.stringify({ path, approval_token: approvalToken })
                 });
                 const textData = await textRes.json();
                 const text = (textData.result ?? textData).content ?? '';
@@ -5177,10 +5173,12 @@
             const resultEl = document.getElementById('local-browser-result');
             resultEl.innerHTML = '<div class="sensitivity-preview">텍스트 추출 중...</div>';
             try {
+                const approvalToken = await getLocalApprovalToken(path, 'read');
+                if (!approvalToken) throw new Error('파일 접근이 거부되었습니다.');
                 const res = await apiFetch('/tools/read_document', {
                     method: 'POST',
                     headers: { 'Content-Type': 'application/json' },
-                    body: JSON.stringify({ path })
+                    body: JSON.stringify({ path, approval_token: approvalToken })
                 });
                 const data = await res.json();
                 const text = (data.result ?? data).content ?? '';
@@ -5210,7 +5208,9 @@
 
         async function sendImageFileToChat(path) {
             try {
-                const res = await apiFetch('/local/serve?path=' + encodeURIComponent(path));
+                const approvalToken = await getLocalApprovalToken(path, 'read');
+                if (!approvalToken) throw new Error('파일 접근이 거부되었습니다.');
+                const res = await apiFetch('/local/serve?path=' + encodeURIComponent(path) + '&approval_token=' + encodeURIComponent(approvalToken));
                 if (!res.ok) throw new Error('이미지 로드 실패');
                 const blob = await res.blob();
                 closeLocalBrowser();
@@ -6813,13 +6813,14 @@
                     <div class="rec-grid ${colClass || ''}">${cards}</div>`;
         };
 
+        html += renderSection('필수 구성요소', recs.components);
         html += renderSection('엔진 (로컬 · 클라우드)', recs.engines);
         html += renderSection('모델 — 로컬 실행 (RAM 기준 필터)', recs.models);
         html += renderSection('MCP — 도구 연결', recs.mcps);
 
         _body().innerHTML = html;
 
-        const allItems = [...(recs.engines||[]), ...(recs.models||[]), ...(recs.mcps||[])];
+        const allItems = [...(recs.components||[]), ...(recs.engines||[]), ...(recs.models||[]), ...(recs.mcps||[])];
         _wizItems = allItems.filter(i => i.checked && !i.disabled);
 
         _footInfo('');
@@ -6828,7 +6829,7 @@
 
     function _toggleItem(id) {
         const recs = _wizRecs;
-        const allItems = [...(recs.engines||[]), ...(recs.models||[]), ...(recs.mcps||[])];
+        const allItems = [...(recs.components||[]), ...(recs.engines||[]), ...(recs.models||[]), ...(recs.mcps||[])];
         const item = allItems.find(i => i.id === id);
         if (!item || item.disabled) return;
 

package/static/graph.html

@@ -672,16 +672,11 @@
     let searchAbortController = null;
     let searchDebounceId = null;
 
-    function authHeaders() {
-      const token = localStorage.getItem('ltcai_session_token') || '';
-      return token ? { Authorization: `Bearer ${token}` } : {};
-    }
-
     function apiFetch(path, opts = {}) {
       return fetch(`${API_BASE}${path}`, {
         credentials: 'include',
         ...opts,
-        headers: { ...authHeaders(), ...(opts.headers || {}) },
+        headers: { ...(opts.headers || {}) },
       });
     }
 

package/tests/unit/test_security.py

@@ -13,6 +13,9 @@ from server import (
     hash_password,
     verify_password,
     _agent_risk,
+    _host_is_loopback,
+    _local_permission_response,
+    _require_local_approval,
     _LOCAL_WRITE_BLOCKED_PREFIXES,
 )
 from fastapi import HTTPException
@@ -123,3 +126,68 @@ def test_agent_risk_system_path_write_upgraded_to_high():
 
 def test_agent_risk_unknown_action_defaults_medium():
     assert _agent_risk("nonexistent_tool_xyz", {}) == "medium"
+
+
+# ---------------------------------------------------------------------------
+# Network exposure / local file approvals
+# ---------------------------------------------------------------------------
+
+def test_host_loopback_detection():
+    assert _host_is_loopback("127.0.0.1")
+    assert _host_is_loopback("localhost")
+    assert not _host_is_loopback("0.0.0.0")
+    assert not _host_is_loopback("192.168.0.2")
+
+
+def test_local_approval_token_allows_exact_scope(tmp_path):
+    target = tmp_path / "note.txt"
+    target.write_text("hello")
+    user = "alice@example.com"
+    approval = _local_permission_response(str(target), "read", user)
+    from server import _local_approvals
+    _local_approvals[approval["approval_token"]]["approved"] = True
+
+    _require_local_approval(
+        token=approval["approval_token"],
+        path=str(target),
+        action="read",
+        user_email=user,
+    )
+
+
+def test_local_approval_token_rejects_wrong_path(tmp_path):
+    allowed = tmp_path / "allowed.txt"
+    denied = tmp_path / "denied.txt"
+    allowed.write_text("allowed")
+    denied.write_text("denied")
+    user = "alice@example.com"
+    approval = _local_permission_response(str(allowed), "read", user)
+    from server import _local_approvals
+    _local_approvals[approval["approval_token"]]["approved"] = True
+
+    with pytest.raises(HTTPException) as exc:
+        _require_local_approval(
+            token=approval["approval_token"],
+            path=str(denied),
+            action="read",
+            user_email=user,
+        )
+    assert exc.value.status_code == 403
+
+
+def test_local_write_approval_binds_content(tmp_path):
+    target = tmp_path / "out.txt"
+    user = "alice@example.com"
+    approval = _local_permission_response(str(target), "write", user, "first")
+    from server import _local_approvals
+    _local_approvals[approval["approval_token"]]["approved"] = True
+
+    with pytest.raises(HTTPException) as exc:
+        _require_local_approval(
+            token=approval["approval_token"],
+            path=str(target),
+            action="write",
+            user_email=user,
+            content="changed",
+        )
+    assert exc.value.status_code == 403

package/tests/unit/test_setup_wizard.py

@@ -0,0 +1,35 @@
+import os
+import shutil
+
+import setup
+
+
+def test_scan_environment_includes_components_and_paths():
+    env = setup.scan_environment()
+
+    assert "components" in env
+    assert "python" in env["components"]
+    assert "official_url" in env["components"]["python"]
+    assert "path" in env
+    assert "active" in env["path"]
+
+
+def test_recommendations_include_components():
+    env = setup.scan_environment()
+    recs = setup.get_recommendations(env)
+
+    assert "components" in recs
+    assert any(item["id"].startswith("component_") for item in recs["components"])
+
+
+def test_repair_path_can_find_binary_from_common_dir(monkeypatch):
+    python_path = shutil.which("python3") or shutil.which("python")
+    assert python_path
+    python_dir = os.path.dirname(python_path)
+
+    monkeypatch.setattr(setup, "COMMON_PATH_DIRS", [python_dir])
+    monkeypatch.setenv("PATH", "")
+
+    setup.repair_path_for("python3" if python_path.endswith("python3") else "python")
+
+    assert python_dir in os.environ["PATH"].split(os.pathsep)