plugin-agent-orchestrator 1.0.22 → 1.0.25

package/dist/server/services/CodeValidator.js

@@ -38,19 +38,47 @@ const DANGEROUS_NODE_PATTERNS = [
   { pattern: /require\s*\(\s*['"]http['"]\s*\)/, reason: "http module not allowed" },
   { pattern: /require\s*\(\s*['"]https['"]\s*\)/, reason: "https module not allowed" },
   { pattern: /require\s*\(\s*['"]vm['"]\s*\)/, reason: "vm module not allowed" },
+  { pattern: /require\s*\(\s*['"]worker_threads['"]\s*\)/, reason: "worker_threads module not allowed" },
+  { pattern: /require\s*\(\s*['"]inspector['"]\s*\)/, reason: "inspector module not allowed" },
+  { pattern: /require\s*\(\s*['"]v8['"]\s*\)/, reason: "v8 module not allowed" },
   { pattern: /process\.exit/, reason: "process.exit not allowed" },
   { pattern: /process\.env(?!\s*\.OUTPUT_DIR)/, reason: "process.env access not allowed (use OUTPUT_DIR only)" },
-  { pattern: /process\.kill/, reason: "process.kill not allowed" }
+  { pattern: /process\.kill/, reason: "process.kill not allowed" },
+  { pattern: /process\.binding\s*\(/, reason: "process.binding not allowed" },
+  { pattern: /\bglobalThis\b/, reason: "globalThis access not allowed" },
+  // Indirect eval / dynamic Function construction (bypasses the import allowlist).
+  { pattern: /\beval\s*\(/, reason: "eval not allowed" },
+  { pattern: /\bnew\s+Function\s*\(/, reason: "new Function() not allowed" },
+  { pattern: /\bFunction\s*\(/, reason: "Function() constructor not allowed" },
+  // Dynamic import() can pull arbitrary modules at runtime, bypassing require() checks.
+  { pattern: /\bimport\s*\(/, reason: "dynamic import() not allowed" },
+  // require resolved from a non-literal expression (e.g. require(varName)).
+  { pattern: /require\s*\(\s*(?!['"])/, reason: "require() with a non-literal argument not allowed" }
 ];
 const DANGEROUS_PYTHON_PATTERNS = [
   { pattern: /import\s+subprocess/, reason: "subprocess module not allowed" },
   { pattern: /from\s+subprocess\s+import/, reason: "subprocess module not allowed" },
   { pattern: /import\s+shutil/, reason: "shutil module not allowed" },
+  { pattern: /import\s+socket/, reason: "socket module not allowed" },
+  { pattern: /import\s+ctypes/, reason: "ctypes module not allowed" },
+  { pattern: /import\s+pickle/, reason: "pickle module not allowed" },
+  { pattern: /import\s+marshal/, reason: "marshal module not allowed" },
+  { pattern: /import\s+importlib/, reason: "importlib module not allowed" },
+  {
+    pattern: /from\s+(?:socket|ctypes|pickle|marshal|importlib)\s+import/,
+    reason: "restricted module import not allowed"
+  },
   { pattern: /__import__\s*\(/, reason: "__import__ not allowed" },
+  { pattern: /\bimportlib\b/, reason: "importlib access not allowed" },
   { pattern: /os\.system\s*\(/, reason: "os.system not allowed" },
   { pattern: /os\.popen\s*\(/, reason: "os.popen not allowed" },
   { pattern: /os\.exec\w*\s*\(/, reason: "os.exec* not allowed" },
   { pattern: /os\.spawn\w*\s*\(/, reason: "os.spawn* not allowed" },
+  { pattern: /os\.fork\s*\(/, reason: "os.fork not allowed" },
+  // getattr/setattr can reconstruct blocked names like getattr(os,'sys'+'tem').
+  { pattern: /\bgetattr\s*\(/, reason: "getattr not allowed (can bypass name checks)" },
+  { pattern: /\bsetattr\s*\(/, reason: "setattr not allowed" },
+  { pattern: /\b__builtins__\b/, reason: "__builtins__ access not allowed" },
   { pattern: /\beval\s*\(/, reason: "eval not allowed" },
   { pattern: /\bexec\s*\(/, reason: "exec not allowed" },
   { pattern: /\bcompile\s*\(/, reason: "compile not allowed" }
@@ -121,8 +149,8 @@ const PYTHON_BUILTINS = [
 const PYTHON_IMPORT_NAME_MAP = {
   "python-docx": "docx",
   "python-pptx": "pptx",
-  "Pillow": "PIL",
-  "pyyaml": "yaml"
+  Pillow: "PIL",
+  pyyaml: "yaml"
 };
 class CodeValidator {
   /**
@@ -138,20 +166,29 @@ class CodeValidator {
     }
   }
   /**
-   * Validate that code only imports packages in the whitelist.
-   * Called after the basic forbidden pattern check.
-   * Skips validation if whitelist is empty (env not initialized yet).
+   * Validate that code only imports packages in the allowlist (builtins +
+   * whitelist). Called after the basic forbidden pattern check.
+   *
+   * An empty whitelist does NOT skip validation: only built-in modules are
+   * then allowed. This closes an exfiltration hole — stdlib modules such as
+   * Python `urllib`/`socket`/`ftplib` need no install, so skipping the check
+   * when the env was not initialized would let a skill open outbound
+   * connections. Set SKILL_HUB_ALLOW_ANY_IMPORT=true to restore the old
+   * skip-when-empty behaviour for legacy deployments.
    *
    * @param code - The code to validate
    * @param language - 'node' or 'python'
-   * @param whitelist - Array of allowed package names (from skillWorkerConfigs.packageWhitelist)
+   * @param whitelist - Allowed package names (from skillWorkerConfigs.packageWhitelist)
    */
   validateImports(code, language, whitelist) {
-    if (!(whitelist == null ? void 0 : whitelist.length)) return;
+    if (!(whitelist == null ? void 0 : whitelist.length) && process.env.SKILL_HUB_ALLOW_ANY_IMPORT === "true") {
+      return;
+    }
+    const list = whitelist || [];
     if (language === "node") {
-      this.validateNodeImports(code, whitelist);
+      this.validateNodeImports(code, list);
     } else if (language === "python") {
-      this.validatePythonImports(code, whitelist);
+      this.validatePythonImports(code, list);
     }
   }
   /**
@@ -178,10 +215,7 @@ class CodeValidator {
    */
   validatePythonImports(code, whitelist) {
     const imports = [...code.matchAll(/(?:^|\n)\s*(?:import|from)\s+([a-zA-Z_][a-zA-Z0-9_]*)/g)];
-    const allowedImports = /* @__PURE__ */ new Set([
-      ...PYTHON_BUILTINS,
-      ...whitelist.map((p) => PYTHON_IMPORT_NAME_MAP[p] || p)
-    ]);
+    const allowedImports = /* @__PURE__ */ new Set([...PYTHON_BUILTINS, ...whitelist.map((p) => PYTHON_IMPORT_NAME_MAP[p] || p)]);
     for (const match of imports) {
       const pkg = match[1];
       if (allowedImports.has(pkg)) continue;

package/dist/server/services/SandboxRunner.js

@@ -32,7 +32,12 @@ module.exports = __toCommonJS(SandboxRunner_exports);
 var import_child_process = require("child_process");
 var import_fs = require("fs");
 var import_path = require("path");
+var import_os = require("os");
 var import_CodeValidator = require("./CodeValidator");
+const IS_WINDOWS = process.platform === "win32";
+function pythonBinary() {
+  return process.env.SKILL_HUB_PYTHON_BIN || (IS_WINDOWS ? "python" : "python3");
+}
 class SandboxRunner {
   constructor(fileManager, logger, storagePath) {
     this.fileManager = fileManager;
@@ -55,23 +60,22 @@ class SandboxRunner {
       skillDir
     } = options;
     this.validator.validate(code, language);
-    if (packageWhitelist == null ? void 0 : packageWhitelist.length) {
-      this.validator.validateImports(code, language, packageWhitelist);
-    }
+    this.validator.validateImports(code, language, packageWhitelist || []);
     const workDir = this.fileManager.createExecDir(execId);
     const outputDir = this.fileManager.getOutputDir(execId);
     const filename = language === "node" ? "script.js" : "script.py";
     const scriptPath = (0, import_path.resolve)(workDir, filename);
     (0, import_fs.writeFileSync)(scriptPath, code, "utf-8");
     onProgress == null ? void 0 : onProgress({ percent: 20, log: "Code validated, executing..." });
-    const cmd = language === "node" ? `node "${scriptPath}"` : `python3 "${scriptPath}"`;
-    const path = require("path");
-    const nodePath = path.resolve(this.sandboxWorkspace, "node_modules");
-    const finalNodePath = process.env.NODE_PATH ? `${nodePath}${path.delimiter}${process.env.NODE_PATH}` : nodePath;
+    const nodePath = (0, import_path.resolve)(this.sandboxWorkspace, "node_modules");
+    const finalNodePath = process.env.NODE_PATH ? `${nodePath}${import_path.delimiter}${process.env.NODE_PATH}` : nodePath;
+    const memLimitMb = Math.max(64, Number(process.env.SKILL_HUB_MEM_LIMIT_MB || 512));
+    const baseCmd = language === "node" ? `node --max-old-space-size=${memLimitMb} "${scriptPath}"` : `${pythonBinary()} "${scriptPath}"`;
+    const cmd = !IS_WINDOWS && memLimitMb > 0 ? `ulimit -v ${memLimitMb * 1024} 2>/dev/null; exec ${baseCmd}` : baseCmd;
     const startTime = Date.now();
     let childProc = null;
     let wasCanceled = false;
-    const processResult = await new Promise((resolveResult) => {
+    const processResult = await new Promise((_resolve) => {
       childProc = (0, import_child_process.exec)(
         cmd,
         {
@@ -82,18 +86,18 @@ class SandboxRunner {
           env: {
             // Sanitized environment — only expose what's necessary
             PATH: process.env.PATH,
-            HOME: "/tmp",
-            TMPDIR: "/tmp",
+            HOME: (0, import_os.tmpdir)(),
+            TMPDIR: (0, import_os.tmpdir)(),
             OUTPUT_DIR: outputDir,
             LANG: "en_US.UTF-8",
             // Node.js
             NODE_PATH: finalNodePath,
             // Python — include bundled packages (svg_to_pptx etc.)
             PYTHONPATH: [
-              skillDir ? path.resolve(skillDir, "scripts") : "",
-              path.resolve(this.sandboxWorkspace, "python_packages"),
+              skillDir ? (0, import_path.resolve)(skillDir, "scripts") : "",
+              (0, import_path.resolve)(this.sandboxWorkspace, "python_packages"),
               process.env.PYTHONPATH || ""
-            ].filter(Boolean).join(path.delimiter),
+            ].filter(Boolean).join(import_path.delimiter),
             PYTHONIOENCODING: "utf-8",
             SKILL_DIR: skillDir || ""
             // DO NOT pass: DB credentials, API keys, APP_KEY, etc.
@@ -108,7 +112,7 @@ class SandboxRunner {
               exitCode = error.code || 1;
             }
           }
-          resolveResult({
+          _resolve({
             exitCode,
             stdout: (stdout || "").slice(0, 5e3),
             stderr: (stderr || "").slice(0, 2e3)

package/dist/server/skill-hub/plugin.js

@@ -54,6 +54,29 @@ var import_SkillRepositoryService = require("../services/SkillRepositoryService"
 var import_git_import = require("./actions/git-import");
 var import_json_fields = require("./utils/json-fields");
 var import_ExecutionSpanService = require("../services/ExecutionSpanService");
+var import_ai_manager = require("../utils/ai-manager");
+function normalizeToolRuntime(runtime) {
+  if (!runtime) return void 0;
+  if (typeof runtime === "string") {
+    return { toolCallId: runtime, writer: () => {
+    } };
+  }
+  return runtime;
+}
+function assignToolRuntime(ctx, runtime) {
+  const normalizedRuntime = normalizeToolRuntime(runtime);
+  if (!ctx || !normalizedRuntime) return () => {
+  };
+  const previousRuntime = ctx.runtime;
+  ctx.runtime = normalizedRuntime;
+  return () => {
+    if (previousRuntime === void 0) {
+      delete ctx.runtime;
+    } else {
+      ctx.runtime = previousRuntime;
+    }
+  };
+}
 class RateLimiter {
   constructor(maxExecutions = 10, windowMs = 60 * 1e3) {
     this.maxExecutions = maxExecutions;
@@ -538,15 +561,14 @@ class SkillHubSubFeature {
     return configsBySkillId;
   }
   registerAITools() {
-    var _a;
     try {
-      const aiPlugin = this.app.pm.get("@nocobase/plugin-ai");
-      if (!((_a = aiPlugin == null ? void 0 : aiPlugin.ai) == null ? void 0 : _a.toolsManager)) {
+      const toolsManager = (0, import_ai_manager.tryGetAIToolsManager)(this.app);
+      if (!toolsManager) {
         this.app.logger.warn("[skill-hub] plugin-ai not available, skip AI tool registration.");
         return;
       }
-      aiPlugin.ai.toolsManager.registerTools((0, import_skill_execute.createSkillExecuteTool)(this));
-      aiPlugin.ai.toolsManager.registerDynamicTools(async (register) => {
+      toolsManager.registerTools((0, import_skill_execute.createSkillExecuteTool)(this));
+      toolsManager.registerDynamicTools(async (register) => {
         try {
           const skills = await this.db.getRepository("skillDefinitions").find({
             filter: { enabled: true }
@@ -585,19 +607,24 @@ IMPORTANT: This skill is bound to a Skill Hub human-in-the-loop review template.
                   description,
                   schema: (0, import_json_fields.parseJsonText)(skill.get("inputSchema"), { type: "object", properties: {} })
                 },
-                invoke: async (toolCtx, args) => {
-                  const latestSkill = await this.db.getRepository("skillDefinitions").findOne({
-                    filter: { id: skill.get("id"), enabled: true }
-                  });
-                  if (!latestSkill) {
-                    return { status: "error", content: `Skill "${skill.get("name")}" is no longer available` };
+                invoke: async (toolCtx, args, runtime) => {
+                  const restoreRuntime = assignToolRuntime(toolCtx, runtime);
+                  try {
+                    const latestSkill = await this.db.getRepository("skillDefinitions").findOne({
+                      filter: { id: skill.get("id"), enabled: true }
+                    });
+                    if (!latestSkill) {
+                      return { status: "error", content: `Skill "${skill.get("name")}" is no longer available` };
+                    }
+                    const result = await this.executeSkill(latestSkill, args, toolCtx);
+                    return {
+                      status: result.status === "succeeded" ? "success" : "error",
+                      result
+                      // Attach raw result
+                    };
+                  } finally {
+                    restoreRuntime();
                   }
-                  const result = await this.executeSkill(latestSkill, args, toolCtx);
-                  return {
-                    status: result.status === "succeeded" ? "success" : "error",
-                    result
-                    // Attach raw result
-                  };
                 }
               };
             })

package/dist/server/tools/delegate-task.js

@@ -40,6 +40,9 @@ const ORCHESTRATOR_PATH_KEY = "__orchestratorPath";
 const MAX_DISPATCH_CONCURRENCY = 5;
 const MAX_DISPATCH_TASKS = 20;
 const MAX_TOOL_NAME_LENGTH = 64;
+function getToolCallId(runtime) {
+  return typeof runtime === "string" ? runtime : runtime == null ? void 0 : runtime.toolCallId;
+}
 function sanitizeToolPart(value) {
   return (value || "").replace(/[^a-zA-Z0-9_-]/g, "_");
 }
@@ -110,7 +113,8 @@ function createDelegateToolOptions(plugin, options) {
         context: import_zod.z.string().optional().describe("Optional additional context to help the sub-agent understand the task better.")
       })
     },
-    invoke: async (ctx, args, id) => {
+    invoke: async (ctx, args, runtime) => {
+      const id = getToolCallId(runtime) || `delegate-${Date.now()}`;
       const callingEmployee = await resolveCallingEmployee(ctx, plugin);
       if (!callingEmployee) {
         await logDelegation(ctx, plugin, {
@@ -224,8 +228,9 @@ ${subAgentList}`
         ).min(1).max(MAX_DISPATCH_TASKS).describe(`List of sub-tasks to dispatch concurrently. Up to ${MAX_DISPATCH_CONCURRENCY} run in parallel.`)
       })
     },
-    invoke: async (ctx, args, id) => {
+    invoke: async (ctx, args, runtime) => {
       var _a;
+      const id = getToolCallId(runtime) || `dispatch-${Date.now()}`;
       const callingEmployee = await resolveCallingEmployee(ctx, plugin);
       if (!callingEmployee) {
         const distinctSubs = Array.from(new Set((args.tasks ?? []).map((t) => t.subAgent).filter(Boolean)));

package/dist/server/tools/skill-execute.js

@@ -30,10 +30,25 @@ __export(skill_execute_exports, {
 });
 module.exports = __toCommonJS(skill_execute_exports);
 var import_json_fields = require("../skill-hub/utils/json-fields");
+function normalizeRuntime(runtime) {
+  if (!runtime) return void 0;
+  if (typeof runtime === "string") {
+    return { toolCallId: runtime, writer: () => {
+    } };
+  }
+  return runtime;
+}
 function createSkillExecuteTool(plugin) {
   return {
     scope: "CUSTOM",
     execution: "backend",
+    // Intentionally fixed to ASK. This is the universal gateway: a single tool
+    // whose `execute` action can run ANY enabled skill by name, so the
+    // per-skill `autoCall` flag cannot be honored here — the harness decides
+    // approval from `defaultPermission` before invoke, when the target skill is
+    // not yet known. The per-skill dynamic tools (`skill_hub_<name>`) are the
+    // fast path that respect `autoCall: true → ALLOW`. Keeping the generic
+    // gateway on ASK is deliberate defense-in-depth, not an oversight.
     defaultPermission: "ASK",
     introduction: {
       title: "Skill Hub - Universal Skill Executor",
@@ -69,7 +84,7 @@ IMPORTANT: If the skill returns file download URLs, you MUST format them as clic
         required: ["action"]
       }
     },
-    async invoke(ctx, args, _id) {
+    async invoke(ctx, args, runtime) {
       var _a;
       plugin.app.logger.info(`[skill-execute] Tool invoked with action: ${args.action}, skillName: ${args.skillName}`);
       if (args.action === "list") {
@@ -134,7 +149,23 @@ IMPORTANT: If the skill returns file download URLs, you MUST format them as clic
           };
         }
         try {
-          const result = await plugin.executeSkill(skill, args.input || {}, ctx);
+          const normalizedRuntime = normalizeRuntime(runtime);
+          const previousRuntime = ctx.runtime;
+          if (normalizedRuntime) {
+            ctx.runtime = normalizedRuntime;
+          }
+          let result;
+          try {
+            result = await plugin.executeSkill(skill, args.input || {}, ctx);
+          } finally {
+            if (normalizedRuntime) {
+              if (previousRuntime === void 0) {
+                delete ctx.runtime;
+              } else {
+                ctx.runtime = previousRuntime;
+              }
+            }
+          }
           return {
             status: result.status === "succeeded" ? "success" : "error",
             content: JSON.stringify({

package/dist/server/utils/ai-manager.js

@@ -0,0 +1,51 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var ai_manager_exports = {};
+__export(ai_manager_exports, {
+  getAIToolsManager: () => getAIToolsManager,
+  tryGetAIToolsManager: () => tryGetAIToolsManager
+});
+module.exports = __toCommonJS(ai_manager_exports);
+function getAIToolsManager(app) {
+  var _a;
+  const toolsManager = (_a = app == null ? void 0 : app.aiManager) == null ? void 0 : _a.toolsManager;
+  if (!toolsManager) {
+    throw new Error(
+      "[AgentOrchestrator] app.aiManager.toolsManager is not available. Ensure @nocobase/plugin-ai is enabled and loaded before plugin-agent-orchestrator."
+    );
+  }
+  return toolsManager;
+}
+function tryGetAIToolsManager(app) {
+  var _a;
+  return (_a = app == null ? void 0 : app.aiManager) == null ? void 0 : _a.toolsManager;
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  getAIToolsManager,
+  tryGetAIToolsManager
+});

package/dist/server/utils/ctx-utils.js

@@ -30,6 +30,7 @@ __export(ctx_utils_exports, {
   asObject: () => asObject,
   captureCtxSnapshot: () => captureCtxSnapshot,
   currentUserId: () => currentUserId,
+  isAdminUser: () => isAdminUser,
   normalizeEmployeeUsername: () => normalizeEmployeeUsername,
   normalizePlanKey: () => normalizePlanKey,
   normalizeStepType: () => normalizeStepType,
@@ -79,6 +80,15 @@ function currentUserId(ctx) {
   var _a, _b, _c, _d;
   return ((_b = (_a = ctx == null ? void 0 : ctx.state) == null ? void 0 : _a.currentUser) == null ? void 0 : _b.id) || ((_d = (_c = ctx == null ? void 0 : ctx.auth) == null ? void 0 : _c.user) == null ? void 0 : _d.id);
 }
+function isAdminUser(ctx) {
+  var _a, _b, _c, _d;
+  const roles = ((_b = (_a = ctx == null ? void 0 : ctx.state) == null ? void 0 : _a.currentUser) == null ? void 0 : _b.roles) || ((_d = (_c = ctx == null ? void 0 : ctx.auth) == null ? void 0 : _c.user) == null ? void 0 : _d.roles);
+  if (!Array.isArray(roles)) return false;
+  return roles.some((r) => {
+    const name = typeof r === "string" ? r : r == null ? void 0 : r.name;
+    return name === "root" || name === "admin";
+  });
+}
 function valuesFromCtx(ctx) {
   var _a, _b, _c;
   return ((_b = (_a = ctx == null ? void 0 : ctx.action) == null ? void 0 : _a.params) == null ? void 0 : _b.values) || ((_c = ctx == null ? void 0 : ctx.request) == null ? void 0 : _c.body) || {};
@@ -139,6 +149,7 @@ function nowIso() {
   asObject,
   captureCtxSnapshot,
   currentUserId,
+  isAdminUser,
   normalizeEmployeeUsername,
   normalizePlanKey,
   normalizeStepType,

package/dist/server/utils/skill-settings.js

@@ -0,0 +1,122 @@
+/**
+ * This file is part of the NocoBase (R) project.
+ * Copyright (c) 2020-2024 NocoBase Co., Ltd.
+ * Authors: NocoBase Team.
+ *
+ * This project is dual-licensed under AGPL-3.0 and NocoBase Commercial License.
+ * For more information, please refer to: https://www.nocobase.com/agreement.
+ */
+
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+var skill_settings_exports = {};
+__export(skill_settings_exports, {
+  isOrchestratorToolName: () => isOrchestratorToolName,
+  normalizeAIEmployeeSkillSettings: () => normalizeAIEmployeeSkillSettings
+});
+module.exports = __toCommonJS(skill_settings_exports);
+function isRecord(value) {
+  return Boolean(value) && typeof value === "object" && !Array.isArray(value);
+}
+function isOrchestratorToolName(name) {
+  return name === "orchestrator_plan_goal" || name === "orchestrator_execute_plan" || name === "orchestrator_status" || name === "orchestrator_cancel" || name === "external_rag_search" || name === "skill_hub_execute" || name.startsWith("delegate_") || name.startsWith("dispatch_subagents_") || name.startsWith("skill_hub_") || name.startsWith("browser_") || name.startsWith("drawio-");
+}
+function toToolBinding(value) {
+  if (typeof value === "string") {
+    const name2 = value.trim();
+    return name2 ? { name: name2, autoCall: false } : null;
+  }
+  if (!isRecord(value) || typeof value.name !== "string") {
+    return null;
+  }
+  const name = value.name.trim();
+  if (!name) {
+    return null;
+  }
+  return {
+    name,
+    autoCall: value.autoCall === true
+  };
+}
+function addToolBinding(toolsByName, binding) {
+  if (!binding) return;
+  if (!toolsByName.has(binding.name)) {
+    toolsByName.set(binding.name, binding);
+  }
+}
+function normalizeAIEmployeeSkillSettings(value) {
+  const source = isRecord(value) ? value : {};
+  const toolsByName = /* @__PURE__ */ new Map();
+  const nextSkills = [];
+  let changed = false;
+  const sourceTools = source.tools;
+  if (Array.isArray(sourceTools)) {
+    for (const item of sourceTools) {
+      const binding = toToolBinding(item);
+      if (binding) {
+        addToolBinding(toolsByName, binding);
+        if (typeof item === "string") {
+          changed = true;
+        }
+      } else {
+        changed = true;
+      }
+    }
+  }
+  const sourceSkills = source.skills;
+  if (Array.isArray(sourceSkills)) {
+    for (const item of sourceSkills) {
+      if (typeof item === "string") {
+        const name = item.trim();
+        if (!name) {
+          changed = true;
+          continue;
+        }
+        if (isOrchestratorToolName(name)) {
+          addToolBinding(toolsByName, { name, autoCall: false });
+          changed = true;
+          continue;
+        }
+        nextSkills.push(name);
+        if (name !== item) {
+          changed = true;
+        }
+        continue;
+      }
+      const legacyToolBinding = toToolBinding(item);
+      if (legacyToolBinding) {
+        addToolBinding(toolsByName, legacyToolBinding);
+      }
+      changed = true;
+    }
+  }
+  const normalized = {
+    ...source,
+    skills: nextSkills,
+    tools: Array.from(toolsByName.values())
+  };
+  return {
+    changed,
+    skillSettings: normalized
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  isOrchestratorToolName,
+  normalizeAIEmployeeSkillSettings
+});

package/package.json

@@ -1,45 +1,49 @@
-{
-  "name": "plugin-agent-orchestrator",
-  "displayName": "Agent Orchestrator",
-  "displayName.zh-CN": "代理协调器",
-  "displayName.vi-VN": "Điều phối Agent",
-  "description": "Hierarchical Multi-Agent orchestration for NocoBase AI Employees. Enables Leader agents to delegate tasks to Sub-Agent employees without modifying core plugin-ai.",
-  "version": "1.0.22",
-  "license": "Apache-2.0",
-  "main": "dist/server/index.js",
-  "keywords": [
-    "AI",
-    "Agent",
-    "Orchestrator",
-    "Multi-Agent",
-    "Swarm"
-  ],
-  "files": [
-    "dist",
-    "src",
-    "client.js",
-    "server.js",
-    "client.d.ts",
-    "server.d.ts"
-  ],
-  "nocobase": {
-    "supportedVersions": [
-      "2.x"
-    ],
-    "editionLevel": 0
-  },
-  "dependencies": {
-    "@langchain/core": "^0.3.0",
-    "@langchain/langgraph": "^0.2.0",
-    "adm-zip": "^0.5.10",
-    "simple-git": "^3.22.0",
-    "zod": "^3.23.0"
-  },
-  "peerDependencies": {
-    "@nocobase/client": "2.x",
-    "@nocobase/server": "2.x",
-    "@nocobase/database": "2.x",
-    "@nocobase/ai": "2.x",
-    "@nocobase/plugin-ai": "2.x"
-  }
-}
+{
+  "name": "plugin-agent-orchestrator",
+  "displayName": "Agent Orchestrator",
+  "displayName.zh-CN": "代理协调器",
+  "displayName.vi-VN": "Điều phối Agent",
+  "description": "Hierarchical Multi-Agent orchestration for NocoBase AI Employees. Enables Leader agents to delegate tasks to Sub-Agent employees without modifying core plugin-ai.",
+  "version": "1.0.25",
+  "license": "Apache-2.0",
+  "main": "dist/server/index.js",
+  "keywords": [
+    "AI",
+    "Agent",
+    "Orchestrator",
+    "Multi-Agent",
+    "Swarm"
+  ],
+  "files": [
+    "dist",
+    "src",
+    "client.js",
+    "server.js",
+    "client.d.ts",
+    "server.d.ts",
+    "client-v2.js",
+    "client-v2.d.ts"
+  ],
+  "nocobase": {
+    "supportedVersions": [
+      "2.x"
+    ],
+    "editionLevel": 0
+  },
+  "dependencies": {
+    "@langchain/core": "^0.3.0",
+    "@langchain/langgraph": "^0.2.0",
+    "adm-zip": "^0.5.10",
+    "simple-git": "^3.22.0",
+    "zod": "^3.23.0"
+  },
+  "peerDependencies": {
+    "@nocobase/client": "2.x",
+    "@nocobase/server": "2.x",
+    "@nocobase/database": "2.x",
+    "@nocobase/ai": "2.x",
+    "@nocobase/plugin-ai": "2.x",
+    "@nocobase/client-v2": "2.x",
+    "@nocobase/flow-engine": "2.x"
+  }
+}