shennian 0.2.57 → 0.2.60

package/dist/src/agents/pi.js

@@ -471,12 +471,12 @@ export class PiAdapter extends AgentAdapter {
                 return;
             this.terminalState = 'error';
             const message = err instanceof Error ? err.message : String(err);
-            if (message.includes('429') || message.includes('daily_quota_exceeded')) {
+            if (message.includes('429') || message.includes('daily_quota_exceeded') || message.includes('nian_quota_exceeded')) {
                 this.emit('agentEvent', {
                     state: 'error',
                     runId,
                     seq: ++this.seq,
-                    message: '今日免费额度已用完，可在 ~/.shennian/config.json 中配置 apiKey 字段（兼容 OpenAI 格式）继续使用。',
+                    message: 'Nian 今日额度已用完，次日自动恢复。',
                 });
             }
             else {

package/dist/src/fs/boundary.d.ts

@@ -0,0 +1,21 @@
+export type FsPathFlavor = 'win32' | 'posix';
+export type AuthorizedFsRoot = {
+    raw: string;
+    normalized: string;
+    boundary: string;
+    real: string | null;
+    flavor: FsPathFlavor;
+    file: boolean;
+};
+export type ResolveAuthorizedPathResult = {
+    ok: true;
+    path: string;
+    root: AuthorizedFsRoot;
+} | {
+    ok: false;
+    error: string;
+};
+export declare function resolveSessionWorkDir(input: string): string;
+export declare function createAuthorizedFsRoot(rawRoot: string): AuthorizedFsRoot;
+export declare function resolveAuthorizedPath(rawPath: string, root: AuthorizedFsRoot): ResolveAuthorizedPathResult;
+export declare function isAuthorizedRootPath(pathValue: string, root: AuthorizedFsRoot): boolean;

package/dist/src/fs/boundary.js

@@ -0,0 +1,121 @@
+// @arch docs/architecture/cli/daemon.md#文件系统权限边界
+// @test src/__tests__/fs-boundary.test.ts
+import fs from 'node:fs';
+import os from 'node:os';
+import path from 'node:path';
+const WINDOWS_ABSOLUTE_RE = /^[A-Za-z]:([\\/]|$)/;
+const WINDOWS_UNC_RE = /^\\\\[^\\]+\\[^\\]+/;
+const WINDOWS_DRIVE_RELATIVE_RE = /^[A-Za-z]:(?![\\/])/;
+function isWindowsAbsolutePath(input) {
+    return WINDOWS_ABSOLUTE_RE.test(input) || WINDOWS_UNC_RE.test(input);
+}
+function hasWindowsDriveRelativePrefix(input) {
+    return WINDOWS_DRIVE_RELATIVE_RE.test(input);
+}
+function normalizeWindowsAbsolutePath(input) {
+    return input.replace(/^[/\\]([A-Za-z]:[\\/].*)$/, '$1');
+}
+function pathFlavor(input) {
+    return isWindowsAbsolutePath(normalizeWindowsAbsolutePath(input)) ? 'win32' : 'posix';
+}
+function pathApi(flavor) {
+    return flavor === 'win32' ? path.win32 : path.posix;
+}
+function normalizeForCompare(input, flavor) {
+    const api = pathApi(flavor);
+    const normalized = api.normalize(input);
+    const trimmed = normalized.length > api.parse(normalized).root.length
+        ? normalized.replace(/[\\/]+$/, '')
+        : normalized;
+    return flavor === 'win32' ? trimmed.toLowerCase() : trimmed;
+}
+function isWithinOrEqual(candidate, root, flavor) {
+    const api = pathApi(flavor);
+    const normalizedCandidate = normalizeForCompare(candidate, flavor);
+    const normalizedRoot = normalizeForCompare(root, flavor);
+    if (normalizedCandidate === normalizedRoot)
+        return true;
+    const relative = api.relative(normalizedRoot, normalizedCandidate);
+    return Boolean(relative) && !relative.startsWith('..') && !api.isAbsolute(relative);
+}
+function safeRealpath(pathValue) {
+    try {
+        return fs.realpathSync.native(pathValue);
+    }
+    catch {
+        return null;
+    }
+}
+export function resolveSessionWorkDir(input) {
+    if (!input)
+        return os.homedir();
+    const normalizedInput = normalizeWindowsAbsolutePath(input);
+    const flavor = pathFlavor(normalizedInput);
+    const api = pathApi(flavor);
+    if (normalizedInput.startsWith('~')) {
+        return path.join(os.homedir(), normalizedInput.slice(1).replace(/^[/\\]+/, ''));
+    }
+    if (process.platform === 'win32') {
+        const normalized = normalizedInput.replace(/\\/g, '/');
+        if (normalized === '/tmp' || normalized.startsWith('/tmp/')) {
+            const suffix = normalized.slice('/tmp'.length).replace(/^\/+/, '');
+            return suffix ? path.win32.join(os.tmpdir(), ...suffix.split('/')) : os.tmpdir();
+        }
+    }
+    if (isWindowsAbsolutePath(normalizedInput)) {
+        return path.win32.resolve(normalizedInput);
+    }
+    return api.resolve(normalizedInput);
+}
+export function createAuthorizedFsRoot(rawRoot) {
+    const normalized = resolveSessionWorkDir(rawRoot);
+    const flavor = pathFlavor(normalized);
+    const stat = safeStat(normalized);
+    const file = typeof stat?.isFile === 'function' ? stat.isFile() : false;
+    const boundary = file ? pathApi(flavor).dirname(normalized) : normalized;
+    return {
+        raw: rawRoot,
+        normalized,
+        boundary,
+        real: safeRealpath(boundary),
+        flavor,
+        file,
+    };
+}
+export function resolveAuthorizedPath(rawPath, root) {
+    const input = String(rawPath || '').trim() || root.normalized;
+    const normalizedInput = normalizeWindowsAbsolutePath(input);
+    const api = pathApi(root.flavor);
+    if (hasWindowsDriveRelativePrefix(normalizedInput)) {
+        return { ok: false, error: `Access denied: ${rawPath}` };
+    }
+    const candidate = api.isAbsolute(normalizedInput)
+        ? api.resolve(normalizedInput)
+        : api.resolve(root.boundary, normalizedInput);
+    if (!isWithinOrEqual(candidate, root.boundary, root.flavor)) {
+        return { ok: false, error: `Access denied: ${rawPath}` };
+    }
+    if (root.file && normalizeForCompare(candidate, root.flavor) !== normalizeForCompare(root.normalized, root.flavor)) {
+        return { ok: false, error: `Access denied: ${rawPath}` };
+    }
+    const realCandidate = safeRealpath(candidate);
+    if (realCandidate) {
+        const realRoot = root.real ?? safeRealpath(root.boundary);
+        if (realRoot && !isWithinOrEqual(realCandidate, realRoot, pathFlavor(realRoot))) {
+            return { ok: false, error: `Access denied: ${rawPath}` };
+        }
+    }
+    return { ok: true, path: candidate, root };
+}
+export function isAuthorizedRootPath(pathValue, root) {
+    return isWithinOrEqual(pathValue, root.boundary, root.flavor) &&
+        normalizeForCompare(pathValue, root.flavor) === normalizeForCompare(root.boundary, root.flavor);
+}
+function safeStat(pathValue) {
+    try {
+        return fs.statSync(pathValue);
+    }
+    catch {
+        return null;
+    }
+}

package/dist/src/manager/registry.js

@@ -257,7 +257,7 @@ export class ManagerRegistry {
 function readableText(message) {
     if (!message || isToolPayload(message.payload))
         return null;
-    const text = extractPayloadText(message.payload).replace(/\s+/g, ' ').trim();
+    const text = extractPayloadText(message.payload).replace(/\r\n/g, '\n').trim();
     return text || null;
 }
 function clip(text, max) {

package/dist/src/manager/runtime.js

@@ -29,6 +29,16 @@ function runIdFromMessageId(id) {
     const match = /^agent-(.+)-\d+$/.exec(id);
     return match?.[1] ?? null;
 }
+function seqFromMessageId(id) {
+    const match = /^agent-.+-(\d+)$/.exec(id);
+    if (!match)
+        return null;
+    const seq = Number(match[1]);
+    return Number.isInteger(seq) && seq >= 0 ? seq : null;
+}
+function normalizeMarkdownForWorkerSummary(text) {
+    return text.replace(/\r\n/g, '\n').trim();
+}
 function toolSummary(payload) {
     try {
         const parsed = JSON.parse(payload);
@@ -62,6 +72,7 @@ function compactWorkerTranscript(rawMessages, limit) {
     const compacted = [];
     let buffer = null;
     let bufferRunId = null;
+    let bufferSeq = null;
     let bufferText = '';
     const flush = () => {
         if (!buffer)
@@ -76,6 +87,7 @@ function compactWorkerTranscript(rawMessages, limit) {
         }
         buffer = null;
         bufferRunId = null;
+        bufferSeq = null;
         bufferText = '';
     };
     for (const message of chronological) {
@@ -96,14 +108,17 @@ function compactWorkerTranscript(rawMessages, limit) {
         if (!text.trim())
             continue;
         const runId = runIdFromMessageId(message.id);
-        if (buffer && buffer.role === message.role && bufferRunId === runId) {
+        const seq = seqFromMessageId(message.id);
+        if (buffer && buffer.role === message.role && bufferRunId === runId && runId && seq !== null && bufferSeq !== null && seq === bufferSeq + 1) {
             bufferText += text;
             buffer.ts = message.ts;
+            bufferSeq = seq;
         }
         else {
             flush();
             buffer = message;
             bufferRunId = runId;
+            bufferSeq = seq;
             bufferText = text;
         }
     }
@@ -261,14 +276,14 @@ export class ManagerRuntimeService {
         if (event.state === 'delta' && event.text && !event.thinking) {
             const nextText = (this.workerTextAcc.get(textKey) ?? '') + event.text;
             this.workerTextAcc.set(textKey, nextText);
-            const normalized = nextText.replace(/\s+/g, ' ').trim();
+            const normalized = normalizeMarkdownForWorkerSummary(nextText);
             if (normalized) {
                 patch.summary = normalized.length > 160 ? `${normalized.slice(0, 160)}...` : normalized;
             }
         }
         if (event.state === 'final' || event.state === 'error' || event.state === 'aborted') {
             patch.status = event.state;
-            const accumulated = this.workerTextAcc.get(textKey)?.replace(/\s+/g, ' ').trim();
+            const accumulated = normalizeMarkdownForWorkerSummary(this.workerTextAcc.get(textKey) ?? '');
             if (accumulated) {
                 patch.summary = accumulated.length > 240 ? `${accumulated.slice(0, 240)}...` : accumulated;
             }

package/dist/src/session/handlers/fs.js

@@ -7,38 +7,19 @@ const FILE_SYSTEM_ROOTS_PATH = '__roots__';
 function isWindowsAbsolutePath(pathValue) {
     return /^[A-Za-z]:([\\/]|$)/.test(pathValue) || /^\\\\[^\\]+\\[^\\]+/.test(pathValue);
 }
-function listFileSystemRoots() {
-    if (os.platform() === 'win32') {
-        const entries = [];
-        for (let code = 65; code <= 90; code += 1) {
-            const drive = `${String.fromCharCode(code)}:\\`;
-            if (!fs.existsSync(drive))
-                continue;
-            entries.push({
-                name: drive,
-                path: drive,
-                isDir: true,
-            });
-        }
-        return { path: FILE_SYSTEM_ROOTS_PATH, entries };
-    }
-    return {
-        path: FILE_SYSTEM_ROOTS_PATH,
-        entries: [{ name: '/', path: '/', isDir: true }],
-    };
-}
 export async function handleFsLs(runtime, req) {
     const requestedPath = req.params.path || os.homedir();
+    const rootPath = req.params.rootPath || requestedPath;
     if (requestedPath === FILE_SYSTEM_ROOTS_PATH) {
-        runtime.client.sendRes({
-            type: 'res',
-            id: req.id,
-            ok: true,
-            payload: listFileSystemRoots(),
-        });
+        runtime.client.sendRes({ type: 'res', id: req.id, ok: false, error: 'Access denied: filesystem roots are outside the authorized directory' });
         return;
     }
-    const dirPath = runtime.resolvePath(requestedPath);
+    const resolved = runtime.resolveAuthorizedPath(requestedPath, rootPath);
+    if (!resolved.ok) {
+        runtime.client.sendRes({ type: 'res', id: req.id, ok: false, error: resolved.error });
+        return;
+    }
+    const dirPath = resolved.path;
     try {
         const raw = fs.readdirSync(dirPath, { withFileTypes: true });
         const joinPath = isWindowsAbsolutePath(dirPath) ? path.win32.join : path.join;
@@ -65,7 +46,14 @@ export async function handleFsLs(runtime, req) {
     }
 }
 export async function handleFsRead(runtime, req) {
-    const filePath = runtime.resolvePath(req.params.path);
+    const requestedPath = req.params.path;
+    const rootPath = req.params.rootPath || requestedPath;
+    const resolved = runtime.resolveAuthorizedPath(requestedPath, rootPath);
+    if (!resolved.ok) {
+        runtime.client.sendRes({ type: 'res', id: req.id, ok: false, error: resolved.error });
+        return;
+    }
+    const filePath = resolved.path;
     const encoding = req.params.encoding || 'utf8';
     const offset = req.params.offset;
     const length = req.params.length;
@@ -148,7 +136,13 @@ export async function handleFsTransfer(runtime, req) {
         return;
     }
     try {
-        const baseDir = runtime.resolvePath(targetPath || os.homedir());
+        const rootPath = req.params.rootPath || targetPath || os.homedir();
+        const resolved = runtime.resolveAuthorizedPath(targetPath || rootPath, rootPath);
+        if (!resolved.ok) {
+            runtime.client.sendRes({ type: 'res', id: req.id, ok: false, error: resolved.error });
+            return;
+        }
+        const baseDir = resolved.path;
         const uploadDir = direct ? baseDir : path.join(baseDir, '.uploads');
         if (!direct)
             fs.mkdirSync(uploadDir, { recursive: true });
@@ -168,7 +162,13 @@ export async function handleFsTransferStart(runtime, req) {
         return;
     }
     try {
-        const baseDir = runtime.resolvePath(targetPath || os.homedir());
+        const rootPath = req.params.rootPath || targetPath || os.homedir();
+        const resolved = runtime.resolveAuthorizedPath(targetPath || rootPath, rootPath);
+        if (!resolved.ok) {
+            runtime.client.sendRes({ type: 'res', id: req.id, ok: false, error: resolved.error });
+            return;
+        }
+        const baseDir = resolved.path;
         const destinationDir = direct ? baseDir : path.join(baseDir, '.uploads');
         if (!direct)
             fs.mkdirSync(destinationDir, { recursive: true });

package/dist/src/session/manager.d.ts

@@ -8,7 +8,7 @@ import '../agents/cursor.js';
 import '../agents/opencode.js';
 import '../agents/pi.js';
 import '../agents/manager.js';
-export declare function resolveSessionWorkDir(input: string): string;
+export { resolveSessionWorkDir } from '../fs/boundary.js';
 export declare class SessionManager {
     private client;
     private nativeFusion;
@@ -28,5 +28,6 @@ export declare class SessionManager {
     handleReq(req: ReqFrame): Promise<void>;
     private evictIdleSessions;
     private resolvePath;
+    private resolveAuthorizedPath;
     cleanup(): void;
 }

package/dist/src/session/manager.js

@@ -1,8 +1,6 @@
 // @arch docs/architecture/cli/daemon.md#会话管理
 // @test src/__tests__/session-store.test.ts
 // @test src/__tests__/model-switching.test.ts
-import path from 'node:path';
-import os from 'node:os';
 import { getRegisteredAgents, unregisterAgent } from '../agents/adapter.js';
 import { loadConfig } from '../config/index.js';
 import { handleUpgradeStart, handleUpgradeStatus } from '../commands/upgrade.js';
@@ -14,6 +12,7 @@ import { cleanupPendingTransfers, handleFsLs, handleFsRead, handleFsTransfer, ha
 import { handleRegionProbe, handleRegionSwitch, handleUpgradeSetPolicy } from './handlers/control.js';
 import { ManagerRuntimeService, setManagerRuntimeService } from '../manager/runtime.js';
 import { ChatQueueManager } from './queue.js';
+import { createAuthorizedFsRoot, resolveAuthorizedPath, resolveSessionWorkDir } from '../fs/boundary.js';
 // Side-effect imports to register built-in agent adapters.
 import '../agents/claude.js';
 import '../agents/codex.js';
@@ -26,32 +25,7 @@ import '../agents/pi.js';
 import '../agents/manager.js';
 import { registerCustomAgent } from '../agents/custom.js';
 const MAX_SESSIONS = 50;
-function isWindowsAbsolutePath(input) {
-    return /^[A-Za-z]:([\\/]|$)/.test(input) || /^\\\\[^\\]+\\[^\\]+/.test(input);
-}
-function normalizeWindowsAbsolutePath(input) {
-    return input.replace(/^[/\\]([A-Za-z]:[\\/].*)$/, '$1');
-}
-export function resolveSessionWorkDir(input) {
-    if (!input)
-        return os.homedir();
-    const normalizedInput = normalizeWindowsAbsolutePath(input);
-    const joinPath = process.platform === 'win32' ? path.win32.join : path.join;
-    if (normalizedInput.startsWith('~')) {
-        return joinPath(os.homedir(), normalizedInput.slice(1).replace(/^[/\\]+/, ''));
-    }
-    if (process.platform === 'win32') {
-        const normalized = normalizedInput.replace(/\\/g, '/');
-        if (normalized === '/tmp' || normalized.startsWith('/tmp/')) {
-            const suffix = normalized.slice('/tmp'.length).replace(/^\/+/, '');
-            return suffix ? path.win32.join(os.tmpdir(), ...suffix.split('/')) : os.tmpdir();
-        }
-    }
-    if (isWindowsAbsolutePath(normalizedInput)) {
-        return path.win32.resolve(normalizedInput);
-    }
-    return path.resolve(normalizedInput);
-}
+export { resolveSessionWorkDir } from '../fs/boundary.js';
 export class SessionManager {
     client;
     nativeFusion;
@@ -88,6 +62,7 @@ export class SessionManager {
             processedReqIds: this.processedReqIds,
             reloadCustomAgents: () => this.reloadCustomAgents(),
             resolvePath: (pathValue) => this.resolvePath(pathValue),
+            resolveAuthorizedPath: (pathValue, rootPath) => this.resolveAuthorizedPath(pathValue, rootPath),
             runTextAcc: this.runTextAcc,
             sessions: this.sessions,
             evictIdleSessions: () => this.evictIdleSessions(),
@@ -223,6 +198,9 @@ export class SessionManager {
     resolvePath(p) {
         return resolveSessionWorkDir(p);
     }
+    resolveAuthorizedPath(p, rootPath) {
+        return resolveAuthorizedPath(p, createAuthorizedFsRoot(rootPath));
+    }
     cleanup() {
         for (const [, session] of this.sessions) {
             session.adapter.stop().catch(() => { });

package/dist/src/session/types.d.ts

@@ -3,6 +3,7 @@ import type { AgentAdapter } from '../agents/adapter.js';
 import type { CliRelayClient } from '../relay/client.js';
 import type { NativeSessionFusionService } from '../native-fusion/service.js';
 import type { ManagerRuntimeService } from '../manager/runtime.js';
+import type { ResolveAuthorizedPathResult } from '../fs/boundary.js';
 export type ActiveSession = {
     adapter: AgentAdapter;
     workDir: string;
@@ -39,6 +40,7 @@ export type SessionManagerRuntime = {
     processedReqIds: Set<string>;
     reloadCustomAgents: () => void;
     resolvePath: (pathValue: string) => string;
+    resolveAuthorizedPath: (pathValue: string, rootPath: string) => ResolveAuthorizedPathResult;
     runTextAcc: Map<string, string>;
     sessions: Map<string, ActiveSession>;
     evictIdleSessions: () => void;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "shennian",
-  "version": "0.2.57",
+  "version": "0.2.60",
   "description": "Shennian — AI Agent Control Plane CLI",
   "type": "module",
   "bin": {