skyloom 1.14.5 → 1.14.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli/loom.d.ts +2 -0
- package/dist/cli/loom.d.ts.map +1 -1
- package/dist/cli/loom.js +76 -7
- package/dist/cli/loom.js.map +1 -1
- package/dist/cli/main.js +12 -3
- package/dist/cli/main.js.map +1 -1
- package/dist/core/agent/guard.js +4 -4
- package/dist/core/agent/guard.js.map +1 -1
- package/dist/core/agent.d.ts.map +1 -1
- package/dist/core/agent.js +12 -9
- package/dist/core/agent.js.map +1 -1
- package/dist/core/agent_helpers.d.ts +2 -2
- package/dist/core/agent_helpers.d.ts.map +1 -1
- package/dist/core/agent_helpers.js +7 -4
- package/dist/core/agent_helpers.js.map +1 -1
- package/dist/core/config.d.ts.map +1 -1
- package/dist/core/config.js +8 -2
- package/dist/core/config.js.map +1 -1
- package/dist/core/memory.d.ts.map +1 -1
- package/dist/core/memory.js +12 -2
- package/dist/core/memory.js.map +1 -1
- package/dist/core/model_config.d.ts.map +1 -1
- package/dist/core/model_config.js +7 -2
- package/dist/core/model_config.js.map +1 -1
- package/dist/plugins/loader.d.ts +7 -0
- package/dist/plugins/loader.d.ts.map +1 -1
- package/dist/plugins/loader.js +27 -0
- package/dist/plugins/loader.js.map +1 -1
- package/dist/tools/builtin.d.ts +6 -0
- package/dist/tools/builtin.d.ts.map +1 -1
- package/dist/tools/builtin.js +160 -17
- package/dist/tools/builtin.js.map +1 -1
- package/dist/tools/computer.d.ts.map +1 -1
- package/dist/tools/computer.js +18 -7
- package/dist/tools/computer.js.map +1 -1
- package/dist/web/server.d.ts.map +1 -1
- package/dist/web/server.js +35 -2
- package/dist/web/server.js.map +1 -1
- package/package.json +1 -1
- package/src/cli/loom.ts +66 -7
- package/src/cli/main.ts +6 -3
- package/src/core/agent/guard.ts +4 -4
- package/src/core/agent.ts +12 -8
- package/src/core/agent_helpers.ts +7 -4
- package/src/core/config.ts +5 -2
- package/src/core/memory.ts +9 -2
- package/src/core/model_config.ts +4 -2
- package/src/plugins/loader.ts +91 -66
- package/src/tools/builtin.ts +119 -16
- package/src/tools/computer.ts +279 -269
- package/src/web/server.ts +35 -2
- package/tests/fence_plugin.test.ts +52 -0
- package/tests/loom.test.ts +89 -0
- package/tests/ssrf.test.ts +38 -0
- package/tsconfig.json +1 -0
package/src/tools/computer.ts
CHANGED
|
@@ -1,269 +1,279 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Computer-operation tools — cross-platform OS control for Skyloom.
|
|
3
|
-
*
|
|
4
|
-
* Launch apps, open files/URLs, inspect and diagnose the system, manage
|
|
5
|
-
* processes and services, and install/uninstall software.
|
|
6
|
-
*/
|
|
7
|
-
|
|
8
|
-
import { execSync, spawn } from 'child_process';
|
|
9
|
-
import * as os from 'os';
|
|
10
|
-
import * as fs from 'fs';
|
|
11
|
-
import * as path from 'path';
|
|
12
|
-
import type { ToolRegistry, ToolDefinition } from '../core/tool';
|
|
13
|
-
|
|
14
|
-
const MAX_OUT = 8000;
|
|
15
|
-
|
|
16
|
-
function truncate(text: string, limit = MAX_OUT): string {
|
|
17
|
-
if (text.length <= limit) return text;
|
|
18
|
-
return text.slice(0, limit) + `\n…(truncated, ${text.length - limit} more chars)`;
|
|
19
|
-
}
|
|
20
|
-
|
|
21
|
-
/**
|
|
22
|
-
* Register computer-operation tools into the given registry.
|
|
23
|
-
*/
|
|
24
|
-
export function registerComputerTools(registry: ToolRegistry): void {
|
|
25
|
-
const platform = os.platform();
|
|
26
|
-
|
|
27
|
-
// ── Launch App ──
|
|
28
|
-
registry.register({
|
|
29
|
-
name: 'launch_app',
|
|
30
|
-
description: 'Launch a desktop application by name or path.',
|
|
31
|
-
parameters: [
|
|
32
|
-
{ name: 'name', type: 'string', description: 'Application name or path', required: true },
|
|
33
|
-
],
|
|
34
|
-
handler: async (params) => {
|
|
35
|
-
const name = String(params.name || '').trim();
|
|
36
|
-
if (!name) return 'Error: app name is required';
|
|
37
|
-
|
|
38
|
-
try {
|
|
39
|
-
if (platform === 'win32') {
|
|
40
|
-
execSync(`start "" "${name}"`, { timeout: 10000 });
|
|
41
|
-
return `Launched ${name}`;
|
|
42
|
-
} else if (platform === 'darwin') {
|
|
43
|
-
execSync(`open -a "${name.replace(/"/g, '\\"')}"`, { timeout: 10000 });
|
|
44
|
-
return `Launched ${name}`;
|
|
45
|
-
} else {
|
|
46
|
-
// Linux - try xdg-open or direct exec
|
|
47
|
-
try {
|
|
48
|
-
execSync(`${name} &`, { timeout: 5000, shell: true as any });
|
|
49
|
-
} catch {
|
|
50
|
-
execSync(`xdg-open "${name}" 2>/dev/null || ${name}`, { timeout: 5000, shell: true as any });
|
|
51
|
-
}
|
|
52
|
-
return `Launched ${name}`;
|
|
53
|
-
}
|
|
54
|
-
} catch (e: any) {
|
|
55
|
-
return `Error launching ${name}: ${e.message || e}`;
|
|
56
|
-
}
|
|
57
|
-
},
|
|
58
|
-
});
|
|
59
|
-
|
|
60
|
-
// ── Open Path ──
|
|
61
|
-
registry.register({
|
|
62
|
-
name: 'open_path',
|
|
63
|
-
description: 'Open a file or folder in the default application.',
|
|
64
|
-
parameters: [
|
|
65
|
-
{ name: 'target', type: 'string', description: 'File or folder path', required: true },
|
|
66
|
-
],
|
|
67
|
-
handler: async (params) => {
|
|
68
|
-
const target = String(params.target || '').trim();
|
|
69
|
-
if (!target) return 'Error: target is required';
|
|
70
|
-
const resolved = path.resolve(target);
|
|
71
|
-
if (!fs.existsSync(resolved)) return `Error: path not found: ${resolved}`;
|
|
72
|
-
|
|
73
|
-
try {
|
|
74
|
-
if (platform === 'win32') {
|
|
75
|
-
execSync(`explorer "${resolved}"`, { timeout: 5000 });
|
|
76
|
-
} else if (platform === 'darwin') {
|
|
77
|
-
execSync(`open "${resolved}"`, { timeout: 5000 });
|
|
78
|
-
} else {
|
|
79
|
-
execSync(`xdg-open "${resolved}"`, { timeout: 5000 });
|
|
80
|
-
}
|
|
81
|
-
return `Opened ${resolved}`;
|
|
82
|
-
} catch (e: any) {
|
|
83
|
-
return `Error opening ${resolved}: ${e.message || e}`;
|
|
84
|
-
}
|
|
85
|
-
},
|
|
86
|
-
});
|
|
87
|
-
|
|
88
|
-
// ── Browser Open ──
|
|
89
|
-
registry.register({
|
|
90
|
-
name: 'browser_open',
|
|
91
|
-
description: 'Open a URL in the default web browser.',
|
|
92
|
-
parameters: [
|
|
93
|
-
{ name: 'url', type: 'string', description: 'URL to open', required: true },
|
|
94
|
-
],
|
|
95
|
-
handler: async (params) => {
|
|
96
|
-
const url = String(params.url || '').trim();
|
|
97
|
-
if (!url) return 'Error: url is required';
|
|
98
|
-
try {
|
|
99
|
-
if (platform === 'win32') {
|
|
100
|
-
execSync(`start "" "${url}"`, { timeout: 10000 });
|
|
101
|
-
} else if (platform === 'darwin') {
|
|
102
|
-
execSync(`open "${url}"`, { timeout: 10000 });
|
|
103
|
-
} else {
|
|
104
|
-
execSync(`xdg-open "${url}"`, { timeout: 10000 });
|
|
105
|
-
}
|
|
106
|
-
return `Opened ${url} in browser`;
|
|
107
|
-
} catch (e: any) {
|
|
108
|
-
return `Error opening browser: ${e.message || e}`;
|
|
109
|
-
}
|
|
110
|
-
},
|
|
111
|
-
});
|
|
112
|
-
|
|
113
|
-
// ── System Info ──
|
|
114
|
-
registry.register({
|
|
115
|
-
name: 'system_info',
|
|
116
|
-
description: 'Get system information (OS, CPU, memory, disk).',
|
|
117
|
-
parameters: [],
|
|
118
|
-
handler: async () => {
|
|
119
|
-
const lines = [
|
|
120
|
-
`OS: ${os.type()} ${os.release()}`,
|
|
121
|
-
`Hostname: ${os.hostname()}`,
|
|
122
|
-
`Platform: ${os.platform()} ${os.arch()}`,
|
|
123
|
-
`CPUs: ${os.cpus().length} × ${os.cpus()[0]?.model || 'unknown'}`,
|
|
124
|
-
`Memory: ${(os.totalmem() / 1024 / 1024 / 1024).toFixed(1)} GB total, ${(os.freemem() / 1024 / 1024 / 1024).toFixed(1)} GB free`,
|
|
125
|
-
`Uptime: ${(os.uptime() / 3600).toFixed(1)} hours`,
|
|
126
|
-
`Loadavg: ${os.loadavg().map(n => n.toFixed(2)).join(', ')}`,
|
|
127
|
-
`User: ${os.userInfo().username}`,
|
|
128
|
-
`Home: ${os.homedir()}`,
|
|
129
|
-
`Temp: ${os.tmpdir()}`,
|
|
130
|
-
];
|
|
131
|
-
return lines.join('\n');
|
|
132
|
-
},
|
|
133
|
-
});
|
|
134
|
-
|
|
135
|
-
// ── List Processes ──
|
|
136
|
-
registry.register({
|
|
137
|
-
name: 'list_processes',
|
|
138
|
-
description: 'List running processes.',
|
|
139
|
-
parameters: [],
|
|
140
|
-
handler: async () => {
|
|
141
|
-
try {
|
|
142
|
-
if (platform === 'win32') {
|
|
143
|
-
const out = execSync('tasklist /FO CSV /NH', { encoding: 'utf-8', timeout: 10000 });
|
|
144
|
-
return truncate(out, MAX_OUT);
|
|
145
|
-
} else {
|
|
146
|
-
const out = execSync('ps aux --no-headers 2>/dev/null || ps aux', { encoding: 'utf-8', timeout: 10000 });
|
|
147
|
-
return truncate(out, MAX_OUT);
|
|
148
|
-
}
|
|
149
|
-
} catch (e: any) {
|
|
150
|
-
return `Error listing processes: ${e.message || e}`;
|
|
151
|
-
}
|
|
152
|
-
},
|
|
153
|
-
});
|
|
154
|
-
|
|
155
|
-
// ── Kill Process ──
|
|
156
|
-
registry.register({
|
|
157
|
-
name: 'kill_process',
|
|
158
|
-
description: 'Kill a process by PID or name.',
|
|
159
|
-
parameters: [
|
|
160
|
-
{ name: 'target', type: 'string', description: 'PID number or process name', required: true },
|
|
161
|
-
],
|
|
162
|
-
handler: async (params) => {
|
|
163
|
-
const target = String(params.target || '').trim();
|
|
164
|
-
if (!target) return 'Error: target is required';
|
|
165
|
-
|
|
166
|
-
try {
|
|
167
|
-
if (/^\d+$/.test(target)) {
|
|
168
|
-
process.kill(parseInt(target), 'SIGTERM');
|
|
169
|
-
return `Killed process ${target}`;
|
|
170
|
-
} else {
|
|
171
|
-
if (platform === 'win32') {
|
|
172
|
-
|
|
173
|
-
} else {
|
|
174
|
-
|
|
175
|
-
}
|
|
176
|
-
return `Killed process ${target}`;
|
|
177
|
-
}
|
|
178
|
-
} catch (e: any) {
|
|
179
|
-
return `Error killing ${target}: ${e.message || e}`;
|
|
180
|
-
}
|
|
181
|
-
},
|
|
182
|
-
dangerous: true,
|
|
183
|
-
});
|
|
184
|
-
|
|
185
|
-
// ── Package Manager ──
|
|
186
|
-
registry.register({
|
|
187
|
-
name: 'package_manager',
|
|
188
|
-
description: 'Install, uninstall, or upgrade software packages.',
|
|
189
|
-
parameters: [
|
|
190
|
-
{ name: 'action', type: 'string', description: 'Action: install, uninstall, upgrade, search', required: true },
|
|
191
|
-
{ name: 'name', type: 'string', description: 'Package name', required: true },
|
|
192
|
-
],
|
|
193
|
-
handler: async (params) => {
|
|
194
|
-
const action = String(params.action || '').trim().toLowerCase();
|
|
195
|
-
const name = String(params.name || '').trim();
|
|
196
|
-
if (!action || !name) return 'Error: action and name are required';
|
|
197
|
-
|
|
198
|
-
// Auto-detect package manager
|
|
199
|
-
let pm: string;
|
|
200
|
-
const has = (cmd: string) => {
|
|
201
|
-
try {
|
|
202
|
-
catch { return false; }
|
|
203
|
-
};
|
|
204
|
-
|
|
205
|
-
if (platform === 'win32') {
|
|
206
|
-
if (has('winget')) pm = 'winget';
|
|
207
|
-
else if (has('scoop')) pm = 'scoop';
|
|
208
|
-
else if (has('choco')) pm = 'choco';
|
|
209
|
-
else return 'No package manager found (winget/scoop/choco)';
|
|
210
|
-
} else if (platform === 'darwin') {
|
|
211
|
-
pm = has('brew') ? 'brew' : 'No package manager found';
|
|
212
|
-
} else {
|
|
213
|
-
if (has('apt')) pm = 'apt';
|
|
214
|
-
else if (has('dnf')) pm = 'dnf';
|
|
215
|
-
else if (has('pacman')) pm = 'pacman';
|
|
216
|
-
else return 'No package manager found (apt/dnf/pacman)';
|
|
217
|
-
}
|
|
218
|
-
|
|
219
|
-
const commands: Record<string, Record<string, string>> = {
|
|
220
|
-
winget: { install: 'install', uninstall: 'uninstall', upgrade: 'upgrade', search: 'search' },
|
|
221
|
-
scoop: { install: 'install', uninstall: 'uninstall', upgrade: 'update', search: 'search' },
|
|
222
|
-
choco: { install: 'install', uninstall: 'uninstall', upgrade: 'upgrade', search: 'search' },
|
|
223
|
-
brew: { install: 'install', uninstall: 'uninstall', upgrade: 'upgrade', search: 'search' },
|
|
224
|
-
apt: { install: 'install -y', uninstall: 'remove -y', upgrade: 'upgrade -y', search: 'search' },
|
|
225
|
-
dnf: { install: 'install -y', uninstall: 'remove -y', upgrade: 'upgrade -y', search: 'search' },
|
|
226
|
-
pacman: { install: '-S --noconfirm', uninstall: '-R --noconfirm', upgrade: '-Syu --noconfirm', search: '-Ss' },
|
|
227
|
-
};
|
|
228
|
-
|
|
229
|
-
const cmdMap = commands[pm];
|
|
230
|
-
if (!cmdMap || !cmdMap[action]) return `Unsupported action '${action}' for ${pm}`;
|
|
231
|
-
|
|
232
|
-
try {
|
|
233
|
-
|
|
234
|
-
|
|
235
|
-
|
|
236
|
-
|
|
237
|
-
|
|
238
|
-
|
|
239
|
-
|
|
240
|
-
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
|
|
244
|
-
|
|
245
|
-
|
|
246
|
-
|
|
247
|
-
|
|
248
|
-
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
|
|
256
|
-
|
|
257
|
-
|
|
258
|
-
|
|
259
|
-
|
|
260
|
-
|
|
261
|
-
|
|
262
|
-
|
|
263
|
-
|
|
264
|
-
|
|
265
|
-
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
}
|
|
1
|
+
/**
|
|
2
|
+
* Computer-operation tools — cross-platform OS control for Skyloom.
|
|
3
|
+
*
|
|
4
|
+
* Launch apps, open files/URLs, inspect and diagnose the system, manage
|
|
5
|
+
* processes and services, and install/uninstall software.
|
|
6
|
+
*/
|
|
7
|
+
|
|
8
|
+
import { execSync, execFileSync, spawn } from 'child_process';
|
|
9
|
+
import * as os from 'os';
|
|
10
|
+
import * as fs from 'fs';
|
|
11
|
+
import * as path from 'path';
|
|
12
|
+
import type { ToolRegistry, ToolDefinition } from '../core/tool';
|
|
13
|
+
|
|
14
|
+
const MAX_OUT = 8000;
|
|
15
|
+
|
|
16
|
+
function truncate(text: string, limit = MAX_OUT): string {
|
|
17
|
+
if (text.length <= limit) return text;
|
|
18
|
+
return text.slice(0, limit) + `\n…(truncated, ${text.length - limit} more chars)`;
|
|
19
|
+
}
|
|
20
|
+
|
|
21
|
+
/**
|
|
22
|
+
* Register computer-operation tools into the given registry.
|
|
23
|
+
*/
|
|
24
|
+
export function registerComputerTools(registry: ToolRegistry): void {
|
|
25
|
+
const platform = os.platform();
|
|
26
|
+
|
|
27
|
+
// ── Launch App ──
|
|
28
|
+
registry.register({
|
|
29
|
+
name: 'launch_app',
|
|
30
|
+
description: 'Launch a desktop application by name or path.',
|
|
31
|
+
parameters: [
|
|
32
|
+
{ name: 'name', type: 'string', description: 'Application name or path', required: true },
|
|
33
|
+
],
|
|
34
|
+
handler: async (params) => {
|
|
35
|
+
const name = String(params.name || '').trim();
|
|
36
|
+
if (!name) return 'Error: app name is required';
|
|
37
|
+
|
|
38
|
+
try {
|
|
39
|
+
if (platform === 'win32') {
|
|
40
|
+
execSync(`start "" "${name}"`, { timeout: 10000 });
|
|
41
|
+
return `Launched ${name}`;
|
|
42
|
+
} else if (platform === 'darwin') {
|
|
43
|
+
execSync(`open -a "${name.replace(/"/g, '\\"')}"`, { timeout: 10000 });
|
|
44
|
+
return `Launched ${name}`;
|
|
45
|
+
} else {
|
|
46
|
+
// Linux - try xdg-open or direct exec
|
|
47
|
+
try {
|
|
48
|
+
execSync(`${name} &`, { timeout: 5000, shell: true as any });
|
|
49
|
+
} catch {
|
|
50
|
+
execSync(`xdg-open "${name}" 2>/dev/null || ${name}`, { timeout: 5000, shell: true as any });
|
|
51
|
+
}
|
|
52
|
+
return `Launched ${name}`;
|
|
53
|
+
}
|
|
54
|
+
} catch (e: any) {
|
|
55
|
+
return `Error launching ${name}: ${e.message || e}`;
|
|
56
|
+
}
|
|
57
|
+
},
|
|
58
|
+
});
|
|
59
|
+
|
|
60
|
+
// ── Open Path ──
|
|
61
|
+
registry.register({
|
|
62
|
+
name: 'open_path',
|
|
63
|
+
description: 'Open a file or folder in the default application.',
|
|
64
|
+
parameters: [
|
|
65
|
+
{ name: 'target', type: 'string', description: 'File or folder path', required: true },
|
|
66
|
+
],
|
|
67
|
+
handler: async (params) => {
|
|
68
|
+
const target = String(params.target || '').trim();
|
|
69
|
+
if (!target) return 'Error: target is required';
|
|
70
|
+
const resolved = path.resolve(target);
|
|
71
|
+
if (!fs.existsSync(resolved)) return `Error: path not found: ${resolved}`;
|
|
72
|
+
|
|
73
|
+
try {
|
|
74
|
+
if (platform === 'win32') {
|
|
75
|
+
execSync(`explorer "${resolved}"`, { timeout: 5000 });
|
|
76
|
+
} else if (platform === 'darwin') {
|
|
77
|
+
execSync(`open "${resolved}"`, { timeout: 5000 });
|
|
78
|
+
} else {
|
|
79
|
+
execSync(`xdg-open "${resolved}"`, { timeout: 5000 });
|
|
80
|
+
}
|
|
81
|
+
return `Opened ${resolved}`;
|
|
82
|
+
} catch (e: any) {
|
|
83
|
+
return `Error opening ${resolved}: ${e.message || e}`;
|
|
84
|
+
}
|
|
85
|
+
},
|
|
86
|
+
});
|
|
87
|
+
|
|
88
|
+
// ── Browser Open ──
|
|
89
|
+
registry.register({
|
|
90
|
+
name: 'browser_open',
|
|
91
|
+
description: 'Open a URL in the default web browser.',
|
|
92
|
+
parameters: [
|
|
93
|
+
{ name: 'url', type: 'string', description: 'URL to open', required: true },
|
|
94
|
+
],
|
|
95
|
+
handler: async (params) => {
|
|
96
|
+
const url = String(params.url || '').trim();
|
|
97
|
+
if (!url) return 'Error: url is required';
|
|
98
|
+
try {
|
|
99
|
+
if (platform === 'win32') {
|
|
100
|
+
execSync(`start "" "${url}"`, { timeout: 10000 });
|
|
101
|
+
} else if (platform === 'darwin') {
|
|
102
|
+
execSync(`open "${url}"`, { timeout: 10000 });
|
|
103
|
+
} else {
|
|
104
|
+
execSync(`xdg-open "${url}"`, { timeout: 10000 });
|
|
105
|
+
}
|
|
106
|
+
return `Opened ${url} in browser`;
|
|
107
|
+
} catch (e: any) {
|
|
108
|
+
return `Error opening browser: ${e.message || e}`;
|
|
109
|
+
}
|
|
110
|
+
},
|
|
111
|
+
});
|
|
112
|
+
|
|
113
|
+
// ── System Info ──
|
|
114
|
+
registry.register({
|
|
115
|
+
name: 'system_info',
|
|
116
|
+
description: 'Get system information (OS, CPU, memory, disk).',
|
|
117
|
+
parameters: [],
|
|
118
|
+
handler: async () => {
|
|
119
|
+
const lines = [
|
|
120
|
+
`OS: ${os.type()} ${os.release()}`,
|
|
121
|
+
`Hostname: ${os.hostname()}`,
|
|
122
|
+
`Platform: ${os.platform()} ${os.arch()}`,
|
|
123
|
+
`CPUs: ${os.cpus().length} × ${os.cpus()[0]?.model || 'unknown'}`,
|
|
124
|
+
`Memory: ${(os.totalmem() / 1024 / 1024 / 1024).toFixed(1)} GB total, ${(os.freemem() / 1024 / 1024 / 1024).toFixed(1)} GB free`,
|
|
125
|
+
`Uptime: ${(os.uptime() / 3600).toFixed(1)} hours`,
|
|
126
|
+
`Loadavg: ${os.loadavg().map(n => n.toFixed(2)).join(', ')}`,
|
|
127
|
+
`User: ${os.userInfo().username}`,
|
|
128
|
+
`Home: ${os.homedir()}`,
|
|
129
|
+
`Temp: ${os.tmpdir()}`,
|
|
130
|
+
];
|
|
131
|
+
return lines.join('\n');
|
|
132
|
+
},
|
|
133
|
+
});
|
|
134
|
+
|
|
135
|
+
// ── List Processes ──
|
|
136
|
+
registry.register({
|
|
137
|
+
name: 'list_processes',
|
|
138
|
+
description: 'List running processes.',
|
|
139
|
+
parameters: [],
|
|
140
|
+
handler: async () => {
|
|
141
|
+
try {
|
|
142
|
+
if (platform === 'win32') {
|
|
143
|
+
const out = execSync('tasklist /FO CSV /NH', { encoding: 'utf-8', timeout: 10000 });
|
|
144
|
+
return truncate(out, MAX_OUT);
|
|
145
|
+
} else {
|
|
146
|
+
const out = execSync('ps aux --no-headers 2>/dev/null || ps aux', { encoding: 'utf-8', timeout: 10000 });
|
|
147
|
+
return truncate(out, MAX_OUT);
|
|
148
|
+
}
|
|
149
|
+
} catch (e: any) {
|
|
150
|
+
return `Error listing processes: ${e.message || e}`;
|
|
151
|
+
}
|
|
152
|
+
},
|
|
153
|
+
});
|
|
154
|
+
|
|
155
|
+
// ── Kill Process ──
|
|
156
|
+
registry.register({
|
|
157
|
+
name: 'kill_process',
|
|
158
|
+
description: 'Kill a process by PID or name.',
|
|
159
|
+
parameters: [
|
|
160
|
+
{ name: 'target', type: 'string', description: 'PID number or process name', required: true },
|
|
161
|
+
],
|
|
162
|
+
handler: async (params) => {
|
|
163
|
+
const target = String(params.target || '').trim();
|
|
164
|
+
if (!target) return 'Error: target is required';
|
|
165
|
+
|
|
166
|
+
try {
|
|
167
|
+
if (/^\d+$/.test(target)) {
|
|
168
|
+
process.kill(parseInt(target), 'SIGTERM');
|
|
169
|
+
return `Killed process ${target}`;
|
|
170
|
+
} else {
|
|
171
|
+
if (platform === 'win32') {
|
|
172
|
+
execFileSync('taskkill', ['/F', '/IM', target, '/T'], { timeout: 10000 });
|
|
173
|
+
} else {
|
|
174
|
+
execFileSync('pkill', ['-f', target], { timeout: 10000 });
|
|
175
|
+
}
|
|
176
|
+
return `Killed process ${target}`;
|
|
177
|
+
}
|
|
178
|
+
} catch (e: any) {
|
|
179
|
+
return `Error killing ${target}: ${e.message || e}`;
|
|
180
|
+
}
|
|
181
|
+
},
|
|
182
|
+
dangerous: true,
|
|
183
|
+
});
|
|
184
|
+
|
|
185
|
+
// ── Package Manager ──
|
|
186
|
+
registry.register({
|
|
187
|
+
name: 'package_manager',
|
|
188
|
+
description: 'Install, uninstall, or upgrade software packages.',
|
|
189
|
+
parameters: [
|
|
190
|
+
{ name: 'action', type: 'string', description: 'Action: install, uninstall, upgrade, search', required: true },
|
|
191
|
+
{ name: 'name', type: 'string', description: 'Package name', required: true },
|
|
192
|
+
],
|
|
193
|
+
handler: async (params) => {
|
|
194
|
+
const action = String(params.action || '').trim().toLowerCase();
|
|
195
|
+
const name = String(params.name || '').trim();
|
|
196
|
+
if (!action || !name) return 'Error: action and name are required';
|
|
197
|
+
|
|
198
|
+
// Auto-detect package manager
|
|
199
|
+
let pm: string;
|
|
200
|
+
const has = (cmd: string) => {
|
|
201
|
+
try { execFileSync(cmd, ['--version'], { stdio: 'ignore' }); return true; }
|
|
202
|
+
catch { return false; }
|
|
203
|
+
};
|
|
204
|
+
|
|
205
|
+
if (platform === 'win32') {
|
|
206
|
+
if (has('winget')) pm = 'winget';
|
|
207
|
+
else if (has('scoop')) pm = 'scoop';
|
|
208
|
+
else if (has('choco')) pm = 'choco';
|
|
209
|
+
else return 'No package manager found (winget/scoop/choco)';
|
|
210
|
+
} else if (platform === 'darwin') {
|
|
211
|
+
pm = has('brew') ? 'brew' : 'No package manager found';
|
|
212
|
+
} else {
|
|
213
|
+
if (has('apt')) pm = 'apt';
|
|
214
|
+
else if (has('dnf')) pm = 'dnf';
|
|
215
|
+
else if (has('pacman')) pm = 'pacman';
|
|
216
|
+
else return 'No package manager found (apt/dnf/pacman)';
|
|
217
|
+
}
|
|
218
|
+
|
|
219
|
+
const commands: Record<string, Record<string, string>> = {
|
|
220
|
+
winget: { install: 'install', uninstall: 'uninstall', upgrade: 'upgrade', search: 'search' },
|
|
221
|
+
scoop: { install: 'install', uninstall: 'uninstall', upgrade: 'update', search: 'search' },
|
|
222
|
+
choco: { install: 'install', uninstall: 'uninstall', upgrade: 'upgrade', search: 'search' },
|
|
223
|
+
brew: { install: 'install', uninstall: 'uninstall', upgrade: 'upgrade', search: 'search' },
|
|
224
|
+
apt: { install: 'install -y', uninstall: 'remove -y', upgrade: 'upgrade -y', search: 'search' },
|
|
225
|
+
dnf: { install: 'install -y', uninstall: 'remove -y', upgrade: 'upgrade -y', search: 'search' },
|
|
226
|
+
pacman: { install: '-S --noconfirm', uninstall: '-R --noconfirm', upgrade: '-Syu --noconfirm', search: '-Ss' },
|
|
227
|
+
};
|
|
228
|
+
|
|
229
|
+
const cmdMap = commands[pm];
|
|
230
|
+
if (!cmdMap || !cmdMap[action]) return `Unsupported action '${action}' for ${pm}`;
|
|
231
|
+
|
|
232
|
+
try {
|
|
233
|
+
// cmdMap entries may carry flags (e.g. 'install -y', '-S --noconfirm');
|
|
234
|
+
// split them into argv so the package name stays a single argument with
|
|
235
|
+
// no shell interpretation.
|
|
236
|
+
const pmArgs = cmdMap[action].split(/\s+/).filter(Boolean);
|
|
237
|
+
const out = execFileSync(pm, [...pmArgs, name], { encoding: 'utf-8', timeout: 120000 });
|
|
238
|
+
return truncate(out, MAX_OUT);
|
|
239
|
+
} catch (e: any) {
|
|
240
|
+
return `Error: ${e.message || e}`;
|
|
241
|
+
}
|
|
242
|
+
},
|
|
243
|
+
dangerous: true,
|
|
244
|
+
});
|
|
245
|
+
|
|
246
|
+
// ── Service Control ──
|
|
247
|
+
registry.register({
|
|
248
|
+
name: 'service_control',
|
|
249
|
+
description: 'Start, stop, restart, or check status of a system service.',
|
|
250
|
+
parameters: [
|
|
251
|
+
{ name: 'action', type: 'string', description: 'Action: start, stop, restart, status', required: true },
|
|
252
|
+
{ name: 'name', type: 'string', description: 'Service name', required: true },
|
|
253
|
+
],
|
|
254
|
+
handler: async (params) => {
|
|
255
|
+
const action = String(params.action || '').trim().toLowerCase();
|
|
256
|
+
const name = String(params.name || '').trim();
|
|
257
|
+
if (!action || !name) return 'Error: action and name are required';
|
|
258
|
+
|
|
259
|
+
const allowed = ['start', 'stop', 'restart', 'status'];
|
|
260
|
+
if (!allowed.includes(action)) return `Unsupported action '${action}' (use: ${allowed.join('/')})`;
|
|
261
|
+
try {
|
|
262
|
+
if (platform === 'win32') {
|
|
263
|
+
const out = execFileSync('sc', [action, name], { encoding: 'utf-8', timeout: 30000 });
|
|
264
|
+
return truncate(out, MAX_OUT);
|
|
265
|
+
}
|
|
266
|
+
try {
|
|
267
|
+
const out = execFileSync('systemctl', [action, name], { encoding: 'utf-8', timeout: 30000 });
|
|
268
|
+
return truncate(out, MAX_OUT);
|
|
269
|
+
} catch {
|
|
270
|
+
const out = execFileSync('service', [name, action], { encoding: 'utf-8', timeout: 30000 });
|
|
271
|
+
return truncate(out, MAX_OUT);
|
|
272
|
+
}
|
|
273
|
+
} catch (e: any) {
|
|
274
|
+
return `Error: ${e.message || e}`;
|
|
275
|
+
}
|
|
276
|
+
},
|
|
277
|
+
dangerous: true,
|
|
278
|
+
});
|
|
279
|
+
}
|
package/src/web/server.ts
CHANGED
|
@@ -72,8 +72,35 @@ const PIGMENTS: Record<string, {
|
|
|
72
72
|
export async function startWebServer(port: number = 3000): Promise<void> {
|
|
73
73
|
const ctx = createSystemContext();
|
|
74
74
|
|
|
75
|
+
// Bind to loopback by default: the chat API drives the agent (and its tools)
|
|
76
|
+
// with no authentication, so it must not be exposed to the network unless the
|
|
77
|
+
// operator explicitly opts in via SKYLOOM_WEB_HOST=0.0.0.0.
|
|
78
|
+
const host = process.env.SKYLOOM_WEB_HOST || "127.0.0.1";
|
|
79
|
+
const loopbackOnly = host === "127.0.0.1" || host === "localhost" || host === "::1";
|
|
80
|
+
|
|
81
|
+
// Reject cross-origin / rebound Host headers when bound to loopback. Without
|
|
82
|
+
// this, a malicious web page could POST to http://localhost:<port>/api/chat
|
|
83
|
+
// from the victim's browser and execute agent tools (CORS does not block the
|
|
84
|
+
// side effect, only the response read).
|
|
85
|
+
const hostAllowed = (h: string | undefined): boolean => {
|
|
86
|
+
if (!loopbackOnly) return true;
|
|
87
|
+
const name = (h || "").split(":")[0].toLowerCase();
|
|
88
|
+
return name === "localhost" || name === "127.0.0.1" || name === "[::1]" || name === "::1" || name === "";
|
|
89
|
+
};
|
|
90
|
+
|
|
75
91
|
const server = createServer(async (req: IncomingMessage, res: ServerResponse) => {
|
|
76
|
-
|
|
92
|
+
if (!hostAllowed(req.headers.host)) {
|
|
93
|
+
res.writeHead(403, { "Content-Type": "application/json" }).end(JSON.stringify({ error: "Forbidden host" }));
|
|
94
|
+
return;
|
|
95
|
+
}
|
|
96
|
+
// Same-origin only when loopback-bound (no wildcard CORS that would invite
|
|
97
|
+
// cross-site requests to a credential-less, tool-executing endpoint).
|
|
98
|
+
if (loopbackOnly) {
|
|
99
|
+
res.setHeader("Access-Control-Allow-Origin", `http://${req.headers.host || `localhost:${port}`}`);
|
|
100
|
+
res.setHeader("Vary", "Origin");
|
|
101
|
+
} else {
|
|
102
|
+
res.setHeader("Access-Control-Allow-Origin", "*");
|
|
103
|
+
}
|
|
77
104
|
res.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
|
|
78
105
|
res.setHeader("Access-Control-Allow-Headers", "Content-Type");
|
|
79
106
|
if (req.method === "OPTIONS") { res.writeHead(204); res.end(); return; }
|
|
@@ -87,7 +114,13 @@ export async function startWebServer(port: number = 3000): Promise<void> {
|
|
|
87
114
|
} catch (e) { res.writeHead(500, { "Content-Type": "application/json" }).end(JSON.stringify({ error: String(e) })); }
|
|
88
115
|
});
|
|
89
116
|
|
|
90
|
-
return new Promise((resolve) => {
|
|
117
|
+
return new Promise((resolve) => {
|
|
118
|
+
server.listen(port, host, () => {
|
|
119
|
+
const shown = loopbackOnly ? "localhost" : host;
|
|
120
|
+
console.log(`\n 水墨气象台 · Skyloom\n http://${shown}:${port}${loopbackOnly ? " (仅本机 · 设 SKYLOOM_WEB_HOST=0.0.0.0 可对外开放)" : " ⚠ 已对外开放 · 无鉴权"}\n`);
|
|
121
|
+
resolve();
|
|
122
|
+
});
|
|
123
|
+
});
|
|
91
124
|
}
|
|
92
125
|
|
|
93
126
|
async function handleChat(req: IncomingMessage, res: ServerResponse, ctx: ReturnType<typeof createSystemContext>) {
|
|
@@ -0,0 +1,52 @@
|
|
|
1
|
+
import { describe, it, expect, afterEach } from "vitest";
|
|
2
|
+
import * as path from "path";
|
|
3
|
+
import * as os from "os";
|
|
4
|
+
import { fenceCheck, fenceRoot } from "../src/tools/builtin";
|
|
5
|
+
import { isSafePluginPath } from "../src/plugins/loader";
|
|
6
|
+
|
|
7
|
+
describe("workspace fence (opt-in)", () => {
|
|
8
|
+
afterEach(() => {
|
|
9
|
+
delete process.env.SKYLOOM_WORKSPACE_FENCE;
|
|
10
|
+
delete process.env.SKYLOOM_WORKSPACE_ROOT;
|
|
11
|
+
});
|
|
12
|
+
|
|
13
|
+
it("is disabled by default (no env)", () => {
|
|
14
|
+
expect(fenceRoot()).toBeNull();
|
|
15
|
+
expect(fenceCheck("/etc/passwd")).toBeNull();
|
|
16
|
+
});
|
|
17
|
+
|
|
18
|
+
it("confines paths to the root when enabled", () => {
|
|
19
|
+
const root = path.join(os.tmpdir(), "sky-fence-root");
|
|
20
|
+
process.env.SKYLOOM_WORKSPACE_FENCE = "1";
|
|
21
|
+
process.env.SKYLOOM_WORKSPACE_ROOT = root;
|
|
22
|
+
expect(fenceCheck(path.join(root, "a", "b.txt"))).toBeNull();
|
|
23
|
+
expect(fenceCheck(root)).toBeNull();
|
|
24
|
+
expect(fenceCheck("/etc/passwd")).toMatch(/路径越界/);
|
|
25
|
+
// sibling prefix must not slip past (root vs root-evil)
|
|
26
|
+
expect(fenceCheck(root + "-evil/x")).toMatch(/路径越界/);
|
|
27
|
+
// traversal out
|
|
28
|
+
expect(fenceCheck(path.join(root, "..", "secret"))).toMatch(/路径越界/);
|
|
29
|
+
});
|
|
30
|
+
});
|
|
31
|
+
|
|
32
|
+
describe("plugin path safety", () => {
|
|
33
|
+
it("allows owner-only paths, rejects world/group-writable (POSIX)", () => {
|
|
34
|
+
if (process.platform === "win32") return; // bits not meaningful on Windows
|
|
35
|
+
const fs = require("fs");
|
|
36
|
+
const dir = fs.mkdtempSync(path.join(os.tmpdir(), "sky-plugin-"));
|
|
37
|
+
const safe = path.join(dir, "safe.js"); fs.writeFileSync(safe, "", { mode: 0o644 }); fs.chmodSync(safe, 0o644);
|
|
38
|
+
const unsafe = path.join(dir, "unsafe.js"); fs.writeFileSync(unsafe, ""); fs.chmodSync(unsafe, 0o666);
|
|
39
|
+
expect(isSafePluginPath(safe)).toBe(true);
|
|
40
|
+
expect(isSafePluginPath(unsafe)).toBe(false);
|
|
41
|
+
});
|
|
42
|
+
|
|
43
|
+
it("honors the unsafe opt-out", () => {
|
|
44
|
+
if (process.platform === "win32") return;
|
|
45
|
+
const fs = require("fs");
|
|
46
|
+
const dir = fs.mkdtempSync(path.join(os.tmpdir(), "sky-plugin2-"));
|
|
47
|
+
const unsafe = path.join(dir, "x.js"); fs.writeFileSync(unsafe, ""); fs.chmodSync(unsafe, 0o666);
|
|
48
|
+
process.env.SKYLOOM_ALLOW_UNSAFE_PLUGINS = "1";
|
|
49
|
+
try { expect(isSafePluginPath(unsafe)).toBe(true); }
|
|
50
|
+
finally { delete process.env.SKYLOOM_ALLOW_UNSAFE_PLUGINS; }
|
|
51
|
+
});
|
|
52
|
+
});
|