aient 1.1.33__py3-none-any.whl → 1.1.35__py3-none-any.whl

aient/utils/scripts.py

@@ -1,6 +1,7 @@
 import os
 import re
 import json
+import fnmatch
 import requests
 import urllib.parse
 
@@ -234,6 +235,7 @@ import sys
 import shlex
 import builtins
 import subprocess
+import fnmatch
 
 # --- 沙箱配置 ---
 # 从环境变量 'SANDBOX_READONLY_PATHS' 读取只读路径列表（可以是文件或目录）。
@@ -241,30 +243,68 @@ import subprocess
 readonly_paths_str = os.getenv('SANDBOX_READONLY_PATHS', '')
 READONLY_PATHS = [p for p in readonly_paths_str.split(os.pathsep) if p]
 
+# 新增: 从环境变量 'SANDBOX_NO_READ_PATHS' 读取禁止读取的路径列表
+no_read_paths_str = os.getenv('SANDBOX_NO_READ_PATHS', '')
+NO_READ_PATHS = [p for p in no_read_paths_str.split(os.pathsep) if p]
+
 # --- 子进程注入代码 (更智能的版本) ---
 INJECTION_CODE = """
 import builtins
 import os
 import sys
 import runpy
+import fnmatch
 
 # 1. 从环境变量中获取沙箱规则并设置补丁
 # 子进程从和父进程完全相同的环境变量中读取配置
 readonly_paths_str = os.getenv('SANDBOX_READONLY_PATHS', '')
 readonly_paths = [os.path.abspath(p) for p in readonly_paths_str.split(os.pathsep) if p]
+
+# 优先使用执行命令专用的禁止读取路径
+no_read_paths_str = os.getenv('SANDBOX_EXEC_NO_READ_PATHS', '/**/*beswarm*/**')
+
+no_read_paths = [os.path.abspath(p) for p in no_read_paths_str.split(os.pathsep) if p]
 original_open = builtins.open
 
 def _is_path_protected(target_path):
     abs_target_path = os.path.abspath(target_path)
-    for readonly_path in readonly_paths:
-        if abs_target_path == readonly_path or abs_target_path.startswith(readonly_path + os.sep):
-            return True
+    for protected_pattern in readonly_paths:
+        # 检查是否是 glob 模式
+        is_glob = '*' in protected_pattern or '?' in protected_pattern or '[' in protected_pattern
+        if is_glob:
+            if fnmatch.fnmatch(abs_target_path, protected_pattern):
+                return True
+        else:
+            # 兼容旧的精确/目录匹配
+            if abs_target_path == protected_pattern or abs_target_path.startswith(protected_pattern + os.sep):
+                return True
+    return False
+
+def _is_path_no_read(target_path):
+    abs_target_path = os.path.abspath(target_path)
+    for no_read_pattern in no_read_paths:
+        # 检查是否是 glob 模式
+        is_glob = '*' in no_read_pattern or '?' in no_read_pattern or '[' in no_read_pattern
+        if is_glob:
+            if fnmatch.fnmatch(abs_target_path, no_read_pattern):
+                return True
+        else:
+            # 兼容旧的精确/目录匹配
+            if abs_target_path == no_read_pattern or abs_target_path.startswith(no_read_pattern + os.sep):
+                return True
     return False
 
 def _sandboxed_open(file, mode='r', *args, **kwargs):
+    # 检查写保护
     is_write_mode = 'w' in mode or 'a' in mode or 'x' in mode or '+' in mode
     if is_write_mode and _is_path_protected(file):
-        raise PermissionError(f"路径 '{file}' 被设为只读，禁止写入。")
+        raise PermissionError(f"路径 '{file}' 被禁止写入。")
+
+    # 检查读保护 (默认模式是 'r')
+    is_read_mode = 'r' in mode or '+' in mode
+    if is_read_mode and _is_path_no_read(file):
+        raise PermissionError(f"路径 '{file}' 被禁止读取。")
+
     return original_open(file, mode, *args, **kwargs)
 
 builtins.open = _sandboxed_open
@@ -316,24 +356,52 @@ else:
 
 class Sandbox:
     """一个通过猴子补丁实现文件访问控制的沙箱，支持向子进程注入。"""
-    def __init__(self, readonly_paths):
+    def __init__(self, readonly_paths, no_read_paths):
         self._readonly_paths = [os.path.abspath(p) for p in readonly_paths]
+        self._no_read_paths = [os.path.abspath(p) for p in no_read_paths]
         self._original_open = builtins.open
-        self.is_active = bool(self._readonly_paths) # 如果没有只读路径，则沙箱不激活
+        self.is_active = bool(self._readonly_paths or self._no_read_paths) # 如果有任一规则，则沙箱激活
 
     def _is_path_protected(self, target_path):
-        """检查给定路径是否位于或就是只读路径之一"""
+        """检查给定路径是否位于或就是只读路径之一（支持 glob 模式）。"""
         abs_target_path = os.path.abspath(target_path)
-        for readonly_path in self._readonly_paths:
-            if abs_target_path == readonly_path or abs_target_path.startswith(readonly_path + os.sep):
-                return True
+        for protected_pattern in self._readonly_paths:
+            is_glob = '*' in protected_pattern or '?' in protected_pattern or '[' in protected_pattern
+            if is_glob:
+                if fnmatch.fnmatch(abs_target_path, protected_pattern):
+                    return True
+            else:
+                # 兼容旧的精确/目录匹配
+                if abs_target_path == protected_pattern or abs_target_path.startswith(protected_pattern + os.sep):
+                    return True
+        return False
+
+    def _is_path_no_read(self, target_path):
+        """检查给定路径是否位于或就是禁止读取的路径之一（支持 glob 模式）。"""
+        abs_target_path = os.path.abspath(target_path)
+        for no_read_pattern in self._no_read_paths:
+            is_glob = '*' in no_read_pattern or '?' in no_read_pattern or '[' in no_read_pattern
+            if is_glob:
+                if fnmatch.fnmatch(abs_target_path, no_read_pattern):
+                    return True
+            else:
+                # 兼容旧的精确/目录匹配
+                if abs_target_path == no_read_pattern or abs_target_path.startswith(no_read_pattern + os.sep):
+                    return True
         return False
 
     def _sandboxed_open(self, file, mode='r', *args, **kwargs):
         """我们自己编写的、带安全检查的 open 函数代理"""
+        # 检查写保护
         is_write_mode = 'w' in mode or 'a' in mode or 'x' in mode or '+' in mode
         if is_write_mode and self._is_path_protected(file):
-            raise PermissionError(f"路径 '{file}' 被设为只读，禁止写入。")
+            raise PermissionError(f"路径 '{file}' 被禁止写入。")
+
+        # 检查读保护 (默认模式是 'r')
+        is_read_mode = 'r' in mode or '+' in mode
+        if is_read_mode and self._is_path_no_read(file):
+            raise PermissionError(f"路径 '{file}' 被禁止读取。")
+
         return self._original_open(file, mode, *args, **kwargs)
 
     def enable(self):
@@ -348,6 +416,10 @@ class Sandbox:
             return
         builtins.open = self._original_open
 
+    def _update_env_var(self, var_name, path_list):
+        """辅助函数，用于更新环境变量，确保子进程能继承最新的沙箱规则。"""
+        os.environ[var_name] = os.pathsep.join(path_list)
+
     def add_readonly_path(self, path: str):
         """动态添加一个新的只读路径。如果沙箱因此从非激活状态变为激活状态，则会启用沙箱。"""
         if not path:
@@ -358,6 +430,7 @@ class Sandbox:
         abs_path = os.path.abspath(path)
         if abs_path not in self._readonly_paths:
             self._readonly_paths.append(abs_path)
+            self._update_env_var('SANDBOX_READONLY_PATHS', self._readonly_paths)
             self.is_active = True # 确保沙箱被激活
 
         # 如果沙箱之前未激活，但现在因为添加了路径而激活了，则启用它
@@ -366,6 +439,23 @@ class Sandbox:
 
         return "Success"
 
+    def add_no_read_path(self, path: str):
+        """动态添加一个新的禁止读取的路径。"""
+        if not path:
+            return "Fail"
+
+        was_active = self.is_active
+        abs_path = os.path.abspath(path)
+        if abs_path not in self._no_read_paths:
+            self._no_read_paths.append(abs_path)
+            self._update_env_var('SANDBOX_NO_READ_PATHS', self._no_read_paths)
+            self.is_active = True
+
+        if not was_active and self.is_active:
+            self.enable()
+
+        return "Success"
+
     def __enter__(self):
         """进入 'with' 块时，应用猴子补丁"""
         self.enable()
@@ -408,7 +498,7 @@ class Sandbox:
 
 # --- 全局沙箱实例 ---
 # 沙箱现在会自动从环境变量中读取配置
-sandbox = Sandbox(readonly_paths=READONLY_PATHS)
+sandbox = Sandbox(readonly_paths=READONLY_PATHS, no_read_paths=NO_READ_PATHS)
 sandbox.enable() # 在模块加载时全局启用沙箱
 
 from dataclasses import dataclass

{aient-1.1.33.dist-info → aient-1.1.35.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: aient
-Version: 1.1.33
+Version: 1.1.35
 Summary: Aient: The Awakening of Agent.
 Description-Content-Type: text/markdown
 License-File: LICENSE

{aient-1.1.33.dist-info → aient-1.1.35.dist-info}/RECORD

@@ -36,9 +36,9 @@ aient/plugins/websearch.py,sha256=FsUxM9GL4AAjmYJ8TS2jSqv4qfCAoOkCQZH59whtAXk,15
 aient/plugins/write_file.py,sha256=7spYxloI_aUbeANEQK-oXrGPoBqSfsD7sdfMAWlNxhU,3656
 aient/utils/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 aient/utils/prompt.py,sha256=UcSzKkFE4-h_1b6NofI6xgk3GoleqALRKY8VBaXLjmI,11311
-aient/utils/scripts.py,sha256=8NJCASleffBsA20E3K7HvChCH6rb-7-Qa_ygXXpEsCE,37051
-aient-1.1.33.dist-info/licenses/LICENSE,sha256=XNdbcWldt0yaNXXWB_Bakoqnxb3OVhUft4MgMA_71ds,1051
-aient-1.1.33.dist-info/METADATA,sha256=2cPqc-MuWBbf9Mg6lujoA-Fb4fHQKuvGtc3WbaKJwKE,4968
-aient-1.1.33.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-aient-1.1.33.dist-info/top_level.txt,sha256=3oXzrP5sAVvyyqabpeq8A2_vfMtY554r4bVE-OHBrZk,6
-aient-1.1.33.dist-info/RECORD,,
+aient/utils/scripts.py,sha256=_43DEeoaiNVSA7ew1UUmp-gIV6XXe6rQPc2HTRuTzkw,40944
+aient-1.1.35.dist-info/licenses/LICENSE,sha256=XNdbcWldt0yaNXXWB_Bakoqnxb3OVhUft4MgMA_71ds,1051
+aient-1.1.35.dist-info/METADATA,sha256=Md5vZ0BXPl9uQJCCnFmdJkppgneGrFrdHdVLplV4UN4,4968
+aient-1.1.35.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+aient-1.1.35.dist-info/top_level.txt,sha256=3oXzrP5sAVvyyqabpeq8A2_vfMtY554r4bVE-OHBrZk,6
+aient-1.1.35.dist-info/RECORD,,