cmdbox 0.5.4__py3-none-any.whl → 0.6.0.1__py3-none-any.whl

cmdbox/app/features/web/cmdbox_web_do_signout.py

@@ -13,9 +13,9 @@ class DoSignout(feature.WebFeature):
             web (Web): Webオブジェクト
             app (FastAPI): FastAPIオブジェクト
         """
-        @app.get('/dosignout/{next}', response_class=HTMLResponse)
-        @app.post('/dosignout/{next}', response_class=HTMLResponse)
-        async def do_signout(next, req:Request, res:Response):
+        @app.api_route('/dosignout/{next}', methods=['GET', 'POST'], response_class=HTMLResponse)
+        @app.api_route('/{full_path:path}/dosignout/{next}/', methods=['GET', 'POST'], response_class=HTMLResponse)
+        async def do_signout(next, req:Request, res:Response, full_path:str=None):
             if 'signin' in req.session:
                 web.options.audit_exec(req, res, web, body=dict(msg='Signout.'), audit_type='auth')
                 for key in list(req.session.keys()).copy():

cmdbox/app/features/web/cmdbox_web_exec_cmd.py

@@ -4,6 +4,7 @@ from cmdbox.app.features.cli import cmdbox_audit_search, cmdbox_audit_write
 from cmdbox.app.features.web import cmdbox_web_load_cmd
 from cmdbox.app.web import Web
 from fastapi import FastAPI, Request, Response, HTTPException
+from fastapi.responses import PlainTextResponse
 from starlette.datastructures import UploadFile
 from typing import Dict, Any, List
 import html
@@ -178,8 +179,10 @@ class ExecCmd(cmdbox_web_load_cmd.LoadCmd):
                 sys.stdout = captured_output = io.StringIO()
             ret_main = {}
             logsize = 1024
+            console = common.create_console(file=old_stdout)
+
             try:
-                old_stdout.write(loghandler.colorize_msg(f'EXEC:     {opt_list}\n'[:logsize]))
+                console.log(f'EXEC  - {opt_list}\n'[:logsize])
                 status, ret_main, obj = cmdbox_app.main(args_list=[common.chopdq(o) for o in opt_list], file_dict=file_dict, webcall=True)
                 if isinstance(obj, server.Server):
                     cmdbox_app.sv = obj
@@ -206,11 +209,11 @@ class ExecCmd(cmdbox_web_load_cmd.LoadCmd):
                             output = [dict(warn=f'The captured stdout was discarded because its size was larger than {capture_maxsize} bytes.')]
                 else:
                     output = [dict(warn='capture_stdout is off.')]
-                old_stdout.write(loghandler.colorize_msg(f'EXEC:     {output}'[:logsize])+'\n')
+                old_stdout.write(f'EXEC OUTPUT => {output}'[:logsize]) # コマンド実行時のアウトプットはカラーリングしない
             except Exception as e:
                 web.logger.disabled = False # ログ出力を有効にする
                 msg = f'exec_cmd error. {traceback.format_exc()}'
-                old_stdout.write(loghandler.colorize_msg(f'EXEC:     {msg}'[:logsize])+'\n')
+                console.log(f'EXEC  - {msg}'[:logsize])
                 web.logger.warning(msg)
                 output = [dict(warn=f'<pre>{html.escape(traceback.format_exc())}</pre>')]
             sys.stdout = old_stdout
@@ -234,6 +237,8 @@ class ExecCmd(cmdbox_web_load_cmd.LoadCmd):
                     except:
                         ret = ret_main
                 if nothread:
+                    if isinstance(ret, str):
+                        return PlainTextResponse(ret, media_type='text/plain')
                     return ret
                 self.callback_return_cmd_exec_func(web, title, ret)
             except:

cmdbox/app/features/web/cmdbox_web_signin.py

@@ -1,4 +1,5 @@
 from cmdbox.app import feature
+from cmdbox.app.auth import signin
 from cmdbox.app.web import Web
 from fastapi import FastAPI, Request, Response, HTTPException
 from fastapi.responses import HTMLResponse, RedirectResponse
@@ -22,10 +23,10 @@ class Signin(feature.WebFeature):
             with open(web.signin_html, 'r', encoding='utf-8') as f:
                 web.signin_html_data = f.read()
 
-        @app.get('/signin/{next}', response_class=HTMLResponse)
-        @app.post('/signin/{next}', response_class=HTMLResponse)
-        async def _signin(next:str, req:Request, res:Response):
-            web.signin.enable_cors(req, res)
+        @app.api_route('/signin/{next}', methods=['GET', 'POST'], response_class=HTMLResponse)
+        @app.api_route('/{full_path:path}/signin/{next}', methods=['GET', 'POST'], response_class=HTMLResponse)
+        async def _signin(next:str, req:Request, res:Response, full_path:str=None):
+            signin.Signin._enable_cors(req, res)
             res.headers['Access-Control-Allow-Origin'] = '*'
             return web.signin_html_data
 

cmdbox/app/features/web/cmdbox_web_users.py

@@ -88,6 +88,7 @@ class Users(feature.WebFeature):
             except Exception as e:
                 return dict(error=str(e))
 
+        @app.post('/gui/apikey/add')
         @app.post('/users/apikey/add')
         async def users_apikey_add(req:Request, res:Response):
             signin = web.signin.check_signin(req, res)
@@ -103,6 +104,7 @@ class Users(feature.WebFeature):
             except Exception as e:
                 return dict(error=str(e))
 
+        @app.post('/gui/apikey/del')
         @app.post('/users/apikey/del')
         async def users_apikey_del(req:Request, res:Response):
             signin = web.signin.check_signin(req, res)

cmdbox/app/options.py

@@ -1,6 +1,6 @@
 from cmdbox.app import common, feature, web
 from cmdbox.app.commons import module
-from fastapi import Request
+from fastapi import Request, WebSocket
 from fastapi.routing import APIRoute
 from datetime import datetime
 from pathlib import Path
@@ -49,6 +49,7 @@ class Options:
         self.aliases_loaded_cli = False
         self.aliases_loaded_web = False
         self.audit_loaded = False
+        self.agentrule_loaded = False
         self.init_options()
 
     def get_mode_keys(self) -> List[str]:
@@ -345,6 +346,7 @@ class Options:
                 svcmd = fobj.get_svcmd()
                 if svcmd is not None:
                     self._options["svcmd"][svcmd] = fobj
+                opt['use_agent'] = self.check_agentrule(mode, cmd, logger)
         self.init_debugoption()
     
     def is_features_loaded(self, ftype:str) -> bool:
@@ -396,6 +398,8 @@ class Options:
                 return
             if type(yml['features'][ftype]) is not list:
                 raise Exception(f'features.yml is invalid. (The “features.{ftype} element must be a list. {ftype}={yml["features"][ftype]})')
+            # featureモジュール読込みの前にagentruleの読み込み
+            self.load_features_agentrule(logger)
             for data in yml['features'][ftype]:
                 if type(data) is not dict:
                     raise Exception(f'features.yml is invalid. (The “features.{ftype}” element must be a list element must be a dictionary. data={data})')
@@ -415,6 +419,7 @@ class Options:
                 func(data['package'], data['prefix'], exclude_modules, appcls, ver, logger, self.is_features_loaded(ftype))
                 self.features_loaded[ftype] = True
 
+
     def load_features_args(self, args_dict:Dict[str, Any]):
         yml = self.features_yml_data
         if yml is None:
@@ -627,6 +632,11 @@ class Options:
         if 'enabled' not in yml['audit']:
             raise Exception('features.yml is invalid. (The audit element must have "enabled" specified.)')
         if not yml['audit']['enabled']: return
+        # フューチャーのoptions
+        if 'options' not in yml['audit']:
+            raise Exception('features.yml is invalid. (The audit element must have "options" specified.)')
+        self.audit_write_args = yml['audit']['options'].copy()
+        self.audit_search_args = yml['audit']['options'].copy()
         # writeフューチャー
         if 'write' not in yml['audit']:
             raise Exception('features.yml is invalid. (The audit element must have "write" specified.)')
@@ -637,6 +647,8 @@ class Options:
             raise Exception('features.yml is invalid. (The audit.write element must have "cmd" specified.)')
         cmd = yml['audit']['write']['cmd']
         self.audit_write:feature.Feature = self.get_cmd_attr(mode, cmd, 'feature')
+        self.audit_write_args['mode'] = mode
+        self.audit_write_args['cmd'] = cmd
         # searchフューチャー
         if 'search' not in yml['audit']:
             raise Exception('features.yml is invalid. (The audit element must have "search" specified.)')
@@ -647,17 +659,58 @@ class Options:
             raise Exception('features.yml is invalid. (The audit.search element must have "cmd" specified.)')
         cmd = yml['audit']['search']['cmd']
         self.audit_search:feature.Feature = self.get_cmd_attr(mode, cmd, 'feature')
-        # フューチャーのoptions
-        if 'options' not in yml['audit']:
-            raise Exception('features.yml is invalid. (The audit element must have "options" specified.)')
-        self.audit_write_args = yml['audit']['options'].copy()
-        self.audit_write_args['mode'] = mode
-        self.audit_write_args['cmd'] = cmd
-        self.audit_search_args = yml['audit']['options'].copy()
         self.audit_search_args['mode'] = mode
         self.audit_search_args['cmd'] = cmd
         self.audit_loaded = True
 
+    def load_features_agentrule(self, logger:logging.Logger):
+        yml = self.features_yml_data
+        if yml is None: return
+        if self.agentrule_loaded: return
+        if 'agentrule' not in yml: return
+        if 'policy' not in yml['agentrule']:
+            raise Exception('features.yml is invalid. (The agentrule element must have "policy" specified.)')
+        if yml['agentrule']['policy'] not in ['allow', 'deny']:
+            raise Exception('features.yml is invalid. (The policy element must specify allow or deny.)')
+        if 'rules' not in yml['agentrule']:
+            raise Exception('features.yml is invalid. (The agentrule element must have "rules" specified.)')
+        for rule in yml['agentrule']['rules']:
+            if 'mode' not in rule:
+                rule['mode'] = None
+            if 'cmds' not in rule:
+                rule['cmds'] = []
+            if rule['mode'] is None and len(rule['cmds']) > 0:
+                raise Exception('features.yml is invalid. (When “cmds” is specified, “mode” must be specified.)')
+            if 'rule' not in rule:
+                raise Exception('features.yml is invalid. (The agentrule.rules element must have "rule" specified.)')
+        self.agentrule_loaded = True
+
+    def check_agentrule(self, mode:str, cmd:str, logger:logging.Logger) -> bool:
+        """
+        エージェントが使用してよいコマンドかどうかをチェックします
+
+        Args:
+            mode (str): モード
+            cmd (str): コマンド
+
+        Returns:
+            bool: 認可されたかどうか
+        """
+        if not self.agentrule_loaded:
+            return False
+        # コマンドチェック
+        jadge = self.features_yml_data['agentrule']['policy']
+        for rule in self.features_yml_data['agentrule']['rules']:
+            if rule['mode'] is not None:
+                if rule['mode'] != mode:
+                    continue
+                if len([c for c in rule['cmds'] if cmd == c]) <= 0:
+                    continue
+            jadge = rule['rule']
+        if logger.level == logging.DEBUG:
+            logger.debug(f"agent rule: mode={mode}, cmd={cmd}: {jadge}")
+        return jadge == 'allow'
+
     AT_USER = 'user'
     AT_ADMIN = 'admin'
     AT_SYSTEM = 'system'
@@ -779,7 +832,7 @@ class Options:
             elif isinstance(arg, feature.Feature):
                 func_feature = arg
                 opt['clmsg_src'] = func_feature.__class__.__name__
-            elif isinstance(arg, Request):
+            elif isinstance(arg, Request) or isinstance(arg, WebSocket):
                 if 'signin' in arg.session and arg.session['signin'] is not None and 'name' in arg.session['signin']:
                     opt['clmsg_user'] = arg.session['signin']['name']
                     if opt['audit_type'] is None:

cmdbox/app/web.py

@@ -1,11 +1,12 @@
 from cmdbox.app import common, options
 from cmdbox.app.auth import signin, signin_saml
 from cmdbox.app.commons import module
-from fastapi import FastAPI, Request, Response, HTTPException
-from fastapi.responses import RedirectResponse
+from fastapi import FastAPI, Request, Response
 from pathlib import Path
+from starlette.applications import Starlette
 from starlette.middleware.sessions import SessionMiddleware
-from typing import Any, Dict, List, Tuple
+from starlette.routing import Mount
+from typing import Any, Dict, List
 from uvicorn.config import Config
 import asyncio
 import copy
@@ -31,7 +32,7 @@ class Web:
     def __init__(self, logger:logging.Logger, data:Path, appcls=None, ver=None,
                  redis_host:str = "localhost", redis_port:int = 6379, redis_password:str = None, svname:str = 'server',
                  client_only:bool=False, doc_root:Path=None, gui_html:str=None, filer_html:str=None, result_html:str=None, users_html:str=None,
-                 audit_html:str=None, assets:List[str]=None, signin_html:str=None, signin_file:str=None, gui_mode:bool=False,
+                 audit_html:str=None, agent_html:str=None, assets:List[str]=None, signin_html:str=None, signin_file:str=None, gui_mode:bool=False,
                  web_features_packages:List[str]=None, web_features_prefix:List[str]=None):
         """
         cmdboxクライアント側のwebapiサービス
@@ -52,6 +53,7 @@ class Web:
             result_html (str, optional): 結果のHTMLファイル. Defaults to None.
             users_html (str, optional): ユーザーのHTMLファイル. Defaults to None.
             audit_html (str, optional): 監査のHTMLファイル. Defaults to None.
+            agent_html (str, optional): エージェントのHTMLファイル. Defaults to None.
             assets (List[str], optional): 静的ファイルのリスト. Defaults to None.
             signin_html (str, optional): ログイン画面のHTMLファイル. Defaults to None.
             signin_file (str, optional): ログイン情報のファイル. Defaults to args.signin_file.
@@ -78,6 +80,7 @@ class Web:
         self.result_html = Path(result_html) if result_html is not None else Path(__file__).parent.parent / 'web' / 'result.html'
         self.users_html = Path(users_html) if users_html is not None else Path(__file__).parent.parent / 'web' / 'users.html'
         self.audit_html = Path(audit_html) if audit_html is not None else Path(__file__).parent.parent / 'web' / 'audit.html'
+        self.agent_html = Path(agent_html) if agent_html is not None else Path(__file__).parent.parent / 'web' / 'agent.html'
         self.assets = []
         if assets is not None:
             if not isinstance(assets, list):
@@ -97,6 +100,7 @@ class Web:
         self.result_html_data = None
         self.users_html_data = None
         self.audit_html_data = None
+        self.agent_html_data = None
         self.assets_data = None
         self.signin_html_data = None
         self.gui_mode = gui_mode
@@ -106,11 +110,13 @@ class Web:
         self.pipes_path = self.data / ".pipes"
         self.users_path = self.data / ".users"
         self.audit_path = self.data / '.audit'
+        self.agent_path = self.data / '.agent'
         self.static_root = Path(__file__).parent.parent / 'web'
         common.mkdirs(self.cmds_path)
         common.mkdirs(self.pipes_path)
         common.mkdirs(self.users_path)
         common.mkdirs(self.audit_path)
+        common.mkdirs(self.agent_path)
         self.pipe_th = None
         self.img_queue = queue.Queue(1000)
         self.cb_queue = queue.Queue(1000)
@@ -132,6 +138,7 @@ class Web:
             self.logger.debug(f"web init parameter: result_html={self.result_html} -> {self.result_html.absolute() if self.result_html is not None else None}")
             self.logger.debug(f"web init parameter: users_html={self.users_html} -> {self.users_html.absolute() if self.users_html is not None else None}")
             self.logger.debug(f"web init parameter: audit_html={self.audit_html} -> {self.audit_html.absolute() if self.audit_html is not None else None}")
+            self.logger.debug(f"web init parameter: agent_html={self.agent_html} -> {self.agent_html.absolute() if self.agent_html is not None else None}")
             self.logger.debug(f"web init parameter: assets={self.assets} -> {[a.absolute() for a in self.assets] if self.assets is not None else None}")
             self.logger.debug(f"web init parameter: signin_html={self.signin_html} -> {self.signin_html.absolute() if self.signin_html is not None else None}")
             self.logger.debug(f"web init parameter: signin_file={self.signin_file} -> {self.signin_file.absolute() if self.signin_file is not None else None}")
@@ -141,6 +148,8 @@ class Web:
             self.logger.debug(f"web init parameter: cmds_path={self.cmds_path} -> {self.cmds_path.absolute() if self.cmds_path is not None else None}")
             self.logger.debug(f"web init parameter: pipes_path={self.pipes_path} -> {self.pipes_path.absolute() if self.pipes_path is not None else None}")
             self.logger.debug(f"web init parameter: users_path={self.users_path} -> {self.users_path.absolute() if self.users_path is not None else None}")
+            self.logger.debug(f"web init parameter: audit_path={self.audit_path} -> {self.audit_path.absolute() if self.audit_path is not None else None}")
+            self.logger.debug(f"web init parameter: agent_path={self.agent_path} -> {self.agent_path.absolute() if self.agent_path is not None else None}")
 
     def init_webfeatures(self, app:FastAPI):
         self.filemenu = dict()
@@ -150,7 +159,10 @@ class Web:
         if self.options.is_features_loaded('web'):
             return
         # webfeatureの読込み
+        self.wf_dep = []
         def wf_route(pk, prefix, excludes, w, app, appcls, ver, logger):
+            if pk in w.wf_dep: return
+            w.wf_dep.append(pk)
             for wf in module.load_webfeatures(pk, prefix, excludes, appcls=appcls, ver=ver, logger=logger):
                 wf.route(self, app)
                 self.filemenu = {**self.filemenu, **wf.filemenu(w)}
@@ -666,7 +678,8 @@ class Web:
     def start(self, allow_host:str="0.0.0.0", listen_port:int=8081, ssl_listen_port:int=8443,
               ssl_cert:Path=None, ssl_key:Path=None, ssl_keypass:str=None, ssl_ca_certs:Path=None,
               session_domain:str=None, session_path:str='/', session_secure:bool=False, session_timeout:int=900, outputs_key:List[str]=[],
-              guvicorn_workers:int=-1, guvicorn_timeout:int=30):
+              guvicorn_workers:int=-1, guvicorn_timeout:int=30,
+              agent_runner=None, mcp=None, mcp_listen_port=9081, mcp_ssl_listen_port=9443):
         """
         Webサーバを起動する
 
@@ -685,6 +698,10 @@ class Web:
             outputs_key (list, optional): 出力キー. Defaults to [].
             guvicorn_workers (int, optional): Gunicornワーカー数. Defaults to -1.
             guvicorn_timeout (int, optional): Gunicornタイムアウト. Defaults to 30.
+            agent_runner (Runner, optional): エージェントランナー. Defaults to None.
+            mcp (MCP, optional): MCP. Defaults to None.
+            mcp_listen_port (int, optional): MCPリスンポート. Defaults to 9081.
+            mcp_ssl_listen_port (int, optional): MCP SSLリスンポート. Defaults to 9443.
         """
         self.allow_host = allow_host
         self.listen_port = listen_port
@@ -700,6 +717,10 @@ class Web:
         self.session_timeout = session_timeout
         self.guvicorn_workers = guvicorn_workers
         self.guvicorn_timeout = guvicorn_timeout
+        self.agent_runner = agent_runner
+        self.mcp = mcp
+        self.mcp_listen_port = mcp_listen_port
+        self.mcp_ssl_listen_port = mcp_ssl_listen_port
         if self.logger.level == logging.DEBUG:
             self.logger.debug(f"web start parameter: allow_host={self.allow_host}")
             self.logger.debug(f"web start parameter: listen_port={self.listen_port}")
@@ -715,7 +736,81 @@ class Web:
             self.logger.debug(f"web start parameter: session_timeout={self.session_timeout}")
             self.logger.debug(f"web start parameter: guvicorn_worker={self.guvicorn_workers}")
             self.logger.debug(f"web start parameter: guvicorn_timeout={self.guvicorn_timeout}")
+            self.logger.debug(f"web start parameter: agent_runner={self.agent_runner}")
+            self.logger.debug(f"web start parameter: mcp={self.mcp}")
+            self.logger.debug(f"web start parameter: mcp_listen_port={self.mcp_listen_port}")
+            self.logger.debug(f"web start parameter: mcp_ssl_listen_port={self.mcp_ssl_listen_port}")
+
+        if self.agent_runner is not None:
+            # google.adkが大きいので必要な時にだけ読込む
+            from google.adk.sessions import BaseSessionService, Session
+            async def create_agent_session(session_service:BaseSessionService, user_id:str, session_id:str=None) -> Session:
+                """
+                セッションを作成します
+
+                Args:
+                    session_service (BaseSessionService): セッションサービス
+                    user_id (str): ユーザーID
+                    session_id (str): セッションID
+
+                Returns:
+                    Any: セッション
+                """
+                if session_id is None:
+                    session_id = common.random_string(32)
+                session = await session_service.get_session(app_name=self.ver.__appid__, user_id=user_id, session_id=session_id)
+                if session is None:
+                    session = await session_service.create_session(app_name=self.ver.__appid__, user_id=user_id, session_id=session_id)
+                return session
+            self.create_agent_session = create_agent_session
+            async def list_agent_sessions(session_service:BaseSessionService, user_id:str, session_id:str=None) -> List[Session]:
+                """
+                セッションをリストします
+
+                Args:
+                    session_service (BaseSessionService): セッションサービス
+                    user_id (str): ユーザーID
+
+                Returns:
+                    List[Session]: セッションリスト
+                """
+                if session_id is None:
+                    sessions = await session_service.list_sessions(app_name=self.ver.__appid__, user_id=user_id)
+                    ret = []
+                    for s in sessions.sessions:
+                        ret.append(await session_service.get_session(app_name=self.ver.__appid__, user_id=user_id, session_id=s.id))
+                    return ret
+                else:
+                    session = await session_service.get_session(app_name=self.ver.__appid__, user_id=user_id, session_id=session_id)
+                    if session is None:
+                        return []
+                    return [session]
+            self.list_agent_sessions = list_agent_sessions
+            async def delete_agent_session(session_service:BaseSessionService, user_id:str, session_id:str) -> bool:
+                """
+                セッションを削除します
+
+                Args:
+                    session_service (BaseSessionService): セッションサービス
+                    user_id (str): ユーザーID
+                    session_id (str): セッションID
+
+                Returns:
+                    bool: 成功した場合はTrue, 失敗した場合はFalse
+                """
+                return await session_service.delete_session(app_name=self.ver.__appid__, user_id=user_id, session_id=session_id)
+            self.delete_agent_session = delete_agent_session
 
+        """
+        if self.mcp is not None:
+            # MCPをFastAPIにマウント
+            mcp_app:Starlette = self.mcp.streamable_http_app()
+            app = FastAPI(lifespan=self.mcp.settings.lifespan)
+            app.mount("/mcp", mcp_app)
+            #app.include_router(mcp_app.router)
+        else:
+            app = FastAPI()
+        """
         app = FastAPI()
         @app.middleware("http")
         async def set_context_cookie(req:Request, call_next):
@@ -733,19 +828,32 @@ class Web:
 
         self.is_running = True
         #uvicorn.run(app, host=self.allow_host, port=self.listen_port, workers=2)
-        th = ThreadedUvicorn(self.logger, config=Config(app=app, host=self.allow_host, port=self.listen_port),
+        http_config = Config(app=app, host=self.allow_host, port=self.listen_port)
+        th = ThreadedUvicorn(self.logger, config=http_config,
                              guvicorn_config=dict(workers=self.guvicorn_workers, timeout=self.guvicorn_timeout))
         th.start()
+        if self.mcp is not None and self.ssl_cert is None and self.ssl_key is None:
+            mcp_app:Starlette = self.mcp.streamable_http_app()
+            http_config = Config(app=mcp_app, host=self.allow_host, port=self.mcp_listen_port)
+            mcp_th = ThreadedUvicorn(self.logger, config=http_config, force_uvicorn=True)
+            mcp_th.start()
         browser_port = self.listen_port
         th_ssl = None
         if self.ssl_cert is not None and self.ssl_key is not None:
-            th_ssl = ThreadedUvicorn(self.logger,
-                                     config=Config(app=app, host=self.allow_host, port=self.ssl_listen_port,
-                                                   ssl_certfile=self.ssl_cert, ssl_keyfile=self.ssl_key,
-                                                   ssl_keyfile_password=self.ssl_keypass, ssl_ca_certs=self.ssl_ca_certs),
+            https_config = Config(app=app, host=self.allow_host, port=self.ssl_listen_port,
+                                  ssl_certfile=self.ssl_cert, ssl_keyfile=self.ssl_key,
+                                  ssl_keyfile_password=self.ssl_keypass, ssl_ca_certs=self.ssl_ca_certs)
+            th_ssl = ThreadedUvicorn(self.logger, config=https_config,
                                      guvicorn_config=dict(workers=self.guvicorn_workers, timeout=self.guvicorn_timeout))
             th_ssl.start()
             browser_port = self.ssl_listen_port
+            if self.mcp is not None:
+                mcp_app:Starlette = self.mcp.streamable_http_app()
+                https_config = Config(app=mcp_app, host=self.allow_host, port=self.mcp_ssl_listen_port,
+                                      ssl_certfile=self.ssl_cert, ssl_keyfile=self.ssl_key,
+                                      ssl_keyfile_password=self.ssl_keypass, ssl_ca_certs=self.ssl_ca_certs)
+                mcp_th_ssl = ThreadedUvicorn(self.logger, config=https_config, force_uvicorn=True)
+                mcp_th_ssl.start()
         try:
             if self.gui_mode:
                 webbrowser.open(f'http://localhost:{browser_port}/gui')
@@ -754,12 +862,20 @@ class Web:
             while self.is_running:
                 gevent.sleep(1)
             th.stop()
+            if self.mcp is not None:
+                mcp_th.stop()
             if th_ssl is not None:
                 th_ssl.stop()
+                if self.mcp is not None:
+                    mcp_th_ssl.stop()
         except KeyboardInterrupt:
             th.stop()
+            if self.mcp is not None:
+                mcp_th.stop()
             if th_ssl is not None:
                 th_ssl.stop()
+                if self.mcp is not None:
+                    mcp_th_ssl.stop()
 
     def stop(self):
         """
@@ -780,13 +896,21 @@ class Web:
             self.logger.info(f"Exit web.")
 
 class ThreadedUvicorn:
-    def __init__(self, logger:logging.Logger, config:Config, guvicorn_config:Dict[str, Any]):
+    def __init__(self, logger:logging.Logger, config:Config, guvicorn_config:Dict[str, Any]=None, force_uvicorn:bool=False):
         self.logger = logger
         self.guvicorn_config = guvicorn_config
-        if platform.system() == "Windows":
+        self.force_uvicorn = True if platform.system() == "Windows" else force_uvicorn
+        # loggerの設定
+        common.reset_logger("uvicorn")
+        common.reset_logger("uvicorn.error")
+        common.reset_logger("uvicorn.access")
+        #common.reset_logger("gunicorn.error")
+        #common.reset_logger("gunicorn.access")
+        if self.force_uvicorn:
             self.server = uvicorn.Server(config)
             self.thread = RaiseThread(daemon=True, target=self.server.run)
         else:
+
             from gunicorn.app.wsgiapp import WSGIApplication
             class App(WSGIApplication):
                 def __init__(self, app, options):
@@ -823,7 +947,7 @@ class ThreadedUvicorn:
             #self.thread = RaiseThread(daemon=True, target=self.server.run)
 
     def start(self):
-        if platform.system() == "Windows":
+        if self.force_uvicorn:
             asyncio.set_event_loop_policy(asyncio.WindowsSelectorEventLoopPolicy())
             self.thread.start()
             asyncio.run(self.wait_for_started())
@@ -837,7 +961,7 @@ class ThreadedUvicorn:
             await asyncio.sleep(0.1)
 
     def stop(self):
-        if platform.system() == "Windows":
+        if self.force_uvicorn:
             if self.thread.is_alive():
                 self.server.should_exit = True
                 self.thread.raise_exception()
@@ -847,7 +971,7 @@ class ThreadedUvicorn:
             self.server.started = False
 
     def is_alive(self):
-        if platform.system() == "Windows":
+        if self.force_uvicorn:
             return self.thread.is_alive()
         else:
             return self.server.started

cmdbox/extensions/features.yml

@@ -37,6 +37,24 @@ aliases:                                # Specify the alias for the specified co
                                         #   e.g. /{1}_exec
         move:                           # Specify whether to move the regular expression group of the source to the target.
                                         #   e.g. true
+agentrule:                              # Specifies a list of rules that determine which commands the agent can execute.
+  policy: deny                          # Specify the default policy for the rule. The value can be allow or deny.
+  rules:                                # Specify the rules for the commands that the agent can execute according to the group to which the user belongs.
+  - mode: audit                         # Specify the "mode" as the condition for applying the rule.
+    cmds: [search, write]               # Specify the "cmd" to which the rule applies. Multiple items can be specified in a list.
+    rule: allow                         # Specifies whether the specified command is allowed or not. Values are allow or deny.
+  - mode: client
+    cmds: [file_copy, file_download, file_list, file_mkdir, file_move, file_remove, file_rmdir, file_upload, server_info]
+    rule: allow
+  - mode: cmd
+    cmds: [list, load]
+    rule: allow
+  - mode: server
+    cmds: [list]
+    rule: allow
+  - mode: web
+    cmds: [gencert, genpass, group_list, user_list]
+    rule: allow
 audit:
   enabled: true                         # Specify whether to enable the audit function.
   write:

cmdbox/extensions/sample_project/sample/extensions/features.yml

@@ -46,6 +46,24 @@ aliases:                                # Specify the alias for the specified co
                                         #   e.g. /{1}_exec
         move:                           # Specify whether to move the regular expression group of the source to the target.
                                         #   e.g. true
+agentrule:                              # Specifies a list of rules that determine which commands the agent can execute.
+  policy: deny                          # Specify the default policy for the rule. The value can be allow or deny.
+  rules:                                # Specify the rules for the commands that the agent can execute according to the group to which the user belongs.
+  - mode: audit                         # Specify the "mode" as the condition for applying the rule.
+    cmds: [search, write]               # Specify the "cmd" to which the rule applies. Multiple items can be specified in a list.
+    rule: allow                         # Specifies whether the specified command is allowed or not. Values are allow or deny.
+  - mode: client
+    cmds: [file_copy, file_download, file_list, file_mkdir, file_move, file_remove, file_rmdir, file_upload, server_info]
+    rule: allow
+  - mode: cmd
+    cmds: [list, load]
+    rule: allow
+  - mode: server
+    cmds: [list]
+    rule: allow
+  - mode: web
+    cmds: [gencert, genpass, group_list, user_list]
+    rule: allow
 audit:
   enabled: true                         # Specify whether to enable the audit function.
   write:

cmdbox/extensions/sample_project/sample/extensions/user_list.yml

@@ -74,7 +74,8 @@ pathrule:                      # List of RESTAPI rules, rules that determine whe
   - groups: [user]
     paths: [/signin, /assets, /bbforce_cmd, /copyright, /dosignin, /dosignout, /password/change,
             /gui/user_data/load, /gui/user_data/save, /gui/user_data/delete,
-            /exec_cmd, /exec_pipe, /filer, /gui, /get_server_opt, /usesignout, /versions_cmdbox, /versions_used]
+            /agent, /mcp,
+            /exec_cmd, /exec_pipe, /filer, /result, /gui, /get_server_opt, /usesignout, /versions_cmdbox, /versions_used]
     rule: allow
   - groups: [readonly]
     paths: [/gui/del_cmd, /gui/del_pipe, /gui/save_cmd, /gui/save_pipe]

cmdbox/extensions/sample_project/sample/logconf_sample.yml

@@ -2,7 +2,11 @@ version: 1
 
 formatters:
     fmt:
-        format: '%(levelname)s[%(asctime)s] - %(message)s'
+        format: '[%(asctime)s] %(levelname)s - %(message)s'
+        datefmt: '%Y-%m-%d %H:%M:%S'
+        class: logging.Formatter
+    fmt_rich:
+        format: '%(message)s'
         class: logging.Formatter
 handlers:
     std:
@@ -10,6 +14,14 @@ handlers:
         level: INFO
         formatter: fmt
         stream: ext://sys.stdout
+    rich:
+        class: rich.logging.RichHandler
+        level: INFO
+        formatter: fmt_rich
+        show_path: false
+        omit_repeated_times: false
+        tracebacks_word_wrap: false
+        log_time_format: '[%Y-%m-%d %H:%M]'
     sample:
         class: cmdbox.app.commons.loghandler.TimedRotatingFileHandler
         level: INFO
@@ -24,6 +36,7 @@ loggers:
         handlers: [sample, std]
         level: INFO
         qualname: sample
+        propagate: false
 
 #root:
 #    handlers: [sample, std]

cmdbox/extensions/user_list.yml

@@ -74,6 +74,7 @@ pathrule:                      # List of RESTAPI rules, rules that determine whe
   - groups: [user]
     paths: [/signin, /assets, /bbforce_cmd, /copyright, /dosignin, /dosignout, /password/change,
             /gui/user_data/load, /gui/user_data/save, /gui/user_data/delete,
+            /agent, /mcp,
             /exec_cmd, /exec_pipe, /filer, /result, /gui, /get_server_opt, /usesignout, /versions_cmdbox, /versions_used]
     rule: allow
   - groups: [readonly]