v3.8#29
Merged
Merged
Conversation
… version check (#28) ## Changes 1. **nix/hashes.json**: Update `x86_64-linux` node_modules hash to match current nixpkgs-unstable snapshot 2. **nix/deepagent-code.nix**: Add `patchPhase` that dynamically reads the actual bun version at build time, instead of hardcoding `^1.3.14`. This avoids build failures when nixpkgs-unstable ships a slightly different bun version (e.g., 1.3.13). ## Related Closes #27 Signed-off-by: thomas-yanga <odie_majere@outlook.com>
数据面 (deepagent-code): - 新增 /global/capabilities 端点(protocolVersion 3.8 + features), 经网关 /w 代理供桌面端做兼容握手,补齐设计 §20.1 缺口 - IM HttpApi:群组/消息/已读/agent 路由 + WebSocket(typing/read_receipt/ message_created 广播),SQLite schema 迁移 - core/im:orchestrator、executor、repository、mention-parser、broadcaster 桌面端 (app): - gateway-client:控制面登录/刷新/登出/容器 provision + 401 刷新重试 - GatewayProvider:内存态 bearer、鉴权 fetch、容器就绪门控 - ServerConnection.Server 变体(keyed server:<gatewayUrl>,bearer 永不持久化) - im-client:Bearer/Basic 鉴权、directory 走 header 穿透网关代理、 WS access_token cookie;IM UI(群聊面板/侧栏/输入/typing/已读回执) - 连接服务端登录对话框 Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…→ deny-only Policy statements Generic, source-agnostic mechanism: translate an injected capability set (DEEPAGENT_SERVER_CAPABILITIES env) into deny-only Policy.Info statements and seed them into the existing last-match-wins policy evaluator, so admin denies override user allows. Env-unset is a no-op (desktop/local unaffected). - server-capabilities.ts: Info schema + toStatements() (allowedProviders → deny-all + per-id re-allow) + fromEnv()/envStatements() + isAllowed() (service-free env-direct evaluator for runtimes without the Policy service). - config.ts: policy.load appends envStatements() after user/repo statements. - tool/bash.ts: gate shell.exec + git.push after the permission prompt (hard admin override). git.push is best-effort token detection. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…vider-config-write Hang capability gates at the three choke points that run in the instance server runtime. That runtime is a flat layer stack with no core Policy service (and no Location.Service), so these evaluate the injected capability set directly via ServerCapabilities.isAllowed() — same deny-only, fail-open-when- unset, last-match-wins semantics as Policy.evaluate. - repo.clone.remote → reference/repository-cache.ts, before git clone runs. - mcp.install → httpapi/handlers/mcp.ts (add + catalogEnable). - provider.config.write → httpapi/handlers/config.ts (update, only when the payload touches provider config). Deferred: extension.install (Ide.install has no live caller) and provider.byok (auth-layer BYOK) — distinct capability, not yet hung. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue for this PR
Closes #
Type of change
What does this PR do?
Please provide a description of the issue, the changes you made to fix it, and why they work. It is expected that you understand why your changes work and if you do not understand why at least say as much so a maintainer knows how much to value the PR.
If you paste a large clearly AI generated description here your PR may be IGNORED or CLOSED!
How did you verify your code works?
Screenshots / recordings
If this is a UI change, please include a screenshot or recording.
Checklist
If you do not follow this template your PR will be automatically rejected.