Skip to content

v3.8#29

Merged
deepagent-ai merged 6 commits into
mainfrom
dev
Jul 5, 2026
Merged

v3.8#29
deepagent-ai merged 6 commits into
mainfrom
dev

Conversation

@deepagent-ai

Copy link
Copy Markdown
Contributor

Issue for this PR

Closes #

Type of change

  • Bug fix
  • New feature
  • Refactor / code improvement
  • Documentation

What does this PR do?

Please provide a description of the issue, the changes you made to fix it, and why they work. It is expected that you understand why your changes work and if you do not understand why at least say as much so a maintainer knows how much to value the PR.

If you paste a large clearly AI generated description here your PR may be IGNORED or CLOSED!

How did you verify your code works?

Screenshots / recordings

If this is a UI change, please include a screenshot or recording.

Checklist

  • I have tested my changes locally
  • I have not included unrelated changes in this PR

If you do not follow this template your PR will be automatically rejected.

thomas-yanga and others added 6 commits July 3, 2026 17:35
… version check (#28)

## Changes

1. **nix/hashes.json**: Update `x86_64-linux` node_modules hash to match
current nixpkgs-unstable snapshot
2. **nix/deepagent-code.nix**: Add `patchPhase` that dynamically reads
the actual bun version at build time, instead of hardcoding `^1.3.14`.
This avoids build failures when nixpkgs-unstable ships a slightly
different bun version (e.g., 1.3.13).

## Related

Closes #27

Signed-off-by: thomas-yanga <odie_majere@outlook.com>
数据面 (deepagent-code):
- 新增 /global/capabilities 端点(protocolVersion 3.8 + features),
  经网关 /w 代理供桌面端做兼容握手,补齐设计 §20.1 缺口
- IM HttpApi:群组/消息/已读/agent 路由 + WebSocket(typing/read_receipt/
  message_created 广播),SQLite schema 迁移
- core/im:orchestrator、executor、repository、mention-parser、broadcaster

桌面端 (app):
- gateway-client:控制面登录/刷新/登出/容器 provision + 401 刷新重试
- GatewayProvider:内存态 bearer、鉴权 fetch、容器就绪门控
- ServerConnection.Server 变体(keyed server:<gatewayUrl>,bearer 永不持久化)
- im-client:Bearer/Basic 鉴权、directory 走 header 穿透网关代理、
  WS access_token cookie;IM UI(群聊面板/侧栏/输入/typing/已读回执)
- 连接服务端登录对话框

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…→ deny-only Policy statements

Generic, source-agnostic mechanism: translate an injected capability set
(DEEPAGENT_SERVER_CAPABILITIES env) into deny-only Policy.Info statements and
seed them into the existing last-match-wins policy evaluator, so admin denies
override user allows. Env-unset is a no-op (desktop/local unaffected).

- server-capabilities.ts: Info schema + toStatements() (allowedProviders →
  deny-all + per-id re-allow) + fromEnv()/envStatements() + isAllowed()
  (service-free env-direct evaluator for runtimes without the Policy service).
- config.ts: policy.load appends envStatements() after user/repo statements.
- tool/bash.ts: gate shell.exec + git.push after the permission prompt (hard
  admin override). git.push is best-effort token detection.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…vider-config-write

Hang capability gates at the three choke points that run in the instance
server runtime. That runtime is a flat layer stack with no core Policy service
(and no Location.Service), so these evaluate the injected capability set
directly via ServerCapabilities.isAllowed() — same deny-only, fail-open-when-
unset, last-match-wins semantics as Policy.evaluate.

- repo.clone.remote → reference/repository-cache.ts, before git clone runs.
- mcp.install → httpapi/handlers/mcp.ts (add + catalogEnable).
- provider.config.write → httpapi/handlers/config.ts (update, only when the
  payload touches provider config).

Deferred: extension.install (Ide.install has no live caller) and provider.byok
(auth-layer BYOK) — distinct capability, not yet hung.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@deepagent-ai
deepagent-ai merged commit a3e07e2 into main Jul 5, 2026
9 of 23 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants