ab1589921a
## 安全修复 (12项) - Webhook接口添加全局Token认证,过滤敏感请求头 - 修复JWT Base64 padding公式,防止签名验证绕过 - 数据库密码/飞书Token从源码移除,改为环境变量 - 工作流引擎添加路径遍历防护 (_resolve_safe_path) - eval()添加模板长度上限检查 - 审批API添加认证依赖 - 前端v-html增强XSS转义,console.log仅开发模式输出 - 500错误不再暴露内部异常详情 ## Agent运行时修复 (7项) - 删除_inject_knowledge_context中未定义db变量的finally块 - 工具执行添加try/except保护,异常不崩溃Agent - LLM重试计入budget计数器 - self_review异常时passed=False - max_iterations截断标记success=False - 工具参数JSON解析失败时记录警告日志 - run()开始时重置_llm_invocations计数器 ## 配置与基础设施 - DEBUG默认False,SQL_ECHO独立配置项 - init_db()补全13个缺失模型导入 - 新增WEBHOOK_AUTH_TOKEN/SQL_ECHO配置项 - 新增.env.example模板文件 ## 前端修复 (12项) - 登录改用URLSearchParams替代FormData - 401拦截器通过Pinia store统一清理状态 - SSE流超时从60s延长至300s - final/error事件时清除streamTimeout - localStorage聊天记录添加24h TTL - safeParseArgCount替代模板中裸JSON.parse - fetchUser 401时同时清除user对象 ## 新增模块 - 知识进化: knowledge_extractor/retriever/tasks - 数字孪生: shadow_executor/comparison模型 - 行为采集: behavior_middleware/collector/fingerprint_engine - 代码审查: code_review_agent/document_review_agent - 反馈学习: feedback_learner - 瓶颈检测/优化引擎/成本估算/需求估算 - 速率限制器 (rate_limiter) - Alembic迁移 015-020 ## 文档 - 商业化落地计划 - 8篇docs文档 (架构/API/部署/开发/贡献等) - Docker Compose生产配置 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
49 lines
1.7 KiB
Python
49 lines
1.7 KiB
Python
"""工具审批 REST API — 前端提交审批决定"""
|
||
|
||
from __future__ import annotations
|
||
|
||
import logging
|
||
|
||
from fastapi import APIRouter, HTTPException, Depends
|
||
from pydantic import BaseModel, Field
|
||
|
||
from app.api.auth import get_current_user
|
||
from app.models.user import User
|
||
from app.services.approval_manager import approval_manager
|
||
|
||
logger = logging.getLogger(__name__)
|
||
|
||
router = APIRouter(prefix="/api/v1/approval", tags=["approval"])
|
||
|
||
|
||
class ApprovalDecisionRequest(BaseModel):
|
||
decision: str = Field(..., description="审批决定: approved | denied | skip")
|
||
|
||
|
||
@router.post("/{approval_id}/resolve")
|
||
async def resolve_approval(approval_id: str, req: ApprovalDecisionRequest, current_user: User = Depends(get_current_user)):
|
||
"""提交工具审批决定。
|
||
|
||
- **approved**: 批准执行
|
||
- **denied**: 拒绝执行(Agent 会收到拒绝提示)
|
||
- **skip**: 跳过该工具(Agent 会跳过继续)
|
||
"""
|
||
ok = approval_manager.resolve(approval_id, req.decision)
|
||
if not ok:
|
||
raise HTTPException(status_code=404, detail=f"审批请求不存在或已完成: {approval_id}")
|
||
return {"success": True, "approval_id": approval_id, "decision": req.decision}
|
||
|
||
|
||
@router.get("/{approval_id}")
|
||
async def get_approval(approval_id: str, current_user: User = Depends(get_current_user)):
|
||
"""查询待审批请求详情(用于前端展示工具名和参数)。"""
|
||
req = approval_manager.get_pending(approval_id)
|
||
if not req:
|
||
raise HTTPException(status_code=404, detail=f"审批请求不存在或已完成: {approval_id}")
|
||
return {
|
||
"approval_id": req.approval_id,
|
||
"tool_name": req.tool_name,
|
||
"args": req.args,
|
||
"decision": req.decision,
|
||
}
|