From f116b8a14a62c3008e2f177be345888aaef6be2f Mon Sep 17 00:00:00 2001 From: kurihada Date: Tue, 16 Dec 2025 11:28:33 +0800 Subject: [PATCH] =?UTF-8?q?fix(core):=20=E6=B7=BB=E5=8A=A0=20Agent=20?= =?UTF-8?q?=E7=BA=A7=E5=88=AB=E7=9A=84=20bash=20=E6=9D=83=E9=99=90?= =?UTF-8?q?=E6=A3=80=E6=9F=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 在 getVercelTools 中添加 Agent 权限检查层,确保 Plan Agent 的 bash 规则 (如 touch * -> deny)在工具执行前生效,而不是仅依赖全局权限管理器。 --- packages/core/src/core/agent.ts | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/packages/core/src/core/agent.ts b/packages/core/src/core/agent.ts index 435d5f5..8774b82 100644 --- a/packages/core/src/core/agent.ts +++ b/packages/core/src/core/agent.ts @@ -17,7 +17,7 @@ import { type CompressionConfig, } from '../context/index.js'; import type { AgentInfo, ImageData } from '../agent/types.js'; -import { agentRegistry, AgentExecutor, SystemPrompt } from '../agent/index.js'; +import { agentRegistry, AgentExecutor, SystemPrompt, checkBashPermission } from '../agent/index.js'; import { loadVisionConfig } from '../utils/config.js'; import { getProviderRegistry, resolveApiKey } from '../provider/index.js'; import { getHookManager } from '../hooks/index.js'; @@ -272,6 +272,21 @@ export class Agent { finalArgs = beforeOutput.args; } + // Agent 级别的权限检查(在全局权限检查之前) + if (tool.name === 'bash' && this.currentAgentMode?.permission?.bash) { + const command = finalArgs.command as string; + if (command) { + const action = checkBashPermission(command, this.currentAgentMode.permission.bash); + if (action === 'deny') { + return { + success: false, + output: '', + error: `[Agent 权限拒绝] 当前模式 (${this.currentAgentMode.name}) 禁止执行此命令: ${command}`, + }; + } + } + } + // 执行工具 const startTime = Date.now(); let result = await tool.execute(finalArgs);