feat: 问就是封包

2026-06-17 22:05:50 +00:00 · 2026-03-31 23:32:58 +08:00
parent d7a729ca68
commit dd9cd782a7
67 changed files with 423 additions and 172 deletions
--- a/src/utils/permissions/filesystem.ts
+++ b/src/utils/permissions/filesystem.ts
@@ -1325,14 +1325,15 @@ export function checkWritePermissionForTool<Input extends AnyObject>(
          },
        ]
      : generateSuggestions(path, 'write', toolPermissionContext, pathsToCheck)
+    const failedCheck = safetyCheck as { safe: false; message: string; classifierApprovable: boolean }
    return {
      behavior: 'ask',
-      message: safetyCheck.message,
+      message: failedCheck.message,
      suggestions: safetySuggestions,
      decisionReason: {
        type: 'safetyCheck',
-        reason: safetyCheck.message,
-        classifierApprovable: safetyCheck.classifierApprovable,
+        reason: failedCheck.message,
+        classifierApprovable: failedCheck.classifierApprovable,
      },
    }
  }
--- a/src/utils/permissions/pathValidation.ts
+++ b/src/utils/permissions/pathValidation.ts
@@ -112,8 +112,8 @@ export function isPathInSandboxWriteAllowlist(resolvedPath: string): boolean {
  // their resolution to avoid N × config.length redundant syscalls per
  // command with N write targets (matching getResolvedWorkingDirPaths).
  const pathsToCheck = getPathsForPermissionCheck(resolvedPath)
-  const resolvedAllow = allowOnly.flatMap(getResolvedSandboxConfigPath)
-  const resolvedDeny = denyWithinAllow.flatMap(getResolvedSandboxConfigPath)
+  const resolvedAllow = allowOnly.flatMap(getResolvedSandboxConfigPath) as string[]
+  const resolvedDeny = denyWithinAllow.flatMap(getResolvedSandboxConfigPath) as string[]
  return pathsToCheck.every(p => {
    for (const denyPath of resolvedDeny) {
      if (pathInWorkingPath(p, denyPath)) return false
@@ -184,12 +184,13 @@ export function isPathAllowed(
      precomputedPathsToCheck,
    )
    if (!safetyCheck.safe) {
+      const failedCheck = safetyCheck as { safe: false; message: string; classifierApprovable: boolean }
      return {
        allowed: false,
        decisionReason: {
          type: 'safetyCheck',
-          reason: safetyCheck.message,
-          classifierApprovable: safetyCheck.classifierApprovable,
+          reason: failedCheck.message,
+          classifierApprovable: failedCheck.classifierApprovable,
        },
      }
    }
--- a/src/utils/permissions/permissions.ts
+++ b/src/utils/permissions/permissions.ts
@@ -412,7 +412,7 @@ async function runPermissionRequestHooksForHeadlessAgent(
      input,
      context,
      permissionMode,
-      suggestions,
+      suggestions as any,
      context.abortController.signal,
    )) {
      if (!hookResult.permissionRequestResult) {
@@ -423,12 +423,12 @@ async function runPermissionRequestHooksForHeadlessAgent(
        const finalInput = decision.updatedInput ?? input
        // Persist permission updates if provided
        if (decision.updatedPermissions?.length) {
-          persistPermissionUpdates(decision.updatedPermissions)
+          persistPermissionUpdates(decision.updatedPermissions as any)
          context.setAppState(prev => ({
            ...prev,
            toolPermissionContext: applyPermissionUpdates(
              prev.toolPermissionContext,
-              decision.updatedPermissions!,
+              decision.updatedPermissions as any,
            ),
          }))
        }