versun/claude-code
1
0
Fork 0
mirror of https://github.com/claude-code-best/claude-code.git synced 2026-06-15 12:55:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2e9aaf49930e553e9d26aa59259955e5234dcb8f
claude-code/src/services/acp/permissions.ts
claude-code-best 2e9aaf4993 feat: ACP 协议版本 remote control (#293) 
* fix: 添加 usage 字段缺失时的防御性防护

第三方 API(如智谱 GLM)在某些流式响应中不返回 usage 字段,
导致 usage.input_tokens 访问 undefined 崩溃并连锁影响后续所有请求。

- claude.ts: content_block_stop 创建消息时 fallback 到 EMPTY_USAGE
- LocalAgentTask.tsx: usage 为 undefined 时提前返回
- tokens.ts: getTokenCountFromUsage 加 null guard 和 ?? 0
- cost-tracker.ts: input_tokens/output_tokens 加 ?? 0

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: ACP Plan 展示 — 支持 session/update plan 类型的可视化

补全 PlanUpdate 类型定义(PlanEntry/Priority/Status),新建 PlanView 组件
渲染进度条、状态图标和优先级标签,在 ChatInterface 中处理 plan 更新逻辑。

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: 穷鬼模式下跳过 verification agent 以节省 token

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* test: 补充 RCS 后端 + 前端测试覆盖 (+116 tests)

后端新增 3 个测试文件 (70 tests):
- automationState: normalize/snapshot/equals 纯函数
- client-payload: toClientPayload 协议转换
- transport-normalize: normalizePayload + extractContent

前端新增 2 个测试文件 (46 tests):
- utils: formatTime/statusClass/truncate/extractEventText 等
- api-client: getUuid/setUuid/api GET/POST 错误处理

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: RCS ACP 页面添加权限模式选择器 + 权限响应修复

- 新增权限模式选择器 UI(6种模式:默认/自动接受编辑/跳过权限/规划/不询问/自动判断)
- 权限模式通过 ACP _meta 从 web → acp-link → agent 全链路传递
- 修复 PermissionPanel 点击"允许"发送 cancelled 而非 selected 的 bug
- 权限模式和模型选择持久化到 localStorage
- acp-link 直接连接路径同步支持 permissionMode 透传

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: RCS Web UI 重构 + QR 修复 + ACP 扫描自动跳转

- RCS Web UI 组件全面重构: Dialog 迁移 Radix UI, lazy loading,
  主题系统改进, 组件样式优化
- IdentityPanel QR 码显示修复: requestAnimationFrame 延迟绘制
  解决 Radix Dialog Portal 挂载时序问题
- ACP QR 扫描自动跳转: IdentityPanel 扫描 ACP 格式 { url, token }
  后存储 sessionStorage 并跳转 /code/?acp=1
- 新增 ACPDirectView 组件: ACP 直连视图, 用 ACPClient 连接并
  渲染 ACPMain 聊天界面

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* feat: ACP 权限管道改进 — 模式同步 + bypass 检测 + 统一权限流水线

- agent.ts: applySessionMode 同步 appState.toolPermissionContext.mode
- agent.ts: bypassPermissions 可用性检测 (非 root 或 sandbox 环境)
- permissions.ts: createAcpCanUseTool 接入 hasPermissionsToUseTool
  统一权限流水线, 替代原来分散的处理逻辑
- permissions.ts: 支持 onModeChange 回调, 模式变更时实时同步

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* fix: acp-link 支持 permissionMode 默认值传递给 agent

客户端 (Zed/VS Code 等) 的 new_session 不一定携带 permissionMode,
导致 agent 收到 _meta: undefined, permission 回退到 default。

修复: handleNewSession 使用 fallback 链:
  客户端传值 > config.permissionMode > ACP_PERMISSION_MODE 环境变量

使用: ACP_PERMISSION_MODE=auto acp-link claude

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

* docs: 更新文档及说明

* fix: 修复类型错误

* chore: 提交脚本

---------

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-18 21:54:22 +08:00

251 lines
7.6 KiB
TypeScript
Raw Blame History

/**
* Permission bridge: maps Claude Code's canUseTool / PermissionDecision
* system to ACP's requestPermission() flow.
*
* Supports:
* - bypassPermissions mode (auto-allow all tools)
* - ExitPlanMode special handling (multi-option: Yes+auto/acceptEdits/default/No)
* - Always Allow
* - Standard allow_once/allow_always/reject_once
*/
import type {
AgentSideConnection,
PermissionOption,
ToolCallUpdate,
ClientCapabilities,
} from '@agentclientprotocol/sdk'
import type { CanUseToolFn } from '../../hooks/useCanUseTool.js'
import type {
PermissionAllowDecision,
PermissionAskDecision,
PermissionDenyDecision,
} from '../../types/permissions.js'
import type { Tool as ToolType, ToolUseContext } from '../../Tool.js'
import type { AssistantMessage } from '../../types/message.js'
import { hasPermissionsToUseTool } from '../../utils/permissions/permissions.js'
import { toolInfoFromToolUse } from './bridge.js'
const IS_ROOT =
typeof process.geteuid === 'function'
? process.geteuid() === 0
: typeof process.getuid === 'function'
? process.getuid() === 0
: false
const ALLOW_BYPASS = !IS_ROOT || !!process.env.IS_SANDBOX
/**
* Creates a CanUseToolFn that delegates permission decisions to the
* ACP client via requestPermission().
*/
export function createAcpCanUseTool(
conn: AgentSideConnection,
sessionId: string,
getCurrentMode: () => string,
clientCapabilities?: ClientCapabilities,
cwd?: string,
onModeChange?: (modeId: string) => void,
): CanUseToolFn {
return async (
tool: ToolType,
input: Record<string, unknown>,
context: ToolUseContext,
assistantMessage: AssistantMessage,
toolUseID: string,
forceDecision?: PermissionAllowDecision | PermissionAskDecision | PermissionDenyDecision,
): Promise<PermissionAllowDecision | PermissionAskDecision | PermissionDenyDecision> => {
const supportsTerminalOutput = checkTerminalOutput(clientCapabilities)
// ── ExitPlanMode special handling ────────────────────────────
if (tool.name === 'ExitPlanMode') {
return handleExitPlanMode(
conn, sessionId, toolUseID, input, supportsTerminalOutput, cwd, onModeChange,
)
}
// ── Force decision bypass (used by coordinator/swarm workers) ──
if (forceDecision !== undefined) {
return forceDecision
}
// ── Run through the normal permission pipeline ────────────────
// This handles: deny rules, allow rules, tool-specific checks,
// bypassPermissions mode, dontAsk mode, acceptEdits mode, auto mode classifier
try {
const pipelineResult = await hasPermissionsToUseTool(
tool, input, context, assistantMessage, toolUseID,
)
// If the pipeline resolved to allow or deny, return that
if (pipelineResult.behavior === 'allow') {
return pipelineResult as PermissionAllowDecision
}
if (pipelineResult.behavior === 'deny') {
return pipelineResult as PermissionDenyDecision
}
// behavior === 'ask' → fall through to client delegation
} catch (err) {
// If the pipeline fails, fall through to client delegation
console.error('[ACP Permissions] Pipeline error, falling back to client:', err)
}
// ── Delegate to ACP client for interactive permission decision ──
const info = toolInfoFromToolUse(
{ name: tool.name, id: toolUseID, input },
supportsTerminalOutput,
cwd,
)
const toolCall: ToolCallUpdate = {
toolCallId: toolUseID,
title: info.title,
kind: info.kind,
status: 'pending',
rawInput: input,
}
const options: Array<PermissionOption> = [
{ kind: 'allow_always', name: 'Always Allow', optionId: 'allow_always' },
{ kind: 'allow_once', name: 'Allow', optionId: 'allow' },
{ kind: 'reject_once', name: 'Reject', optionId: 'reject' },
]
try {
const response = await conn.requestPermission({
sessionId,
toolCall,
options,
})
if (response.outcome.outcome === 'cancelled') {
return {
behavior: 'deny',
message: 'Permission request cancelled by client',
decisionReason: { type: 'mode', mode: 'default' },
}
}
if (
response.outcome.outcome === 'selected' &&
'optionId' in response.outcome &&
response.outcome.optionId !== undefined
) {
const optionId = response.outcome.optionId
if (optionId === 'allow' || optionId === 'allow_always') {
return {
behavior: 'allow',
updatedInput: input,
}
}
}
// Default: deny
return {
behavior: 'deny',
message: 'Permission denied by client',
decisionReason: { type: 'mode', mode: 'default' },
}
} catch {
return {
behavior: 'deny',
message: 'Permission request failed',
decisionReason: { type: 'mode', mode: 'default' },
}
}
}
}
async function handleExitPlanMode(
conn: AgentSideConnection,
sessionId: string,
toolUseID: string,
input: Record<string, unknown>,
supportsTerminalOutput: boolean,
cwd?: string,
onModeChange?: (modeId: string) => void,
): Promise<PermissionAllowDecision | PermissionDenyDecision> {
const options: Array<PermissionOption> = [
{ kind: 'allow_always', name: 'Yes, and use "auto" mode', optionId: 'auto' },
{ kind: 'allow_always', name: 'Yes, and auto-accept edits', optionId: 'acceptEdits' },
{ kind: 'allow_once', name: 'Yes, and manually approve edits', optionId: 'default' },
{ kind: 'reject_once', name: 'No, keep planning', optionId: 'plan' },
]
if (ALLOW_BYPASS) {
options.unshift({
kind: 'allow_always',
name: 'Yes, and bypass permissions',
optionId: 'bypassPermissions',
})
}
const info = toolInfoFromToolUse(
{ name: 'ExitPlanMode', id: toolUseID, input },
supportsTerminalOutput,
cwd,
)
const toolCall: ToolCallUpdate = {
toolCallId: toolUseID,
title: info.title,
kind: info.kind,
status: 'pending',
rawInput: input,
}
const response = await conn.requestPermission({
sessionId,
toolCall,
options,
})
if (response.outcome.outcome === 'cancelled') {
return {
behavior: 'deny',
message: 'Tool use aborted',
decisionReason: { type: 'mode', mode: 'default' },
}
}
if (
response.outcome.outcome === 'selected' &&
'optionId' in response.outcome &&
response.outcome.optionId !== undefined
) {
const selectedOption = response.outcome.optionId
if (
selectedOption === 'default' ||
selectedOption === 'acceptEdits' ||
selectedOption === 'auto' ||
selectedOption === 'bypassPermissions'
) {
// Sync mode to session state and appState
onModeChange?.(selectedOption)
await conn.sessionUpdate({
sessionId,
update: {
sessionUpdate: 'current_mode_update',
currentModeId: selectedOption,
},
})
return {
behavior: 'allow',
updatedInput: input,
}
}
}
return {
behavior: 'deny',
message: 'User rejected request to exit plan mode.',
decisionReason: { type: 'mode', mode: 'plan' },
}
}
function checkTerminalOutput(clientCapabilities?: ClientCapabilities): boolean {
if (!clientCapabilities) return false
const meta = (clientCapabilities as unknown as Record<string, unknown>)._meta
if (!meta || typeof meta !== 'object') return false
return (meta as Record<string, unknown>)['terminal_output'] === true
}
Reference in New Issue View Git Blame Copy Permalink