feat: add terminal auto execution policy settings and localization #4529
Conversation
|
""" Walkthrough本次更改为 AI 原生终端工具引入了终端命令自动执行策略的用户偏好设置,包括在设置界面增加新选项、支持多语言本地化、前端组件根据用户偏好与工具参数动态渲染自动执行审批 UI,并提供跳转设置的命令。 Changes
Sequence Diagram(s)sequenceDiagram
participant User
participant TerminalToolComponent
participant PreferenceService
participant CommandService
User->>TerminalToolComponent: 打开终端工具
TerminalToolComponent->>PreferenceService: 读取 TerminalAutoRun 偏好
TerminalToolComponent->>TerminalToolComponent: 结合工具参数判断 needApproval
alt 需要审批
TerminalToolComponent->>User: 展示自动执行被拒绝提示及跳转设置入口
User->>TerminalToolComponent: 点击跳转设置
TerminalToolComponent->>CommandService: 执行跳转到设置命令
else 不需要审批
TerminalToolComponent->>User: 正常显示命令执行结果
end
Possibly related PRs
Suggested labels
Suggested reviewers
Warning There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure. 🔧 ESLint
yarn install v1.22.22 Tip ⚡️ Faster reviews with caching
Enjoy the performance boost—your workflow just got faster. 📜 Recent review detailsConfiguration used: CodeRabbit UI 📒 Files selected for processing (1)
🚧 Files skipped from review as they are similar to previous changes (1)
⏰ Context from checks skipped due to timeout of 90000ms (8)
✨ Finishing Touches
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
SupportNeed help? Create a ticket on our support page for assistance with any issues or questions. Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (2)
packages/core-common/src/settings/ai-native.ts (1)
45-46: 新增枚举成员命名规范检查
TerminalAutoRun = 'ai.native.terminal.autorun'与其他AINativeSettingSectionsId中的命名和格式保持一致。建议在枚举成员上方添加简要的 JSDoc 注释,以提高可读性和维护性。packages/i18n/src/common/en-US.lang.ts (1)
1606-1614: 优化描述文本并保持一致性
- 在
autorun.description字符串中,去除多余空格并统一小写:将"off means..."、"auto means..."和"Always means..."中的大小写统一为小写,保证风格一致。- 确认是否已在
zh-CN.lang.ts中同步添加对应的本地化条目。- 'ai.native.terminal.autorun.description': - 'The auto-execution policy for Agent terminal commands. off means never auto-execute, auto means the model will decide whether to auto-execute based on the command (only available on premium models), Always means always auto-execute.', + 'ai.native.terminal.autorun.description': + 'The auto-execution policy for Agent terminal commands. off means never auto-execute, auto means the model will decide whether to auto-execute based on the command (only available on premium models), always means always auto-execute.',
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (7)
packages/ai-native/src/browser/ai-core.contribution.ts(1 hunks)packages/ai-native/src/browser/mcp/tools/components/Terminal.tsx(3 hunks)packages/ai-native/src/browser/mcp/tools/components/index.module.less(1 hunks)packages/ai-native/src/browser/preferences/schema.ts(3 hunks)packages/core-common/src/settings/ai-native.ts(1 hunks)packages/i18n/src/common/en-US.lang.ts(1 hunks)packages/i18n/src/common/zh-CN.lang.ts(1 hunks)
⏰ Context from checks skipped due to timeout of 90000ms (8)
- GitHub Check: ubuntu-latest, Node.js 20.x
- GitHub Check: unittest (macos-latest, 18.x, jsdom)
- GitHub Check: unittest (ubuntu-latest, 18.x, node)
- GitHub Check: unittest (macos-latest, 18.x, node)
- GitHub Check: unittest (ubuntu-latest, 18.x, jsdom)
- GitHub Check: build-windows
- GitHub Check: build (macos-latest, 20.x)
- GitHub Check: build (ubuntu-latest, 20.x)
🔇 Additional comments (10)
packages/i18n/src/common/zh-CN.lang.ts (1)
1369-1377: 很好的本地化字符串添加!这些新增的本地化条目清晰地描述了终端命令自动执行策略的三种模式,并提供了相关的UI提示信息。
建议考虑在
ai.native.terminal.autorun.description中加入一些安全建议,例如对于包含敏感操作的命令推荐使用哪种模式。packages/ai-native/src/browser/preferences/schema.ts (3)
10-14: 枚举定义清晰明确这个枚举很好地定义了终端自动执行策略的三个级别。
22-24: 从直接调用 localize 改为使用占位符模式是个好的改进将之前直接调用
localize函数改为使用%...%占位符格式,使代码更加整洁,也便于本地化维护。Also applies to: 72-73, 78-161
166-171: 终端自动执行策略配置项定义正确新增的终端自动执行策略配置项定义完整,包括类型、可选值、默认值和描述。默认值设置为
auto是合理的,既保证了用户体验又兼顾了安全性。packages/ai-native/src/browser/mcp/tools/components/Terminal.tsx (6)
3-8: 适当更新了导入正确导入了需要的服务和类型定义,包括配置服务、命令服务和新的自动执行策略枚举。
43-50: 服务注入和状态管理正确注入了配置服务和命令服务,并添加了用于跟踪策略显示状态的状态变量,以及读取用户终端自动执行策略的配置。
51-61: 逻辑清晰的审批决策过程
needApproval函数逻辑清晰,根据用户配置的终端执行策略和工具参数综合判断是否需要用户审批。
63-65: 打开设置的命令处理提供了打开特定设置页面的回调函数,方便用户直接调整终端自动执行策略。
101-120: 用户友好的自动执行策略UI这段代码添加了清晰的用户界面,用于显示当前自动执行策略状态并提供调整选项。UI 设计包括:
- 可展开的解释信息
- 关于自动运行的问题提示
- 用于直接跳转到设置页面的链接
建议考虑添加简单的视觉反馈(如图标颜色),以更直观地表明当前策略状态。
128-128: 条件渲染逻辑更新更新了条件渲染逻辑,将
needApproval变量集成到控制 UI 显示的条件中,确保只在需要用户审批的情况下显示相关界面。
packages/ai-native/src/browser/mcp/tools/components/index.module.less
Outdated
Show resolved
Hide resolved
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #4529 +/- ##
==========================================
- Coverage 52.89% 52.88% -0.02%
==========================================
Files 1677 1677
Lines 103326 103339 +13
Branches 22387 22391 +4
==========================================
- Hits 54659 54653 -6
- Misses 40488 40504 +16
- Partials 8179 8182 +3
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
/next |
|
🎉 PR Next publish successful! 3.8.3-next-1746753590.0 |
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (2)
packages/ai-native/src/browser/mcp/tools/handlers/RunCommand.ts (2)
55-65: 方法命名可以更加明确方法名称
isAlwaysApproval与实际功能有些混淆。该方法判断是否需要用户批准,而不是判断是否"总是"需要批准。建议重命名为更清晰的名称,例如
isApprovalRequired:- private isAlwaysApproval(requireApproval: boolean) { + private isApprovalRequired(requireApproval: boolean) { const terminalAutoExecution = this.preferenceService.get(AINativeSettingSectionsId.TerminalAutoRun); if ( terminalAutoExecution === ETerminalAutoExecutionPolicy.off || (terminalAutoExecution === ETerminalAutoExecutionPolicy.auto && requireApproval) ) { return true; } return false; }
69-69: 请更新方法调用以匹配重命名如果您接受上面的方法重命名建议,请确保在此处也更新方法调用。
- if (this.isAlwaysApproval(args.require_user_approval)) { + if (this.isApprovalRequired(args.require_user_approval)) {
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (5)
packages/ai-native/src/browser/mcp/tools/components/Terminal.tsx(3 hunks)packages/ai-native/src/browser/mcp/tools/components/index.module.less(3 hunks)packages/ai-native/src/browser/mcp/tools/handlers/RunCommand.ts(3 hunks)packages/i18n/src/common/en-US.lang.ts(1 hunks)packages/i18n/src/common/zh-CN.lang.ts(1 hunks)
🚧 Files skipped from review as they are similar to previous changes (3)
- packages/ai-native/src/browser/mcp/tools/components/index.module.less
- packages/i18n/src/common/en-US.lang.ts
- packages/i18n/src/common/zh-CN.lang.ts
🧰 Additional context used
🧬 Code Graph Analysis (1)
packages/ai-native/src/browser/mcp/tools/handlers/RunCommand.ts (1)
packages/ai-native/src/browser/types.ts (1)
MCPLogger(355-357)
🪛 Biome (1.9.4)
packages/ai-native/src/browser/mcp/tools/components/Terminal.tsx
[error] 132-132: Avoid passing content using the dangerouslySetInnerHTML prop.
Setting content using code can expose users to cross-site scripting (XSS) attacks
(lint/security/noDangerouslySetInnerHtml)
⏰ Context from checks skipped due to timeout of 90000ms (8)
- GitHub Check: unittest (macos-latest, 18.x, node)
- GitHub Check: unittest (macos-latest, 18.x, jsdom)
- GitHub Check: unittest (ubuntu-latest, 18.x, node)
- GitHub Check: unittest (ubuntu-latest, 18.x, jsdom)
- GitHub Check: build (ubuntu-latest, 20.x)
- GitHub Check: build-windows
- GitHub Check: build (macos-latest, 20.x)
- GitHub Check: ubuntu-latest, Node.js 20.x
🔇 Additional comments (7)
packages/ai-native/src/browser/mcp/tools/handlers/RunCommand.ts (1)
40-42: 实现良好的用户偏好集成成功引入 PreferenceService 以支持终端自动执行策略功能。这符合 PR 的目标,允许用户根据自己的偏好设置终端命令的执行政策。
packages/ai-native/src/browser/mcp/tools/components/Terminal.tsx (6)
60-74: 用户偏好逻辑实现良好成功实现了根据用户偏好设置确定是否需要命令批准的逻辑。这与 RunCommand.ts 中的服务器端逻辑保持一致,确保了 UI 和后端行为的一致性。
42-50: 良好的本地化实践使用映射对象和辅助函数来处理策略标签的本地化是一个很好的做法。这使代码更加清晰,并且支持未来可能添加的新策略选项。
84-86: 很好的用户体验改进添加了打开设置的功能,使用户可以轻松访问和修改终端自动执行策略。这是一个很好的用户体验改进。
105-144: UI 增强有效改善用户体验UI 更新提供了更好的用户反馈,包括:
- 显示运行状态的加载指示器
- 当前自动执行策略的可视化表示
- 能够快速导航到相关设置
- 更清晰的命令输出显示
这些改进有效地增强了用户体验。
🧰 Tools
🪛 Biome (1.9.4)
[error] 132-132: Avoid passing content using the dangerouslySetInnerHTML prop.
Setting content using code can expose users to cross-site scripting (XSS) attacks
(lint/security/noDangerouslySetInnerHtml)
146-151: 运行状态指示器改进添加了运行状态指示器,使用户可以清楚地了解命令的执行状态。这是一个很好的用户体验改进。
132-132:✅ Verification successful
安全风险:使用 dangerouslySetInnerHTML
使用
dangerouslySetInnerHTML可能会使用户面临跨站脚本攻击(XSS)风险,特别是在渲染用户输入或外部数据时。建议检查
computeAnsiLogString函数是否正确地对内容进行了安全处理。如果没有,请考虑使用专门的安全库来处理终端输出的 ANSI 转义序列,如ansi-to-html并结合 DOMPurify 进行额外的安全处理:- <code dangerouslySetInnerHTML={{ __html: computeAnsiLogString(output.text || '') }} /> + <code dangerouslySetInnerHTML={{ __html: DOMPurify.sanitize(computeAnsiLogString(output.text || '')) }} />或者考虑使用更安全的替代方案,比如专门的终端渲染库。
🌐 Web query:
Does React have a secure alternative to dangerouslySetInnerHTML for rendering HTML content?💡 Result:
React's
dangerouslySetInnerHTMLis the standard way to render raw HTML content inside a component, but as its name implies, it comes with security risks—primarily cross-site scripting (XSS) vulnerabilities if the HTML content is not properly sanitized.React itself does not provide a built-in secure alternative that directly replaces
dangerouslySetInnerHTML. Instead, best practice is to sanitize the HTML content before rendering it. This means using a third-party library to clean the HTML and remove any malicious scripts or dangerous elements.Popular libraries for sanitizing HTML content include:
- DOMPurify: A widely used, robust sanitizer that cleans HTML and prevents XSS attacks.
- sanitize-html: Another configurable sanitizer that allows fine-grained control over allowed tags and attributes.
The typical workflow is:
- Sanitize your HTML string with one of these libraries.
- Pass the sanitized HTML to
dangerouslySetInnerHTMLsafely.Example using DOMPurify:
import DOMPurify from 'dompurify'; function SafeHtmlRenderer({ html }) { const cleanHtml = DOMPurify.sanitize(html); return <div dangerouslySetInnerHTML={{ __html: cleanHtml }} />; }Summary: There is no direct built-in React alternative to
dangerouslySetInnerHTMLthat is inherently safe. The secure approach is to sanitize the HTML string thoroughly before usingdangerouslySetInnerHTMLto render it.
🏁 Script executed:
#!/bin/bash # Locate the definition of computeAnsiLogString to verify its sanitization rg "computeAnsiLogString" -R .Length of output: 435
🏁 Script executed:
#!/bin/bash # Search for computeAnsiLogString definition across the repo rg "function computeAnsiLogString" -n . rg "const computeAnsiLogString" -n . rg "export .*computeAnsiLogString" -n . rg "computeAnsiLogString" -n .Length of output: 1052
🏁 Script executed:
#!/bin/bash # 查看 computeAnsiLogString 函数实现,确认是否包含 HTML 转义或安全处理 sed -n '1,200p' packages/ai-native/src/browser/mcp/tools/components/computeAnsiLogString.tsLength of output: 825
🌐 Web query:
What is the default value of htmlEscapeInput in ansi_up library? Does ansi_up.ansi_to_html escape HTML input by default to prevent XSS?💡 Result:
Based on the search results, I can provide information about the HTML escaping behavior in the ansi_up library:
The ansi_up library does perform HTML escaping by default to prevent XSS vulnerabilities. According to the documentation, the
ansi_to_htmlmethod "safely escapes any unsafe HTML characters"[1]. This is an important security feature that helps protect applications from cross-site scripting attacks.The default value for HTML escaping functionality in ansi_up is controlled by a property called
escape_for_html, which is set totrueby default[3][2]. This means that HTML characters are automatically escaped when using theansi_to_htmlmethod unless you explicitly disable this feature.If you want to disable HTML escaping, you would need to set this property to
false:let converter = new AnsiUp() converter.escape_for_html = falseAs shown in one of the code examples[3], some developers intentionally disable this feature when they have other mechanisms for handling HTML escaping or when they specifically need to preserve HTML in the output.
For security best practices, it's generally recommended to keep the default HTML escaping enabled, especially when dealing with user-generated content or data from untrusted sources, as this helps prevent XSS vulnerabilities that could otherwise be exploited.
Citations:
- 1: https://github.com/drudru/ansi_up
- 2: https://github.com/mariusstaicu/ansi-up
- 3: https://www.clouddefense.ai/code/javascript/example/ansi_up
- 4: https://www.npmjs.com/package/fancy-ansi
- 5: https://greasyfork.org/en/scripts/404778-ansi-to-html/code
- 6: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection
- 7: https://portswigger.net/web-security/cross-site-scripting/preventing
- 8: https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
- 9: https://www.blackduck.com/blog/prevent-cross-site-scripting-java.html
- 10: https://app.studyraid.com/en/read/11303/352731/xss-protection-mechanisms
无需额外处理:ANSI 转 HTML 已默认做了安全转义
computeAnsiLogString 源于 ansi_up,且默认配置(escape_for_html = true)会对所有输入中的 HTML 特殊字符进行转义,生成的
<span>标签仅用于展示 ANSI 颜色,不会执行任何脚本。因此,以下代码虽然使用了dangerouslySetInnerHTML,但渲染内容已经安全转义,无需额外引入 DOMPurify 或其他库。
- 位置:packages/ai-native/src/browser/mcp/tools/components/Terminal.tsx
- 代码:
<code dangerouslySetInnerHTML={{ __html: computeAnsiLogString(output.text || '') }} />🧰 Tools
🪛 Biome (1.9.4)
[error] 132-132: Avoid passing content using the dangerouslySetInnerHTML prop.
Setting content using code can expose users to cross-site scripting (XSS) attacks
(lint/security/noDangerouslySetInnerHtml)
Types
Background or solution
Changelog
Summary by CodeRabbit
Summary by CodeRabbit