-
Notifications
You must be signed in to change notification settings - Fork 7
feat(subagent):接入 CapabilityToken 与继承式权限隔离 #326
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Changes from all commits
75d670f
52ecf3e
80f8acd
0f17022
6a9ddb5
852f0b2
741abd6
b8a796e
75e4f1e
c0fb92e
b22e8e7
62453cb
7927d2d
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -45,6 +45,9 @@ const ( | |
| type permissionExecutionInput struct { | ||
| RunID string | ||
| SessionID string | ||
| TaskID string | ||
| AgentID string | ||
| Capability *security.CapabilityToken | ||
| State *runState | ||
| Call providertypes.ToolCall | ||
| Workdir string | ||
|
|
@@ -72,11 +75,14 @@ func (s *Service) ResolvePermission(ctx context.Context, input PermissionResolut | |
| // executeToolCallWithPermission 执行工具调用,并在 ask/deny 路径上统一发出权限事件。 | ||
| func (s *Service) executeToolCallWithPermission(ctx context.Context, input permissionExecutionInput) (tools.ToolResult, error) { | ||
| callInput := tools.ToolCallInput{ | ||
| ID: input.Call.ID, | ||
| Name: input.Call.Name, | ||
| Arguments: []byte(input.Call.Arguments), | ||
| Workdir: input.Workdir, | ||
| SessionID: input.SessionID, | ||
| ID: input.Call.ID, | ||
| Name: input.Call.Name, | ||
| Arguments: []byte(input.Call.Arguments), | ||
| Workdir: input.Workdir, | ||
| SessionID: input.SessionID, | ||
| TaskID: input.TaskID, | ||
|
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
Contributor
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. 这里开始透传 |
||
| AgentID: input.AgentID, | ||
| CapabilityToken: input.Capability, | ||
| EmitChunk: func(chunk []byte) error { | ||
| if err := ctx.Err(); err != nil { | ||
| return err | ||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
permissionExecutionInputnow carriesTaskID/AgentID/Capability, but runtime call paths still create this struct without populating those fields (for example the normal tool execution path inexecuteOneToolCall). As a result, capability binding checks are effectively skipped in production flow becauseverifyCapabilityTokenonly compares task/agent when those action fields are non-empty. This makes the claimed runtime context propagation incomplete and weakens task/agent isolation guarantees.