mirror of
https://github.com/lobehub/lobe-chat.git
synced 2026-06-14 03:30:19 +00:00
Arvin Xu
575ef1e8ee
* ♻️ refactor(agent): single-track device-tool injection via execution plan P3 follow-up to #15669 — downstream layers now consume the resolved ExecutionPlan instead of re-deriving device capability: - ExecutionPlan carries the effective `target`; persisted into state.metadata.executionPlan via createOperation - call_llm executor gates buildStepToolDelta's activeDeviceId signal on the plan (none/sandbox can never re-inject local-system mid-run) - AgentToolsEngine consumes the plan's target; redundant rule-level canUseDevice checks removed (physical manifest walls remain) - builtin agent runtime config can now override agencyConfig (web-onboarding pins executionTarget=none) - hetero desktop 'local' selection persists this desktop's deviceId so opening the agent from web dispatches to the same machine via gateway - 'local' vs 'device' stay distinct user choices even for the same machine: gateway dispatch streams progress to all clients (mobile), IPC is faster but desktop-session-only — guarded by a regression test Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> * 🐛 fix(agent): enforce device access policy on hetero dispatch resolveDeviceAccessPolicy now runs BEFORE the hetero early exit and feeds canUseDevice into the hetero execution plan: a denied sender (external bot user) degrades local/device-bound CLI hetero runs to the cloud sandbox instead of dispatching to the owner's machine, and requestedDeviceId cannot bypass the policy. Remote hetero agents (openclaw/hermes) are device-only with no sandbox fallback, so denied senders are refused outright. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> * 💄 style(agent): fix interface field order in RuntimeSelectionContext Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> --------- Co-authored-by: Claude Fable 5 <noreply@anthropic.com>