AskaEth/Cyrene
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
24f827fe02ade7a385f19685c9c96e992d9cfea8
Cyrene/backend/ai-core/internal/host/manager.go
T
AskaEth 38b36fc5ad feat: Phase 6.2 宿主机安全操控 — 沙箱执行 + 文件系统隔离 + 进程管理 
- host.Sandbox: 命令白名单 + 目录限制 + 超时控制 + 环境变量过滤
- host.Manager: 文件读写列表 + 系统信息查询 + 路径验证
- 3个新工具: host_exec (沙箱命令执行), host_file (文件操作), host_system (系统信息)
- 后台思考器自主工具策略已更新,允许安全使用主机工具
- host_exec 标记为高风险工具,受频率限制

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-23 22:23:45 +08:00

209 lines
5.3 KiB
Go
Raw Blame History

package host
import (
"context"
"fmt"
"os"
"os/exec"
"path/filepath"
"runtime"
"strings"
"time"
)
// Manager provides controlled access to the host machine.
// It wraps a Sandbox for command execution and adds file system
// operations with path allow-list enforcement.
type Manager struct {
sandbox *Sandbox
allowedDirs []string
}
// NewManager creates a new host Manager.
func NewManager(sandbox *Sandbox) *Manager {
m := &Manager{sandbox: sandbox}
if sandbox != nil {
m.allowedDirs = sandbox.cfg.AllowedDirs
}
return m
}
// SetAllowedDirs updates the list of directories accessible for file operations.
func (m *Manager) SetAllowedDirs(dirs []string) {
m.allowedDirs = dirs
m.sandbox.cfg.AllowedDirs = dirs
}
// Exec runs a command in the sandbox.
func (m *Manager) Exec(ctx context.Context, command, workDir string, timeout time.Duration) (*ExecResult, error) {
return m.sandbox.Exec(ctx, command, workDir, timeout)
}
// ReadFile reads the contents of a file within allowed directories.
func (m *Manager) ReadFile(path string, maxBytes int) (string, error) {
if maxBytes <= 0 {
maxBytes = 1024 * 1024
}
if err := m.validatePath(path); err != nil {
return "", err
}
info, err := os.Stat(path)
if err != nil {
return "", fmt.Errorf("cannot stat file: %w", err)
}
if info.IsDir() {
return "", fmt.Errorf("path is a directory: %s", path)
}
if info.Size() > int64(maxBytes) {
return "", fmt.Errorf("file too large: %d bytes (max %d)", info.Size(), maxBytes)
}
data, err := os.ReadFile(path)
if err != nil {
return "", fmt.Errorf("cannot read file: %w", err)
}
if len(data) > maxBytes {
data = data[:maxBytes]
}
return string(data), nil
}
// WriteFile writes data to a file within allowed directories.
func (m *Manager) WriteFile(path, content string, maxBytes int) error {
if maxBytes <= 0 {
maxBytes = 1024 * 1024
}
if len(content) > maxBytes {
return fmt.Errorf("content too large: %d bytes (max %d)", len(content), maxBytes)
}
if err := m.validatePath(path); err != nil {
return err
}
dir := filepath.Dir(path)
if err := os.MkdirAll(dir, 0755); err != nil {
return fmt.Errorf("cannot create directory: %w", err)
}
return os.WriteFile(path, []byte(content), 0644)
}
// ListDir lists directory contents within allowed directories.
func (m *Manager) ListDir(path string) ([]DirEntry, error) {
if err := m.validatePath(path); err != nil {
return nil, err
}
entries, err := os.ReadDir(path)
if err != nil {
return nil, fmt.Errorf("cannot read directory: %w", err)
}
result := make([]DirEntry, 0, len(entries))
for _, e := range entries {
info, _ := e.Info()
size := int64(0)
modTime := time.Time{}
if info != nil {
size = info.Size()
modTime = info.ModTime()
}
result = append(result, DirEntry{
Name: e.Name(),
IsDir: e.IsDir(),
Size: size,
ModTime: modTime.Format(time.RFC3339),
})
}
return result, nil
}
// DirEntry represents a filesystem directory entry.
type DirEntry struct {
Name string `json:"name"`
IsDir bool `json:"is_dir"`
Size int64 `json:"size"`
ModTime string `json:"mod_time"`
}
// SystemInfo returns basic system information.
func (m *Manager) SystemInfo() map[string]interface{} {
hostname, _ := os.Hostname()
wd, _ := os.Getwd()
info := map[string]interface{}{
"hostname": hostname,
"os": runtime.GOOS,
"arch": runtime.GOARCH,
"num_cpu": runtime.NumCPU(),
"go_version": runtime.Version(),
"work_dir": wd,
}
if runtime.GOOS == "windows" {
cmd := exec.Command("systeminfo")
out, err := cmd.Output()
if err == nil {
lines := strings.Split(string(out), "\n")
for _, line := range lines {
line = strings.TrimSpace(line)
if strings.Contains(line, "Total Physical Memory") {
parts := strings.SplitN(line, ":", 2)
if len(parts) == 2 {
info["total_memory"] = strings.TrimSpace(parts[1])
}
}
if strings.Contains(line, "OS Name") {
parts := strings.SplitN(line, ":", 2)
if len(parts) == 2 {
info["os_name"] = strings.TrimSpace(parts[1])
}
}
}
}
} else {
if data, err := os.ReadFile("/proc/meminfo"); err == nil {
for _, line := range strings.Split(string(data), "\n") {
if strings.HasPrefix(line, "MemTotal:") {
info["total_memory"] = strings.TrimSpace(strings.TrimPrefix(line, "MemTotal:"))
break
}
}
}
}
return info
}
// DiskUsage returns disk usage for the given path.
func (m *Manager) DiskUsage(path string) (map[string]interface{}, error) {
if err := m.validatePath(path); err != nil {
return nil, err
}
info, err := os.Stat(path)
if err != nil {
return nil, fmt.Errorf("cannot stat path: %w", err)
}
result := map[string]interface{}{
"path": path,
"is_dir": info.IsDir(),
"size": info.Size(),
"mod_time": info.ModTime().Format(time.RFC3339),
}
return result, nil
}
func (m *Manager) validatePath(path string) error {
absPath, err := filepath.Abs(path)
if err != nil {
return fmt.Errorf("cannot resolve path: %w", err)
}
if len(m.allowedDirs) == 0 {
return nil
}
for _, allowed := range m.allowedDirs {
absAllowed, err := filepath.Abs(allowed)
if err != nil {
continue
}
if strings.HasPrefix(absPath, absAllowed+string(os.PathSeparator)) || absPath == absAllowed {
return nil
}
}
return fmt.Errorf("path not in allowed directories: %s", path)
}
Reference in New Issue View Git Blame Copy Permalink