Release/v0.2.3 (#355)
* feat(web): add PageEmpty component
* feat(web): add PageTabs component
* feat(web): add PageEmpty component
* feat(web): add PageTabs component
* feat(prompt): add history tracking for prompt releases
* feat(web): add prompt menu
* refactor: The PageScrollList component supports two generic parameters
* feat(web): BodyWrapper compoent update PageLoading
* feat(web): add Ontology menu
* feat(web): memory management add scene
* feat(tasks): add celery task configuration for periodic jobs
- Add ignore_result=True to prevent storing results for periodic tasks
- Set max_retries=0 to skip failed periodic tasks without retry attempts
- Configure acks_late=False for immediate acknowledgment in beat tasks
- Add time_limit and soft_time_limit to regenerate_memory_cache task (3600s/3300s)
- Add time_limit and soft_time_limit to workspace_reflection_task (300s/240s)
- Add time_limit and soft_time_limit to run_forgetting_cycle_task (7200s/7000s)
- Improve task reliability and resource management for scheduled jobs
* feat(sandbox): add Node.js code execution support to sandbox
* Release/v0.2.2 (#260)
* [modify] migration script
* [add] migration script
* fix(web): change form message
* fix(web): the memoryContent field is compatible with numbers and strings
* feat(web): code node hidden
* fix(model):
1. create a basic model to check if the name and provider are duplicated.
2. The result shows error models because the provider created API Keys for all matching models.
---------
Co-authored-by: Mark <zhuwenhui5566@163.com>
Co-authored-by: zhaoying <yzhao96@best-inc.com>
Co-authored-by: yingzhao <zhaoyingyz@126.com>
Co-authored-by: Timebomb2018 <18868801967@163.com>
* Feature/ontology class clean (#249)
* [add] Complete ontology engineering feature implementation
* [add] Add ontology feature integration and validation utilities
* [add] Add OWL validator and validation utilities
* [fix] Add missing render_ontology_extraction_prompt function
* [fix]Add dependencies, fix functionality
* [add] migration script
* feat(celery): add dedicated periodic tasks worker and queue (#261)
* fix(web): conflict resolve
* Fix/v022 bug (#263)
* [fix]Fix the issue of inconsistent language in explicit and episodic memory.
* [fix]Fix the issue of inconsistent language in explicit and episodic memory.
* [add]Add scene_id
* [fix]Based on the AI review to fix the code
* Fix/develop memory reflex (#265)
* 遗漏的历史映射
* 遗漏的历史映射
* 反思后台报错处理
* [add] migration script
* fix: chat conversation_id add node_start
* feat(web): show code node
* fix(web): Restructure the CustomSelect component, repair the interface that is called multiple times when the form is updated
* feat(web): RadioGroupCard support block mode
* feat(web): create space add icon
* feat(app and model): token consumption statistics
* Add/develop memory (#264)
* 遗漏的历史映射
* 遗漏的历史映射
* 遗漏的历史映射
* 遗漏的历史映射
* 遗漏的历史映射
* 遗漏的历史映射
* 遗漏的历史映射
* 遗漏的历史映射
* 遗漏的历史映射
* 新增长期记忆功能
* 新增长期记忆功能
* 新增长期记忆功能
* 知识库检索多余字段
* 长期
* feat(app and model): token consumption statistics of the cluster
* memory_BUG_fix
* fix(web): prompt history remove pageLoading
* fix(prompt): remove hard-coded import of prompt file paths (#279)
* Fix/develop memory bug (#274)
* 遗漏的历史映射
* 遗漏的历史映射
* fix_timeline_memories
* fix(web): update retrieve_type key
* Fix/develop memory bug (#276)
* 遗漏的历史映射
* 遗漏的历史映射
* fix_timeline_memories
* fix_timeline_memories
* write_gragp/bug_fix
* write_gragp/bug_fix
* write_gragp/bug_fix
* chore(celery): disable periodic task scheduling
* fix(prompt): remove hard-coded import of prompt file paths
---------
Co-authored-by: lixinyue11 <94037597+lixinyue11@users.noreply.github.com>
Co-authored-by: zhaoying <yzhao96@best-inc.com>
Co-authored-by: yingzhao <zhaoyingyz@126.com>
Co-authored-by: Ke Sun <kesun5@illinois.edu>
* fix(web): remove delete confirm content
* refactor(workflow): relocate template directory into workflow
* feat(memory): add long-term storage task routing and batching
* fix(web): PageScrollList loading update
* fix(web): PageScrollList loading update
* Ontology v1 bug (#291)
* [changes]Add 'id' as the secondary sorting key, and 'scene_id' now returns a UUID object
* [fix]Fix the "end_user" return to be sorted by update time.
* [fix]Set the default values of the memory configuration model based on the spatial model.
* [fix]Remove the entity extraction check combination model, read the configuration list, and add the return of scene_id
* [fix]Fix the "end_user" return to be sorted by update time.
* [fix]
* fix(memory): add Redis session validation
- Add macOS fork() safety configuration in celery_app.py to prevent initialization issues
- Add null/False checks for Redis session queries in term_memory_save to handle missing sessions gracefully
- Add null/False checks in memory_long_term_storage to prevent processing empty Redis results
- Add null/False checks in aggregate_judgment before format_parsing to avoid errors on missing data
- Initialize redis_messages variable in window_dialogue for consistency
- Add debug logging when no existing session found in Redis for better troubleshooting
- Add TODO comments for magic numbers (scope=6, time=5) to be extracted as constants
- Improve error handling when Redis returns False or empty results instead of crashing
* fix(web): PageScrollList style update
* fix(workflow): fix argument passing in code execution nodes
* fix(web): prompt add disabled
* fix(web): space icon required
* feat(app): modify the key of the token
* fix(fix the key of the app's token):
* fix(workflow): switch code input encoding to base64+URL encoding
* [add]The main project adds multi-API Key load balancing.
* [changes]Attribute security access, secure numerical conversion, unified use of local variables
* fix(web): save add session update
* fix(web): language editor support paste
* [changes]Active status filtering logic, API Key selection strategy
* memory_BUG
* memory_BUG_long_term
* [changes]
* memory_BUG_long_term
* memory_BUG_long_term
* Fix/release memory bug (#306)
* memory_BUG_fix
* memory_BUG
* memory_BUG_long_term
* memory_BUG_long_term
* memory_BUG_long_term
* knowledge_retrieval/bug/fix
* knowledge_retrieval/bug/fix
* knowledge_retrieval/bug/fix
* [fix]1.The "read_all_config" interface returns "scene_name";2.Memory configuration for lightweight query ontology scenarios
* fix(web): replace code editor
* [changes]Modify the description of the time for the recent event
* [changes]Modify the code based on the AI review
* feat(web): update memory config ontology api
* fix(web): ui update
* knowledge_retrieval/bug/fix
* knowledge_retrieval/bug/fix
* knowledge_retrieval/bug/fix
* feat(workflow): add token usage statistics for question classifier and parameter extraction
* feat(web): move prompt menu
* Multiple independent transactions - single transaction
* Multiple independent transactions - single transaction
* Multiple independent transactions - single transaction
* Multiple independent transactions - single transaction
* Write Missing None (#321)
* Write Missing None
* Write Missing None
* Write Missing None
* Apply suggestion from @sourcery-ai[bot]
Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com>
* Write Missing None
---------
Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com>
* Fix/release memory bug (#324)
* Write Missing None
* Write Missing None
* Write Missing None
* Apply suggestion from @sourcery-ai[bot]
Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com>
* Write Missing None
* redis update
* redis update
* redis update
* redis update
---------
Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com>
* Fix/writer memory bug (#326)
* [fix]Fix the bug
* [fix]Fix the bug
* [fix]Correct the direction indication.
* fix(web): markdown table ui update
* Fix/release memory bug (#332)
* Write Missing None
* Write Missing None
* Write Missing None
* Apply suggestion from @sourcery-ai[bot]
Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com>
* Write Missing None
* redis update
* redis update
* redis update
* redis update
* writer_dup_bug/fix
---------
Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com>
* Fix/fact summary (#333)
* [fix]Disable the contents related to fact_summary
* [fix]Disable the contents related to fact_summary
* [fix]Modify the code based on the AI review
* Fix/release memory bug (#335)
* Write Missing None
* Write Missing None
* Write Missing None
* Apply suggestion from @sourcery-ai[bot]
Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com>
* Write Missing None
* redis update
* redis update
* redis update
* redis update
* writer_dup_bug/fix
* writer_graph_bug/fix
* writer_graph_bug/fix
---------
Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com>
* Revert "feat(web): move prompt menu"
This reverts commit 9e6e8f50f8.
* fix(web): ui update
* fix(web): update text
* fix(web): ui update
* fix(model): change the "vl" model type of dashscope to "chat"
* fix(model): change the "vl" model type of dashscope to "chat"
---------
Co-authored-by: zhaoying <yzhao96@best-inc.com>
Co-authored-by: Eternity <1533512157@qq.com>
Co-authored-by: Mark <zhuwenhui5566@163.com>
Co-authored-by: yingzhao <zhaoyingyz@126.com>
Co-authored-by: Timebomb2018 <18868801967@163.com>
Co-authored-by: 乐力齐 <162269739+lanceyq@users.noreply.github.com>
Co-authored-by: lixinyue11 <94037597+lixinyue11@users.noreply.github.com>
Co-authored-by: lixinyue <2569494688@qq.com>
Co-authored-by: Eternity <61316157+myhMARS@users.noreply.github.com>
Co-authored-by: lanceyq <1982376970@qq.com>
Co-authored-by: sourcery-ai[bot] <58596630+sourcery-ai[bot]@users.noreply.github.com>
This commit is contained in:
Ke Sun
7
sandbox/lib/seccomp_nodejs/Cargo.lock
generated
7
sandbox/lib/seccomp_nodejs/Cargo.lock
generated
@@ -1,7 +0,0 @@
|
||||
# This file is automatically @generated by Cargo.
|
||||
# It is not intended for manual editing.
|
||||
version = 4
|
||||
|
||||
[[package]]
|
||||
name = "seccomp_nodejs"
|
||||
version = "0.1.0"
|
||||
@@ -1,6 +0,0 @@
|
||||
[package]
|
||||
name = "seccomp_nodejs"
|
||||
version = "0.1.0"
|
||||
edition = "2024"
|
||||
|
||||
[dependencies]
|
||||
@@ -15,8 +15,8 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
|
||||
checksum = "60276e2d41bbb68b323e566047a1bfbf952050b157d8b5cdc74c07c1bf4ca3b6"
|
||||
|
||||
[[package]]
|
||||
name = "seccomp_python"
|
||||
version = "0.1.0"
|
||||
name = "seccomp_redbear"
|
||||
version = "0.1.1"
|
||||
dependencies = [
|
||||
"libc",
|
||||
"libseccomp-sys",
|
||||
@@ -1,12 +1,17 @@
|
||||
[package]
|
||||
name = "seccomp_python"
|
||||
version = "0.1.0"
|
||||
name = "seccomp_redbear"
|
||||
version = "0.1.1"
|
||||
edition = "2024"
|
||||
|
||||
[lib]
|
||||
name = "python"
|
||||
name = "sandbox"
|
||||
crate-type = ["cdylib"]
|
||||
|
||||
[dependencies]
|
||||
libc = "0.2.180"
|
||||
libseccomp-sys = "0.3.0"
|
||||
|
||||
[features]
|
||||
default = []
|
||||
python3 = []
|
||||
nodejs = []
|
||||
@@ -1,13 +1,25 @@
|
||||
mod syscalls;
|
||||
#[cfg(all(feature = "python3", feature = "nodejs"))]
|
||||
compile_error!("Only one feature can be enabled: either python3 or nodejs, not both!");
|
||||
|
||||
use crate::syscalls::*;
|
||||
use libc::{chdir, chroot, gid_t, uid_t, c_int};
|
||||
#[cfg(not(any(feature = "python3", feature = "nodejs")))]
|
||||
compile_error!("You must enable one feature: either python3 or nodejs");
|
||||
|
||||
#[cfg(feature = "python3")]
|
||||
mod python_syscalls;
|
||||
#[cfg(feature = "python3")]
|
||||
use crate::python_syscalls::*;
|
||||
|
||||
#[cfg(feature = "nodejs")]
|
||||
mod nodejs_syscalls;
|
||||
#[cfg(feature = "nodejs")]
|
||||
use crate::nodejs_syscalls::*;
|
||||
|
||||
use libc::{c_char, c_int, chdir, chroot, gid_t, uid_t};
|
||||
use libseccomp_sys::*;
|
||||
use std::env;
|
||||
use std::ffi::CString;
|
||||
use std::str::FromStr;
|
||||
|
||||
|
||||
/*
|
||||
* get_allowed_syscalls - retrieve allowed syscalls for the sandbox
|
||||
* @enable_network: enable network-related syscalls if non-zero
|
||||
@@ -193,3 +205,20 @@ pub unsafe extern "C" fn init_seccomp(uid: uid_t, gid: gid_t, enable_network: i3
|
||||
Err(code) => code,
|
||||
}
|
||||
}
|
||||
|
||||
#[unsafe(no_mangle)]
|
||||
pub unsafe extern "C" fn get_lib_version_static() -> *const c_char {
|
||||
concat!(env!("CARGO_PKG_VERSION"), "\0").as_ptr() as *const c_char
|
||||
}
|
||||
|
||||
#[unsafe(no_mangle)]
|
||||
pub unsafe extern "C" fn get_lib_feature_static() -> *const c_char {
|
||||
#[cfg(feature = "python3")]
|
||||
let s = b"python3\0";
|
||||
#[cfg(feature = "nodejs")]
|
||||
let s = b"nodejs\0";
|
||||
#[cfg(not(any(feature = "python3", feature = "nodejs")))]
|
||||
let s = b"none\0";
|
||||
|
||||
s.as_ptr() as *const c_char
|
||||
}
|
||||
74
sandbox/lib/seccomp_redbear/src/nodejs_syscalls.rs
Normal file
74
sandbox/lib/seccomp_redbear/src/nodejs_syscalls.rs
Normal file
@@ -0,0 +1,74 @@
|
||||
// src/nodejs_syscalls.rs
|
||||
|
||||
pub static ALLOW_SYSCALLS: &[i32] = &[
|
||||
// File IO
|
||||
libc::SYS_open as i32,
|
||||
libc::SYS_write as i32,
|
||||
libc::SYS_close as i32,
|
||||
libc::SYS_read as i32,
|
||||
libc::SYS_openat as i32,
|
||||
libc::SYS_newfstatat as i32,
|
||||
libc::SYS_ioctl as i32,
|
||||
libc::SYS_lseek as i32,
|
||||
libc::SYS_fstat as i32,
|
||||
libc::SYS_readlink as i32,
|
||||
libc::SYS_dup3 as i32,
|
||||
libc::SYS_fcntl as i32,
|
||||
libc::SYS_fsync as i32,
|
||||
// Memory
|
||||
libc::SYS_mprotect as i32,
|
||||
libc::SYS_mmap as i32,
|
||||
libc::SYS_munmap as i32,
|
||||
libc::SYS_mremap as i32,
|
||||
libc::SYS_brk as i32,
|
||||
libc::SYS_madvise as i32,
|
||||
// Signal
|
||||
libc::SYS_rt_sigaction as i32,
|
||||
libc::SYS_rt_sigprocmask as i32,
|
||||
libc::SYS_sigaltstack as i32,
|
||||
libc::SYS_rt_sigreturn as i32,
|
||||
libc::SYS_tgkill as i32,
|
||||
// Thread
|
||||
libc::SYS_futex as i32,
|
||||
libc::SYS_sched_yield as i32,
|
||||
libc::SYS_set_robust_list as i32,
|
||||
libc::SYS_rseq as i32,
|
||||
// User / Group
|
||||
libc::SYS_getuid as i32,
|
||||
// Process
|
||||
libc::SYS_getpid as i32,
|
||||
libc::SYS_gettid as i32,
|
||||
libc::SYS_exit as i32,
|
||||
libc::SYS_exit_group as i32,
|
||||
libc::SYS_sched_getaffinity as i32,
|
||||
// Time
|
||||
libc::SYS_clock_gettime as i32,
|
||||
libc::SYS_gettimeofday as i32,
|
||||
libc::SYS_nanosleep as i32,
|
||||
libc::SYS_time as i32,
|
||||
// Epoll / Event (I/O multiplexing)
|
||||
libc::SYS_epoll_ctl as i32,
|
||||
libc::SYS_epoll_pwait as i32,
|
||||
];
|
||||
|
||||
pub static ALLOW_ERROR_SYSCALLS: &[i32] = &[libc::SYS_clone as i32, libc::SYS_clone3 as i32];
|
||||
|
||||
pub static ALLOW_NETWORK_SYSCALLS: &[i32] = &[
|
||||
libc::SYS_socket as i32,
|
||||
libc::SYS_connect as i32,
|
||||
libc::SYS_bind as i32,
|
||||
libc::SYS_listen as i32,
|
||||
libc::SYS_accept as i32,
|
||||
libc::SYS_sendto as i32,
|
||||
libc::SYS_recvfrom as i32,
|
||||
libc::SYS_getsockname as i32,
|
||||
libc::SYS_recvmsg as i32,
|
||||
libc::SYS_getpeername as i32,
|
||||
libc::SYS_setsockopt as i32,
|
||||
libc::SYS_ppoll as i32,
|
||||
libc::SYS_uname as i32,
|
||||
libc::SYS_sendmsg as i32,
|
||||
libc::SYS_getsockopt as i32,
|
||||
libc::SYS_fcntl as i32,
|
||||
libc::SYS_fstatfs as i32,
|
||||
];
|
||||
@@ -1,7 +1,7 @@
|
||||
// src/syscalls.rs
|
||||
// src/python_syscalls.rs
|
||||
|
||||
pub static ALLOW_SYSCALLS: &[i32] = &[
|
||||
// file io
|
||||
// File IO
|
||||
libc::SYS_read as i32,
|
||||
libc::SYS_write as i32,
|
||||
libc::SYS_openat as i32,
|
||||
@@ -11,48 +11,44 @@ pub static ALLOW_SYSCALLS: &[i32] = &[
|
||||
libc::SYS_lseek as i32,
|
||||
libc::SYS_getdents64 as i32,
|
||||
libc::SYS_fstat as i32,
|
||||
|
||||
// thread
|
||||
// Signal
|
||||
libc::SYS_rt_sigreturn as i32,
|
||||
libc::SYS_rt_sigaction as i32,
|
||||
libc::SYS_rt_sigprocmask as i32,
|
||||
libc::SYS_sigaltstack as i32,
|
||||
libc::SYS_tgkill as i32,
|
||||
// Thread
|
||||
libc::SYS_futex as i32,
|
||||
|
||||
// memory
|
||||
// Memory
|
||||
libc::SYS_mmap as i32,
|
||||
libc::SYS_brk as i32,
|
||||
libc::SYS_mprotect as i32,
|
||||
libc::SYS_munmap as i32,
|
||||
libc::SYS_rt_sigreturn as i32,
|
||||
libc::SYS_mremap as i32,
|
||||
|
||||
// user / group
|
||||
libc::SYS_setuid as i32,
|
||||
libc::SYS_setgid as i32,
|
||||
// User / Group
|
||||
libc::SYS_getuid as i32,
|
||||
|
||||
// process
|
||||
// Process
|
||||
libc::SYS_getpid as i32,
|
||||
libc::SYS_getppid as i32,
|
||||
libc::SYS_gettid as i32,
|
||||
libc::SYS_exit as i32,
|
||||
libc::SYS_exit_group as i32,
|
||||
libc::SYS_tgkill as i32,
|
||||
libc::SYS_rt_sigaction as i32,
|
||||
libc::SYS_sched_yield as i32,
|
||||
libc::SYS_set_robust_list as i32,
|
||||
libc::SYS_get_robust_list as i32,
|
||||
libc::SYS_rseq as i32,
|
||||
|
||||
// time
|
||||
// Time
|
||||
libc::SYS_clock_gettime as i32,
|
||||
libc::SYS_gettimeofday as i32,
|
||||
libc::SYS_time as i32,
|
||||
libc::SYS_nanosleep as i32,
|
||||
libc::SYS_clock_nanosleep as i32,
|
||||
// Epoll / Event (I/O multiplexing)
|
||||
libc::SYS_epoll_create1 as i32,
|
||||
libc::SYS_epoll_ctl as i32,
|
||||
libc::SYS_clock_nanosleep as i32,
|
||||
libc::SYS_pselect6 as i32,
|
||||
libc::SYS_rt_sigprocmask as i32,
|
||||
libc::SYS_sigaltstack as i32,
|
||||
// Randomness
|
||||
libc::SYS_getrandom as i32,
|
||||
|
||||
];
|
||||
|
||||
pub static ALLOW_ERROR_SYSCALLS: &[i32] = &[
|
||||
Reference in New Issue
Block a user