feat(hermes): add unauthorized dm policy form

2026-06-01 05:40:07 +08:00 · 2026-05-24 21:41:17 +08:00
parent 2de5d1e38a
commit 7be0ec66cc
8 changed files with 347 additions and 6 deletions
--- a/src/engines/hermes/pages/config.js
+++ b/src/engines/hermes/pages/config.js
@@ -52,6 +52,10 @@ const QUICK_COMMANDS_DEFAULTS = {
  quickCommandsJson: '{}',
 }

+const UNAUTHORIZED_DM_DEFAULTS = {
+  unauthorizedDmBehavior: 'pair',
+}
+
 const STREAMING_DEFAULTS = {
  enabled: false,
  transport: 'edit',
@@ -91,6 +95,7 @@ const SESSION_RESET_MODES = ['both', 'idle', 'daily', 'none']
 const STREAMING_TRANSPORTS = ['edit', 'auto', 'draft', 'off']
 const CODE_EXECUTION_MODES = ['project', 'strict']
 const TERMINAL_BACKENDS = ['local', 'ssh', 'docker', 'singularity', 'modal', 'daytona', 'vercel_sandbox']
+const UNAUTHORIZED_DM_BEHAVIORS = ['pair', 'ignore']

 export function render() {
  const el = document.createElement('div')
@@ -103,6 +108,7 @@ export function render() {
  let memoryValues = { ...MEMORY_DEFAULTS }
  let skillsValues = { ...SKILLS_DEFAULTS }
  let quickCommandsValues = { ...QUICK_COMMANDS_DEFAULTS }
+  let unauthorizedDmValues = { ...UNAUTHORIZED_DM_DEFAULTS }
  let streamingValues = { ...STREAMING_DEFAULTS }
  let executionLimitsValues = { ...EXECUTION_LIMITS_DEFAULTS }
  let terminalValues = { ...TERMINAL_DEFAULTS }
@@ -113,6 +119,7 @@ export function render() {
  let memoryLoading = true
  let skillsLoading = true
  let quickCommandsLoading = true
+  let unauthorizedDmLoading = true
  let streamingLoading = true
  let executionLimitsLoading = true
  let terminalLoading = true
@@ -123,6 +130,7 @@ export function render() {
  let memorySaving = false
  let skillsSaving = false
  let quickCommandsSaving = false
+  let unauthorizedDmSaving = false
  let streamingSaving = false
  let executionLimitsSaving = false
  let terminalSaving = false
@@ -133,6 +141,7 @@ export function render() {
  let memoryError = null
  let skillsError = null
  let quickCommandsError = null
+  let unauthorizedDmError = null
  let streamingError = null
  let executionLimitsError = null
  let terminalError = null
@@ -146,7 +155,7 @@ export function render() {
  }

  function isBusy() {
-    return loading || runtimeLoading || compressionLoading || toolGuardrailsLoading || memoryLoading || skillsLoading || quickCommandsLoading || streamingLoading || executionLimitsLoading || terminalLoading || saving || runtimeSaving || compressionSaving || toolGuardrailsSaving || memorySaving || skillsSaving || quickCommandsSaving || streamingSaving || executionLimitsSaving || terminalSaving
+    return loading || runtimeLoading || compressionLoading || toolGuardrailsLoading || memoryLoading || skillsLoading || quickCommandsLoading || unauthorizedDmLoading || streamingLoading || executionLimitsLoading || terminalLoading || saving || runtimeSaving || compressionSaving || toolGuardrailsSaving || memorySaving || skillsSaving || quickCommandsSaving || unauthorizedDmSaving || streamingSaving || executionLimitsSaving || terminalSaving
  }

  function option(labelKey, value, selected) {
@@ -163,7 +172,7 @@ export function render() {
  }

  function renderRuntimePanel() {
-    const disabled = loading || saving || runtimeLoading || runtimeSaving || compressionSaving || toolGuardrailsSaving || memorySaving || skillsSaving || quickCommandsSaving || streamingSaving || executionLimitsSaving || terminalSaving
+    const disabled = loading || saving || runtimeLoading || runtimeSaving || compressionSaving || toolGuardrailsSaving || memorySaving || skillsSaving || quickCommandsSaving || unauthorizedDmSaving || streamingSaving || executionLimitsSaving || terminalSaving
    return `
      <div class="hm-panel hm-config-runtime-panel">
        <div class="hm-panel-header">
@@ -211,7 +220,7 @@ export function render() {
  }

  function renderCompressionPanel() {
-    const disabled = loading || saving || compressionLoading || compressionSaving || runtimeSaving || toolGuardrailsSaving || memorySaving || skillsSaving || quickCommandsSaving || streamingSaving || executionLimitsSaving || terminalSaving
+    const disabled = loading || saving || compressionLoading || compressionSaving || runtimeSaving || toolGuardrailsSaving || memorySaving || skillsSaving || quickCommandsSaving || unauthorizedDmSaving || streamingSaving || executionLimitsSaving || terminalSaving
    return `
      <div class="hm-panel hm-config-runtime-panel hm-config-compression-panel">
        <div class="hm-panel-header">
@@ -261,7 +270,7 @@ export function render() {
  }

  function renderToolGuardrailsPanel() {
-    const disabled = loading || saving || toolGuardrailsLoading || toolGuardrailsSaving || runtimeSaving || compressionSaving || memorySaving || skillsSaving || quickCommandsSaving || streamingSaving || executionLimitsSaving || terminalSaving
+    const disabled = loading || saving || toolGuardrailsLoading || toolGuardrailsSaving || runtimeSaving || compressionSaving || memorySaving || skillsSaving || quickCommandsSaving || unauthorizedDmSaving || streamingSaving || executionLimitsSaving || terminalSaving
    return `
      <div class="hm-panel hm-config-runtime-panel hm-config-guardrails-panel">
        <div class="hm-panel-header">
@@ -430,6 +439,36 @@ export function render() {
    `
  }

+  function renderUnauthorizedDmConfigPanel() {
+    const disabled = loading || saving || unauthorizedDmLoading || unauthorizedDmSaving || runtimeSaving || compressionSaving || toolGuardrailsSaving || memorySaving || skillsSaving || quickCommandsSaving || streamingSaving || executionLimitsSaving || terminalSaving
+    return `
+      <div class="hm-panel hm-config-runtime-panel hm-config-unauthorized-dm-panel">
+        <div class="hm-panel-header">
+          <div>
+            <div class="hm-panel-title">${t('engine.hermesUnauthorizedDmConfigTitle')}</div>
+            <div class="hm-channel-panel-desc">${t('engine.hermesUnauthorizedDmConfigDesc')}</div>
+          </div>
+          <div class="hm-panel-actions">
+            <span class="hm-muted">${unauthorizedDmSaving ? t('engine.hermesConfigStatusSaving') : unauthorizedDmLoading ? t('engine.hermesConfigStatusLoading') : t('engine.hermesUnauthorizedDmConfigStatusReady')}</span>
+            <button class="hm-btn hm-btn--cta hm-btn--sm" id="hm-unauthorized-dm-save" ${disabled ? 'disabled' : ''}>${t('engine.hermesUnauthorizedDmConfigSave')}</button>
+          </div>
+        </div>
+        <div class="hm-panel-body">
+          ${renderError(unauthorizedDmError)}
+          <div class="hm-config-runtime-grid hm-config-unauthorized-dm-grid">
+            <label class="hm-field">
+              <span class="hm-field-label">${t('engine.hermesUnauthorizedDmConfigBehavior')}</span>
+              <select id="hm-unauthorized-dm-behavior" class="hm-input" ${disabled ? 'disabled' : ''}>
+                ${UNAUTHORIZED_DM_BEHAVIORS.map(mode => option(`engine.hermesUnauthorizedDmConfigBehavior_${mode}`, mode, unauthorizedDmValues.unauthorizedDmBehavior)).join('')}
+              </select>
+            </label>
+          </div>
+          <div class="hm-channel-footnote">${t('engine.hermesUnauthorizedDmConfigFootnote')}</div>
+        </div>
+      </div>
+    `
+  }
+
  function renderStreamingPanel() {
    const disabled = loading || saving || streamingLoading || streamingSaving || runtimeSaving || compressionSaving || toolGuardrailsSaving || memorySaving || skillsSaving || quickCommandsSaving || executionLimitsSaving || terminalSaving
    return `
@@ -483,7 +522,7 @@ export function render() {
  }

  function renderExecutionLimitsPanel() {
-    const disabled = loading || saving || executionLimitsLoading || executionLimitsSaving || terminalSaving || runtimeSaving || compressionSaving || toolGuardrailsSaving || memorySaving || skillsSaving || quickCommandsSaving || streamingSaving
+    const disabled = loading || saving || executionLimitsLoading || executionLimitsSaving || terminalSaving || runtimeSaving || compressionSaving || toolGuardrailsSaving || memorySaving || skillsSaving || quickCommandsSaving || unauthorizedDmSaving || streamingSaving
    return `
      <div class="hm-panel hm-config-runtime-panel hm-config-execution-limits-panel">
        <div class="hm-panel-header">
@@ -555,7 +594,7 @@ export function render() {
  }

  function renderTerminalPanel() {
-    const disabled = loading || saving || terminalLoading || terminalSaving || runtimeSaving || compressionSaving || toolGuardrailsSaving || memorySaving || skillsSaving || quickCommandsSaving || streamingSaving || executionLimitsSaving
+    const disabled = loading || saving || terminalLoading || terminalSaving || runtimeSaving || compressionSaving || toolGuardrailsSaving || memorySaving || skillsSaving || quickCommandsSaving || unauthorizedDmSaving || streamingSaving || executionLimitsSaving
    return `
      <div class="hm-panel hm-config-runtime-panel hm-config-terminal-panel">
        <div class="hm-panel-header">
@@ -648,6 +687,7 @@ export function render() {
      ${renderMemoryPanel()}
      ${renderSkillsConfigPanel()}
      ${renderQuickCommandsConfigPanel()}
+      ${renderUnauthorizedDmConfigPanel()}

      <div class="hm-panel">
        <div class="hm-panel-header">
@@ -673,6 +713,7 @@ export function render() {
    el.querySelector('#hm-memory-save')?.addEventListener('click', saveMemory)
    el.querySelector('#hm-skills-config-save')?.addEventListener('click', saveSkillsConfig)
    el.querySelector('#hm-quick-commands-save')?.addEventListener('click', saveQuickCommandsConfig)
+    el.querySelector('#hm-unauthorized-dm-save')?.addEventListener('click', saveUnauthorizedDmConfig)
    el.querySelector('#hm-streaming-save')?.addEventListener('click', saveStreaming)
    el.querySelector('#hm-execution-limits-save')?.addEventListener('click', saveExecutionLimits)
    el.querySelector('#hm-terminal-save')?.addEventListener('click', saveTerminal)
@@ -713,6 +754,11 @@ export function render() {
    quickCommandsValues = { ...QUICK_COMMANDS_DEFAULTS, ...(data?.values || {}) }
  }

+  async function loadUnauthorizedDmConfig() {
+    const data = await api.hermesUnauthorizedDmConfigRead()
+    unauthorizedDmValues = { ...UNAUTHORIZED_DM_DEFAULTS, ...(data?.values || {}) }
+  }
+
  async function loadStreaming() {
    const data = await api.hermesStreamingConfigRead()
    streamingValues = { ...STREAMING_DEFAULTS, ...(data?.values || {}) }
@@ -736,6 +782,7 @@ export function render() {
    memoryLoading = true
    skillsLoading = true
    quickCommandsLoading = true
+    unauthorizedDmLoading = true
    streamingLoading = true
    executionLimitsLoading = true
    terminalLoading = true
@@ -746,6 +793,7 @@ export function render() {
    memoryError = null
    skillsError = null
    quickCommandsError = null
+    unauthorizedDmError = null
    streamingError = null
    executionLimitsError = null
    terminalError = null
@@ -829,6 +877,14 @@ export function render() {
      quickCommandsLoading = false
      draw()
    }
+    try {
+      await loadUnauthorizedDmConfig()
+    } catch (err) {
+      unauthorizedDmError = humanizeError(err, t('engine.hermesUnauthorizedDmConfigLoadFailed') || 'Load unauthorized DM config failed')
+    } finally {
+      unauthorizedDmLoading = false
+      draw()
+    }
  }

  async function refreshRawAfterStructuredSave() {
@@ -868,6 +924,9 @@ export function render() {
      try {
        await loadQuickCommandsConfig()
      } catch {}
+      try {
+        await loadUnauthorizedDmConfig()
+      } catch {}
      try {
        await loadStreaming()
      } catch {}
@@ -1058,6 +1117,31 @@ export function render() {
    }
  }

+  async function saveUnauthorizedDmConfig() {
+    const form = {
+      unauthorizedDmBehavior: el.querySelector('#hm-unauthorized-dm-behavior')?.value || 'pair',
+    }
+    unauthorizedDmSaving = true
+    unauthorizedDmError = null
+    draw()
+    try {
+      const result = await api.hermesUnauthorizedDmConfigSave(form)
+      unauthorizedDmValues = { ...UNAUTHORIZED_DM_DEFAULTS, ...(result?.values || form) }
+      await refreshRawAfterStructuredSave()
+      const backup = result?.backup || ''
+      toast({
+        message: t('engine.hermesUnauthorizedDmConfigSaveSuccess'),
+        hint: backup ? t('engine.hermesConfigBackupHint', { path: backup }) : '',
+      }, 'success')
+    } catch (err) {
+      unauthorizedDmError = humanizeError(err, t('engine.hermesUnauthorizedDmConfigSaveFailed') || 'Save unauthorized DM config failed')
+      toast(unauthorizedDmError, 'error')
+    } finally {
+      unauthorizedDmSaving = false
+      draw()
+    }
+  }
+
  async function saveStreaming() {
    const form = {
      enabled: !!el.querySelector('#hm-streaming-enabled')?.checked,
--- a/src/lib/tauri-api.js
+++ b/src/lib/tauri-api.js
@@ -521,6 +521,8 @@ export const api = {
  hermesSkillsConfigSave: (form) => invoke('hermes_skills_config_save', { form }),
  hermesQuickCommandsConfigRead: () => invoke('hermes_quick_commands_config_read'),
  hermesQuickCommandsConfigSave: (form) => invoke('hermes_quick_commands_config_save', { form }),
+  hermesUnauthorizedDmConfigRead: () => invoke('hermes_unauthorized_dm_config_read'),
+  hermesUnauthorizedDmConfigSave: (form) => invoke('hermes_unauthorized_dm_config_save', { form }),
  hermesStreamingConfigRead: () => invoke('hermes_streaming_config_read'),
  hermesStreamingConfigSave: (form) => invoke('hermes_streaming_config_save', { form }),
  hermesExecutionLimitsConfigRead: () => invoke('hermes_execution_limits_config_read'),
--- a/src/locales/modules/engine.js
+++ b/src/locales/modules/engine.js
@@ -629,6 +629,17 @@ export default {
  hermesQuickCommandsConfigSaveFailed: _('保存快捷命令失败', 'Save quick commands failed', '儲存快捷命令失敗'),
  hermesQuickCommandsConfigJson: _('quick_commands JSON 映射', 'quick_commands JSON map', 'quick_commands JSON 映射'),
  hermesQuickCommandsConfigFootnote: _('键名会变成斜杠命令，例如 status 对应 /status。每个命令必须是对象，type 只能为 exec 或 alias；exec 需要 command，alias 的 target 必须以 / 开头。', 'Keys become slash commands, for example status maps to /status. Each command must be an object with type exec or alias; exec needs command, and alias target must start with /.', '鍵名會變成斜線命令，例如 status 對應 /status。每個命令必須是物件，type 只能是 exec 或 alias；exec 需要 command，alias 的 target 必須以 / 開頭。'),
+  hermesUnauthorizedDmConfigTitle: _('未授权私信', 'Unauthorized DMs', '未授權私訊'),
+  hermesUnauthorizedDmConfigDesc: _('控制陌生用户直接私信 Hermes 时的全局响应策略，适合公网部署时减少无效打扰或保留配对入口。', 'Control the global response when unknown users send Hermes a direct message. Useful for public deployments that need fewer unsolicited replies or a pairing entry point.', '控制陌生使用者直接私訊 Hermes 時的全域回應策略，適合公開部署時減少無效打擾或保留配對入口。'),
+  hermesUnauthorizedDmConfigStatusReady: _('结构化配置', 'structured settings', '結構化設定'),
+  hermesUnauthorizedDmConfigSave: _('保存私信策略', 'Save DM policy', '儲存私訊策略'),
+  hermesUnauthorizedDmConfigSaveSuccess: _('未授权私信策略已保存，建议重启 Hermes Gateway 生效', 'Unauthorized DM policy saved. Restart Hermes Gateway to take effect.', '未授權私訊策略已儲存，建議重啟 Hermes Gateway 生效'),
+  hermesUnauthorizedDmConfigLoadFailed: _('加载未授权私信策略失败', 'Load unauthorized DM policy failed', '載入未授權私訊策略失敗'),
+  hermesUnauthorizedDmConfigSaveFailed: _('保存未授权私信策略失败', 'Save unauthorized DM policy failed', '儲存未授權私訊策略失敗'),
+  hermesUnauthorizedDmConfigBehavior: _('陌生私信处理方式', 'Unknown DM handling', '陌生私訊處理方式'),
+  hermesUnauthorizedDmConfigBehavior_pair: _('回复配对码', 'Reply with pairing code', '回覆配對碼'),
+  hermesUnauthorizedDmConfigBehavior_ignore: _('静默忽略', 'Silently ignore', '靜默忽略'),
+  hermesUnauthorizedDmConfigFootnote: _('pair 是默认值，会拒绝访问但在私信中回复一次性配对码；ignore 会静默丢弃陌生私信。平台级覆盖仍可在渠道配置或 raw YAML 中单独设置。', 'pair is the default: Hermes denies access but replies with a one-time pairing code in DMs. ignore silently drops unknown DMs. Platform-level overrides can still be set in channel settings or raw YAML.', 'pair 是預設值，會拒絕存取但在私訊中回覆一次性配對碼；ignore 會靜默丟棄陌生私訊。平台級覆蓋仍可在頻道設定或 raw YAML 中單獨設定。'),
  // Batch 1 §E: 会话导出
  sessionsExport: _('导出', 'Export', '匯出'),
  sessionsExportSuccess: _('已导出', 'Exported', '已匯出'),