xinyin025/LangBot
1
0
Fork 0
mirror of https://github.com/langbot-app/LangBot.git synced 2026-06-12 08:46:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: enforce agent run API permissions

Browse Source
This commit is contained in:
huanghuoguoguo
2026-05-30 20:14:06 +08:00
parent bbe7666642
commit 93cd852061
12 changed files with 522 additions and 166 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/langbot/pkg/agent/runner/persistent_state_store.py
View File

@@ -250,6 +250,8 @@ class PersistentStateStore:
Used by State API handlers.
"""
state_key = normalize_state_key(state_key)
async with self._db_engine.connect() as conn:
result = await conn.execute(
select(AgentRunnerState.value_json)
@@ -282,6 +284,8 @@ class PersistentStateStore:
Used by State API handlers.
Context contains optional fields like bot_id, conversation_id, etc.
"""
state_key = normalize_state_key(state_key)
# Validate and serialize value
value_json, error = self._validate_json_value(value, logger)
if error:
@@ -344,6 +348,8 @@ class PersistentStateStore:
Returns True if deleted, False if not found.
"""
state_key = normalize_state_key(state_key)
async with self._db_engine.begin() as conn:
result = await conn.execute(
delete(AgentRunnerState)
@@ -376,6 +382,7 @@ class PersistentStateStore:
)
if prefix:
prefix = normalize_state_key(prefix)
query = query.where(
AgentRunnerState.state_key.like(f'{prefix}%')
)