fix: enforce agent run API permissions

2026-06-04 12:56:02 +00:00 · 2026-05-30 20:14:06 +08:00
parent d0aa6eb7f2
commit f7775a8ed7
12 changed files with 522 additions and 166 deletions
--- a/docs/agent-runner-pluginization/HOST_SDK_INFRASTRUCTURE.md
+++ b/docs/agent-runner-pluginization/HOST_SDK_INFRASTRUCTURE.md
@@ -299,8 +299,10 @@ permissions:
  tools: ["detail", "call"]
  knowledge_bases: ["list", "retrieve"]
  history: ["page", "search"]
+  events: ["get", "page"]
  artifacts: ["metadata", "read"]
  storage: ["plugin", "workspace", "binding"]
+  files: ["config", "knowledge"]
  platform_api: []
 ```

--- a/docs/agent-runner-pluginization/PROTOCOL_V1.md
+++ b/docs/agent-runner-pluginization/PROTOCOL_V1.md
@@ -121,6 +121,7 @@ class AgentRunnerPermissions(BaseModel):
    events: list[Literal["get", "page"]] = []
    artifacts: list[Literal["metadata", "read"]] = []
    storage: list[Literal["plugin", "workspace", "binding"]] = []
+    files: list[Literal["config", "knowledge"]] = []
    platform_api: list[str] = []
 ```

@@ -370,7 +371,6 @@ class AgentRunState(BaseModel):
    actor: dict[str, Any] = {}
    subject: dict[str, Any] = {}
    runner: dict[str, Any] = {}
-    binding: dict[str, Any] = {}
 ```

 State 是可选 host-owned snapshot。Runner 也可以完全自管状态。
@@ -382,13 +382,12 @@ class AgentResources(BaseModel):
    models: list[ModelResource] = []
    tools: list[ToolResource] = []
    knowledge_bases: list[KnowledgeBaseResource] = []
-    artifacts: list[ArtifactResource] = []
+    files: list[FileResource] = []
    storage: StorageResource = StorageResource()
-    history: HistoryResource = HistoryResource()
    platform_capabilities: dict[str, Any] = {}
 ```

-资源列表是本次 run 的授权结果。Runner 只能通过 `AgentRunAPIProxy` 访问这些资源。
+资源列表是本次 run 的授权结果。History / Event / Artifact 访问通过 permissions、`ctx.context.available_apis` 和 Host 侧 run session 校验控制，不作为可枚举 resource list 暴露。Runner 只能通过 `AgentRunAPIProxy` 访问这些能力。

 ## 6. Result Stream