William Valentin
56 lines
2.5 KiB
TypeScript
56 lines
2.5 KiB
TypeScript
import type { Prompter } from './prompts.js';
|
|
import type { ConfigBuilder } from './config.js';
|
|
|
|
const TOOL_PROFILES = [
|
|
{ label: 'full (recommended)', value: 'full' },
|
|
{ label: 'coding (fs + runtime)', value: 'coding' },
|
|
{ label: 'messaging (read + services, no shell/writes)', value: 'messaging' },
|
|
{ label: 'minimal (status only)', value: 'minimal' },
|
|
];
|
|
|
|
const RESEARCH_AGENT_TIERS = [
|
|
{ label: 'complex (recommended)', value: 'complex' as const },
|
|
{ label: 'default', value: 'default' as const },
|
|
{ label: 'fast', value: 'fast' as const },
|
|
{ label: 'local', value: 'local' as const },
|
|
];
|
|
|
|
export async function setupSecurity(p: Prompter, builder: ConfigBuilder): Promise<void> {
|
|
p.println(' Docker sandboxing runs tool commands in isolated containers.');
|
|
p.println(' Requires Docker installed and running.');
|
|
const sandbox = await p.confirm('Enable Docker sandboxing?', true);
|
|
if (sandbox) {
|
|
builder.setSandboxEnabled(true);
|
|
p.println('✓ Docker sandboxing enabled');
|
|
}
|
|
|
|
p.println();
|
|
p.println(' DM pairing requires unknown senders to enter a code before chatting.');
|
|
p.println(' Generate codes via the gateway or TUI /pair command.');
|
|
const pairing = await p.confirm('Enable DM pairing for unknown senders?', true);
|
|
if (pairing) {
|
|
builder.setPairingEnabled(true);
|
|
p.println('✓ DM pairing enabled');
|
|
}
|
|
|
|
p.println();
|
|
p.println(' Tool profiles control which tools the agent can use:');
|
|
p.println(' full — all tools available (file, shell, web, memory, messaging) (default)');
|
|
p.println(' coding — file system + shell + sessions + memory');
|
|
p.println(' messaging — read-only + web/memory + connected services (no file writes/shell)');
|
|
p.println(' minimal — status checks only (read-only, safest)');
|
|
const profile = await p.choose('Tool policy profile:', TOOL_PROFILES);
|
|
builder.setToolProfile(profile);
|
|
builder.setSensitiveMode('confirm_without_elevation');
|
|
|
|
p.println();
|
|
p.println(' Research agent adds a dedicated specialist for deep web research.');
|
|
p.println(' Enables /research command and automatic routing for messages starting with "research ..." or "look up ...".');
|
|
const enableResearchAgent = await p.confirm('Enable a dedicated research agent?', true);
|
|
if (enableResearchAgent) {
|
|
const tier = await p.choose('Research agent model tier:', RESEARCH_AGENT_TIERS);
|
|
builder.setResearchAgentEnabled({ modelTier: tier });
|
|
p.println(`✓ Research agent enabled (tier=${tier})`);
|
|
}
|
|
}
|