feat: Admin UI 全面增强 — Bot 详情页 + 6 个管理 Tab#5
Open
acvnace wants to merge 11 commits intofastclaw-ai:devfrom
Open
feat: Admin UI 全面增强 — Bot 详情页 + 6 个管理 Tab#5acvnace wants to merge 11 commits intofastclaw-ai:devfrom
acvnace wants to merge 11 commits intofastclaw-ai:devfrom
Conversation
Security fixes: - Fix shell command injection via heredoc in skill_update.go and bot_channel_wechat.go by using stdin-based file writing (ExecInPodWithStdin) - Redact access_token and api_token from list API responses - Add ContextKeyIsAdmin to auth middleware for admin bypass New endpoints: - GET /admin/bots/:id — single bot detail - POST /admin/bots/:id/restart — single bot restart Admin API expansion: - Mount all bot sub-resource routes (skills, channels, channel pairing, WeChat, devices, model providers, agent defaults, raw config) under /admin/bots/:id/ with BotOwnerAuth middleware that skips ownership check for admin-authenticated requests Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add @tanstack/react-query for data fetching with QueryProvider - Refactor API client with dual base paths (adminReq/botReq) and all bot sub-resource endpoints (skills, channels, devices, models, config, WeChat, pairing) - Add dev proxy rewrite in next.config.ts for local development (conditionally disables output:export in dev mode) - Extract shared components: ConfirmDialog, StatusBadge, ErrorBoundary - Update SiteHeader with dynamic breadcrumbs for bot detail page - Add getErrorMessage utility and typed ApiResponse interface Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- New BotDetail component with tabbed layout (Overview active, Channels/Skills/Models/Devices/Config placeholder tabs) - Overview tab: status/connection/config info cards, quick actions (start/stop/restart/upgrade), edit dialog, token reset - Auto-refresh bot status every 5s when in "starting" state - Query-param routing: /bots/?id=xxx renders detail view - Bots list: rows now clickable, show app name instead of truncated ID - Uses React Query for data fetching with cache invalidation Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replace router.push() with native <a> for back navigation to avoid query params being preserved in static export mode. Use history.replaceState for tab switching to avoid full page reload. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
OpenClaw image is 3.7GB and has a 60s readiness probe delay, causing the 120s WaitForPodReady timeout to expire before the pod becomes ready. This resulted in bots being marked as error even though the pod was actually starting successfully. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Check connectInfo.ready before rendering ws_url/webchat_url fields. Show "Waiting for bot to be ready..." when connect info exists but ready is false. Use ternary instead of && for stricter falsy checks. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
… config) Models Tab: - Model providers CRUD (add/edit/delete with dialog forms) - Agent defaults configuration (primary/fallback model) Channels Tab: - Add/remove IM channels (Telegram, Discord, Slack, Feishu, Teams, LINE) - Dynamic form fields per channel type with policy settings - WeChat note directing to QR login flow Skills Tab: - List/create/edit/delete bot skills with markdown content editor Devices Tab: - Pending/Paired device filtering with nested tabs - Approve pending devices, revoke paired devices Config Tab: - Raw JSON config editor with merge/replace mode toggle - JSON validation before save, reset from server All tabs use React Query for data fetching, show "bot must be running" guard when applicable, and follow existing component patterns. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The listModelProviders API returns { providerName: config } object,
not an array. Normalize to ModelProvider[] in the query function.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
…editor Channels Tab: - Add "Manage Pairing" expandable section per channel card with approve-by-code, pending requests list, and paired users list - Add WeChat QR login flow with QR code display and auto-polling - Add "WeChat Login" button in header alongside "Add Channel" Config Tab: - Replace plain textarea with @uiw/react-textarea-code-editor (dark theme, JSON syntax highlighting, line count) - Add toolbar: Format JSON, Copy, Word Wrap toggle - Add VS Code-style status bar showing line count and validation Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
OpenClaw requires allowFrom=["*"] when dmPolicy or groupPolicy is "open", otherwise config validation fails with an error. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The WeChat API returns a webpage URL, not an image. Use the qrcode library to generate a QR code data URL from the login URL so it renders correctly in the img tag. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
概述
大幅增强 Admin UI,从仅有 Apps/Bots 列表页扩展为完整的 Bot 管理平台。新增 Bot 详情页(含 6 个功能 Tab),覆盖所有现有 API 端点。
主要变更
后端(Go)
安全修复:
skill_update.go和bot_channel_wechat.go中的 heredoc shell 注入漏洞,改用 stdin 安全写入(ExecInPodWithStdin)access_token/api_token)Admin API 补全:
GET /admin/bots/:id(单个 Bot 详情)POST /admin/bots/:id/restart(单个 Bot 重启)BotOwnerAuth所有权检查,Admin UI 可直接调用所有 Bot 子资源端点前端(Next.js / React)
基础设施:
@tanstack/react-query进行数据获取和缓存管理adminReq/botReq),新增 40+ API 函数next dev直连 Go 后端开发ConfirmDialog、StatusBadge、ErrorBoundary、QueryProviderBot 详情页(
/bots/?id=xxx):Bots 列表页改进:
文件变更
@tanstack/react-query、@uiw/react-textarea-code-editor、qrcode测试计划
next build静态导出正常go build编译通过go vet无警告🤖 Generated with Claude Code