feat: 添加工具黑名单支持并优化会话处理

refactor(agent): 重构工具注册逻辑以支持黑白名单
feat(cli): 为headless和print命令添加会话恢复功能
test: 添加工具过滤和会话处理的单元测试

Author: echoVic

packages/cli/src/agent/Agent.ts

@@ -12,7 +12,6 @@
 
 import * as os from 'os';
 import * as path from 'path';
-import { getCwd } from '../utils/cwd.js';
 import {
   type BladeConfig,
   ConfigManager,
@@ -34,7 +33,6 @@ import {
   type IChatService,
   type Message,
 } from '../services/ChatServiceInterface.js';
-
 import { discoverSkills } from '../skills/index.js';
 import { SpecManager } from '../spec/SpecManager.js';
 import {
@@ -51,6 +49,7 @@ import { getBuiltinTools } from '../tools/builtin/index.js';
 import { ExecutionPipeline } from '../tools/execution/ExecutionPipeline.js';
 import { ToolRegistry } from '../tools/registry/ToolRegistry.js';
 import type { Tool } from '../tools/types/index.js';
+import { getCwd } from '../utils/cwd.js';
 import { isThinkingModel } from '../utils/modelDetection.js';
 import { ExecutionEngine } from './ExecutionEngine.js';
 import { executeLoopGenerator } from './loop/index.js';
@@ -132,6 +131,8 @@ export class Agent {
       permissionConfig: permissions,
       permissionMode,
       maxHistorySize: 1000,
+      toolWhitelist: this.runtimeOptions.toolWhitelist,
+      toolBlacklist: this.runtimeOptions.toolBlacklist,
     });
   }
 
@@ -231,14 +232,28 @@ export class Agent {
     const configManager = ConfigManager.getInstance();
     configManager.validateConfig(config);
 
+    // 3.5. 从 RuntimeConfig 继承 CLI 工具约束（allowedTools / disallowedTools）
+    const mergedOptions = { ...options };
+    if (!mergedOptions.toolWhitelist && config.allowedTools?.length) {
+      mergedOptions.toolWhitelist = config.allowedTools;
+    }
+    if (!mergedOptions.toolBlacklist && config.disallowedTools?.length) {
+      mergedOptions.toolBlacklist = config.disallowedTools;
+    }
+
     // 4. 创建并初始化 Agent
     // 将 options 作为运行时参数传递
-    const agent = new Agent(config, options);
+    const agent = new Agent(config, mergedOptions);
     await agent.initialize();
 
     // 5. 应用工具白名单（如果指定）
-    if (options.toolWhitelist && options.toolWhitelist.length > 0) {
-      agent.applyToolWhitelist(options.toolWhitelist);
+    if (mergedOptions.toolWhitelist && mergedOptions.toolWhitelist.length > 0) {
+      agent.applyToolWhitelist(mergedOptions.toolWhitelist);
+    }
+
+    // 6. 应用工具黑名单（如果指定）
+    if (mergedOptions.toolBlacklist && mergedOptions.toolBlacklist.length > 0) {
+      agent.applyToolBlacklist(mergedOptions.toolBlacklist);
     }
 
     return agent;
@@ -248,10 +263,19 @@ export class Agent {
     runtime: SessionRuntime,
     options: AgentOptions = {}
   ): Promise<Agent> {
+    const storeConfig = getConfig();
+    const mergedOptions = { ...options };
+    if (!mergedOptions.toolWhitelist && storeConfig?.allowedTools?.length) {
+      mergedOptions.toolWhitelist = storeConfig.allowedTools;
+    }
+    if (!mergedOptions.toolBlacklist && storeConfig?.disallowedTools?.length) {
+      mergedOptions.toolBlacklist = storeConfig.disallowedTools;
+    }
+
     const agent = new Agent(
       runtime.getConfig(),
-      options,
-      runtime.createExecutionPipeline(options),
+      mergedOptions,
+      runtime.createExecutionPipeline(mergedOptions),
       runtime
     );
     await agent.initialize();
@@ -706,7 +730,6 @@ export class Agent {
     const registry = this.executionPipeline.getRegistry();
     const allTools = registry.getAll();
 
-    // 过滤掉不在白名单中的工具
     const toolsToRemove = allTools.filter((tool) => !whitelist.includes(tool.name));
 
     for (const tool of toolsToRemove) {
@@ -718,6 +741,19 @@ export class Agent {
     );
   }
 
+  public applyToolBlacklist(blacklist: string[]): void {
+    const registry = this.executionPipeline.getRegistry();
+    const blacklistSet = new Set(blacklist);
+
+    for (const tool of registry.getAll()) {
+      if (blacklistSet.has(tool.name)) {
+        registry.unregister(tool.name);
+      }
+    }
+
+    logger.debug(`Applied tool blacklist: ${blacklist.join(', ')}`);
+  }
+
   /**
    * 获取工具统计信息
    */

packages/cli/src/agent/runtime/SessionRuntime.ts

@@ -155,13 +155,16 @@ export class SessionRuntime {
   createExecutionPipeline(options: AgentOptions = {}): ExecutionPipeline {
     const registry = new ToolRegistry();
     const allowed = options.toolWhitelist ? new Set(options.toolWhitelist) : null;
+    const blocked = options.toolBlacklist ? new Set(options.toolBlacklist) : null;
 
     for (const tool of this.baseRegistry.getBuiltinTools()) {
+      if (blocked?.has(tool.name)) continue;
       if (!allowed || allowed.has(tool.name)) {
         registry.register(tool);
       }
     }
     for (const tool of this.baseRegistry.getMcpTools()) {
+      if (blocked?.has(tool.name)) continue;
       if (!allowed || allowed.has(tool.name)) {
         registry.registerMcpTool(tool);
       }
@@ -179,6 +182,8 @@ export class SessionRuntime {
       permissionMode,
       approvalStore: this.approvalStore,
       maxHistorySize: 1000,
+      toolWhitelist: options.toolWhitelist,
+      toolBlacklist: options.toolBlacklist,
     });
   }
 

packages/cli/src/agent/types.ts

@@ -58,6 +58,7 @@ export interface AgentOptions {
   permissionMode?: PermissionMode;
   maxTurns?: number; // 最大对话轮次 (-1=无限制, 0=禁用对话, N>0=限制轮次)
   toolWhitelist?: string[]; // 工具白名单（仅允许指定工具）
+  toolBlacklist?: string[]; // 工具黑名单（禁止指定工具）
   modelId?: string;
 
   // MCP 配置

packages/cli/src/commands/headless.ts

@@ -6,33 +6,43 @@
  * while the exported JSONL contract remains snake_case and versioned.
  */
 import type { Argv } from 'yargs';
+import yargs from 'yargs';
+import { hideBin } from 'yargs/helpers';
 import { z } from 'zod';
 import { Agent } from '../agent/Agent.js';
 import { drainLoop } from '../agent/loop/index.js';
 import type { LoopEvent } from '../agent/loop/types.js';
+import { SessionRuntime } from '../agent/runtime/SessionRuntime.js';
 import type { ChatContext } from '../agent/types.js';
+import { globalOptions } from '../cli/config.js';
+import {
+  loadConfiguration,
+  validateOutput,
+  validatePermissions,
+} from '../cli/middleware.js';
 import { PermissionMode } from '../config/types.js';
 import type { Message } from '../services/ChatServiceInterface.js';
 import type { TodoItem } from '../tools/builtin/todo/types.js';
-import { getCwd } from '../utils/cwd.js';
 import type {
   ConfirmationDetails,
   ConfirmationResponse,
 } from '../tools/types/ExecutionTypes.js';
 import {
-  initializeCliPlugins,
-  normalizeCliInput,
-  readCliInput,
-} from './shared/commandInput.js';
+  formatToolCallSummary,
+  formatToolDisplay,
+} from '../ui/utils/toolFormatters.js';
+import { getCwd } from '../utils/cwd.js';
 import {
+  createHeadlessJsonlEvent,
   type HeadlessJsonlEventPayload,
   type HeadlessJsonlEventType,
-  createHeadlessJsonlEvent,
 } from './headlessEvents.js';
 import {
-  formatToolCallSummary,
-  formatToolDisplay,
-} from '../ui/utils/toolFormatters.js';
+  initializeCliPlugins,
+  normalizeCliInput,
+  readCliInput,
+} from './shared/commandInput.js';
+import { resolveNonInteractiveSession } from './shared/sessionContext.js';
 
 /** Minimal writable stream contract used by headless output sinks. */
 interface WritableLike {
@@ -67,6 +77,10 @@ export const HeadlessOptionsSchema = z.object({
   mcpConfig: z.array(z.string()).optional(),
   strictMcpConfig: z.boolean().optional(),
   sessionId: z.string().optional(),
+  allowedTools: z.array(z.string()).optional(),
+  disallowedTools: z.array(z.string()).optional(),
+  continue: z.boolean().optional(),
+  resume: z.union([z.string(), z.boolean()]).optional(),
   outputFormat: HeadlessOutputFormatSchema.optional(),
 });
 
@@ -93,6 +107,14 @@ export interface HeadlessOptions {
   strictMcpConfig?: boolean;
   /** Session identifier used in the chat context. */
   sessionId?: string;
+  /** Tool whitelist for this run. */
+  allowedTools?: string[];
+  /** Tool blacklist for this run. */
+  disallowedTools?: string[];
+  /** Continue the most recent conversation. */
+  continue?: boolean;
+  /** Resume a specific conversation. */
+  resume?: string | boolean;
   /** Terminal output format. */
   outputFormat?: string;
 }
@@ -565,6 +587,7 @@ export async function runHeadless(
   let eventWriter = createEventWriter(io, outputFormat);
   const streamState = new HeadlessStreamState();
   const phaseState: HeadlessPhaseState = { targetLocked: false };
+  let runtime: SessionRuntime | undefined;
 
   try {
     const validatedOptions = validateHeadlessOptions(options);
@@ -585,22 +608,38 @@ export async function runHeadless(
     const permissionMode =
       (validatedOptions.permissionMode as PermissionMode | undefined) ??
       PermissionMode.YOLO;
-    const contextMessages: Message[] = [];
+    const { sessionId, messages } = await resolveNonInteractiveSession({
+      sessionId: validatedOptions.sessionId,
+      continue: validatedOptions.continue,
+      resume: validatedOptions.resume,
+      fallbackSessionPrefix: 'headless',
+    });
+    const contextMessages: Message[] = [...messages];
     const chatContext: ChatContext = {
       messages: contextMessages,
       userId: 'cli-user',
-      sessionId: validatedOptions.sessionId ?? `headless-${Date.now()}`,
+      sessionId,
       workspaceRoot: getCwd(),
       permissionMode,
       confirmationHandler: createConfirmationHandler(),
     };
 
-    const agent = await Agent.create({
+    runtime = await SessionRuntime.create({
+      sessionId,
+      modelId: validatedOptions.model,
+      mcpConfig: validatedOptions.mcpConfig,
+      strictMcpConfig: validatedOptions.strictMcpConfig,
+    });
+
+    const agent = await Agent.createWithRuntime(runtime, {
+      sessionId,
       systemPrompt: validatedOptions.systemPrompt,
       appendSystemPrompt: validatedOptions.appendSystemPrompt,
       maxTurns: validatedOptions.maxTurns,
       modelId: validatedOptions.model,
       permissionMode,
+      toolWhitelist: validatedOptions.allowedTools,
+      toolBlacklist: validatedOptions.disallowedTools,
       mcpConfig: validatedOptions.mcpConfig,
       strictMcpConfig: validatedOptions.strictMcpConfig,
     });
@@ -765,6 +804,8 @@ export async function runHeadless(
     }
     eventWriter.error(`Error: ${extractHeadlessErrorMessage(error)}`);
     return 1;
+  } finally {
+    await runtime?.dispose();
   }
 }
 
@@ -775,19 +816,19 @@ export async function handleHeadlessMode(): Promise<boolean> {
     return false;
   }
 
-  const yargs = (await import('yargs')).default;
-  const { hideBin } = await import('yargs/helpers');
-  const { globalOptions } = await import('../cli/config.js');
   const {
-    loadConfiguration,
-    validateOutput,
-    validatePermissions,
-  } = await import('../cli/middleware.js');
+    headless: _h,
+    'output-format': _of,
+    'system-prompt': _sp,
+    'append-system-prompt': _asp,
+    'max-turns': _mt,
+    ...cliOptions
+  } = globalOptions;
 
   const cli = yargs(hideBin(process.argv))
     .scriptName('blade')
     .strict(false)
-    .options(globalOptions)
+    .options(cliOptions)
     .middleware([validatePermissions, loadConfiguration, validateOutput]);
 
   headlessCommand(cli);