/** * Model access control — allow/block specific models. * Persisted to model-access.json. */ import { readFileSync, existsSync } from 'fs'; import { writeJsonAtomic } from '../fs-atomic.js'; import { join } from 'path'; import { config, log } from '../config.js'; const ACCESS_FILE = join(config.dataDir, 'model-access.json'); // mode: 'allowlist' (only listed models allowed) | 'blocklist' (listed models blocked) | 'all' (no restrictions) const _config = { mode: 'all', list: [], // model IDs in the list }; // Load try { if (existsSync(ACCESS_FILE)) { Object.assign(_config, JSON.parse(readFileSync(ACCESS_FILE, 'utf-8'))); } } catch (e) { log.error('Failed to load model-access.json:', e.message); } function save() { try { writeJsonAtomic(ACCESS_FILE, _config); } catch (e) { log.error('Failed to save model-access.json:', e.message); } } export function getModelAccessConfig() { return { ..._config }; } export function setModelAccessMode(mode) { if (!['all', 'allowlist', 'blocklist'].includes(mode)) return; _config.mode = mode; save(); } export function setModelAccessList(list) { _config.list = Array.isArray(list) ? list : []; save(); } export function addModelToList(modelId) { if (!_config.list.includes(modelId)) { _config.list.push(modelId); save(); } } export function removeModelFromList(modelId) { _config.list = _config.list.filter(m => m !== modelId); save(); } /** * Some models in the catalog are simply the reasoning-mode variant of a * base model (claude-opus-4.6 vs claude-opus-4.6-thinking). For * allowlist/blocklist purposes we treat the `-thinking` suffix as * inheriting from its base — otherwise a user who carefully added * `claude-opus-4.6` to their allowlist still gets a 403 the moment * they ask for `-thinking`, with no obvious connection to anything * they've configured (#103). * * Other variant suffixes (-fast, -1m, -low/medium/high/xhigh, -mini, * -nano, -codex, -max-*) are intentionally NOT inherited — those are * distinct entitlements (different context window, latency tier, * pricing, or model architecture) where treating them interchangeably * would surprise users who actually want fine-grained gating. */ function siblingsForAllowlist(modelId) { const sibs = []; if (modelId.endsWith('-thinking')) { sibs.push(modelId.slice(0, -'-thinking'.length)); } else { sibs.push(modelId + '-thinking'); } return sibs; } /** * Check if a model is allowed. * @returns {{ allowed: boolean, reason?: string }} */ export function isModelAllowed(modelId) { if (_config.mode === 'all') return { allowed: true }; if (_config.mode === 'allowlist') { if (_config.list.includes(modelId)) return { allowed: true }; // Auto-inherit between base model and its -thinking variant so // users don't have to enumerate both halves of every reasoning // pair. Only base→thinking inheritance happens in practice (the // user typed `claude-opus-4.6` in the dashboard, the request asks // for `claude-opus-4.6-thinking`); the symmetric direction is // included for completeness. for (const sib of siblingsForAllowlist(modelId)) { if (_config.list.includes(sib)) return { allowed: true }; } return { allowed: false, reason: `模型 ${modelId} 不在允許清單中` }; } if (_config.mode === 'blocklist') { if (_config.list.includes(modelId)) { return { allowed: false, reason: `模型 ${modelId} 已被封鎖` }; } // Same inheritance for blocklist: blocking the base also blocks // the -thinking variant, so an operator who put `claude-opus-4.6` // on the blocklist isn't surprised by `-thinking` slipping past. for (const sib of siblingsForAllowlist(modelId)) { if (_config.list.includes(sib)) { return { allowed: false, reason: `模型 ${modelId} 已被封鎖` }; } } return { allowed: true }; } return { allowed: true }; }