Feat/agent mode

[arvinxx]

💻 变更类型 | Change Type

• ✨ feat
• 🐛 fix
• ♻️ refactor
• 💄 style
• 👷 build
• ⚡️ perf
• ✅ test
• 📝 docs
• 🔨 chore

🔀 变更说明 | Description of Change

📝 补充信息 | Additional Information

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
lobe-chat-database	Error			Sep 26, 2025 8:07pm
lobe-chat-preview	Error			Sep 26, 2025 8:07pm

1 Skipped Deployment

Project	Deployment	Preview	Comments	Updated (UTC)
lobe-chat-for-mobile	Ignored			Sep 26, 2025 8:07pm

[lobehubbot]

👍 @arvinxx

Thank you for raising your pull request and contributing to our Community
Please make sure you have followed our contributing guidelines. We will review it as soon as possible.
If you encounter any problems, please feel free to connect with us.
非常感谢您提出拉取请求并为我们的社区做出贡献，请确保您已经遵循了我们的贡献指南，我们会尽快审查它。
如果您遇到任何问题，请随时与我们联系。

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 79.86%. Comparing base (6e7b420) to head (d9717bd).

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #9290      +/-   ##
==========================================
+ Coverage   79.65%   79.86%   +0.21%     
==========================================
  Files         826      260     -566     
  Lines       53449    15592   -37857     
  Branches     5626     3000    -2626     
==========================================
- Hits        42575    12453   -30122     
+ Misses      10874     3139    -7735     

Flag	Coverage Δ
app	?
database	?
packages/agent-runtime	62.19% <ø> (-0.34%)	⬇️
packages/context-engine	62.62% <ø> (ø)
packages/electron-server-ipc	93.76% <ø> (ø)
packages/file-loaders	88.00% <ø> (ø)
packages/model-bank	100.00% <ø> (ø)
packages/model-runtime	77.09% <ø> (ø)
packages/prompts	100.00% <ø> (ø)
packages/utils	94.67% <ø> (ø)
packages/web-crawler	97.07% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Components	Coverage Δ
Store	∅ <ø> (∅)
Services	∅ <ø> (∅)
Server	∅ <ø> (∅)
Libs	∅ <ø> (∅)
Utils	93.47% <ø> (+18.47%)	⬆️

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

To fix the problem, we should replace the usage of Math.random() for generating a portion of the runtimeSessionId with a value produced by Node.js's crypto.randomBytes(), which is considered cryptographically secure. The fix involves importing the crypto module from Node.js and generating a random string by converting generated random bytes to hexadecimal or base64, then incorporating that value into the session ID format.

Specifically, within the file src/server/routers/lambda/aiAgent.ts, the line:

const runtimeSessionId = `agent_${Date.now()}_${Math.random().toString(36).slice(2, 11)}`;

should be changed to use crypto.randomBytes(6).toString('base64url') (or 'hex'), which will give a sufficiently random unique value. Additionally, an import statement for crypto should be added at the top of the file if it doesn't exist.