Beaver/beaver_project
6
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
b3767dd4abdcf570379fc091316e6ef145d9cd6f
beaver_project/app-instance/create-instance.sh
steven_li b3767dd4ab feat(outlook): 添加 Outlook MCP 集成支持并优化分页功能 
- 新增 NANO_OUTLOOK_MCP_URL 和 NANO_OUTLOOK_MCP_SERVER_ID 环境变量配置
- 实现 Outlook 邮件和日历的分页查询功能,添加安全参数验证
- 为 app-instance 创建脚本添加 Outlook MCP 服务器 ID 参数
- 更新前端 Outlook 页面实现邮件列表和日历事件的分页浏览
- 添加 Git 忽略文件配置和 Docker 挂载路径修复

BREAKING CHANGE: Outlook 集成现在需要配置 MCP URL 和服务器 ID 环境变量
2026-03-16 17:01:58 +08:00

547 lines
15 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
set -euo pipefail
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
REGISTRY_TOOL="${SCRIPT_DIR}/instance-registry.py"
IMAGE_NAME="${IMAGE_NAME:-nano/app-instance:latest}"
INSTANCES_ROOT_DEFAULT="${SCRIPT_DIR}/runtime/instances"
REGISTRY_PATH_DEFAULT="${SCRIPT_DIR}/runtime/registry/instances.json"
KNOWN_PROVIDERS=" custom anthropic openai openrouter deepseek groq zhipu dashscope vllm gemini moonshot minimax aihubmix siliconflow volcengine "
INSTANCE_ID=""
INSTANCE_SLUG=""
CONTAINER_NAME=""
HOST_PORT=""
PUBLIC_URL=""
AUTHZ_BASE_URL=""
AUTHZ_OUTLOOK_MCP_URL=""
OUTLOOK_MCP_SERVER_ID="${OUTLOOK_MCP_SERVER_ID:-outlook_mcp}"
BACKEND_ID=""
CLIENT_ID=""
CLIENT_SECRET=""
BACKEND_NAME=""
MODEL="openai/gpt-5"
PROVIDER="openai"
API_KEY="${API_KEY:-}"
API_BASE="${API_BASE:-}"
AUTH_USERNAME=""
AUTH_PASSWORD=""
USERNAME=""
EMAIL=""
INSTANCE_HOST=""
AUTH_PORTAL_URL="${AUTH_PORTAL_URL:-}"
AUTH_PORTAL_PORT="${AUTH_PORTAL_PORT:-3081}"
INSTANCES_ROOT="${INSTANCES_ROOT:-$INSTANCES_ROOT_DEFAULT}"
REGISTRY_PATH="${REGISTRY_PATH:-$REGISTRY_PATH_DEFAULT}"
NETWORK_NAME="${NETWORK_NAME:-}"
HOST_BIND_IP="${HOST_BIND_IP:-127.0.0.1}"
FORCE_BUILD=0
REPLACE=0
usage() {
cat <<'EOF'
Usage:
./create-instance.sh --instance-id demo --auth-username admin --auth-password 123456 --api-key sk-xxx [options]
Required:
--instance-id <id> Unique instance id.
--auth-username <name> Initial web login username.
--auth-password <password> Initial web login password.
--api-key <key> Provider API key for nanobot.
Optional:
--image <name> Docker image tag. Default: nano/app-instance:latest
--container-name <name> Docker container name. Default: app-instance-<slug>
--host-port <port> Host port to publish. Default: auto-pick from 20000-29999.
--public-url <url> Public URL exposed to users. Default: http://127.0.0.1:<host-port>
--provider <name> Provider key in config.json. Default: openai
--api-base <url> Optional custom provider base URL.
--model <name> Model name. Default: openai/gpt-5
--authz-base-url <url> AuthZ service base URL.
--authz-outlook-mcp-url <url>
Managed Outlook MCP URL for AuthZ mode.
--outlook-mcp-server-id <id>
Default Outlook MCP server id. Default: outlook_mcp
--backend-id <id> Pre-assigned backend id.
--client-id <id> Pre-assigned AuthZ client id.
--client-secret <secret> Pre-assigned AuthZ client secret.
--backend-name <name> Display name in backend identity.
--auth-portal-url <url> Shared auth portal URL used when building the image.
--auth-portal-port <port> Fallback auth portal port. Default: 3081
--username <name> Registry username owner. Default: auth username
--email <value> Registry email owner.
--instance-host <host> Public host used by reverse proxy, for registry only.
--instances-root <path> Instance data root. Default: ./runtime/instances
--registry <path> Registry JSON path. Default: ./runtime/registry/instances.json
--network <name> Optional docker network name.
--host-bind-ip <ip> Host bind IP for published port. Default: 127.0.0.1
--build Force rebuild image before running.
--replace Remove existing container with same name before running.
--help Show this help.
EOF
}
log() {
printf '[create-instance] %s\n' "$*"
}
die() {
printf '[create-instance] %s\n' "$*" >&2
exit 1
}
slugify() {
local input="$1"
local output
output="$(printf '%s' "$input" | tr '[:upper:]' '[:lower:]' | sed -E 's/[^a-z0-9._-]+/-/g; s/^-+//; s/-+$//')"
if [[ -z "$output" ]]; then
die "instance id produced an empty slug"
fi
printf '%s' "$output"
}
pick_free_port() {
local args=(
--registry "$REGISTRY_PATH"
next-port
--start 20000
--end 29999
)
if [[ -n "$INSTANCE_ID" ]]; then
args+=(--exclude-instance-id "$INSTANCE_ID")
fi
"$REGISTRY_TOOL" "${args[@]}"
}
extract_url_host() {
local input_url="$1"
INPUT_URL="$input_url" python3 - <<'PY'
import os
from urllib.parse import urlsplit
value = os.environ["INPUT_URL"].strip()
parts = urlsplit(value)
print(parts.hostname or "")
PY
}
render_config_json() {
local target_path="$1"
TARGET_PATH="$target_path" \
MODEL="$MODEL" \
PROVIDER="$PROVIDER" \
API_KEY="$API_KEY" \
API_BASE="$API_BASE" \
AUTHZ_BASE_URL="$AUTHZ_BASE_URL" \
AUTHZ_OUTLOOK_MCP_URL="$AUTHZ_OUTLOOK_MCP_URL" \
OUTLOOK_MCP_SERVER_ID="$OUTLOOK_MCP_SERVER_ID" \
BACKEND_ID="$BACKEND_ID" \
CLIENT_ID="$CLIENT_ID" \
CLIENT_SECRET="$CLIENT_SECRET" \
BACKEND_NAME="$BACKEND_NAME" \
PUBLIC_URL="$PUBLIC_URL" \
python3 - <<'PY'
import json
import os
from pathlib import Path
target = Path(os.environ["TARGET_PATH"])
provider = os.environ["PROVIDER"]
outlook_mcp_url = os.environ["AUTHZ_OUTLOOK_MCP_URL"].strip()
outlook_server_id = os.environ["OUTLOOK_MCP_SERVER_ID"].strip() or "outlook_mcp"
provider_cfg = {"apiKey": os.environ["API_KEY"]}
api_base = os.environ["API_BASE"].strip()
if api_base:
provider_cfg["apiBase"] = api_base
outlook_tool_names = [
"auth_status",
"mail_list_folders",
"mail_list_messages",
"mail_search_messages",
"mail_get_message",
"mail_send_email",
"mail_reply_to_message",
"mail_forward_message",
"mail_move_message",
"mail_delta_sync",
"calendar_list_events",
"calendar_create_event",
"calendar_update_event",
"calendar_get_schedule",
"calendar_find_meeting_times",
"calendar_delta_sync",
]
default_mcp_servers = {}
if outlook_mcp_url:
default_mcp_servers[outlook_server_id] = {
"command": "",
"args": [],
"env": {},
"url": outlook_mcp_url,
"headers": {},
"authMode": "oauth_backend_token",
"authAudience": f"mcp:{outlook_server_id}",
"authScopes": ["list_tools", *[f"tool:{name}" for name in outlook_tool_names]],
"toolTimeout": 60,
"sensitive": True,
}
data = {
"agents": {
"defaults": {
"workspace": "/root/.nanobot/workspace",
"model": os.environ["MODEL"],
}
},
"providers": {
provider: provider_cfg,
},
"tools": {
"restrictToWorkspace": True,
"mcpServers": default_mcp_servers,
},
"authz": {
"enabled": bool(os.environ["AUTHZ_BASE_URL"].strip()),
"baseUrl": os.environ["AUTHZ_BASE_URL"].strip() or "http://127.0.0.1:19090",
"requestTimeoutSeconds": 10,
"outlookMcpUrl": outlook_mcp_url,
},
"backend_identity": {
"backendId": os.environ["BACKEND_ID"].strip(),
"clientId": os.environ["CLIENT_ID"].strip(),
"clientSecret": os.environ["CLIENT_SECRET"].strip(),
"name": os.environ["BACKEND_NAME"].strip(),
"publicBaseUrl": os.environ["PUBLIC_URL"].strip(),
},
}
target.write_text(json.dumps(data, indent=2, ensure_ascii=False) + "\n", encoding="utf-8")
PY
}
render_auth_users_json() {
local target_path="$1"
TARGET_PATH="$target_path" \
AUTH_USERNAME="$AUTH_USERNAME" \
AUTH_PASSWORD="$AUTH_PASSWORD" \
python3 - <<'PY'
import json
import os
from pathlib import Path
target = Path(os.environ["TARGET_PATH"])
data = {
"users": [
{
"username": os.environ["AUTH_USERNAME"],
"password": os.environ["AUTH_PASSWORD"],
}
]
}
target.write_text(json.dumps(data, indent=2, ensure_ascii=False) + "\n", encoding="utf-8")
PY
}
image_exists() {
docker image inspect "$IMAGE_NAME" >/dev/null 2>&1
}
container_exists() {
docker container inspect "$CONTAINER_NAME" >/dev/null 2>&1
}
while [[ $# -gt 0 ]]; do
case "$1" in
--instance-id)
INSTANCE_ID="${2:-}"
shift 2
;;
--image)
IMAGE_NAME="${2:-}"
shift 2
;;
--container-name)
CONTAINER_NAME="${2:-}"
shift 2
;;
--host-port)
HOST_PORT="${2:-}"
shift 2
;;
--public-url)
PUBLIC_URL="${2:-}"
shift 2
;;
--provider)
PROVIDER="${2:-}"
shift 2
;;
--api-key)
API_KEY="${2:-}"
shift 2
;;
--api-base)
API_BASE="${2:-}"
shift 2
;;
--model)
MODEL="${2:-}"
shift 2
;;
--auth-username)
AUTH_USERNAME="${2:-}"
shift 2
;;
--auth-password)
AUTH_PASSWORD="${2:-}"
shift 2
;;
--username)
USERNAME="${2:-}"
shift 2
;;
--email)
EMAIL="${2:-}"
shift 2
;;
--instance-host)
INSTANCE_HOST="${2:-}"
shift 2
;;
--authz-base-url)
AUTHZ_BASE_URL="${2:-}"
shift 2
;;
--authz-outlook-mcp-url)
AUTHZ_OUTLOOK_MCP_URL="${2:-}"
shift 2
;;
--outlook-mcp-server-id)
OUTLOOK_MCP_SERVER_ID="${2:-}"
shift 2
;;
--backend-id)
BACKEND_ID="${2:-}"
shift 2
;;
--client-id)
CLIENT_ID="${2:-}"
shift 2
;;
--client-secret)
CLIENT_SECRET="${2:-}"
shift 2
;;
--backend-name)
BACKEND_NAME="${2:-}"
shift 2
;;
--auth-portal-url)
AUTH_PORTAL_URL="${2:-}"
shift 2
;;
--auth-portal-port)
AUTH_PORTAL_PORT="${2:-}"
shift 2
;;
--instances-root)
INSTANCES_ROOT="${2:-}"
shift 2
;;
--registry)
REGISTRY_PATH="${2:-}"
shift 2
;;
--network)
NETWORK_NAME="${2:-}"
shift 2
;;
--host-bind-ip)
HOST_BIND_IP="${2:-}"
shift 2
;;
--build)
FORCE_BUILD=1
shift
;;
--replace)
REPLACE=1
shift
;;
--help|-h)
usage
exit 0
;;
*)
die "unknown argument: $1"
;;
esac
done
[[ -n "$INSTANCE_ID" ]] || die "--instance-id is required"
[[ -n "$AUTH_USERNAME" ]] || die "--auth-username is required"
[[ -n "$AUTH_PASSWORD" ]] || die "--auth-password is required"
[[ -n "$API_KEY" ]] || die "--api-key is required"
INSTANCE_SLUG="$(slugify "$INSTANCE_ID")"
USERNAME="${USERNAME:-$AUTH_USERNAME}"
EXISTING_RECORD_JSON=""
EXISTING_CONTAINER_NAME=""
EXISTING_HOST_PORT=""
if EXISTING_RECORD_JSON="$("$REGISTRY_TOOL" --registry "$REGISTRY_PATH" get --instance-id "$INSTANCE_ID" 2>/dev/null)"; then
EXISTING_CONTAINER_NAME="$(printf '%s' "$EXISTING_RECORD_JSON" | python3 -c 'import json,sys; print(json.load(sys.stdin)["container_name"])')"
EXISTING_HOST_PORT="$(printf '%s' "$EXISTING_RECORD_JSON" | python3 -c 'import json,sys; print(json.load(sys.stdin)["host_port"])')"
if [[ "$REPLACE" -ne 1 ]]; then
die "instance already exists in registry: ${INSTANCE_ID} (use --replace to recreate)"
fi
fi
CONTAINER_NAME="${CONTAINER_NAME:-${EXISTING_CONTAINER_NAME:-app-instance-${INSTANCE_SLUG}}}"
BACKEND_NAME="${BACKEND_NAME:-${INSTANCE_ID}}"
if [[ -z "$HOST_PORT" ]]; then
HOST_PORT="${EXISTING_HOST_PORT:-$(pick_free_port)}"
fi
if [[ -z "$PUBLIC_URL" ]]; then
PUBLIC_URL="http://127.0.0.1:${HOST_PORT}"
fi
if [[ -z "$INSTANCE_HOST" ]]; then
INSTANCE_HOST="$(extract_url_host "$PUBLIC_URL")"
fi
case "$KNOWN_PROVIDERS" in
*" ${PROVIDER} "*) ;;
*) die "unsupported provider '${PROVIDER}'" ;;
esac
if [[ -n "$BACKEND_ID$CLIENT_ID$CLIENT_SECRET" ]]; then
[[ -n "$BACKEND_ID" && -n "$CLIENT_ID" && -n "$CLIENT_SECRET" ]] || die "backend identity requires --backend-id, --client-id and --client-secret together"
fi
if PORT_HOLDER_JSON="$("$REGISTRY_TOOL" --registry "$REGISTRY_PATH" get --container-name "$CONTAINER_NAME" 2>/dev/null)"; then
REGISTERED_ID="$(printf '%s' "$PORT_HOLDER_JSON" | python3 -c 'import json,sys; print(json.load(sys.stdin)["instance_id"])')"
if [[ "$REGISTERED_ID" != "$INSTANCE_ID" && "$REPLACE" -ne 1 ]]; then
die "container name already registered for another instance: ${CONTAINER_NAME}"
fi
fi
if PORT_HOLDER_JSON="$("$REGISTRY_TOOL" --registry "$REGISTRY_PATH" list --json)"; then
PORT_CONFLICT_ID="$(PORT_HOLDER_JSON="$PORT_HOLDER_JSON" python3 - "$HOST_PORT" "$INSTANCE_ID" <<'PY'
import json
import os
import sys
port = int(sys.argv[1])
instance_id = sys.argv[2]
for item in json.loads(os.environ["PORT_HOLDER_JSON"]).get("instances", []):
if int(item.get("host_port", 0) or 0) == port and item.get("instance_id") != instance_id:
print(item.get("instance_id", ""))
break
PY
)"
if [[ -n "$PORT_CONFLICT_ID" ]]; then
die "host port already registered by another instance: ${HOST_PORT} (${PORT_CONFLICT_ID})"
fi
fi
INSTANCE_ROOT="${INSTANCES_ROOT}/${INSTANCE_SLUG}"
NANOBOT_HOME="${INSTANCE_ROOT}/nanobot-home"
CONFIG_PATH="${NANOBOT_HOME}/config.json"
AUTH_USERS_PATH="${NANOBOT_HOME}/web_auth_users.json"
WORKSPACE_PATH="${NANOBOT_HOME}/workspace"
mkdir -p "$NANOBOT_HOME" "$WORKSPACE_PATH"
render_config_json "$CONFIG_PATH"
render_auth_users_json "$AUTH_USERS_PATH"
if [[ "$FORCE_BUILD" -eq 1 ]] || ! image_exists; then
log "building image ${IMAGE_NAME}"
docker build \
--build-arg "NEXT_PUBLIC_AUTH_PORTAL_URL=${AUTH_PORTAL_URL}" \
--build-arg "NEXT_PUBLIC_AUTH_PORTAL_PORT=${AUTH_PORTAL_PORT}" \
-t "$IMAGE_NAME" \
"$SCRIPT_DIR"
fi
if container_exists; then
if [[ "$REPLACE" -eq 1 ]]; then
log "removing existing container ${CONTAINER_NAME}"
docker rm -f "$CONTAINER_NAME" >/dev/null
else
die "container already exists: ${CONTAINER_NAME} (use --replace to recreate)"
fi
fi
RUN_ARGS=(
-d
--name "$CONTAINER_NAME"
--restart unless-stopped
-p "${HOST_BIND_IP}:${HOST_PORT}:8080"
-v "${NANOBOT_HOME}:/root/.nanobot"
-e "NANOBOT_AUTH_FILE=/root/.nanobot/web_auth_users.json"
-e "NANOBOT_FRONTEND_PUBLIC_BASE_URL=${PUBLIC_URL}"
-e "APP_PUBLIC_PORT=8080"
-e "APP_FRONTEND_PORT=3000"
-e "APP_BACKEND_PORT=18080"
-e "NANOBOT_OUTLOOK_MCP_SERVER_ID=${OUTLOOK_MCP_SERVER_ID}"
--label "nano.instance.id=${INSTANCE_ID}"
--label "nano.instance.slug=${INSTANCE_SLUG}"
--label "nano.instance.public_url=${PUBLIC_URL}"
)
if [[ -n "$NETWORK_NAME" ]]; then
RUN_ARGS+=(--network "$NETWORK_NAME")
fi
log "starting container ${CONTAINER_NAME}"
docker run "${RUN_ARGS[@]}" "$IMAGE_NAME" >/dev/null
"$REGISTRY_TOOL" --registry "$REGISTRY_PATH" upsert \
--instance-id "$INSTANCE_ID" \
--instance-slug "$INSTANCE_SLUG" \
--container-name "$CONTAINER_NAME" \
--image-name "$IMAGE_NAME" \
--host-port "$HOST_PORT" \
--public-url "$PUBLIC_URL" \
--instance-root "$INSTANCE_ROOT" \
--nanobot-home "$NANOBOT_HOME" \
--config-path "$CONFIG_PATH" \
--auth-users-path "$AUTH_USERS_PATH" \
--network-name "$NETWORK_NAME" \
--backend-id "$BACKEND_ID" \
--backend-name "$BACKEND_NAME" \
--authz-base-url "$AUTHZ_BASE_URL" \
--username "$USERNAME" \
--email "$EMAIL" \
--instance-host "$INSTANCE_HOST" \
--frontend-base-url "$PUBLIC_URL" \
--api-base-url "$PUBLIC_URL" \
--created-at "$(date -u +"%Y-%m-%dT%H:%M:%SZ")" >/dev/null
cat <<EOF
instance_id=${INSTANCE_ID}
instance_slug=${INSTANCE_SLUG}
container_name=${CONTAINER_NAME}
image_name=${IMAGE_NAME}
host_port=${HOST_PORT}
public_url=${PUBLIC_URL}
instance_root=${INSTANCE_ROOT}
nanobot_home=${NANOBOT_HOME}
config_path=${CONFIG_PATH}
auth_users_path=${AUTH_USERS_PATH}
username=${USERNAME}
email=${EMAIL}
instance_host=${INSTANCE_HOST}
host_bind_ip=${HOST_BIND_IP}
EOF
Reference in New Issue View Git Blame Copy Permalink