yangyl/codex-agent-manager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: validate agent toml boundaries

Browse Source
This commit is contained in:
Yoilun
2026-05-25 17:58:22 +08:00
parent fee920a895
commit 425e11c444
4 changed files with 124 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
progress.md
View File

@@ -11,6 +11,8 @@
| 2026-05-25 | 1 | review loop | 规格复审发现 `ResolveAgentTOML` 可经 `agents/demo.toml -> ../auth.json` symlink 绕过 forbidden 检查 | 已按 TDD 修复,并通过最终门禁 |
| 2026-05-25 | planning | main agent | 修正 task_plan.md 阶段命名,与实施计划 Task 2-7 对齐 | 下一阶段明确为 Agent TOML 只读读取 |
| 2026-05-25 | 2 | coding agent | TDD 实现 Agent TOML 只读读取和 `/api/agents` | 完成;提交 `feat: read codex agent definitions` |
| 2026-05-25 | 2 | spec review | 规格审查未通过:重复键 TOML 可 validagent symlink 可读取 root `config.toml` | coding agent 按 blocking 范围修复 |
| 2026-05-25 | 2 | coding agent | TDD 修复 agent TOML parser 和 symlink 边界 | 完成;提交 `fix: validate agent toml boundaries` |
## Test Results
@@ -44,6 +46,12 @@
| 2026-05-25 | `go test ./...` | PASS | Required verification |
| 2026-05-25 | `git diff --check` | PASS | Required verification |
| 2026-05-25 | `git status --short` | PASS | Required verificationPhase 2 文件待提交 |
| 2026-05-25 | `go test ./internal/agents` | FAIL | TDD 红灯duplicate key、invalid key、`agents/leak.toml -> ../config.toml` 均被错误报告为 valid/泄漏内容 |
| 2026-05-25 | `go test ./internal/agents` | PASS | duplicate key 和 invalid key 返回 invalidagent TOML symlink 被拒绝且不读取非 agent TOML |
| 2026-05-25 | `go test ./internal/codexhome` | PASS | Required verification |
| 2026-05-25 | `go test ./...` | PASS | Required verification |
| 2026-05-25 | `git diff --check` | PASS | Required verification |
| 2026-05-25 | `git status --short` | PASS | Required verificationPhase 2 review fix 文件待提交 |
## Bug Loop
@@ -54,3 +62,5 @@
| 1 | 缺少操作域 resolver通用 `ResolveInside` 容易误用 | 新增 `ResolveAgentTOML`,只允许 `agents/` 直属 `.toml` 文件名 | `go test ./internal/codexhome` PASS |
| 1 | `docs/project.md` 记录 `CODEX_HOME` 但默认配置未读取 | `DefaultConfig` 增加 `CODEX_HOME` 非空 override | `go test ./internal/app` PASS |
| 1 | `ResolveAgentTOML` 可通过 `agents/*.toml` symlink 指向 root `auth.json` 绕过 forbidden 检查 | 在 symlink 解析后对 evaluated final target 再执行 forbidden 检查 | `go test ./internal/codexhome` PASS |
| 2 | Agent TOML parser 对重复键使用 map 覆盖,且未校验 bare key | 增加 duplicate key 和 invalid key 检测,遇到 malformed TOML 返回单条 invalid | `go test ./internal/agents` PASS |
| 2 | Agent symlink 只校验最终路径在 Codex home 内,可读取 root `config.toml` | 在 agent store 层拒绝 `.toml` symlink避免读取非 agent TOML 内容 | `go test ./internal/agents` PASS |