feat: add safe agent writeback flow

2026-05-25 21:06:32 +08:00
parent ba975112de
commit 4b5237fda2
19 changed files with 969 additions and 24 deletions
--- a/internal/agents/writeback_test.go
+++ b/internal/agents/writeback_test.go
@@ -0,0 +1,161 @@
+package agents
+
+import (
+	"errors"
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+)
+
+func TestValidateInvalidTOMLReturnsInvalidAndDoesNotWrite(t *testing.T) {
+	store, target := writebackFixture(t, `name = "旧名称"`+"\n")
+
+	got, err := store.ValidateDraft("backend", `name = "未闭合`+"\n")
+	if err != nil {
+		t.Fatalf("ValidateDraft returned error: %v", err)
+	}
+	if got.Valid {
+		t.Fatalf("validation should be invalid: %#v", got)
+	}
+	if len(got.Errors) == 0 {
+		t.Fatalf("expected validation errors: %#v", got)
+	}
+	assertFileContent(t, target, `name = "旧名称"`+"\n")
+}
+
+func TestValidateValidTOMLReturnsDiffAndCurrentHash(t *testing.T) {
+	store, _ := writebackFixture(t, `name = "旧名称"`+"\ndescription = \"旧描述\"\n")
+
+	got, err := store.ValidateDraft("backend", `name = "新名称"`+"\ndescription = \"旧描述\"\n")
+	if err != nil {
+		t.Fatalf("ValidateDraft returned error: %v", err)
+	}
+	if !got.Valid {
+		t.Fatalf("validation should be valid: %#v", got)
+	}
+	if got.CurrentHash == "" {
+		t.Fatalf("current hash must be returned: %#v", got)
+	}
+	if !strings.Contains(got.Diff, `-name = "旧名称"`) || !strings.Contains(got.Diff, `+name = "新名称"`) {
+		t.Fatalf("diff does not show changed line: %q", got.Diff)
+	}
+	if len(got.FieldChanges) != 1 || got.FieldChanges[0].Field != "name" {
+		t.Fatalf("unexpected field changes: %#v", got.FieldChanges)
+	}
+}
+
+func TestWriteInvalidTOMLRejectsAndLeavesOriginal(t *testing.T) {
+	store, target := writebackFixture(t, `name = "旧名称"`+"\n")
+	validation, err := store.ValidateDraft("backend", `name = "新名称"`+"\n")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	_, err = store.WriteDraft("backend", `name = "未闭合`+"\n", validation.CurrentHash)
+	if err == nil {
+		t.Fatal("expected invalid TOML write to be rejected")
+	}
+	assertFileContent(t, target, `name = "旧名称"`+"\n")
+}
+
+func TestWriteExpectedHashMismatchRejectsAndLeavesOriginal(t *testing.T) {
+	store, target := writebackFixture(t, `name = "旧名称"`+"\n")
+	validation, err := store.ValidateDraft("backend", `name = "新名称"`+"\n")
+	if err != nil {
+		t.Fatal(err)
+	}
+	if err := os.WriteFile(target, []byte(`name = "用户已改"`+"\n"), 0o644); err != nil {
+		t.Fatal(err)
+	}
+
+	_, err = store.WriteDraft("backend", `name = "新名称"`+"\n", validation.CurrentHash)
+	if !errors.Is(err, ErrWriteConflict) {
+		t.Fatalf("expected conflict error, got %v", err)
+	}
+	assertFileContent(t, target, `name = "用户已改"`+"\n")
+}
+
+func TestWriteSuccessCreatesBackupAndAtomicallyWrites(t *testing.T) {
+	store, target := writebackFixture(t, `name = "旧名称"`+"\n")
+	validation, err := store.ValidateDraft("backend", `name = "新名称"`+"\n")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	got, err := store.WriteDraft("backend", `name = "新名称"`+"\n", validation.CurrentHash)
+	if err != nil {
+		t.Fatalf("WriteDraft returned error: %v", err)
+	}
+	if got.Status != "written" || got.TargetPath != target || got.BackupPath == "" {
+		t.Fatalf("unexpected write result: %#v", got)
+	}
+	assertFileContent(t, target, `name = "新名称"`+"\n")
+	assertFileContent(t, got.BackupPath, `name = "旧名称"`+"\n")
+}
+
+func TestWriteRejectsUnsafeIDAndSymlinks(t *testing.T) {
+	store, target := writebackFixture(t, `name = "旧名称"`+"\n")
+	validation, err := store.ValidateDraft("backend", `name = "新名称"`+"\n")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	for _, id := range []string{"../backend", "nested/backend", "/tmp/backend", "backend.toml"} {
+		t.Run("unsafe id "+id, func(t *testing.T) {
+			if _, err := store.ValidateDraft(id, `name = "x"`+"\n"); err == nil {
+				t.Fatal("expected unsafe validate id to be rejected")
+			}
+			if _, err := store.WriteDraft(id, `name = "x"`+"\n", validation.CurrentHash); err == nil {
+				t.Fatal("expected unsafe write id to be rejected")
+			}
+		})
+	}
+
+	if err := os.Remove(target); err != nil {
+		t.Fatal(err)
+	}
+	if err := os.Symlink("../config.toml", target); err != nil {
+		t.Fatal(err)
+	}
+	if _, err := store.WriteDraft("backend", `name = "新名称"`+"\n", validation.CurrentHash); err == nil {
+		t.Fatal("expected symlink leaf to be rejected")
+	}
+
+	root := t.TempDir()
+	if err := os.WriteFile(filepath.Join(root, "config.toml"), []byte(`name = "secret"`), 0o600); err != nil {
+		t.Fatal(err)
+	}
+	if err := os.Symlink(".", filepath.Join(root, "agents")); err != nil {
+		t.Fatal(err)
+	}
+	symlinkedStore := Store{CodexHome: root}
+	if _, err := symlinkedStore.WriteDraft("backend", `name = "x"`+"\n", validation.CurrentHash); err == nil {
+		t.Fatal("expected symlinked agents directory to be rejected")
+	}
+}
+
+func writebackFixture(t *testing.T, content string) (Store, string) {
+	t.Helper()
+	root := t.TempDir()
+	agentsDir := filepath.Join(root, "agents")
+	if err := os.MkdirAll(agentsDir, 0o755); err != nil {
+		t.Fatal(err)
+	}
+	target := filepath.Join(agentsDir, "backend.toml")
+	if err := os.WriteFile(target, []byte(content), 0o644); err != nil {
+		t.Fatal(err)
+	}
+	return Store{CodexHome: root}, target
+}
+
+func assertFileContent(t *testing.T, path string, want string) {
+	t.Helper()
+	got, err := os.ReadFile(path)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if string(got) != want {
+		t.Fatalf("%s content = %q, want %q", path, string(got), want)
+	}
+}