feat: add safe agent writeback flow

internal/server/server.go

@@ -2,10 +2,13 @@ package server
 
 import (
 	"encoding/json"
+	"errors"
 	"net/http"
+	"strings"
 
 	"codex-agent-manager/internal/agents"
 	"codex-agent-manager/internal/app"
+	"codex-agent-manager/internal/codexhome"
 	"codex-agent-manager/internal/projects"
 	"codex-agent-manager/internal/runtime"
 	"codex-agent-manager/internal/workflow"
@@ -37,6 +40,25 @@ func New(cfg app.Config) http.Handler {
 		}
 		writeJSON(w, http.StatusOK, map[string]any{"items": items})
 	})
+	mux.HandleFunc("/api/agents/", func(w http.ResponseWriter, r *http.Request) {
+		id, action, ok := parseAgentActionPath(r.URL.Path)
+		if !ok {
+			http.NotFound(w, r)
+			return
+		}
+		if r.Method != http.MethodPost {
+			writeJSON(w, http.StatusMethodNotAllowed, map[string]string{"error": "方法不允许"})
+			return
+		}
+		switch action {
+		case "validate":
+			handleAgentValidate(w, r, agentStore, id)
+		case "write":
+			handleAgentWrite(w, r, agentStore, id)
+		default:
+			http.NotFound(w, r)
+		}
+	})
 	mux.HandleFunc("/api/projects", func(w http.ResponseWriter, r *http.Request) {
 		if r.Method != http.MethodGet {
 			writeJSON(w, http.StatusMethodNotAllowed, map[string]string{"error": "方法不允许"})
@@ -87,6 +109,62 @@ func New(cfg app.Config) http.Handler {
 	return mux
 }
 
+type validateRequest struct {
+	Content string `json:"content"`
+}
+
+type writeRequest struct {
+	Content      string `json:"content"`
+	ExpectedHash string `json:"expectedHash"`
+}
+
+func parseAgentActionPath(path string) (string, string, bool) {
+	rest := strings.TrimPrefix(path, "/api/agents/")
+	parts := strings.Split(rest, "/")
+	if len(parts) != 2 || parts[0] == "" || parts[1] == "" {
+		return "", "", false
+	}
+	return parts[0], parts[1], true
+}
+
+func handleAgentValidate(w http.ResponseWriter, r *http.Request, store agents.Store, id string) {
+	var body validateRequest
+	if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
+		writeJSON(w, http.StatusBadRequest, map[string]string{"error": "请求体不是有效 JSON"})
+		return
+	}
+	result, err := store.ValidateDraft(id, body.Content)
+	if err != nil {
+		writeAgentError(w, err)
+		return
+	}
+	writeJSON(w, http.StatusOK, result)
+}
+
+func handleAgentWrite(w http.ResponseWriter, r *http.Request, store agents.Store, id string) {
+	var body writeRequest
+	if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
+		writeJSON(w, http.StatusBadRequest, map[string]string{"error": "请求体不是有效 JSON"})
+		return
+	}
+	result, err := store.WriteDraft(id, body.Content, body.ExpectedHash)
+	if err != nil {
+		writeAgentError(w, err)
+		return
+	}
+	writeJSON(w, http.StatusOK, result)
+}
+
+func writeAgentError(w http.ResponseWriter, err error) {
+	status := http.StatusBadRequest
+	if errors.Is(err, agents.ErrWriteConflict) {
+		status = http.StatusConflict
+	} else if errors.Is(err, codexhome.ErrForbiddenPath) || errors.Is(err, codexhome.ErrOutsideCodexHome) {
+		status = http.StatusForbidden
+	}
+	writeJSON(w, status, map[string]string{"error": err.Error()})
+}
+
 func writeJSON(w http.ResponseWriter, status int, body any) {
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(status)

internal/server/server_test.go

@@ -1,12 +1,14 @@
 package server
 
 import (
+	"bytes"
 	"database/sql"
 	"encoding/json"
 	"net/http"
 	"net/http/httptest"
 	"os"
 	"path/filepath"
+	"strings"
 	"testing"
 
 	"codex-agent-manager/internal/app"
@@ -199,3 +201,113 @@ func TestReadOnlyEndpointsRejectUnsupportedMethods(t *testing.T) {
 		}
 	}
 }
+
+func TestAgentValidateEndpointReturnsDiffAndRejectsUnsupportedMethods(t *testing.T) {
+	root := t.TempDir()
+	agentsDir := filepath.Join(root, "agents")
+	if err := os.MkdirAll(agentsDir, 0o755); err != nil {
+		t.Fatal(err)
+	}
+	if err := os.WriteFile(filepath.Join(agentsDir, "backend.toml"), []byte(`name = "旧名称"`+"\n"), 0o644); err != nil {
+		t.Fatal(err)
+	}
+
+	req := httptest.NewRequest(http.MethodPost, "/api/agents/backend/validate", bytes.NewBufferString(`{"content":"name = \"新名称\"\n"}`))
+	rec := httptest.NewRecorder()
+	New(app.Config{CodexHome: root, HTTPAddr: "127.0.0.1:0"}).ServeHTTP(rec, req)
+
+	if rec.Code != http.StatusOK {
+		t.Fatalf("status = %d, body = %s", rec.Code, rec.Body.String())
+	}
+	var body struct {
+		Valid       bool   `json:"valid"`
+		Diff        string `json:"diff"`
+		CurrentHash string `json:"currentHash"`
+		TargetPath  string `json:"targetPath"`
+	}
+	if err := json.Unmarshal(rec.Body.Bytes(), &body); err != nil {
+		t.Fatalf("invalid json: %v", err)
+	}
+	if !body.Valid || body.CurrentHash == "" || body.TargetPath == "" || !strings.Contains(body.Diff, "新名称") {
+		t.Fatalf("unexpected validate body: %#v", body)
+	}
+
+	req = httptest.NewRequest(http.MethodGet, "/api/agents/backend/validate", nil)
+	rec = httptest.NewRecorder()
+	New(app.Config{CodexHome: root, HTTPAddr: "127.0.0.1:0"}).ServeHTTP(rec, req)
+	if rec.Code != http.StatusMethodNotAllowed {
+		t.Fatalf("GET validate status = %d, want %d", rec.Code, http.StatusMethodNotAllowed)
+	}
+}
+
+func TestAgentValidateEndpointReturnsBadRequestForInvalidBody(t *testing.T) {
+	req := httptest.NewRequest(http.MethodPost, "/api/agents/backend/validate", bytes.NewBufferString(`{`))
+	rec := httptest.NewRecorder()
+	New(app.Config{CodexHome: t.TempDir(), HTTPAddr: "127.0.0.1:0"}).ServeHTTP(rec, req)
+
+	if rec.Code != http.StatusBadRequest {
+		t.Fatalf("status = %d, body = %s", rec.Code, rec.Body.String())
+	}
+}
+
+func TestAgentWriteEndpointCreatesBackupAndRejectsConflicts(t *testing.T) {
+	root := t.TempDir()
+	agentsDir := filepath.Join(root, "agents")
+	target := filepath.Join(agentsDir, "backend.toml")
+	if err := os.MkdirAll(agentsDir, 0o755); err != nil {
+		t.Fatal(err)
+	}
+	if err := os.WriteFile(target, []byte(`name = "旧名称"`+"\n"), 0o644); err != nil {
+		t.Fatal(err)
+	}
+	handler := New(app.Config{CodexHome: root, HTTPAddr: "127.0.0.1:0"})
+	validateReq := httptest.NewRequest(http.MethodPost, "/api/agents/backend/validate", bytes.NewBufferString(`{"content":"name = \"新名称\"\n"}`))
+	validateRec := httptest.NewRecorder()
+	handler.ServeHTTP(validateRec, validateReq)
+	if validateRec.Code != http.StatusOK {
+		t.Fatalf("validate status = %d, body = %s", validateRec.Code, validateRec.Body.String())
+	}
+	var validation struct {
+		CurrentHash string `json:"currentHash"`
+	}
+	if err := json.Unmarshal(validateRec.Body.Bytes(), &validation); err != nil {
+		t.Fatal(err)
+	}
+
+	writeBody := `{"content":"name = \"新名称\"\n","expectedHash":"` + validation.CurrentHash + `"}`
+	writeReq := httptest.NewRequest(http.MethodPost, "/api/agents/backend/write", bytes.NewBufferString(writeBody))
+	writeRec := httptest.NewRecorder()
+	handler.ServeHTTP(writeRec, writeReq)
+
+	if writeRec.Code != http.StatusOK {
+		t.Fatalf("write status = %d, body = %s", writeRec.Code, writeRec.Body.String())
+	}
+	var written struct {
+		Status     string `json:"status"`
+		TargetPath string `json:"targetPath"`
+		BackupPath string `json:"backupPath"`
+	}
+	if err := json.Unmarshal(writeRec.Body.Bytes(), &written); err != nil {
+		t.Fatal(err)
+	}
+	if written.Status != "written" || written.TargetPath != target || written.BackupPath == "" {
+		t.Fatalf("unexpected write body: %#v", written)
+	}
+	if data, err := os.ReadFile(target); err != nil || string(data) != `name = "新名称"`+"\n" {
+		t.Fatalf("target content = %q, err = %v", string(data), err)
+	}
+
+	conflictReq := httptest.NewRequest(http.MethodPost, "/api/agents/backend/write", bytes.NewBufferString(writeBody))
+	conflictRec := httptest.NewRecorder()
+	handler.ServeHTTP(conflictRec, conflictReq)
+	if conflictRec.Code != http.StatusConflict {
+		t.Fatalf("conflict status = %d, want %d, body = %s", conflictRec.Code, http.StatusConflict, conflictRec.Body.String())
+	}
+
+	getReq := httptest.NewRequest(http.MethodGet, "/api/agents/backend/write", nil)
+	getRec := httptest.NewRecorder()
+	handler.ServeHTTP(getRec, getReq)
+	if getRec.Code != http.StatusMethodNotAllowed {
+		t.Fatalf("GET write status = %d, want %d", getRec.Code, http.StatusMethodNotAllowed)
+	}
+}