yangyl/codex-agent-manager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: bind writeback operations to agents directory

Browse Source
This commit is contained in:
Yoilun
2026-05-25 21:42:02 +08:00
parent d7b75a1112
commit d3bc73ba29
5 changed files with 248 additions and 123 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
progress.md
View File

@@ -30,6 +30,7 @@
| 2026-05-25 | 6 | coding agent | TDD 实现智能体草稿校验、diff、hash 冲突检测、备份和原子写回 | 完成;待最终全量验证 |
| 2026-05-25 | 6 | spec review | 规格审查未通过TOML 字符串解析错误泄漏英文 `invalid syntax` | coding agent 按 blocking 范围修复 |
| 2026-05-25 | 6 | security review | 安全审查未通过:写回存在 TOCTOU、备份后 CAS 缺失、POST body 无限制、错误响应泄漏路径/英文 | coding agent 按 blocking 范围修复 |
| 2026-05-25 | 6 | security review | 安全复审未通过:复核后到 createBackup/rename 前仍可能重新解析被替换的 `agents` 路径 | coding agent 按 blocking 范围修复 |
## Test Results
@@ -169,6 +170,13 @@
| 2026-05-25 | `cd web && pnpm test` | PASS | Phase 6 安全修复后前端单测验证通过;共 13 个单测 |
| 2026-05-25 | `cd web && pnpm build` | PASS | Phase 6 安全修复后前端生产构建通过 |
| 2026-05-25 | `git diff --check` | PASS | Phase 6 安全修复 whitespace 检查通过 |
| 2026-05-25 | `go test ./internal/agents ./internal/server` | FAIL | TDD 红灯:新增复核后备份前 hook 后缺少 `writebackTestHookAfterVerifyBeforeBackup`,暴露未覆盖窗口 |
| 2026-05-25 | `go test ./internal/agents ./internal/server` | PASS | Phase 6 dirfd 绑定写回目标包测试通过 |
| 2026-05-25 | `go test ./internal/agents ./internal/server` | PASS | Phase 6 dirfd 绑定修复后指定后端目标包验证通过 |
| 2026-05-25 | `go test ./...` | PASS | Phase 6 dirfd 绑定修复后全量 Go 验证通过 |
| 2026-05-25 | `cd web && pnpm test` | PASS | Phase 6 dirfd 绑定修复后前端单测验证通过;共 13 个单测 |
| 2026-05-25 | `cd web && pnpm build` | PASS | Phase 6 dirfd 绑定修复后前端生产构建通过 |
| 2026-05-25 | `git diff --check` | PASS | Phase 6 dirfd 绑定修复 whitespace 检查通过 |
## Bug Loop
@@ -200,3 +208,4 @@
| 6 | TOML 未闭合字符串错误会把 `strconv.Unquote` 的英文 `invalid syntax` 返回给 UI/API | 在 parser 层将字符串字段语法错误包装为中文并带行号List/Validate/Write 增加中文错误断言 | `go test ./internal/agents ./internal/server` PASS |
| 6 | 写回备份/rename 前路径身份可能变化,且备份后并发修改可能被覆盖 | 写回加进程内临界区,记录 agents 目录和目标文件 inode identity备份前和 rename 前复核 identity 与 expectedHash | `go test ./internal/agents ./internal/server` PASS |
| 6 | validate/write POST 可接收超大 body、trailing JSON且错误响应透传路径和英文系统错误 | validate/write 使用 1MiB `MaxBytesReader`、拒绝 trailing JSON并将错误映射为安全中文响应 | `go test ./internal/agents ./internal/server` PASS |
| 6 | 复核后到备份/rename 前仍有父目录路径替换窗口 | 使用 `Openat`/`Renameat` 将目标读取、备份、临时文件和 rename 绑定到已打开的 `agents` 目录 fd并继续复核目录路径身份和目标 hash | `go test ./internal/agents ./internal/server` PASS |