fix: harden agent writeback safety

internal/server/server.go

@@ -3,7 +3,9 @@ package server
 import (
 	"encoding/json"
 	"errors"
+	"io"
 	"net/http"
+	"os"
 	"strings"
 
 	"codex-agent-manager/internal/agents"
@@ -14,6 +16,8 @@ import (
 	"codex-agent-manager/internal/workflow"
 )
 
+const agentDraftBodyLimit = 1 << 20
+
 func New(cfg app.Config) http.Handler {
 	mux := http.NewServeMux()
 	agentStore := agents.Store{CodexHome: cfg.CodexHome}
@@ -129,8 +133,7 @@ func parseAgentActionPath(path string) (string, string, bool) {
 
 func handleAgentValidate(w http.ResponseWriter, r *http.Request, store agents.Store, id string) {
 	var body validateRequest
-	if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
-		writeJSON(w, http.StatusBadRequest, map[string]string{"error": "请求体不是有效 JSON"})
+	if !decodeAgentJSON(w, r, &body) {
 		return
 	}
 	result, err := store.ValidateDraft(id, body.Content)
@@ -143,8 +146,7 @@ func handleAgentValidate(w http.ResponseWriter, r *http.Request, store agents.St
 
 func handleAgentWrite(w http.ResponseWriter, r *http.Request, store agents.Store, id string) {
 	var body writeRequest
-	if err := json.NewDecoder(r.Body).Decode(&body); err != nil {
-		writeJSON(w, http.StatusBadRequest, map[string]string{"error": "请求体不是有效 JSON"})
+	if !decodeAgentJSON(w, r, &body) {
 		return
 	}
 	result, err := store.WriteDraft(id, body.Content, body.ExpectedHash)
@@ -155,14 +157,53 @@ func handleAgentWrite(w http.ResponseWriter, r *http.Request, store agents.Store
 	writeJSON(w, http.StatusOK, result)
 }
 
+func decodeAgentJSON(w http.ResponseWriter, r *http.Request, dest any) bool {
+	r.Body = http.MaxBytesReader(w, r.Body, agentDraftBodyLimit)
+	decoder := json.NewDecoder(r.Body)
+	if err := decoder.Decode(dest); err != nil {
+		writeAgentDecodeError(w, err)
+		return false
+	}
+	var extra any
+	if err := decoder.Decode(&extra); err != io.EOF {
+		if err != nil {
+			writeAgentDecodeError(w, err)
+			return false
+		}
+		writeJSON(w, http.StatusBadRequest, map[string]string{"error": "请求体不是有效 JSON"})
+		return false
+	}
+	return true
+}
+
+func writeAgentDecodeError(w http.ResponseWriter, err error) {
+	var maxBytesErr *http.MaxBytesError
+	if errors.As(err, &maxBytesErr) {
+		writeJSON(w, http.StatusRequestEntityTooLarge, map[string]string{"error": "请求体过大"})
+		return
+	}
+	writeJSON(w, http.StatusBadRequest, map[string]string{"error": "请求体不是有效 JSON"})
+}
+
 func writeAgentError(w http.ResponseWriter, err error) {
 	status := http.StatusBadRequest
+	message := "写回失败"
 	if errors.Is(err, agents.ErrWriteConflict) {
 		status = http.StatusConflict
+		message = "内容已变化，请重新校验"
 	} else if errors.Is(err, codexhome.ErrForbiddenPath) || errors.Is(err, codexhome.ErrOutsideCodexHome) {
 		status = http.StatusForbidden
+		message = "路径不安全"
+	} else if os.IsNotExist(err) {
+		status = http.StatusNotFound
+		message = "目标智能体不存在"
+	} else if strings.Contains(err.Error(), "第 ") ||
+		strings.Contains(err.Error(), "TOML") ||
+		strings.Contains(err.Error(), "字符串字段") ||
+		strings.Contains(err.Error(), "仅支持字符串字段") {
+		message = "TOML 无效：" + err.Error()
 	}
-	writeJSON(w, status, map[string]string{"error": err.Error()})
+	writeJSON(w, status, map[string]string{"error": message})
 }
 
 func writeJSON(w http.ResponseWriter, status int, body any) {