yangyl/codex-agent-manager
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: harden agent writeback safety

Browse Source
This commit is contained in:
Yoilun
2026-05-25 21:26:37 +08:00
parent a01dd36fb0
commit d7b75a1112
6 changed files with 341 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
progress.md
View File

@@ -29,6 +29,7 @@
| 2026-05-25 | 5 | quality review | 代码质量审查未通过:未知后端枚举值会直接进入 UI label | coding agent 按 blocking 范围修复 |
| 2026-05-25 | 6 | coding agent | TDD 实现智能体草稿校验、diff、hash 冲突检测、备份和原子写回 | 完成;待最终全量验证 |
| 2026-05-25 | 6 | spec review | 规格审查未通过TOML 字符串解析错误泄漏英文 `invalid syntax` | coding agent 按 blocking 范围修复 |
| 2026-05-25 | 6 | security review | 安全审查未通过:写回存在 TOCTOU、备份后 CAS 缺失、POST body 无限制、错误响应泄漏路径/英文 | coding agent 按 blocking 范围修复 |
## Test Results
@@ -161,6 +162,13 @@
| 2026-05-25 | `cd web && pnpm test` | PASS | Phase 6 规格修复后前端单测验证通过;共 13 个单测 |
| 2026-05-25 | `cd web && pnpm build` | PASS | Phase 6 规格修复后前端生产构建通过 |
| 2026-05-25 | `git diff --check` | PASS | Phase 6 规格修复 whitespace 检查通过 |
| 2026-05-25 | `go test ./internal/agents ./internal/server` | FAIL | TDD 红灯:缺少写回 hookserver 超大 body 返回 200trailing JSON 返回 200缺失目标泄漏绝对路径和 `no such file` |
| 2026-05-25 | `go test ./internal/agents ./internal/server` | PASS | Phase 6 安全修复目标包测试通过 |
| 2026-05-25 | `go test ./internal/agents ./internal/server` | PASS | Phase 6 安全修复后指定后端目标包验证通过 |
| 2026-05-25 | `go test ./...` | PASS | Phase 6 安全修复后全量 Go 验证通过 |
| 2026-05-25 | `cd web && pnpm test` | PASS | Phase 6 安全修复后前端单测验证通过;共 13 个单测 |
| 2026-05-25 | `cd web && pnpm build` | PASS | Phase 6 安全修复后前端生产构建通过 |
| 2026-05-25 | `git diff --check` | PASS | Phase 6 安全修复 whitespace 检查通过 |
## Bug Loop
@@ -190,3 +198,5 @@
| 6 | 写回可能覆盖校验后用户修改的文件 | validate 返回当前 sha256write 重新读取并比较 expectedHash不匹配返回冲突且不写回 | `go test ./internal/agents ./internal/server` PASS |
| 6 | 无效 TOML 或 unsafe id/symlink 可能进入写回路径 | write 重新执行 TOML 校验id 只允许安全 bare stem拒绝 leaf symlink 和 symlinked agents 目录 | `go test ./internal/agents ./internal/server` PASS |
| 6 | TOML 未闭合字符串错误会把 `strconv.Unquote` 的英文 `invalid syntax` 返回给 UI/API | 在 parser 层将字符串字段语法错误包装为中文并带行号List/Validate/Write 增加中文错误断言 | `go test ./internal/agents ./internal/server` PASS |
| 6 | 写回备份/rename 前路径身份可能变化,且备份后并发修改可能被覆盖 | 写回加进程内临界区,记录 agents 目录和目标文件 inode identity备份前和 rename 前复核 identity 与 expectedHash | `go test ./internal/agents ./internal/server` PASS |
| 6 | validate/write POST 可接收超大 body、trailing JSON且错误响应透传路径和英文系统错误 | validate/write 使用 1MiB `MaxBytesReader`、拒绝 trailing JSON并将错误映射为安全中文响应 | `go test ./internal/agents ./internal/server` PASS |