feat: read codex agent definitions

2026-05-25 16:39:35 +08:00
parent c67d5a33ad
commit fee920a895
9 changed files with 383 additions and 9 deletions
--- a/cmd/codex-agent-manager/main.go
+++ b/cmd/codex-agent-manager/main.go
@@ -5,17 +5,13 @@ import (
 	"net/http"
 	"codex-agent-manager/internal/app"
 	"codex-agent-manager/internal/server"
 )
 func main() {
 	cfg := app.DefaultConfig()
 	mux := http.NewServeMux()
 	mux.HandleFunc("/api/health", func(w http.ResponseWriter, r *http.Request) {
 		w.Header().Set("Content-Type", "application/json")
 		_, _ = w.Write([]byte(`{"status":"ok"}`))
 	})
 	fmt.Printf("Codex 智能体管理台监听 http://%s\n", cfg.HTTPAddr)
-	if err := http.ListenAndServe(cfg.HTTPAddr, mux); err != nil {
+	if err := http.ListenAndServe(cfg.HTTPAddr, server.New(cfg)); err != nil {
 		panic(err)
 	}
 }
--- a/docs/project.md
+++ b/docs/project.md
@@ -6,7 +6,7 @@
 ## Target Architecture
-计划架构为：Go 后端提供 localhost HTTP API，Vue 3 + Vite 前端提供中文工作台界面。目标后端将只读访问 Codex SQLite 状态库，安全读取 `.codex` 配置，并仅在用户确认后写回 `.codex/agents/*.toml`。
+计划架构为：Go 后端提供 localhost HTTP API，Vue 3 + Vite 前端提供中文工作台界面。当前后端已提供健康检查和 `.codex/agents/*.toml` 只读读取；目标后端将继续增加只读 SQLite 状态库、安全读取项目配置，并仅在用户确认后写回 `.codex/agents/*.toml`。
 ## Configuration
@@ -28,12 +28,18 @@ go run ./cmd/codex-agent-manager
 curl http://127.0.0.1:18083/api/health
 ```
 读取智能体定义：
 ```bash
 curl http://127.0.0.1:18083/api/agents
 ```
 ## Security Boundaries
 - 不读取 `.codex/auth.json`。
 - 不写入 Codex SQLite。
 - `.codex/agents/*.toml` 写回必须先备份。
- 当前后端骨架只实现健康检查和 Codex home 路径边界函数，尚未读取真实 `.codex` 数据文件。
+- 当前 `/api/agents` 只读列出 `.codex/agents` 直属 `.toml` 文件，读取前通过 Codex home 边界和 agent TOML 专用 resolver；坏 TOML 以单条 `invalid` 状态返回，不导致服务崩溃。
 ## Known Risks
--- a/internal/agents/model.go
+++ b/internal/agents/model.go
@@ -0,0 +1,17 @@
 package agents
 import "time"
 type AgentDefinition struct {
 	ID                    string            `json:"id"`
 	FilePath              string            `json:"filePath"`
 	FileName              string            `json:"fileName"`
 	Name                  string            `json:"name"`
 	Description           string            `json:"description"`
 	DeveloperInstructions string            `json:"developerInstructions"`
 	ExtraFields           map[string]string `json:"extraFields"`
 	ModifiedAt            time.Time         `json:"modifiedAt"`
 	ParseStatus           string            `json:"parseStatus"`
 	ParseError            string            `json:"parseError,omitempty"`
 	DraftStatus           string            `json:"draftStatus"`
 }
--- a/internal/agents/store.go
+++ b/internal/agents/store.go
@@ -0,0 +1,148 @@
 package agents
 import (
 	"bufio"
 	"errors"
 	"fmt"
 	"os"
 	"path/filepath"
 	"sort"
 	"strconv"
 	"strings"
 	"codex-agent-manager/internal/codexhome"
 )
 type Store struct {
 	CodexHome string
 }
 func (s Store) List() ([]AgentDefinition, error) {
 	agentsDir, err := codexhome.ResolveInside(s.CodexHome, "agents")
 	if err != nil {
 		return nil, err
 	}
 	entries, err := os.ReadDir(agentsDir)
 	if err != nil {
 		if os.IsNotExist(err) {
 			return []AgentDefinition{}, nil
 		}
 		return nil, err
 	}
 	sort.Slice(entries, func(i, j int) bool {
 		return entries[i].Name() < entries[j].Name()
 	})
 	result := make([]AgentDefinition, 0, len(entries))
 	for _, entry := range entries {
 		if entry.IsDir() || !strings.HasSuffix(strings.ToLower(entry.Name()), ".toml") {
 			continue
 		}
 		result = append(result, s.readOne(entry.Name()))
 	}
 	return result, nil
 }
 func (s Store) readOne(fileName string) AgentDefinition {
 	path := filepath.Join(s.CodexHome, "agents", fileName)
 	def := AgentDefinition{
 		ID:          strings.TrimSuffix(fileName, filepath.Ext(fileName)),
 		FilePath:    path,
 		FileName:    fileName,
 		ParseStatus: "valid",
 		DraftStatus: "clean",
 		ExtraFields: map[string]string{},
 	}
 	safePath, err := codexhome.ResolveAgentTOML(s.CodexHome, fileName)
 	if err != nil {
 		def.ParseStatus = "invalid"
 		def.ParseError = err.Error()
 		return def
 	}
 	info, statErr := os.Stat(safePath)
 	if statErr == nil {
 		def.ModifiedAt = info.ModTime()
 	}
 	data, err := os.ReadFile(safePath)
 	if err != nil {
 		def.ParseStatus = "invalid"
 		def.ParseError = err.Error()
 		return def
 	}
 	values, err := parseSimpleTOML(string(data))
 	if err != nil {
 		def.ParseStatus = "invalid"
 		def.ParseError = err.Error()
 		return def
 	}
 	def.Name = values["name"]
 	def.Description = values["description"]
 	def.DeveloperInstructions = values["developer_instructions"]
 	for key, value := range values {
 		if key == "name" || key == "description" || key == "developer_instructions" {
 			continue
 		}
 		def.ExtraFields[key] = value
 	}
 	return def
 }
 func parseSimpleTOML(input string) (map[string]string, error) {
 	values := map[string]string{}
 	scanner := bufio.NewScanner(strings.NewReader(input))
 	lineNumber := 0
 	for scanner.Scan() {
 		lineNumber++
 		line := strings.TrimSpace(scanner.Text())
 		if line == "" || strings.HasPrefix(line, "#") {
 			continue
 		}
 		parts := strings.SplitN(line, "=", 2)
 		if len(parts) != 2 {
 			return values, fmt.Errorf("第 %d 行不是有效的键值字段", lineNumber)
 		}
 		key := strings.TrimSpace(parts[0])
 		raw := strings.TrimSpace(parts[1])
 		if key == "" {
 			return values, fmt.Errorf("第 %d 行缺少字段名", lineNumber)
 		}
 		value, err := parseTOMLString(raw, scanner)
 		if err != nil {
 			return values, err
 		}
 		values[key] = value
 	}
 	if err := scanner.Err(); err != nil {
 		return values, err
 	}
 	return values, nil
 }
 func parseTOMLString(raw string, scanner *bufio.Scanner) (string, error) {
 	if strings.HasPrefix(raw, `"""`) {
 		block := strings.TrimPrefix(raw, `"""`)
 		for !strings.Contains(block, `"""`) && scanner.Scan() {
 			block += "\n" + scanner.Text()
 		}
 		if !strings.Contains(block, `"""`) {
 			return "", errors.New("未闭合的多行字符串")
 		}
 		value, trailing, _ := strings.Cut(block, `"""`)
 		if strings.TrimSpace(trailing) != "" {
 			return "", errors.New("多行字符串后存在不支持的内容")
 		}
 		return value, nil
 	}
 	if !strings.HasPrefix(raw, `"`) {
 		return "", errors.New("仅支持字符串字段")
 	}
 	value, err := strconv.Unquote(raw)
 	if err != nil {
 		return "", err
 	}
 	return value, nil
 }
--- a/internal/agents/store_test.go
+++ b/internal/agents/store_test.go
@@ -0,0 +1,102 @@
 package agents
 import (
 	"os"
 	"path/filepath"
 	"strings"
 	"testing"
 )
 func TestListAgentsReadsTomlFiles(t *testing.T) {
 	root := t.TempDir()
 	agentsDir := filepath.Join(root, "agents")
 	if err := os.MkdirAll(agentsDir, 0o755); err != nil {
 		t.Fatal(err)
 	}
 	content := `name = "产品经理"
 description = "负责产品定义"
 developer_instructions = """
 用中文定义产品需求。
 """
 role = "planning"
 `
 	if err := os.WriteFile(filepath.Join(agentsDir, "product-manager.toml"), []byte(content), 0o644); err != nil {
 		t.Fatal(err)
 	}
 	store := Store{CodexHome: root}
 	got, err := store.List()
 	if err != nil {
 		t.Fatalf("List returned error: %v", err)
 	}
 	if len(got) != 1 {
 		t.Fatalf("agent count = %d, want 1", len(got))
 	}
 	if got[0].ID != "product-manager" || got[0].FileName != "product-manager.toml" {
 		t.Fatalf("unexpected agent identity: %#v", got[0])
 	}
 	if got[0].Name != "产品经理" || got[0].Description != "负责产品定义" {
 		t.Fatalf("unexpected agent fields: %#v", got[0])
 	}
 	if strings.TrimSpace(got[0].DeveloperInstructions) != "用中文定义产品需求。" {
 		t.Fatalf("unexpected developer instructions: %q", got[0].DeveloperInstructions)
 	}
 	if got[0].ExtraFields["role"] != "planning" {
 		t.Fatalf("unexpected extra fields: %#v", got[0].ExtraFields)
 	}
 	if got[0].ParseStatus != "valid" || got[0].DraftStatus != "clean" {
 		t.Fatalf("unexpected statuses: %#v", got[0])
 	}
 }
 func TestListAgentsReportsParseError(t *testing.T) {
 	root := t.TempDir()
 	agentsDir := filepath.Join(root, "agents")
 	if err := os.MkdirAll(agentsDir, 0o755); err != nil {
 		t.Fatal(err)
 	}
 	if err := os.WriteFile(filepath.Join(agentsDir, "bad.toml"), []byte(`name = "`), 0o644); err != nil {
 		t.Fatal(err)
 	}
 	store := Store{CodexHome: root}
 	got, err := store.List()
 	if err != nil {
 		t.Fatalf("List should return parse status, not fatal error: %v", err)
 	}
 	if len(got) != 1 {
 		t.Fatalf("agent count = %d, want 1", len(got))
 	}
 	if got[0].ParseStatus != "invalid" || got[0].ParseError == "" {
 		t.Fatalf("expected invalid parse status, got %#v", got[0])
 	}
 }
 func TestListAgentsRejectsSensitiveSymlinkTargets(t *testing.T) {
 	root := t.TempDir()
 	agentsDir := filepath.Join(root, "agents")
 	if err := os.MkdirAll(agentsDir, 0o755); err != nil {
 		t.Fatal(err)
 	}
 	if err := os.WriteFile(filepath.Join(root, "auth.json"), []byte(`name = "secret"`), 0o600); err != nil {
 		t.Fatal(err)
 	}
 	if err := os.Symlink("../auth.json", filepath.Join(agentsDir, "leak.toml")); err != nil {
 		t.Fatal(err)
 	}
 	store := Store{CodexHome: root}
 	got, err := store.List()
 	if err != nil {
 		t.Fatalf("List should report unsafe files per item, not fatal error: %v", err)
 	}
 	if len(got) != 1 {
 		t.Fatalf("agent count = %d, want 1", len(got))
 	}
 	if got[0].ParseStatus != "invalid" {
 		t.Fatalf("expected unsafe symlink to be invalid, got %#v", got[0])
 	}
 	if strings.Contains(got[0].Name, "secret") || strings.Contains(got[0].ParseError, "secret") {
 		t.Fatalf("sensitive file content leaked: %#v", got[0])
 	}
 }
--- a/internal/server/server.go
+++ b/internal/server/server.go
@@ -0,0 +1,37 @@
 package server
 import (
 	"encoding/json"
 	"net/http"
 	"codex-agent-manager/internal/agents"
 	"codex-agent-manager/internal/app"
 )
 func New(cfg app.Config) http.Handler {
 	mux := http.NewServeMux()
 	agentStore := agents.Store{CodexHome: cfg.CodexHome}
 	mux.HandleFunc("/api/health", func(w http.ResponseWriter, r *http.Request) {
 		writeJSON(w, http.StatusOK, map[string]string{"status": "ok"})
 	})
 	mux.HandleFunc("/api/agents", func(w http.ResponseWriter, r *http.Request) {
 		if r.Method != http.MethodGet {
 			writeJSON(w, http.StatusMethodNotAllowed, map[string]string{"error": "方法不允许"})
 			return
 		}
 		items, err := agentStore.List()
 		if err != nil {
 			writeJSON(w, http.StatusInternalServerError, map[string]string{"error": err.Error()})
 			return
 		}
 		writeJSON(w, http.StatusOK, map[string]any{"items": items})
 	})
 	return mux
 }
 func writeJSON(w http.ResponseWriter, status int, body any) {
 	w.Header().Set("Content-Type", "application/json")
 	w.WriteHeader(status)
 	_ = json.NewEncoder(w).Encode(body)
 }
--- a/internal/server/server_test.go
+++ b/internal/server/server_test.go
@@ -0,0 +1,58 @@
 package server
 import (
 	"encoding/json"
 	"net/http"
 	"net/http/httptest"
 	"os"
 	"path/filepath"
 	"testing"
 	"codex-agent-manager/internal/app"
 )
 func TestAgentsEndpointReturnsAgentItems(t *testing.T) {
 	root := t.TempDir()
 	agentsDir := filepath.Join(root, "agents")
 	if err := os.MkdirAll(agentsDir, 0o755); err != nil {
 		t.Fatal(err)
 	}
 	content := `name = "代码员"
 description = "负责实现"
 `
 	if err := os.WriteFile(filepath.Join(agentsDir, "coder.toml"), []byte(content), 0o644); err != nil {
 		t.Fatal(err)
 	}
 	req := httptest.NewRequest(http.MethodGet, "/api/agents", nil)
 	rec := httptest.NewRecorder()
 	New(app.Config{CodexHome: root, HTTPAddr: "127.0.0.1:0"}).ServeHTTP(rec, req)
 	if rec.Code != http.StatusOK {
 		t.Fatalf("status = %d, body = %s", rec.Code, rec.Body.String())
 	}
 	var body struct {
 		Items []struct {
 			ID          string `json:"id"`
 			Name        string `json:"name"`
 			Description string `json:"description"`
 			ParseStatus string `json:"parseStatus"`
 		} `json:"items"`
 	}
 	if err := json.Unmarshal(rec.Body.Bytes(), &body); err != nil {
 		t.Fatalf("invalid json: %v", err)
 	}
 	if len(body.Items) != 1 || body.Items[0].Name != "代码员" || body.Items[0].ParseStatus != "valid" {
 		t.Fatalf("unexpected response: %#v", body)
 	}
 }
 func TestAgentsEndpointRejectsUnsupportedMethod(t *testing.T) {
 	req := httptest.NewRequest(http.MethodPost, "/api/agents", nil)
 	rec := httptest.NewRecorder()
 	New(app.Config{CodexHome: t.TempDir(), HTTPAddr: "127.0.0.1:0"}).ServeHTTP(rec, req)
 	if rec.Code != http.StatusMethodNotAllowed {
 		t.Fatalf("status = %d, want %d", rec.Code, http.StatusMethodNotAllowed)
 	}
 }
--- a/progress.md
+++ b/progress.md
@@ -10,6 +10,7 @@
 | 2026-05-25 | 1 | review loop | 代码质量审查发现 symlink 绕过、敏感文件大小写、操作域 resolver、`CODEX_HOME` override 问题 | 已按 TDD 修复，并通过最终门禁 |
 | 2026-05-25 | 1 | review loop | 规格复审发现 `ResolveAgentTOML` 可经 `agents/demo.toml -> ../auth.json` symlink 绕过 forbidden 检查 | 已按 TDD 修复，并通过最终门禁 |
 | 2026-05-25 | planning | main agent | 修正 task_plan.md 阶段命名，与实施计划 Task 2-7 对齐 | 下一阶段明确为 Agent TOML 只读读取 |
 | 2026-05-25 | 2 | coding agent | TDD 实现 Agent TOML 只读读取和 `/api/agents` | 完成；提交 `feat: read codex agent definitions` |
 ## Test Results
@@ -34,6 +35,15 @@
 | 2026-05-25 | `go test ./...` | PASS | 全量 Go 测试通过 |
 | 2026-05-25 | `git diff --check` | PASS | 无 whitespace error |
 | 2026-05-25 | `git status --short` | PASS | 仅本轮 Phase 1 symlink target 修复文件变更 |
 | 2026-05-25 | `go test ./internal/agents` | FAIL | TDD 红灯：`Store` 未定义，`internal/agents/store_test.go` 先于实现创建 |
 | 2026-05-25 | `go test ./internal/agents` | PASS | 读取有效 TOML、坏 TOML 单条 invalid、敏感 symlink 不泄漏内容 |
 | 2026-05-25 | `go test ./internal/server` | FAIL | TDD 红灯：`New` 未定义，`/api/agents` handler 测试先于实现创建 |
 | 2026-05-25 | `go test ./internal/server` | PASS | `/api/agents` 返回 items，非 GET 返回 405 |
 | 2026-05-25 | `go test ./...` | PASS | 全量 Go 测试通过 |
 | 2026-05-25 | `go test ./internal/agents` | PASS | Required verification |
 | 2026-05-25 | `go test ./...` | PASS | Required verification |
 | 2026-05-25 | `git diff --check` | PASS | Required verification |
 | 2026-05-25 | `git status --short` | PASS | Required verification；Phase 2 文件待提交 |
 ## Bug Loop
--- a/task_plan.md
+++ b/task_plan.md
@@ -19,7 +19,7 @@
 | --- | --- | --- | --- |
 | 0 | complete | 项目初始化与风险边界 | 计划文件存在；安全边界明确；不读取 auth.json；不改 .codex |
 | 1 | complete | Go 项目骨架和安全边界 | 后端健康检查可运行；Codex home 路径边界有测试；未读取真实 `.codex` 数据 |
-| 2 | pending | Agent TOML 只读读取 | 能安全读取 `.codex/agents/*.toml`；坏 TOML 不导致崩溃；提供 `/api/agents` |
+| 2 | complete | Agent TOML 只读读取 | 能安全读取 `.codex/agents/*.toml`；坏 TOML 不导致崩溃；提供 `/api/agents` |
 | 3 | pending | 项目配置、运行线程和工作流模型 | 能读取 projects、threads、spawn edges、goals；状态含来源/置信度；工作流不写死固定流程 |
 | 4 | pending | 中文 UI 只读工作台 | 项目/工作流/智能体视图可浏览；空数据可用 |
 | 5 | pending | API 集成和只读数据显示 | 前端连接只读 API；显示真实 agent 数据和错误状态 |