codex-agent-manager/progress.md

# Progress

## Session Log

| Time | Phase | Actor | Action | Result |
| --- | --- | --- | --- | --- |
| 2026-05-25 | 0 | coding agent | 创建文件化计划和项目基线 | 完成并通过规格审查 |
| 2026-05-25 | 0 | review loop | 质量审查发现 docs/project.md 架构语气和 task_plan.md Phase 0 状态问题 | 已修复：改为目标架构语气，并将 Phase 0 标记为 complete |
| 2026-05-25 | 1 | coding agent | 创建 Go 后端骨架和 Codex home 路径边界 | 已完成；未读取真实 `.codex` 数据文件 |
| 2026-05-25 | 1 | review loop | 代码质量审查发现 symlink 绕过、敏感文件大小写、操作域 resolver、`CODEX_HOME` override 问题 | 已按 TDD 修复，并通过最终门禁 |
| 2026-05-25 | 1 | review loop | 规格复审发现 `ResolveAgentTOML` 可经 `agents/demo.toml -> ../auth.json` symlink 绕过 forbidden 检查 | 已按 TDD 修复，并通过最终门禁 |
| 2026-05-25 | planning | main agent | 修正 task_plan.md 阶段命名，与实施计划 Task 2-7 对齐 | 下一阶段明确为 Agent TOML 只读读取 |
| 2026-05-25 | 2 | coding agent | TDD 实现 Agent TOML 只读读取和 `/api/agents` | 完成；提交 `feat: read codex agent definitions` |
| 2026-05-25 | 2 | spec review | 规格审查未通过：重复键 TOML 可 valid；agent symlink 可读取 root `config.toml` | coding agent 按 blocking 范围修复 |
| 2026-05-25 | 2 | coding agent | TDD 修复 agent TOML parser 和 symlink 边界 | 完成；提交 `fix: validate agent toml boundaries` |
| 2026-05-25 | 2 | spec review | 复审未通过：`agents -> .` 目录 symlink 可读取 root `config.toml` | coding agent 按 blocking 范围修复 |
| 2026-05-25 | 2 | coding agent | TDD 修复 symlinked `agents` 目录边界 | 完成；提交 `fix: reject symlinked agents directory` |

## Test Results

| Time | Command | Result | Notes |
| --- | --- | --- | --- |
| 2026-05-25 | `go test ./internal/codexhome` | FAIL | TDD 红灯：`ResolveInside` 和 `IsForbidden` 未实现 |
| 2026-05-25 | `go test ./internal/codexhome` | PASS | 路径边界测试通过 |
| 2026-05-25 | `go test ./...` | PASS | Go 后端骨架全量测试通过 |
| 2026-05-25 | `go run ./cmd/codex-agent-manager` | PASS_WITH_ESCALATION | 普通 sandbox 监听 `127.0.0.1:18083` 被拒绝；提升权限后后端启动 |
| 2026-05-25 | `curl http://127.0.0.1:18083/api/health` | PASS_WITH_ESCALATION | 普通 sandbox localhost 请求失败；提升权限后返回 `{"status":"ok"}` |
| 2026-05-25 | `git diff --check` | PASS | 无 whitespace error |
| 2026-05-25 | `git status --short` | PASS | 仅本阶段文件变更和新增 |
| 2026-05-25 | `go test ./internal/codexhome` | FAIL | TDD 红灯：新增 `ResolveAgentTOML` 测试后 API 未实现 |
| 2026-05-25 | `go test ./internal/app` | FAIL | TDD 红灯：`CODEX_HOME` override 未生效 |
| 2026-05-25 | `go test ./internal/app` | PASS | `CODEX_HOME` override 和默认 fallback 测试通过 |
| 2026-05-25 | `go test ./internal/codexhome` | PASS | symlink escape、大小写敏感文件、agent TOML scoped resolver 测试通过 |
| 2026-05-25 | `go test ./...` | PASS | 全量 Go 测试通过 |
| 2026-05-25 | `git diff --check` | PASS | 无 whitespace error |
| 2026-05-25 | `git status --short` | PASS | 仅本轮 Phase 1 修复文件变更 |
| 2026-05-25 | `go test ./internal/codexhome` | FAIL | TDD 红灯：`agents/demo.toml -> ../auth.json` symlink 仍返回 nil |
| 2026-05-25 | `go test ./internal/codexhome` | PASS | symlink final target 指向 root `auth.json` 时返回 forbidden error |
| 2026-05-25 | `go test ./...` | PASS | 全量 Go 测试通过 |
| 2026-05-25 | `git diff --check` | PASS | 无 whitespace error |
| 2026-05-25 | `git status --short` | PASS | 仅本轮 Phase 1 symlink target 修复文件变更 |
| 2026-05-25 | `go test ./internal/agents` | FAIL | TDD 红灯：`Store` 未定义，`internal/agents/store_test.go` 先于实现创建 |
| 2026-05-25 | `go test ./internal/agents` | PASS | 读取有效 TOML、坏 TOML 单条 invalid、敏感 symlink 不泄漏内容 |
| 2026-05-25 | `go test ./internal/server` | FAIL | TDD 红灯：`New` 未定义，`/api/agents` handler 测试先于实现创建 |
| 2026-05-25 | `go test ./internal/server` | PASS | `/api/agents` 返回 items，非 GET 返回 405 |
| 2026-05-25 | `go test ./...` | PASS | 全量 Go 测试通过 |
| 2026-05-25 | `go test ./internal/agents` | PASS | Required verification |
| 2026-05-25 | `go test ./...` | PASS | Required verification |
| 2026-05-25 | `git diff --check` | PASS | Required verification |
| 2026-05-25 | `git status --short` | PASS | Required verification；Phase 2 文件待提交 |
| 2026-05-25 | `go test ./internal/agents` | FAIL | TDD 红灯：duplicate key、invalid key、`agents/leak.toml -> ../config.toml` 均被错误报告为 valid/泄漏内容 |
| 2026-05-25 | `go test ./internal/agents` | PASS | duplicate key 和 invalid key 返回 invalid；agent TOML symlink 被拒绝且不读取非 agent TOML |
| 2026-05-25 | `go test ./internal/codexhome` | PASS | Required verification |
| 2026-05-25 | `go test ./...` | PASS | Required verification |
| 2026-05-25 | `git diff --check` | PASS | Required verification |
| 2026-05-25 | `git status --short` | PASS | Required verification；Phase 2 review fix 文件待提交 |
| 2026-05-25 | `go test ./internal/agents` | FAIL | TDD 红灯：`agents -> .` 目录 symlink 将 root `config.toml` 读取为 valid agent 并泄漏 `project-secret` |
| 2026-05-25 | `go test ./internal/agents` | PASS | symlinked `agents` 目录被拒绝；leaf symlink 和 duplicate TOML 回归保持通过 |
| 2026-05-25 | `go test ./...` | PASS | Required verification |
| 2026-05-25 | `git diff --check` | PASS | Required verification |
| 2026-05-25 | `git status --short` | PASS | Required verification；Phase 2 symlinked directory fix 文件待提交 |

## Bug Loop

| Phase | Bug | Fix Attempt | Retest Result |
| --- | --- | --- | --- |
| 1 | `ResolveInside` 可被 `.codex/agents` symlink 指向外部目录绕过 | 检查已存在路径组件，发现 symlink 后使用 `EvalSymlinks` 并确认仍在 evaluated Codex home 内 | `go test ./internal/codexhome` PASS |
| 1 | `AUTH.JSON` 等大小写变体未被敏感文件 denylist 拦截 | 对敏感根文件相对路径做 case-insensitive 匹配 | `go test ./internal/codexhome` PASS |
| 1 | 缺少操作域 resolver，通用 `ResolveInside` 容易误用 | 新增 `ResolveAgentTOML`，只允许 `agents/` 直属 `.toml` 文件名 | `go test ./internal/codexhome` PASS |
| 1 | `docs/project.md` 记录 `CODEX_HOME` 但默认配置未读取 | `DefaultConfig` 增加 `CODEX_HOME` 非空 override | `go test ./internal/app` PASS |
| 1 | `ResolveAgentTOML` 可通过 `agents/*.toml` symlink 指向 root `auth.json` 绕过 forbidden 检查 | 在 symlink 解析后对 evaluated final target 再执行 forbidden 检查 | `go test ./internal/codexhome` PASS |
| 2 | Agent TOML parser 对重复键使用 map 覆盖，且未校验 bare key | 增加 duplicate key 和 invalid key 检测，遇到 malformed TOML 返回单条 invalid | `go test ./internal/agents` PASS |
| 2 | Agent symlink 只校验最终路径在 Codex home 内，可读取 root `config.toml` | 在 agent store 层拒绝 `.toml` symlink，避免读取非 agent TOML 内容 | `go test ./internal/agents` PASS |
| 2 | `agents` 目录 symlink 会让枚举逻辑读取 Codex home root 的 `.toml` 文件 | 在 `Store.List` 对 lexical `CodexHome/agents` 先 `Lstat`，发现 symlink 直接返回 forbidden error | `go test ./internal/agents` PASS |