231 lines
28 KiB
Markdown
231 lines
28 KiB
Markdown
# Progress
|
||
|
||
## Session Log
|
||
|
||
| Time | Phase | Actor | Action | Result |
|
||
| --- | --- | --- | --- | --- |
|
||
| 2026-05-25 | 0 | coding agent | 创建文件化计划和项目基线 | 完成并通过规格审查 |
|
||
| 2026-05-25 | 0 | review loop | 质量审查发现 docs/project.md 架构语气和 task_plan.md Phase 0 状态问题 | 已修复:改为目标架构语气,并将 Phase 0 标记为 complete |
|
||
| 2026-05-25 | 1 | coding agent | 创建 Go 后端骨架和 Codex home 路径边界 | 已完成;未读取真实 `.codex` 数据文件 |
|
||
| 2026-05-25 | 1 | review loop | 代码质量审查发现 symlink 绕过、敏感文件大小写、操作域 resolver、`CODEX_HOME` override 问题 | 已按 TDD 修复,并通过最终门禁 |
|
||
| 2026-05-25 | 1 | review loop | 规格复审发现 `ResolveAgentTOML` 可经 `agents/demo.toml -> ../auth.json` symlink 绕过 forbidden 检查 | 已按 TDD 修复,并通过最终门禁 |
|
||
| 2026-05-25 | planning | main agent | 修正 task_plan.md 阶段命名,与实施计划 Task 2-7 对齐 | 下一阶段明确为 Agent TOML 只读读取 |
|
||
| 2026-05-25 | 2 | coding agent | TDD 实现 Agent TOML 只读读取和 `/api/agents` | 完成;提交 `feat: read codex agent definitions` |
|
||
| 2026-05-25 | 2 | spec review | 规格审查未通过:重复键 TOML 可 valid;agent symlink 可读取 root `config.toml` | coding agent 按 blocking 范围修复 |
|
||
| 2026-05-25 | 2 | coding agent | TDD 修复 agent TOML parser 和 symlink 边界 | 完成;提交 `fix: validate agent toml boundaries` |
|
||
| 2026-05-25 | 2 | spec review | 复审未通过:`agents -> .` 目录 symlink 可读取 root `config.toml` | coding agent 按 blocking 范围修复 |
|
||
| 2026-05-25 | 2 | coding agent | TDD 修复 symlinked `agents` 目录边界 | 完成;提交 `fix: reject symlinked agents directory` |
|
||
| 2026-05-25 | 3 | coding agent | TDD 实现项目配置、运行线程和动态工作流只读模型 | 完成;新增 `/api/projects`、`/api/runtime/threads`、`/api/workflow/events` |
|
||
| 2026-05-25 | 3 | spec review | 规格审查未通过:SQLite 依赖提升 Go 下限到 1.25;单侧 DB 缺失来源证据不足 | coding agent 按 blocking 范围修复 |
|
||
| 2026-05-25 | 3 | quality review | 代码质量审查未通过:SQLite schema drift 可导致 500、`partial` 置信度不在契约内、workflow nil Runtime panic | coding agent 按 blocking 范围修复 |
|
||
| 2026-05-25 | 4 | coding agent | 实现 Vue 中文只读工作台外壳 | 完成;提交 `feat: add chinese vue workbench shell` |
|
||
| 2026-05-25 | 4 | spec review | 规格审查未通过:状态徽标和部分视图直接展示 `local_sample`、`low` 等内部英文值 | 已修复为中文来源和置信度展示 |
|
||
| 2026-05-25 | 5 | coding agent | 接入前端只读 API,显示真实 projects/runtime/workflow/agents 数据 | 完成;提交 `feat: connect frontend readonly apis` |
|
||
| 2026-05-25 | 5 | spec review | 规格审查未通过:valid agent TOML 状态不明显,且存在 `handoffEdges`、`主 agent`、`developer_instructions` 可见文案 | coding agent 已按范围修复 |
|
||
| 2026-05-25 | 5 | spec review | 复审未通过:空状态仍显示英文 `agent`,设置页显示 `Codex home` | 已修复为“智能体”和“Codex 主目录” |
|
||
| 2026-05-25 | 4 | coding agent | 创建 Vue 3 + Vite 中文只读前端工作台,包含五个 tabs、静态示例数据、来源/置信度和空状态 | 完成;未接入真实 API,未提供写回入口 |
|
||
| 2026-05-25 | 5 | coding agent | TDD 接入前端只读 API client、normalizer 和项目/工作流/智能体真实数据视图 | 完成;提交前已通过测试、构建和本地接口 smoke 验证 |
|
||
| 2026-05-25 | 5 | spec review | 规格审查未通过:valid agent 状态不明确,工作流和 agent 只读文案仍含内部英文 | coding agent 按 blocking 范围修复 |
|
||
| 2026-05-25 | 5 | quality review | 代码质量审查未通过:未知后端枚举值会直接进入 UI label | coding agent 按 blocking 范围修复 |
|
||
| 2026-05-25 | 6 | coding agent | TDD 实现智能体草稿校验、diff、hash 冲突检测、备份和原子写回 | 完成;待最终全量验证 |
|
||
| 2026-05-25 | 6 | spec review | 规格审查未通过:TOML 字符串解析错误泄漏英文 `invalid syntax` | coding agent 按 blocking 范围修复 |
|
||
| 2026-05-25 | 6 | security review | 安全审查未通过:写回存在 TOCTOU、备份后 CAS 缺失、POST body 无限制、错误响应泄漏路径/英文 | coding agent 按 blocking 范围修复 |
|
||
| 2026-05-25 | 6 | security review | 安全复审未通过:复核后到 createBackup/rename 前仍可能重新解析被替换的 `agents` 路径 | coding agent 按 blocking 范围修复 |
|
||
| 2026-05-25 | 7 | coding agent | 新增 README,并更新 docs/project.md、task_plan.md、findings.md 的最终状态和安全边界 | 完成;浏览器截图验证待主智能体执行 |
|
||
| 2026-05-25 | 7 | coding agent | 运行阶段 7 完整验证命令 | Go 全量测试、非缓存测试、前端单测、前端构建和 whitespace 检查均通过 |
|
||
|
||
## Test Results
|
||
|
||
| Time | Command | Result | Notes |
|
||
| --- | --- | --- | --- |
|
||
| 2026-05-25 | `go test ./internal/codexhome` | FAIL | TDD 红灯:`ResolveInside` 和 `IsForbidden` 未实现 |
|
||
| 2026-05-25 | `go test ./internal/codexhome` | PASS | 路径边界测试通过 |
|
||
| 2026-05-25 | `go test ./...` | PASS | Go 后端骨架全量测试通过 |
|
||
| 2026-05-25 | `go run ./cmd/codex-agent-manager` | PASS_WITH_ESCALATION | 普通 sandbox 监听 `127.0.0.1:18083` 被拒绝;提升权限后后端启动 |
|
||
| 2026-05-25 | `curl http://127.0.0.1:18083/api/health` | PASS_WITH_ESCALATION | 普通 sandbox localhost 请求失败;提升权限后返回 `{"status":"ok"}` |
|
||
| 2026-05-25 | `git diff --check` | PASS | 无 whitespace error |
|
||
| 2026-05-25 | `git status --short` | PASS | 仅本阶段文件变更和新增 |
|
||
| 2026-05-25 | `go test ./internal/codexhome` | FAIL | TDD 红灯:新增 `ResolveAgentTOML` 测试后 API 未实现 |
|
||
| 2026-05-25 | `go test ./internal/app` | FAIL | TDD 红灯:`CODEX_HOME` override 未生效 |
|
||
| 2026-05-25 | `go test ./internal/app` | PASS | `CODEX_HOME` override 和默认 fallback 测试通过 |
|
||
| 2026-05-25 | `go test ./internal/codexhome` | PASS | symlink escape、大小写敏感文件、agent TOML scoped resolver 测试通过 |
|
||
| 2026-05-25 | `go test ./...` | PASS | 全量 Go 测试通过 |
|
||
| 2026-05-25 | `git diff --check` | PASS | 无 whitespace error |
|
||
| 2026-05-25 | `git status --short` | PASS | 仅本轮 Phase 1 修复文件变更 |
|
||
| 2026-05-25 | `go test ./internal/codexhome` | FAIL | TDD 红灯:`agents/demo.toml -> ../auth.json` symlink 仍返回 nil |
|
||
| 2026-05-25 | `go test ./internal/codexhome` | PASS | symlink final target 指向 root `auth.json` 时返回 forbidden error |
|
||
| 2026-05-25 | `go test ./...` | PASS | 全量 Go 测试通过 |
|
||
| 2026-05-25 | `git diff --check` | PASS | 无 whitespace error |
|
||
| 2026-05-25 | `git status --short` | PASS | 仅本轮 Phase 1 symlink target 修复文件变更 |
|
||
| 2026-05-25 | `go test ./internal/agents` | FAIL | TDD 红灯:`Store` 未定义,`internal/agents/store_test.go` 先于实现创建 |
|
||
| 2026-05-25 | `go test ./internal/agents` | PASS | 读取有效 TOML、坏 TOML 单条 invalid、敏感 symlink 不泄漏内容 |
|
||
| 2026-05-25 | `go test ./internal/server` | FAIL | TDD 红灯:`New` 未定义,`/api/agents` handler 测试先于实现创建 |
|
||
| 2026-05-25 | `go test ./internal/server` | PASS | `/api/agents` 返回 items,非 GET 返回 405 |
|
||
| 2026-05-25 | `go test ./...` | PASS | 全量 Go 测试通过 |
|
||
| 2026-05-25 | `go test ./internal/agents` | PASS | Required verification |
|
||
| 2026-05-25 | `go test ./...` | PASS | Required verification |
|
||
| 2026-05-25 | `git diff --check` | PASS | Required verification |
|
||
| 2026-05-25 | `git status --short` | PASS | Required verification;Phase 2 文件待提交 |
|
||
| 2026-05-25 | `go test ./internal/agents` | FAIL | TDD 红灯:duplicate key、invalid key、`agents/leak.toml -> ../config.toml` 均被错误报告为 valid/泄漏内容 |
|
||
| 2026-05-25 | `go test ./internal/agents` | PASS | duplicate key 和 invalid key 返回 invalid;agent TOML symlink 被拒绝且不读取非 agent TOML |
|
||
| 2026-05-25 | `go test ./internal/codexhome` | PASS | Required verification |
|
||
| 2026-05-25 | `go test ./...` | PASS | Required verification |
|
||
| 2026-05-25 | `git diff --check` | PASS | Required verification |
|
||
| 2026-05-25 | `git status --short` | PASS | Required verification;Phase 2 review fix 文件待提交 |
|
||
| 2026-05-25 | `go test ./internal/agents` | FAIL | TDD 红灯:`agents -> .` 目录 symlink 将 root `config.toml` 读取为 valid agent 并泄漏 `project-secret` |
|
||
| 2026-05-25 | `go test ./internal/agents` | PASS | symlinked `agents` 目录被拒绝;leaf symlink 和 duplicate TOML 回归保持通过 |
|
||
| 2026-05-25 | `go test ./...` | PASS | Required verification |
|
||
| 2026-05-25 | `git diff --check` | PASS | Required verification |
|
||
| 2026-05-25 | `git status --short` | PASS | Required verification;Phase 2 symlinked directory fix 文件待提交 |
|
||
| 2026-05-25 | `go test ./internal/projects` | FAIL | TDD 红灯:`Store` 未定义 |
|
||
| 2026-05-25 | `go test ./internal/workflow` | FAIL | TDD 红灯:runtime 包无实现文件 |
|
||
| 2026-05-25 | `go test ./internal/server` | FAIL | TDD 红灯:Phase 3 API 端点返回 404/405 不符合预期 |
|
||
| 2026-05-25 | `go test ./internal/runtime` | FAIL | TDD 红灯:缺少 `modernc.org/sqlite` 依赖 |
|
||
| 2026-05-25 | `go get modernc.org/sqlite` | PASS_WITH_ESCALATION | 普通 sandbox 因代理连接权限失败;提升权限后下载纯 Go SQLite 驱动 |
|
||
| 2026-05-25 | `go test ./internal/projects` | PASS | projects config 解析、稳定排序、缺失 config 空列表通过 |
|
||
| 2026-05-25 | `go test ./internal/runtime` | PASS | SQLite 缺失空快照;临时 SQLite 只读读取 threads、edges、goals 通过 |
|
||
| 2026-05-25 | `go test ./internal/workflow` | PASS | 任意角色 edge/goal/plan file 生成动态事件和阶段证据通过 |
|
||
| 2026-05-25 | `go test ./internal/server` | PASS | Phase 3 GET 端点与非 GET 405 通过 |
|
||
| 2026-05-25 | `go test ./...` | PASS | 全量 Go 测试通过 |
|
||
| 2026-05-25 | `git diff --check` | PASS | Phase 3 whitespace 检查通过 |
|
||
| 2026-05-25 | `go test -count=1 ./...` | PASS | Phase 3 非缓存全量 Go 测试通过 |
|
||
| 2026-05-25 | `go test ./internal/runtime` | FAIL | TDD 红灯:新增单侧 SQLite 缺失测试后 `Snapshot.Sources` 未定义 |
|
||
| 2026-05-25 | `go test ./internal/runtime` | FAIL | TDD 红灯:`go.mod` 仍为 `go 1.25.0` |
|
||
| 2026-05-25 | `go list -m -versions modernc.org/sqlite` | PASS_WITH_ESCALATION | 检查可用 SQLite 驱动版本 |
|
||
| 2026-05-25 | `go list -m -json modernc.org/sqlite@v1.35.0` | PASS | 确认该版本 `GoVersion` 为 `1.21`,可用于 Go 1.22 目标 |
|
||
| 2026-05-25 | `go get modernc.org/sqlite@v1.35.0` | PASS_WITH_ESCALATION | 降级 SQLite 驱动版本 |
|
||
| 2026-05-25 | `go mod tidy` | PASS_WITH_ESCALATION | 移除 Go 1.25 间接依赖 pin,恢复 `go 1.22` |
|
||
| 2026-05-25 | `go test ./internal/server` | FAIL | TDD 红灯:runtime API 未返回分数据源 `sources` |
|
||
| 2026-05-25 | `go test ./internal/runtime` | PASS | 单侧 state/goals 缺失和 Go 1.22 module 兼容测试通过 |
|
||
| 2026-05-25 | `go test ./internal/server` | PASS | runtime API 返回 `source` 和分数据源 `sources` |
|
||
| 2026-05-25 | `git diff --check` | PASS | Phase 3 review fix whitespace 检查通过 |
|
||
| 2026-05-25 | `go test ./...` | PASS | Phase 3 review fix 全量 Go 测试通过 |
|
||
| 2026-05-25 | `go test -count=1 ./...` | PASS | Phase 3 review fix 非缓存全量 Go 测试通过 |
|
||
| 2026-05-25 | `go test ./internal/runtime ./internal/workflow` | FAIL | TDD 红灯:`partial` 置信度、缺可选列、NULL、缺关键列和 nil Runtime 均复现失败 |
|
||
| 2026-05-25 | `go test ./internal/runtime ./internal/workflow` | PASS | schema-aware SQLite 读取和 nil Runtime 空视图通过 |
|
||
| 2026-05-25 | `go test ./internal/server` | PASS | runtime API 的 `sqlite_partial` 置信度更新为 `medium` |
|
||
| 2026-05-25 | `go test ./internal/runtime ./internal/workflow ./internal/server` | PASS | Phase 3 quality fix 目标包测试通过 |
|
||
| 2026-05-25 | `go test ./...` | PASS | Phase 3 quality fix 全量 Go 测试通过 |
|
||
| 2026-05-25 | `go test -count=1 ./...` | PASS | Phase 3 quality fix 非缓存全量 Go 测试通过 |
|
||
| 2026-05-25 | `go vet ./...` | PASS | Phase 3 quality fix vet 通过 |
|
||
| 2026-05-25 | `gofmt -l internal/runtime internal/workflow internal/server internal/projects internal/app cmd` | PASS | 无需格式化输出 |
|
||
| 2026-05-25 | `git diff --check` | PASS | Phase 3 quality fix whitespace 检查通过 |
|
||
| 2026-05-25 | `pnpm install` | PASS | 在 `web/` 安装 Vue/Vite 依赖,生成 `pnpm-lock.yaml` |
|
||
| 2026-05-25 | `pnpm build` | PASS | Vite production build 通过 |
|
||
| 2026-05-25 | `pnpm dev` | PASS | Vite dev server 启动于 `http://127.0.0.1:13083/` |
|
||
| 2026-05-25 | `curl -I http://127.0.0.1:13083/` | PASS | 本地前端返回 HTTP 200 |
|
||
| 2026-05-25 | Browser plugin check | DONE_WITH_CONCERNS | 内置浏览器返回 `Browser is not available: iab`,未完成视觉截图核验 |
|
||
| 2026-05-25 | `git diff --check` | PASS | Phase 4 whitespace 检查通过 |
|
||
| 2026-05-25 | `pnpm build` | PASS | Phase 4 规格修复后前端构建通过 |
|
||
| 2026-05-25 | `git diff --check` | PASS | Phase 4 规格修复 whitespace 检查通过 |
|
||
| 2026-05-25 | `pnpm test` | PASS | Phase 5 normalizer 测试 7/7 通过 |
|
||
| 2026-05-25 | `pnpm build` | PASS | Phase 5 前端构建通过 |
|
||
| 2026-05-25 | `go test ./...` | PASS | Phase 5 后端回归测试通过 |
|
||
| 2026-05-25 | `git diff --check` | PASS | Phase 5 whitespace 检查通过 |
|
||
| 2026-05-25 | `pnpm test` | FAIL | TDD 红灯:`normalizers.js` 尚未实现,新增 normalizer 测试无法导入模块 |
|
||
| 2026-05-25 | `pnpm test` | PASS | source/confidence 中文映射、invalid agent TOML、空 runtime/workflow 测试通过 |
|
||
| 2026-05-25 | `pnpm build` | PASS | Phase 5 首轮 Vue/Vite 构建通过 |
|
||
| 2026-05-25 | `curl --max-time 5 -sS http://127.0.0.1:18083/api/agents` | PASS | 后端真实 agents 只读接口可达 |
|
||
| 2026-05-25 | `curl --max-time 5 -sS http://127.0.0.1:18083/api/projects` | PASS | 后端真实 projects 只读接口可达 |
|
||
| 2026-05-25 | `curl --max-time 5 -sS http://127.0.0.1:13083/` | PASS | Vite 前端页面可达 |
|
||
| 2026-05-25 | `curl --max-time 5 -sS http://127.0.0.1:13083/api/workflow/events` | PASS | 前端代理到后端 workflow 只读接口可达 |
|
||
| 2026-05-25 | `pnpm test` | FAIL | TDD 红灯:真实 workflow 返回的非阶段表格行未被 normalizer 过滤 |
|
||
| 2026-05-25 | `pnpm test` | PASS | workflow phase 过滤测试通过;共 5 个前端单测通过 |
|
||
| 2026-05-25 | `pnpm build` | PASS | Phase 5 修复后前端构建通过 |
|
||
| 2026-05-25 | `git diff --check` | PASS | Phase 5 whitespace 检查通过 |
|
||
| 2026-05-25 | `go test ./...` | PASS | Phase 5 未改 Go 行为;全量 Go 回归通过 |
|
||
| 2026-05-25 | `pnpm test` | FAIL | TDD 红灯:valid agent 仍显示“已读取”,workflow 空交接文案尚未由 normalizer 提供 |
|
||
| 2026-05-25 | `pnpm test` | PASS | valid agent 显示“TOML 有效”,角色设定和交接边中文文案测试通过;共 7 个前端单测通过 |
|
||
| 2026-05-25 | `pnpm build` | PASS | Phase 5 规格修复后前端构建通过 |
|
||
| 2026-05-25 | `go test ./...` | PASS | Phase 5 规格修复未改 Go 行为;全量 Go 回归通过 |
|
||
| 2026-05-25 | `git diff --check` | PASS | Phase 5 规格修复 whitespace 检查通过 |
|
||
| 2026-05-25 | `pnpm test` | FAIL | TDD 红灯:未知 source kind `sqlite_locked_internal` 被原样显示到 label |
|
||
| 2026-05-25 | `pnpm test` | PASS | unknown source/confidence/status/trust label 兜底测试通过;共 9 个前端单测通过 |
|
||
| 2026-05-25 | `pnpm build` | PASS | Phase 5 unknown enum 修复后前端构建通过 |
|
||
| 2026-05-25 | `go test ./...` | PASS | Phase 5 unknown enum 修复未改 Go 行为;全量 Go 回归通过 |
|
||
| 2026-05-25 | `git diff --check` | PASS | Phase 5 unknown enum 修复 whitespace 检查通过 |
|
||
| 2026-05-25 | `pnpm test` | FAIL | TDD 红灯:`in_progress` workflow phase 被过滤,返回 0 个阶段 |
|
||
| 2026-05-25 | `pnpm test` | PASS | 未知 workflow phase status 保留显示,label 为“未知”;共 10 个前端单测通过 |
|
||
| 2026-05-25 | `pnpm build` | PASS | Phase 5 unknown workflow phase 修复后前端构建通过 |
|
||
| 2026-05-25 | `go test ./...` | PASS | Phase 5 unknown workflow phase 修复未改 Go 行为;全量 Go 回归通过 |
|
||
| 2026-05-25 | `git diff --check` | PASS | Phase 5 unknown workflow phase 修复 whitespace 检查通过 |
|
||
| 2026-05-25 | `go test ./internal/agents ./internal/server` | FAIL | TDD 红灯:`ValidateDraft`/`WriteDraft` 未实现,validate/write 端点返回 404 |
|
||
| 2026-05-25 | `cd web && pnpm test` | FAIL | TDD 红灯:writeback normalizer 和 validate/write client 方法未实现 |
|
||
| 2026-05-25 | `go test ./internal/agents ./internal/server` | PASS | Phase 6 后端 validate/write、hash 冲突、备份、路径和 symlink 边界测试通过 |
|
||
| 2026-05-25 | `cd web && pnpm test` | PASS | Phase 6 前端 client/normalizer 写回状态测试通过;共 13 个单测 |
|
||
| 2026-05-25 | `go test ./internal/agents ./internal/server` | PASS | Phase 6 指定后端目标包验证通过 |
|
||
| 2026-05-25 | `go test ./...` | PASS | Phase 6 全量 Go 验证通过 |
|
||
| 2026-05-25 | `cd web && pnpm test` | PASS | Phase 6 前端单测验证通过;共 13 个单测 |
|
||
| 2026-05-25 | `cd web && pnpm build` | PASS | Phase 6 前端生产构建通过 |
|
||
| 2026-05-25 | `git diff --check` | PASS | Phase 6 whitespace 检查通过 |
|
||
| 2026-05-25 | `go test ./internal/agents` | FAIL | TDD 红灯:List/Validate/Write malformed string 均泄漏英文 `invalid syntax` |
|
||
| 2026-05-25 | `go test ./internal/agents ./internal/server` | PASS | Phase 6 TOML 错误中文化目标包测试通过 |
|
||
| 2026-05-25 | `go test ./internal/agents ./internal/server` | PASS | Phase 6 规格修复后指定后端目标包验证通过 |
|
||
| 2026-05-25 | `go test ./...` | PASS | Phase 6 规格修复后全量 Go 验证通过 |
|
||
| 2026-05-25 | `cd web && pnpm test` | PASS | Phase 6 规格修复后前端单测验证通过;共 13 个单测 |
|
||
| 2026-05-25 | `cd web && pnpm build` | PASS | Phase 6 规格修复后前端生产构建通过 |
|
||
| 2026-05-25 | `git diff --check` | PASS | Phase 6 规格修复 whitespace 检查通过 |
|
||
| 2026-05-25 | `go test ./internal/agents ./internal/server` | FAIL | TDD 红灯:缺少写回 hook;server 超大 body 返回 200,trailing JSON 返回 200,缺失目标泄漏绝对路径和 `no such file` |
|
||
| 2026-05-25 | `go test ./internal/agents ./internal/server` | PASS | Phase 6 安全修复目标包测试通过 |
|
||
| 2026-05-25 | `go test ./internal/agents ./internal/server` | PASS | Phase 6 安全修复后指定后端目标包验证通过 |
|
||
| 2026-05-25 | `go test ./...` | PASS | Phase 6 安全修复后全量 Go 验证通过 |
|
||
| 2026-05-25 | `cd web && pnpm test` | PASS | Phase 6 安全修复后前端单测验证通过;共 13 个单测 |
|
||
| 2026-05-25 | `cd web && pnpm build` | PASS | Phase 6 安全修复后前端生产构建通过 |
|
||
| 2026-05-25 | `git diff --check` | PASS | Phase 6 安全修复 whitespace 检查通过 |
|
||
| 2026-05-25 | `go test ./internal/agents ./internal/server` | FAIL | TDD 红灯:新增复核后备份前 hook 后缺少 `writebackTestHookAfterVerifyBeforeBackup`,暴露未覆盖窗口 |
|
||
| 2026-05-25 | `go test ./internal/agents ./internal/server` | PASS | Phase 6 dirfd 绑定写回目标包测试通过 |
|
||
| 2026-05-25 | `go test ./internal/agents ./internal/server` | PASS | Phase 6 dirfd 绑定修复后指定后端目标包验证通过 |
|
||
| 2026-05-25 | `go test ./...` | PASS | Phase 6 dirfd 绑定修复后全量 Go 验证通过 |
|
||
| 2026-05-25 | `cd web && pnpm test` | PASS | Phase 6 dirfd 绑定修复后前端单测验证通过;共 13 个单测 |
|
||
| 2026-05-25 | `cd web && pnpm build` | PASS | Phase 6 dirfd 绑定修复后前端生产构建通过 |
|
||
| 2026-05-25 | `git diff --check` | PASS | Phase 6 dirfd 绑定修复 whitespace 检查通过 |
|
||
| 2026-05-25 | `go test ./...` | PASS | Phase 7 最终 Go 全量验证通过;缓存包通过 |
|
||
| 2026-05-25 | `go test -count=1 ./...` | PASS | Phase 7 最终非缓存 Go 全量验证通过 |
|
||
| 2026-05-25 | `cd web && pnpm test` | PASS | Phase 7 前端单测通过;13 个测试全部通过 |
|
||
| 2026-05-25 | `cd web && pnpm build` | PASS | Phase 7 前端生产构建通过;Vite 构建成功 |
|
||
| 2026-05-25 | `git diff --check` | PASS | Phase 7 whitespace 检查通过 |
|
||
| 2026-05-25 | Browser plugin visual verification | DONE_WITH_CONCERNS | 内置浏览器仍返回 `Browser is not available: iab`,改用本机 Chrome 执行同等页面核验 |
|
||
| 2026-05-25 | Chrome visual verification | PASS | `http://127.0.0.1:13083/` 项目视图、工作流视图、智能体视图、草稿和设置页均显示中文;真实项目/线程矩阵、工作流阶段与监管、智能体 TOML 草稿校验/差异/备份写回控件可见 |
|
||
| 2026-05-25 | `cd web && pnpm test` | FAIL | TDD 红灯:设置页仍显示“本阶段不会写回 / 不保存智能体 TOML”,与 Phase 6 单文件写回能力冲突 |
|
||
| 2026-05-25 | `cd web && pnpm test` | PASS | 设置页安全文案修复后前端单测通过;14 个测试全部通过 |
|
||
| 2026-05-25 | Chrome settings re-check | PASS | 设置页显示“安全配置摘要”“仅校验后单文件写回”“不自动保存或批量写回”,旧文案不再可见 |
|
||
| 2026-05-25 | Final code review | PASS | 代码审查员复核无阻塞问题;建议将智能体页“只读编辑区”改为更准确的草稿编辑文案 |
|
||
| 2026-05-25 | `cd web && pnpm test` | FAIL | TDD 红灯:智能体页仍出现“智能体只读编辑区 / 只读编辑区”旧文案 |
|
||
| 2026-05-25 | `cd web && pnpm test` | PASS | 智能体页改为“字段预览与草稿编辑区”后前端单测通过;15 个测试全部通过 |
|
||
| 2026-05-25 | `cd web && pnpm build` | PASS | 智能体页审查建议修复后前端生产构建通过 |
|
||
| 2026-05-25 | Chrome agent view re-check | PASS | 智能体视图显示“字段预览与草稿编辑区”,并保留校验 TOML、查看差异、创建备份并写回控件 |
|
||
|
||
## Bug Loop
|
||
|
||
| Phase | Bug | Fix Attempt | Retest Result |
|
||
| --- | --- | --- | --- |
|
||
| 1 | `ResolveInside` 可被 `.codex/agents` symlink 指向外部目录绕过 | 检查已存在路径组件,发现 symlink 后使用 `EvalSymlinks` 并确认仍在 evaluated Codex home 内 | `go test ./internal/codexhome` PASS |
|
||
| 1 | `AUTH.JSON` 等大小写变体未被敏感文件 denylist 拦截 | 对敏感根文件相对路径做 case-insensitive 匹配 | `go test ./internal/codexhome` PASS |
|
||
| 1 | 缺少操作域 resolver,通用 `ResolveInside` 容易误用 | 新增 `ResolveAgentTOML`,只允许 `agents/` 直属 `.toml` 文件名 | `go test ./internal/codexhome` PASS |
|
||
| 1 | `docs/project.md` 记录 `CODEX_HOME` 但默认配置未读取 | `DefaultConfig` 增加 `CODEX_HOME` 非空 override | `go test ./internal/app` PASS |
|
||
| 1 | `ResolveAgentTOML` 可通过 `agents/*.toml` symlink 指向 root `auth.json` 绕过 forbidden 检查 | 在 symlink 解析后对 evaluated final target 再执行 forbidden 检查 | `go test ./internal/codexhome` PASS |
|
||
| 2 | Agent TOML parser 对重复键使用 map 覆盖,且未校验 bare key | 增加 duplicate key 和 invalid key 检测,遇到 malformed TOML 返回单条 invalid | `go test ./internal/agents` PASS |
|
||
| 2 | Agent symlink 只校验最终路径在 Codex home 内,可读取 root `config.toml` | 在 agent store 层拒绝 `.toml` symlink,避免读取非 agent TOML 内容 | `go test ./internal/agents` PASS |
|
||
| 2 | `agents` 目录 symlink 会让枚举逻辑读取 Codex home root 的 `.toml` 文件 | 在 `Store.List` 对 lexical `CodexHome/agents` 先 `Lstat`,发现 symlink 直接返回 forbidden error | `go test ./internal/agents` PASS |
|
||
| 3 | runtime 测试初次失败于未使用的 `os` import | 删除测试中不再使用的 import | `go test ./internal/runtime` PASS |
|
||
| 3 | `modernc.org/sqlite v1.50.1` 将 module 最低版本提升到 Go 1.25 | 降级到 `modernc.org/sqlite v1.35.0`,清理高版本间接依赖,并恢复 `go 1.22` | `go test ./internal/runtime` PASS |
|
||
| 3 | 单侧 SQLite 缺失时聚合来源仍可能显示整体 high confidence | 增加 `Snapshot.Sources`,按 `state` / `goals` 分别记录 `sqlite_missing` 或 `sqlite_readonly`,聚合来源使用 `sqlite_partial` | `go test ./internal/runtime` PASS |
|
||
| 3 | SQLite schema drift、NULL 或数值字段可让 Snapshot 返回 error 并导致 API 500 | 使用 `PRAGMA table_info` 构造宽容 SELECT;缺关键列返回空表和 `sqlite_schema_drift` 证据;可选列/NULL/数值字段转为空字符串或文本 | `go test ./internal/runtime` PASS |
|
||
| 3 | `SourceEvidence.Confidence` 出现设计外值 `partial` | 保留 `Kind: sqlite_partial`,将 `Confidence` 改为 `medium` | `go test ./internal/runtime ./internal/server` PASS |
|
||
| 3 | `workflow.Store` 未配置 Runtime 会 panic | nil Runtime 返回空 view 和 `runtime_missing`/`low` 证据 | `go test ./internal/workflow` PASS |
|
||
| 4 | UI 直接展示 `local_sample`、`api_missing`、`low`、`medium` 等内部英文值 | `StatusBadge` 增加中文映射,并将示例数据来源/置信度改为中文展示值 | `pnpm build` PASS |
|
||
| 5 | valid agent 未明确显示 TOML 有效,工作流/角色设定仍有内部英文名 | normalizer 将 valid 状态显示为 `TOML 有效`,并清理交接边、主智能体、角色设定等中文文案 | `pnpm test` PASS |
|
||
| 5 | 空状态和设置页仍有英文 `agent`、`Codex home` | 改为“智能体”和“Codex 主目录”,补中文文案回归测试 | 待复测 |
|
||
| 5 | workflow phases 会把 `task_plan.md` 里错误记录表的 `Time/Phase` 行显示到 UI | normalizer 过滤非阶段状态,并把数字阶段名转为“阶段 N” | `pnpm test` PASS |
|
||
| 5 | valid agent 状态只显示“已读取”,且工作流/智能体可见文案残留内部英文 | normalizer 改为“TOML 有效”/“TOML 无效”,角色设定字段改中文,WorkflowView 改“交接边”和“主智能体” | `pnpm test` PASS |
|
||
| 5 | 未知后端枚举值可通过 source/confidence/status/trust label 暴露到 UI | 未知 source 显示“来源未知”,未知 confidence 显示“低”,未知 status/trust 显示“未知” | `pnpm test` PASS |
|
||
| 5 | 未知 workflow phase status 被白名单过滤,真实阶段从 UI 消失 | phase 过滤改为只排除表头/伪行,未知 status 交给中文状态兜底显示“未知” | `pnpm test` PASS |
|
||
| 6 | 写回可能覆盖校验后用户修改的文件 | validate 返回当前 sha256;write 重新读取并比较 expectedHash,不匹配返回冲突且不写回 | `go test ./internal/agents ./internal/server` PASS |
|
||
| 6 | 无效 TOML 或 unsafe id/symlink 可能进入写回路径 | write 重新执行 TOML 校验,id 只允许安全 bare stem,拒绝 leaf symlink 和 symlinked agents 目录 | `go test ./internal/agents ./internal/server` PASS |
|
||
| 6 | TOML 未闭合字符串错误会把 `strconv.Unquote` 的英文 `invalid syntax` 返回给 UI/API | 在 parser 层将字符串字段语法错误包装为中文并带行号;List/Validate/Write 增加中文错误断言 | `go test ./internal/agents ./internal/server` PASS |
|
||
| 6 | 写回备份/rename 前路径身份可能变化,且备份后并发修改可能被覆盖 | 写回加进程内临界区,记录 agents 目录和目标文件 inode identity;备份前和 rename 前复核 identity 与 expectedHash | `go test ./internal/agents ./internal/server` PASS |
|
||
| 6 | validate/write POST 可接收超大 body、trailing JSON,且错误响应透传路径和英文系统错误 | validate/write 使用 1MiB `MaxBytesReader`、拒绝 trailing JSON,并将错误映射为安全中文响应 | `go test ./internal/agents ./internal/server` PASS |
|
||
| 6 | 复核后到备份/rename 前仍有父目录路径替换窗口 | 使用 `Openat`/`Renameat` 将目标读取、备份、临时文件和 rename 绑定到已打开的 `agents` 目录 fd,并继续复核目录路径身份和目标 hash | `go test ./internal/agents ./internal/server` PASS |
|
||
| 7 | 设置页安全边界文案停留在只读阶段,误导用户以为智能体 TOML 不会保存 | 改为“仅校验后单文件写回”,明确项目/运行线程/工作流仍只读,且不自动保存或批量写回 | `cd web && pnpm test` PASS;Chrome re-check PASS |
|
||
| 7 | 智能体页编辑区域文案仍叫“只读编辑区”,与草稿编辑和写回按钮不一致 | 改为“字段预览与草稿编辑区”,并补文案回归测试 | `cd web && pnpm test` PASS;Chrome re-check PASS |
|