Commit Graph

409 Commits

Author SHA1 Message Date
Fischer 8063f4efe0 feat(bitable): formula relations v2 — U1-U8 + review fixes (#26)
Deploy to Production / deploy (push) Waiting to run Details
Test / backend-test (push) Waiting to run Details
Test / frontend-unit (push) Waiting to run Details
Test / api-e2e (push) Waiting to run Details
Test / frontend-e2e (push) Waiting to run Details
PR #26: bitable v2 module

- Formula engine: 10→64 functions
- Cross-table formula syntax
- Relation CRUD (1:1/1:N/N:N + bidirectional + self-ref)
- Lookup & Rollup field types with recalc worker
- Cross-table dependency graph
- Automation engine (3 triggers + 5 actions + retries + Webhook)
- 11 REST API endpoints + 17 BitableTool actions

Bug fixes (review + AE1):
- SSRF guard for outbound webhooks
- Bidirectional association reverse field cleanup
- Target table ownership checks
- Typed AutomationUpdate models
- Decimal handling for JSONB numbers
- merge_record_values (preserve fields on link update)
- enqueue_recalc ON CONFLICT DO UPDATE (reset done→pending)
- _trigger_cross_table_recalc on record update

Tests: 267 unit passed, AE1 e2e 3/3 passed, ruff clean
2026-07-06 13:35:31 +08:00
Chiguyong e35b2289ce fix(bitable): cross-table recalc + merge_record_values + SSRF tests
Test / backend-test (pull_request) Waiting to run Details
Test / frontend-unit (pull_request) Waiting to run Details
Test / api-e2e (pull_request) Waiting to run Details
Test / frontend-e2e (pull_request) Waiting to run Details
Fixes 4 bugs blocking AE1 acceptance scenario (rollup returns 0):

1. Decimal not recognized as numeric: PostgreSQL JSONB returns numbers
   as Decimal; _evaluate_rollup's isinstance(v, (int,float)) missed them.
   Added _to_float() helper (also excludes bool, an int subclass).
   Applied to _evaluate_lookup for JSON serialization safety.

2. add_relation_link clobbers record values: update_record_values does
   full-replace, so setting the relation field wiped amount/etc.
   Added merge_record_values (|| operator) and switched all relation
   link mutations to use it (add + remove + reverse cleanup).

3. enqueue_recalc ON CONFLICT DO NOTHING swallowed re-enqueues: once a
   task reached 'done', the unique constraint silently dropped new
   requests for the same (record_id, field_id) — field showed stale
   data forever. Changed to ON CONFLICT DO UPDATE: reset done/error
   tasks to pending; leave pending/calculating as-is (no double-process).

4. No cross-table recalc on record update: update_record_values only
   triggered recalc on the record's own table; rollup on the target
   table never updated when source values changed. Added
   _trigger_cross_table_recalc() — finds relation fields on the
   record's table, triggers recalc on linked target records.

Tests:
- AE1 acceptance: 3 e2e tests (SUM on insert, update-triggered recalc,
  AVG aggregation) — all pass against real PG.
- Bidirectional relation deletion: verifies _cleanup_reverse_link
  removes source from target's reverse field.
- SSRF guard: 3 tests blocking loopback, private IP, non-HTTP scheme.
- Updated test_recalc_deduplication for new ON CONFLICT DO UPDATE
  semantics (returns existing task, not None).
- Fixed test_crash_recovery to use stale_threshold=0 (was always broken
  with default 600s threshold).
2026-07-06 13:29:54 +08:00
Chiguyong fae76b7cca merge: resolve conflict with origin/main (PR #24/#25)
Test / backend-test (pull_request) Waiting to run Details
Test / frontend-unit (pull_request) Waiting to run Details
Test / api-e2e (pull_request) Waiting to run Details
Test / frontend-e2e (pull_request) Waiting to run Details
Conflict in src/agentkit/bitable/service.py delete_view():
- Adopted main's MAINT-2 fix (delete_view_if_not_last atomic op + race check)
- Worktree's simpler version replaced by main's race-safe implementation

No conflict markers remain. 277 tests pass, ruff clean.
2026-07-06 13:04:53 +08:00
Chiguyong 6d5a34ada2 feat(bitable): formula relations v2 — U1-U8 + review fixes
Test / backend-test (pull_request) Waiting to run Details
Test / frontend-unit (pull_request) Waiting to run Details
Test / api-e2e (pull_request) Waiting to run Details
Test / frontend-e2e (pull_request) Waiting to run Details
Implements bitable v2: formula engine expansion (10->64 functions),
cross-table formula references, relation CRUD (1:1/1:N/N:N + bidirectional),
lookup/rollup fields, cross-table dependency graph, automation engine
(3 triggers + 5 actions + retry + webhook), and REST API + BitableTool actions.

Implementation units:
- U1: Schema V3 migration (junction table, automations, cross_table_deps)
- U2: Formula functions 10->64 (datetime/text/logical/aggregate/lookup)
- U3: Cross-table formula {rel.target} syntax (parser 3-tuple, engine resolve)
- U4: Relation CRUD + bidirectional + self-reference
- U5: Lookup & Rollup field types with recalc worker routing
- U6: Cross-table dependency graph + recalc trigger
- U7: Automation engine (asyncio queue, 3x retry, execution logs)
- U8: REST API (11 endpoints) + BitableTool (17 actions)

Review fixes applied (ce-code-review mode:agent):
- P1: SSRF guard on outbound webhook (reuse _assert_safe_host from ingestion)
- P1: Bidirectional relation removal now cleans reverse field (symmetric with add)
- P2: Ownership check on target_table_id in relation field creation (IDOR fix)
- P2: Typed AutomationUpdate Pydantic model (prevents table_id injection)
- P3: Tracked automation fire-and-forget tasks (error visibility)
- P3: Public FormulaEngine.get_cross_table_mapping (remove private attr access)

Tests: 267 passed, 153 skipped (PG). Ruff clean.
Deferred: generate_formula/generate_automation LLM actions, frontend components.
2026-07-06 12:57:07 +08:00
root f0fc34bfee Merge pull request 'fix(enterprise): P3 residual batch' (#25) from feat/p3-residual-fixes into main
Deploy to Production / deploy (push) Waiting to run Details
Test / backend-test (push) Waiting to run Details
Test / frontend-unit (push) Waiting to run Details
Test / api-e2e (push) Waiting to run Details
Test / frontend-e2e (push) Waiting to run Details
2026-07-06 12:24:44 +08:00
Chiguyong 04ad5966d0 fix(enterprise): ce-debug P3 residual batch — SEC-2 OIDC 验签 + STAND-3 SCIM /scim/v2 + MIG-2 schema 迁移
Test / backend-test (pull_request) Waiting to run Details
Test / frontend-unit (pull_request) Waiting to run Details
Test / api-e2e (pull_request) Waiting to run Details
Test / frontend-e2e (pull_request) Waiting to run Details
13 项 P3 residual findings 全部清零:

安全/合规
- SEC-2: OIDC id_token 用 JWKS 验签 + IDToken claims_cls 校验 iss/aud/exp(fail-closed,无 jwks_uri 时拒绝回退)
- STAND-3: SCIM router 改挂 /scim/v2(RFC 7644 标准路径)+ 修复双重前缀 bug(router 内部 prefix 移除,由挂载点控制)
- API-12/14: SCIM PATCH 严格性 — 不支持的 op/path 返回 400 noTarget + path==None 时遍历 value keys

性能/可观测
- PERF-6/7: gateway cache metric 修正 — None usage 早退 + 仅对 anthropic/claude model 记录 cache hit/miss

部署/运维
- DEPLOY-8: key-rotation-runbook 拆分 Slot 10(Redis)/Slot 11(PostgreSQL)
- DEPLOY-9: Helm chart 支持 image.digest pinning(@sha256:<digest> 覆盖 tag)

迁移/维护
- MIG-2: auth DB schema 迁移注册表(_SCHEMA_MIGRATIONS dict + _run_schema_migrations 按 version 差值执行)
- MAINT-2: bitable delete_view 三态错误信息(不存在 vs 最后一视图 vs 并发竞争)
- MAINT-3: chatStream 提取 findStreamingSynthesisMilestone helper(去重 team_synthesis_chunk/team_synthesis 谓词)
- MAINT-4 + STAND-2: 前端测试 token 正则 helper + replace 加 g 标志(移除所有 :root 块)

验证:ruff check + format(P3 文件全过)| pytest 526 passed(calendar webhook SSRF 失败为 pre-existing)| helm lint 通过
2026-07-06 12:18:42 +08:00
Fischer a406f59bdf feat(enterprise): U1-U6 enterprise agent platform (#24)
Deploy to Production / deploy (push) Waiting to run Details
Test / backend-test (push) Waiting to run Details
Test / frontend-unit (push) Waiting to run Details
Test / api-e2e (push) Waiting to run Details
Test / frontend-e2e (push) Waiting to run Details
Merge PR #24 — U1-U6 enterprise agent platform

ce-debug 批量修复:
- PERF-1: PII 脱敏接入 gateway 生产路径
- DEPLOY-1: 部署名引用修正(label selector)
- DEPLOY-2: Redis 鉴权(11 处 from_url 消费 REDIS_PASSWORD)
- DEPLOY-4: 移除死 env POSTGRES_PASSWORD
- DEPLOY-5: OTel token 格式 Authorization=Bearer
- SCIM RFC 7643/7644 合规
- API-4/8/10: SSO token 原子化 + provider 区分 + response_model
2026-07-06 11:42:29 +08:00
Chiguyong cb278bb5f0 fix(enterprise): ce-debug batch — PERF-1 PII filter + DEPLOY-1/2/4/5 + SCIM RFC 7643/7644
Test / backend-test (pull_request) Waiting to run Details
Test / frontend-unit (pull_request) Waiting to run Details
Test / api-e2e (pull_request) Waiting to run Details
Test / frontend-e2e (pull_request) Waiting to run Details
修复 ce-code-review 发现的全部 P1/P2 residual findings:

P1:
- PERF-1: PII 脱敏接入 gateway chat()/chat_stream() 生产路径
  (env AGENTKIT_PII_FILTER_ENABLED=true 启用,fail-closed)
- API-1/2/5/6/7/9/11/13 + STAND-1 + SEC-3: SCIM router 全面重写
  - API-1: totalResults 用 SELECT COUNT(*) 返回全量总数
  - API-2: 异常处理器转 RFC 7644 错误格式(scope 到 /scim/v2)
  - API-5: create_user 写 user_idp_links(idp_name='scim')
  - API-6: POST /Users 返回 Location 头
  - API-7: PATCH userName UNIQUE 冲突 → 409
  - API-9: 不支持的 filter → 400 invalidFilter
  - API-11: displayName=None
  - API-13: filter 大小写不敏感
  - STAND-1: dict[str, Any] → dict[str, object]
  - SEC-3: active true→false 写审计(延后到事务提交后避免 SQLite 锁竞争)
- API-4: _sso_issue_token_pair 用 secrets.token_urlsafe(32) 生成真实 refresh_token
  (移除 __pending_sso__ 占位符 + 后续 UPDATE 的非原子两步写入)
- API-8: _sso_issue_token_pair 增加 provider_type/provider_name 参数
- API-10: deprovision_user/change_user_role 加 response_model
- DEPLOY-1: install.sh + docs 用 instance 标签选择器替代硬编码 fullname
- DEPLOY-2: 11 处 Redis 客户端构造显式传入 REDIS_PASSWORD env var

P2:
- DEPLOY-4: 移除 agentkit deployment 中死 env POSTGRES_PASSWORD
  (应用通过 DATABASE_URL Slot 3 内嵌密码连接,不读此 env)
- DEPLOY-5: OTel token 格式改为 Authorization=Bearer <token>
  (符合 OTEL_EXPORTER_OTLP_HEADERS key=value 规范)

测试:
- ruff check + format 全部通过
- pytest tests/unit/test_scim_router.py 9 passed
- pytest tests/unit/test_llm_gateway.py + test_handoff.py + test_event_queue_integration.py 70 passed, 5 skipped
- helm lint + helm template 验证 POSTGRES_PASSWORD env 已移除
2026-07-06 11:41:06 +08:00
Chiguyong 444667e2f0 docs(review): record residual review findings
Test / backend-test (pull_request) Waiting to run Details
Test / frontend-unit (pull_request) Waiting to run Details
Test / api-e2e (pull_request) Waiting to run Details
Test / frontend-e2e (pull_request) Waiting to run Details
2026-07-06 10:40:06 +08:00
Chiguyong 3cf29f4633 fix(enterprise): ce-code-review P1 fixes — SSO is_active + span leak + Helm chart integration
Stage 5c applied safe P1/P2/P3 fixes from multi-agent code review:

- SEC-1 (P1, security): SSO 登录绕过 is_active 检查 — _sso_issue_token_pair
  入口加显式校验,与本地 login(auth.py:377)一致。已停用用户无法再通过
  IDP 回调拿 JWT,封堵 R1b deprovisioning 绕过。

- PERF-2/3 (P2, reliability): gateway chat() span 泄漏 + 异常未记录 — try 块
  扩展到覆盖整个 span 生命周期(含 cache 设置),新增 except 分支调用
  record_exception + set_status(ERROR),失败调用在 trace 中不再显示为成功。

- API-3 (P1, test isolation): SCIM router 使用 import-time 捕获的
  DEFAULT_AUTH_DB_PATH — 改为 resolve_auth_db_path() 在调用时读取 env var,
  让测试 monkeypatch.setenv 可见。

- MAINT-1 (P3, dead code): 删除 BitableRepository.delete_view(被
  delete_view_if_not_last 取代,无生产调用方,仅 docs 残留引用)。

- PERF-4/5 (P3, performance): pii_filter._record_pii_metrics 的 from import
  提升至模块顶部 + except: pass 改为 logger.debug 记录失败原因。

- DEPLOY-3 (P1, chart integration): ConfigMap 不可达 — deployment.yaml
  args 增加 --config /etc/agentkit/agentkit.yaml,让应用能加载 chart 渲染
  的非密配置。

- DEPLOY-6/7 (P3, doc/chart consistency): values.yaml 注释残留旧 slot 名
  redisPgPasswords → redisPassword;slot 计数 10 → 11(5 处 chart + 3 处
  deployment docs 同步修正)。

Verification:
- ruff check + format clean (7 modified .py files)
- pytest tests/unit/{auth,bitable} + test_{pii_filter,oidc_provider,
  saml_provider,scim_router,auth_audit,telemetry,prompt_cache_layers}.py
  → 336 passed, 145 skipped
- helm lint + helm template 验证 secret key 一致性

Residual findings (deferred to follow-up):
- PERF-1: PII filter 未接入 gateway 生产路径(manual, 需配置接入决策)
- API-1/2/4/5: SCIM RFC 7644 合规性(totalResults/error format/Location
  header/SSO 预配联动)— manual, 需设计决策
- DEPLOY-1/2/4: Helm chart ↔ app 集成断裂(部署名引用/Redis 鉴权/PG 密码双源)
  — manual, 需 app+chart 联动修改
2026-07-06 08:36:59 +08:00
Chiguyong 86bce129a4 refactor(enterprise): simplify U1-U6 — fix span leak, dedup helpers, stdlib parsing
lfg Step 3 (ce-simplify-code) — 16 files, -89 net lines.

P1 fixes (functional):
- audit.py / scim/router.py: fix OTel span leak — start_span() returned a
  context manager but was used as a plain object, so spans never ended
  and never exported. Wrap in `with`.
- helm chart: split combined `redisPgPasswords` slot (single JSON key)
  into `redisPassword` + `postgresPassword` slots — the combined `key`
  field was dead config never referenced by any template; deployment.yaml
  hardcoded `redis-password`/`postgres-password` keys were inconsistent
  with values.yaml schema.

P2 dedup (reuse):
- Promote `resolve_auth_db_path()` to models.py (canonical); remove 3
  duplicate `_resolve_db_path` defs in oidc.py / saml.py / audit.py.
- Reuse `_now_iso` from models.py; remove 5 duplicates across audit /
  oidc / saml / scim / local providers.
- Reuse `_row_to_user` from local.py in oidc.py / saml.py (verbatim
  copies removed).
- pii_filter._redact: collapse redundant `finditer` + `sub` (2 regex
  passes + 2x sha256 per match on hot path) into a single `sub` with a
  callback that collects matches and computes hashes once.

P3 simplifications:
- RoleChangeRequest.role: `str` + manual `if not in (...)` → `Literal`
  (Pydantic validates automatically).
- Extract `_record_pii_metrics(status, redacted_count)` helper to dedup
  3 nearly-identical OTel metric emission blocks.
- Extract `LLMGateway._record_prompt_cache_metric(usage, model)` to dedup
  non-stream + stream cache hit/miss counters; switch to use the
  `TokenUsage.cache_hit` property (previously added but unused).
- middleware: split `WHITELIST_PATHS` + `PREFIX_MATCH_PATHS` (redundant
  cross-reference) into `WHITELIST_PATHS` (exact) + `PREFIX_WHITELIST_PATHS`
  (prefix) — single source of truth per kind.
- OIDC token exchange: replace f-string form body with `urlencode` to
  correctly escape `&` / `=` in code / redirect_uri.
- auth.py OIDC redirect route: replace hand-rolled `url.split("state=")`
  with `urlparse + parse_qs`.
- PII module docstring: clarify that `PIIMatch.original` is in-memory
  only (must not be logged / persisted) — the previous "仅 hash, 不含
  原文" wording was misleading.

Skipped findings (false-positive or not worth):
- OIDC/SAML `_find_or_create_user` JIT 60-line dedup — high blast
  radius across SQL + transaction boundaries; defers to dedicated refactor.
- SAML `_extract_host` hand-rolled split — already has ponytail comment;
  stdlib `urlparse` swap is behavior-equivalent for current inputs but
  changes OneLogin `http_host` field semantics; conservative keep.
- gateway.py department-quota / usage-record sequential await —
  concurrency gain unclear when dept count is typically ≤2.

Verification:
- ruff check (scoped to 12 touched files) clean
- ruff format (1 file reformatted)
- pytest (PII + OIDC + SAML + SCIM + audit + bitable + team_orchestrator):
  265 passed, 145 skipped (PG/Docker), 0 failures
- helm lint clean; helm template renders correctly for both
  sealed-secrets + external-secrets backends
2026-07-06 08:02:40 +08:00
Chiguyong de02ac8a92 docs(compliance): U6 — 等保三级文档准备(6 维度 + 控制点清单)
U6 启动等保三级认证文档编写,按 GB/T 22239-2019 6 维度组织:

00-overview — 总览:认证目标、范围、AgentKit 架构摘要、各维度状态。
01-physical — 物理安全:客户机房部署假设。
02-network — 网络安全:Ingress TLS + NetworkPolicy + OTel mTLS。
03-host — 主机安全:非 root 容器 + distroless + 漏洞扫描。
04-application — 应用安全:SSO 多 IDP + RBAC 3 级 + 6 层终端安全 + OTel 审计。
05-data — 数据安全:PII 脱敏 + 国密 P1 参考 + PG 备份。
06-management — 管理安全:密钥轮换 runbook + break-glass 告警。

control-points.yaml — 控制点清单 + AgentKit 实现映射(已实现/P0/P1/待评估)。
2026-07-06 07:32:30 +08:00
Chiguyong af9cb9496c feat(deploy): U5 — K8s Helm Chart + Sealed Secrets + 离线安装包
U5 产出政企生产级 K8s 部署 artifacts:

Helm Chart — deploy/helm/agentkit/ 含 Chart.yaml + values.yaml +
8 个 templates(deployment/service/ingress/configmap/sealed-secret/
external-secret/serviceaccount/_helpers)。

values.yaml 显式列出 10 个 secret slot(KTD-4):JWT 签名密钥 /
API Key / DB 凭据 / IDP 签名证书 / 第三方 API Key / TLS 服务器证书 /
mTLS 客户端证书 / KMS-HSM PIN / OTel exporter token / Redis-PG 密码。

Sealed Secrets + External Secrets Operator 双模板,禁用 plain
Kubernetes Secret + Git 提交。serviceaccount 配置 projected token
注入支持 KMS/HSM workload identity。

离线安装包 — build-images.sh 构建镜像 tarball +
package-chart.sh 打包 chart tarball + install.sh 离线安装,
覆盖原生 K8s 1.28+ / Helm 3.x。

运维文档 — k8s-install.md 部署指南 + key-rotation-runbook.md
密钥轮换 runbook(10 slot)+ secret-inventory.md 密钥清单。
2026-07-06 07:21:41 +08:00
Chiguyong d3bd0d3b5f feat(auth): U4 — SSO 集成 (OIDC + SAML + SCIM + RBAC 审计)
实现 U4 SSO 集成,按 R1a 多 IDP 信任边界(按 (idp_name, idp_subject)
主键关联,禁止邮箱合并)、R1b 过渡期手动 deprovisioning、R1c 单租户假设。

- OIDC 适配器 (authlib):redirect flow + JIT 用户创建(KTD-2)
  GET  /auth/oauth/{provider}/redirect → IDP authorize
  GET  /auth/oauth/{provider}/callback  → token + userinfo + 关联本地用户
- SAML 适配器 (python3-saml):ACS endpoint
  POST /auth/saml/{provider}/acs → 解析 NameID + JIT 用户创建
- IDPRegistry (idp_registry.py):多 IDP 注册 + 热证书切换 + 健康隔离
- SCIM 2.0 minimal:bearer token 认证 + push 失败告警
  POST  /scim/v2/Users      (create)
  PATCH /scim/v2/Users/{id} (disable)
  GET   /scim/v2/Users       (filter/list)
- 手动 deprovisioning (R1b):operator/admin RBAC + OTel 审计
  POST /admin/users/{user_id}/deprovision
  POST /admin/users/{user_id}/role        (RBAC 角色变更审计 KTD-8)
- AuthDB schema V5:user_idp_links + auth_audit_log(additive)
- middleware 白名单:auth/oauth/、auth/saml/、scim/v2/ 走前缀匹配

测试:31 个单元测试全部通过(OIDC 8 + SAML 7 + SCIM 9 + Audit 6 + 1 schema)
ponytail 简化:
- _StateCache 进程内 dict + TTL 5min(多实例需 Redis 共享 state)
- OneLogin_Saml2_Auth 同步解析走 asyncio.to_thread 避免阻塞
- SCIM alert 走 OTel span event(无独立告警通道)
- 邮箱冲突时使用 fallback 邮箱(@sso.{provider}.local)保留 UNIQUE 约束
2026-07-06 04:15:02 +08:00
Chiguyong c60e96ac32 fix(bitable/team): U3 — Residual P2 findings (DR-1/3/4/5 + #2/#3)
U3 修复 8 项 P2 design review 与 streaming 残留问题:

DR-1 SQL 注入防御 — repository.py 添加 _validate_field_id UUID 校验,
拒绝非 UUID 字符串进入 jsonb_set path 与 WHERE 子句的字符串插值。
ceiling 注释标明仅覆盖 field_id,其余 SQL 结构由 service 层枚举白名单守护。

DR-3 design token 契约 — 新增 bitable-tokens.test.ts (31 tests),
解析 CSS :root 块并断言所有 --bitable-* token 在 :root 定义,
防止 token 被硬编码到组件外或遗漏定义。

DR-4 TOCTOU 修复 — repository.delete_view_if_not_last 用
SELECT ... FOR UPDATE 单事务原子化 check + delete,
消除 list_views → count → delete 三步分离的竞态。
service.delete_view 委托原子方法,失败抛 LastViewDeletionError。

DR-5 _update_field 静默失败 — type 参数被 Pydantic extra=ignore
静默丢弃,用户以为改了类型实际无效。显式返回
UNSUPPORTED_FIELD_TYPE_CHANGE 错误,避免静默失败的 UX 陷阱。

#2 team_synthesis 孤儿 milestone — 补 error + cancelled 路径测试,
验证内层 except 广播终结事件后 re-raise,外层 except 捕获后 fallback。

#3 synthesis_id 去重附身 — chatStream.ts 移除
|| m.synthesis_id === undefined 兜底匹配,避免新 milestone
附身到上一次孤儿 streaming 占位。

测试:DR-1 (7) + DR-4 repo (3) + DR-4 service (3) + DR-5 (2) +
#2 (2) + #8 frontend (31) = 48 项通过;U2 无回归 (29 项)。
2026-07-06 03:48:14 +08:00
Chiguyong 60a58a0fdb feat(llm): U2 — Prompt Cache 全链路监控 + PII 脱敏 hook
U2/R3 — Anthropic prompt cache 命中率监控 + 等保合规 PII 脱敏。

变更:
- protocol.py: TokenUsage 添加 cache_read/creation_input_tokens + cache_hit property
- providers/anthropic.py: 非流式 + 流式两处解析 cache 字段(cache_read_input_tokens / cache_creation_input_tokens)
- gateway.py: chat() / chat_stream() emit prompt_cache.hit / prompt_cache.miss OTel counter + span attributes
- telemetry/metrics.py: 新增 4 个 metric instruments(prompt_cache.hit/miss + pii_filter.coverage/redacted)
- llm/pii_filter.py(新文件): 正则版 PII 脱敏(手机/邮箱/身份证/银行卡)+ ner_hook + fail-closed + sha256 hash 审计
- agentkit.yaml: 添加 fallbacks + pii_filter 配置模板(默认 disabled,等保场景按需启用)
- tests: test_prompt_cache_layers.py +4 cache metric 测试;test_pii_filter.py 新增 PII 脱敏测试(29 测试通过)

设计决策:
- PII 脱敏用 stdlib(re + hashlib),不引入 NER 依赖;ner_hook 接入客户内网 NER 模型
- 正则顺序 id_card 在 phone 之前(避免身份证号内 11 位数字子串被手机号误匹配)
- ner_hook 异常不吞掉:传播到 filter_pii 由 fail_closed 决定(True→PIIFilterError;False→降级正则版重试)
- fail-closed:脱敏失败拒绝发送(不降级到原文),等保合规要求
2026-07-06 00:32:35 +08:00
Chiguyong d998c0344c feat(telemetry): U1 — OTel 默认启用,从 optional 升级为 required 依赖
- pyproject.toml: 添加 opentelemetry-api/sdk/exporter-otlp-proto-grpc/
  instrumentation-fastapi 到 [project] dependencies(KTD-3)
- telemetry/{tracer,metrics,tracing,setup}.py: 移除 try/except ImportError
  静默回退 — 缺包现在是硬安装错误,不再是监控盲区。保留 except Exception
  处理运行时错误(OTLP 连接失败),保留 enabled=false 配置开关
- setup.py: 修复已存在 bug — MeterProvider 的 readers kwarg 在 OTel SDK 1.16+
  改名为 metric_readers(被 ImportError fallback 掩盖)
- agentkit.yaml: 取消 telemetry 段注释,设 enabled=true + otlp_endpoint +
  service_name + export_traces/metrics
- test_telemetry.py: 更新 test_missing_opentelemetry → test_enabled_initializes_otel_tracer;
  新增 TestSetupTelemetry smoke test(disabled/none 是 no-op,enabled instrument FastAPI);
  清理 unused imports/vars

Verification:
- pytest tests/unit/test_telemetry.py: 21 passed
- pytest tests/unit/test_react_compression.py: 22 passed(_OTEL_AVAILABLE patch 兼容)
- runtime check: enabled=True → OTelTracer, enabled=False → NoOpTracer
2026-07-06 00:18:09 +08:00
Fischer 8633f60831 feat: complex-task-quality-loop (R1-R12) — 11 P1 blockers fixed (#22)
Deploy to Production / deploy (push) Waiting to run Details
Test / backend-test (push) Waiting to run Details
Test / frontend-unit (push) Waiting to run Details
Test / api-e2e (push) Waiting to run Details
Test / frontend-e2e (push) Waiting to run Details
Merge feat/complex-task-quality-loop into main.

Includes U1-U9/R1-R12 implementation + 11 P1 blocker fixes from ce-code-review.

P1 fixes: trace_outcome propagation, portal execute_stream routing, network_block reentrancy, spec review gate wiring, max_reflections threading, phase budgets, plan aggregation, failure status mapping, evolution drain timeout, portal spec_review_reply, spec_review persistence.
2026-07-05 22:31:21 +08:00
chiguyong e5e76697a9 fix(review): resolve 11 P1 blockers from ce-code-review
Test / backend-test (pull_request) Waiting to run Details
Test / frontend-unit (pull_request) Waiting to run Details
Test / api-e2e (pull_request) Waiting to run Details
Test / frontend-e2e (pull_request) Waiting to run Details
P1#1  config_driven: propagate trace_outcome into output_data so
      lifecycle._is_failure_path() detects non-success outcomes
P1#2  portal: route through ConfigDrivenAgent.execute_stream (not
      react_engine.execute_stream directly) so evolution hooks fire
      and trace_outcome propagates; add pre-built messages support in
      _build_llm_messages
P1#3  sandbox: make network_block reentrant via module-level reference
      counter + threading.Lock - concurrent VERIFICATION phases no
      longer permanently block all new connections
P1#4  chat: replace dead isinstance(_PlanExecEngine) check with
      hasattr(_spec_review_handler) to wire the spec review gate
P1#5  plan_exec_engine: complete max_reflections threading chain
      (PlanExecEngine + ReActStepExecutor constructors)
P1#6  plan_exec_engine: enforce phase budgets (max_steps from
      phase_budgets, not hardcoded 5)
P1#7  plan_exec_engine: use current plan (not stale plan var) in
      aggregation after replan
P1#8  plan_exec_engine: map failure to failed status (not success)
P1#9  app: add drain timeout for pending evolution tasks on shutdown
P1#10 portal: handle spec_review_reply in WS handler
P1#11 chat: persist spec_review_request/reply/timeout to conversation
      store so reload can reconstruct gate state

Tests: 116 related tests pass; 26 pre-existing failures unchanged
(stash-verified). ruff lint clean.
2026-07-04 01:10:01 +08:00
Fischer 454a50b5a8 feat: Bitable P0 UX Polish + Agent Parity (#23)
Deploy to Production / deploy (push) Failing after 7s Details
Test / backend-test (push) Has been cancelled Details
Test / frontend-unit (push) Has been cancelled Details
Test / api-e2e (push) Has been cancelled Details
Test / frontend-e2e (push) Has been cancelled Details
Merged via LFG pipeline after final ce-code-review (Ready to merge) + ce-compound documentation.
2026-07-04 01:05:04 +08:00
chiguyong 826b766af0 docs(solutions): record bitable agent tool parity patterns + final review findings
Add docs/solutions/architecture-patterns/bitable-agent-tool-parity-patterns.md
capturing three architecture patterns from U6 (R15a):
- Dual-sync action registration (KTD10): handlers dict + input_schema.enum
- 404-before-403 ownership check (KTD9): prevent existence leak via DELETE
- 409 last-view protection: prevent invalid zero-view table state

Update residual findings with DR-4 (TOCTOU race in delete_view) and DR-5
(_update_field silent type drop) surfaced in final pre-merge ce-code-review
pass. Both P2, neither blocks merge. Documented in the solutions doc under
Known Limitations with concrete fix paths.
2026-07-04 01:04:46 +08:00
chiguyong 3fdd29d152 build(bitable): rebuild frontend index.html for JS hash alignment
Test / backend-test (pull_request) Has been cancelled Details
Test / frontend-unit (pull_request) Has been cancelled Details
Test / api-e2e (pull_request) Has been cancelled Details
Test / frontend-e2e (pull_request) Has been cancelled Details
Rebuild index.html after U1-U6 frontend changes. JS bundle hash updated
(index-CHtvprqX.js -> index-agwA6wam.js) to match new build output.
CI runs unit/e2e only and does not rebuild static assets, so the committed
hash must match the bundled JS.
2026-07-04 00:39:24 +08:00
chiguyong 0f4a418408 docs(review): record residual review findings for feat/bitable-enhancement 2026-07-04 00:29:02 +08:00
chiguyong 137bda0361 refactor(bitable): simplify code after ce-simplify-code pass
Behavior-preserving simplifications (net -22 lines):
- useResponsiveBreakpoint: remove createHandler factory, share single sync fn
- RecordDetailDrawer: remove isEditable wrapper, call isFieldEditable directly
- ViewConfigPanel: merge duplicate saveGrouping/saveConditionalFormat into saveU5Config
- groupingRulesUtils: use Array.find instead of for-loop, simplify Number.isFinite check
- GroupingEditor: simplify filter callback to single-expression arrow

Verified: typecheck + build:frontend + ruff all pass.

Refs: ce-simplify-code (LFG Step 3)
2026-07-04 00:28:28 +08:00
chiguyong 229dc0b2f3 feat(bitable): U6 R15a BitableTool 4 new actions + DELETE /views endpoint
Extend BitableTool from 6 to 10 actions (create_view, update_view,
update_field, delete_view) and add the DELETE /views/{view_id} backend
endpoint with 404-before-403 ownership, 409 last-view protection, and
X-Internal-Token passthrough (KTD11).

Backend:
- repository.py: add delete_view() — DELETE row by view_id, returns rowcount > 0
- service.py: add LastViewDeletionError domain exception + delete_view()
  with last-view guard (siblings <= 1 → raise → route maps to 409)
- routes/bitable.py: add DELETE /views/{view_id} (204 No Content),
  404-before-403 ownership pattern, 409 on LastViewDeletionError,
  X-Internal-Token passthrough via require_bitable_auth
- tools/bitable_tool.py: add 4 new actions (_create_view, _update_view,
  _update_field, _delete_view), register in BOTH handlers dict AND
  input_schema.action.enum (KTD10 — 10 actions each)

Frontend:
- api/bitable.ts: add deleteView(viewId): Promise<void>
- stores/bitable.ts: add deleteView action — removes from local state,
  switches to first remaining view if active was deleted, 409 warning
- ViewSwitcher.vue: add delete button (a-popconfirm "确认删除此视图?"),
  hidden when views.length <= 1 (preempt last-view 409)
- BitableFileDetailView.vue: handle @delete event from ViewSwitcher

Tests:
- test_routes.py: 6 new DELETE /views tests (204, 404 missing, 404
  non-owner, 409 last-view, internal-token passthrough, internal-token 404)
- test_bitable_tool.py: 13 new tests (action count = 10, handlers = 10,
  4 action happy paths, missing-field errors, 409 last-view, R3/R4
  config parity, X-Internal-Token passthrough on all 4 new actions)
- e2e/bitable-agent-parity.spec.ts: 10 scenarios (P1-P10) covering
  delete button visibility, popconfirm, 204/409/404 flows, tab removal,
  view switch after delete, create view adds tab

Verification:
- ruff check: all files pass
- pytest: 62 passed, 12 pre-existing failures (unchanged from e931fbe baseline)
- typecheck: pass (EXIT_CODE=0)
- build:frontend: pass (BUILD_EXIT=0)
- action count: ENUM=10, HANDLERS=10, delete_view in both
- no blue hex colors in ViewSwitcher.vue

Pre-existing test failures (12, unchanged from e931fbe):
test_create_table_success, test_create_field_success, test_list_fields,
test_create_records_batch, test_upsert_inserts_then_updates,
test_upsert_preserves_user_columns, test_create_view_success,
test_batch_upsert_1200_records, test_resume_from_partial_failure,
test_query_records, test_query_records_with_limit, test_collect_api

Constraints honored:
- No emojis, no `any` type, no blue hex colors, no pyproject.toml changes
- 404-before-403 for non-owned resources (Pattern 4)
- X-Internal-Token transparent passthrough (KTD11)
- KTD10: actions registered in both handlers dict AND enum
2026-07-03 23:13:46 +08:00
chiguyong 7c900ce280 docs: add complex-task-quality-loop plan and requirements documents
Test / backend-test (pull_request) Has been cancelled Details
Test / frontend-unit (pull_request) Has been cancelled Details
Test / api-e2e (pull_request) Has been cancelled Details
Test / frontend-e2e (pull_request) Has been cancelled Details
Adds the brainstorm requirements and implementation plan that drove the
9-unit quality-loop feature (R1-R12). Also gitignores local worktree
directories.
2026-07-03 22:54:11 +08:00
chiguyong e931fbef2d feat(bitable): U5 R4 grouping (max 3 fields) + conditional formatting (7 operators)
- GroupingEditor: multi-select field picker (max 3), per-level direction
  toggle, reorder buttons, "已知限制:不支持跨分组多选" note, empty state
- ConditionalFormatEditor: per-rule enable/field/operator/value/color/bold,
  8 color keys, WCAG 1.4.1 bold default true, first-match-wins footer legend
- BitableGrid: unified section rendering (grouped/ungrouped via single
  vxe-grid declaration), group headers as separate divs (CF only on data
  cells), CF via row-config.className, multi-grid instance map for refresh
- groupingRulesUtils: pure functions for CF matching (7 operators), group
  tree builder, SUM/AVG aggregation, CSS var mappers, self-check on load
- view_config.py: Pydantic v2 validation (MAX_GROUP_BY_FIELDS=3, 7
  operators, 8 color keys, extra="forbid" on sub-models)
- routes/bitable.py: validate_view_config on PATCH (HTTP 422 on error)
- stores/bitable.ts: updateViewConfig action (merges U5 sub-keys, preserves
  filters/sort/hidden_fields)
- ViewConfigPanel: grouping + conditional-format tabs
- E2E: 8 scenarios (G1-G8: single/multi grouping, collapse/expand, CF
  equals/between, combined, aggregation)
- Tests: 54 unit tests (19 grouping + 35 CF), 2 PG-marked skipped
2026-07-03 22:33:18 +08:00
chiguyong ffb7a51d77 fix(review): wire pitfall_detector/spec_review to PlanExecEngine + fix restore_budget_state reset order 2026-07-03 22:05:51 +08:00
chiguyong f280627da1 feat(bitable): U4 view type switcher with 5 types (grid enabled, others disabled)
- Add viewSwitcherUtils.ts (5 view types metadata: label/icon/disabled/tooltip)
- Refactor ViewSwitcher: button -> dropdown with 5 types, disabled items show "规划中" tooltip
- Update BitableFileDetailView.handleCreateView to accept viewType parameter (no more hardcoded grid)
- Bind :creating=viewCreating to ViewSwitcher for loading/disabled state during POST
- Extend store createView + API createView to pass view_type field (already in prior commits)
- Add loading/disabled state on create button to prevent duplicate clicks
- Extend e2e/bitable-view.spec.ts with 5 view type scenarios (E1-E5)

Closes R3 (P0): view type selection in UI, backend already supports view_type.

Refs: docs/plans/2026-07-03-001-feat-bitable-p0-ux-and-agent-parity-plan.md U4
2026-07-03 21:43:51 +08:00
chiguyong f1f2e72cad fix(plan_exec): add pitfall_warnings param for ReActEngine interface compat 2026-07-03 21:39:27 +08:00
chiguyong 5baaeb489d feat(bitable): U3 record detail drawer with full field type rendering
- Add RecordDetailDrawer.vue (480px/640px drawer, sticky header, full field type render)
- Add recordDrawerUtils.ts (value formatter, attachment/image extractors, drawer width calc)
- Add currentRecord state + openRecordDetail/closeRecordDetail/fetchRecordDetail actions to store
- Wire BitableGrid row click to open drawer
- Add e2e/bitable-record-drawer.spec.ts with 7 scenarios
- Loading/Error/404/empty states use U1 LoadingState/ErrorState per Open Question
- useResponsiveBreakpoint consumed: isMobile -> 100vw full-screen overlay
- user-owned fields editable, agent-owned fields read-only, upsert preserves agent columns

Closes R2 (P0): grid row click -> detail drawer with all field types visualized.

Refs: docs/plans/2026-07-03-001-feat-bitable-p0-ux-and-agent-parity-plan.md U3
2026-07-03 15:57:33 +08:00
chiguyong 120892e305 feat(chat): TEAM_COLLAB surfaces failure instead of silent REACT fall-back (U9, R7)
- chat.py: TEAM_COLLAB execution_mode sends error + returns (no REACT fall-back)
- REWOO/REFLEXION-as-mode keep deferred fall-back (RV10)
- AGENTS.md: update stale "not yet supported" claim
- Known gap: portal.py REST path still falls back (out of U9 scope)
2026-07-03 15:47:45 +08:00
chiguyong 786f921c5e feat(core): spec review gate - pause PLAN_EXEC for user review (U8, R8)
Add a spec review gate to PlanExecEngine that pauses execution after the
first Spec is generated, awaiting the user's confirm/reject decision.
On approval execution continues; on rejection the engine replans (capped
at 2 replans); on 30-min timeout the Spec is parked (not failed) so the
user can resume later.

- spec_manager: add parked status + park()/resume() methods
- plan_exec_engine: add spec_review_handler param, wire gate into both
  execute_stream and _execute_loop with replan cap, emit
  spec_review_request/spec_review_reply events, handle timeout to park
- chat.py: whitelist new events, add spec_review_reply WS handler,
  wire _spec_review_handler closure (30-min timeout), cleanup on disconnect
- portal.py: persist spec_review_id/decision/feedback for page reload
- tests: 20 unit tests covering happy path, rejection/replan, timeout,
  cancellation, backward compat, handler errors, park/resume round-trips
2026-07-03 15:20:38 +08:00
chiguyong f0c993a0d9 feat(bitable): U2 inline field configuration in column header menu
- Add InlineFieldConfigurator.vue (inline panel reusing FieldConfigForm logic)
- Add fieldRenderUtils.ts (type conversion compatibility check)
- Refactor ColumnHeaderMenu: edit -> inline expand, batch -> open FieldManagePanel
- Integrate InlineFieldConfigurator in BitableGrid header slot
- Add batch-management banner to FieldManagePanel
- Add submitting loading state to prevent duplicate clicks
- Extend e2e/bitable-field-ops.spec.ts with inline edit scenarios

Closes R1 (P0): column header menu inline edit, no more drawer jump.

Refs: docs/plans/2026-07-03-001-feat-bitable-p0-ux-and-agent-parity-plan.md U2
2026-07-03 15:12:17 +08:00
chiguyong e1cf073693 feat(bitable): U1 add design token system + vxe-table dependency declaration
- Add bitable-tokens.css with 4 token categories (color/spacing/radius/font/drawer-width)
- Add FieldTypeIcon.vue mapping 9 field types to Ant Design Outlined icons
- Add useResponsiveBreakpoint composable (768/1024/1440 breakpoints)
- Add LoadingState (skeleton) and ErrorState (inline alert + retry) components
- Token化 9 bitable components/views (replace hardcoded hex with var())
- Declare vxe-table dependency explicitly (resolve ghost dependency)
- Upgrade SelectDisplay chip palette to 8-color token with WCAG AA contrast

Phase 1 foundation for Phase 2 UX work (U2-U5).

Refs: docs/plans/2026-07-03-001-feat-bitable-p0-ux-and-agent-parity-plan.md U1
2026-07-03 14:40:57 +08:00
chiguyong a763396011 feat(evolution): pitfall retrieval/injection at planning phase (U7, R12) 2026-07-03 14:27:48 +08:00
chiguyong 91a61f9b49 feat(evolution): auto-trigger + quality gate + actor marking (U6, R5/R6)
U6 of the complex task quality loop plan.

R5 (auto evolution trigger + quality gate):
- EvolutionConfig (Pydantic v2): success_sample_rate=0.1, min_confidence=0.5,
  min_examples=3, observe_only=True, cross_workspace_sharing=False
- Success path gated by success_sample_rate; failure path always runs (100%)
- Observe-only mode records reflections without feeding optimizer (RV14:
  avoids noise-driven prompt degradation during initial rollout)
- PromptOptimizer.can_optimize() consumption gate: sample count >= min_examples
  AND mean quality >= min_confidence
- PitfallDetector confidence threshold: low-confidence warnings marked
  observe-only; confidence = failure_rate * min(1.0, total/3) linear ramp
  (ponytail: upgrade to Wilson interval)

R6 (actor marking + cross-workspace sharing):
- All evolution artifacts (EvolutionLogEntry, Module, PitfallWarning) carry
  actor field; defaults to result.agent_name
- can_share_artifact(): same-workspace always allowed; cross-workspace requires
  explicit opt-in via EvolutionConfig.cross_workspace_sharing=True

KTD-8: gave_up_after_reflections treated as failure path (triggers 100%
evolution) even when stream wrapper marks status as COMPLETED. Detection via
output_data.trace_outcome or error_message substring (ponytail: heuristic;
upgrade path is a dedicated TaskResult.trace_outcome field).

Backward compat: all gates conditional on auto_evolution_config is not None;
existing EvolutionMixin usage without config preserves prior behavior.

Tests: tests/unit/test_evolution_auto_trigger.py (37 tests) covers R5/R6
scenarios - sample rate gate, observe-only, consumption gate, pitfall
confidence, actor marking, cross-workspace sharing, gave_up_after_reflections,
error handling, fire-and-forget, backpressure cap, AE3 happy path.
2026-07-03 13:54:37 +08:00
chiguyong 96ccca3d87 docs(bitable-p0): add implementation plan for P0 UX polish + agent parity
ce-plan Deep plan (6 Implementation Units, 3 delivery phases):
- Phase 1: U1 R5 design token system + vxe-table dependency declaration
- Phase 2: U2-U5 R1-R4 frontend UX (inline field config, record drawer,
  view type switcher, grouping + conditional formatting)
- Phase 3: U6 R15a BitableTool 4 new actions + DELETE /views endpoint

11 KTDs covering: CSS token layer, vxe-table ghost dependency fix,
inline field configurator (hybrid vxe-table slot + custom component),
record detail drawer (single column 480/640px), view type dropdown
with disabled states, grouping + conditional format in View.config
with backend Pydantic validation, BitableTool action registration
(handlers dict + input_schema enum), X-Internal-Token ownership
semantics, 3-phase delivery with config schema freeze for parallel U6.

Phase 5.3 headless ce-doc-review (5 reviewers, 14 findings):
- Applied 2 safe_auto (U6 verification method, U5→U6 dependency)
- Applied 2 gated_auto (input_schema enum step, color_token→color_key)
- Applied 5 P1 manual fixes (backend config validation, X-Internal-Token
  ownership, grouping+CF combo state, LoadingState/ErrorState justification,
  R3/R4 backend assumption verification)
- 8 P2/P3 manual findings appended to Open Questions

Origin: docs/brainstorms/2026-07-03-bitable-comparative-evaluation-requirements.md
2026-07-03 13:49:57 +08:00
chiguyong f8927d1749 docs(bitable-eval): apply ce-doc-review best-judgment fixes (20 gated_auto + 12 manual)
ce-doc-review(7 reviewers, 39 raw findings → 32 actionable + 3 FYI 经合成管道),
用户选择"自动用最佳判断处理"路径。本提交应用全部 20 个 gated_auto 修复,并把
12 个 manual findings 追加到 Outstanding Questions 的 From 2026-07-03 review 子节。

主要修复:
- 修正 BitableTool 动作清单:实际为 create_table/import_excel/import_database/
  collect_api/upsert_records/query_records(原文 4/6 错),消除 R15a 范围误判
- R15a 从 B 线提升至 P0(4 reviewers 独立标记的优先级矛盾——B 线"non-blocking"
  与"agent 对等最高优先级子项"自相矛盾)
- G23 闭合路径标注(R15c 路径 (a)/(b))
- 默认字段类型未来 user/datetime 标注(Inventory + G6)
- R3 后端依赖标注(POST /views schema 扩展)
- 视图删除端点补 P0 验收标准(R15a 验收 + 前端 deleteView 方法)
- vxe-table 幽灵依赖标注(package.json 未声明,靠主仓 hoisting)
- create_field 动作标注为必需(R8 17 新类型需 agent 能批量建字段)
- R15 测试映射拆分为 R15a/R15b/R15c 三行
- R8 验收矩阵补 PII/XSS/auto-number 写保护列 + schema V3 迁移成本估算
- R15c 安全要求补 SSRF/认证/凭据加密 + 端点访问控制
- 横切验收标准补 WCAG AA 可访问性 + 空状态要求
- R8 矩阵范围标注(覆盖 P1,非 P0)

Open Questions 新增 12 个 manual findings(ce-plan 阶段决策):
- user 字段用户模型
- C 先行优先级策略的实证依据
- 并发编辑 UX 策略
- 加载/错误状态统一模式
- 条件格式规则构建器 UX 形态
- 分组交互细节
- 响应式断点定义
- R2 记录详情抽屉宽度
- vxe-table 容量上限评估
- R13 仪表盘图表库 buy-vs-build
- 禁用态视图类型路线图
- schema V3 双向关联回滚策略

文件:docs/brainstorms/2026-07-03-bitable-comparative-evaluation-requirements.md
(107 insertions, 31 deletions)
2026-07-03 13:32:07 +08:00
chiguyong 1d09fafec9 feat(core): reflexion in main flow - verify fail → reflect → retry (U5, R4) 2026-07-03 13:29:54 +08:00
chiguyong 4255cb33ba feat(core): step budget phases + keep working bias (U4, R11/R10) 2026-07-03 13:10:28 +08:00
chiguyong e9821a3b7f docs(bitable): add comparative evaluation requirements with ce-code-review P1 fixes
新增三向对比评估需求文档(agentkit bitable vs Twenty vs 飞书),并应用 ce-code-review
产出的全部 P1 缺口修复(共 9 项):

- P1-1: R8 字段类型计数对齐 16+1=17(KD6 与 R8 同步)
- P1-2: 新增 R8 字段类型验收矩阵(17 行表,含 V2->V3 迁移列)
- P1-3: KTD7 引用具体文件 formula/parser.py 替代裸引用
- P1-4: R-ID 命名空间冲突,加日期前缀 2026-06-29-R1..R5
- P1-5: created-time 统一为 datetime(通用类型 + 默认字段使用 datetime)
- P1-6: 新增 P0 验收标准段落(R1-R5 Given/When/Then)
- P1-7: 新增测试策略段落 + 测试文件映射表(R1-R5、R8、R15)
- P1-8: R15 拆解为 R15a/R15b/R15c + 新增 Agent 对等评估方法段落
- P1-9: R4 补充后端扩展(group_by/conditional_formatting schema)+ agent 对等说明

同时包含 2 项 gated_auto 修复:
- 组件计数 14 -> 15
- 移除文档中的全部 emoji,替换为 [OK]

ce-code-review run-id: 20260703-123134-c7c2b2ea
2026-07-03 12:59:41 +08:00
chiguyong b8418968c2 feat(core): verification defaults for PLAN_EXEC/TEAM_COLLAB + minimum sandbox (U3, R2/R3/RV3) 2026-07-03 12:32:22 +08:00
chiguyong dd259153fa feat(core): wire evolution hooks into execute_stream path (U2, OQ6 fix)
ConfigDrivenAgent.execute_stream() now fires on_task_complete/on_task_failed
evolution hooks in its finally block, achieving lifecycle parity with the
sync execute() path. This fixes the OQ6 gap where WebSocket-routed streaming
tasks bypassed evolution entirely.

Implementation:
- Module-level backpressure manager (_schedule_evolution / drain_pending_evolution_tasks)
  with cap = max(2, max_concurrency * 2), drop + log + counter on exceed, and
  shutdown drain via asyncio.gather(return_exceptions=True).
- _trigger_evolution_hooks / _evolve_safe methods on ConfigDrivenAgent: fire-and-forget
  via asyncio.create_task, evolution errors swallowed (never fail the stream).
- execute_stream finally block distinguishes cancelled (CancelledError /
  TaskCancelledError -> CANCELLED), failed (Exception -> FAILED), completed
  (final_answer received -> COMPLETED), and early-close (no completion, no
  error -> CANCELLED "stream closed before completion").
- app.py shutdown drains pending evolution tasks.
- plan_exec_engine.py / reflexion.py: doc comments noting hooks fire at the
  ConfigDrivenAgent layer (single chokepoint, no double-fire).
- portal.py: verification comments at 3 execute_stream call sites (these call
  react_engine.execute_stream directly, bypassing ConfigDrivenAgent - known gap
  tracked separately).

Tests (8 new in test_execute_stream_hooks.py):
- Happy path: success fires COMPLETED, failure fires FAILED.
- Edge cases: cancellation fires CANCELLED, early aclose fires CANCELLED,
  evolution error suppressed, backpressure cap drops + counts.
- Parity: REST on_task_complete vs execute_stream both fire COMPLETED.
- Disabled: _evolution_enabled=False fires no hooks.
2026-07-03 12:16:02 +08:00
chiguyong 2932ee51ed feat(tools): add str_replace_editor tool with workspace-root security (U1, R1)
Replaces the broken write_file placeholder (no real implementation, only
_FakeTool stubs in cli/benchmark.py) with a structured editor offering four
commands: create, str_replace, insert_at_line, view.

Security model (file-system analog of the 6-layer terminal security paradigm,
reject-by-default + prefix match):
  1. Reject absolute paths (force relative interpretation vs workspace root).
  2. Reject any .. path component (path traversal).
  3. Path.resolve() follows symlinks, then relative_to(workspace_root)
     rejects symlink escape and residual traversal.

Data-loss guard: create refuses to overwrite existing files. str_replace
requires a unique anchor (0 or >1 matches error). insert_at_line is 1-based
(0 = prepend, > EOF = append). All FS I/O wrapped in asyncio.to_thread.

Registers str_replace_editor in _DEFAULT_CORE_TOOLS (replacing write_file)
so its full description is always injected into the LLM prompt. Updates
test_tool_search.py which used write_file as a sample core tool.

Tests: 34 cases in test_str_replace_editor.py cover happy path, edge cases
(empty file, multi-match, insert at 0/beyond EOF, view range), error paths
(overwrite refusal, anchor not found, path traversal, absolute path, symlink
escape, unknown command, missing args), and integration contract (in
_DEFAULT_CORE_TOOLS, exported from agentkit.tools, schema enum, prompt
injection via _build_tool_use_prompt).

Verification: ruff check clean; targeted regression suite 412 passed
(the single failure in test_calendar_tool.py is a pre-existing date-sensitive
bug in an untouched file, today 2026-07-03 Friday makes the next-Wednesday
assertion fail).
2026-07-03 11:42:59 +08:00
Fischer 00b2dad36e feat(compressor): CJK-aware token estimation + linear compress flow (#21)
Deploy to Production / deploy (push) Waiting to run Details
Test / backend-test (push) Waiting to run Details
Test / frontend-unit (push) Waiting to run Details
Test / api-e2e (push) Waiting to run Details
Test / frontend-e2e (push) Waiting to run Details
Squash merge PR #21: CJK-aware token estimation + linear compress flow + solution doc
2026-07-03 09:40:28 +08:00
Fischer 2296d0b209 refactor: remove all emoji from source code (#20)
Deploy to Production / deploy (push) Waiting to run Details
Test / backend-test (push) Waiting to run Details
Test / frontend-unit (push) Waiting to run Details
Test / api-e2e (push) Waiting to run Details
Test / frontend-e2e (push) Waiting to run Details
Replace emoji/glyph characters with Ant Design Vue Outlined icons (frontend), text labels with ANSI colors (CLI/shell), and ASCII art (docstrings). Add pre-commit guard (scripts/check-no-emoji.sh) and style guide to prevent regression.

Closes: docs/plans/2026-07-02-001-refactor-remove-all-emoji-plan.md
2026-07-03 02:46:40 +08:00
Fischer 76c9c08756 feat(ui): private board restrictions + scheme B assistant/user bubbles (#19)
Deploy to Production / deploy (push) Waiting to run Details
Test / backend-test (push) Waiting to run Details
Test / frontend-unit (push) Waiting to run Details
Test / api-e2e (push) Waiting to run Details
Test / frontend-e2e (push) Waiting to run Details
Implements U1-U4 from plan docs/plans/2026-07-02-001-feat-private-board-restrictions-and-scheme-b-bubbles-plan.md

U1: ChatInput @board button blocks existing-conversation board creation with modal
U2: BoardBannerCard simplified to plain title + round meta
U3: MessageShell assistant bubble (scheme B neutral grayscale) with F4-A card exclusion + G1 empty-bubble hide
U4: UserBubble dark text bubble for plain text

Code review fixes: P1 color token, P2 CARD_BEARING_TYPES error type, P2 expertColor dead code, P0/P1 bubbleUtils.ts + 42 tests

Tests: 180/181 pass (1 pre-existing tauri-auth failure). Typecheck clean.
2026-07-03 01:58:19 +08:00
chiguyong e04e2868c3 docs(compound): message bubble empty-content and card-type exclusion pattern
Test / backend-test (pull_request) Has been cancelled Details
Test / frontend-unit (pull_request) Has been cancelled Details
Test / api-e2e (pull_request) Has been cancelled Details
Test / frontend-e2e (pull_request) Has been cancelled Details
Documents the G1 (:empty never matches Vue root), F4-A (card-bearing type
exclusion via messageType prop + Set), and pure-function extraction pattern
for testability without @vue/test-utils.
2026-07-03 01:58:00 +08:00
chiguyong cc6634b2ab feat(ui): private board restrictions + scheme B assistant/user bubbles
Test / backend-test (pull_request) Has been cancelled Details
Test / frontend-unit (pull_request) Has been cancelled Details
Test / api-e2e (pull_request) Has been cancelled Details
Test / frontend-e2e (pull_request) Has been cancelled Details
U1: ChatInput @board button blocks existing-conversation board creation
    with modal — enforces "one board per conversation" constraint.
U2: BoardBannerCard simplified to plain title + round meta
    (no icons/bars/progress/expert chips).
U3: MessageShell assistant bubble (方案B neutral grayscale) with
    F4-A card-type exclusion + G1 empty-bubble hide.
U4: UserBubble dark text bubble for plain text
    (command card/file keep light bg).

Code review fixes (ce-code-review step 5):
- P1: UserBubble focus-visible --accent-primary → --color-primary
  (dark mode visibility fix).
- P2: CARD_BEARING_TYPES adds 'error' (ErrorCard double-bubble regression).
- P2: Remove dead expertColor prop (scheme B leftover).
- P0/P1: Extract bubbleUtils.ts pure functions + add 42 tests
  covering G1/F4-A/U4/U2 key decisions.

Tests: 180/181 pass (1 pre-existing tauri-auth failure unrelated).
Typecheck: clean.
2026-07-03 01:47:37 +08:00