Chiguyong
|
3cf29f4633
|
fix(enterprise): ce-code-review P1 fixes — SSO is_active + span leak + Helm chart integration
Stage 5c applied safe P1/P2/P3 fixes from multi-agent code review:
- SEC-1 (P1, security): SSO 登录绕过 is_active 检查 — _sso_issue_token_pair
入口加显式校验,与本地 login(auth.py:377)一致。已停用用户无法再通过
IDP 回调拿 JWT,封堵 R1b deprovisioning 绕过。
- PERF-2/3 (P2, reliability): gateway chat() span 泄漏 + 异常未记录 — try 块
扩展到覆盖整个 span 生命周期(含 cache 设置),新增 except 分支调用
record_exception + set_status(ERROR),失败调用在 trace 中不再显示为成功。
- API-3 (P1, test isolation): SCIM router 使用 import-time 捕获的
DEFAULT_AUTH_DB_PATH — 改为 resolve_auth_db_path() 在调用时读取 env var,
让测试 monkeypatch.setenv 可见。
- MAINT-1 (P3, dead code): 删除 BitableRepository.delete_view(被
delete_view_if_not_last 取代,无生产调用方,仅 docs 残留引用)。
- PERF-4/5 (P3, performance): pii_filter._record_pii_metrics 的 from import
提升至模块顶部 + except: pass 改为 logger.debug 记录失败原因。
- DEPLOY-3 (P1, chart integration): ConfigMap 不可达 — deployment.yaml
args 增加 --config /etc/agentkit/agentkit.yaml,让应用能加载 chart 渲染
的非密配置。
- DEPLOY-6/7 (P3, doc/chart consistency): values.yaml 注释残留旧 slot 名
redisPgPasswords → redisPassword;slot 计数 10 → 11(5 处 chart + 3 处
deployment docs 同步修正)。
Verification:
- ruff check + format clean (7 modified .py files)
- pytest tests/unit/{auth,bitable} + test_{pii_filter,oidc_provider,
saml_provider,scim_router,auth_audit,telemetry,prompt_cache_layers}.py
→ 336 passed, 145 skipped
- helm lint + helm template 验证 secret key 一致性
Residual findings (deferred to follow-up):
- PERF-1: PII filter 未接入 gateway 生产路径(manual, 需配置接入决策)
- API-1/2/4/5: SCIM RFC 7644 合规性(totalResults/error format/Location
header/SSO 预配联动)— manual, 需设计决策
- DEPLOY-1/2/4: Helm chart ↔ app 集成断裂(部署名引用/Redis 鉴权/PG 密码双源)
— manual, 需 app+chart 联动修改
|
2026-07-06 08:36:59 +08:00 |
chiguyong
|
229dc0b2f3
|
feat(bitable): U6 R15a BitableTool 4 new actions + DELETE /views endpoint
Extend BitableTool from 6 to 10 actions (create_view, update_view,
update_field, delete_view) and add the DELETE /views/{view_id} backend
endpoint with 404-before-403 ownership, 409 last-view protection, and
X-Internal-Token passthrough (KTD11).
Backend:
- repository.py: add delete_view() — DELETE row by view_id, returns rowcount > 0
- service.py: add LastViewDeletionError domain exception + delete_view()
with last-view guard (siblings <= 1 → raise → route maps to 409)
- routes/bitable.py: add DELETE /views/{view_id} (204 No Content),
404-before-403 ownership pattern, 409 on LastViewDeletionError,
X-Internal-Token passthrough via require_bitable_auth
- tools/bitable_tool.py: add 4 new actions (_create_view, _update_view,
_update_field, _delete_view), register in BOTH handlers dict AND
input_schema.action.enum (KTD10 — 10 actions each)
Frontend:
- api/bitable.ts: add deleteView(viewId): Promise<void>
- stores/bitable.ts: add deleteView action — removes from local state,
switches to first remaining view if active was deleted, 409 warning
- ViewSwitcher.vue: add delete button (a-popconfirm "确认删除此视图?"),
hidden when views.length <= 1 (preempt last-view 409)
- BitableFileDetailView.vue: handle @delete event from ViewSwitcher
Tests:
- test_routes.py: 6 new DELETE /views tests (204, 404 missing, 404
non-owner, 409 last-view, internal-token passthrough, internal-token 404)
- test_bitable_tool.py: 13 new tests (action count = 10, handlers = 10,
4 action happy paths, missing-field errors, 409 last-view, R3/R4
config parity, X-Internal-Token passthrough on all 4 new actions)
- e2e/bitable-agent-parity.spec.ts: 10 scenarios (P1-P10) covering
delete button visibility, popconfirm, 204/409/404 flows, tab removal,
view switch after delete, create view adds tab
Verification:
- ruff check: all files pass
- pytest: 62 passed, 12 pre-existing failures (unchanged from e931fbe baseline)
- typecheck: pass (EXIT_CODE=0)
- build:frontend: pass (BUILD_EXIT=0)
- action count: ENUM=10, HANDLERS=10, delete_view in both
- no blue hex colors in ViewSwitcher.vue
Pre-existing test failures (12, unchanged from e931fbe):
test_create_table_success, test_create_field_success, test_list_fields,
test_create_records_batch, test_upsert_inserts_then_updates,
test_upsert_preserves_user_columns, test_create_view_success,
test_batch_upsert_1200_records, test_resume_from_partial_failure,
test_query_records, test_query_records_with_limit, test_collect_api
Constraints honored:
- No emojis, no `any` type, no blue hex colors, no pyproject.toml changes
- 404-before-403 for non-owned resources (Pattern 4)
- X-Internal-Token transparent passthrough (KTD11)
- KTD10: actions registered in both handlers dict AND enum
|
2026-07-03 23:13:46 +08:00 |
chiguyong
|
bbbf9cd40a
|
feat(bitable): add bitable companion service with full P0-P2 fixes
Bitable is a multi-dimensional table companion service that runs alongside
the main AgentKit server. It provides structured data storage with formula
fields, views, and ingestion pipelines.
Major components:
- Domain models (Pydantic v2): Table, Field, Record, View, RecalcTask
- SQLAlchemy 2 async ORM with independent bitable PostgreSQL schema
- Formula engine: AST parser, DAG, Kahn topological sort, safe eval
- RecalcWorker: atomic task claiming (FOR UPDATE SKIP LOCKED), topo-order
processing, stale-threshold reaper for crash recovery
- REST API (/api/v1/bitable): tables, fields, records, views, files
- BitableTool: agent-facing tool with batch chunking (500/batch)
- CLI: agentkit bitable subcommands (create, list, import-excel, etc.)
- Frontend: Vue 3 + vxe-table grid with field management, views, filters
- Ingestion: Excel (openpyxl), database reflection, API collector
Security fixes (ce-code-review P0 + ce-debug P1):
- SQL injection prevention (field_id validation, parameterized queries)
- IDOR protection (_check_table_ownership on all table-level endpoints)
- SSRF prevention (URL scheme + private IP validation in parse_excel_url)
- OOM prevention (streaming file upload, batch delete, batch insert)
- Atomic recalc task claiming (FOR UPDATE SKIP LOCKED)
- Formula engine cache invalidation on field changes
- Composite cursor pagination for non-id sort orders
- Batch upsert (eliminates N+1 queries)
- Sync I/O offloaded to thread pool in async contexts
- Internal token auth (X-Internal-Token, hmac.compare_digest)
- PK unique index enforcement
Test coverage: 88 unit tests (95 skipped without Docker)
|
2026-06-25 01:09:59 +08:00 |