Wmc/dev 0518#3294
Open
WMC001 wants to merge 172 commits into
Open
Conversation
Develop
Enhance A2A protocol support and fix various bugs
…nd improve agent execution flow (#2839) * 修复调用多模态工具导致502Bad Gateway问题 * Bugfix: Add tooltip to tab labels in ToolManagement and SkillManagement Made-with: Cursor * Feat: Add presigned URL support for external MCP tool file access and improve agent execution flow * 使用已有的types,而非重复定义 * 针对用户上传的文件进行去重处理,限制文件最大个数 * Update frontend/types/chat.ts Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update frontend/types/chat.ts Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * 新增测试用例 * 修复单元测试 --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* openspec初始化 * oauth spec开发结果 * oauth 单元测试 * oauth 重定向修复 * oauth 重定向修复 * oauth 重定向修复 * oauth 抽象实现 * gde provider * gde provider * enhance unlink_account logic to check for password authentication before unlinking * refactor OAuthAccountsSection to load enabled providers and improve account unlinking logic * add OAuth linking functionality with state management and error handling * refactor OAuth account deletion logic to use direct deletion and update related tests * update GDE OAuth configuration to use environment variables for URLs and client IDs * add SSL verification configuration for OAuth requests and update context handling * remove hardcoded OAuth credentials from const.py and update .env.example * remove avatar_url references from user info handling and update email fallback logic * refactor user identity handling in OAuth account unlinking logic * update OAuthAccountsSection to simplify display logic for linked accounts * refactor OAuth user binding logic to check for existing accounts before creating new users * 删除冗余文件 * 删除冗余文件 * add user OAuth account table and update trigger for third-party logins * 修复单元测试 * 删除冗余代码 * k8s同步oauth配置 * 软删除时需添加delete_flag="Y"的筛选条件 * 用户删除的时候将oauth表中delete_flag设置为Y * 优化import * 移除无用的rebind_oauth_account函数调用,并在用户已绑定其他账户时抛出OAuthLinkError * clean code * 补充ut * 补充单元测试
…w of unsuploaded files (#2840) * Implementing virtual scrolling with react-virtuoso and support automatic line wrapping * merge unuploaded file preview logic * bug fix
* 修复调用多模态工具导致502Bad Gateway问题 * Bugfix: Add tooltip to tab labels in ToolManagement and SkillManagement Made-with: Cursor * Bugfix: fix excessive execution time of test_a2a_client_servic
…aming handler (#2842) - Introduced a local variable to manage title generation state, preventing duplicate calls during new conversations. - Updated the title generation process to use a captured user message directly, enhancing reliability and performance.
…rchTool (#2781) * ✨ Add display name to index name mapping for KnowledgeBaseSearchTool - Introduced `get_knowledge_name_map_by_index_names` function to retrieve a mapping of index names to their corresponding display names. - Updated `create_agent_config` and `create_tool_config_list` to utilize the new mapping for generating user-friendly summaries. - Enhanced `KnowledgeBaseSearchTool` to support conversion from display names to index names during queries. - Added tests to verify the functionality of the new mapping and its integration within the tool configuration process. * ✨ Add display name to index name mapping for KnowledgeBaseSearchTool
* ✨ Feat: Implement max steps reached handling in chat system - Added support for processing and displaying max steps reached events in the chat stream. - Introduced new message type `MAX_STEPS_REACHED` in chatConfig. - Enhanced chatStreamHandler and taskWindow to manage max steps notifications and content. - Updated localization files for English and Chinese to include relevant messages. - Modified chat message extraction logic to handle historical max steps data. * ✨ Feat: Implement max steps reached handling in chat system - Added support for processing and displaying max steps reached events in the chat stream. - Introduced new message type `MAX_STEPS_REACHED` in chatConfig. - Enhanced chatStreamHandler and taskWindow to manage max steps notifications and content. - Updated localization files for English and Chinese to include relevant messages. - Modified chat message extraction logic to handle historical max steps data. * 🐛 Bugfix: Implement max steps reached handling in chat system * 🐛 Bugfix: Implement max steps reached handling in chat system * 🐛 Bugfix: Implement max steps reached handling in chat system
* feat:add model-monitoring * fix: mask base_url in connectivity logs to resolve CodeQL clear-text secret alert * fix: resolve CI test failures, remove dead code, and fix permission case mismatch - Remove _filter_by_rbac function and unused imports from monitoring_app - Fix OpenAIModel.__call__ to accept injected _token_tracker - Fix LLMTokenTracker to no-op when monitoring is disabled - Fix OpenAIModel.__init__ to handle missing model_id attribute - Fix monitor_llm_call decorator IndexError on bare functions - Fix permission case mismatch (MODEL:CREATE -> model:create) - Mask base_url in model health connectivity logs (CodeQL) - Update test assertions for display_name parameter - Merge SQL migrations into single file - Add time range selector (24h/7d/30d) to monitoring UI Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> * fix: resolve SonarCloud quality gate failures and CI test errors - Add missing record_model_call import in embedding_model.py (NameError fix) - Update test assertions to include display_name parameter - Use Annotated type hints for FastAPI DI, replace unused variables - Remove unused error variable in _MonitoredClient.create - Extract renderTextModelMetric helper in ModelList.tsx to eliminate negated conditions and nested ternaries - Replace unused loop index and empty pass blocks in tests * fix: remove explicit return False in __exit__ to resolve SonarCloud R635 * fix: use relative import for record_model_call to fix CI ModuleNotFoundError * fix: use absolute import in embedding_model and fix test import method - Revert embedding_model.py to absolute import (compatible with installed package) - Replace importlib.util direct file loading in test with normal package import * fix: use absolute import for record_model_call in embedding_model.py * fix: update test patch targets from embedding_model_under_test to nexent.core.models.embedding_model * fix: use relative import for record_model_call (consistent with openai_llm.py) * test: add monitoring integration tests to improve Codecov diff coverage Covers _MonitoredClient wrapping, display_name context var, token tracker, set_monitoring_context/operation calls, copy_context propagation, and monitoring_app error handling paths. Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> * test: add monitoring integration tests for embedding, agent, conversation and tool services Add 8 tests covering record_model_call and set_monitoring_context/operation instrumentation in 4 production files to meet Codecov diff coverage target. Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> * fix: replace deprecated codecov Python uploader with official GitHub Action The old pip install codecov CLI is deprecated and silently fails on ARM runners. Replace the architecture-conditional dual-uploader approach with a single codecov/codecov-action@v4 step that works on all platforms. Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> --------- Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
… part2 (#2813) * ✨ Add display name to index name mapping for KnowledgeBaseSearchTool - Introduced `get_knowledge_name_map_by_index_names` function to retrieve a mapping of index names to their corresponding display names. - Updated `create_agent_config` and `create_tool_config_list` to utilize the new mapping for generating user-friendly summaries. - Enhanced `KnowledgeBaseSearchTool` to support conversion from display names to index names during queries. - Added tests to verify the functionality of the new mapping and its integration within the tool configuration process. * ✨ Enhance prompt generation with knowledge base display names - Added `knowledge_base_display_names` to the `GeneratePromptRequest` model to allow frontend-configured names for knowledge bases. - Updated backend functions to utilize these display names, improving few-shot example generation without requiring database lookups. - Modified frontend components to capture and pass knowledge base display names during prompt generation. - Enhanced tests to cover the new functionality and ensure proper integration of knowledge base display names in the prompt generation process. * ✨ Enhance prompt generation with knowledge base display names part2 * ✨ Add display name to index name mapping for KnowledgeBaseSearchTool * 🐛 Bugfix: Enhance prompt generation with knowledge base display names part2
…ype (#2868) * Introduced kbSelectionConfig to manage knowledge base selection parameters. * Updated logic to determine parameter names for different tool types. * Merged KB selection configuration into final tool parameters to streamline processing.
* 🐛 Bugfix: skill deletion failed occasionally * ♻️ Simplify how run_skill_script() receives additional parameters * 🧪 Add test files * 🧪 Fix test files * ♻️ Update system prompt to better support models with lower parameters * ♻️ Update system prompt to better support models with lower parameters * ♻️ Remove unnecessary rely on re to reduce the risk of DoS * ♻️ Remove unnecessary rely on re to reduce the risk of DoS * ✨ Support multi-turn NL2Skill * ✨ Support complicated skill generation * ✨ Support complicated skill generation * ✨ Support official skills pre-installation * ✨ Support official skills pre-installation * 🧪 Add test files * 🧪 Add test files * ♻️ Refactor skill_app, skillService and content_classifier_utils according to sonar
…s logging (#2875) * docs: Add design spec for doc-qa-agent MVP Defines architecture, data flow, file layout, and acceptance criteria for a standalone document Q&A agent built on the Nexent SDK. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * agent context * context management for agent * agent context * Added get_or_create_context_manager, clear_conversation_context_manager, reference counting in register_agent_run/unregister_agent_run * Modified prepare_agent_run to mount CM, and stop_agent_tasks analysis (though we didn't modify it, we analyzed it) * Added cleanup in delete_conversation_service * Added context_manager field to AgentRunInfo * Modified agent_run_thread to reuse CM * add compress_if_needed and quantitative collection * reuse context_manager; extract and log token usage per step * add TokenUsage for message to facilitate displaying token usage * main code for context compression * add test multi run to understand previous run and current run * token usage metrics log * using sdk to conduct end-to-end test for anget_context.py * reusable functions for testing agent_context * fix bug: reuse cache and calc effective tokens * from utils.token_estimation import msg_token_count * estimate token * Add test_agent_context unit tests * update agent_context * ♻️ Refactor agent_context module for code quality compliance - Split agent_context.py into smaller modules: summary_cache.py, summary_config.py - Convert all Chinese comments/docstrings to English (per .cursor/rules/english_comments.mdc) - Add module-level docstrings for public API documentation - Update __init__.py exports to include new module classes - Convert test files' Chinese comments to English for compliance - Default summary prompts to English with proper documentation * 🔄 Merge feature/agent_context improvements into refactored codebase - Add context_manager_config field to AgentConfig - Create ContextManagerConfig in create_agent_info - Enhanced step metrics with compression ratio and cache hit tracking - Add _render_steps_with_truncation for fallback truncation - Add cache hit logging (previous_cache_hit, current_cache_hit, stable_bypass) - Add cache_types to compression stats output - Simplify estimate_tokens to flat message list approach - Remove auto-clear ContextManager logic (keeps cache valid) - Stop tracking test scripts (keep locally) * 🧪 Fix test assertions to align with feature branch standards - Fix TestM13StepLocalLogCleared: cache hit is recorded in _step_local_log (count_after_second should be 1, not 0) - Update summary_json_schema: chars -> words for clearer units * 🔄 Merge feature/token_indicator: Add token usage indicator with real-time context metrics - Add TokenUsageIndicator component with circular progress visualization - Emit TOKEN_COUNT messages via observer for real-time frontend updates - Include step_number, input/output tokens, estimated context, and threshold - Preserve context manager and metrics logging from refactor/agent_context Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent) Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> * Enhance agent context management with token compression logging and dynamic token threshold * fix: improve token usage tracking with stream_options and fallback estimation - Add stream_options to request usage info from streaming API - Handle empty choices in streaming chunks (usage-only chunks) - Add fallback token estimation when API doesn't return usage - Add None handling in msg_token_count and _extract_text_from_chat_message * chore: add *.log to gitignore to exclude runtime log files * Apply suggestion from @Copilot Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Apply suggestion from @Copilot Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * feat: make ContextManagerConfig.enabled configurable per agent and refactor for cognitive complexity - Add enable_context_manager field to AgentInfo database model (default False) - Update create_agent_config to read setting from agent_info instead of hardcoded True - Add field to API request models (backend and frontend) - Add database migration for new column - Refactor _trim_actions_to_budget to reduce cognitive complexity (19 -> 15) - Refactor _render_steps_with_truncation to reduce cognitive complexity (23 -> 15) * fix: pin greenlet<3.5.0 for aarch64 Linux compatibility greenlet 3.5.0 lacks wheels for ARM64 Linux (aarch64), causing CI failures. Pin to <3.5.0 to ensure compatible version (3.4.0) is resolved. * fix: update test mocks to support agent_context refactor - Add enable_context_manager attribute to MockAgent in test_agent_db.py - Add AgentRunInfo, agent_context, and agent_run_manager stubs in test_conversation_management_service.py - Add nexent.core.agents.agent_context stub in test_create_agent_info.py - Add smolagents.memory stub with AgentMemory/MemoryStep in SDK model tests - Update TokenCountTransformer tests to match new passthrough behavior - Update test_create_agent_config assertions to include context_manager_config parameter - Fix TaskStep/ActionStep mocks to use real classes for dataclass inheritance - Add proper package stubs for sdk.nexent.core.agents and utils modules * fix: update test_nexent_agent mocks for agent_run_with_observer - Add timing.duration attribute to mock action steps (implementation expects step_log.timing.duration) - Add step_number attribute to mock action steps - Import ANY from unittest.mock for flexible assertions - Update TOKEN_COUNT assertions to use ANY (implementation now sends JSON token data) - Fix test_agent_run_with_observer_with_none_duration: implementation now handles None gracefully (0.0) * fix: add context_manager and step_metrics to CoreAgent test mocks Implementation now accesses context_manager and step_metrics in _collect_step_metrics method. Tests need these attributes initialized to avoid AttributeError. --------- Co-authored-by: liudongfei <744532452@qq.com> Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com> Co-authored-by: Jinglong Wang <wangjinglong8@huawei.com> Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai> Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* ✨ Feat: Enhance final answer generation with streaming support - Introduced a new method to build messages for final answer generation, incorporating task prompts and memory messages. - Updated the max steps handling to utilize streaming for real-time answer generation, improving user experience. - Enhanced error handling during final answer generation to provide fallback messages in case of failures. * 🔧 Update max steps warning logic in chat stream final message component - Modified the condition for displaying the max steps warning to trigger when the message is complete and contains maxStepsInfo. - Improved clarity in the code comments to better reflect the updated logic. * ✨ Add unit tests for _build_final_answer_messages function - Introduced a new test suite for the _build_final_answer_messages function, covering various scenarios including basic message structure, skipping the first memory message, handling empty memory, and template rendering with task variables. - Enhanced the test setup by mocking necessary modules to ensure isolated testing of the function's behavior.
…text (#2880) - Updated prompt generation logic to always include knowledge_base_names in the template context, defaulting to an empty string when not available. This change prevents errors related to undefined variables in Jinja2 templates. - Modified YAML files for English and Chinese prompts to reflect the updated syntax for knowledge_base_names, ensuring consistency in few-shot example generation.
- Add enable_context_manager BOOLEAN column to ag_tenant_agent_t table - Add column comment for enable_context_manager - Sync docker/init.sql and k8s init.sql with migration v2.0.4_0427 Co-authored-by: Jinglong Wang <wangjinglong8@huawei.com>
- Added validation for API response types to raise ValueError for unexpected string or dictionary responses. - Implemented safety checks to skip non-standard chunks that lack expected attributes, logging warnings for such cases. - Introduced unit tests to cover new error handling scenarios and ensure robust processing of API responses.
…tools to access MinIO files (#2885) * feat: Expose URL via the northbound api to allow third-party MCP tools to access MinIO files * Add relevant configuration instructions * Update backend/prompts/managed_system_prompt_template_zh.yaml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update backend/consts/const.py Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update backend/prompts/managed_system_prompt_template_en.yaml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * Update backend/database/attachment_db.py Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * 新增测试用例,修改测试用例 --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…MCP services under Kubernetes deployment. (#2890)
xuyaqist
reviewed
Jun 24, 2026
| return get_mcp_community_tag_stats() | ||
|
|
||
|
|
||
| async def publish_community_mcp_service( |
xuyaqist
reviewed
Jun 24, 2026
Comment on lines
+324
to
+325
| if response.status >= 400: | ||
| raise RuntimeError(f"Registry request failed with status {response.status}") |
Contributor
There was a problem hiding this comment.
错误处理不够具体,使用通用的RuntimeError,应该使用更具体的异常类型
xuyaqist
reviewed
Jun 24, 2026
Comment on lines
+260
to
+262
| items.append({ | ||
| "communityId": row.get("community_id"), | ||
| "name": row.get("mcp_name"), |
Contributor
There was a problem hiding this comment.
数据转换逻辑重复,在多个函数中重复相同的数据转换逻辑
xuyaqist
reviewed
Jun 24, 2026
|
|
||
| logger = logging.getLogger("mcp_management_service") | ||
|
|
||
| MCP_REGISTRY_BASE_URL = "https://registry.modelcontextprotocol.io/v0.1/servers" |
xuyaqist
reviewed
Jun 24, 2026
Comment on lines
+52
to
+56
| if not OAUTH_SSL_VERIFY: | ||
| ctx = ssl.create_default_context() | ||
| ctx.check_hostname = False | ||
| ctx.verify_mode = ssl.CERT_NONE | ||
| return ctx |
Contributor
There was a problem hiding this comment.
SSL证书验证可能被禁用,在生产环境中禁用SSL验证是危险的,可能导致MITM攻击
xuyaqist
reviewed
Jun 24, 2026
Comment on lines
+271
to
+272
| if not SUPABASE_JWT_SECRET: | ||
| raise OAuthProviderError("JWT verification is not configured") |
Contributor
There was a problem hiding this comment.
JWT Secret验证不完整,只是检查是否存在,没有验证长度和强度
xuyaqist
reviewed
Jun 24, 2026
| ) | ||
| random_token = secrets.token_urlsafe(32) | ||
| if link_user_id: | ||
| state = f"{provider}:{random_token}:{link_user_id}" |
Contributor
There was a problem hiding this comment.
State中包含了敏感信息(link_user_id),并且没有加密。
xuyaqist
reviewed
Jun 24, 2026
Comment on lines
+394
to
+395
| if len(password or "") < 6: | ||
| raise OAuthLinkError("Password must be at least 6 characters") |
xuyaqist
reviewed
Jun 24, 2026
Comment on lines
+141
to
+148
| def _http_post_json(url: str, data: dict, headers: Optional[dict] = None) -> dict: | ||
| req_data = json.dumps(data).encode("utf-8") | ||
| req_headers = {"Content-Type": "application/json", "Accept": "application/json"} | ||
| if headers: | ||
| req_headers.update(headers) | ||
| req = urllib.request.Request(url, data=req_data, headers=req_headers, method="POST") | ||
| with urllib.request.urlopen(req, timeout=15, context=_SSL_CTX) as resp: | ||
| return json.loads(resp.read().decode("utf-8")) |
Contributor
There was a problem hiding this comment.
同步阻塞操作,使用同步urllib,会阻塞事件循环
xuyaqist
reviewed
Jun 24, 2026
| return "USER" | ||
|
|
||
|
|
||
| async def complete_pending_oauth_account( |
Contributor
There was a problem hiding this comment.
complete_pending_oauth_account函数做了太多事情:
- 验证pending token
- 验证邀请码
- 创建用户
- 创建租户
- 初始化工具和技能
- 生成JWT
xuyaqist
reviewed
Jun 24, 2026
Comment on lines
+258
to
+259
| except Exception: | ||
| logger.warning(f"Failed to fetch {provider} user emails") |
xuyaqist
reviewed
Jun 24, 2026
| _SSL_CTX = _build_ssl_context() | ||
|
|
||
|
|
||
| def parse_state(state: str) -> Dict[str, str]: |
xuyaqist
reviewed
Jun 24, 2026
Comment on lines
+50
to
+70
| def build_system_default_prompt_template_payload() -> dict: | ||
| """Build the canonical system default prompt template payload from YAML files.""" | ||
| system_template_zh = normalize_prompt_generate_template_content( | ||
| get_prompt_generate_prompt_template(LANGUAGE["ZH"]) | ||
| ) | ||
| system_template_en = normalize_prompt_generate_template_content( | ||
| get_prompt_generate_prompt_template(LANGUAGE["EN"]) | ||
| ) | ||
| return { | ||
| "template_id": SYSTEM_PROMPT_TEMPLATE_ID, | ||
| "template_name": SYSTEM_PROMPT_TEMPLATE_NAME, | ||
| "description": SYSTEM_PROMPT_TEMPLATE_DESCRIPTION, | ||
| "template_type": PROMPT_TEMPLATE_TYPE_AGENT_GENERATE, | ||
| "tenant_id": SYSTEM_PROMPT_TEMPLATE_TENANT_ID, | ||
| "user_id": SYSTEM_PROMPT_TEMPLATE_USER_ID, | ||
| "template_content_zh": system_template_zh, | ||
| "template_content_en": system_template_en, | ||
| "created_by": SYSTEM_PROMPT_TEMPLATE_USER_ID, | ||
| "updated_by": SYSTEM_PROMPT_TEMPLATE_USER_ID, | ||
| "delete_flag": "N", | ||
| } |
Contributor
There was a problem hiding this comment.
并发安全问题,sync_system_default_prompt_template 在多线程环境下可能被多次调用,导致数据库写入冲突
xuyaqist
reviewed
Jun 24, 2026
Comment on lines
+26
to
+31
| SYSTEM_PROMPT_TEMPLATE_ID = 0 | ||
| SYSTEM_PROMPT_TEMPLATE_NAME = "system_default" | ||
| PROMPT_TEMPLATE_TYPE_AGENT_GENERATE = "agent_generate" | ||
| SYSTEM_PROMPT_TEMPLATE_DESCRIPTION = "System default prompt template" | ||
| SYSTEM_PROMPT_TEMPLATE_TENANT_ID = DEFAULT_TENANT_ID | ||
| SYSTEM_PROMPT_TEMPLATE_USER_ID = DEFAULT_USER_ID |
xuyaqist
reviewed
Jun 24, 2026
| } | ||
|
|
||
|
|
||
| def resolve_prompt_generate_template( |
Contributor
There was a problem hiding this comment.
职责混淆,resolve_prompt_generate_template 既做模板解析,又做模板合并,职责不单一。
xuyaqist
reviewed
Jun 24, 2026
| } | ||
|
|
||
|
|
||
| def list_prompt_templates_impl(tenant_id: str, user_id: str) -> list[dict]: |
Contributor
There was a problem hiding this comment.
类型提示可以更精确,返回 list[dict],但具体结构不明确
xuyaqist
reviewed
Jun 24, 2026
Comment on lines
+104
to
+105
| if not template_name: | ||
| raise ValidationError("template_name is required") |
Contributor
There was a problem hiding this comment.
在函数内部直接抛出异常,但调用者可能期望不同的异常类型
xuyaqist
reviewed
Jun 24, 2026
| self.buffer = self.buffer[emit_len:] | ||
| return results | ||
|
|
||
| def _match_known_tag_with_buffer(self, buffer_content: str) -> Optional[str]: |
Contributor
There was a problem hiding this comment.
标签匹配逻辑缺陷,_known_tags 是set,但 _known_tags 中同时包含开始和结束标签,没有处理自闭合标签或空标签,标签匹配是精确的,但LLM可能输出带空格的标签如
xuyaqist
reviewed
Jun 24, 2026
Comment on lines
+179
to
+184
| elif tag == "</SUMMARY>" or tag == "</SKILL>": | ||
| if tag == "</SKILL>": | ||
| self.state = "summary" | ||
| else: | ||
| self.state = "others" | ||
| return None |
Contributor
There was a problem hiding this comment.
状态转换不完整,当 出现时,状态变为 "summary",但 出现时变为 "others"。这可能导致状态不一致。
xuyaqist
reviewed
Jun 24, 2026
Comment on lines
+127
to
+135
| def _process_non_tag_content(self) -> List[Dict[str, Any]]: | ||
| """Process buffered content that doesn't start with '<'.""" | ||
| results = [] | ||
| emit_len = min(len(self.buffer), 64) | ||
| event = self._create_event(self.buffer[:emit_len]) | ||
| if event: | ||
| results.append(event) | ||
| self.buffer = self.buffer[emit_len:] | ||
| return results |
Contributor
There was a problem hiding this comment.
缓冲区截断可能丢失内容,每次只处理64个字符,可能导致标签在缓冲区中被截断
xuyaqist
reviewed
Jun 24, 2026
Comment on lines
+57
to
+59
| gt_pos = self.buffer.index(">") | ||
| potential_tag = self.buffer[:gt_pos + 1] | ||
| matched = self._match_known_tag_with_buffer(potential_tag) |
Contributor
There was a problem hiding this comment.
频繁的字符串索引和切片,在循环中频繁进行这些操作,对长输入性能较差。
xuyaqist
reviewed
Jun 24, 2026
Comment on lines
+145
to
+146
| match = re.match( | ||
| r'<FILE\s+path="([^"]{1,' + str(self.MAX_PATH_LENGTH) + r'})">$', |
Contributor
There was a problem hiding this comment.
正则表达式每次重新编译,每次匹配都重新编译正则表达式,应该预编译
xuyaqist
reviewed
Jun 24, 2026
Comment on lines
+59
to
+62
| if language == "zh": | ||
| lines.append("### 上下文记忆") | ||
| lines.append("基于之前的交互记录,以下是按作用域和重要程度排序的最相关记忆:") | ||
| lines.append("") |
Contributor
There was a problem hiding this comment.
每个格式化函数都有大量重复的中英文内容,维护成本高
xuyaqist
reviewed
Jun 24, 2026
Contributor
There was a problem hiding this comment.
- 硬编码的文本内容:大量硬编码的提示词文本(数百行),难以维护和更新。
- 缺少模板验证:没有验证格式化后的内容是否符合预期格式。
xuyaqist
reviewed
Jun 24, 2026
| lines.append(" - **user**: Individual preferences, skills, and historical context") | ||
| lines.append(" - **agent**: Your established behavioral patterns and capabilities, usually shared by all users (least important)") | ||
|
|
||
| return "\n".join(lines) |
Contributor
There was a problem hiding this comment.
字符串拼接效率低,对于数百行的内容,应该使用StringIO或列表join(已使用,但可以优化)
xuyaqist
reviewed
Jun 24, 2026
| def build_system_prompt_component( | ||
| content: str, | ||
| template_name: Optional[str] = None, | ||
| priority: int = 100, |
Contributor
There was a problem hiding this comment.
组件优先级管理混乱,优先级值不连续,且分散在多个函数中。
xuyaqist
reviewed
Jun 24, 2026
Comment on lines
+1118
to
+1147
| def build_context_components( | ||
| # Raw params for piecewise assembly (NEW in Goal 3) | ||
| duty: Optional[str] = None, | ||
| constraint: Optional[str] = None, | ||
| few_shots: Optional[str] = None, | ||
| app_name: Optional[str] = None, | ||
| app_description: Optional[str] = None, | ||
| user_id: Optional[str] = None, | ||
| language: str = "zh", | ||
| is_manager: bool = True, | ||
| # Piecewise data sources | ||
| tools: Optional[Dict[str, Any]] = None, | ||
| skills: Optional[List[Dict[str, str]]] = None, | ||
| managed_agents: Optional[Dict[str, Any]] = None, | ||
| external_a2a_agents: Optional[Dict[str, Any]] = None, | ||
| memory_list: Optional[List[Any]] = None, | ||
| memory_search_query: Optional[str] = None, | ||
| knowledge_base_summary: Optional[str] = None, | ||
| kb_ids: Optional[List[str]] = None, | ||
| # Legacy param for fallback (removed short-circuit in Goal 3) | ||
| system_prompt: Optional[str] = None, | ||
| # Inclusion flags (kept for backward compatibility) | ||
| include_tools: bool = True, | ||
| include_skills: bool = True, | ||
| include_memory: bool = True, | ||
| include_knowledge_base: bool = True, | ||
| include_managed_agents: bool = True, | ||
| include_external_agents: bool = True, | ||
| include_app_context: bool = True, | ||
| ) -> List["ContextComponent"]: |
Contributor
There was a problem hiding this comment.
职责过重,build_context_components函数接收17个参数,职责过重。
xuyaqist
reviewed
Jun 24, 2026
Comment on lines
+800
to
+806
| def build_tools_component( | ||
| tools: Dict[str, Any], | ||
| knowledge_base_summary: Optional[str] = None, | ||
| language: str = "zh", | ||
| is_manager: bool = True, | ||
| priority: int = 50, | ||
| ) -> "ToolsComponent": |
Contributor
There was a problem hiding this comment.
类型提示使用字符串,使用字符串类型提示,应该在文件顶部导入
xuyaqist
reviewed
Jun 24, 2026
| self.username = username | ||
| self.password = password | ||
| self._session: Optional[aiohttp.ClientSession] = None | ||
| self._access_token: Optional[str] = None |
Contributor
There was a problem hiding this comment.
Token管理不安全,Token以明文形式存储在内存中,没有加密,且没有刷新机制。
xuyaqist
reviewed
Jun 24, 2026
| url = f"{self.nacos_addr}/nacos/v1/auth/login" | ||
| form_data = aiohttp.FormData() | ||
| form_data.add_field("username", self.username) | ||
| form_data.add_field("password", self.password) |
Contributor
There was a problem hiding this comment.
密码明文传输,密码以明文形式通过HTTP传输(除非使用HTTPS)
修复方案:
- 确保Nacos使用HTTPS
- 考虑使用更安全的认证方式
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.