feat(app): 移除内置agents并添加CORS支持和技能上传优化

移除了agents/registry.json中的所有内置agents配置，将agents数组清空。为web应用添加了CORS中间件支持，允许指定的前端地址跨域访问。重构了技能上传功能，增加了LLM重写机制，自动规范化上传的技能格式。新增了工具名称提取逻辑，从技能正文中自动识别Required Tools段落。更新了技能学习候选者和草稿的载荷结构，添加评估报告统计信息。修改了意图路由技能的说明，改进任务状态管理逻辑。
2026-06-12 13:25:20 +08:00
parent fc9fd93c36
commit 8aeb97a5fc
76 changed files with 3382 additions and 553 deletions
--- a/authz-service/src/app/minio_provisioning.py
+++ b/authz-service/src/app/minio_provisioning.py
@ -99,7 +99,11 @@ def provision_user_file_minio_settings(

        policy = _namespace_policy(bucket=cfg.bucket, namespace=namespace)
        admin.policy_add(policy_name, policy=policy)
-        admin.attach_policy(policies=[policy_name], user=access_key)
+        try:
+            admin.attach_policy(policies=[policy_name], user=access_key)
+        except Exception as exc:
+            if not _is_policy_attach_already_applied(exc):
+                raise
    except Exception as exc:
        raise MinIOProvisioningError(f"MinIO user file provisioning failed: {exc}") from exc

@ -304,6 +308,15 @@ def _is_absent_error(exc: Exception) -> bool:
    return any(marker in text for marker in absent_markers)


+def _is_policy_attach_already_applied(exc: Exception) -> bool:
+    text = _safe_error_text(exc)
+    return (
+        "XMinioAdminPolicyChangeAlreadyApplied" in text
+        or "specified policy change is already in effect" in text.lower()
+        or "policy update has no net effect" in text.lower()
+    )
+
+
 def _safe_error_text(exc: object) -> str:
    text = str(exc).strip()
    return text or exc.__class__.__name__
--- a/authz-service/src/tests/test_minio_deprovisioning.py
+++ b/authz-service/src/tests/test_minio_deprovisioning.py
@ -10,6 +10,7 @@ from fastapi.testclient import TestClient
 from app.minio_provisioning import (
    MinIOProvisioningConfig,
    deprovision_user_file_minio_resources,
+    provision_user_file_minio_settings,
 )
 from app.models import MinIOSettings

@ -23,6 +24,7 @@ class _FakeMinio:
    bucket_exists_value = True
    objects: list[str] = []
    removed_objects: list[str] = []
+    made_buckets: list[str] = []

    def __init__(self, **_kwargs: Any) -> None:
        pass
@ -30,6 +32,9 @@ class _FakeMinio:
    def bucket_exists(self, bucket: str) -> bool:
        return self.bucket_exists_value

+    def make_bucket(self, bucket: str, location: str | None = None) -> None:
+        self.made_buckets.append(bucket)
+
    def list_objects(self, bucket: str, *, prefix: str, recursive: bool) -> list[_FakeObject]:
        return [_FakeObject(name) for name in self.objects if name.startswith(prefix)]

@ -41,10 +46,26 @@ class _FakeMinio:
 class _FakeAdmin:
    calls: list[tuple[str, Any]] = []
    missing = False
+    attach_policy_already_applied = False

    def __init__(self, **_kwargs: Any) -> None:
        pass

+    def user_add(self, access_key: str, secret_key: str) -> None:
+        self.calls.append(("user_add", access_key))
+
+    def policy_add(self, policy_name: str, *, policy: dict[str, Any]) -> None:
+        self.calls.append(("policy_add", policy_name))
+
+    def attach_policy(self, **kwargs: Any) -> None:
+        self.calls.append(("attach_policy", kwargs))
+        if self.attach_policy_already_applied:
+            raise RuntimeError(
+                "admin request failed; Status: 400, Body: "
+                '{"Code":"XMinioAdminPolicyChangeAlreadyApplied",'
+                '"Message":"The specified policy change is already in effect."}'
+            )
+
    def detach_policy(self, **kwargs: Any) -> None:
        self.calls.append(("detach_policy", kwargs))
        if self.missing:
@ -88,8 +109,10 @@ def _install_fake_minio(monkeypatch) -> None:
    _FakeMinio.bucket_exists_value = True
    _FakeMinio.objects = []
    _FakeMinio.removed_objects = []
+    _FakeMinio.made_buckets = []
    _FakeAdmin.calls = []
    _FakeAdmin.missing = False
+    _FakeAdmin.attach_policy_already_applied = False


 def _config() -> MinIOProvisioningConfig:
@ -159,6 +182,25 @@ def test_deprovision_removes_namespace_resources_without_secrets(monkeypatch) ->
    assert "secret" not in str(result).lower()


+def test_provision_treats_already_attached_policy_as_idempotent(monkeypatch) -> None:
+    _install_fake_minio(monkeypatch)
+    _FakeAdmin.attach_policy_already_applied = True
+
+    settings = provision_user_file_minio_settings(
+        backend_id="alice",
+        existing=None,
+        config=_config(),
+    )
+
+    assert settings is not None
+    assert settings.endpoint == "minio.local:9000"
+    assert settings.access_key == "beaver-alice"
+    assert settings.bucket == "beaver-user-files"
+    assert settings.namespace == "users/alice"
+    assert settings.secret_key
+    assert ("attach_policy", {"policies": ["beaver-user-files-alice"], "user": "beaver-alice"}) in _FakeAdmin.calls
+
+
 def test_deprovision_is_idempotent_when_resources_are_absent(monkeypatch) -> None:
    _install_fake_minio(monkeypatch)
    _FakeMinio.bucket_exists_value = False