Commit Graph

174 Commits

Author SHA1 Message Date
Codex 601d8190d0 feat: add provider profile removal 2026-06-08 05:30:48 +08:00
Codex 509c2aa6fd fix: 支持动态 provider profile slug 2026-06-08 04:19:58 +08:00
Codex bda8e3bb1e 修正 provider Secret create RBAC 语义 2026-06-08 02:17:33 +08:00
Codex 96bdc262ad 支持 provider profile Secret 首次创建 2026-06-08 02:08:50 +08:00
Codex 41886aef80 feat: 将 ofcx-go backend 收敛为 dsflash-go 2026-06-08 01:38:50 +08:00
Codex eef59c74ee fix: replace hardcoded backend profile validation with isBackendProfile()
The session creation route had a hardcoded check for only codex/deepseek/minimax-m3
profiles. Since ofcx-go was added to BackendProfile type and backend-profiles.ts
spec list, the validation must use isBackendProfile() from the shared module so
that adding new profiles only requires one data change, not scattered string checks.

Refs pikasTech/HWLAB#1034
2026-06-07 21:03:47 +08:00
Codex 3afb2bf8ec feat: add ofcx-go provider profile for OpenCode Zen Go DeepSeek V4 Flash
- Add ofcx-go to BackendProfile type union
- Add ofcx-go backend profile spec (Codex app-server stdio)
- Add defaultConfig for ofcx-go (deepseek-v4-flash via Moon Bridge)
- Add Secret mount in deploy.json for runner projection
- Add RBAC access for ofcx-go provider secret
- Update self-test to cover 4 profiles
2026-06-07 20:14:52 +08:00
Codex 0ff445e182 feat: remove workspace file count limit, raise total size to 4MB
- maxWorkspaceFiles: 16 → Number.MAX_SAFE_INTEGER (unlimited)
- maxWorkspaceFilesTotalBytes: 512KB → 4MB
- Enables large skill directories (e.g. arm2d-skill with references)
2026-06-07 14:44:15 +08:00
Lyon 5ad29247ad Merge pull request #98 from pikasTech/fix/workspace-seed-files-97
支持 ResourceBundleRef workspaceFiles
2026-06-06 18:00:00 +08:00
Codex 7b3c0ea584 fix: 支持 ResourceBundleRef workspaceFiles 2026-06-06 17:59:05 +08:00
Lyon c320459deb Merge pull request #95 from pikasTech/fix/provider-profile-config-toml
feat: 支持 provider profile config.toml 管理
2026-06-05 22:37:14 +08:00
Codex dd58cf9a8e feat: 支持 provider profile config.toml 管理 2026-06-05 22:35:40 +08:00
Lyon 17e9cd3995 fix: remove provider secret last-applied annotation (#94)
Co-authored-by: Codex <codex@pikas.tech>
2026-06-05 19:04:59 +08:00
Lyon 46e3b771bb fix: upsert provider secrets without patch-file (#93)
Co-authored-by: Codex <codex@pikas.tech>
2026-06-05 18:50:50 +08:00
Lyon a8f1e56367 fix: avoid provider secret last-applied annotation (#92)
Co-authored-by: Codex <codex@pikas.tech>
2026-06-05 18:34:13 +08:00
Codex 1d434cfc53 docs: align provider profile management status 2026-06-05 18:26:38 +08:00
Codex 7f5fc963c7 docs: align HWLAB assembly to HWPOD 2026-06-05 16:51:16 +08:00
Lyon ffc4f5d6cb Merge pull request #91 from pikasTech/fix/issue28-provider-validation-workspace
fix: provider validation 使用真实工作目录
2026-06-05 16:36:07 +08:00
Codex 25ec9f459d fix: use existing workspace for provider validation 2026-06-05 16:34:54 +08:00
Lyon a9891b45f5 Merge pull request #89 from pikasTech/fix/issue28-provider-secret-rbac
fix: 补齐 provider profile Secret RBAC
2026-06-05 16:24:38 +08:00
Codex 8099207353 fix: grant provider profile secret rbac 2026-06-05 16:23:33 +08:00
Lyon aef9a66a11 Merge pull request #88 from pikasTech/feat/issue28-provider-profile-management
feat: 增加 provider profile 管理 API
2026-06-05 16:09:16 +08:00
Codex 05809058a5 feat: add provider profile management api 2026-06-05 16:07:26 +08:00
Codex 8e64a3974a docs: add provider profile management spec 2026-06-05 15:48:30 +08:00
Codex 2ebb51eed7 docs: clarify HWLAB session resume boundaries 2026-06-04 01:02:12 +08:00
Lyon a3422b4c76 Merge pull request #87 from pikasTech/fix-v01-runner-claim-recovery
修复替换 runner 等待旧 lease 后接管
2026-06-04 00:07:23 +08:00
Codex 0d040a33c2 fix: wait for stale runner lease before replacement claim 2026-06-03 23:49:40 +08:00
Codex 0dfe709fd4 feat(v0.1): CLI runner job --dry-run 也查 session 加 sessionPvc
之前 CLI runner job --dry-run 直接调 renderRunnerJobDryRun 不经 mgr,
所以 kubernetes-runner-job.ts 里的 sessionPvc 查找逻辑被绕过,
dry-run manifest 不含 agentrun-sessions volume。

修复:dry-run 路径先 GET /api/v1/sessions 查 storageKind=pvc + storagePvcName,
自己构造 sessionPvc 传给 renderRunnerJobDryRun,dry-run 输出
与 mgr 真实创建 runner Job 的 manifest 一致。
2026-06-03 21:16:33 +08:00
Codex 78513aa4c7 feat(v0.1): CLI sessions create / storage / storage-delete + session-turn auto-ensure PVC
PR C 收尾附带 CLI 能力:
- 新增 sessions create [sessionId] 调 POST /api/v1/sessions 创建 session+PVC
- 新增 sessions storage <sessionId> 调 GET /api/v1/sessions/:id/storage
- 新增 sessions storage <sessionId> --delete 调 DELETE
- sessions turn <sessionId> 也会先 GET storage 探活,不存在则 POST /api/v1/sessions 补建
  (之前 sessions turn 只在 store 里隐式建 session record 但 storageKind=none,
  现在用显式 session create 入口保证 storageKind=pvc 提前建好)
- ManagerClient 新增 delete() 方法
2026-06-03 20:56:27 +08:00
Codex 7ccea67391 feat(v0.1): codex-stdio emit codex-rollout-storage-mounted + session-store-evicted upgrade
PR C 收尾:codex-stdio.ts 加 observability + new failureKind 升级路径

- 启动时读 env(不是 process.env)发出 codex-rollout-storage-mounted 事件:
  pvcName / pvcNamespace / mountPath / codexRolloutSubdir / valuesPrinted=false
- thread/resume 失败 + 'no rollout found for thread id' 消息 + AGENTRUN_SESSION_PVC_NAME
  已设 → 升级为 session-store-evicted,区别于 thread-resume-failed
- isNoRolloutFoundMessage helper 隔离匹配逻辑
- 4 新 selftest case:
  codex-stdio-session-storage-mounted(事件存在 + 字段对齐)
  codex-stdio-session-storage-evicted(failureKind 升级)
  codex-stdio-session-storage-subdir(AGENTRUN_CODEX_ROLLOUT_SUBDIR 配置生效)
  codex-stdio-session-storage-no-secret-leak(事件不泄露)

PR C 全部完成:runner Job 直接挂载 PVC + codex-stdio observability +
session-store-evicted 升级 + 5 新 selftest(1 runner + 4 codex)
2026-06-03 20:38:11 +08:00
Codex f08a4e75cd feat(v0.1): runner Job 直接挂载 per-session PVC + env 透传
PR C 起步:k8s-job.ts 加 sessionPvc volume + env passthrough

- src/runner/k8s-job.ts: 新 RunnerSessionPvcOptions 接口;manifest 多渲染
  agentrun-sessions volume + volumeMount;env 多透传 AGENTRUN_SESSION_PVC_NAME /
  _NAMESPACE / _MOUNT_PATH / AGENTRUN_CODEX_ROLLOUT_SUBDIR
- src/mgr/kubernetes-runner-job.ts: run 引用 session 时查 session storage
  kind=pvc 自动构造 sessionPvc 透传给 manifest 渲染;kind=evicted 已在
  PR B 短路返回 session-store-evicted
- selftest: 1 新 case runner-k8s-job-session-pvc-volume-and-env 验证 PVC volume
  + env 全套透传

后续 PR C 剩余:src/backend/codex-stdio.ts emit codex-rollout-storage-mounted
事件 + session-store-evicted 升级;3 个 codex-stdio 端到端 case。
2026-06-03 20:21:03 +08:00
Codex 4793ca154a fix(v0.1): recover session PVC when prior create left session without storage
之前的失败用例会让 session 留在 storageKind=none 状态但 pvcName 缺失,
现在 POST /api/v1/sessions 在 storageKind=none || !storagePvcName 时
重新调 createSessionPvc 补建,action=session-storage-recovered。

selftest 覆盖:显式 reset storageKind=none 后第二次 POST 走 recovery。
2026-06-03 19:59:49 +08:00
Codex da797c907c fix(v0.1): sanitize session id for PVC name (RFC 1123 subdomain compliance)
session id 允许任意字符(含下划线/大写/点),但 PVC name 必须符合
RFC 1123 subdomain(小写字母数字 + '-' + '.',首尾必须 alphanumeric)。

sanitizeSessionIdForPvc 把非法字符替换为 '-',全空 fallback 到 'default'。
selftest 增加 3 case 覆盖下划线/大写/纯符号。
2026-06-03 19:47:29 +08:00
Codex e8cfa4c692 feat(v0.1): add mgr session PVC lifecycle for true session state persistence
PR B for #770: mgr/session-pvc.ts + server endpoints + selftest.

- 新模块 src/mgr/session-pvc.ts: createSessionPvc / getSessionPvcSummary / deleteSessionPvc / refreshSessionPvcSummary / runSessionStorageGc / startSessionStorageGcLoop
- Server 增量 4 个 endpoint:
  * POST /api/v1/sessions: 创建 session 同步创建 PVC
  * GET /api/v1/sessions/:id/storage: 查询 PVC 摘要
  * DELETE /api/v1/sessions/:id/storage: 删 PVC + storage_kind=evicted
  * POST /api/v1/sessions/:id/storage/refresh: runner 上报 PVC 摘要
  * POST /api/v1/sessions/storage/gc: 手动触发 GC
- mgr SA RBAC 已在 PR A 增加;manager server 不直连 Kubernetes API(kubectl 由 mgr 容器内执行)
- SessionRecord 增量 storageKind / storagePvcName / storageNamespace / storageSizeBytes / storageFilesCount / storageSha256 / storageUpdatedAt / storagePvcPhase / storageEvictedAt / codexRolloutSubdir
- kubernetes-runner-job 短路:run 引用 evicted session 时直接返回 session-store-evicted,不创建 runner Job
- KubectlHandler 可注入,selftest 覆盖 create / summary / refresh / eviction / gc / REST 路径
- GC loop 默认 5min(AGENTRUN_SESSION_GC_INTERVAL_MS 可调)

runner / backend / HWLAB adapter 在 PR C / PR D 落地。
2026-06-03 19:19:09 +08:00
Codex 87beb00bdb feat(v0.1): add per-session RWO PVC foundation for true session state persistence
PR A for #770: docs + migration 007 + RBAC + types foundation.

- 新增 failureKind session-store-evicted,用于区分 PVC 缺失与真协议错误
- 新增 migration 007_v01_session_state_storage:sessions 表增加 storage_* 列 + 索引
- mgr SA RBAC 增量:persistentvolumeclaims: [create, get, list, watch, delete]
- 6 份 SPEC 升级(runtime-assembly / hwlab-manual-dispatch / backend-codex T7b / agentrun-runner / agentrun-mgr / services)
- 显式禁止:fake app-server mock、replacement threadId、runner 启动后 copy/restore、idleTimeoutMs 拉永驻
- selftest 断言更新到 007_v01_session_state_storage

后续 PR B/C 在此基础上接入 mgr 端 PVC 生命周期 + runner 端 mount + backend 端 observability。
2026-06-03 18:45:13 +08:00
Lyon cb93992b1c Merge pull request #85 from pikasTech/feat/issue84-session-subagent-cli
feat(v0.1): 增加异步 subagent Session CLI 控制面
2026-06-03 11:29:38 +08:00
Codex b761ef6713 feat: add session subagent cli control 2026-06-03 11:27:55 +08:00
Lyon a40fdf6ab1 Merge pull request #83 from pikasTech/fix/issue82-runner-ripgrep
fix: AgentRun runner 镜像补齐 ripgrep
2026-06-03 08:03:57 +08:00
Codex 25bc93b371 fix: add ripgrep to runner image 2026-06-03 07:59:13 +08:00
Lyon 3223b297ca Merge pull request #81 from pikasTech/fix/issue723-no-total-turn-timeout
fix: keep Codex sessions reusable after turn failures
2026-06-03 00:30:47 +08:00
Codex f69ef55ddc fix: keep codex sessions reusable after turn failures 2026-06-03 00:28:41 +08:00
Lyon c51180eef6 Merge pull request #80 from pikasTech/fix/v01-assistant-delta-progress-712
修复长任务中间过程 trace 可见性
2026-06-02 21:19:01 +08:00
Codex ce031238f1 fix: 保留长任务过程 trace 事件 2026-06-02 21:17:56 +08:00
Codex 3018b8a937 feat: assemble resource prompts and skills 2026-06-02 20:40:14 +08:00
Codex a53f5b8a0d docs: specify resource prompt and skill assembly 2026-06-02 19:59:49 +08:00
Lyon 5089c5e31a Merge pull request #78 from pikasTech/fix/issue701-native-codex-stdio-resume
fix: fail stale Codex thread resume
2026-06-02 16:23:40 +08:00
Codex e9843ab687 fix: fail stale codex thread resume 2026-06-02 16:22:27 +08:00
Lyon d49b958649 Merge pull request #77 from pikasTech/feat-unidesk-ssh-tool-193
feat: 装配 UniDesk SSH 工具凭证
2026-06-02 15:56:49 +08:00
Codex 458d814fa2 feat: 装配 UniDesk SSH 工具凭证 2026-06-02 15:40:48 +08:00
Lyon 16b32af9b5 Merge pull request #76 from pikasTech/fix/v01-thread-resume-replacement
fix: replace stale codex threads
2026-06-02 12:37:24 +08:00