🐛 Bugfix: Fixed an issue where the MCP service failed to start in a Kubernetes pod.#3254
Merged
Merged
Conversation
…ubernetes container. [Specification Details] 1. Modify the pod naming logic to convert all non-compliant characters to -. 2. Modify test cases.
WMC001
added a commit
that referenced
this pull request
Jun 18, 2026
* add_greeting_fields_to_agent-develop * feat(knowledge-base): add preserve_source_file and post-index source cleanup Let knowledge bases opt out of keeping uploaded MinIO copies after indexing while retaining Elasticsearch chunks for retrieval. Default behavior remains preserve_source_file=true for backward compatibility. - Add preserve_source_file column (init.sql + v2.2.0_0601 migration) - Accept preserve_source_file on create/update and northbound/vector APIs - Support document DELETE scope=source_only and source_available in listings - Run cleanup_source Celery task when preserve_source_file is false - UI: create-KB toggle, list tag, knowledge-base preview when copy is missing - Update vector-database SDK docs and backend tests * test(data_process): stub knowledge_db, redis_service, and redis in test_worker Align setup_mocks_for_worker with test_tasks so importing backend.data_process.worker loads package __init__ without real DB/redis deps. * test(data_process): shim cleanup_source for submit_process_forward_chain tests * remove duplicate import * fix: update unit tests for greeting_message and example_questions fields * add init.sql to sonar.properites * ♻️ Improvement: API to MCP conversion service supports configuring headers. (#3194) * ♻️ Improvement: API to MCP conversion service supports configuring headers. [Specification Details] 1. Front-end and back-end modifications * ♻️ Improvement: API to MCP conversion service supports configuring headers. [Specification Details] 1. Modify the frontend, after adding, set the HTTP headers to empty. 2. Modify test cases. * ♻️ Improvement: Enhance processing of ES index names in memory banks. (#3196) [Specification Details] 1. Replace all symbols in the index name that do not meet the rules with "_". 2. Modify test cases. * feat: add active memory tools (StoreMemoryTool, SearchMemoryTool) (#3197) - Implement StoreMemoryTool for explicit memory storage during agent reasoning - Implement SearchMemoryTool for on-demand memory retrieval during conversations - Integrate tools into agent creation flow (create_agent_info.py) - Register tools in nexent_agent.py and tools/__init__.py - Add MEMORY_OPERATION tool sign for proper categorization - Fix memory_core.py cache key to include event loop ID (prevents cross-loop conflicts) - Add comprehensive test coverage for both tools - Add procedural memory verification documentation Tools follow existing patterns: lazy imports, observer integration, error handling, and respect user memory preferences (agent_share_option, disabled_agent_ids). Co-authored-by: Dallas98 <40557804+Dallas98@users.noreply.github.com> * 🐛 Bugfix: skill names and descriptions never load to context (#3205) * 🐛 Bugfix: skill names and descriptions never load to context * 🐛 Bugfix: skill names and descriptions never load to context * 🐛 Bugfix: skill names and descriptions never load to context * 🐛 Bugfix: official skills not copied to target directory * 🐛 Bugfix: official skills not copied to target directory * Feat: add selected count badges to tool/skill pool labels (#3206) Co-authored-by: chase <byzhangxin11@126.com> * 🐛 Bugfix: Fix attribution error when tool calling error (#3208) * ✨ Feat: Add support for Word document generation, preview, and download (#3191) * Feat: Add support for Word document generation, preview, and download * Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Restrict uploads to a known safe workspace/output directory * 修改单元测试 * 修复单元测试 * Bugfix: Store uploaded files in Minio for conversation messages to enable file visibility in history --------- Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * ✨Feat:Enhance prompt optimization by integrating openjiuwen and fix related bugs (#3190) * ✨Feat:add prompt optimization * 🐛Bugfix: dockerbuild failed when running pipefail in python3_11 * 🔨Optimize: Optimize prompt optimization display page and interaction methods * 🐛Bugfix: fix dependencies replication * 🎨:Optimize frontend prompts and loading interface * 🔧 Refactor: Update imports and remove redundant ENABLE_JIUWEN_SDK import in prompt_service.py * 🔧 Refactor: Correct import path for NexentCapabilityError and enhance test coverage for prompt optimization service * 🔧 Refactor: Update import paths for exception handling and improve logging formatting in prompt_service.py * 🔧 Refactor: Simplify lazy imports in jiuwen_sdk_adapter.py and update import paths in prompt_service.py * 🔧 Refactor: Enhance Jiuwen SDK adapter handling and improve test stubs in prompt_service.py and related test files * 🧪test:Pydantic model for PromptTemplateRequest in test_prompt_template_app.py * 🔧 Refactor: Remove unnecessary dependency exclusions from pyproject.toml * 🔧 Update: Upgrade huggingface_hub dependency version in pyproject.toml * 🔧 Update: Exclude unnecessary transitive dependencies and adjust huggingface_hub version in pyproject.toml * 🔧 Test: Add mock modules for unstructured inference and set up package paths in test files * 🔧 Test: Enhance test setup by adding optional SDK mocks and cleaning up module imports in data processing tests * 🔧 Test: Consolidate mock module setup for unstructured inference across multiple test files * 🔧 Test: Remove unused optional SDK mocks from test configuration * 🔧 Refactor: Clean up imports and enhance dynamic loading of fastmcp components in Docker client * 📦update:sdk dependence update * Add CAS SSO integration and improve logout handling (#3072) * feat: add CAS SSO integration * Skip CAS logout when CAS_LOGOUT_URL is unset * 取消转义 * Improve CAS logout handling and confirm user logout * Disable account deletion for CAS users * Add CAS session init SQL and k8s config * clean code * Remove agent guardrails design doc from tracking * 补充文档 --------- Co-authored-by: hhhhsc <name> * 🐛Bugfix: Remove unnecessary dependency exclusions and upgrade huggingface_hub version in pyproject.toml (#3211) * refactor: move current time from system prompt to user message for prompt cache stability (#3203) Remove {{time}} from all 4 prompt YAML templates (manager/managed × en/zh) and strip time_str from the context_utils pipeline (_format_app_context, build_skeleton_header_component, build_context_components, build_app_context_string). Also remove time from create_agent_info render kwargs and build_context_components call. In CoreAgent.run, prepend [Current time: ...] to self.task so the timestamp travels with the user message instead of being baked into the system prompt. This makes the rendered system prompt fully deterministic per (agent_id, tenant_id, version_no, language) — enabling prompt/KV cache hits across requests for the same agent config. Sync test_context_utils.py: drop time_str= from 3 test cases. Remove unused datetime imports from context_utils.py and create_agent_info.py. * 🐛 Bugfix: Fixed the issue of being unable to add MCP services via containerization. (#3213) [Specification Details] 1. Modify the DEFAULT_NETWORK_NAME when starting the MCP service in the container to match the name in docker-compose. 2. Modify the parameters passed to the add_mcp_service method; custom_headers defaults to None. * 🐛 Bugfix: Fixed the issue where uploaded text files could not be parsed during a session. (#3219) * 🐛 Bugfix: Fixed the issue where uploaded text files could not be parsed during a session. [Specification Details] 1. The return parameter of the file_process method has changed and needs to be unpacked. * 🐛 Bugfix: Fixed the issue where uploaded text files could not be parsed during a session. [Specification Details] 1. Modify test case. * 🐛 Bugfix: Fixed an issue where the MCP service could not be added correctly after updating the FastMCP version. (#3222) [Specification Details] 1. Add `kwargs` to the `create_httpx_client` function to accept all additional parameters. * 🐛 Bugfix: Fix incomplete display of tenant resources page after window resize (#3215) * Move non-shadcn ui component to other folder * Bugfix: Fix incomplete display of tenant resources page after window resize * Bugfix: Fix incomplete display of tenant resources page after window resize * Add agent marketplace repository and version pinning for sub-agents (#3239) * feat: add agent marketplace repository and pin sub-agent versions at publish Introduce ag_agent_repository_t with list/status/publish/import APIs for frozen agent snapshots. Pin selected_agent_version_no on agent relations when publishing so sub-agents resolve to a fixed version at runtime. Extend agent export/import to bundle skills in ZIP payloads and add embedding model fallback when no model name is provided. * feat: add agent marketplace repository and pin sub-agent versions at publish Introduce ag_agent_repository_t with list/status/publish/import APIs for frozen agent snapshots. Pin selected_agent_version_no on agent relations when publishing so sub-agents resolve to a fixed version at runtime. Extend agent export/import to bundle skills in ZIP payloads and add embedding model fallback when no model name is provided. * feat: add agent marketplace repository and pin sub-agent versions at publish Introduce ag_agent_repository_t with list/status/publish/import APIs for frozen agent snapshots. Pin selected_agent_version_no on agent relations when publishing so sub-agents resolve to a fixed version at runtime. Extend agent export/import to bundle skills in ZIP payloads and add embedding model fallback when no model name is provided. * feat: add agent marketplace repository and pin sub-agent versions at publish Introduce ag_agent_repository_t with list/status/publish/import APIs for frozen agent snapshots. Pin selected_agent_version_no on agent relations when publishing so sub-agents resolve to a fixed version at runtime. Extend agent export/import to bundle skills in ZIP payloads and add embedding model fallback when no model name is provided. * feat(agent): add verification configuration for agents and update related components (#3174) * feat(agent): add verification configuration for agents and update related components * feat(model): update model type labels and add monitoring dashboard translations * 🐛 Bugfix: Fix inability to select agent from agent space to edit (#3240) * Move non-shadcn ui component to other folder * Bugfix: Fix incomplete display of tenant resources page after window resize * Bugfix: Fix incomplete display of tenant resources page after window resize * Bugfix: Fix inability to select agent from agent space to edit * Bugfix: Display correct version info when viewing agent details * Update data agent and ME CAS integration documentation (#3242) * 补充dataagent对接文档 * 补充ME cas对接文档 * 补充ME cas对接文档 --------- Co-authored-by: hhhhsc <name> * ✨ Add several northbound apis (#3223) * ✨ Add several northbound apis * ✨ Add several northbound apis * ✨ Add several northbound apis * ✨ Add several northbound apis * ✨ Add several northbound apis * refactor: simplify deployment script by removing unused variables and functions (#3245) * feat(agent): add verification configuration for agents and update related components * feat(model): update model type labels and add monitoring dashboard translations * refactor(build_offline_package): simplify deployment script by removing unused variables and functions * 🐛 Bugfix: Adjust agent detail UI layout to accommodate newly added "self-verification" field (#3246) * Move non-shadcn ui component to other folder * Bugfix: Fix incomplete display of tenant resources page after window resize * Bugfix: Fix incomplete display of tenant resources page after window resize * Bugfix: Fix inability to select agent from agent space to edit * Bugfix: Display correct version info when viewing agent details * Bugfix: Adjust agent detail UI layout to accommodate newly added "self-verification" field * 补充sql (#3248) * 补充sql * 扩大limit限制 * 🐛 Bugfix: Fixed an issue where the MCP service failed to start in a Kubernetes container. (#3254) [Specification Details] 1. Modify the pod naming logic to convert all non-compliant characters to -. 2. Modify test cases. * 🐛 Bugfix: knowledge_base_search_tool called with TypeError: argument of type 'FieldInfo' is not iterable (#3259) * 🐛 Bugfix: Fixed an issue where the one-click rename function failed after importing an agent. (#3258) [Specification Details] 1. The frontend does not pass `agent_id` when calling the `regenerate_name` API. * Bugfix: Exclude attachments from assistant when saving conversation history (#3261) * Bump APP_VERSION from v2.2.0 to v2.2.1 (#3268) The default setting for client-side self-validation is "False". --------- Co-authored-by: chase <byzhangxin11@126.com> Co-authored-by: Chenlifeng <174292121+Lifeng-Chen@users.noreply.github.com> Co-authored-by: Dallas98 <40557804+Dallas98@users.noreply.github.com> Co-authored-by: Jason Wang <56037774+JasonW404@users.noreply.github.com> Co-authored-by: Xia Yichen <iamjasonxia@126.com> Co-authored-by: JeffWu <45140512+jeffwu-1999@users.noreply.github.com> Co-authored-by: WMC001 <46217886+WMC001@users.noreply.github.com> Co-authored-by: xuyaqi <xuyaqist@gmail.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Co-authored-by: DongJiBao2001 <120021235+DongJiBao2001@users.noreply.github.com> Co-authored-by: hhhhsc701 <56435672+hhhhsc701@users.noreply.github.com> Co-authored-by: Dallas98 <990259227@qq.com> Co-authored-by: frr <64584192+wuyuanfr@users.noreply.github.com>
WMC001
pushed a commit
that referenced
this pull request
Jun 18, 2026
* 🐛 Bugfix: Adjust agent detail UI layout to accommodate newly added "self-verification" field (#3246) * Move non-shadcn ui component to other folder * Bugfix: Fix incomplete display of tenant resources page after window resize * Bugfix: Fix incomplete display of tenant resources page after window resize * Bugfix: Fix inability to select agent from agent space to edit * Bugfix: Display correct version info when viewing agent details * Bugfix: Adjust agent detail UI layout to accommodate newly added "self-verification" field * 补充sql (#3248) * 补充sql * 扩大limit限制 * 🐛 Bugfix: Fixed an issue where the MCP service failed to start in a Kubernetes container. (#3254) [Specification Details] 1. Modify the pod naming logic to convert all non-compliant characters to -. 2. Modify test cases. * 🐛 Bugfix: knowledge_base_search_tool called with TypeError: argument of type 'FieldInfo' is not iterable (#3259) * 🐛 Bugfix: Fixed an issue where the one-click rename function failed after importing an agent. (#3258) [Specification Details] 1. The frontend does not pass `agent_id` when calling the `regenerate_name` API. * Bugfix: Exclude attachments from assistant when saving conversation history (#3261) * Bump APP_VERSION from v2.2.0 to v2.2.1 (#3268) The default setting for client-side self-validation is "False". --------- Co-authored-by: xuyaqi <xuyaqist@gmail.com> Co-authored-by: hhhhsc701 <56435672+hhhhsc701@users.noreply.github.com> Co-authored-by: Xia Yichen <iamjasonxia@126.com>
WMC001
added a commit
that referenced
this pull request
Jun 18, 2026
* 🐛 Bugfix: Adjust agent detail UI layout to accommodate newly added "self-verification" field (#3246) * Move non-shadcn ui component to other folder * Bugfix: Fix incomplete display of tenant resources page after window resize * Bugfix: Fix incomplete display of tenant resources page after window resize * Bugfix: Fix inability to select agent from agent space to edit * Bugfix: Display correct version info when viewing agent details * Bugfix: Adjust agent detail UI layout to accommodate newly added "self-verification" field * 补充sql (#3248) * 补充sql * 扩大limit限制 * 🐛 Bugfix: Fixed an issue where the MCP service failed to start in a Kubernetes container. (#3254) [Specification Details] 1. Modify the pod naming logic to convert all non-compliant characters to -. 2. Modify test cases. * 🐛 Bugfix: knowledge_base_search_tool called with TypeError: argument of type 'FieldInfo' is not iterable (#3259) * 🐛 Bugfix: Fixed an issue where the one-click rename function failed after importing an agent. (#3258) [Specification Details] 1. The frontend does not pass `agent_id` when calling the `regenerate_name` API. * Bugfix: Exclude attachments from assistant when saving conversation history (#3261) * Bump APP_VERSION from v2.2.0 to v2.2.1 (#3268) The default setting for client-side self-validation is "False". --------- Co-authored-by: xuyaqi <xuyaqist@gmail.com> Co-authored-by: hhhhsc701 <56435672+hhhhsc701@users.noreply.github.com> Co-authored-by: Xia Yichen <iamjasonxia@126.com>
xuyaqist
pushed a commit
that referenced
this pull request
Jun 22, 2026
…ubernetes container. (#3254) [Specification Details] 1. Modify the pod naming logic to convert all non-compliant characters to -. 2. Modify test cases.
YehongPan
commented
Jun 24, 2026
| logger = logging.getLogger("nexent.container.kubernetes") | ||
|
|
||
| # Kubernetes naming constraints: lowercase alphanumeric or dash, cannot start/end with dash, | ||
| # cannot have consecutive dashes, max 253 characters |
Contributor
Author
There was a problem hiding this comment.
[逻辑漏洞] _sanitize_k8s_name 函数在注释中提到了 Kubernetes 命名约束(最大 253 字符),但实际代码中未对长度进行截断。如果输入名称超过 253 字符,生成的 K8s 资源名称将无效,导致创建失败。建议在函数末尾添加长度截断逻辑:sanitized = sanitized[:253].rstrip('-')。
JasonW404
reviewed
Jun 24, 2026
| """Convert arbitrary string to valid Kubernetes resource name. | ||
|
|
||
| Rules: | ||
| - Convert to lowercase |
Member
There was a problem hiding this comment.
_sanitize_k8s_name(None) 会在 name.lower() 处抛出 AttributeError,因为 None 没有 lower() 方法。if not name 检查在 name.lower() 之后才执行,无法拦截 None 输入。测试用例 test_sanitize_none 预期返回 "unknown" 但实际会崩溃。建议将 None 检查移到最前面:if not name: return "unknown" 改为 if name is None or not name: return "unknown"。
WMC001
reviewed
Jun 24, 2026
WMC001
left a comment
WMC001
left a comment
Contributor
There was a problem hiding this comment.
Observation: improved K8s name sanitization
sdk/nexent/container/k8s_client.py — extracts _sanitize_k8s_name helper for centralized name sanitization across _generate_pod_name and list_containers. The helper handles empty/None inputs (returns "unknown"), strips leading/trailing dashes, and prepends x for names that start with non-alphanumeric. Tests cover the main edge cases including consecutive special chars, leading/trailing chars, and underscores/dots/spaces.
No bugs found. Note that _sanitize_k8s_name is called before the [:8] truncation, which is the correct order — internal .strip("-") ensures the truncated slice doesn't contain leading/trailing dashes.
xuyaqist
reviewed
Jun 25, 2026
| sanitized = "x" + sanitized | ||
|
|
||
| # Fallback if empty | ||
| return sanitized if sanitized else "unknown" |
Contributor
There was a problem hiding this comment.
_sanitize_k8s_name 函数没有对输出长度进行限制。Kubernetes DNS label 名称最长 63 个字符(RFC 1123),而 pod 名称由 mcp-{safe_name}-{tenant}-{user}-{uuid} 拼接而成。如果 service_name 很长,最终 pod 名称可能超过 253 字符限制导致 K8s API 报错。建议在函数末尾添加截断逻辑,或在 _generate_pod_name 中对各段长度做约束。
xuyaqist
reviewed
Jun 25, 2026
| K8S_CONSECUTIVE_DASHES = re.compile(r"-+") | ||
|
|
||
|
|
||
| def _sanitize_k8s_name(name: str) -> str: |
Contributor
There was a problem hiding this comment.
_sanitize_k8s_name 在 sanitized 为空时返回 "unknown",但当输入为 None 时,虽然 if not name 的 guard 能正确拦截(返回 True),但类型注解 name: str 应改为 Optional[str] 以准确反映函数实际接受的输入类型,提高代码可读性和类型检查的准确性。
hhhhsc701
reviewed
Jun 25, 2026
| logger = logging.getLogger("nexent.container.kubernetes") | ||
|
|
||
| # Kubernetes naming constraints: lowercase alphanumeric or dash, cannot start/end with dash, | ||
| # cannot have consecutive dashes, max 253 characters |
Contributor
There was a problem hiding this comment.
[P2] 注释写 max 253,但这个 sanitizer 没有实际 enforce 长度,而且很多使用点是 label value/名称片段,常见上限是 63。注释会让调用方误以为长度已经安全,建议把长度作为参数并在函数内截断。
| return "unknown" | ||
|
|
||
| # Lowercase and replace invalid chars with dash | ||
| sanitized = K8S_NAME_PATTERN.sub("-", name.lower()) |
Contributor
There was a problem hiding this comment.
[P2] name 标注为 str,但测试又传 None;如果传入 truthy 的非字符串对象,name.lower() 会抛 AttributeError。边界入口应先 str(name) 或显式拒绝非字符串。
| sanitized = "x" + sanitized | ||
|
|
||
| # Fallback if empty | ||
| return sanitized if sanitized else "unknown" |
Contributor
There was a problem hiding this comment.
[P1] 返回值没有任何长度限制,长 service_name 经过清洗后仍然可以非常长,最终 pod name 会超过 Kubernetes 限制。这里应该在 sanitizer 或 _generate_pod_name 中截断并附稳定 hash。
| tenant_part = (tenant_id or "")[:8] | ||
| user_part = (user_id or "")[:8] | ||
| safe_name = _sanitize_k8s_name(service_name) | ||
| tenant_part = _sanitize_k8s_name(tenant_id)[:8] |
Contributor
There was a problem hiding this comment.
[P2] tenant_part/user_part 只取前 8 位,tenantabcdef 和 tenantabcxyz 会生成同样前缀,排障和清理时容易误判。建议用前缀+短 hash,而不是纯截断。
| # Filter by service_name if provided | ||
| if service_name: | ||
| safe_name = "".join(c if c.isalnum() or c == "-" else "-" for c in service_name) | ||
| safe_name = _sanitize_k8s_name(service_name) |
Contributor
There was a problem hiding this comment.
[P2] list_containers 用 sanitize 后的 safe_name 再做子串匹配,service=api 会匹配到 my-api-v2 等不相关 pod。应和创建时的 component label 做精确匹配,或保存完整 sanitized service_name label。
hhhhsc701
reviewed
Jun 26, 2026
| logger = logging.getLogger("nexent.container.kubernetes") | ||
|
|
||
| # Kubernetes naming constraints: lowercase alphanumeric or dash, cannot start/end with dash, | ||
| # cannot have consecutive dashes, max 253 characters |
Contributor
There was a problem hiding this comment.
[P2] 注释写 max 253,但这个 sanitizer 没有实际 enforce 长度,而且很多使用点是 label value/名称片段,常见上限是 63。注释会让调用方误以为长度已经安全,建议把长度作为参数并在函数内截断。
hhhhsc701
reviewed
Jun 26, 2026
| return "unknown" | ||
|
|
||
| # Lowercase and replace invalid chars with dash | ||
| sanitized = K8S_NAME_PATTERN.sub("-", name.lower()) |
Contributor
There was a problem hiding this comment.
[P2] name 标注为 str,但测试又传 None;如果传入 truthy 的非字符串对象,name.lower() 会抛 AttributeError。边界入口应先 str(name) 或显式拒绝非字符串。
hhhhsc701
reviewed
Jun 26, 2026
| sanitized = "x" + sanitized | ||
|
|
||
| # Fallback if empty | ||
| return sanitized if sanitized else "unknown" |
Contributor
There was a problem hiding this comment.
[P1] 返回值没有任何长度限制,长 service_name 经过清洗后仍然可以非常长,最终 pod name 会超过 Kubernetes 限制。这里应该在 sanitizer 或 _generate_pod_name 中截断并附稳定 hash。
hhhhsc701
reviewed
Jun 26, 2026
| tenant_part = (tenant_id or "")[:8] | ||
| user_part = (user_id or "")[:8] | ||
| safe_name = _sanitize_k8s_name(service_name) | ||
| tenant_part = _sanitize_k8s_name(tenant_id)[:8] |
Contributor
There was a problem hiding this comment.
[P2] tenant_part/user_part 只取前 8 位,tenantabcdef 和 tenantabcxyz 会生成同样前缀,排障和清理时容易误判。建议用前缀+短 hash,而不是纯截断。
hhhhsc701
reviewed
Jun 26, 2026
| # Filter by service_name if provided | ||
| if service_name: | ||
| safe_name = "".join(c if c.isalnum() or c == "-" else "-" for c in service_name) | ||
| safe_name = _sanitize_k8s_name(service_name) |
Contributor
There was a problem hiding this comment.
[P2] list_containers 用 sanitize 后的 safe_name 再做子串匹配,service=api 会匹配到 my-api-v2 等不相关 pod。应和创建时的 component label 做精确匹配,或保存完整 sanitized service_name label。
WMC001
added a commit
that referenced
this pull request
Jun 26, 2026
* Release/v2.2.1 (#3269) * add_greeting_fields_to_agent-develop * feat(knowledge-base): add preserve_source_file and post-index source cleanup Let knowledge bases opt out of keeping uploaded MinIO copies after indexing while retaining Elasticsearch chunks for retrieval. Default behavior remains preserve_source_file=true for backward compatibility. - Add preserve_source_file column (init.sql + v2.2.0_0601 migration) - Accept preserve_source_file on create/update and northbound/vector APIs - Support document DELETE scope=source_only and source_available in listings - Run cleanup_source Celery task when preserve_source_file is false - UI: create-KB toggle, list tag, knowledge-base preview when copy is missing - Update vector-database SDK docs and backend tests * test(data_process): stub knowledge_db, redis_service, and redis in test_worker Align setup_mocks_for_worker with test_tasks so importing backend.data_process.worker loads package __init__ without real DB/redis deps. * test(data_process): shim cleanup_source for submit_process_forward_chain tests * remove duplicate import * fix: update unit tests for greeting_message and example_questions fields * add init.sql to sonar.properites * ♻️ Improvement: API to MCP conversion service supports configuring headers. (#3194) * ♻️ Improvement: API to MCP conversion service supports configuring headers. [Specification Details] 1. Front-end and back-end modifications * ♻️ Improvement: API to MCP conversion service supports configuring headers. [Specification Details] 1. Modify the frontend, after adding, set the HTTP headers to empty. 2. Modify test cases. * ♻️ Improvement: Enhance processing of ES index names in memory banks. (#3196) [Specification Details] 1. Replace all symbols in the index name that do not meet the rules with "_". 2. Modify test cases. * feat: add active memory tools (StoreMemoryTool, SearchMemoryTool) (#3197) - Implement StoreMemoryTool for explicit memory storage during agent reasoning - Implement SearchMemoryTool for on-demand memory retrieval during conversations - Integrate tools into agent creation flow (create_agent_info.py) - Register tools in nexent_agent.py and tools/__init__.py - Add MEMORY_OPERATION tool sign for proper categorization - Fix memory_core.py cache key to include event loop ID (prevents cross-loop conflicts) - Add comprehensive test coverage for both tools - Add procedural memory verification documentation Tools follow existing patterns: lazy imports, observer integration, error handling, and respect user memory preferences (agent_share_option, disabled_agent_ids). Co-authored-by: Dallas98 <40557804+Dallas98@users.noreply.github.com> * 🐛 Bugfix: skill names and descriptions never load to context (#3205) * 🐛 Bugfix: skill names and descriptions never load to context * 🐛 Bugfix: skill names and descriptions never load to context * 🐛 Bugfix: skill names and descriptions never load to context * 🐛 Bugfix: official skills not copied to target directory * 🐛 Bugfix: official skills not copied to target directory * Feat: add selected count badges to tool/skill pool labels (#3206) Co-authored-by: chase <byzhangxin11@126.com> * 🐛 Bugfix: Fix attribution error when tool calling error (#3208) * ✨ Feat: Add support for Word document generation, preview, and download (#3191) * Feat: Add support for Word document generation, preview, and download * Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * Restrict uploads to a known safe workspace/output directory * 修改单元测试 * 修复单元测试 * Bugfix: Store uploaded files in Minio for conversation messages to enable file visibility in history --------- Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * ✨Feat:Enhance prompt optimization by integrating openjiuwen and fix related bugs (#3190) * ✨Feat:add prompt optimization * 🐛Bugfix: dockerbuild failed when running pipefail in python3_11 * 🔨Optimize: Optimize prompt optimization display page and interaction methods * 🐛Bugfix: fix dependencies replication * 🎨:Optimize frontend prompts and loading interface * 🔧 Refactor: Update imports and remove redundant ENABLE_JIUWEN_SDK import in prompt_service.py * 🔧 Refactor: Correct import path for NexentCapabilityError and enhance test coverage for prompt optimization service * 🔧 Refactor: Update import paths for exception handling and improve logging formatting in prompt_service.py * 🔧 Refactor: Simplify lazy imports in jiuwen_sdk_adapter.py and update import paths in prompt_service.py * 🔧 Refactor: Enhance Jiuwen SDK adapter handling and improve test stubs in prompt_service.py and related test files * 🧪test:Pydantic model for PromptTemplateRequest in test_prompt_template_app.py * 🔧 Refactor: Remove unnecessary dependency exclusions from pyproject.toml * 🔧 Update: Upgrade huggingface_hub dependency version in pyproject.toml * 🔧 Update: Exclude unnecessary transitive dependencies and adjust huggingface_hub version in pyproject.toml * 🔧 Test: Add mock modules for unstructured inference and set up package paths in test files * 🔧 Test: Enhance test setup by adding optional SDK mocks and cleaning up module imports in data processing tests * 🔧 Test: Consolidate mock module setup for unstructured inference across multiple test files * 🔧 Test: Remove unused optional SDK mocks from test configuration * 🔧 Refactor: Clean up imports and enhance dynamic loading of fastmcp components in Docker client * 📦update:sdk dependence update * Add CAS SSO integration and improve logout handling (#3072) * feat: add CAS SSO integration * Skip CAS logout when CAS_LOGOUT_URL is unset * 取消转义 * Improve CAS logout handling and confirm user logout * Disable account deletion for CAS users * Add CAS session init SQL and k8s config * clean code * Remove agent guardrails design doc from tracking * 补充文档 --------- Co-authored-by: hhhhsc <name> * 🐛Bugfix: Remove unnecessary dependency exclusions and upgrade huggingface_hub version in pyproject.toml (#3211) * refactor: move current time from system prompt to user message for prompt cache stability (#3203) Remove {{time}} from all 4 prompt YAML templates (manager/managed × en/zh) and strip time_str from the context_utils pipeline (_format_app_context, build_skeleton_header_component, build_context_components, build_app_context_string). Also remove time from create_agent_info render kwargs and build_context_components call. In CoreAgent.run, prepend [Current time: ...] to self.task so the timestamp travels with the user message instead of being baked into the system prompt. This makes the rendered system prompt fully deterministic per (agent_id, tenant_id, version_no, language) — enabling prompt/KV cache hits across requests for the same agent config. Sync test_context_utils.py: drop time_str= from 3 test cases. Remove unused datetime imports from context_utils.py and create_agent_info.py. * 🐛 Bugfix: Fixed the issue of being unable to add MCP services via containerization. (#3213) [Specification Details] 1. Modify the DEFAULT_NETWORK_NAME when starting the MCP service in the container to match the name in docker-compose. 2. Modify the parameters passed to the add_mcp_service method; custom_headers defaults to None. * 🐛 Bugfix: Fixed the issue where uploaded text files could not be parsed during a session. (#3219) * 🐛 Bugfix: Fixed the issue where uploaded text files could not be parsed during a session. [Specification Details] 1. The return parameter of the file_process method has changed and needs to be unpacked. * 🐛 Bugfix: Fixed the issue where uploaded text files could not be parsed during a session. [Specification Details] 1. Modify test case. * 🐛 Bugfix: Fixed an issue where the MCP service could not be added correctly after updating the FastMCP version. (#3222) [Specification Details] 1. Add `kwargs` to the `create_httpx_client` function to accept all additional parameters. * 🐛 Bugfix: Fix incomplete display of tenant resources page after window resize (#3215) * Move non-shadcn ui component to other folder * Bugfix: Fix incomplete display of tenant resources page after window resize * Bugfix: Fix incomplete display of tenant resources page after window resize * Add agent marketplace repository and version pinning for sub-agents (#3239) * feat: add agent marketplace repository and pin sub-agent versions at publish Introduce ag_agent_repository_t with list/status/publish/import APIs for frozen agent snapshots. Pin selected_agent_version_no on agent relations when publishing so sub-agents resolve to a fixed version at runtime. Extend agent export/import to bundle skills in ZIP payloads and add embedding model fallback when no model name is provided. * feat: add agent marketplace repository and pin sub-agent versions at publish Introduce ag_agent_repository_t with list/status/publish/import APIs for frozen agent snapshots. Pin selected_agent_version_no on agent relations when publishing so sub-agents resolve to a fixed version at runtime. Extend agent export/import to bundle skills in ZIP payloads and add embedding model fallback when no model name is provided. * feat: add agent marketplace repository and pin sub-agent versions at publish Introduce ag_agent_repository_t with list/status/publish/import APIs for frozen agent snapshots. Pin selected_agent_version_no on agent relations when publishing so sub-agents resolve to a fixed version at runtime. Extend agent export/import to bundle skills in ZIP payloads and add embedding model fallback when no model name is provided. * feat: add agent marketplace repository and pin sub-agent versions at publish Introduce ag_agent_repository_t with list/status/publish/import APIs for frozen agent snapshots. Pin selected_agent_version_no on agent relations when publishing so sub-agents resolve to a fixed version at runtime. Extend agent export/import to bundle skills in ZIP payloads and add embedding model fallback when no model name is provided. * feat(agent): add verification configuration for agents and update related components (#3174) * feat(agent): add verification configuration for agents and update related components * feat(model): update model type labels and add monitoring dashboard translations * 🐛 Bugfix: Fix inability to select agent from agent space to edit (#3240) * Move non-shadcn ui component to other folder * Bugfix: Fix incomplete display of tenant resources page after window resize * Bugfix: Fix incomplete display of tenant resources page after window resize * Bugfix: Fix inability to select agent from agent space to edit * Bugfix: Display correct version info when viewing agent details * Update data agent and ME CAS integration documentation (#3242) * 补充dataagent对接文档 * 补充ME cas对接文档 * 补充ME cas对接文档 --------- Co-authored-by: hhhhsc <name> * ✨ Add several northbound apis (#3223) * ✨ Add several northbound apis * ✨ Add several northbound apis * ✨ Add several northbound apis * ✨ Add several northbound apis * ✨ Add several northbound apis * refactor: simplify deployment script by removing unused variables and functions (#3245) * feat(agent): add verification configuration for agents and update related components * feat(model): update model type labels and add monitoring dashboard translations * refactor(build_offline_package): simplify deployment script by removing unused variables and functions * 🐛 Bugfix: Adjust agent detail UI layout to accommodate newly added "self-verification" field (#3246) * Move non-shadcn ui component to other folder * Bugfix: Fix incomplete display of tenant resources page after window resize * Bugfix: Fix incomplete display of tenant resources page after window resize * Bugfix: Fix inability to select agent from agent space to edit * Bugfix: Display correct version info when viewing agent details * Bugfix: Adjust agent detail UI layout to accommodate newly added "self-verification" field * 补充sql (#3248) * 补充sql * 扩大limit限制 * 🐛 Bugfix: Fixed an issue where the MCP service failed to start in a Kubernetes container. (#3254) [Specification Details] 1. Modify the pod naming logic to convert all non-compliant characters to -. 2. Modify test cases. * 🐛 Bugfix: knowledge_base_search_tool called with TypeError: argument of type 'FieldInfo' is not iterable (#3259) * 🐛 Bugfix: Fixed an issue where the one-click rename function failed after importing an agent. (#3258) [Specification Details] 1. The frontend does not pass `agent_id` when calling the `regenerate_name` API. * Bugfix: Exclude attachments from assistant when saving conversation history (#3261) * Bump APP_VERSION from v2.2.0 to v2.2.1 (#3268) The default setting for client-side self-validation is "False". --------- Co-authored-by: chase <byzhangxin11@126.com> Co-authored-by: Chenlifeng <174292121+Lifeng-Chen@users.noreply.github.com> Co-authored-by: Dallas98 <40557804+Dallas98@users.noreply.github.com> Co-authored-by: Jason Wang <56037774+JasonW404@users.noreply.github.com> Co-authored-by: Xia Yichen <iamjasonxia@126.com> Co-authored-by: JeffWu <45140512+jeffwu-1999@users.noreply.github.com> Co-authored-by: WMC001 <46217886+WMC001@users.noreply.github.com> Co-authored-by: xuyaqi <xuyaqist@gmail.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Co-authored-by: DongJiBao2001 <120021235+DongJiBao2001@users.noreply.github.com> Co-authored-by: hhhhsc701 <56435672+hhhhsc701@users.noreply.github.com> Co-authored-by: Dallas98 <990259227@qq.com> Co-authored-by: frr <64584192+wuyuanfr@users.noreply.github.com> * Revert "Release/v2.2.1 (#3269)" (#3272) This reverts commit 9ff420e. * ✨ Feature: add agent repository page and APIs Introduce Agent Repository backend APIs, database/service support, frontend views, client services, and tests. Migrate Agent Space navigation and permissions to /agent-repository with updated SQL and localization. * ✨ Feature: add agent repository page and APIs Introduce Agent Repository backend APIs, database/service support, frontend views, client services, and tests. Migrate Agent Space navigation and permissions to /agent-repository with updated SQL and localization. * ✨ Feature: add agent repository page and APIs Introduce Agent Repository backend APIs, database/service support, frontend views, client services, and tests. Migrate Agent Space navigation and permissions to /agent-repository with updated SQL and localization. * ✨ Feature: add agent repository page and APIs Introduce Agent Repository backend APIs, database/service support, frontend views, client services, and tests. Migrate Agent Space navigation and permissions to /agent-repository with updated SQL and localization. * ✨ Feature: add agent repository page and APIs Introduce Agent Repository backend APIs, database/service support, frontend views, client services, and tests. Migrate Agent Space navigation and permissions to /agent-repository with updated SQL and localization. --------- Co-authored-by: panyehong <91180085+YehongPan@users.noreply.github.com> Co-authored-by: chase <byzhangxin11@126.com> Co-authored-by: Dallas98 <40557804+Dallas98@users.noreply.github.com> Co-authored-by: Jason Wang <56037774+JasonW404@users.noreply.github.com> Co-authored-by: Xia Yichen <iamjasonxia@126.com> Co-authored-by: JeffWu <45140512+jeffwu-1999@users.noreply.github.com> Co-authored-by: WMC001 <46217886+WMC001@users.noreply.github.com> Co-authored-by: xuyaqi <xuyaqist@gmail.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Co-authored-by: DongJiBao2001 <120021235+DongJiBao2001@users.noreply.github.com> Co-authored-by: hhhhsc701 <56435672+hhhhsc701@users.noreply.github.com> Co-authored-by: Dallas98 <990259227@qq.com> Co-authored-by: frr <64584192+wuyuanfr@users.noreply.github.com>
Dallas98
reviewed
Jun 29, 2026
Dallas98
left a comment
Dallas98
left a comment
Member
There was a problem hiding this comment.
事后审查补充:按已合入 diff 补充 5 条可行动 inline review comments。
| logger = logging.getLogger("nexent.container.kubernetes") | ||
|
|
||
| # Kubernetes naming constraints: lowercase alphanumeric or dash, cannot start/end with dash, | ||
| # cannot have consecutive dashes, max 253 characters |
Member
There was a problem hiding this comment.
事后审查补充:[P2] 注释写 max 253,但这个 sanitizer 没有实际 enforce 长度,而且很多使用点是 label value/名称片段,常见上限是 63。注释会让调用方误以为长度已经安全,建议把长度作为参数并在函数内截断。
影响:这个问题合入后会在对应部署、运行或权限场景中留下真实故障/安全风险,后续排查成本较高。
建议:沿着上述风险点补齐校验、配置来源、权限边界或回归测试,避免同类问题再次出现。
| return "unknown" | ||
|
|
||
| # Lowercase and replace invalid chars with dash | ||
| sanitized = K8S_NAME_PATTERN.sub("-", name.lower()) |
Member
There was a problem hiding this comment.
事后审查补充:[P2] name 标注为 str,但测试又传 None;如果传入 truthy 的非字符串对象,name.lower() 会抛 AttributeError。边界入口应先 str(name) 或显式拒绝非字符串。
影响:这个问题合入后会在对应部署、运行或权限场景中留下真实故障/安全风险,后续排查成本较高。
建议:沿着上述风险点补齐校验、配置来源、权限边界或回归测试,避免同类问题再次出现。
| sanitized = "x" + sanitized | ||
|
|
||
| # Fallback if empty | ||
| return sanitized if sanitized else "unknown" |
Member
There was a problem hiding this comment.
事后审查补充:[P1] 返回值没有任何长度限制,长 service_name 经过清洗后仍然可以非常长,最终 pod name 会超过 Kubernetes 限制。这里应该在 sanitizer 或 _generate_pod_name 中截断并附稳定 hash。
影响:这个问题合入后会在对应部署、运行或权限场景中留下真实故障/安全风险,后续排查成本较高。
建议:沿着上述风险点补齐校验、配置来源、权限边界或回归测试,避免同类问题再次出现。
| tenant_part = (tenant_id or "")[:8] | ||
| user_part = (user_id or "")[:8] | ||
| safe_name = _sanitize_k8s_name(service_name) | ||
| tenant_part = _sanitize_k8s_name(tenant_id)[:8] |
Member
There was a problem hiding this comment.
事后审查补充:[P2] tenant_part/user_part 只取前 8 位,tenantabcdef 和 tenantabcxyz 会生成同样前缀,排障和清理时容易误判。建议用前缀+短 hash,而不是纯截断。
影响:这个问题合入后会在对应部署、运行或权限场景中留下真实故障/安全风险,后续排查成本较高。
建议:沿着上述风险点补齐校验、配置来源、权限边界或回归测试,避免同类问题再次出现。
| # Filter by service_name if provided | ||
| if service_name: | ||
| safe_name = "".join(c if c.isalnum() or c == "-" else "-" for c in service_name) | ||
| safe_name = _sanitize_k8s_name(service_name) |
Member
There was a problem hiding this comment.
事后审查补充:[P2] list_containers 用 sanitize 后的 safe_name 再做子串匹配,service=api 会匹配到 my-api-v2 等不相关 pod。应和创建时的 component label 做精确匹配,或保存完整 sanitized service_name label。
影响:这个问题合入后会在对应部署、运行或权限场景中留下真实故障/安全风险,后续排查成本较高。
建议:沿着上述风险点补齐校验、配置来源、权限边界或回归测试,避免同类问题再次出现。
Dallas98
reviewed
Jun 29, 2026
Dallas98
left a comment
Dallas98
left a comment
Member
There was a problem hiding this comment.
二次事后审查补充 1/5:单条独立 review submission。
| logger = logging.getLogger("nexent.container.kubernetes") | ||
|
|
||
| # Kubernetes naming constraints: lowercase alphanumeric or dash, cannot start/end with dash, | ||
| # cannot have consecutive dashes, max 253 characters |
Member
There was a problem hiding this comment.
二次事后审查补充:[P2] 注释写 max 253,但这个 sanitizer 没有实际 enforce 长度,而且很多使用点是 label value/名称片段,常见上限是 63。注释会让调用方误以为长度已经安全,建议把长度作为参数并在函数内截断。
影响:该问题合入后仍可能在真实部署、运行、权限或测试场景中形成回归风险。
建议:后续按这个风险点补齐边界校验、配置来源收敛、权限约束或针对性回归测试。
Dallas98
reviewed
Jun 29, 2026
Dallas98
left a comment
Dallas98
left a comment
Member
There was a problem hiding this comment.
二次事后审查补充 2/5:单条独立 review submission。
| return "unknown" | ||
|
|
||
| # Lowercase and replace invalid chars with dash | ||
| sanitized = K8S_NAME_PATTERN.sub("-", name.lower()) |
Member
There was a problem hiding this comment.
二次事后审查补充:[P2] name 标注为 str,但测试又传 None;如果传入 truthy 的非字符串对象,name.lower() 会抛 AttributeError。边界入口应先 str(name) 或显式拒绝非字符串。
影响:该问题合入后仍可能在真实部署、运行、权限或测试场景中形成回归风险。
建议:后续按这个风险点补齐边界校验、配置来源收敛、权限约束或针对性回归测试。
Dallas98
reviewed
Jun 29, 2026
Dallas98
left a comment
Dallas98
left a comment
Member
There was a problem hiding this comment.
二次事后审查补充 3/5:单条独立 review submission。
| sanitized = "x" + sanitized | ||
|
|
||
| # Fallback if empty | ||
| return sanitized if sanitized else "unknown" |
Member
There was a problem hiding this comment.
二次事后审查补充:[P1] 返回值没有任何长度限制,长 service_name 经过清洗后仍然可以非常长,最终 pod name 会超过 Kubernetes 限制。这里应该在 sanitizer 或 _generate_pod_name 中截断并附稳定 hash。
影响:该问题合入后仍可能在真实部署、运行、权限或测试场景中形成回归风险。
建议:后续按这个风险点补齐边界校验、配置来源收敛、权限约束或针对性回归测试。
Dallas98
reviewed
Jun 29, 2026
Dallas98
left a comment
Dallas98
left a comment
Member
There was a problem hiding this comment.
二次事后审查补充 4/5:单条独立 review submission。
| tenant_part = (tenant_id or "")[:8] | ||
| user_part = (user_id or "")[:8] | ||
| safe_name = _sanitize_k8s_name(service_name) | ||
| tenant_part = _sanitize_k8s_name(tenant_id)[:8] |
Member
There was a problem hiding this comment.
二次事后审查补充:[P2] tenant_part/user_part 只取前 8 位,tenantabcdef 和 tenantabcxyz 会生成同样前缀,排障和清理时容易误判。建议用前缀+短 hash,而不是纯截断。
影响:该问题合入后仍可能在真实部署、运行、权限或测试场景中形成回归风险。
建议:后续按这个风险点补齐边界校验、配置来源收敛、权限约束或针对性回归测试。
Dallas98
reviewed
Jun 29, 2026
Dallas98
left a comment
Dallas98
left a comment
Member
There was a problem hiding this comment.
二次事后审查补充 5/5:单条独立 review submission。
| # Filter by service_name if provided | ||
| if service_name: | ||
| safe_name = "".join(c if c.isalnum() or c == "-" else "-" for c in service_name) | ||
| safe_name = _sanitize_k8s_name(service_name) |
Member
There was a problem hiding this comment.
二次事后审查补充:[P2] list_containers 用 sanitize 后的 safe_name 再做子串匹配,service=api 会匹配到 my-api-v2 等不相关 pod。应和创建时的 component label 做精确匹配,或保存完整 sanitized service_name label。
影响:该问题合入后仍可能在真实部署、运行、权限或测试场景中形成回归风险。
建议:后续按这个风险点补齐边界校验、配置来源收敛、权限约束或针对性回归测试。
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🐛 Bugfix: Fixed an issue where the MCP service failed to start in a Kubernetes pod.
fixes #3253
[Specification Details]