✨ Feature: add agent repository page and APIs

[Lifeng-Chen]

Introduce Agent Repository backend APIs, database/service support, frontend views, client services, and tests. Migrate Agent Space navigation and permissions to /agent-repository with updated SQL and localization.

[Lifeng-Chen]

智能体仓库，已上架的智能体，可通过类别进行筛选

[YehongPan]

🔍 Code Review Comments

1. [安全/漏洞] options API 缺少权限过滤
list_agent_repository_options_api 返回的 options 数据（categories/icons/tags）未做权限过滤，所有登录用户均可获取完整预设列表，应确认是否符合设计意图。

2. [逻辑漏洞] CSV group_ids 子串误匹配
_build_group_ids_overlap_condition 使用 LIKE '%,gid,%' 匹配 CSV 格式的 group_ids，当 group_id 是另一个 group_id 的子串时（如 id=1 匹配 id=11），会产生误匹配。应改用 PostgreSQL 数组类型或 JSON 数组。

3. [代码规范] f-string 日志格式
agent_repository_app.py 中多处使用 logger.error(f"...") 的 f-string 日志格式，应改为 logger.error("...", exc_info=True) 以保留异常堆栈信息。

[YehongPan]

Code Review

• [安全/漏洞] list_agent_repository_options_api 返回的 options 数据（categories/icons/tags）未做权限过滤，所有登录用户均可获取完整预设列表，应确认是否符合设计意图。
• [逻辑漏洞] _build_group_ids_overlap_condition 使用 LIKE '%,gid,%' 匹配 CSV 格式的 group_ids，当 group_id 是另一个 group_id 的子串时（如 id=1 匹配 id=11），会产生误匹配。应改用 PostgreSQL 数组类型或 JSON 数组。
• [代码规范] agent_repository_app.py 中多处使用 logger.error(f"...") 的 f-string 日志格式，应改为 logger.error("...", exc_info=True) 以保留异常堆栈信息。

[Lifeng-Chen]

点击查看详情有智能体详情的弹窗

[Lifeng-Chen]

“我的”按钮下展示所有有编辑权限的智能体，可以按“我创建的”和“其它”来分别筛选。

[Lifeng-Chen]

点击编辑按钮会跳转到智能体配置的页面。

[Lifeng-Chen]

已发布的智能体，可以申请上架，需要选择智能体的图标，类别和标签。

[Lifeng-Chen]

申请上架的智能体会有“审核中”的字样显示（初次上架是“审核中”，后续是“更新审核中”），同时可以查看审核进度。在审核进度弹窗，可以取消上架。

[Lifeng-Chen]

租户管理员可以打开审核中心查看所有待审核智能体，可以选择通过或者驳回。

[Lifeng-Chen]

审核通过的智能体，会显示“已上架”，点击查看审核状态可以看到详情。

[Lifeng-Chen]

通过审核的智能体，可以在仓库页面看到。

[Lifeng-Chen]

已经上架的智能体，在发布了更新版本后，可以再次申请上架，此时不会替换仓库中的智能体版本，需要审核通过之后才会替换。同时，可以查看审核状态，或取消申请上架。

[Lifeng-Chen]

上架申请被驳回后的表现

[WMC001]

Agent repository is a large feature addition (27 files, +5497/-1054). The architectural split of agent templates into a dedicated repository layer needs careful review of the migration path for existing agents. Please confirm backward compatibility with existing agent configurations.

[WMC001]

Bug 1 (HIGH): Status enum values changed — breaking API change

backend/database/agent_repository_db.py lines 266-269 — status constants were renamed from uppercase to lowercase:

# Before
STATUS_NOT_SHARED = "NOT_SHARED"
STATUS_PENDING_REVIEW = "PENDING_REVIEW"
STATUS_REJECTED = "REJECTED"
STATUS_SHARED = "SHARED"

# After
STATUS_NOT_SHARED = "not_shared"
STATUS_PENDING_REVIEW = "pending_review"
STATUS_REJECTED = "rejected"
STATUS_SHARED = "shared"

Any existing integrations that check or send these status strings (e.g., status == "NOT_SHARED") will silently break. This needs a migration strategy or backward-compatible aliasing.

[WMC001]

Bug 2 (MEDIUM): Missing logger in agent_repository_app.py

backend/apps/agent_repository_app.py — import logging and logger = logging.getLogger(...) were removed. The app no longer logs errors for unexpected exceptions. Ensure logging is added back or confirm this is intentional.

[WMC001]

Bug 4 (MEDIUM): AgentImportWizard removed from MineAgentsView without replacement

frontend/app/[locale]/agent-space/components/MineAgentsView.tsx — the AgentImportWizard modal was deleted. Users can no longer import agents from the agent-space page. Either re-add the wizard or confirm the import flow is handled elsewhere.

[WMC001]

Bug 3 (MEDIUM): source_version_no renamed to version_no — field name change

Multiple places in agent_repository_service.py and agent_repository_db.py — source_version_no was renamed to version_no. Any external callers (frontend, other services) that reference source_version_no in API payloads or responses will break. Verify all API contracts and frontend code are updated to use the new field name.

[WMC001]

Bug 5 (LOW): category_id defaults to 0 in request model

backend/consts/model.py — AgentRepositoryListingCreateRequest.category_id defaults to 0, but the validation in _validate_card_fields checks if category_id is None or not isinstance(category_id, int). A category_id of 0 passes the isinstance check, which may allow invalid zero-value category IDs to reach the database.

[WMC001]

Bug 6 (CRITICAL): SQL migration missing columns — inserts/updates will crash

docker/sql/v2.2.1_0605_add_ag_agent_repository_t.sql — the migration creates the table but is missing three columns that all Python code writes to: submitted_by, icon, and downloads. Compare against docker/init.sql and db_models.py which define all three.

Any tenant running this migration on an existing database will get column "submitted_by" does not exist errors on every insert and update. Add the missing column definitions:

, submitted_by VARCHAR(100)
, icon VARCHAR(100)
, downloads INTEGER DEFAULT 0

[WMC001]

Bug 7 (CRITICAL): Duplicate TypeScript interface declaration

frontend/types/agentRepository.ts — AgentRepositoryListingCreatePayload is declared twice. TypeScript will emit a compile error on the duplicate identifier. Remove the second declaration.

[WMC001]

Bug 8 (MEDIUM): submitted_by gets overwritten on every re-share

backend/database/agent_repository_db.py — submitted_by is not in _UPSERT_IMMUTABLE_FIELDS, so it gets overwritten on every upsert. The field should be set only when the listing first enters pending_review and preserved on subsequent re-shares. Add "submitted_by" to _UPSERT_IMMUTABLE_FIELDS to preserve the original submitter's email.

[WMC001]

Bug 9 (MEDIUM): group_ids column referenced but may not exist

backend/database/agent_repository_db.py — _build_group_ids_overlap_condition references AgentInfo.group_ids, but there is no migration in this PR adding that column to ag_tenant_agent_t. For non-ADMIN users, every call to list_my_editable_agents_impl will crash with column ag_tenant_agent_t.group_ids does not exist. Either add a migration or add a defensive fallback.