Refactor prompt handling, agent workflow, and image builds#3302
Conversation
# Conflicts: # deploy/offline/build_offline_package.sh # deploy/sql/migrations/v2.2.0_0601_add_preserve_source_file_to_knowledge_record_t.sql # deploy/sql/migrations/v2.2.0_0603_add_greeting_fields_to_ag_tenant_agent_t.sql # deploy/sql/migrations/v2.2.1_0601_add_agent_verification_config.sql # deploy/sql/migrations/v2.2.1_0601_add_preserve_source_file_to_knowledge_record_t.sql # deploy/sql/migrations/v2.2.1_0603_add_greeting_fields_to_ag_tenant_agent_t.sql # deploy/sql/migrations/v2.2.1_0605_add_ag_agent_repository_t.sql # deploy/sql/migrations/v2.2.1_0609_add_selected_agent_version_no_to_agent_relation_t.sql # docker/deploy.sh # docker/sql/v2.2.0_0601_add_preserve_source_file_to_knowledge_record_t.sql # docker/sql/v2.2.0_0603_add_greeting_fields_to_ag_tenant_agent_t.sql # k8s/helm/deploy.sh # k8s/helm/nexent/charts/nexent-common/files/init.sql
# Conflicts: # deploy/sql/migrations/v2.2.2_0622_update_left_nav_menu.sql # docker/init.sql # k8s/helm/nexent/charts/nexent-common/files/init.sql
# Conflicts: # deploy/sql/migrations/v2.2.0_0615_context_management_capacity_schema.sql # deploy/sql/migrations/v2.2.0_0617_context_management_capacity_data_fix.sql # deploy/sql/migrations/v2.2.2_0622_update_left_nav_menu.sql # docker/init.sql # k8s/helm/nexent/charts/nexent-common/files/init.sql # make/web/Dockerfile
整体检视意见1.
|
| PORT_SOURCES=() | ||
|
|
||
| # Always include the main .env if present, plus any .env.* files | ||
| # Always include the root .env if present, plus image-source env variants. |
There was a problem hiding this comment.
docker和k8s用到的.env还是放到deploy的env目录下,根目录下的.env需要给本地启动使用
Dallas98
left a comment
Dallas98
left a comment
There was a problem hiding this comment.
追加事后审查 1/3:单条独立 review submission。
| COPY --from=builder /opt/frontend-dist . | ||
|
|
||
| ENV NODE_ENV=production | ||
| ENV HOSTNAME=localhost |
There was a problem hiding this comment.
追加事后审查:ENV HOSTNAME=localhost 会让 Node.js 只绑定 loopback 地址,导致宿主机无法通过 Docker 端口映射访问 3000 端口(容器内 curl localhost:3000 正常,但宿主机 curl 127.0.0.1:3000 会 connection refused)。
建议改为:
ENV HOSTNAME=0.0.0.0影响:该点合入后可能在真实使用、部署、权限或测试场景中形成回归风险,问题暴露时定位成本会偏高。
建议:后续围绕这个风险点补齐输入校验、权限/租户边界、配置来源收敛或针对性回归测试。
Dallas98
left a comment
Dallas98
left a comment
There was a problem hiding this comment.
追加事后审查 2/3:单条独立 review submission。
| COPY backend/pyproject.toml /opt/backend/pyproject.toml | ||
| RUN --mount=type=cache,id=nexent-main-uv-${TARGETARCH},target=/root/.cache/uv,sharing=locked \ | ||
| uv sync --link-mode copy $(test -n "$MIRROR" && echo "-i $MIRROR") | ||
| # Layer 1: install sdk in link mode |
There was a problem hiding this comment.
追加事后审查:注释写的是 "install sdk in link mode",但 --link-mode copy 是 uv 的文件链接策略,不是 editable install(-e)。SDK 源码改了仍然需要重 build image 才能生效。
建议将注释改为更准确的描述,例如 # Layer 1: install sdk (copy mode),避免与 editable install 混淆。
影响:该点合入后可能在真实使用、部署、权限或测试场景中形成回归风险,问题暴露时定位成本会偏高。
建议:后续围绕这个风险点补齐输入校验、权限/租户边界、配置来源收敛或针对性回归测试。
Dallas98
left a comment
Dallas98
left a comment
There was a problem hiding this comment.
追加事后审查 3/3:单条独立 review submission。
| "$@" | ||
| } | ||
|
|
||
| escape_sql_literal() { |
There was a problem hiding this comment.
追加事后审查:escape_sql_literal 用于构造 SQL,虽然当前调用来源基本可控,但作为 defense-in-depth 建议对输入做白名单校验(例如只允许 [a-zA-Z0-9_.-]),防止意外传入特殊字符导致 SQL 注入。
影响:该点合入后可能在真实使用、部署、权限或测试场景中形成回归风险,问题暴露时定位成本会偏高。
建议:后续围绕这个风险点补齐输入校验、权限/租户边界、配置来源收敛或针对性回归测试。
5 participants
No description provided.