versun/claude-code
1
0
Fork 0
mirror of https://github.com/claude-code-best/claude-code.git synced 2026-06-15 21:05:51 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
codex-subscription
claude-code/docs/internals/agent-comm-fix-jira-tasks.md
Dosion c2ac9a74c1 fix: resolve dependency audit findings precisely (#361) 
* fix: harden ACP communication boundaries

Harden ACP communication boundaries

Remote ACP sessions now cannot widen permission mode through untrusted
metadata or client payloads. WebSocket ACP ingress measures payloads by bytes
before binary decode, and prompt queue handoff keeps exactly one prompt active
while queued prompts are drained FIFO.

Constraint: ACP remote clients must not be able to open bypassPermissions without local launch intent
Constraint: WebSocket payload limits must be byte-based and checked before binary decode
Rejected: Keep promptToQueryContent wrapper | no production consumers remained after prompt conversion single-sourcing
Confidence: high
Scope-risk: moderate
Directive: Do not re-enable remote bypassPermissions from _meta unless a local launch gate is verified in both acp-link and agent
Tested: targeted ACP/RCS/acp-link prompt queue, bridge, permission, payload, and prompt conversion tests; bun run typecheck; bun run build
Not-tested: Manual live ACP/RCS session against an external client

* fix: restore repository verification gates

Keep the full repository test, typecheck, build, and Biome lint gates usable
after the ACP fix pass. This commit is intentionally separate from the ACP
behavior change: it fixes Windows-safe Langfuse home redaction, removes stale
lint suppressions, resolves Biome warning/info diagnostics, and keeps env
expansion tests explicit without template-placeholder lint noise.

Constraint: The project completion contract requires full typecheck, lint, test, and build evidence
Rejected: Leave warning/info diagnostics as historical noise | they obscure future gate regressions and weaken flow-impact claims
Confidence: high
Scope-risk: narrow
Directive: Keep repository gate cleanup separate from feature fixes when it is not part of the same runtime path
Tested: bunx biome lint src/; bunx tsc --noEmit; bun test src/services/mcp/__tests__/envExpansion.test.ts src/utils/__tests__/sliceAnsi.test.ts src/utils/__tests__/stringUtils.test.ts; bun test; bun run build
Not-tested: Manual Langfuse export against a real external Langfuse service

* fix: harden ACP failure boundaries after review

Deep review found several paths that made ACP communication failures look normal: prompt errors could finish as end_turn, permission pipeline exceptions could fall through to client approval, tool rawInput was deep-copied with JSON, and acp-link accepted unbounded or unvalidated WebSocket payloads. This keeps the behavior fail-closed, validates WS payloads before dispatch, caps payload size before JSON parse, and preserves cancellation intent with a generation counter.

Constraint: User explicitly rejected pseudo-fixes, fallback behavior, and unbounded payload handling

Rejected: Keep JSON stringify/parse rawInput copy | duplicates large payloads and silently drops non-JSON inputs

Rejected: Delegate permission pipeline errors to client approval | allows a broken local permission check to be bypassed

Confidence: high

Scope-risk: moderate

Directive: Do not convert ACP errors into normal end_turn responses without a protocol-level reason and regression tests

Tested: bun test src/services/acp/__tests__/agent.test.ts src/services/acp/__tests__/bridge.test.ts src/services/acp/__tests__/permissions.test.ts

Tested: bun test packages/acp-link/src/__tests__/server.test.ts

Tested: bunx tsc --noEmit

Tested: bunx biome lint src/ packages/acp-link/src/

Tested: bun run test:all

Tested: bun run build

Not-tested: Manual end-to-end ACP client session over a real editor WebSocket

* fix: prevent ACP coverage runs from seeing partial mocks

GitHub Actions failed under bun test --coverage because permissions.test.ts replaced ../bridge.js with a partial mock that omitted forwardSessionUpdates. Coverage worker ordering on Linux let sibling tests observe that incomplete module.

This isolates ACP test mocks by snapshotting real exports, overriding only requested symbols, and restoring mocks in LIFO order. The shared helper also keeps the same behavior in agent.test.ts without duplicating mock infrastructure.

Constraint: bun:test mock.module is process-global inside a worker.

Rejected: Add fallback exports or production guards | the bridge export exists; the failure was test mock pollution.

Rejected: Keep per-file helper copies | duplication would let restore semantics drift again.

Confidence: high

Scope-risk: narrow

Directive: Prefer safeMockModule for partial mocks of real modules in ACP tests; plain mock.module is only appropriate for fully synthetic modules or isolated tests.

Tested: bun test src/services/acp/__tests__/agent.test.ts src/services/acp/__tests__/bridge.test.ts src/services/acp/__tests__/permissions.test.ts

Tested: bun test --coverage --coverage-reporter=lcov

Tested: bunx tsc --noEmit

Tested: bun run lint

Tested: git diff --check

Not-tested: Linux runner directly before push

* fix: normalize ACP bypass requests without warning noise

The previous CI repair removed the failing partial bridge mock, but it also added a shared safeMockModule helper and left the acp-link bypass normalization warning in the real new_session path.

This tightens the fix: acp-link now treats an unauthorized client bypass request as normal permission-mode normalization without emitting a warning, and the ACP permission test explicitly preserves the real bridge and permission exports instead of using a shared helper. The agent test keeps its local mock preservation but names it by behavior and restores mocks in LIFO order.

Constraint: CI output should not contain expected warning noise for covered policy branches.

Rejected: Silence the test only | the normal new_session path would still warn for an expected normalization branch.

Rejected: Keep the shared safeMockModule helper | the failing module was specific and should be fixed by preserving real exports at the mocking site.

Confidence: high

Scope-risk: narrow

Directive: Treat client-requested bypassPermissions as data to normalize unless the local default explicitly enables bypass.

Tested: bun test packages/acp-link/src/__tests__/server.test.ts

Tested: bun test src/services/acp/__tests__/agent.test.ts src/services/acp/__tests__/bridge.test.ts src/services/acp/__tests__/permissions.test.ts

Tested: bun test --coverage --coverage-reporter=lcov with UPPER_WARN_COUNT=0

Tested: bun run test:all

Tested: bun run lint

Tested: bunx tsc --noEmit

Tested: git diff --check

* fix: harden ACP bypass and CI warning gates

ACP clients must not be able to enter bypassPermissions unless the local ACP gate and process environment both allow it. The same gate now controls session creation, explicit mode changes, and the ExitPlanMode option list, while session setup restores process.cwd so coverage and later work do not inherit ACP session state.

Constraint: CI must stay warning-clean without hiding real ACP permission failures

Rejected: Logging rejected bypass requests on the normal new_session path | it preserves audit text but reintroduces warning noise the runtime should not emit

Rejected: Broad CI=true postinstall skip | it hides explicit Chrome MCP setup checks outside the install path

Confidence: high

Scope-risk: moderate

Directive: Keep bypassPermissions gated through one ACP availability decision before exposing it to clients

Tested: bun test src/services/acp/__tests__/permissions.test.ts src/services/acp/__tests__/agent.test.ts packages/acp-link/src/__tests__/server.test.ts

Tested: bun run test:all

Tested: bun run lint

Tested: bun run build:vite with zero warning matches

Tested: bun test --coverage --coverage-reporter lcov --coverage-dir coverage produced non-empty lcov with SF records and zero filtered warning matches

Not-tested: GitHub Actions result after this push

* fix: remove remaining CI warning noise

The CI log still had three non-failing warnings after the ACP hardening commit: git init default-branch advice from checkout, a Node 20 action-runtime deprecation, and one additional known Vite dynamic-import diagnostic that only surfaced on Linux. The workflow now provides explicit git config and opts actions into Node 24, while Vite keeps a narrow allowlist for acknowledged optimizer diagnostics.

Constraint: Do not use shell log filtering to hide warnings after they happen

Rejected: Grep warning lines out of CI output | it would make future diagnostics harder to find

Confidence: high

Scope-risk: narrow

Directive: Add new Vite warning allowlist entries only after checking that they are existing optimizer diagnostics, not new application defects

Tested: bunx tsc --noEmit --pretty false

Tested: bunx biome lint .github/workflows/ci.yml vite.config.ts

Tested: bun run build:vite with zero warning matches

Not-tested: GitHub Actions result after this push

* fix: reject unauthorized ACP bypass and harden CI actions

ACP clients now fail closed when permissionMode is malformed, unknown, or requests bypass without a local bypass opt-in. acp-link validates new_session input before forwarding to the agent and returns client error frames for expected unauthorized requests without logging create-failed noise. The direct AcpAgent path independently rejects invalid _meta.permissionMode and unauthorized bypass instead of falling back to settings.

CI workflows and generated GitHub App templates now use Node 24-compatible actions pinned to immutable commit SHAs, and acp-link startup output no longer prints the auth token.

Constraint: Must not hide warnings with test isolation or log filtering

Rejected: Silent fallback to local permission mode | accepts invalid client intent and masks boundary behavior

Rejected: Broad dependency churn from bun update | audit remained failing while package and lockfile churn expanded scope

Confidence: high

Scope-risk: moderate

Directive: Client-provided permissionMode must stay fail-closed before reaching AcpAgent; only local settings.defaultMode may fall back to default on invalid local config

Tested: bun test packages/acp-link/src/__tests__/server.test.ts src/services/acp/__tests__/agent.test.ts src/services/acp/__tests__/permissions.test.ts src/services/skillLearning/__tests__/skillLifecycle.test.ts src/utils/settings/__tests__/config.test.ts

Tested: bunx tsc -p packages/acp-link/tsconfig.json --noEmit --pretty false

Tested: bunx tsc --noEmit --pretty false

Tested: bun run lint

Tested: bun run test:all

Tested: local CI equivalent install/typecheck/coverage/build with warning_scan=0

Not-tested: Pre-existing bun audit vulnerabilities require a separate dependency-hardening PR

* fix: resolve dependency audit findings precisely

Use dependency-native upgrades and lockfile resolution to close the audit findings without suppressions. Keep the chrome MCP setup aligned with the new dependency graph and add real integration coverage so the override behavior stays verified.

Constraint: no audit ignores or warning suppression
Rejected: broad google-auth/protobuf overrides | replaced with upstream-compatible resolution
Confidence: high
Scope-risk: moderate
Directive: keep dependency fixes upstream-compatible; do not reintroduce blanket overrides unless the audit surface changes materially
Tested: bun audit; bun audit --json; bun install --frozen-lockfile with CLAUDE_CODE_SKIP_CHROME_MCP_SETUP=1; bunx tsc --noEmit --pretty false; bun run lint; targeted tests; bun run test:all; bun test --coverage --coverage-reporter lcov --coverage-dir coverage; bun run build:vite
Not-tested: unrelated pre-existing ACP/CORS/token fallback residual risks

* fix: keep ACP auth tokens out of URLs

Replace the ad hoc URL-token flow with crypto UUID-backed transport identifiers so the bearer token stays in structured request data instead of query strings. Keep the server, web client, and transport helpers aligned so the ACP/RCS handshake remains compatible after the API shape change.

Constraint: token must not be embedded in the URL
Rejected: token-as-uuid query fallback | leaked bearer tokens in URLs
Confidence: high
Scope-risk: moderate
Directive: preserve the structured auth path; do not reintroduce query-token fallback when adjusting ACP transport code
Tested: targeted ACP/RCS transport tests
Not-tested: unrelated pre-existing ACP/CORS/token fallback residual risks

* fix: normalize WebFetch request headers

Normalize WebFetch headers before dispatch so canonicalization preserves auth semantics and duplicate forms do not slip through. Keep the behavior locked with a focused header test instead of broadening the request pipeline.

Constraint: preserve header semantics without widening the fetch surface
Rejected: ad hoc caller-side normalization | too easy to bypass in future call sites
Confidence: high
Scope-risk: narrow
Directive: keep header normalization close to the WebFetch utility so future callers inherit the same behavior automatically
Tested: targeted WebFetch header tests
Not-tested: unrelated fetch backend behavior beyond header normalization

* fix: harden ACP remote auth surfaces

Tighten the remaining Claude security artifact items by requiring API keys on ACP global reads and relay upgrades, moving WebSocket tokens out of URLs, and replacing open web CORS with an explicit allowlist.

Constraint: Browser WebSocket clients cannot set arbitrary Authorization headers, so the token is carried in a selected subprotocol instead of a query string.
Rejected: Keep UUID auth for ACP channel groups | any caller can mint a UUID and read global ACP data.
Rejected: Preserve ?token= compatibility | secrets leak into logs, history, referrers, and intermediaries.
Confidence: high
Scope-risk: moderate
Directive: Do not reintroduce query-string bearer tokens; use Authorization or rcs.auth.<base64url-token>.
Tested: bunx tsc --noEmit --pretty false
Tested: bun run typecheck in packages/remote-control-server
Tested: bun run build in packages/acp-link
Tested: bun run lint
Tested: bun audit
Tested: focused RCS/acp-link/web tests, 160 pass
Tested: Edge headless browser WebSocket subprotocol handshake
Tested: bun run test:all, 3669 pass
Tested: bun run build:vite
Tested: bun run build
Not-tested: Manual end-to-end relay with a live external ACP agent

* fix: resolve CI dependency override lookup

The CI runner does not expose @grpc/proto-loader as a root-resolvable package, and the test was relying on local hoisting rather than the real dependency owner. Resolve proto-loader through @opentelemetry/exporter-trace-otlp-grpc and @grpc/grpc-js so the smoke test follows the package graph it is validating.

Constraint: Do not add a new root dependency for a transitive smoke test.

Rejected: Skip or weaken the test | the test protects the protobuf 7 override path and should keep exercising loadSync.

Rejected: Add @grpc/proto-loader directly to root package.json | that hides the owning-package resolution issue and broadens dependency surface.

Confidence: high

Scope-risk: narrow

Directive: Dependency override smoke tests should resolve from the package that actually owns the dependency, not from incidental root hoisting.

Tested: bun test tests/integration/dependency-overrides.test.ts; bunx tsc --noEmit --pretty false; bun run lint; bun audit; bun run test:all; git diff --check

---------

Co-authored-by: unraid <local@unraid.local>
2026-04-26 19:49:54 +08:00

15 KiB
Raw Permalink Blame History

Agent 通讯修复 Jira Task

  • 版本v1.0
  • 生成日期2026-04-25
  • 来源由按文件执行清单、Claude 交叉验证意见整理合并
  • 范围ACP Agent / Bridge / Remote Control Server / REPL Hook 生命周期
  • 使用方式:这是唯一执行任务文档;每个 JIRA-* 小节可直接拆成一个 Jira issue字段保持统一便于复制或二次导入。

方案性质

本文档是目标状态式执行方案,不是临时补丁清单。每张 ticket 必须交付明确的代码终态、测试覆盖和回归边界;不得只用局部 workaround 掩盖问题。

执行总则

  1. 先边界安全,后内部优化:先修 WS 入站大小与输入校验,避免线上风险扩大。
  2. 单文件可回滚:每个文件内修改保持内聚,便于回滚与 bisect。
  3. 不改协议语义,只修实现缺陷:除 resource_link 表达形式统一外,不改变主流程契约。
  4. 每个文件必须有验收输出:要么测试用例,要么日志/指标验证。
  5. 发布前必须确认协议层行为无回归:stopReason 决策与 sessionUpdate 发送顺序保持稳定。

Epic

JIRA-EPIC-001提升 Agent 通讯链路稳定性与边界安全

  • Issue TypeEpic
  • PriorityP0
  • Owner核心通讯 / 后端网关 / QA
  • ScopeACP Agent、ACP Bridge、Remote Control Server、REPL 初始化生命周期
  • Goal修复长会话资源泄漏、补齐 WebSocket 入站边界、统一 prompt 转换、收敛类型风险,并补充关键回归测试。

Epic 验收标准

  • bun run typecheck 0 error。
  • P0 WebSocket 超大消息拒绝逻辑已实现并覆盖测试。
  • ACP bridge abort listener 生命周期无累积。
  • prompt 转换实现单源化。
  • settings/defaultMode 能真实影响 ACP permission mode_meta.permissionMode 保持最高优先级。
  • REPL 目标 hook suppress 清理完成timer cleanup 完整。

P0 Tickets

JIRA-001为 session ingress WebSocket 补齐消息大小限制

  • Issue TypeBug
  • PriorityP0
  • Story Points3
  • Owner后端/网关
  • Files
    • packages/remote-control-server/src/routes/v1/session-ingress.ts
  • 后续票JIRA-008同文件 P1 类型与 decode path 收尾)

参考代码位置

  • packages/remote-control-server/src/routes/v1/session-ingress.ts:100-106

背景

session-ingress 当前缺少 WebSocket message size limit。ACP 路由已有类似限制,两个入口边界不一致,可能导致大包占用内存或绕过入口保护。

实施要求

  • 新增 MAX_WS_MESSAGE_SIZE = 10 * 1024 * 1024,与 ACP 路由的 10MB 上限保持一致。
  • onMessage decode 后优先检查 payload size。
  • 超限时执行 ws.close(1009, "message too large")
  • 日志记录 sessionId、payload size、limit。
  • stringArrayBufferUint8Array 进行统一 decode 分流。
  • 非支持类型直接拒绝并记录,不进入业务 handler。

验收标准

  • 11MB payload 被 1009 close。
  • 1KB 合法 payload 仍正常进入 handler。
  • 非支持类型 payload 不进入 handler。
  • 不改变 URL、auth、session 解析逻辑。

回归范围

  • Remote Control Server session ingress WebSocket。
  • 正常会话消息转发。
  • WebSocket close code 行为。

风险等级

  • 中。入口逻辑变更可能影响特殊客户端 payload 类型。

必须验证

  • packages/remote-control-server/src/__tests__/routes.test.ts 增加 session-ingress WebSocket 大包、小包、坏类型 payload 用例。
  • 运行 bun run typecheck

JIRA-002修复 ACP bridge abort listener 生命周期泄漏

  • Issue TypeBug
  • PriorityP0
  • Story Points3
  • Owner核心通讯
  • Files
    • src/services/acp/bridge.ts

参考代码位置

  • src/services/acp/bridge.ts:576-585

背景

ACP bridge 的 Promise.race abort 分支注册 listener 后缺少完整 cleanup。长会话或高频 next 场景可能出现 listener 累积。

实施要求

  • 将 abort race 改为可清理监听器写法。
  • 注册 listener 后保留 handler 引用。
  • sdkMessages.next() 先返回时必须 removeEventListener
  • abort、throw、return 等路径都在 finally 中清理。
  • 不改变 stopReason 决策逻辑。
  • 不改变 sessionUpdate 发送顺序。

验收标准

  • 模拟 10k 次 next 且不 abortlistener 不增长。
  • abort 场景仍返回 cancelled
  • 原有 streaming/session update 行为无回归。

回归范围

  • ACP bridge streaming loop。
  • 用户取消请求。
  • SDK generator 异常路径。

风险等级

  • 中。异步控制流变更需要覆盖取消与异常路径。

必须验证

  • 新增 listener cleanup 单元测试。
  • 运行 bun run typecheck

P1 Tickets

JIRA-003优化 ACP agent pending prompt 队列为 O(1) 出队

  • Issue TypeTask
  • PriorityP1
  • Story Points5
  • Owner核心通讯
  • Files
    • src/services/acp/agent.ts

参考代码位置

  • src/services/acp/agent.ts:332-339

背景

当前 pending prompt 队列使用 Map + sort 获取下一项,排队量上升时会带来不必要的排序成本。

实施要求

  • 改为 queue: string[] + pendingMap: Map<string, PendingPrompt> 组合。
  • 入队执行 queue.push(id)pendingMap.set(id, prompt)
  • 出队从队首惰性跳过已取消项。
  • 取消只从 pendingMap 删除,不做数组中间删除。
  • 保持现有取消语义和出队顺序。

验收标准

  • 1000 pending prompt 场景下出队顺序正确。
  • 已取消 prompt 不会被 resolve。
  • 出队不再依赖全量 sort。
  • 1000 排队场景下出队耗时低于旧实现;测试记录旧实现复杂度风险和新实现 O(1) 出队路径。
  • 行为与旧实现兼容。

回归范围

  • ACP prompt queue。
  • 并发 prompt 请求。
  • prompt cancel / resolve 边界。

风险等级

  • 中。队列结构变更可能引入取消边界问题。

必须验证

  • 新增 queue 顺序与取消测试。
  • 对 1000 prompt 场景做性能断言或日志记录。

JIRA-004接入真实 settings 读取并校验 ACP permission mode

  • Issue TypeBug
  • PriorityP1
  • Story Points3
  • Owner核心通讯
  • Files
    • src/services/acp/agent.ts

参考代码位置

  • src/services/acp/agent.ts:465-467

背景

getSetting() 当前未真正接入项目配置,导致默认 permission mode 配置无法按预期生效。

实施要求

  • 接入项目现有 settings/config 读取逻辑。
  • 仅接受合法 permission mode 枚举值。
  • 非法值 fallback 到 default
  • _meta.permissionMode 继续保持最高优先级。
  • 不改变外部协议字段。

验收标准

  • settings/defaultMode 能影响默认 permission mode。
  • _meta.permissionMode 能覆盖 settings。
  • 非法 settings 值不会传播到运行时。
  • 类型检查通过。

回归范围

  • ACP agent session 初始化。
  • 权限模式同步。
  • 客户端 _meta 覆盖逻辑。

风险等级

  • 中。配置优先级错误会影响权限行为。

必须验证

  • 新增 defaultMode / _meta.permissionMode 优先级测试。
  • 运行 bun run typecheck

JIRA-005单源化 ACP prompt 转换逻辑

  • Issue TypeRefactor
  • PriorityP1
  • Story Points5
  • Owner核心通讯
  • Files
    • src/services/acp/agent.ts
    • src/services/acp/bridge.ts
    • src/services/acp/promptConversion.ts(新增)

参考代码位置

  • src/services/acp/agent.ts:754-758
  • src/services/acp/agent.ts:764-785
  • src/services/acp/bridge.ts:522-537

背景

ACP agent 与 bridge 存在重复 prompt 转换逻辑,resource_link 等 block 的输出策略容易分叉。

实施要求

  • 新增共享转换模块 src/services/acp/promptConversion.ts
  • agent.tsbridge.ts 改为调用共享转换函数。
  • 删除 bridge.tspromptToQueryContent 的真实实现;如导出仍需保留,则只允许保留调用共享函数的 wrapper。
  • resource_link 输出改为稳定纯文本元信息,禁止 markdown link。
  • 保持其他 block 转换语义不变。

验收标准

  • 全仓库仅保留一个真实 prompt 转换实现。
  • 相同 input block 在 agent/bridge 输出一致。
  • resource_link 不再输出 [name](uri) 形式。
  • 相关测试覆盖转换一致性。

回归范围

  • ACP prompt input。
  • bridge query content。
  • resource link prompt 表达。

风险等级

  • 中。文本格式变化可能影响下游 prompt 快照或断言。

必须验证

  • 新增 shared conversion 单元测试。
  • 全仓库搜索重复转换函数。
  • 运行 bun run typecheck

JIRA-006治理 REPL onInit effect 依赖并补齐 timer cleanup

  • Issue TypeTask
  • PriorityP1
  • Story Points3
  • Owner终端 UI
  • Files
    • src/screens/REPL.tsx

参考代码位置

  • src/screens/REPL.tsx:654-662
  • src/screens/REPL.tsx:4996-5005

背景

REPL 中目标初始化 effect 存在 hook dependency suppresswarm-up timer 也需要显式 cleanup避免频繁挂载/卸载时留下悬挂任务。

实施要求

  • 整理 onInit 生命周期,使用稳定引用或 effect 内联。
  • 移除目标段 exhaustive-deps suppress。
  • 保持 unmount cleanup 行为不变。
  • warm-up effect 中记录 timeout id。
  • cleanup 中执行 clearTimeout(timeoutId)
  • 保留 alive 判定作为并发保护。

验收标准

  • 目标段不再需要 hooks lint suppress。
  • 高频打开/关闭搜索栏无悬挂 timer 增长。
  • REPL 初始化行为无回归。

回归范围

  • REPL 初始化。
  • 搜索栏 warm-up。
  • 组件卸载 cleanup。

风险等级

  • 中。React effect 依赖治理可能改变初始化时机。

必须验证

  • 运行 lint/typecheck。
  • 手动或测试覆盖 REPL mount/unmount。

JIRA-007收敛 ACP route WebSocket 事件 any 类型

  • Issue TypeTask
  • PriorityP1
  • Story Points2
  • Owner后端/网关
  • Files
    • packages/remote-control-server/src/routes/acp/index.ts

参考代码位置

  • packages/remote-control-server/src/routes/acp/index.ts:108-146

背景

ACP route 中 WebSocket 事件和 socket 参数存在 any,降低编译期保护。

实施要求

  • 定义最小 WebSocket 事件类型open/message/close/error。
  • _evt: anyevt: anyws: any 替换为窄类型。
  • 不改变 payload decode 与大小检查策略。
  • 不改变现有 handler 行为。

验收标准

  • 编译期能捕获错误事件字段访问。
  • 现有 WebSocket 行为不变。
  • bun run typecheck 通过。

回归范围

  • ACP WebSocket route。
  • message decode。
  • close/error handler。

风险等级

  • 低。类型收敛为主。

必须验证

  • 运行 bun run typecheck
  • 保留现有测试通过。

JIRA-008收敛 session ingress WebSocket 事件类型与 decode path

  • Issue TypeTask
  • PriorityP1
  • Story Points3
  • Owner后端/网关
  • Files
    • packages/remote-control-server/src/routes/v1/session-ingress.ts
  • 前置依赖JIRA-001 已合并

参考代码位置

  • packages/remote-control-server/src/routes/v1/session-ingress.ts:100-106

背景

在完成 P0 size guard 后session ingress 仍需要进一步收敛事件类型与 decode path减少隐式类型风险。

实施要求

  • 定义或复用最小 WebSocket message event 类型。
  • 将 message decode 分支集中到一个小函数。
  • 保持 P0 size guard 与 close code 语义。
  • 不改变 auth/session 解析。

验收标准

  • decode path 单一清晰。
  • 不支持 payload 类型有明确拒绝路径。
  • bun run typecheck 通过。

回归范围

  • Session ingress WebSocket message handling。
  • P0 大包拒绝逻辑。

风险等级

  • 低到中。与 P0 同文件,注意避免重复改动冲突。

必须验证

  • 与 JIRA-001 同批测试。
  • 运行 bun run typecheck

QA Tickets

JIRA-009补充 ACP 通讯回归测试

  • Issue TypeTest
  • PriorityP1
  • Story Points5
  • OwnerQA/核心通讯
  • Files
    • src/services/acp/agent.ts
    • src/services/acp/bridge.ts
    • src/services/acp/promptConversion.ts
    • src/services/acp/__tests__/agent.test.ts
    • src/services/acp/__tests__/bridge.test.ts
    • src/services/acp/__tests__/promptConversion.test.ts

覆盖场景

  • 长会话 10k turn无 abort listener 累积。
  • prompt queue 1000 并发排队,取消/出队顺序正确。
  • settings/defaultMode 与 _meta.permissionMode 优先级正确。
  • resource_link 转换在 agent 与 bridge 输出一致。

验收标准

  • 新增测试在本地稳定通过。
  • 不依赖真实网络或外部服务。
  • 测试 mock 遵守仓库规范,只 mock 有副作用链路。

回归范围

  • ACP bridge。
  • ACP agent。
  • prompt conversion。
  • permission mode resolution。

风险等级

  • 中。异步测试可能有稳定性问题,需要避免时间敏感断言。

必须验证

  • 运行相关 bun test
  • 运行 bun run typecheck

JIRA-010补充 Remote Control Server WebSocket 入站回归测试

  • Issue TypeTest
  • PriorityP1
  • Story Points3
  • OwnerQA/后端
  • Files
    • packages/remote-control-server/src/__tests__/routes.test.ts
    • packages/remote-control-server/src/routes/v1/session-ingress.ts

覆盖场景

  • 11MB session ingress payload 被 1009 close与 10MB 上限对齐)。
  • 合法小 payload 正常进入 handler。
  • 非支持 payload 类型被拒绝。
  • 日志或可观测输出包含 sessionId、payload size、limit。

验收标准

  • 11MB payload 被 1009 close与 10MB 上限对齐)。
  • 新增测试稳定通过。
  • 不启动真实外部服务。
  • 不改变现有 route public contract。

回归范围

  • RCS session ingress route。
  • WebSocket message handling。
  • close code 行为。

风险等级

  • 中。测试需要适配现有 WebSocket/mock 基础设施。

必须验证

  • 运行 RCS package 相关测试。
  • 运行 bun run typecheck

推荐执行顺序

执行节奏与原计划保持一致:先完成 P0 全部改动和冒烟验证,再启动 P1 改造;测试票可穿插执行,但不得绕过 P0 gate。

  1. JIRA-001先封入口大包风险。
  2. JIRA-002修长会话 listener 生命周期。
  3. JIRA-010补 RCS 入站测试,锁住 P0 行为。
  4. JIRA-003优化 pending prompt queue。
  5. JIRA-004接入 settings/defaultMode。
  6. JIRA-005单源化 prompt 转换。
  7. JIRA-009补 ACP 回归测试。
  8. JIRA-006治理 REPL effect/timer。
  9. JIRA-007收敛 ACP route 类型。
  10. JIRA-008收敛 session ingress 类型与 decode path。

Release Checklist

  • bun run typecheck 0 error
  • P0 tickets 已合并并测试通过
  • ACP 回归测试通过
  • RCS WebSocket 入站测试通过
  • prompt conversion 单源化已通过代码搜索确认
  • permission mode 优先级测试通过
  • 协议层行为无回归stopReason 决策、sessionUpdate 发送顺序)
  • REPL hook/timer 改动通过 lint/typecheck
  • 最终变更说明包含风险与未覆盖项
Reference in New Issue View Git Blame Copy Permalink