mirror of
https://gitee.com/wanwujie/deer-flow
synced 2026-04-03 06:12:14 +08:00
d119214fee
* refactor: extract shared utils to break harness→app cross-layer imports Move _validate_skill_frontmatter to src/skills/validation.py and CONVERTIBLE_EXTENSIONS + convert_file_to_markdown to src/utils/file_conversion.py. This eliminates the two reverse dependencies from client.py (harness layer) into gateway/routers/ (app layer), preparing for the harness/app package split. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor: split backend/src into harness (deerflow.*) and app (app.*) Physically split the monolithic backend/src/ package into two layers: - **Harness** (`packages/harness/deerflow/`): publishable agent framework package with import prefix `deerflow.*`. Contains agents, sandbox, tools, models, MCP, skills, config, and all core infrastructure. - **App** (`app/`): unpublished application code with import prefix `app.*`. Contains gateway (FastAPI REST API) and channels (IM integrations). Key changes: - Move 13 harness modules to packages/harness/deerflow/ via git mv - Move gateway + channels to app/ via git mv - Rename all imports: src.* → deerflow.* (harness) / app.* (app layer) - Set up uv workspace with deerflow-harness as workspace member - Update langgraph.json, config.example.yaml, all scripts, Docker files - Add build-system (hatchling) to harness pyproject.toml - Add PYTHONPATH=. to gateway startup commands for app.* resolution - Update ruff.toml with known-first-party for import sorting - Update all documentation to reflect new directory structure Boundary rule enforced: harness code never imports from app. All 429 tests pass. Lint clean. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * chore: add harness→app boundary check test and update docs Add test_harness_boundary.py that scans all Python files in packages/harness/deerflow/ and fails if any `from app.*` or `import app.*` statement is found. This enforces the architectural rule that the harness layer never depends on the app layer. Update CLAUDE.md to document the harness/app split architecture, import conventions, and the boundary enforcement test. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * feat: add config versioning with auto-upgrade on startup When config.example.yaml schema changes, developers' local config.yaml files can silently become outdated. This adds a config_version field and auto-upgrade mechanism so breaking changes (like src.* → deerflow.* renames) are applied automatically before services start. - Add config_version: 1 to config.example.yaml - Add startup version check warning in AppConfig.from_file() - Add scripts/config-upgrade.sh with migration registry for value replacements - Add `make config-upgrade` target - Auto-run config-upgrade in serve.sh and start-daemon.sh before starting services - Add config error hints in service failure messages Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix comments * fix: update src.* import in test_sandbox_tools_security to deerflow.* Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: handle empty config and search parent dirs for config.example.yaml Address Copilot review comments on PR #1131: - Guard against yaml.safe_load() returning None for empty config files - Search parent directories for config.example.yaml instead of only looking next to config.yaml, fixing detection in common setups Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix: correct skills root path depth and config_version type coercion - loader.py: fix get_skills_root_path() to use 5 parent levels (was 3) after harness split, file lives at packages/harness/deerflow/skills/ so parent×3 resolved to backend/packages/harness/ instead of backend/ - app_config.py: coerce config_version to int() before comparison in _check_config_version() to prevent TypeError when YAML stores value as string (e.g. config_version: "1") - tests: add regression tests for both fixes Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix: update test imports from src.* to deerflow.*/app.* after harness refactor Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * feat(harness): add tool-first ACP agent invocation (#37) * feat(harness): add tool-first ACP agent invocation * build(harness): make ACP dependency required * fix(harness): address ACP review feedback * feat(harness): decouple ACP agent workspace from thread data ACP agents (codex, claude-code) previously used per-thread workspace directories, causing path resolution complexity and coupling task execution to DeerFlow's internal thread data layout. This change: - Replace _resolve_cwd() with a fixed _get_work_dir() that always uses {base_dir}/acp-workspace/, eliminating virtual path translation and thread_id lookups - Introduce /mnt/acp-workspace virtual path for lead agent read-only access to ACP agent output files (same pattern as /mnt/skills) - Add security guards: read-only validation, path traversal prevention, command path allowlisting, and output masking for acp-workspace - Update system prompt and tool description to guide LLM: send self-contained tasks to ACP agents, copy results via /mnt/acp-workspace - Add 11 new security tests for ACP workspace path handling Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * refactor(prompt): inject ACP section only when ACP agents are configured The ACP agent guidance in the system prompt is now conditionally built by _build_acp_section(), which checks get_acp_agents() and returns an empty string when no ACP agents are configured. This avoids polluting the prompt with irrelevant instructions for users who don't use ACP. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix lint * fix(harness): address Copilot review comments on sandbox path handling and ACP tool - local_sandbox: fix path-segment boundary bug in _resolve_path (== or startswith +"/") and add lookahead in _resolve_paths_in_command regex to prevent /mnt/skills matching inside /mnt/skills-extra - local_sandbox_provider: replace print() with logger.warning(..., exc_info=True) - invoke_acp_agent_tool: guard getattr(option, "optionId") with None default + continue; move full prompt from INFO to DEBUG level (truncated to 200 chars) - sandbox/tools: fix _get_acp_workspace_host_path docstring to match implementation; remove misleading "read-only" language from validate_local_bash_command_paths Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(acp): thread-isolated workspaces, permission guardrail, and ContextVar registry P1.1 – ACP workspace thread isolation - Add `Paths.acp_workspace_dir(thread_id)` for per-thread paths - `_get_work_dir(thread_id)` in invoke_acp_agent_tool now uses `{base_dir}/threads/{thread_id}/acp-workspace/`; falls back to global workspace when thread_id is absent or invalid - `_invoke` extracts thread_id from `RunnableConfig` via `Annotated[RunnableConfig, InjectedToolArg]` - `sandbox/tools.py`: `_get_acp_workspace_host_path(thread_id)`, `_resolve_acp_workspace_path(path, thread_id)`, and all callers (`replace_virtual_paths_in_command`, `mask_local_paths_in_output`, `ls_tool`, `read_file_tool`) now resolve ACP paths per-thread P1.2 – ACP permission guardrail - New `auto_approve_permissions: bool = False` field in `ACPAgentConfig` - `_build_permission_response(options, *, auto_approve: bool)` now defaults to deny; only approves when `auto_approve=True` - Document field in `config.example.yaml` P2 – Deferred tool registry race condition - Replace module-level `_registry` global with `contextvars.ContextVar` - Each asyncio request context gets its own registry; worker threads inherit the context automatically via `loop.run_in_executor` - Expose `get_deferred_registry` / `set_deferred_registry` / `reset_deferred_registry` helpers Tests: 831 pass (57 for affected modules, 3 new tests) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(sandbox): mount /mnt/acp-workspace in docker sandbox container The AioSandboxProvider was not mounting the ACP workspace into the sandbox container, so /mnt/acp-workspace was inaccessible when the lead agent tried to read ACP results in docker mode. Changes: - `ensure_thread_dirs`: also create `acp-workspace/` (chmod 0o777) so the directory exists before the sandbox container starts — required for Docker volume mounts - `_get_thread_mounts`: add read-only `/mnt/acp-workspace` mount using the per-thread host path (`host_paths.acp_workspace_dir(thread_id)`) - Update stale CLAUDE.md description (was "fixed global workspace") Tests: `test_aio_sandbox_provider.py` (4 new tests) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(lint): remove unused imports in test_aio_sandbox_provider Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> * fix config --------- Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
177 lines
5.9 KiB
Python
177 lines
5.9 KiB
Python
"""Tool search — deferred tool discovery at runtime.
|
|
|
|
Contains:
|
|
- DeferredToolRegistry: stores deferred tools and handles regex search
|
|
- tool_search: the LangChain tool the agent calls to discover deferred tools
|
|
|
|
The agent sees deferred tool names in <available-deferred-tools> but cannot
|
|
call them until it fetches their full schema via the tool_search tool.
|
|
Source-agnostic: no mention of MCP or tool origin.
|
|
"""
|
|
|
|
import contextvars
|
|
import json
|
|
import logging
|
|
import re
|
|
from dataclasses import dataclass
|
|
|
|
from langchain.tools import BaseTool
|
|
from langchain_core.tools import tool
|
|
from langchain_core.utils.function_calling import convert_to_openai_function
|
|
|
|
logger = logging.getLogger(__name__)
|
|
|
|
MAX_RESULTS = 5 # Max tools returned per search
|
|
|
|
|
|
# ── Registry ──
|
|
|
|
|
|
@dataclass
|
|
class DeferredToolEntry:
|
|
"""Lightweight metadata for a deferred tool (no full schema in context)."""
|
|
|
|
name: str
|
|
description: str
|
|
tool: BaseTool # Full tool object, returned only on search match
|
|
|
|
|
|
class DeferredToolRegistry:
|
|
"""Registry of deferred tools, searchable by regex pattern."""
|
|
|
|
def __init__(self):
|
|
self._entries: list[DeferredToolEntry] = []
|
|
|
|
def register(self, tool: BaseTool) -> None:
|
|
self._entries.append(
|
|
DeferredToolEntry(
|
|
name=tool.name,
|
|
description=tool.description or "",
|
|
tool=tool,
|
|
)
|
|
)
|
|
|
|
def search(self, query: str) -> list[BaseTool]:
|
|
"""Search deferred tools by regex pattern against name + description.
|
|
|
|
Supports three query forms (aligned with Claude Code):
|
|
- "select:name1,name2" — exact name match
|
|
- "+keyword rest" — name must contain keyword, rank by rest
|
|
- "keyword query" — regex match against name + description
|
|
|
|
Returns:
|
|
List of matched BaseTool objects (up to MAX_RESULTS).
|
|
"""
|
|
if query.startswith("select:"):
|
|
names = {n.strip() for n in query[7:].split(",")}
|
|
return [e.tool for e in self._entries if e.name in names][:MAX_RESULTS]
|
|
|
|
if query.startswith("+"):
|
|
parts = query[1:].split(None, 1)
|
|
required = parts[0].lower()
|
|
candidates = [e for e in self._entries if required in e.name.lower()]
|
|
if len(parts) > 1:
|
|
candidates.sort(
|
|
key=lambda e: _regex_score(parts[1], e),
|
|
reverse=True,
|
|
)
|
|
return [e.tool for e in candidates][:MAX_RESULTS]
|
|
|
|
# General regex search
|
|
try:
|
|
regex = re.compile(query, re.IGNORECASE)
|
|
except re.error:
|
|
regex = re.compile(re.escape(query), re.IGNORECASE)
|
|
|
|
scored = []
|
|
for entry in self._entries:
|
|
searchable = f"{entry.name} {entry.description}"
|
|
if regex.search(searchable):
|
|
score = 2 if regex.search(entry.name) else 1
|
|
scored.append((score, entry))
|
|
|
|
scored.sort(key=lambda x: x[0], reverse=True)
|
|
return [entry.tool for _, entry in scored][:MAX_RESULTS]
|
|
|
|
@property
|
|
def entries(self) -> list[DeferredToolEntry]:
|
|
return list(self._entries)
|
|
|
|
def __len__(self) -> int:
|
|
return len(self._entries)
|
|
|
|
|
|
def _regex_score(pattern: str, entry: DeferredToolEntry) -> int:
|
|
try:
|
|
regex = re.compile(pattern, re.IGNORECASE)
|
|
except re.error:
|
|
regex = re.compile(re.escape(pattern), re.IGNORECASE)
|
|
return len(regex.findall(f"{entry.name} {entry.description}"))
|
|
|
|
|
|
# ── Per-request registry (ContextVar) ──
|
|
#
|
|
# Using a ContextVar instead of a module-level global prevents concurrent
|
|
# requests from clobbering each other's registry. In asyncio-based LangGraph
|
|
# each graph run executes in its own async context, so each request gets an
|
|
# independent registry value. For synchronous tools run via
|
|
# loop.run_in_executor, Python copies the current context to the worker thread,
|
|
# so the ContextVar value is correctly inherited there too.
|
|
|
|
_registry_var: contextvars.ContextVar[DeferredToolRegistry | None] = contextvars.ContextVar(
|
|
"deferred_tool_registry", default=None
|
|
)
|
|
|
|
|
|
def get_deferred_registry() -> DeferredToolRegistry | None:
|
|
return _registry_var.get()
|
|
|
|
|
|
def set_deferred_registry(registry: DeferredToolRegistry) -> None:
|
|
_registry_var.set(registry)
|
|
|
|
|
|
def reset_deferred_registry() -> None:
|
|
"""Reset the deferred registry for the current async context."""
|
|
_registry_var.set(None)
|
|
|
|
|
|
# ── Tool ──
|
|
|
|
|
|
@tool
|
|
def tool_search(query: str) -> str:
|
|
"""Fetches full schema definitions for deferred tools so they can be called.
|
|
|
|
Deferred tools appear by name in <available-deferred-tools> in the system
|
|
prompt. Until fetched, only the name is known — there is no parameter
|
|
schema, so the tool cannot be invoked. This tool takes a query, matches
|
|
it against the deferred tool list, and returns the matched tools' complete
|
|
definitions. Once a tool's schema appears in that result, it is callable.
|
|
|
|
Query forms:
|
|
- "select:Read,Edit,Grep" — fetch these exact tools by name
|
|
- "notebook jupyter" — keyword search, up to max_results best matches
|
|
- "+slack send" — require "slack" in the name, rank by remaining terms
|
|
|
|
Args:
|
|
query: Query to find deferred tools. Use "select:<tool_name>" for
|
|
direct selection, or keywords to search.
|
|
|
|
Returns:
|
|
Matched tool definitions as JSON array.
|
|
"""
|
|
registry = get_deferred_registry()
|
|
if registry is None:
|
|
return "No deferred tools available."
|
|
|
|
matched_tools = registry.search(query)
|
|
if not matched_tools:
|
|
return f"No tools found matching: {query}"
|
|
|
|
# Use LangChain's built-in serialization to produce OpenAI function format.
|
|
# This is model-agnostic: all LLMs understand this standard schema.
|
|
tool_defs = [convert_to_openai_function(t) for t in matched_tools[:MAX_RESULTS]]
|
|
|
|
return json.dumps(tool_defs, indent=2, ensure_ascii=False)
|