feat(backend): Agent 系统和 API 增强

- task_delegator: 完善团队任务分发逻辑 - runtime API: 增强运行时管理功能 - skills_manager: 技能管理改进 - tool_guard: 工具调用守卫优化 - evo_agent: 核心 Agent 改进 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-23 17:46:06 +08:00
parent 3448667b79
commit 38102d0805
5 changed files with 725 additions and 165 deletions
--- a/backend/agents/base/tool_guard.py
+++ b/backend/agents/base/tool_guard.py
@@ -289,6 +289,7 @@ class ToolGuardMixin:
        self._approval_timeout = approval_timeout
        self._pending_approval: Optional[ToolApprovalRequest] = None
        self._approval_callback: Optional[Callable[[ToolApprovalRequest], None]] = None
+        self._approval_lock = asyncio.Lock()

    def set_approval_callback(
        self,
@@ -383,73 +384,80 @@ class ToolGuardMixin:
        Returns:
            True if approved, False otherwise
        """
-        record = TOOL_GUARD_STORE.create_pending(
-            tool_name=tool_name,
-            tool_input=tool_input,
-            agent_id=getattr(self, "agent_id", "unknown"),
-            workspace_id=getattr(self, "workspace_id", "default"),
-            session_id=getattr(self, "session_id", None),
-            findings=default_findings_for_tool(tool_name),
-        )
-
-        manager = get_global_runtime_manager()
-        if manager:
-            manager.register_pending_approval(
-                record.approval_id,
-                {
-                    "tool_name": record.tool_name,
-                    "agent_id": record.agent_id,
-                    "workspace_id": record.workspace_id,
-                    "session_id": record.session_id,
-                    "tool_input": record.tool_input,
-                },
+        async with self._approval_lock:
+            record = TOOL_GUARD_STORE.create_pending(
+                tool_name=tool_name,
+                tool_input=tool_input,
+                agent_id=getattr(self, "agent_id", "unknown"),
+                workspace_id=getattr(self, "workspace_id", "default"),
+                session_id=getattr(self, "session_id", None),
+                findings=default_findings_for_tool(tool_name),
            )

-        self._pending_approval = ToolApprovalRequest(
-            approval_id=record.approval_id,
-            tool_name=tool_name,
-            tool_input=tool_input,
-            tool_call_id=tool_call_id,
-            session_id=getattr(self, "session_id", None),
-        )
-        record.pending_request = self._pending_approval
+            manager = get_global_runtime_manager()
+            if manager:
+                manager.register_pending_approval(
+                    record.approval_id,
+                    {
+                        "tool_name": record.tool_name,
+                        "agent_id": record.agent_id,
+                        "workspace_id": record.workspace_id,
+                        "session_id": record.session_id,
+                        "tool_input": record.tool_input,
+                    },
+                )

-        # Notify via callback if set
-        if self._approval_callback:
-            self._approval_callback(self._pending_approval)
+            self._pending_approval = ToolApprovalRequest(
+                approval_id=record.approval_id,
+                tool_name=tool_name,
+                tool_input=tool_input,
+                tool_call_id=tool_call_id,
+                session_id=getattr(self, "session_id", None),
+            )
+            record.pending_request = self._pending_approval

-        # Wait for approval
-        approval_request = self._pending_approval
+            # Notify via callback if set
+            if self._approval_callback:
+                self._approval_callback(self._pending_approval)
+
+            # Wait for approval (lock is released during wait, re-acquired after)
+            approval_request = self._pending_approval
+
+        # Wait for approval outside the lock to allow concurrent approval
        approved = await approval_request.wait_for_approval(
            timeout=self._approval_timeout
        )

-        if approval_request:
-            status = (
-                ApprovalStatus.APPROVED
-                if approval_request.approved is True
-                else ApprovalStatus.DENIED
-                if approval_request.approved is False
-                else ApprovalStatus.EXPIRED
-            )
-            TOOL_GUARD_STORE.set_status(
-                approval_request.approval_id,
-                status,
-                resolved_by="agent",
-                notify_request=False,
-            )
-            manager = get_global_runtime_manager()
-            if manager:
-                manager.resolve_pending_approval(
-                    approval_request.approval_id,
-                    resolved_by="agent",
-                    status=status.value,
+        async with self._approval_lock:
+            if approval_request:
+                status = (
+                    ApprovalStatus.APPROVED
+                    if approval_request.approved is True
+                    else ApprovalStatus.DENIED
+                    if approval_request.approved is False
+                    else ApprovalStatus.EXPIRED
                )
+                TOOL_GUARD_STORE.set_status(
+                    approval_request.approval_id,
+                    status,
+                    resolved_by="agent",
+                    notify_request=False,
+                )
+                manager = get_global_runtime_manager()
+                if manager:
+                    manager.resolve_pending_approval(
+                        approval_request.approval_id,
+                        resolved_by="agent",
+                        status=status.value,
+                    )
+
+            # Only clear if this is still the same request
+            if self._pending_approval is approval_request:
+                self._pending_approval = None

-        self._pending_approval = None
        return approved

-    def approve_guard_call(self, request_id: Optional[str] = None) -> bool:
+    async def approve_guard_call(self, request_id: Optional[str] = None) -> bool:
        """Approve a pending guard request.

        This method is called externally to approve a tool call
@@ -461,28 +469,29 @@ class ToolGuardMixin:
        Returns:
            True if a request was approved, False if no pending request
        """
-        if self._pending_approval is None:
-            logger.warning("No pending approval request to approve")
-            return False
+        async with self._approval_lock:
+            if self._pending_approval is None:
+                logger.warning("No pending approval request to approve")
+                return False

-        TOOL_GUARD_STORE.set_status(
-            self._pending_approval.approval_id,
-            ApprovalStatus.APPROVED,
-            resolved_by="agent",
-            notify_request=False,
-        )
-        manager = get_global_runtime_manager()
-        if manager:
-            manager.resolve_pending_approval(
+            TOOL_GUARD_STORE.set_status(
                self._pending_approval.approval_id,
+                ApprovalStatus.APPROVED,
                resolved_by="agent",
-                status=ApprovalStatus.APPROVED.value,
+                notify_request=False,
            )
-        self._pending_approval.approve()
-        logger.info("Approved tool call: %s", self._pending_approval.tool_name)
-        return True
+            manager = get_global_runtime_manager()
+            if manager:
+                manager.resolve_pending_approval(
+                    self._pending_approval.approval_id,
+                    resolved_by="agent",
+                    status=ApprovalStatus.APPROVED.value,
+                )
+            self._pending_approval.approve()
+            logger.info("Approved tool call: %s", self._pending_approval.tool_name)
+            return True

-    def deny_guard_call(self, request_id: Optional[str] = None) -> bool:
+    async def deny_guard_call(self, request_id: Optional[str] = None) -> bool:
        """Deny a pending guard request.

        This method is called externally to deny a tool call
@@ -494,26 +503,27 @@ class ToolGuardMixin:
        Returns:
            True if a request was denied, False if no pending request
        """
-        if self._pending_approval is None:
-            logger.warning("No pending approval request to deny")
-            return False
+        async with self._approval_lock:
+            if self._pending_approval is None:
+                logger.warning("No pending approval request to deny")
+                return False

-        TOOL_GUARD_STORE.set_status(
-            self._pending_approval.approval_id,
-            ApprovalStatus.DENIED,
-            resolved_by="agent",
-            notify_request=False,
-        )
-        manager = get_global_runtime_manager()
-        if manager:
-            manager.resolve_pending_approval(
+            TOOL_GUARD_STORE.set_status(
                self._pending_approval.approval_id,
+                ApprovalStatus.DENIED,
                resolved_by="agent",
-                status=ApprovalStatus.DENIED.value,
+                notify_request=False,
            )
-        self._pending_approval.deny()
-        logger.info("Denied tool call: %s", self._pending_approval.tool_name)
-        return True
+            manager = get_global_runtime_manager()
+            if manager:
+                manager.resolve_pending_approval(
+                    self._pending_approval.approval_id,
+                    resolved_by="agent",
+                    status=ApprovalStatus.DENIED.value,
+                )
+            self._pending_approval.deny()
+            logger.info("Denied tool call: %s", self._pending_approval.tool_name)
+            return True

    async def _acting(self, tool_call) -> dict | None:
        """Intercept sensitive tool calls before execution.