fix(mcp): add defensive normalization for list_open_tasks payload
Some checks failed
Deploy to 110 WOOO Server / deploy (push) Failing after 6s
Some checks failed
Deploy to 110 WOOO Server / deploy (push) Failing after 6s
This commit is contained in:
OG T
@@ -140,7 +140,15 @@ function resolveSourceIp(request: NextRequest) {
|
||||
);
|
||||
}
|
||||
|
||||
async function ensureBuilderAgent(agentId: string) {
|
||||
async function ensureBuilderAgent(
|
||||
agentId: string,
|
||||
requestContext?: {
|
||||
request_id?: string;
|
||||
source_ip?: string;
|
||||
user_agent?: string;
|
||||
request_actor_headers?: Record<string, unknown>;
|
||||
}
|
||||
) {
|
||||
const existingAgent = await prisma.agentProfile.findUnique({ where: { agent_id: agentId } });
|
||||
if (existingAgent) {
|
||||
return existingAgent;
|
||||
@@ -164,9 +172,12 @@ async function ensureBuilderAgent(agentId: string) {
|
||||
action: "EXTERNAL_AGENT_AUTO_WHITELIST",
|
||||
surface: "mcp/claim_task",
|
||||
actorType: "AGENT",
|
||||
actorId: agentId,
|
||||
actorId: `agent:${normalizeActorId(agentId, "agent")}`,
|
||||
message: `外部 Agent 首次接案已自動白名單: ${agentId}`,
|
||||
metadata: { agent_id: agentId },
|
||||
metadata: {
|
||||
...requestContext,
|
||||
agent_id: agentId,
|
||||
},
|
||||
});
|
||||
|
||||
return created;
|
||||
@@ -297,6 +308,9 @@ export async function POST(request: NextRequest, props: { params: Promise<{ tool
|
||||
|
||||
switch (tool) {
|
||||
case "list_open_tasks": {
|
||||
if (typeof body === "object" && body !== null && !("skills" in body)) {
|
||||
(body as Record<string, unknown>).skills = [];
|
||||
}
|
||||
ListOpenTasksRequestSchema.parse(body);
|
||||
const sourceIp = resolveSourceIp(request);
|
||||
const isPublicIp = !isPrivateIp(sourceIp);
|
||||
@@ -393,14 +407,14 @@ export async function POST(request: NextRequest, props: { params: Promise<{ tool
|
||||
const parsed = ClaimTaskRequestSchema.parse(body);
|
||||
|
||||
// Verify Agent Whitelist
|
||||
const agent = await ensureBuilderAgent(parsed.agent_id);
|
||||
const agent = await ensureBuilderAgent(parsed.agent_id, requestContext);
|
||||
if (!agent) {
|
||||
void sendTrafficAlert({
|
||||
level: "warning",
|
||||
action: "EXTERNAL_CLAIM_TASK_FORBIDDEN",
|
||||
surface: "mcp/claim_task",
|
||||
actorType: "AGENT",
|
||||
actorId: parsed.agent_id,
|
||||
actorId: `agent:${normalizeActorId(parsed.agent_id, "agent")}`,
|
||||
taskId: parsed.task_id,
|
||||
message: `外部 Agent 嘗試接案但尚未白名單: ${parsed.agent_id}`,
|
||||
metadata: {
|
||||
@@ -420,7 +434,7 @@ export async function POST(request: NextRequest, props: { params: Promise<{ tool
|
||||
action: "EXTERNAL_CLAIM_TASK_FORBIDDEN",
|
||||
surface: "mcp/claim_task",
|
||||
actorType: "AGENT",
|
||||
actorId: parsed.agent_id,
|
||||
actorId: `agent:${normalizeActorId(parsed.agent_id, "agent")}`,
|
||||
taskId: parsed.task_id,
|
||||
message: `external agent 狀態非白名單: ${parsed.agent_id}`,
|
||||
metadata: {
|
||||
@@ -486,7 +500,7 @@ export async function POST(request: NextRequest, props: { params: Promise<{ tool
|
||||
action: "EXTERNAL_CLAIM_TASK_SUCCESS",
|
||||
surface: "mcp/claim_task",
|
||||
actorType: "AGENT",
|
||||
actorId: parsed.agent_id,
|
||||
actorId: `agent:${normalizeActorId(parsed.agent_id, "agent")}`,
|
||||
taskId: claim.task_id,
|
||||
message: `Agent 成功接案: ${parsed.task_id}`,
|
||||
metadata: {
|
||||
|
||||
Reference in New Issue
Block a user