feat(knowledge): stage/delete knowledge pack task handlers#32
Merged
Conversation
…k handlers Implements the Safari-side contract documented in fc-safari's docs/knowledge-runner-tasks.md. Atomic writes via temp+rename; sentinel rewrites under flock to handle concurrent BYOC sessions. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…trict '..' check - Remove the unused `removed []string` accumulator in DeleteKnowledgeFiles; valid paths now go straight into `toRemove` in one loop pass, eliminating the second validateKnowledgeRelPath call per path. - Tighten the '..' guard to reject only the bare ".." token — the old strings.Contains check wrongly rejected valid filenames like "foo..bar". - Add test assertions confirming double-dot-in-middle filenames are accepted. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
… build - .golangci.yml: remove G706 from gosec.excludes. golangci-lint v2.1.6 (pinned in CI) doesn't know G706 as a gosec rule, so `config verify` rejects the config before any linting runs. G706 wasn't enforcing anything in CI anyway. - workspace: split the sentinel advisory-lock primitive across build-tagged files so `go build` / `go test` succeed on windows/amd64. Unix path keeps flock(2); Windows path is a no-op stub with a warning log (the runner is not shipped on Windows — CI only needs it to compile). Verified: GOOS=windows go build ./... clean; unix tests PASS; golangci-lint config verify clean. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
- workspace: move sentinel file-open inside acquireSentinelLock. The previous split left withSentinelLock holding an os.File handle across fn(), which on Windows blocks os.Rename of the sentinel during atomicWriteFile — "Access is denied". Unix path still opens + flocks; Windows path is a zero-op (runner not shipped there). - workspace/knowledge.go: pre-allocate `succeeded` slice at len(args.Files) — prealloc lint hit. - protocol/messages.go: gofmt realign const block — TaskOpStage/Delete widened the longest name so all previous entries shifted right a column. Verified: GOOS=windows go build ./... clean; go test ./workspace/ PASS; CI-relevant golangci-lint checks (gofmt, prealloc) resolved. G706 warnings in cmd/mcp only appear on local v2.11; CI pins v2.1 which has no G706 rule. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Safari renamed the compute-unit concept from 'workspace' / 'worknode' to
'environment'. Mirror the rename in the runner so API, protocol fields, log
keys, and docs align. No migration shim — Safari only ships the new names.
Changes:
- Go package: workspace/ → environment/ (git-mv + `package environment`).
- Type: Workspace → Environment (receivers w → e).
- Protocol: WorknodeID / worknode_id → EnvironmentID / environment_id in
StatusPayload and WelcomeMessage (Safari's welcome emitter already uses
these names).
- ws/client.go: field worknodeID → environmentID, log keys match.
- cmd/main.go: default URL path /safari/worknode/ws → /safari/environment/ws,
token examples wnt_xxx → ent_xxx (Safari's BYOC auth gate accepts ent_*).
- README.md / README_zh.md: same example updates.
CLI flags (--workspace, --token) and env vars (FLASHDUTY_RUNNER_WORKSPACE)
keep their names — they describe the local workspace root on disk, which
Safari also calls WorkspaceRoot. Only the product-level concept ("the thing
Safari talks to over WS") was renamed.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds two WebSocket task handlers so the runner can receive knowledge-pack files pushed from Safari at session start and remove them on demand. Implements the Safari-side contract in
fc-safari:docs/knowledge-runner-tasks.md.stage_knowledge_files— decodes each{rel_path, checksum, content_b64}, writes atomically (temp + rename), then merges entries into<workspace>/.safari-knowledge-sentinel.jsonunder an advisory lock (flock) to handle concurrent BYOC sessions.delete_knowledge_files— unlinks eachrel_path(idempotent) and removes its sentinel entry under the same lock./,\\,.., dotfiles (including the sentinel name itself — the runner owns the sentinel, clients don't stage it).Context
Safari's
EnvironmentMiddleware.BeforeModelCalllazy-stages the account's knowledge pack into the runner's workspace root soDUTY.mdand @-referenced runbooks survive across sessions and ephemeral cloud pod restarts. Without these handlers the Safari end dispatches the tasks but the runner ignores them, and the agent sees an empty workspace.Test plan
go test ./workspace/ -run \"TestStage|TestDelete|TestValidate\" -v— 14/14 PASS.🤖 Generated with Claude Code