vvzvlad/gitmost
1
0
Fork 0
Code Issues 14 Pull Requests 12 Packages Projects Releases Activity

refactor(ai-roles): bake catalog URL at image build, drop local-fs source

Browse Source 
The agent-roles catalog source is no longer hardcoded in app code and no
longer supports a local filesystem directory. The provider now fetches only
from an http(s):// base URL read from AI_AGENT_ROLES_CATALOG_URL; an empty or
non-http value yields a 502 (catalog unavailable). The default URL is baked
into the Docker image at build time and set per branch in CI.

- provider: drop readLocal + node:fs/node:path; readRelative requires http(s)
  and 502s otherwise; remote fetch/streaming-cap/SSRF guards unchanged.
- environment.service: keep AI_AGENT_ROLES_CATALOG_URL (default ''); comment
  updated to reflect build-time injection, remote-only.
- Dockerfile: add ARG+ENV AI_AGENT_ROLES_CATALOG_URL in the installer stage.
- CI: develop.yml builds with the develop raw URL; release.yml (both build
  steps) with the main raw URL.
- tests: replace local-fixture tests with remote-mock happy/malformed bundle
  tests and a non-http => 502 case; path-traversal block uses an https source.
- docs: update .env.example, CHANGELOG (#222), agent-roles-catalog/README.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
claude_code
2026-06-27 03:32:48 +03:00
parent 3511301331
commit 2a4ef9267e
9 changed files with 94 additions and 149 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
agent-roles-catalog/README.md
View File

@@ -30,20 +30,19 @@ Currently shipped bundles:
The server does not bundle this data; it reads it at request time from a single
configured location, the `AI_AGENT_ROLES_CATALOG_URL` env var
(`EnvironmentService.getAiAgentRolesCatalogSource()`). The value selects one of
three sources:
(`EnvironmentService.getAiAgentRolesCatalogSource()`), an `http(s)://` base URL
to the catalog's raw files. The server fetches `<base>/index.json` for the
manifest and `<base>/bundles/<bundle-id>/<lang>.json` for each opened bundle
file (REMOTE only).
- **`http(s)://…`** — a REMOTE base URL. The server fetches `<base>/index.json`
for the manifest and `<base>/bundles/<bundle-id>/<lang>.json` for each opened
bundle file (e.g. the raw GitHub base of the catalog repo in production).
- **any other non-empty value** — a LOCAL filesystem directory; the same
`index.json` / `bundles/<id>/<lang>.json` paths are read from disk.
- **empty / unset** (the default) — the in-repo `agent-roles-catalog/` folder
(this directory), i.e. local dev reads these files directly.
That base URL is baked into the Docker image at build time and set per branch in
CI: a `develop` build points at the `develop` raw URL, a release build at the
`main` raw URL. Local-filesystem sources are no longer supported; if the value
is unset the catalog is unavailable.
In every case the layout below is what the server expects, and the fetched JSON
is re-validated server-side (the catalog is treated as untrusted input). See
`.env.example` for the variable and the CHANGELOG for the rollout.
The fetched JSON is re-validated server-side (the catalog is treated as
untrusted input). See `.env.example` for the variable and the CHANGELOG for the
rollout.
## `index.json` schema