Go to file
caoqianming d93cc1a949 Stage C Step 3 hotfix: exec_user 跟随 build_arg + 镜像装 mermaid-cli
Ubuntu dogfood 暴露两个真问题:

(1) uid 错配:DockerExecutor 写死 --user 1000:1000,但镜像 build 时
    --build-arg HOST_UID=$(id -u) 跟随 host 实际 uid(腾讯云轻量 lighthouse
    uid=1001),docker exec 进容器 uid=1000 → bind mount owner 1001 错配 →
    写 /workspace/<wd>/ 全 EACCES,文件落 /tmp。
    改 DEFAULT_EXEC_USER = "zcbot"(username,docker 自动查容器 /etc/passwd
    拿 uid),无论 HOST_UID build 成 1000/1001/其他都跟 bind mount owner 对齐。

(2) proposal/patent skill 渲 mermaid 缺 Node:render_diagrams.py 调
    shutil.which("mmdc") 容器没装 → 退 mermaid.ink → sandbox --internal
    默 deny outbound API 也不通 → ASCII fallback 出 docx 没图。
    Dockerfile 加 chromium + nodejs + npm + @mermaid-js/mermaid-cli,
    +~400MB 接受成本(ASCII 不能用)。容器 chromium 缺 setuid sandbox +
    /dev/shm 不够大会跪,镜像落 /sandbox/puppeteer-config.json
    (--no-sandbox --disable-setuid-sandbox --disable-dev-shm-usage) +
    ENV MERMAID_PUPPETEER_CONFIG;render_via_mmdc 改读 env 拼 -p 注入,
    host 上跑 env 没设行为零变化。
    PUPPETEER_SKIP_DOWNLOAD + PUPPETEER_EXECUTABLE_PATH 让 puppeteer 用
    容器内 chromium 不下载自带 Chrome(省 ~300MB)。

NPM_REGISTRY build-arg 同 pip 同款(腾讯云内网 / 阿里 npmmirror)。
RUN.md 加 NPM_REGISTRY 段 + 故障兜底 3 行(EACCES uid 错配 / mmdc 报
launch chromium / npm 慢)。DESIGN 不动(纯 bug fix + skill 依赖)。
unittest discover 31/31 PASS。

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-26 21:47:33 +08:00
config Add web_search and web_fetch tools via Bocha AI search API 2026-05-25 11:37:33 +08:00
core Stage C Step 3 hotfix: exec_user 跟随 build_arg + 镜像装 mermaid-cli 2026-05-26 21:47:33 +08:00
db/migrations feat(media): 接入豆包 Seedream 5.0 图像生成 tool + 0007 cost_usd→cost_cny 全表统一币种 2026-05-20 15:20:34 +08:00
deploy/sandbox Stage C Step 3 hotfix: exec_user 跟随 build_arg + 镜像装 mermaid-cli 2026-05-26 21:47:33 +08:00
prompts/system feat(paths): 对外路径统一全形式 <wd_name>/<rel> + UI 一次性兼容历史简写 2026-05-22 12:45:54 +08:00
scripts feat(seedance): 加 seedance_2_pro variant + smoke 支持 --variant 参数 2026-05-22 10:11:31 +08:00
skills Stage C Step 3 hotfix: exec_user 跟随 build_arg + 镜像装 mermaid-cli 2026-05-26 21:47:33 +08:00
tests Stage C Step 5: main.py sandbox check + lifespan fs quota WARN 2026-05-26 16:41:16 +08:00
tools Add web_search and web_fetch tools via Bocha AI search API 2026-05-25 11:37:33 +08:00
web Stage C Step 5: main.py sandbox check + lifespan fs quota WARN 2026-05-26 16:41:16 +08:00
.gitattributes Add .gitattributes: force LF for shell + Dockerfile 2026-05-26 10:45:17 +08:00
.gitignore skills+core(命名约定): task 级宪法文件 <date>-<short_id>-<name>.spec.md + spec_lock → spec 简化 2026-05-20 14:03:21 +08:00
CLAUDE.md ui(media): tool 结果与 assistant 正文同路径 chip/inline 图去重 — Set O(n) + CLAUDE.md 加 "实施前先对方案" 段 2026-05-20 16:33:47 +08:00
DESIGN.md 在 DESIGN §7.5 末尾沉淀 Stage C 沙盒实施硬协议 2026-05-26 09:00:16 +08:00
DOCUMENT_SEARCH_API.md feat(skill): documents skill 接内部材料学科知识库(document_search API) 2026-05-21 15:31:21 +08:00
EMBED.md feat(web): embed 模式接受 ?task_id=<uuid> URL 参数自动定位 task 2026-05-22 15:27:19 +08:00
PROGRESS.md Stage C Step 3 hotfix: exec_user 跟随 build_arg + 镜像装 mermaid-cli 2026-05-26 21:47:33 +08:00
RUN.md Stage C Step 3 hotfix: exec_user 跟随 build_arg + 镜像装 mermaid-cli 2026-05-26 21:47:33 +08:00
alembic.ini core(§7 B Step 1): Storage 基建 — SQLAlchemy ORM + alembic + db CLI 2026-05-14 10:41:44 +08:00
main.py Stage C Step 5: main.py sandbox check + lifespan fs quota WARN 2026-05-26 16:41:16 +08:00
requirements.txt Add web_search and web_fetch tools via Bocha AI search API 2026-05-25 11:37:33 +08:00