fix loop

2026-04-13 00:54:53 +08:00 · 2026-02-19 23:36:42 +08:00
parent eb721c2447
commit 67b9be2fc1
5 changed files with 26 additions and 4 deletions
--- a/config.example.json
+++ b/config.example.json
@@ -99,7 +99,7 @@
      "timeout": 60000000000,
      "sandbox": {
        "enabled": false,
-        "image": "golang:alpine"
+        "image": "alpine:3.20"
      }
    },
    "web": {
--- a/pkg/agent/context.go
+++ b/pkg/agent/context.go
@@ -80,6 +80,8 @@ Your workspace is at: %s
 Always be helpful, accurate, and concise. When using tools, explain what you're doing.
 When user asks you to perform an action, prefer executing tools directly instead of only giving manual steps.
 Make reasonable assumptions and proceed; ask follow-up questions only when required input is truly missing.
+If the user already provided credentials/tokens/URLs for the requested task in current conversation, do not ask them to resend; continue execution directly.
+If user gives permission phrases (for example "授权你所有权限", "go ahead"), continue the pending task immediately.
 Never expose full secrets in visible output.
 When remembering something, write to %s/memory/MEMORY.md`,
 		now, runtime, workspacePath, workspacePath, workspacePath, workspacePath, toolsSection, workspacePath)
--- a/pkg/agent/loop.go
+++ b/pkg/agent/loop.go
@@ -1707,7 +1707,25 @@ func shouldRetryAfterDeferralNoTools(content string, userTask string, iteration
 		"你可以", "可以先", "步骤", "先执行", "请执行", "命令如下",
 		"you can", "steps", "run this command", "command is", "first,",
 	)
-	return looksLikeInstructionOnly
+	if looksLikeInstructionOnly {
+		return true
+	}
+
+	// If user already provided credentials/target URL in task text, asking for them again is usually a bad deferral.
+	taskLower := strings.ToLower(task)
+	taskHasCredential := containsAnySubstring(taskLower, "token", "password", "authorization", "bearer", "api_key", "apikey")
+	taskHasRepoURL := containsAnySubstring(taskLower, "http://", "https://", ".git")
+	if taskHasCredential || taskHasRepoURL {
+		asksCredentialAgain := containsAnySubstring(lower,
+			"请把token发给我", "请提供token", "需要token", "发我token", "请再发一次token",
+			"provide token", "send token", "share token", "need token", "resend token",
+			"授权我", "请授权", "grant permission", "need permission", "authorize me",
+		)
+		if asksCredentialAgain {
+			return true
+		}
+	}
+	return false
 }

 func formatRunStateReport(rs runState) string {
--- a/pkg/config/config.go
+++ b/pkg/config/config.go
@@ -345,7 +345,7 @@ func DefaultConfig() *Config {
 				Timeout: 60 * time.Second,
 				Sandbox: SandboxConfig{
 					Enabled: false,
-					Image:   "golang:alpine",
+					Image:   "alpine:3.20",
 				},
 			},
 			Filesystem: FilesystemConfig{},
--- a/pkg/tools/shell.go
+++ b/pkg/tools/shell.go
@@ -86,7 +86,9 @@ func (t *ExecTool) executeInSandbox(ctx context.Context, command, cwd string) (s
 	absCwd, _ := filepath.Abs(cwd)
 	dockerArgs := []string{
 		"run", "--rm",
-		"-v", fmt.Sprintf("%s:/app", absCwd),
+		"--privileged",
+		"--user", "0:0",
+		"-v", fmt.Sprintf("%s:/app:rw", absCwd),
 		"-w", "/app",
 		t.sandboxImage,
 		"sh", "-c", command,