overrides = new HashMap<>();
+ }
+}
diff --git a/back/src/main/java/com/linkwork/config/ImageBuildConfig.java b/back/src/main/java/com/linkwork/config/ImageBuildConfig.java
new file mode 100644
index 0000000..148f548
--- /dev/null
+++ b/back/src/main/java/com/linkwork/config/ImageBuildConfig.java
@@ -0,0 +1,142 @@
+package com.linkwork.config;
+
+import lombok.Data;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * 镜像构建配置
+ *
+ * 设计说明:
+ * - 仅构建 Agent 镜像,Runner 由运行时 agent 启动
+ */
+@Data
+@Configuration
+@ConfigurationProperties(prefix = "image-build")
+public class ImageBuildConfig {
+
+ /**
+ * 是否启用镜像构建
+ */
+ private boolean enabled = false;
+
+ /**
+ * 是否推送镜像到仓库(K8s 模式)
+ * 设置为 false 时只构建不推送,适用于测试环境
+ */
+ private boolean pushEnabled = false;
+
+ /**
+ * 镜像拉取策略
+ * - Always: 总是拉取(默认,需要镜像在仓库中)
+ * - IfNotPresent: 本地有则不拉取(适合本地构建 + 单节点/共享 Docker)
+ * - Never: 从不拉取(要求镜像必须已在节点上)
+ */
+ private String imagePullPolicy = "IfNotPresent";
+
+ /**
+ * K8s 拉取私有镜像的 Secret 名称
+ * 需要在 K8s 中预先创建,或由服务自动创建
+ */
+ private String imagePullSecret = "robot-registry-secret";
+
+ /**
+ * Docker 连接配置
+ * 默认使用 unix socket: unix:///var/run/docker.sock
+ */
+ private String dockerHost = "unix:///var/run/docker.sock";
+
+ /**
+ * 默认 Agent 基础镜像(K8s 模式构建使用内网 Harbor)
+ */
+ private String defaultAgentBaseImage = "10.30.107.146/robot/rockylinux9-agent@sha256:b49d75f52f6b3c55bbf90427f0df0e97bc8e3f3e03727721cafc2c9d775b8975";
+
+ /**
+ * Compose 模式基础镜像(用户本地构建,需要可公开拉取的镜像)
+ */
+ private String composeBaseImage = "rockylinux:9";
+
+ /**
+ * 镜像仓库地址
+ * K8s 模式下构建的镜像会推送到此仓库
+ */
+ private String registry = "";
+
+ /**
+ * 镜像仓库用户名
+ */
+ private String registryUsername = "";
+
+ /**
+ * 镜像仓库密码
+ */
+ private String registryPassword = "";
+
+ /**
+ * 构建脚本路径
+ * 此脚本会在 Dockerfile 中被 COPY 并执行
+ */
+ private String buildScriptPath = "/opt/scripts/build.sh";
+
+ /**
+ * 构建超时时间(秒)
+ */
+ private int buildTimeout = 300;
+
+ /**
+ * 入口点脚本名称
+ */
+ private String entrypointScript = "/entrypoint.sh";
+
+ /**
+ * 构建上下文临时目录
+ */
+ private String buildContextDir = "/tmp/docker-build";
+
+ /**
+ * 是否启用本地镜像自动同步到 Kind 节点(仅 K8s + 未配置镜像仓库时生效)
+ */
+ private boolean autoLoadToKind = true;
+
+ /**
+ * 指定 Kind 集群名;为空时自动发现所有 Kind 集群节点
+ */
+ private String kindClusterName = "";
+
+ /**
+ * Kind 节点镜像导入超时时间(秒)
+ */
+ private int kindLoadTimeout = 600;
+
+ /**
+ * 是否启用本地镜像定期清理
+ */
+ private boolean localCleanupEnabled = true;
+
+ /**
+ * 本地构建镜像保留小时数(超过后尝试删除,运行中镜像会跳过)
+ */
+ private int localImageRetentionHours = 24;
+
+ /**
+ * 本地镜像清理 Cron(默认每小时第 40 分钟)
+ */
+ private String localCleanupCron = "0 40 * * * *";
+
+ /**
+ * 是否在 Kind 节点执行未使用镜像 prune
+ */
+ private boolean kindPruneEnabled = true;
+
+ /**
+ * SDK 源码在镜像中的目标路径
+ * 从项目内置 build-assets/sdk-source/ 目录拷贝
+ */
+ private String sdkSourcePath = "/opt/linkwork-agent-build/sdk-source";
+
+ /**
+ * zzd 二进制文件在镜像中的目标路径
+ * 从项目内置 build-assets/zzd-binaries/ 目录拷贝
+ */
+ private String zzdBinariesPath = "/opt/linkwork-agent-build/zzd-binaries";
+}
diff --git a/back/src/main/java/com/linkwork/config/JacksonConfig.java b/back/src/main/java/com/linkwork/config/JacksonConfig.java
new file mode 100644
index 0000000..bed1b91
--- /dev/null
+++ b/back/src/main/java/com/linkwork/config/JacksonConfig.java
@@ -0,0 +1,40 @@
+package com.linkwork.config;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.databind.SerializationFeature;
+import com.fasterxml.jackson.datatype.jsr310.JavaTimeModule;
+import org.springframework.boot.autoconfigure.jackson.Jackson2ObjectMapperBuilderCustomizer;
+import org.springframework.boot.autoconfigure.jackson.JacksonProperties;
+import org.springframework.boot.jackson.JsonComponentModule;
+import org.springframework.boot.jackson.JsonMixinModule;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Primary;
+import org.springframework.http.converter.json.Jackson2ObjectMapperBuilder;
+
+@Configuration
+public class JacksonConfig {
+
+ @Bean
+ public Jackson2ObjectMapperBuilderCustomizer jackson2ObjectMapperBuilderCustomizer() {
+ return builder -> builder
+ .modulesToInstall(JavaTimeModule.class)
+ .featuresToDisable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS);
+ }
+
+ /**
+ * MCP starter 可能在自动配置阶段提前注册一个裸 ObjectMapper,导致 Web 层缺少 JavaTime 支持。
+ * 这里显式提供主 ObjectMapper,确保 MVC 与业务注入都使用支持 LocalDateTime 的配置。
+ */
+ @Bean
+ @Primary
+ public ObjectMapper objectMapper(Jackson2ObjectMapperBuilder builder, JacksonProperties properties) {
+ builder.modules(new JsonComponentModule(), new JsonMixinModule(), new JavaTimeModule());
+ ObjectMapper objectMapper = builder.build();
+ objectMapper.disable(SerializationFeature.WRITE_DATES_AS_TIMESTAMPS);
+ if (properties.getTimeZone() != null) {
+ objectMapper.setTimeZone(properties.getTimeZone());
+ }
+ return objectMapper;
+ }
+}
diff --git a/back/src/main/java/com/linkwork/config/KubernetesConfig.java b/back/src/main/java/com/linkwork/config/KubernetesConfig.java
new file mode 100644
index 0000000..19b2b8e
--- /dev/null
+++ b/back/src/main/java/com/linkwork/config/KubernetesConfig.java
@@ -0,0 +1,47 @@
+package com.linkwork.config;
+
+import io.fabric8.kubernetes.client.Config;
+import io.fabric8.kubernetes.client.KubernetesClient;
+import io.fabric8.kubernetes.client.KubernetesClientBuilder;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+
+/**
+ * Kubernetes 客户端配置
+ */
+@Configuration
+@Slf4j
+public class KubernetesConfig {
+
+ private final EnvConfig envConfig;
+
+ public KubernetesConfig(EnvConfig envConfig) {
+ this.envConfig = envConfig;
+ }
+
+ @Bean
+ public KubernetesClient kubernetesClient() {
+ String kubeconfigPath = envConfig.getCluster().getKubeconfigPath();
+
+ if (kubeconfigPath != null && !kubeconfigPath.isBlank()) {
+ log.info("Loading kubeconfig from: {}", kubeconfigPath);
+ try {
+ String kubeconfigContent = Files.readString(Path.of(kubeconfigPath));
+ Config config = Config.fromKubeconfig(kubeconfigContent);
+ return new KubernetesClientBuilder().withConfig(config).build();
+ } catch (IOException e) {
+ log.error("Failed to load kubeconfig from {}: {}", kubeconfigPath, e.getMessage());
+ throw new RuntimeException("Failed to load kubeconfig", e);
+ }
+ }
+
+ // 使用默认配置(从环境变量或默认路径)
+ log.info("Using default Kubernetes configuration");
+ return new KubernetesClientBuilder().build();
+ }
+}
diff --git a/back/src/main/java/com/linkwork/config/MemoryConfig.java b/back/src/main/java/com/linkwork/config/MemoryConfig.java
new file mode 100644
index 0000000..72bf8c4
--- /dev/null
+++ b/back/src/main/java/com/linkwork/config/MemoryConfig.java
@@ -0,0 +1,48 @@
+package com.linkwork.config;
+
+import lombok.Data;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+@Data
+@Configuration
+@ConfigurationProperties(prefix = "memory")
+public class MemoryConfig {
+
+ private boolean enabled = true;
+ private Milvus milvus = new Milvus();
+ private Embedding embedding = new Embedding();
+ private Index index = new Index();
+ private String ossMountPath = "/data/oss";
+
+ @Data
+ public static class Milvus {
+ private String uri = "http://milvus:19530";
+ private String token = "";
+ }
+
+ @Data
+ public static class Embedding {
+ private String model = "text-embedding-3-small";
+ private int dimension = 1536;
+ }
+
+ @Data
+ public static class Index {
+ private int maxChunkSize = 1500;
+ private int overlapLines = 2;
+ private String queueKey = "memory:index:jobs";
+ }
+
+ public String collectionName(String workstationId, String userId) {
+ return "memory_" + sanitize(workstationId) + "_" + sanitize(userId);
+ }
+
+ public String userCollectionName(String userId) {
+ return "memory_user_" + sanitize(userId);
+ }
+
+ private static String sanitize(String s) {
+ return s.replaceAll("[^a-zA-Z0-9_]", "_");
+ }
+}
diff --git a/back/src/main/java/com/linkwork/config/MyBatisPlusConfig.java b/back/src/main/java/com/linkwork/config/MyBatisPlusConfig.java
new file mode 100644
index 0000000..1eeea89
--- /dev/null
+++ b/back/src/main/java/com/linkwork/config/MyBatisPlusConfig.java
@@ -0,0 +1,47 @@
+package com.linkwork.config;
+
+import com.baomidou.mybatisplus.annotation.DbType;
+import com.baomidou.mybatisplus.core.handlers.MetaObjectHandler;
+import com.baomidou.mybatisplus.extension.plugins.MybatisPlusInterceptor;
+import com.baomidou.mybatisplus.extension.plugins.inner.PaginationInnerInterceptor;
+import org.apache.ibatis.reflection.MetaObject;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+import java.time.LocalDateTime;
+
+/**
+ * MyBatis Plus 配置
+ */
+@Configuration
+public class MyBatisPlusConfig {
+
+ /**
+ * 分页插件
+ */
+ @Bean
+ public MybatisPlusInterceptor mybatisPlusInterceptor() {
+ MybatisPlusInterceptor interceptor = new MybatisPlusInterceptor();
+ interceptor.addInnerInterceptor(new PaginationInnerInterceptor(DbType.MYSQL));
+ return interceptor;
+ }
+
+ /**
+ * 自动填充处理器
+ */
+ @Bean
+ public MetaObjectHandler metaObjectHandler() {
+ return new MetaObjectHandler() {
+ @Override
+ public void insertFill(MetaObject metaObject) {
+ this.strictInsertFill(metaObject, "createdAt", LocalDateTime.class, LocalDateTime.now());
+ this.strictInsertFill(metaObject, "updatedAt", LocalDateTime.class, LocalDateTime.now());
+ }
+
+ @Override
+ public void updateFill(MetaObject metaObject) {
+ this.strictUpdateFill(metaObject, "updatedAt", LocalDateTime.class, LocalDateTime.now());
+ }
+ };
+ }
+}
diff --git a/back/src/main/java/com/linkwork/config/NfsStorageConfig.java b/back/src/main/java/com/linkwork/config/NfsStorageConfig.java
new file mode 100644
index 0000000..a8e88cc
--- /dev/null
+++ b/back/src/main/java/com/linkwork/config/NfsStorageConfig.java
@@ -0,0 +1,40 @@
+package com.linkwork.config;
+
+import jakarta.annotation.PostConstruct;
+import lombok.Data;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+import java.nio.file.Files;
+import java.nio.file.Path;
+
+@Slf4j
+@Data
+@Configuration
+@ConfigurationProperties(prefix = "nfs.storage")
+public class NfsStorageConfig {
+
+ /** NFS 本地挂载根路径,后续更换 NFS 服务器只需重新 mount + 改此值 */
+ private String basePath = "/mnt/oss/robot-agent-files";
+
+ /** 后端文件下载 API 的 URL 前缀 */
+ private String downloadBaseUrl = "/api/v1/files";
+
+ /** 任务产出物下载 API 的 URL 前缀 */
+ private String taskOutputBaseUrl = "/api/v1/task-outputs";
+
+ @PostConstruct
+ public void validate() {
+ Path base = Path.of(basePath);
+ if (Files.isDirectory(base)) {
+ log.info("NFS storage configured: basePath={}", basePath);
+ } else {
+ log.warn("NFS storage basePath does not exist or is not a directory: {}", basePath);
+ }
+ }
+
+ public Path resolve(String relativePath) {
+ return Path.of(basePath).resolve(relativePath);
+ }
+}
diff --git a/back/src/main/java/com/linkwork/config/WebSocketConfig.java b/back/src/main/java/com/linkwork/config/WebSocketConfig.java
new file mode 100644
index 0000000..e64acc6
--- /dev/null
+++ b/back/src/main/java/com/linkwork/config/WebSocketConfig.java
@@ -0,0 +1,24 @@
+package com.linkwork.config;
+
+import com.linkwork.websocket.TaskWebSocketHandler;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.socket.config.annotation.EnableWebSocket;
+import org.springframework.web.socket.config.annotation.WebSocketConfigurer;
+import org.springframework.web.socket.config.annotation.WebSocketHandlerRegistry;
+
+@Configuration
+@EnableWebSocket
+public class WebSocketConfig implements WebSocketConfigurer {
+
+ private final TaskWebSocketHandler taskWebSocketHandler;
+
+ public WebSocketConfig(TaskWebSocketHandler taskWebSocketHandler) {
+ this.taskWebSocketHandler = taskWebSocketHandler;
+ }
+
+ @Override
+ public void registerWebSocketHandlers(WebSocketHandlerRegistry registry) {
+ registry.addHandler(taskWebSocketHandler, "/api/v1/ws", "/ws", "/ws/")
+ .setAllowedOrigins("*");
+ }
+}
diff --git a/back/src/main/java/com/linkwork/context/UserContext.java b/back/src/main/java/com/linkwork/context/UserContext.java
new file mode 100644
index 0000000..9dad7bc
--- /dev/null
+++ b/back/src/main/java/com/linkwork/context/UserContext.java
@@ -0,0 +1,61 @@
+package com.linkwork.context;
+
+/**
+ * 用户上下文(ThreadLocal)
+ *
+ * 替代现有的 X-User-Id Header 和 Mock 硬编码。
+ * 由 JwtAuthFilter 在请求进入时设置,请求结束时清除。
+ * 用户信息全部来自 JWT payload,不查数据库。
+ */
+public final class UserContext {
+
+ private static final ThreadLocal HOLDER = new ThreadLocal<>();
+
+ private UserContext() {
+ }
+
+ /**
+ * 设置当前用户(由 Filter 调用)
+ */
+ public static void set(UserInfo userInfo) {
+ HOLDER.set(userInfo);
+ }
+
+ /**
+ * 获取当前用户(完整信息)
+ */
+ public static UserInfo get() {
+ return HOLDER.get();
+ }
+
+ /**
+ * 获取当前用户 ID
+ */
+ public static String getCurrentUserId() {
+ UserInfo info = HOLDER.get();
+ return info != null ? info.getUserId() : null;
+ }
+
+ /**
+ * 获取当前用户姓名
+ */
+ public static String getCurrentUserName() {
+ UserInfo info = HOLDER.get();
+ return info != null ? info.getName() : null;
+ }
+
+ /**
+ * 获取当前用户邮箱
+ */
+ public static String getCurrentEmail() {
+ UserInfo info = HOLDER.get();
+ return info != null ? info.getEmail() : null;
+ }
+
+ /**
+ * 清除当前用户(由 Filter 在 finally 中调用,防止内存泄漏)
+ */
+ public static void clear() {
+ HOLDER.remove();
+ }
+}
diff --git a/back/src/main/java/com/linkwork/context/UserInfo.java b/back/src/main/java/com/linkwork/context/UserInfo.java
new file mode 100644
index 0000000..0efae09
--- /dev/null
+++ b/back/src/main/java/com/linkwork/context/UserInfo.java
@@ -0,0 +1,36 @@
+package com.linkwork.context;
+
+import lombok.AllArgsConstructor;
+import lombok.Builder;
+import lombok.Data;
+import lombok.NoArgsConstructor;
+
+import java.util.List;
+
+/**
+ * 当前登录用户信息(从 JWT payload 解析,不查数据库)
+ */
+@Data
+@Builder
+@NoArgsConstructor
+@AllArgsConstructor
+public class UserInfo {
+
+ /** 唯一用户标识 */
+ private String userId;
+
+ /** 姓名 */
+ private String name;
+
+ /** 邮箱 */
+ private String email;
+
+ /** 工号 */
+ private String workId;
+
+ /** 头像 URL */
+ private String avatarUrl;
+
+ /** 权限列表 */
+ private List permissions;
+}
diff --git a/back/src/main/java/com/linkwork/controller/ApprovalController.java b/back/src/main/java/com/linkwork/controller/ApprovalController.java
new file mode 100644
index 0000000..df15528
--- /dev/null
+++ b/back/src/main/java/com/linkwork/controller/ApprovalController.java
@@ -0,0 +1,116 @@
+package com.linkwork.controller;
+
+import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
+import com.linkwork.common.ApiResponse;
+import com.linkwork.common.ClientIpResolver;
+import com.linkwork.context.UserContext;
+import com.linkwork.model.entity.Approval;
+import com.linkwork.service.ApprovalService;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.web.bind.annotation.*;
+import org.springframework.util.StringUtils;
+
+import java.util.HashMap;
+import jakarta.servlet.http.HttpServletRequest;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * 审批控制器
+ */
+@Slf4j
+@RestController
+@RequestMapping("/api/v1/approvals")
+@CrossOrigin(origins = "*")
+@RequiredArgsConstructor
+public class ApprovalController {
+
+ private final ApprovalService approvalService;
+
+ /**
+ * 获取审批列表
+ * GET /api/v1/approvals
+ */
+ @GetMapping
+ public ApiResponse> listApprovals(
+ @RequestParam(required = false) String status,
+ @RequestParam(defaultValue = "1") Integer page,
+ @RequestParam(defaultValue = "20") Integer pageSize) {
+ String userId = UserContext.getCurrentUserId();
+ if (!StringUtils.hasText(userId)) {
+ throw new IllegalStateException("用户未登录或登录态失效");
+ }
+ log.info("获取审批列表: status={}, page={}, pageSize={}, userId={}", status, page, pageSize, userId);
+
+ Page approvalPage = approvalService.listApprovals(status, page, pageSize, userId);
+ List> items = approvalService.toResponseList(approvalPage.getRecords());
+
+ Map pagination = new HashMap<>();
+ pagination.put("page", approvalPage.getCurrent());
+ pagination.put("pageSize", approvalPage.getSize());
+ pagination.put("total", approvalPage.getTotal());
+ pagination.put("totalPages", approvalPage.getPages());
+
+ Map result = new HashMap<>();
+ result.put("items", items);
+ result.put("pagination", pagination);
+
+ return ApiResponse.success(result);
+ }
+
+ /**
+ * 获取审批统计
+ * GET /api/v1/approvals/stats
+ */
+ @GetMapping("/stats")
+ public ApiResponse> getStats() {
+ String userId = UserContext.getCurrentUserId();
+ if (!StringUtils.hasText(userId)) {
+ throw new IllegalStateException("用户未登录或登录态失效");
+ }
+ log.info("获取审批统计: userId={}", userId);
+ return ApiResponse.success(approvalService.getStats(userId));
+ }
+
+ /**
+ * 提交审批决策
+ * POST /api/v1/approvals/{approvalNo}/decision
+ */
+ @PostMapping("/{approvalNo}/decision")
+ public ApiResponse> decide(
+ @PathVariable String approvalNo,
+ @RequestBody Map request,
+ HttpServletRequest servletRequest) {
+ String userId = UserContext.getCurrentUserId();
+ String userName = UserContext.getCurrentUserName();
+ String decision = request.get("decision");
+ String comment = request.get("comment");
+ String operatorIp = ClientIpResolver.resolve(servletRequest);
+ log.info("审批决策: approvalNo={}, decision={}, userId={}, operatorIp={}", approvalNo, decision, userId, operatorIp);
+
+ Approval approval = approvalService.decide(approvalNo, decision, comment, userId, userName, operatorIp);
+ return ApiResponse.success(approvalService.toResponse(approval));
+ }
+
+ /**
+ * 创建审批请求(内部接口,由 Agent/Worker 调用)
+ * POST /api/v1/approvals/create
+ */
+ @PostMapping("/create")
+ public ApiResponse> createApproval(@RequestBody Map request) {
+ log.info("创建审批请求: taskNo={}, action={}", request.get("taskNo"), request.get("action"));
+
+ Approval approval = approvalService.createApproval(
+ request.get("taskNo"),
+ request.get("taskTitle"),
+ request.get("action"),
+ request.get("description"),
+ request.get("riskLevel"),
+ request.getOrDefault("creatorId", "agent"),
+ request.getOrDefault("creatorName", "AI Agent")
+ );
+
+ return ApiResponse.success(approvalService.toResponse(approval));
+ }
+}
diff --git a/back/src/main/java/com/linkwork/controller/AuthController.java b/back/src/main/java/com/linkwork/controller/AuthController.java
new file mode 100644
index 0000000..2d21200
--- /dev/null
+++ b/back/src/main/java/com/linkwork/controller/AuthController.java
@@ -0,0 +1,145 @@
+package com.linkwork.controller;
+
+import com.linkwork.common.ApiResponse;
+import com.linkwork.context.UserContext;
+import com.linkwork.context.UserInfo;
+import com.linkwork.service.AuthService;
+import com.fasterxml.jackson.annotation.JsonIgnoreProperties;
+import jakarta.servlet.http.Cookie;
+import jakarta.servlet.http.HttpServletResponse;
+import jakarta.validation.Valid;
+import jakarta.validation.constraints.NotBlank;
+import lombok.Data;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * 认证控制器
+ * 处理登录验证和 Token 校验
+ */
+@Slf4j
+@RestController
+@RequestMapping("/api/v1/auth")
+@CrossOrigin(origins = "*")
+@RequiredArgsConstructor
+public class AuthController {
+
+ private final AuthService authService;
+ public static final String COOKIE_NAME = "robot_token";
+
+ /**
+ * 登录验证
+ * POST /api/v1/auth/login
+ */
+ @PostMapping("/login")
+ public ApiResponse> login(@Valid @RequestBody LoginRequest request, HttpServletResponse response) {
+ log.info("登录请求");
+
+ // 验证密码
+ if (!authService.validatePassword(request.getPassword())) {
+ log.warn("密码验证失败");
+ return ApiResponse.error(40100, "密码错误");
+ }
+
+ // 生成 Token
+ String token = authService.generateToken("robot-user");
+
+ Cookie cookie = new Cookie(COOKIE_NAME, token);
+ cookie.setPath("/");
+ cookie.setHttpOnly(true);
+ cookie.setMaxAge(86400);
+ response.addCookie(cookie);
+
+ Map result = new HashMap<>();
+ result.put("token", token);
+ result.put("expiresIn", 86400); // 24 小时(秒)
+
+ log.info("登录成功");
+ return ApiResponse.success(result);
+ }
+
+ /**
+ * 验证 Token
+ * POST /api/v1/auth/verify
+ */
+ @PostMapping("/verify")
+ public ApiResponse> verify(@RequestHeader(value = "Authorization", required = false) String authHeader) {
+ if (authHeader == null || !authHeader.startsWith("Bearer ")) {
+ return ApiResponse.error(40101, "未提供有效的 Token");
+ }
+
+ String token = authHeader.substring(7);
+
+ if (!authService.validateToken(token)) {
+ return ApiResponse.error(40101, "Token 无效或已过期");
+ }
+
+ Map result = new HashMap<>();
+ result.put("valid", true);
+ result.put("subject", authService.getSubjectFromToken(token));
+
+ return ApiResponse.success(result);
+ }
+
+ /**
+ * 生成密码哈希(工具端点,生产环境可禁用)
+ * GET /api/v1/auth/encode?password=xxx
+ */
+ @GetMapping("/encode")
+ public ApiResponse> encodePassword(@RequestParam String password) {
+ String hash = authService.encodePassword(password);
+ Map result = new HashMap<>();
+ result.put("password", password);
+ result.put("hash", hash);
+ return ApiResponse.success(result);
+ }
+
+ /**
+ * 获取当前登录用户信息(从 JWT payload 解析)。
+ */
+ @GetMapping("/me")
+ public ApiResponse> me() {
+ UserInfo userInfo = UserContext.get();
+ if (userInfo == null) {
+ return ApiResponse.error(40100, "未登录");
+ }
+
+ Map data = new HashMap<>();
+ data.put("userId", userInfo.getUserId());
+ data.put("name", userInfo.getName());
+ data.put("email", userInfo.getEmail());
+ data.put("workId", userInfo.getWorkId());
+ data.put("avatarUrl", userInfo.getAvatarUrl());
+ data.put("permissions", userInfo.getPermissions());
+ return ApiResponse.success(data);
+ }
+
+ /**
+ * 登出:清理 token cookie。
+ */
+ @PostMapping("/logout")
+ public ApiResponse> logout(HttpServletResponse response) {
+ Cookie cookie = new Cookie(COOKIE_NAME, "");
+ cookie.setPath("/");
+ cookie.setHttpOnly(true);
+ cookie.setMaxAge(0);
+ response.addCookie(cookie);
+
+ Map data = new HashMap<>();
+ data.put("logoutUrl", "/login");
+ return ApiResponse.success(data);
+ }
+
+ @Data
+ @JsonIgnoreProperties(ignoreUnknown = true)
+ public static class LoginRequest {
+ private String username;
+
+ @NotBlank(message = "密码不能为空")
+ private String password;
+ }
+}
diff --git a/back/src/main/java/com/linkwork/controller/BuildLogController.java b/back/src/main/java/com/linkwork/controller/BuildLogController.java
new file mode 100644
index 0000000..80b6a0e
--- /dev/null
+++ b/back/src/main/java/com/linkwork/controller/BuildLogController.java
@@ -0,0 +1,174 @@
+package com.linkwork.controller;
+
+import com.linkwork.service.BuildLogBuffer;
+import com.linkwork.service.BuildRecordService;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.MediaType;
+import org.springframework.web.bind.annotation.*;
+import org.springframework.web.servlet.mvc.method.annotation.SseEmitter;
+
+import java.io.IOException;
+import java.util.List;
+import java.util.Map;
+import java.util.concurrent.TimeUnit;
+
+/**
+ * 构建日志 SSE 控制器
+ * 直接从 build.sh 执行输出推送日志,不依赖 Redis Stream
+ */
+@Slf4j
+@RestController
+@RequestMapping("/api/v1/build-logs")
+@RequiredArgsConstructor
+public class BuildLogController {
+
+ private final BuildLogBuffer logBuffer;
+ private final BuildRecordService buildRecordService;
+
+ /**
+ * 兼容旧查询入口:按 roleId 获取最近一次构建日志
+ */
+ @GetMapping
+ public Map getLogsByQuery(
+ @RequestParam(required = false) String buildId,
+ @RequestParam(required = false) Long roleId,
+ @RequestParam(defaultValue = "0") int afterIndex) {
+
+ String targetBuildId = buildId;
+ if ((targetBuildId == null || targetBuildId.isBlank()) && roleId != null) {
+ var latest = buildRecordService.getLatestByRoleId(roleId);
+ if (latest == null || latest.getBuildNo() == null || latest.getBuildNo().isBlank()) {
+ return Map.of(
+ "buildId", "",
+ "logs", List.of(),
+ "totalCount", 0,
+ "completed", true,
+ "success", false
+ );
+ }
+ targetBuildId = latest.getBuildNo();
+ }
+
+ if (targetBuildId == null || targetBuildId.isBlank()) {
+ throw new IllegalArgumentException("buildId 或 roleId 至少传一个");
+ }
+ return getLogs(targetBuildId, afterIndex);
+ }
+
+ /**
+ * SSE 端点:实时接收构建日志
+ *
+ * @param buildId 构建 ID
+ * @return SSE 事件流
+ */
+ @GetMapping(value = "/{buildId}/stream", produces = MediaType.TEXT_EVENT_STREAM_VALUE)
+ public SseEmitter streamLogs(@PathVariable String buildId) {
+ log.info("SSE connection opened for buildId: {}", buildId);
+
+ // 10 分钟超时
+ SseEmitter emitter = new SseEmitter(TimeUnit.MINUTES.toMillis(10));
+
+ // 先推送历史日志
+ List history = logBuffer.getHistory(buildId);
+ for (BuildLogBuffer.LogEntry entry : history) {
+ try {
+ emitter.send(SseEmitter.event()
+ .name("log")
+ .data(Map.of(
+ "timestamp", entry.timestamp(),
+ "level", entry.level(),
+ "message", entry.message()
+ )));
+ } catch (IOException e) {
+ log.debug("Failed to send history log: {}", e.getMessage());
+ }
+ }
+
+ // 如果构建已完成,发送完成事件并关闭
+ if (logBuffer.isCompleted(buildId)) {
+ try {
+ Boolean success = logBuffer.getCompletionStatus(buildId);
+ emitter.send(SseEmitter.event().name("complete").data(Map.of(
+ "success", success != null ? success : false,
+ "message", success != null && success ? "构建成功" : "构建失败"
+ )));
+ emitter.complete();
+ } catch (IOException e) {
+ log.debug("Failed to send complete event: {}", e.getMessage());
+ }
+ return emitter;
+ }
+
+ // 订阅新日志
+ java.util.function.Consumer subscriber = entry -> {
+ try {
+ emitter.send(SseEmitter.event()
+ .name("log")
+ .data(Map.of(
+ "timestamp", entry.timestamp(),
+ "level", entry.level(),
+ "message", entry.message()
+ )));
+
+ // 检查是否完成
+ if (logBuffer.isCompleted(buildId)) {
+ Boolean success = logBuffer.getCompletionStatus(buildId);
+ emitter.send(SseEmitter.event().name("complete").data(Map.of(
+ "success", success != null ? success : false,
+ "message", success != null && success ? "构建成功" : "构建失败"
+ )));
+ emitter.complete();
+ }
+ } catch (IOException e) {
+ log.debug("Failed to send log via SSE: {}", e.getMessage());
+ }
+ };
+
+ logBuffer.subscribe(buildId, subscriber);
+
+ // 连接关闭时取消订阅
+ emitter.onCompletion(() -> {
+ logBuffer.unsubscribe(buildId, subscriber);
+ log.debug("SSE connection completed for buildId: {}", buildId);
+ });
+
+ emitter.onTimeout(() -> {
+ logBuffer.unsubscribe(buildId, subscriber);
+ log.debug("SSE connection timeout for buildId: {}", buildId);
+ });
+
+ emitter.onError(e -> {
+ logBuffer.unsubscribe(buildId, subscriber);
+ log.debug("SSE connection error for buildId: {}", buildId);
+ });
+
+ return emitter;
+ }
+
+ /**
+ * 轮询接口:获取历史日志(备用)
+ */
+ @GetMapping("/{buildId}")
+ public Map getLogs(
+ @PathVariable String buildId,
+ @RequestParam(defaultValue = "0") int afterIndex) {
+
+ List logs = logBuffer.getLogsAfter(buildId, afterIndex);
+ List allLogs = logBuffer.getHistory(buildId);
+ boolean completed = logBuffer.isCompleted(buildId);
+ Boolean success = logBuffer.getCompletionStatus(buildId);
+
+ return Map.of(
+ "buildId", buildId,
+ "logs", logs.stream().map(e -> Map.of(
+ "timestamp", e.timestamp(),
+ "level", e.level(),
+ "message", e.message()
+ )).toList(),
+ "totalCount", allLogs.size(),
+ "completed", completed,
+ "success", success != null ? success : false
+ );
+ }
+}
diff --git a/back/src/main/java/com/linkwork/controller/BuildQueueController.java b/back/src/main/java/com/linkwork/controller/BuildQueueController.java
new file mode 100644
index 0000000..404f310
--- /dev/null
+++ b/back/src/main/java/com/linkwork/controller/BuildQueueController.java
@@ -0,0 +1,106 @@
+package com.linkwork.controller;
+
+import com.linkwork.common.ApiResponse;
+import com.linkwork.model.dto.BuildQueueStatus;
+import com.linkwork.service.BuildQueueService;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.*;
+
+/**
+ * 构建队列控制器
+ *
+ * 提供队列状态查询和任务管理 API
+ */
+@RestController
+@RequestMapping("/api/v1/build-queue")
+@Slf4j
+public class BuildQueueController {
+
+ private final BuildQueueService buildQueueService;
+
+ public BuildQueueController(BuildQueueService buildQueueService) {
+ this.buildQueueService = buildQueueService;
+ }
+
+ /**
+ * 获取队列状态
+ *
+ * 返回:等待任务数、执行中任务数、系统资源状态等
+ */
+ @GetMapping("/status")
+ public ResponseEntity> getStatus() {
+ if (!buildQueueService.isEnabled()) {
+ return ResponseEntity.ok(ApiResponse.error("Build queue is disabled"));
+ }
+
+ BuildQueueStatus status = buildQueueService.getStatus();
+ return ResponseEntity.ok(ApiResponse.success(status));
+ }
+
+ /**
+ * 获取任务在队列中的位置
+ *
+ * @param buildId 构建 ID
+ * @return 位置信息:正数表示排队位置,-1 表示正在执行,null 表示不存在
+ */
+ @GetMapping("/position/{buildId}")
+ public ResponseEntity> getPosition(@PathVariable String buildId) {
+ if (!buildQueueService.isEnabled()) {
+ return ResponseEntity.ok(ApiResponse.error("Build queue is disabled"));
+ }
+
+ Integer position = buildQueueService.getPosition(buildId);
+
+ if (position == null) {
+ return ResponseEntity.ok(ApiResponse.error("Task not found in queue"));
+ }
+
+ String status;
+ String message;
+ if (position == -1) {
+ status = "RUNNING";
+ message = "Task is currently executing";
+ } else {
+ status = "WAITING";
+ message = "Task is waiting at position " + position;
+ }
+
+ PositionResponse response = new PositionResponse(buildId, position, status, message);
+ return ResponseEntity.ok(ApiResponse.success(response));
+ }
+
+ /**
+ * 取消排队中的任务
+ *
+ * 注意:只能取消等待中的任务,正在执行的任务无法取消
+ *
+ * @param buildId 构建 ID
+ */
+ @DeleteMapping("/{buildId}")
+ public ResponseEntity> cancel(@PathVariable String buildId) {
+ if (!buildQueueService.isEnabled()) {
+ return ResponseEntity.ok(ApiResponse.error("Build queue is disabled"));
+ }
+
+ log.info("收到取消任务请求: buildId={}", buildId);
+
+ boolean cancelled = buildQueueService.cancel(buildId);
+
+ if (cancelled) {
+ return ResponseEntity.ok(ApiResponse.success(null));
+ } else {
+ return ResponseEntity.ok(ApiResponse.error("Cannot cancel task: either running or not found"));
+ }
+ }
+
+ /**
+ * 位置响应 DTO
+ */
+ public record PositionResponse(
+ String buildId,
+ int position,
+ String status,
+ String message
+ ) {}
+}
diff --git a/back/src/main/java/com/linkwork/controller/BuildRecordController.java b/back/src/main/java/com/linkwork/controller/BuildRecordController.java
new file mode 100644
index 0000000..386fc88
--- /dev/null
+++ b/back/src/main/java/com/linkwork/controller/BuildRecordController.java
@@ -0,0 +1,121 @@
+package com.linkwork.controller;
+
+import com.linkwork.model.entity.BuildRecordEntity;
+import com.linkwork.service.BuildRecordService;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.web.bind.annotation.*;
+
+import java.time.LocalDateTime;
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * 构建记录 Controller
+ *
+ * 提供构建历史查询接口
+ */
+@Slf4j
+@RestController
+@RequestMapping("/api/v1/build-records")
+@CrossOrigin(origins = "*")
+@RequiredArgsConstructor
+public class BuildRecordController {
+
+ private final BuildRecordService buildRecordService;
+
+ /**
+ * 获取构建记录列表
+ *
+ * @param roleId 岗位 ID(可选,不传则查询所有)
+ * @param status 状态过滤(可选)
+ * @param page 页码
+ * @param pageSize 每页数量
+ */
+ @GetMapping
+ public Map listBuildRecords(
+ @RequestParam(required = false) Long roleId,
+ @RequestParam(required = false) String status,
+ @RequestParam(defaultValue = "1") int page,
+ @RequestParam(defaultValue = "20") int pageSize) {
+
+ Map response = new HashMap<>();
+ response.put("code", 0);
+ response.put("msg", "success");
+ response.put("timestamp", LocalDateTime.now().toString());
+
+ Map data;
+ if (roleId != null) {
+ data = buildRecordService.listByRoleId(roleId, page, pageSize);
+ } else {
+ data = buildRecordService.listRecent(page, pageSize, status);
+ }
+ response.put("data", data);
+
+ return response;
+ }
+
+ /**
+ * 根据构建编号获取详情
+ */
+ @GetMapping("/{buildNo}")
+ public Map getBuildRecord(@PathVariable String buildNo) {
+ Map response = new HashMap<>();
+
+ BuildRecordEntity entity = buildRecordService.getByBuildNo(buildNo);
+ if (entity == null) {
+ response.put("code", 404);
+ response.put("msg", "Build record not found: " + buildNo);
+ response.put("timestamp", LocalDateTime.now().toString());
+ return response;
+ }
+
+ response.put("code", 0);
+ response.put("msg", "success");
+ response.put("timestamp", LocalDateTime.now().toString());
+
+ Map data = new HashMap<>();
+ data.put("id", entity.getId().toString());
+ data.put("buildNo", entity.getBuildNo());
+ data.put("roleId", entity.getRoleId() != null ? entity.getRoleId().toString() : null);
+ data.put("roleName", entity.getRoleName());
+ data.put("status", entity.getStatus());
+ data.put("imageTag", entity.getImageTag());
+ data.put("durationMs", entity.getDurationMs());
+ data.put("errorMessage", entity.getErrorMessage());
+ data.put("configSnapshot", entity.getConfigSnapshot());
+ data.put("creatorId", entity.getCreatorId());
+ data.put("creatorName", entity.getCreatorName());
+ data.put("createdAt", entity.getCreatedAt() != null ? entity.getCreatedAt().toString() : null);
+ data.put("updatedAt", entity.getUpdatedAt() != null ? entity.getUpdatedAt().toString() : null);
+
+ response.put("data", data);
+ return response;
+ }
+
+ /**
+ * 获取岗位最新一次构建记录
+ */
+ @GetMapping("/role/{roleId}/latest")
+ public Map getLatestBuildRecord(@PathVariable Long roleId) {
+ Map response = new HashMap<>();
+
+ Map records = buildRecordService.listByRoleId(roleId, 1, 1);
+ @SuppressWarnings("unchecked")
+ java.util.List> items = (java.util.List>) records.get("items");
+
+ if (items == null || items.isEmpty()) {
+ response.put("code", 0);
+ response.put("msg", "success");
+ response.put("data", null);
+ response.put("timestamp", LocalDateTime.now().toString());
+ return response;
+ }
+
+ response.put("code", 0);
+ response.put("msg", "success");
+ response.put("data", items.get(0));
+ response.put("timestamp", LocalDateTime.now().toString());
+ return response;
+ }
+}
diff --git a/back/src/main/java/com/linkwork/controller/CronJobController.java b/back/src/main/java/com/linkwork/controller/CronJobController.java
new file mode 100644
index 0000000..829a59f
--- /dev/null
+++ b/back/src/main/java/com/linkwork/controller/CronJobController.java
@@ -0,0 +1,106 @@
+package com.linkwork.controller;
+
+import com.linkwork.common.ApiResponse;
+import com.linkwork.context.UserContext;
+import com.linkwork.model.dto.CronJobCreateRequest;
+import com.linkwork.model.dto.CronJobResponse;
+import com.linkwork.model.dto.CronJobRunResponse;
+import com.linkwork.model.dto.CronJobToggleRequest;
+import com.linkwork.model.dto.CronJobUpdateRequest;
+import com.linkwork.model.dto.CronSchedulePreviewRequest;
+import com.linkwork.model.entity.CronJob;
+import com.linkwork.model.entity.CronJobRun;
+import com.linkwork.service.CronJobExecutor;
+import com.linkwork.service.CronJobService;
+import jakarta.validation.Valid;
+import lombok.RequiredArgsConstructor;
+import org.springframework.util.StringUtils;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.Map;
+
+@RestController
+@RequestMapping("/api/v1/cron-jobs")
+@RequiredArgsConstructor
+public class CronJobController {
+
+ private final CronJobService cronJobService;
+ private final CronJobExecutor cronJobExecutor;
+
+ @PostMapping
+ public ApiResponse create(@Valid @RequestBody CronJobCreateRequest request) {
+ String userId = UserContext.getCurrentUserId();
+ String userName = UserContext.getCurrentUserName();
+ return ApiResponse.success(cronJobService.create(request, userId, userName));
+ }
+
+ @PostMapping("/preview")
+ public ApiResponse> preview(@RequestBody CronSchedulePreviewRequest request) {
+ return ApiResponse.success(Map.of(
+ "nextFireTimes",
+ cronJobService.previewSchedule(request.getScheduleType(), request.getCronExpr(), request.getIntervalMs(),
+ request.getRunAt(), request.getTimezone(), request.getLimit())
+ ));
+ }
+
+ @GetMapping
+ public ApiResponse> listMine(
+ @RequestParam(value = "scope", defaultValue = "mine") String scope,
+ @RequestParam(value = "roleId", required = false) Long roleId,
+ @RequestParam(value = "enabled", required = false) Boolean enabled,
+ @RequestParam(value = "scheduleType", required = false) String scheduleType,
+ @RequestParam(value = "keyword", required = false) String keyword,
+ @RequestParam(value = "page", defaultValue = "1") Integer page,
+ @RequestParam(value = "pageSize", defaultValue = "20") Integer pageSize) {
+ if (StringUtils.hasText(scope) && !"mine".equalsIgnoreCase(scope.trim())) {
+ throw new IllegalArgumentException("MVP 仅支持 scope=mine");
+ }
+ return ApiResponse.success(cronJobService.listMine(
+ UserContext.getCurrentUserId(), roleId, enabled, scheduleType, keyword, page, pageSize));
+ }
+
+ @GetMapping("/{id}")
+ public ApiResponse detail(@PathVariable Long id) {
+ return ApiResponse.success(cronJobService.getDetail(id, UserContext.getCurrentUserId()));
+ }
+
+ @PutMapping("/{id}")
+ public ApiResponse update(@PathVariable Long id,
+ @Valid @RequestBody CronJobUpdateRequest request) {
+ return ApiResponse.success(cronJobService.update(id, request, UserContext.getCurrentUserId()));
+ }
+
+ @PutMapping("/{id}/toggle")
+ public ApiResponse toggle(@PathVariable Long id,
+ @Valid @RequestBody CronJobToggleRequest request) {
+ return ApiResponse.success(cronJobService.toggle(id, request, UserContext.getCurrentUserId()));
+ }
+
+ @PostMapping("/{id}/trigger")
+ public ApiResponse trigger(@PathVariable Long id) {
+ CronJob job = cronJobService.getOwnedJob(id, UserContext.getCurrentUserId());
+ CronJobRun run = cronJobExecutor.dispatchManual(job);
+ return ApiResponse.success(cronJobService.toRunResponse(run));
+ }
+
+ @GetMapping("/{id}/runs")
+ public ApiResponse> listRuns(@PathVariable Long id,
+ @RequestParam(value = "page", defaultValue = "1") Integer page,
+ @RequestParam(value = "pageSize", defaultValue = "20") Integer pageSize) {
+ return ApiResponse.success(cronJobService.listRuns(id, UserContext.getCurrentUserId(), page, pageSize));
+ }
+
+ @DeleteMapping("/{id}")
+ public ApiResponse delete(@PathVariable Long id) {
+ cronJobService.delete(id, UserContext.getCurrentUserId());
+ return ApiResponse.success();
+ }
+}
diff --git a/back/src/main/java/com/linkwork/controller/FileController.java b/back/src/main/java/com/linkwork/controller/FileController.java
new file mode 100644
index 0000000..68697d7
--- /dev/null
+++ b/back/src/main/java/com/linkwork/controller/FileController.java
@@ -0,0 +1,191 @@
+package com.linkwork.controller;
+
+import com.linkwork.common.ApiResponse;
+import com.linkwork.context.UserContext;
+import com.linkwork.model.dto.CreateFolderRequest;
+import com.linkwork.model.dto.FileMentionResponse;
+import com.linkwork.model.dto.FileNodeResponse;
+import com.linkwork.model.dto.FileResponse;
+import com.linkwork.model.dto.FileSpaceSyncRequest;
+import com.linkwork.model.dto.FileSpaceSyncResponse;
+import com.linkwork.model.dto.FileTransferRequest;
+import com.linkwork.service.FileNodeService;
+import com.linkwork.service.FileSpaceSyncService;
+import com.linkwork.service.FileService;
+import com.linkwork.service.NfsStorageService;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.core.io.InputStreamResource;
+import org.springframework.core.io.Resource;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.*;
+import org.springframework.web.multipart.MultipartFile;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URLEncoder;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.util.List;
+import java.util.Map;
+
+@Slf4j
+@RestController
+@RequestMapping("/api/v1/files")
+@RequiredArgsConstructor
+public class FileController {
+
+ private final FileService fileService;
+ private final FileNodeService fileNodeService;
+ private final FileSpaceSyncService fileSpaceSyncService;
+ private final NfsStorageService nfsStorageService;
+
+ @PostMapping("/upload")
+ public ApiResponse uploadFile(
+ @RequestParam("file") MultipartFile file,
+ @RequestParam("spaceType") String spaceType,
+ @RequestParam(value = "workstationId", required = false) String workstationId,
+ @RequestParam(value = "conflictPolicy", required = false) String conflictPolicy,
+ @RequestParam(value = "parentId", required = false) String parentId) {
+ String userId = UserContext.getCurrentUserId();
+ return ApiResponse.success(fileService.uploadFile(file, spaceType, workstationId, userId, conflictPolicy, parentId));
+ }
+
+ @GetMapping("/tree")
+ public ApiResponse> listTree(
+ @RequestParam("spaceType") String spaceType,
+ @RequestParam(value = "workstationId", required = false) String workstationId,
+ @RequestParam(value = "parentId", required = false) String parentId) {
+ String userId = UserContext.getCurrentUserId();
+ return ApiResponse.success(fileNodeService.listChildren(spaceType, workstationId, parentId, userId));
+ }
+
+ @PostMapping("/sync")
+ public ApiResponse syncSpace(@RequestBody FileSpaceSyncRequest request) {
+ String userId = UserContext.getCurrentUserId();
+ return ApiResponse.success(fileSpaceSyncService.syncSpace(userId, request));
+ }
+
+ @PostMapping("/folders")
+ public ApiResponse createFolder(@RequestBody CreateFolderRequest request) {
+ String userId = UserContext.getCurrentUserId();
+ return ApiResponse.success(fileNodeService.createFolder(request, userId));
+ }
+
+ @PutMapping("/nodes/{nodeId}/rename")
+ public ApiResponse renameNode(@PathVariable String nodeId,
+ @RequestBody Map body) {
+ String userId = UserContext.getCurrentUserId();
+ fileNodeService.renameNode(nodeId, body.get("name"), userId);
+ return ApiResponse.success();
+ }
+
+ @DeleteMapping("/nodes/{nodeId}")
+ public ApiResponse deleteNode(@PathVariable String nodeId) {
+ String userId = UserContext.getCurrentUserId();
+ fileNodeService.deleteNode(nodeId, userId);
+ return ApiResponse.success();
+ }
+
+ @GetMapping
+ public ApiResponse> listFiles(
+ @RequestParam("spaceType") String spaceType,
+ @RequestParam(value = "workstationId", required = false) String workstationId,
+ @RequestParam(value = "fileType", required = false) String fileType,
+ @RequestParam(value = "keyword", required = false) String keyword,
+ @RequestParam(value = "page", defaultValue = "1") Integer page,
+ @RequestParam(value = "pageSize", defaultValue = "20") Integer pageSize) {
+ return ApiResponse.success(fileService.listFiles(spaceType, workstationId, fileType, keyword, page, pageSize,
+ UserContext.getCurrentUserId()));
+ }
+
+ @GetMapping("/{fileId}")
+ public ApiResponse getFileDetail(@PathVariable String fileId) {
+ return ApiResponse.success(fileService.getFileDetail(fileId, UserContext.getCurrentUserId()));
+ }
+
+ @GetMapping("/{fileId}/download")
+ public ResponseEntity downloadFile(
+ @PathVariable String fileId,
+ @RequestParam(value = "inline", defaultValue = "false") boolean inline) throws IOException {
+ String userId = UserContext.getCurrentUserId();
+ FileService.DownloadInfo info = fileService.getDownloadInfo(fileId, userId);
+
+ Path filePath = nfsStorageService.getAbsolutePath(info.storagePath());
+ if (!Files.exists(filePath)) {
+ throw new IllegalStateException("文件不存在于存储中: " + info.storagePath());
+ }
+
+ String encodedFileName = URLEncoder.encode(info.fileName(), StandardCharsets.UTF_8).replace("+", "%20");
+ String contentType = resolveContentType(info.contentType(), info.fileName(), filePath);
+ String disposition = inline ? "inline" : "attachment";
+ InputStream inputStream = Files.newInputStream(filePath);
+
+ return ResponseEntity.ok()
+ .header(HttpHeaders.CONTENT_DISPOSITION, disposition + "; filename*=UTF-8''" + encodedFileName)
+ .contentType(MediaType.parseMediaType(contentType))
+ .contentLength(Files.size(filePath))
+ .body(new InputStreamResource(inputStream));
+ }
+
+ private String resolveContentType(String rawContentType, String fileName, Path filePath) {
+ if (rawContentType != null && !rawContentType.isBlank()
+ && !"application/octet-stream".equalsIgnoreCase(rawContentType)) {
+ return rawContentType;
+ }
+ try {
+ String detected = Files.probeContentType(filePath);
+ if (detected != null && !detected.isBlank()) {
+ return detected;
+ }
+ } catch (IOException ignore) {
+ // noop, fall through to extension mapping
+ }
+ String lowerName = fileName == null ? "" : fileName.toLowerCase(java.util.Locale.ROOT);
+ if (lowerName.endsWith(".pdf")) {
+ return MediaType.APPLICATION_PDF_VALUE;
+ }
+ if (lowerName.endsWith(".md") || lowerName.endsWith(".txt") || lowerName.endsWith(".log")) {
+ return MediaType.TEXT_PLAIN_VALUE;
+ }
+ if (lowerName.endsWith(".json")) {
+ return MediaType.APPLICATION_JSON_VALUE;
+ }
+ return MediaType.APPLICATION_OCTET_STREAM_VALUE;
+ }
+
+ @DeleteMapping("/{fileId}")
+ public ApiResponse deleteFile(@PathVariable String fileId) {
+ fileService.deleteFile(fileId, UserContext.getCurrentUserId());
+ return ApiResponse.success();
+ }
+
+ @PutMapping("/{fileId}")
+ public ApiResponse replaceFile(
+ @PathVariable String fileId,
+ @RequestParam("file") MultipartFile file) {
+ return ApiResponse.success(fileService.replaceFile(fileId, file, UserContext.getCurrentUserId()));
+ }
+
+ @PostMapping("/{fileId}/copy")
+ public ApiResponse copyFile(@PathVariable String fileId,
+ @RequestBody FileTransferRequest request) {
+ return ApiResponse.success(fileService.copyFile(fileId, request, UserContext.getCurrentUserId()));
+ }
+
+ @PostMapping("/{fileId}/move")
+ public ApiResponse moveFile(@PathVariable String fileId,
+ @RequestBody FileTransferRequest request) {
+ return ApiResponse.success(fileService.moveFile(fileId, request, UserContext.getCurrentUserId()));
+ }
+
+ @GetMapping("/mention")
+ public ApiResponse> mentionFiles(
+ @RequestParam("workstationId") String workstationId,
+ @RequestParam(value = "keyword", required = false) String keyword) {
+ return ApiResponse.success(fileService.mentionFiles(workstationId, keyword, UserContext.getCurrentUserId()));
+ }
+}
diff --git a/back/src/main/java/com/linkwork/controller/GitLabAuthController.java b/back/src/main/java/com/linkwork/controller/GitLabAuthController.java
new file mode 100644
index 0000000..66d205f
--- /dev/null
+++ b/back/src/main/java/com/linkwork/controller/GitLabAuthController.java
@@ -0,0 +1,56 @@
+package com.linkwork.controller;
+
+import com.linkwork.common.ApiResponse;
+import com.linkwork.context.UserContext;
+import com.linkwork.model.entity.GitLabAuthEntity;
+import com.linkwork.service.GitLabAuthService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.List;
+import java.util.Map;
+
+@RestController
+@RequestMapping("/api/v1/auth/gitlab")
+@RequiredArgsConstructor
+public class GitLabAuthController {
+
+ private final GitLabAuthService gitLabAuthService;
+
+ @GetMapping("/url")
+ public ApiResponse> getAuthUrl(
+ @RequestParam(required = false) String redirectUri,
+ @RequestParam(defaultValue = "write") String scopeType) {
+ String url = gitLabAuthService.getAuthUrl(redirectUri, scopeType);
+ return ApiResponse.success(Map.of("url", url));
+ }
+
+ @PostMapping("/callback")
+ public ApiResponse callback(@RequestBody Map body) {
+ String userId = UserContext.getCurrentUserId();
+ String code = body.get("code");
+ String redirectUri = body.get("redirectUri");
+ String scopeType = body.getOrDefault("scopeType", "write");
+ gitLabAuthService.callback(userId, code, redirectUri, scopeType);
+ return ApiResponse.success(null);
+ }
+
+ @GetMapping("/users")
+ public ApiResponse> listUsers() {
+ String userId = UserContext.getCurrentUserId();
+ // We mask the tokens in the response
+ List list = gitLabAuthService.listUsers(userId);
+ list.forEach(item -> {
+ item.setAccessToken(null);
+ item.setRefreshToken(null);
+ });
+ return ApiResponse.success(list);
+ }
+
+ @DeleteMapping("/users/{id}")
+ public ApiResponse deleteUser(@PathVariable String id) {
+ String userId = UserContext.getCurrentUserId();
+ gitLabAuthService.deleteUser(userId, id);
+ return ApiResponse.success(null);
+ }
+}
diff --git a/back/src/main/java/com/linkwork/controller/HealthController.java b/back/src/main/java/com/linkwork/controller/HealthController.java
new file mode 100644
index 0000000..286dd95
--- /dev/null
+++ b/back/src/main/java/com/linkwork/controller/HealthController.java
@@ -0,0 +1,20 @@
+package com.linkwork.controller;
+
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.Map;
+
+@RestController
+public class HealthController {
+
+ /**
+ * 健康检查接口
+ * Docker 健康检查 + 外部监控使用
+ * 同时映射 /health 和 /api/v1/health
+ */
+ @GetMapping({"/health", "/api/v1/health"})
+ public Map health() {
+ return Map.of("status", "UP");
+ }
+}
diff --git a/back/src/main/java/com/linkwork/controller/ImageBuildController.java b/back/src/main/java/com/linkwork/controller/ImageBuildController.java
new file mode 100644
index 0000000..19a2076
--- /dev/null
+++ b/back/src/main/java/com/linkwork/controller/ImageBuildController.java
@@ -0,0 +1,80 @@
+package com.linkwork.controller;
+
+import com.linkwork.common.ApiResponse;
+import com.linkwork.service.ImageBuildService;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * 镜像构建 Controller
+ *
+ * 提供构建相关的配置查询接口
+ */
+@Slf4j
+@RestController
+@RequestMapping({"/api/v1/build", "/api/v1/image-build"})
+@CrossOrigin(origins = "*")
+@RequiredArgsConstructor
+public class ImageBuildController {
+
+ private final ImageBuildService imageBuildService;
+
+ /**
+ * 获取可选的构建基础镜像列表
+ *
+ * @return 基础镜像列表
+ */
+ @GetMapping("/base-images")
+ public ApiResponse> listBaseImages() {
+ List images = new ArrayList<>();
+ images.add(new BaseImageInfo(
+ "10.30.107.146/robot/rockylinux9-agent:v1.3",
+ "Rocky Linux 9 Agent v1.3",
+ "开发机默认基础镜像(优先使用本地缓存)",
+ true
+ ));
+ images.add(new BaseImageInfo(
+ "rockylinux/rockylinux:9.6",
+ "Rocky Linux 9.6",
+ "公共回退基础镜像(仅当 v1.3 不可用时使用)",
+ false
+ ));
+ images.add(new BaseImageInfo(
+ "10.30.107.146/robot/rockylinux9-agent@sha256:b49d75f52f6b3c55bbf90427f0df0e97bc8e3f3e03727721cafc2c9d775b8975",
+ "Rocky Linux 9 Agent",
+ "内网固定 digest 基础镜像(需内网仓库可达)",
+ false
+ ));
+ return ApiResponse.success(images);
+ }
+
+ /**
+ * 手动触发一次本地镜像运维动作:
+ * - 清理过期 service-*-agent 本地镜像
+ * - 可选对 Kind 节点执行 crictl prune
+ */
+ @PostMapping("/ops/local-image-maintenance")
+ public ApiResponse> runLocalImageMaintenance() {
+ return ApiResponse.success(imageBuildService.runLocalImageMaintenance("manual"));
+ }
+
+ /**
+ * 基础镜像信息 DTO
+ *
+ * @param id 镜像标识(唯一)
+ * @param name 镜像显示名称
+ * @param description 镜像描述
+ * @param isDefault 是否为默认选项
+ */
+ public record BaseImageInfo(
+ String id,
+ String name,
+ String description,
+ boolean isDefault
+ ) {}
+}
diff --git a/back/src/main/java/com/linkwork/controller/K8sClusterController.java b/back/src/main/java/com/linkwork/controller/K8sClusterController.java
new file mode 100644
index 0000000..bca0b7a
--- /dev/null
+++ b/back/src/main/java/com/linkwork/controller/K8sClusterController.java
@@ -0,0 +1,150 @@
+package com.linkwork.controller;
+
+import com.linkwork.common.ApiResponse;
+import com.linkwork.context.UserContext;
+import com.linkwork.context.UserInfo;
+import com.linkwork.model.dto.*;
+import com.linkwork.service.K8sClusterService;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+/**
+ * K8s 集群监控 API
+ * 仅允许配置的 workId 用户访问
+ */
+@Slf4j
+@RestController
+@RequestMapping("/api/v1/k8s-monitor")
+@RequiredArgsConstructor
+public class K8sClusterController {
+
+ private final K8sClusterService k8sClusterService;
+
+ @Value("${schedule.cluster.namespace:ai-worker}")
+ private String defaultNamespace;
+
+ @Value("${robot.k8s-monitor.allowed-users:}")
+ private String allowedUsersConfig;
+
+ private Set getAllowedUsers() {
+ Set set = new HashSet<>();
+ for (String id : allowedUsersConfig.split(",")) {
+ String trimmed = id.trim();
+ if (!trimmed.isEmpty()) {
+ set.add(trimmed);
+ }
+ }
+ return set;
+ }
+
+ private boolean isUserAllowed(UserInfo user) {
+ if (user == null) return false;
+ Set allowed = getAllowedUsers();
+ if (user.getWorkId() != null && allowed.contains(user.getWorkId().trim())) return true;
+ if (user.getUserId() != null && allowed.contains(user.getUserId().trim())) return true;
+ return false;
+ }
+
+ private String resolveNamespace(String namespace) {
+ return (namespace == null || namespace.isBlank()) ? defaultNamespace : namespace;
+ }
+
+ private void checkPermission() {
+ UserInfo user = UserContext.get();
+ if (user == null) {
+ throw new SecurityException("未登录");
+ }
+ if (!isUserAllowed(user)) {
+ log.warn("K8s Monitor 访问被拒绝: userId={}, workId={}, name={}", user.getUserId(), user.getWorkId(), user.getName());
+ throw new SecurityException("无权访问 K8s 集群监控");
+ }
+ }
+
+ @GetMapping("/access-check")
+ public ApiResponse checkAccess() {
+ UserInfo user = UserContext.get();
+ if (user == null) return ApiResponse.success(false);
+ log.debug("K8s Monitor access-check: userId={}, workId={}, name={}", user.getUserId(), user.getWorkId(), user.getName());
+ return ApiResponse.success(isUserAllowed(user));
+ }
+
+ @GetMapping("/namespaces")
+ public ApiResponse> namespaces() {
+ checkPermission();
+ return ApiResponse.success(k8sClusterService.listNamespaces());
+ }
+
+ @GetMapping("/overview")
+ public ApiResponse overview(@RequestParam(required = false) String namespace) {
+ checkPermission();
+ return ApiResponse.success(k8sClusterService.getOverview(resolveNamespace(namespace)));
+ }
+
+ @GetMapping("/nodes")
+ public ApiResponse> nodes() {
+ checkPermission();
+ return ApiResponse.success(k8sClusterService.listNodes());
+ }
+
+ @GetMapping("/pods")
+ public ApiResponse> pods(
+ @RequestParam(required = false) String namespace,
+ @RequestParam(required = false) String status,
+ @RequestParam(required = false) String node,
+ @RequestParam(required = false) String podGroup) {
+ checkPermission();
+ return ApiResponse.success(k8sClusterService.listPods(resolveNamespace(namespace), status, node, podGroup));
+ }
+
+ @GetMapping("/podgroups")
+ public ApiResponse> podGroups(@RequestParam(required = false) String namespace) {
+ checkPermission();
+ return ApiResponse.success(k8sClusterService.listPodGroups(resolveNamespace(namespace)));
+ }
+
+ @GetMapping("/pods/{podName}/logs")
+ public ApiResponse podLogs(
+ @PathVariable String podName,
+ @RequestParam(required = false) String namespace,
+ @RequestParam(required = false) String container,
+ @RequestParam(defaultValue = "200") int tailLines) {
+ checkPermission();
+ return ApiResponse.success(k8sClusterService.getPodLogs(resolveNamespace(namespace), podName, container, tailLines));
+ }
+
+ @GetMapping("/events")
+ public ApiResponse> events(
+ @RequestParam(required = false) String namespace,
+ @RequestParam(defaultValue = "50") int limit) {
+ checkPermission();
+ return ApiResponse.success(k8sClusterService.listEvents(resolveNamespace(namespace), limit));
+ }
+
+ @GetMapping("/pods/{podName}/events")
+ public ApiResponse> podEvents(
+ @PathVariable String podName,
+ @RequestParam(required = false) String namespace) {
+ checkPermission();
+ return ApiResponse.success(k8sClusterService.listPodEvents(resolveNamespace(namespace), podName));
+ }
+
+ @DeleteMapping("/pods/{podName}")
+ public ApiResponse deletePod(
+ @PathVariable String podName,
+ @RequestParam(required = false) String namespace) {
+ checkPermission();
+ k8sClusterService.deletePod(resolveNamespace(namespace), podName);
+ return ApiResponse.success("Pod " + podName + " deleted");
+ }
+
+ @ExceptionHandler(SecurityException.class)
+ public ApiResponse handleSecurity(SecurityException e) {
+ return ApiResponse.error(40300, e.getMessage());
+ }
+}
diff --git a/back/src/main/java/com/linkwork/controller/McpInternalController.java b/back/src/main/java/com/linkwork/controller/McpInternalController.java
new file mode 100644
index 0000000..6ae274b
--- /dev/null
+++ b/back/src/main/java/com/linkwork/controller/McpInternalController.java
@@ -0,0 +1,91 @@
+package com.linkwork.controller;
+
+import com.linkwork.common.ApiResponse;
+import com.linkwork.model.entity.McpServerEntity;
+import com.linkwork.model.entity.McpUserConfigEntity;
+import com.linkwork.model.entity.Task;
+import com.linkwork.model.enums.TaskStatus;
+import com.linkwork.service.McpServerService;
+import com.linkwork.service.McpUserConfigService;
+import com.linkwork.service.TaskService;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.web.bind.annotation.*;
+
+import java.time.LocalDateTime;
+import java.util.*;
+
+/**
+ * MCP Gateway 内部 API — 仅供 Gateway 调用,不经过用户认证
+ *
+ * /api/internal/** 路径已在 JwtAuthFilter 中放行
+ */
+@Slf4j
+@RestController
+@RequestMapping("/api/internal")
+@RequiredArgsConstructor
+public class McpInternalController {
+
+ private final McpServerService mcpServerService;
+ private final McpUserConfigService mcpUserConfigService;
+ private final TaskService taskService;
+
+ /**
+ * Gateway 定时拉取完整 MCP Server 注册表
+ */
+ @GetMapping("/mcp-servers/registry")
+ public ApiResponse> registry() {
+ List allServers = mcpServerService.listByTypes(List.of("http", "sse"));
+ List> servers = new ArrayList<>();
+
+ for (McpServerEntity s : allServers) {
+ Map entry = new LinkedHashMap<>();
+ entry.put("name", s.getName());
+ entry.put("type", s.getType());
+ entry.put("networkZone", s.getNetworkZone() != null ? s.getNetworkZone() : "external");
+ entry.put("url", s.getUrl());
+ entry.put("headers", s.getHeaders());
+ entry.put("healthCheckUrl", s.getHealthCheckUrl());
+ entry.put("status", s.getStatus());
+ servers.add(entry);
+ }
+
+ Map result = new LinkedHashMap<>();
+ result.put("servers", servers);
+ result.put("updatedAt", LocalDateTime.now().toString());
+ return ApiResponse.success(result);
+ }
+
+ /**
+ * Gateway 验证 taskId(即 taskNo)是否有效且未结束
+ */
+ @GetMapping("/tasks/{taskId}/validate")
+ public ApiResponse> validateTask(@PathVariable String taskId) {
+ Map data = new LinkedHashMap<>();
+ data.put("taskId", taskId);
+
+ try {
+ Task task = taskService.getTaskByNo(taskId);
+ boolean active = task.getStatus() == TaskStatus.PENDING
+ || task.getStatus() == TaskStatus.RUNNING
+ || task.getStatus() == TaskStatus.PENDING_AUTH;
+ data.put("valid", active);
+ data.put("userId", task.getCreatorId() != null ? task.getCreatorId() : "");
+ } catch (IllegalArgumentException e) {
+ data.put("valid", false);
+ data.put("userId", "");
+ }
+ return ApiResponse.success(data);
+ }
+
+ /**
+ * Gateway 查询用户个人 MCP 凭证
+ */
+ @GetMapping("/mcp-user-configs")
+ public ApiResponse getUserConfig(
+ @RequestParam String mcpName,
+ @RequestParam String userId) {
+ McpUserConfigEntity config = mcpUserConfigService.getByUserAndMcpName(userId, mcpName);
+ return ApiResponse.success(config);
+ }
+}
diff --git a/back/src/main/java/com/linkwork/controller/McpServerController.java b/back/src/main/java/com/linkwork/controller/McpServerController.java
new file mode 100644
index 0000000..4b88414
--- /dev/null
+++ b/back/src/main/java/com/linkwork/controller/McpServerController.java
@@ -0,0 +1,204 @@
+package com.linkwork.controller;
+
+import com.linkwork.common.ApiResponse;
+import com.linkwork.context.UserContext;
+import com.linkwork.model.dto.McpDiscoverResult;
+import com.linkwork.model.dto.McpProbeResult;
+import com.linkwork.model.entity.McpServerEntity;
+import com.linkwork.model.entity.RoleEntity;
+import com.linkwork.service.McpDiscoveryService;
+import com.linkwork.service.McpHealthChecker;
+import com.linkwork.service.McpServerService;
+import com.linkwork.service.RoleService;
+import com.linkwork.service.AdminAccessService;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.web.bind.annotation.*;
+
+import java.time.LocalDateTime;
+import java.util.*;
+import java.util.stream.Collectors;
+
+/**
+ * MCP 服务控制器
+ */
+@Slf4j
+@RestController
+@RequestMapping("/api/v1")
+@CrossOrigin(origins = "*")
+@RequiredArgsConstructor
+public class McpServerController {
+
+ private final McpServerService mcpServerService;
+ private final McpHealthChecker mcpHealthChecker;
+ private final McpDiscoveryService mcpDiscoveryService;
+ private final RoleService roleService;
+ private final AdminAccessService adminAccessService;
+
+ /**
+ * 获取 MCP 服务列表
+ */
+ @GetMapping("/mcp-servers")
+ public ApiResponse> listMcpServers(
+ @RequestParam(defaultValue = "1") int page,
+ @RequestParam(defaultValue = "20") int pageSize,
+ @RequestParam(required = false) String status,
+ @RequestParam(required = false) String keyword) {
+ String userId = UserContext.getCurrentUserId();
+ Map data = mcpServerService.listMcpServers(page, pageSize, status, keyword, userId);
+ return ApiResponse.success(data);
+ }
+
+ /**
+ * 获取所有可用的 MCP 服务(用于下拉选择)
+ */
+ @GetMapping("/mcp-servers/available")
+ public ApiResponse>> listAvailable() {
+ String userId = UserContext.getCurrentUserId();
+ List> data = mcpServerService.listAllAvailable(userId);
+ return ApiResponse.success(data);
+ }
+
+ /**
+ * 获取所有 MCP Server 的健康状态
+ */
+ @GetMapping("/mcp-servers/health")
+ public ApiResponse> getHealthStatus() {
+ String userId = UserContext.getCurrentUserId();
+ Map data = mcpServerService.getHealthStatus(userId);
+ return ApiResponse.success(data);
+ }
+
+ /**
+ * 获取单个 MCP 服务详情
+ */
+ @GetMapping("/mcp-servers/{id}")
+ public ApiResponse> getMcpServer(@PathVariable Long id) {
+ String userId = UserContext.getCurrentUserId();
+ Map entity = mcpServerService.getMcpServerForRead(id, userId);
+ return ApiResponse.success(entity);
+ }
+
+ /**
+ * 测试单个 MCP 服务的连通性
+ */
+ @PostMapping("/mcp-servers/{id}/test")
+ public ApiResponse testMcpServer(@PathVariable Long id) {
+ String userId = UserContext.getCurrentUserId();
+ McpServerEntity entity = mcpServerService.getMcpServerForManage(id, userId);
+ McpProbeResult result = mcpHealthChecker.probeSingle(entity);
+ // 同时更新 DB 健康状态
+ mcpServerService.updateHealth(entity.getId(), result.getStatus(), result.getLatencyMs(), result.getMessage(),
+ "online".equals(result.getStatus()) ? 0
+ : (entity.getConsecutiveFailures() != null ? entity.getConsecutiveFailures() + 1 : 1));
+ return ApiResponse.success(result);
+ }
+
+ /**
+ * 发现 MCP Server 的工具列表
+ *
+ * 对目标 MCP server 发送 JSON-RPC 请求(initialize → initialized → tools/list),
+ * 获取并返回工具清单。成功时同步更新 configJson。
+ */
+ @PostMapping("/mcp-servers/{id}/discover")
+ public ApiResponse discoverTools(@PathVariable Long id) {
+ String userId = UserContext.getCurrentUserId();
+ McpServerEntity entity = mcpServerService.getMcpServerForManage(id, userId);
+
+ McpDiscoverResult result = mcpDiscoveryService.discover(entity, userId);
+
+ // 如果成功,把 tools 存入 config_json
+ if (result.isSuccess() && result.getTools() != null) {
+ Map configJson = entity.getConfigJson();
+ if (configJson == null) {
+ configJson = new HashMap<>();
+ }
+ configJson.put("tools", result.getTools());
+ configJson.put("serverName", result.getServerName());
+ configJson.put("serverVersion", result.getServerVersion());
+ configJson.put("lastDiscoveredAt", LocalDateTime.now().toString());
+ entity.setConfigJson(configJson);
+ mcpServerService.updateById(entity);
+ }
+
+ return ApiResponse.success(result);
+ }
+
+ /**
+ * 创建 MCP 服务(支持 type/url/headers/healthCheckUrl/version/tags)
+ */
+ @PostMapping("/mcp-servers")
+ public ApiResponse> createMcpServer(
+ @RequestBody Map request) {
+ String userId = UserContext.getCurrentUserId();
+ String userName = UserContext.getCurrentUserName();
+ McpServerEntity entity = mcpServerService.createMcpServer(request, userId, userName);
+ return ApiResponse.success(Map.of("id", entity.getId(), "mcpNo", entity.getMcpNo()));
+ }
+
+ /**
+ * 更新 MCP 服务(支持 type/url/headers/healthCheckUrl/version/tags)
+ */
+ @PutMapping("/mcp-servers/{id}")
+ public ApiResponse> updateMcpServer(
+ @PathVariable Long id,
+ @RequestBody Map request) {
+ String userId = UserContext.getCurrentUserId();
+ String userName = UserContext.getCurrentUserName();
+ McpServerEntity entity = mcpServerService.updateMcpServer(id, request, userId, userName);
+ return ApiResponse.success(Map.of("id", entity.getId(), "mcpNo", entity.getMcpNo()));
+ }
+
+ /**
+ * 删除 MCP 服务
+ */
+ @DeleteMapping("/mcp-servers/{id}")
+ public ApiResponse deleteMcpServer(@PathVariable Long id) {
+ String userId = UserContext.getCurrentUserId();
+ mcpServerService.deleteMcpServer(id, userId);
+ return ApiResponse.success(null);
+ }
+
+ /**
+ * 根据岗位生成 mcp.json 配置
+ *
+ * 从岗位 configJson.mcp 中获取 MCP ID 列表,查询对应 MCP Server 配置,
+ * 生成 SDK 兼容的 mcp.json 格式。
+ */
+ @GetMapping("/roles/{roleId}/mcp-config")
+ public ApiResponse> getMcpConfigByRole(@PathVariable Long roleId) {
+ String userId = UserContext.getCurrentUserId();
+ RoleEntity role = roleService.getRoleForWrite(roleId, userId);
+
+ // 兼容数字 ID 和名称字符串两种格式
+ List mcpIds = new ArrayList<>();
+ if (role.getConfigJson() != null && role.getConfigJson().getMcp() != null) {
+ List mcpNames = new ArrayList<>();
+ for (String ref : role.getConfigJson().getMcp()) {
+ if (ref == null || ref.isBlank()) continue;
+ try {
+ mcpIds.add(Long.parseLong(ref));
+ } catch (NumberFormatException e) {
+ mcpNames.add(ref);
+ }
+ }
+ // 按名称查询
+ if (!mcpNames.isEmpty()) {
+ com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper byNameQuery =
+ new com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper()
+ .in(McpServerEntity::getName, mcpNames);
+ if (!adminAccessService.isAdmin(userId)) {
+ byNameQuery.and(w -> w.eq(McpServerEntity::getCreatorId, userId)
+ .or().eq(McpServerEntity::getVisibility, "public"));
+ }
+ List byNames = mcpServerService.list(byNameQuery);
+ for (McpServerEntity entity : byNames) {
+ mcpIds.add(entity.getId());
+ }
+ }
+ }
+
+ Map config = mcpServerService.generateMcpConfig(mcpIds);
+ return ApiResponse.success(config);
+ }
+}
diff --git a/back/src/main/java/com/linkwork/controller/McpUserConfigController.java b/back/src/main/java/com/linkwork/controller/McpUserConfigController.java
new file mode 100644
index 0000000..dd9589b
--- /dev/null
+++ b/back/src/main/java/com/linkwork/controller/McpUserConfigController.java
@@ -0,0 +1,70 @@
+package com.linkwork.controller;
+
+import com.linkwork.common.ApiResponse;
+import com.linkwork.context.UserContext;
+import com.linkwork.model.entity.McpUserConfigEntity;
+import com.linkwork.service.McpUserConfigService;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.*;
+import java.util.stream.Collectors;
+
+@Slf4j
+@RestController
+@RequestMapping("/api/v1/mcp-user-configs")
+@CrossOrigin(origins = "*")
+@RequiredArgsConstructor
+public class McpUserConfigController {
+
+ private final McpUserConfigService mcpUserConfigService;
+
+ @GetMapping
+ public ApiResponse>> list() {
+ String userId = UserContext.getCurrentUserId();
+ List configs = mcpUserConfigService.listByUser(userId);
+ List> result = configs.stream()
+ .map(c -> {
+ Map m = new LinkedHashMap<>();
+ m.put("id", c.getId());
+ m.put("mcpServerId", c.getMcpServerId());
+ m.put("hasHeaders", c.getHeaders() != null && !c.getHeaders().isEmpty());
+ m.put("hasUrlParams", c.getUrlParams() != null && !c.getUrlParams().isEmpty());
+ m.put("createdAt", c.getCreatedAt());
+ m.put("updatedAt", c.getUpdatedAt());
+ return m;
+ })
+ .collect(Collectors.toList());
+ return ApiResponse.success(result);
+ }
+
+ @GetMapping("/{mcpServerId}/detail")
+ public ApiResponse> detail(@PathVariable Long mcpServerId) {
+ String userId = UserContext.getCurrentUserId();
+ McpUserConfigEntity config = mcpUserConfigService.getByUserAndServer(userId, mcpServerId);
+ if (config == null) {
+ return ApiResponse.success(Map.of("headers", Map.of(), "urlParams", Map.of()));
+ }
+ Map result = new LinkedHashMap<>();
+ result.put("headers", config.getHeaders() != null ? config.getHeaders() : Map.of());
+ result.put("urlParams", config.getUrlParams() != null ? config.getUrlParams() : Map.of());
+ return ApiResponse.success(result);
+ }
+
+ @PutMapping("/{mcpServerId}")
+ public ApiResponse> saveOrUpdate(
+ @PathVariable Long mcpServerId,
+ @RequestBody Map request) {
+ String userId = UserContext.getCurrentUserId();
+ McpUserConfigEntity entity = mcpUserConfigService.saveOrUpdate(userId, mcpServerId, request);
+ return ApiResponse.success(Map.of("id", entity.getId()));
+ }
+
+ @DeleteMapping("/{mcpServerId}")
+ public ApiResponse delete(@PathVariable Long mcpServerId) {
+ String userId = UserContext.getCurrentUserId();
+ mcpUserConfigService.deleteConfig(userId, mcpServerId);
+ return ApiResponse.success(null);
+ }
+}
diff --git a/back/src/main/java/com/linkwork/controller/MemoryController.java b/back/src/main/java/com/linkwork/controller/MemoryController.java
new file mode 100644
index 0000000..2155dc2
--- /dev/null
+++ b/back/src/main/java/com/linkwork/controller/MemoryController.java
@@ -0,0 +1,83 @@
+package com.linkwork.controller;
+
+import com.linkwork.model.dto.MemoryIndexBatchRequest;
+import com.linkwork.model.dto.MemoryIngestRequest;
+import com.linkwork.model.dto.MemorySearchRequest;
+import com.linkwork.service.memory.MemoryService;
+import jakarta.validation.Valid;
+import lombok.RequiredArgsConstructor;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.List;
+import java.util.Map;
+
+@org.springframework.boot.autoconfigure.condition.ConditionalOnProperty(name = "memory.enabled", havingValue = "true", matchIfMissing = true)
+@RestController
+@RequestMapping("/api/v1/memory")
+@RequiredArgsConstructor
+public class MemoryController {
+
+ private final MemoryService memoryService;
+
+ @PostMapping("/search")
+ public ResponseEntity>> search(
+ @RequestParam String workstationId,
+ @RequestParam String userId,
+ @Valid @RequestBody MemorySearchRequest request) {
+ List> results = memoryService.search(
+ workstationId, userId, request.getQuery(), request.getTopK());
+ return ResponseEntity.ok(results);
+ }
+
+ @PostMapping("/ingest")
+ public ResponseEntity> ingest(
+ @RequestParam String workstationId,
+ @RequestParam String userId,
+ @Valid @RequestBody MemoryIngestRequest request) {
+ memoryService.ingest(workstationId, userId, request.getContent(), request.getSource());
+ return ResponseEntity.ok(Map.of("status", "queued"));
+ }
+
+ @PostMapping("/index/file")
+ public ResponseEntity> indexFile(
+ @RequestParam String workstationId,
+ @RequestParam String userId,
+ @RequestParam String filePath) {
+ memoryService.triggerIndexFile(workstationId, userId, filePath);
+ return ResponseEntity.ok(Map.of("status", "queued"));
+ }
+
+ @PostMapping("/index/batch")
+ public ResponseEntity> indexBatch(
+ @RequestParam String workstationId,
+ @RequestParam String userId,
+ @Valid @RequestBody MemoryIndexBatchRequest request) {
+ int count = memoryService.triggerBatchIndex(workstationId, userId, request.getFilePaths());
+ return ResponseEntity.ok(Map.of("status", "queued", "fileCount", count));
+ }
+
+ @GetMapping("/recent")
+ public ResponseEntity>> recent(
+ @RequestParam String workstationId,
+ @RequestParam String userId,
+ @RequestParam(defaultValue = "5") int limit) {
+ return ResponseEntity.ok(memoryService.recent(workstationId, userId, limit));
+ }
+
+ @GetMapping("/stats")
+ public ResponseEntity> stats(
+ @RequestParam String workstationId,
+ @RequestParam String userId) {
+ return ResponseEntity.ok(memoryService.stats(workstationId, userId));
+ }
+
+ @DeleteMapping("/source")
+ public ResponseEntity> deleteSource(
+ @RequestParam String workstationId,
+ @RequestParam String userId,
+ @RequestParam String source) {
+ memoryService.deleteSource(workstationId, userId, source);
+ return ResponseEntity.ok(Map.of("status", "deleted"));
+ }
+}
diff --git a/back/src/main/java/com/linkwork/controller/ModelRegistryController.java b/back/src/main/java/com/linkwork/controller/ModelRegistryController.java
new file mode 100644
index 0000000..171e688
--- /dev/null
+++ b/back/src/main/java/com/linkwork/controller/ModelRegistryController.java
@@ -0,0 +1,23 @@
+package com.linkwork.controller;
+
+import com.linkwork.service.ModelRegistryService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.Map;
+
+/**
+ * 模型列表接口(同源调用,后端代理模型网关)
+ */
+@RestController
+@RequiredArgsConstructor
+public class ModelRegistryController {
+
+ private final ModelRegistryService modelRegistryService;
+
+ @GetMapping("/api/v1/models")
+ public Map listModels() {
+ return modelRegistryService.fetchModels();
+ }
+}
diff --git a/back/src/main/java/com/linkwork/controller/PublicTaskController.java b/back/src/main/java/com/linkwork/controller/PublicTaskController.java
new file mode 100644
index 0000000..434da90
--- /dev/null
+++ b/back/src/main/java/com/linkwork/controller/PublicTaskController.java
@@ -0,0 +1,63 @@
+package com.linkwork.controller;
+
+import com.linkwork.common.ApiResponse;
+import com.linkwork.model.dto.TaskResponse;
+import com.linkwork.model.entity.Task;
+import com.linkwork.service.TaskShareLinkService;
+import com.linkwork.service.TaskService;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.web.bind.annotation.CrossOrigin;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.util.HashMap;
+import java.util.Map;
+
+/**
+ * 公共任务查询接口(免鉴权最小返回)
+ */
+@Slf4j
+@RestController
+@RequestMapping("/api/v1/public/tasks")
+@CrossOrigin(origins = "*")
+@RequiredArgsConstructor
+public class PublicTaskController {
+
+ private final TaskService taskService;
+ private final TaskShareLinkService taskShareLinkService;
+
+ /**
+ * 按任务 ID 查询任务使用模型
+ * GET /api/v1/public/tasks/{taskNo}/model
+ */
+ @GetMapping("/{taskNo}/model")
+ public ApiResponse> getTaskModel(@PathVariable String taskNo) {
+ log.info("公共接口查询任务模型: taskNo={}", taskNo);
+
+ Task task = taskService.getTaskByNo(taskNo);
+ Map result = new HashMap<>();
+ result.put("taskId", task.getTaskNo());
+ result.put("modelId", task.getSelectedModel());
+ result.put("userId", task.getCreatorId());
+ return ApiResponse.success(result);
+ }
+
+ /**
+ * 访客通过分享 token 查看任务详情
+ * GET /api/v1/public/tasks/{taskNo}/share-detail?token=...
+ */
+ @GetMapping("/{taskNo}/share-detail")
+ public ApiResponse getSharedTaskDetail(
+ @PathVariable String taskNo,
+ @RequestParam("token") String token) {
+ log.info("公共接口查询任务分享详情: taskNo={}", taskNo);
+
+ taskShareLinkService.validateShareToken(taskNo, token);
+ Task task = taskService.getTaskByNo(taskNo);
+ return ApiResponse.success(taskService.toShareResponse(task));
+ }
+}
diff --git a/back/src/main/java/com/linkwork/controller/ReportExportController.java b/back/src/main/java/com/linkwork/controller/ReportExportController.java
new file mode 100644
index 0000000..a484590
--- /dev/null
+++ b/back/src/main/java/com/linkwork/controller/ReportExportController.java
@@ -0,0 +1,103 @@
+package com.linkwork.controller;
+
+import com.linkwork.common.ApiResponse;
+import com.linkwork.common.ForbiddenOperationException;
+import com.linkwork.context.UserContext;
+import com.linkwork.context.UserInfo;
+import com.linkwork.model.dto.ReportExportFieldResponse;
+import com.linkwork.model.dto.ReportExportRequest;
+import com.linkwork.service.ReportExportService;
+import jakarta.validation.Valid;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.ContentDisposition;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.CrossOrigin;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+import org.springframework.web.servlet.mvc.method.annotation.StreamingResponseBody;
+
+import java.nio.charset.StandardCharsets;
+import java.time.LocalDateTime;
+import java.time.format.DateTimeFormatter;
+import java.util.HashSet;
+import java.util.Set;
+
+/**
+ * 运维报表导出控制器
+ */
+@Slf4j
+@RestController
+@RequestMapping("/api/v1/reports")
+@CrossOrigin(origins = "*")
+@RequiredArgsConstructor
+public class ReportExportController {
+
+ private static final DateTimeFormatter FILE_TIME_FORMATTER = DateTimeFormatter.ofPattern("yyyyMMdd_HHmmss");
+ private final ReportExportService reportExportService;
+
+ @Value("${robot.k8s-monitor.allowed-users:}")
+ private String allowedUsersConfig;
+
+ @GetMapping("/export/fields")
+ public ApiResponse listExportFields(@RequestParam String type) {
+ checkPermission();
+ return ApiResponse.success(reportExportService.listFields(type));
+ }
+
+ @PostMapping("/export")
+ public ResponseEntity export(@Valid @RequestBody ReportExportRequest request) {
+ checkPermission();
+
+ String normalizedType = "role".equalsIgnoreCase(request.getType()) ? "role" : "task";
+ String fileName = normalizedType + "-report-" + LocalDateTime.now().format(FILE_TIME_FORMATTER) + ".csv";
+
+ StreamingResponseBody responseBody = outputStream -> reportExportService.exportCsv(request, outputStream);
+
+ return ResponseEntity.ok()
+ .header(HttpHeaders.CACHE_CONTROL, "no-store, no-cache, must-revalidate, max-age=0")
+ .contentType(MediaType.parseMediaType("text/csv;charset=UTF-8"))
+ .header(HttpHeaders.CONTENT_DISPOSITION, ContentDisposition.attachment()
+ .filename(fileName, StandardCharsets.UTF_8)
+ .build()
+ .toString())
+ .body(responseBody);
+ }
+
+ private void checkPermission() {
+ UserInfo user = UserContext.get();
+ if (user == null) {
+ throw new ForbiddenOperationException("未登录");
+ }
+ if (!isUserAllowed(user)) {
+ log.warn("报表导出访问被拒绝: userId={}, workId={}, name={}", user.getUserId(), user.getWorkId(), user.getName());
+ throw new ForbiddenOperationException("无权访问报表导出功能");
+ }
+ }
+
+ private boolean isUserAllowed(UserInfo user) {
+ Set allowed = getAllowedUsers();
+ if (user.getWorkId() != null && allowed.contains(user.getWorkId().trim())) {
+ return true;
+ }
+ return user.getUserId() != null && allowed.contains(user.getUserId().trim());
+ }
+
+ private Set getAllowedUsers() {
+ Set set = new HashSet<>();
+ for (String id : allowedUsersConfig.split(",")) {
+ String trimmed = id.trim();
+ if (!trimmed.isEmpty()) {
+ set.add(trimmed);
+ }
+ }
+ return set;
+ }
+}
diff --git a/back/src/main/java/com/linkwork/controller/RoleController.java b/back/src/main/java/com/linkwork/controller/RoleController.java
new file mode 100644
index 0000000..5267c7b
--- /dev/null
+++ b/back/src/main/java/com/linkwork/controller/RoleController.java
@@ -0,0 +1,424 @@
+package com.linkwork.controller;
+
+import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper;
+import com.baomidou.mybatisplus.extension.plugins.pagination.Page;
+import com.linkwork.context.UserContext;
+import com.linkwork.model.entity.McpServerEntity;
+import com.linkwork.model.entity.RoleEntity;
+import com.linkwork.model.entity.SkillEntity;
+import com.linkwork.model.enums.DeployMode;
+import com.linkwork.service.K8sOrchestrator;
+import com.linkwork.service.McpServerService;
+import com.linkwork.service.RoleService;
+import com.linkwork.service.RuntimeModeService;
+import com.linkwork.service.ServiceSnapshotService;
+import com.linkwork.service.SkillService;
+import lombok.RequiredArgsConstructor;
+import org.springframework.util.StringUtils;
+import org.springframework.web.bind.annotation.CrossOrigin;
+import org.springframework.web.bind.annotation.DeleteMapping;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.PathVariable;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+
+import java.time.LocalDateTime;
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.LinkedHashMap;
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+@RestController
+@RequestMapping("/api/v1/roles")
+@CrossOrigin(origins = "*")
+@RequiredArgsConstructor
+public class RoleController {
+ private static final java.util.Set SUPPORTED_ROLE_STATUSES = java.util.Set.of("active", "maintenance", "disabled");
+
+ private final RoleService roleService;
+ private final RuntimeModeService runtimeModeService;
+ private final McpServerService mcpServerService;
+ private final SkillService skillService;
+ private final K8sOrchestrator k8sOrchestrator;
+ private final ServiceSnapshotService snapshotService;
+
+ private String getCurrentUserId() {
+ return UserContext.getCurrentUserId();
+ }
+
+ private String getCurrentUsername() {
+ return UserContext.getCurrentUserName();
+ }
+
+ @GetMapping
+ public Map listRoles(
+ @RequestParam(defaultValue = "1") int page,
+ @RequestParam(defaultValue = "20") int pageSize,
+ @RequestParam(required = false) String query,
+ @RequestParam(required = false) String category,
+ @RequestParam(required = false) String status,
+ @RequestParam(defaultValue = "all") String scope
+ ) {
+ String userId = getCurrentUserId();
+ Page result = roleService.listRoles(page, pageSize, query, category, scope, status, userId);
+ Map favoriteCountMap = roleService.queryFavoriteCountMap(
+ result.getRecords().stream().map(RoleEntity::getId).collect(Collectors.toList())
+ );
+
+ Map response = new HashMap<>();
+ response.put("code", 0);
+ response.put("msg", "success");
+
+ Map data = new HashMap<>();
+ List> items = result.getRecords().stream().map(role -> {
+ RuntimeModeService.RuntimeSnapshot runtimeSnapshot = runtimeModeService.resolveForRole(role);
+
+ Map map = new HashMap<>();
+ map.put("id", role.getId().toString());
+ map.put("name", role.getName());
+ map.put("description", role.getDescription());
+ map.put("category", role.getCategory());
+ map.put("icon", role.getIcon());
+ map.put("image", role.getImage());
+ map.put("status", coerceRoleStatus(role.getStatus()));
+ map.put("deployMode", resolveDeployMode(role));
+ map.put("runtimeMode", runtimeSnapshot.getRuntimeMode());
+ map.put("zzMode", runtimeSnapshot.getZzMode());
+ map.put("runnerImage", runtimeSnapshot.getRunnerImage());
+ map.put("memoryEnabled", resolveMemoryEnabled(role));
+ map.put("isMine", userId.equals(role.getCreatorId()));
+ map.put("isFavorite", roleService.isFavorite(role.getId(), userId));
+ map.put("favoriteCount", favoriteCountMap.getOrDefault(role.getId(), 0L));
+ map.put("isPublic", Boolean.TRUE.equals(role.getIsPublic()));
+ map.put("maxEmployees", role.getMaxEmployees());
+
+ Map resourceCount = new HashMap<>();
+ if (role.getConfigJson() != null) {
+ resourceCount.put("mcp", role.getConfigJson().getMcp() != null ? role.getConfigJson().getMcp().size() : 0);
+ resourceCount.put("skills", role.getConfigJson().getSkills() != null ? role.getConfigJson().getSkills().size() : 0);
+ }
+ map.put("resourceCount", resourceCount);
+
+ return map;
+ }).collect(Collectors.toList());
+
+ data.put("items", items);
+
+ Map pagination = new HashMap<>();
+ pagination.put("page", result.getCurrent());
+ pagination.put("pageSize", result.getSize());
+ pagination.put("total", result.getTotal());
+ pagination.put("totalPages", result.getPages());
+ data.put("pagination", pagination);
+
+ response.put("data", data);
+ response.put("timestamp", LocalDateTime.now().toString());
+
+ return response;
+ }
+
+ @GetMapping("/hot")
+ public Map listHotRoles(@RequestParam(defaultValue = "4") int limit) {
+ String userId = getCurrentUserId();
+ List roles = roleService.listHotRoles(limit, userId);
+ Map favoriteCountMap = roleService.queryFavoriteCountMap(
+ roles.stream().map(RoleEntity::getId).collect(Collectors.toList())
+ );
+
+ List> items = roles.stream().map(role -> {
+ Map map = new HashMap<>();
+ map.put("id", role.getId().toString());
+ map.put("name", role.getName());
+ map.put("description", role.getDescription());
+ map.put("category", role.getCategory());
+ map.put("status", coerceRoleStatus(role.getStatus()));
+ map.put("favoriteCount", favoriteCountMap.getOrDefault(role.getId(), 0L));
+ map.put("isFavorite", roleService.isFavorite(role.getId(), userId));
+ return map;
+ }).collect(Collectors.toList());
+
+ Map response = new HashMap<>();
+ response.put("code", 0);
+ response.put("msg", "success");
+ response.put("data", Map.of("items", items, "limit", Math.max(1, limit)));
+ response.put("timestamp", LocalDateTime.now().toString());
+ return response;
+ }
+
+ @GetMapping("/{id:\\d+}")
+ public Map getRole(@PathVariable Long id) {
+ String userId = getCurrentUserId();
+ RoleEntity role = roleService.getRoleForRead(id, userId);
+ RuntimeModeService.RuntimeSnapshot runtimeSnapshot = runtimeModeService.resolveForRole(role);
+
+ Map response = new HashMap<>();
+ response.put("code", 0);
+ response.put("msg", "success");
+
+ Map data = new HashMap<>();
+ data.put("id", role.getId().toString());
+ data.put("name", role.getName());
+ data.put("description", role.getDescription());
+ data.put("prompt", role.getPrompt());
+ data.put("category", role.getCategory());
+ data.put("icon", role.getIcon());
+ data.put("image", role.getImage());
+ data.put("status", coerceRoleStatus(role.getStatus()));
+ data.put("deployMode", resolveDeployMode(role));
+ data.put("runtimeMode", runtimeSnapshot.getRuntimeMode());
+ data.put("zzMode", runtimeSnapshot.getZzMode());
+ data.put("runnerImage", runtimeSnapshot.getRunnerImage());
+ data.put("memoryEnabled", resolveMemoryEnabled(role));
+ data.put("isMine", userId.equals(role.getCreatorId()));
+ data.put("isFavorite", roleService.isFavorite(id, userId));
+ data.put("isPublic", Boolean.TRUE.equals(role.getIsPublic()));
+ data.put("maxEmployees", role.getMaxEmployees());
+ data.put("createdAt", role.getCreatedAt() != null ? role.getCreatedAt().toString() : null);
+
+ if (role.getConfigJson() != null) {
+ RoleEntity.RoleConfig config = role.getConfigJson();
+ List> mcpModules = resolveMcpModules(config.getMcp());
+ data.put("mcpModules", mcpModules);
+ data.put("mcpServers", mcpModules); // 兼容历史前端字段
+ data.put("skills", resolveSkillModules(config.getSkills()));
+
+ data.put("gitRepos", config.getGitRepos());
+ data.put("envVars", config.getEnv());
+ }
+
+ response.put("data", data);
+ return response;
+ }
+
+ private String resolveDeployMode(RoleEntity role) {
+ if (role == null || role.getConfigJson() == null) {
+ return DeployMode.K8S.name();
+ }
+
+ String rawDeployMode = role.getConfigJson().getDeployMode();
+ if (!StringUtils.hasText(rawDeployMode)) {
+ return DeployMode.K8S.name();
+ }
+
+ try {
+ return DeployMode.valueOf(rawDeployMode.trim().toUpperCase()).name();
+ } catch (IllegalArgumentException ex) {
+ throw new IllegalArgumentException("非法部署模式: " + rawDeployMode + ", roleId=" + role.getId());
+ }
+ }
+
+ private String coerceRoleStatus(String rawStatus) {
+ if (!StringUtils.hasText(rawStatus)) {
+ return "active";
+ }
+ String normalized = rawStatus.trim().toLowerCase();
+ return SUPPORTED_ROLE_STATUSES.contains(normalized) ? normalized : "active";
+ }
+
+ private boolean resolveMemoryEnabled(RoleEntity role) {
+ if (role == null || role.getConfigJson() == null) {
+ return false;
+ }
+ return Boolean.TRUE.equals(role.getConfigJson().getMemoryEnabled());
+ }
+
+ private List> resolveMcpModules(List refs) {
+ if (refs == null || refs.isEmpty()) {
+ return List.of();
+ }
+
+ Map byRef = new HashMap<>();
+ List idRefs = new ArrayList<>();
+ List nameRefs = new ArrayList<>();
+
+ for (String ref : refs) {
+ if (!StringUtils.hasText(ref)) {
+ continue;
+ }
+ String trimmedRef = ref.trim();
+ try {
+ idRefs.add(Long.parseLong(trimmedRef));
+ } catch (NumberFormatException ex) {
+ nameRefs.add(trimmedRef);
+ }
+ }
+
+ if (!idRefs.isEmpty()) {
+ List mcpByIds = mcpServerService.list(
+ new LambdaQueryWrapper().in(McpServerEntity::getId, idRefs)
+ );
+ for (McpServerEntity entity : mcpByIds) {
+ byRef.put(String.valueOf(entity.getId()), entity);
+ }
+ }
+
+ if (!nameRefs.isEmpty()) {
+ List mcpByNames = mcpServerService.list(
+ new LambdaQueryWrapper().in(McpServerEntity::getName, nameRefs)
+ );
+ for (McpServerEntity entity : mcpByNames) {
+ byRef.put(entity.getName(), entity);
+ }
+ }
+
+ List> modules = new ArrayList<>();
+ for (String ref : refs) {
+ if (!StringUtils.hasText(ref)) {
+ continue;
+ }
+ String trimmedRef = ref.trim();
+ McpServerEntity entity = byRef.get(trimmedRef);
+ if (entity != null) {
+ modules.add(buildModule(String.valueOf(entity.getId()), entity.getName(), entity.getDescription()));
+ } else {
+ modules.add(buildModule(trimmedRef, trimmedRef, "MCP 配置不存在"));
+ }
+ }
+ return modules;
+ }
+
+ private List> resolveSkillModules(List refs) {
+ if (refs == null || refs.isEmpty()) {
+ return List.of();
+ }
+
+ Map byRef = new HashMap<>();
+ List idRefs = new ArrayList<>();
+ List nameRefs = new ArrayList<>();
+
+ for (String ref : refs) {
+ if (!StringUtils.hasText(ref)) {
+ continue;
+ }
+ String trimmedRef = ref.trim();
+ try {
+ idRefs.add(Long.parseLong(trimmedRef));
+ } catch (NumberFormatException ex) {
+ nameRefs.add(trimmedRef);
+ }
+ }
+
+ if (!idRefs.isEmpty()) {
+ List skillsByIds = skillService.list(
+ new LambdaQueryWrapper().in(SkillEntity::getId, idRefs)
+ );
+ for (SkillEntity entity : skillsByIds) {
+ byRef.put(String.valueOf(entity.getId()), entity);
+ }
+ }
+
+ if (!nameRefs.isEmpty()) {
+ List skillsByNames = skillService.list(
+ new LambdaQueryWrapper().in(SkillEntity::getName, nameRefs)
+ );
+ for (SkillEntity entity : skillsByNames) {
+ byRef.put(entity.getName(), entity);
+ }
+ }
+
+ List> modules = new ArrayList<>();
+ for (String ref : refs) {
+ if (!StringUtils.hasText(ref)) {
+ continue;
+ }
+ String trimmedRef = ref.trim();
+ SkillEntity entity = byRef.get(trimmedRef);
+ if (entity != null) {
+ modules.add(buildModule(String.valueOf(entity.getId()), entity.getName(), entity.getDescription()));
+ } else {
+ modules.add(buildModule(trimmedRef, trimmedRef, "Skill 配置不存在"));
+ }
+ }
+ return modules;
+ }
+
+ private Map buildModule(String id, String name, String desc) {
+ Map module = new LinkedHashMap<>();
+ module.put("id", id);
+ module.put("name", StringUtils.hasText(name) ? name : id);
+ module.put("desc", StringUtils.hasText(desc) ? desc : "");
+ return module;
+ }
+
+ /**
+ * 查询岗位下存活的 Pod 状态
+ *
+ * 返回 runningPods(名称列表)、podCount、maxPodCount、alive(是否有存活 Pod)。
+ */
+ @GetMapping("/{id:\\d+}/pods")
+ public Map getRolePods(@PathVariable Long id) {
+ String serviceId = String.valueOf(id);
+
+ List runningPods;
+ try {
+ runningPods = k8sOrchestrator.getRunningPods(serviceId);
+ } catch (Exception e) {
+ runningPods = List.of();
+ }
+
+ var snapshot = snapshotService.getSnapshot(serviceId);
+ int maxPodCount = snapshot != null && snapshot.getMaxPodCount() != null
+ ? snapshot.getMaxPodCount() : 0;
+
+ Map data = new LinkedHashMap<>();
+ data.put("roleId", id.toString());
+ data.put("serviceId", serviceId);
+ data.put("alive", !runningPods.isEmpty());
+ data.put("podCount", runningPods.size());
+ data.put("maxPodCount", maxPodCount);
+ data.put("runningPods", runningPods);
+
+ Map response = new HashMap<>();
+ response.put("code", 0);
+ response.put("msg", "success");
+ response.put("data", data);
+ return response;
+ }
+
+ @PostMapping
+ public Map createRole(@RequestBody RoleEntity role) {
+ RoleEntity created = roleService.createRole(role, getCurrentUserId(), getCurrentUsername());
+
+ Map response = new HashMap<>();
+ response.put("code", 0);
+ response.put("msg", "success");
+ response.put("data", Map.of("id", created.getId().toString()));
+ return response;
+ }
+
+ @PutMapping("/{id}")
+ public Map updateRole(@PathVariable Long id, @RequestBody RoleEntity role) {
+ roleService.updateRole(id, role, getCurrentUserId());
+
+ Map response = new HashMap<>();
+ response.put("code", 0);
+ response.put("msg", "success");
+ return response;
+ }
+
+ @DeleteMapping("/{id}")
+ public Map deleteRole(@PathVariable Long id) {
+ roleService.deleteRole(id, getCurrentUserId());
+ Map response = new HashMap<>();
+ response.put("code", 0);
+ response.put("msg", "success");
+ return response;
+ }
+
+ @PostMapping("/{id}/favorite")
+ public Map toggleFavorite(@PathVariable Long id, @RequestBody Map body) {
+ boolean favorite = body.getOrDefault("favorite", false);
+ roleService.toggleFavorite(id, getCurrentUserId(), favorite);
+
+ Map response = new HashMap<>();
+ response.put("code", 0);
+ response.put("msg", "success");
+ return response;
+ }
+}
diff --git a/back/src/main/java/com/linkwork/controller/ScheduleController.java b/back/src/main/java/com/linkwork/controller/ScheduleController.java
new file mode 100644
index 0000000..1170d96
--- /dev/null
+++ b/back/src/main/java/com/linkwork/controller/ScheduleController.java
@@ -0,0 +1,319 @@
+package com.linkwork.controller;
+
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.fasterxml.jackson.dataformat.yaml.YAMLFactory;
+import com.fasterxml.jackson.dataformat.yaml.YAMLGenerator;
+import com.linkwork.common.ApiResponse;
+import com.linkwork.model.dto.*;
+import com.linkwork.model.enums.DeployMode;
+import com.linkwork.model.enums.PodMode;
+import com.linkwork.service.K8sOrchestrator;
+import com.linkwork.service.ServiceResumeService;
+import com.linkwork.service.ServiceScaleService;
+import com.linkwork.service.ServiceScheduleService;
+import com.linkwork.service.ServiceSnapshotService;
+import jakarta.validation.Valid;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.core.io.ByteArrayResource;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
+import org.springframework.validation.annotation.Validated;
+import org.springframework.web.bind.annotation.*;
+
+/**
+ * 调度控制器
+ */
+@RestController
+@RequestMapping("/api/v1/schedule")
+@Validated
+@Slf4j
+public class ScheduleController {
+
+ private final ServiceScheduleService scheduleService;
+ private final K8sOrchestrator orchestrator;
+ private final ServiceSnapshotService snapshotService;
+ private final ServiceResumeService resumeService;
+ private final ServiceScaleService scaleService;
+ private final ObjectMapper yamlMapper;
+
+ public ScheduleController(ServiceScheduleService scheduleService,
+ K8sOrchestrator orchestrator,
+ ServiceSnapshotService snapshotService,
+ ServiceResumeService resumeService,
+ ServiceScaleService scaleService) {
+ this.scheduleService = scheduleService;
+ this.orchestrator = orchestrator;
+ this.snapshotService = snapshotService;
+ this.resumeService = resumeService;
+ this.scaleService = scaleService;
+ this.yamlMapper = new ObjectMapper(new YAMLFactory()
+ .enable(YAMLGenerator.Feature.MINIMIZE_QUOTES)
+ .disable(YAMLGenerator.Feature.WRITE_DOC_START_MARKER));
+ }
+
+ @PostMapping("/build")
+ public ResponseEntity> build(
+ @Valid @RequestBody ServiceBuildRequest request) {
+
+ log.info("Received build request for service {}", request.getServiceId());
+
+ if (request.getDeployMode() == DeployMode.COMPOSE) {
+ return ResponseEntity.badRequest()
+ .body(ApiResponse.error("COMPOSE 模式请使用 /compose/generate 接口"));
+ }
+
+ if (request.getPodMode() == PodMode.SIDECAR && request.getDeployMode() != DeployMode.K8S) {
+ return ResponseEntity.badRequest()
+ .body(ApiResponse.error("Sidecar 模式仅支持 K8s 部署"));
+ }
+
+ ServiceBuildResult result = scheduleService.build(request);
+
+ if (result.isSuccess()) {
+ // 判断状态:BUILDING 返回 202 Accepted,SUCCESS 返回 200 OK
+ if ("BUILDING".equals(result.getStatus())) {
+ log.info("Build task submitted for service {}, returning 202 Accepted", request.getServiceId());
+ return ResponseEntity.status(HttpStatus.ACCEPTED)
+ .body(ApiResponse.success(result));
+ } else {
+ snapshotService.saveSnapshot(request, result);
+ return ResponseEntity.ok(ApiResponse.success(result));
+ }
+ } else {
+ return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
+ .body(ApiResponse.error(result.getErrorMessage()));
+ }
+ }
+
+ @PostMapping("/preview")
+ public ResponseEntity> preview(
+ @Valid @RequestBody ServiceBuildRequest request) {
+
+ log.info("Received preview request for service {}", request.getServiceId());
+
+ GeneratedSpec spec = scheduleService.preview(request);
+ return ResponseEntity.ok(ApiResponse.success(spec));
+ }
+
+ @PostMapping("/preview/yaml")
+ public ResponseEntity previewYaml(
+ @Valid @RequestBody ServiceBuildRequest request) {
+
+ log.info("Received preview YAML request for service {}", request.getServiceId());
+
+ try {
+ GeneratedSpec spec = scheduleService.preview(request);
+
+ StringBuilder yaml = new StringBuilder();
+ yaml.append("# ========== PodGroup ==========\n");
+ yaml.append(yamlMapper.writeValueAsString(spec.getPodGroupSpec()));
+ yaml.append("\n---\n");
+
+ for (int i = 0; i < spec.getPodSpecs().size(); i++) {
+ yaml.append("# ========== Pod ").append(i).append(" ==========\n");
+ yaml.append(yamlMapper.writeValueAsString(spec.getPodSpecs().get(i)));
+ if (i < spec.getPodSpecs().size() - 1) {
+ yaml.append("\n---\n");
+ }
+ }
+
+ return ResponseEntity.ok()
+ .contentType(MediaType.parseMediaType("text/yaml"))
+ .body(yaml.toString());
+ } catch (Exception e) {
+ log.error("Failed to generate YAML: {}", e.getMessage());
+ return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
+ .body("Error: " + e.getMessage());
+ }
+ }
+
+ @PostMapping("/config")
+ public ResponseEntity> getMergedConfig(
+ @Valid @RequestBody ServiceBuildRequest request) {
+
+ log.info("Received config request for service {}", request.getServiceId());
+
+ MergedConfig config = scheduleService.getMergedConfig(request);
+ return ResponseEntity.ok(ApiResponse.success(config));
+ }
+
+ @GetMapping("/status/{serviceId}")
+ public ResponseEntity> getStatus(
+ @PathVariable String serviceId) {
+
+ ServiceStatusResponse status = orchestrator.getServiceStatus(serviceId);
+
+ if (status == null || status.getPodGroupStatus() == null) {
+ return ResponseEntity.status(HttpStatus.NOT_FOUND)
+ .body(ApiResponse.error("Service not found: " + serviceId));
+ }
+
+ return ResponseEntity.ok(ApiResponse.success(status));
+ }
+
+ @PostMapping("/resume/{serviceId}")
+ public ResponseEntity> resume(
+ @PathVariable String serviceId) {
+
+ log.info("Received resume request for service {}", serviceId);
+
+ ServiceResumeResult result = resumeService.resume(serviceId);
+
+ if (result.isSuccess()) {
+ return ResponseEntity.ok(ApiResponse.success(result));
+ } else if (result.isRequireFullRequest()) {
+ return ResponseEntity.status(HttpStatus.NOT_FOUND)
+ .body(ApiResponse.error(result.getMessage()));
+ } else {
+ return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
+ .body(ApiResponse.error(result.getMessage()));
+ }
+ }
+
+// @PostMapping("/{serviceId}/stop")
+// public ResponseEntity> stop(
+// @PathVariable String serviceId,
+// @RequestParam(defaultValue = "true") boolean graceful) {
+//
+// log.info("Received stop request for service {}, graceful={}", serviceId, graceful);
+//
+// StopResult result = orchestrator.stopService(serviceId, graceful);
+//
+// if (result.isSuccess()) {
+// snapshotService.onServiceShutdown(serviceId);
+// return ResponseEntity.ok(ApiResponse.success(result));
+// } else {
+// return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
+// .body(ApiResponse.error(result.getErrorMessage()));
+// }
+// }
+
+ @DeleteMapping("/{serviceId}")
+ public ResponseEntity delete(@PathVariable String serviceId) {
+ log.info("Received delete request for service {}", serviceId);
+
+ orchestrator.cleanupService(serviceId);
+
+ return ResponseEntity.noContent().build();
+ }
+
+ /**
+ * 生成 Compose 构建包(zip 下载)
+ *
+ * 返回 zip 包含 docker-compose.yaml、Dockerfile、build.sh 等构建所需文件。
+ * 用户解压后执行 docker compose up --build -d 即可在本地构建镜像并启动服务。
+ */
+ @PostMapping("/compose/generate")
+ public ResponseEntity generateCompose(
+ @Valid @RequestBody ServiceBuildRequest request) {
+
+ log.info("Received compose package request for service {}", request.getServiceId());
+
+ request.setPodMode(PodMode.ALONE);
+ request.setDeployMode(DeployMode.COMPOSE);
+
+ ServiceBuildResult result = scheduleService.generateComposePackage(request);
+
+ if (!result.isSuccess()) {
+ log.error("Compose package generation failed for service {}: {}",
+ request.getServiceId(), result.getErrorMessage());
+ return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
+ .body(ApiResponse.error(result.getErrorMessage()));
+ }
+
+ String filename = "ai-worker-" + request.getServiceId() + ".tar.gz";
+ log.info("Compose package ready for service {}, filename: {}", request.getServiceId(), filename);
+
+ return ResponseEntity.ok()
+ .header(HttpHeaders.CONTENT_DISPOSITION, "attachment; filename=\"" + filename + "\"")
+ .contentType(MediaType.parseMediaType("application/gzip"))
+ .body(new ByteArrayResource(result.getComposeTar()));
+ }
+
+ @PostMapping("/{serviceId}/scale-down")
+ public ResponseEntity> scaleDown(
+ @PathVariable String serviceId,
+ @RequestBody ScaleRequest request) {
+
+ String podName = request != null ? request.getPodName() : null;
+ String source = request != null ? request.getSource() : "api";
+
+ if (podName == null || podName.isEmpty()) {
+ return ResponseEntity.badRequest()
+ .body(ApiResponse.error("podName is required for scale-down"));
+ }
+
+ log.info("Received scale-down request for service {}, podName={}, source={}",
+ serviceId, podName, source);
+
+ ScaleResult result = scaleService.scaleDown(serviceId, podName, source);
+
+ if (result.isSuccess()) {
+ return ResponseEntity.ok(ApiResponse.success(result));
+ } else {
+ return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
+ .body(ApiResponse.error(result.getErrorMessage()));
+ }
+ }
+
+ @PostMapping("/{serviceId}/scale-up")
+ public ResponseEntity> scaleUp(
+ @PathVariable String serviceId,
+ @RequestBody(required = false) ScaleRequest request) {
+
+ Integer targetPodCount = request != null ? request.getTargetPodCount() : null;
+ String source = request != null ? request.getSource() : "api";
+
+ log.info("Received scale-up request for service {}, targetPodCount={}, source={}",
+ serviceId, targetPodCount, source);
+
+ ScaleResult result = scaleService.scaleUp(serviceId, targetPodCount, source);
+
+ if (result.isSuccess()) {
+ return ResponseEntity.ok(ApiResponse.success(result));
+ } else {
+ return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
+ .body(ApiResponse.error(result.getErrorMessage()));
+ }
+ }
+
+ @PostMapping("/{serviceId}/scale")
+ public ResponseEntity> scale(
+ @PathVariable String serviceId,
+ @RequestBody ScaleRequest request) {
+
+ if (request.getTargetPodCount() == null || request.getTargetPodCount() < 0) {
+ return ResponseEntity.badRequest()
+ .body(ApiResponse.error("targetPodCount is required and must be >= 0"));
+ }
+
+ String source = request.getSource() != null ? request.getSource() : "api";
+
+ log.info("Received scale request for service {}, targetPodCount={}, source={}",
+ serviceId, request.getTargetPodCount(), source);
+
+ ScaleResult result = scaleService.scale(serviceId, request.getTargetPodCount(), source);
+
+ if (result.isSuccess()) {
+ return ResponseEntity.ok(ApiResponse.success(result));
+ } else {
+ return ResponseEntity.status(HttpStatus.INTERNAL_SERVER_ERROR)
+ .body(ApiResponse.error(result.getErrorMessage()));
+ }
+ }
+
+ @GetMapping("/{serviceId}/scale")
+ public ResponseEntity> getScaleStatus(
+ @PathVariable String serviceId) {
+
+ ScaleResult result = scaleService.getScaleStatus(serviceId);
+ return ResponseEntity.ok(ApiResponse.success(result));
+ }
+
+ @GetMapping("/health")
+ public ResponseEntity> health() {
+ return ResponseEntity.ok(ApiResponse.success("OK"));
+ }
+}
diff --git a/back/src/main/java/com/linkwork/controller/SecurityPolicyController.java b/back/src/main/java/com/linkwork/controller/SecurityPolicyController.java
new file mode 100644
index 0000000..139dd87
--- /dev/null
+++ b/back/src/main/java/com/linkwork/controller/SecurityPolicyController.java
@@ -0,0 +1,88 @@
+package com.linkwork.controller;
+
+import com.linkwork.common.ApiResponse;
+import com.linkwork.context.UserContext;
+import com.linkwork.service.SecurityPolicyService;
+import lombok.RequiredArgsConstructor;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.web.bind.annotation.*;
+
+import java.util.List;
+import java.util.Map;
+
+/**
+ * 安全策略控制器
+ */
+@Slf4j
+@RestController
+@RequestMapping("/api/v1/security/policies")
+@CrossOrigin(origins = "*")
+@RequiredArgsConstructor
+public class SecurityPolicyController {
+
+ private final SecurityPolicyService policyService;
+
+ /**
+ * 获取所有安全策略
+ * GET /api/v1/security/policies
+ */
+ @GetMapping
+ public ApiResponse>> listPolicies() {
+ log.info("获取安全策略列表");
+ return ApiResponse.success(policyService.listPolicies());
+ }
+
+ /**
+ * 获取单个策略详情
+ * GET /api/v1/security/policies/{id}
+ */
+ @GetMapping("/{id}")
+ public ApiResponse> getPolicy(@PathVariable Long id) {
+ log.info("获取安全策略详情: id={}", id);
+ return ApiResponse.success(policyService.getPolicy(id));
+ }
+
+ /**
+ * 创建自定义策略
+ * POST /api/v1/security/policies
+ */
+ @PostMapping
+ public ApiResponse> createPolicy(@RequestBody Map request) {
+ String userId = UserContext.getCurrentUserId();
+ String userName = UserContext.getCurrentUserName();
+ log.info("创建安全策略: name={}, userId={}", request.get("name"), userId);
+ return ApiResponse.success(policyService.createPolicy(request, userId, userName));
+ }
+
+ /**
+ * 更新策略
+ * PUT /api/v1/security/policies/{id}
+ */
+ @PutMapping("/{id}")
+ public ApiResponse> updatePolicy(
+ @PathVariable Long id, @RequestBody Map request) {
+ log.info("更新安全策略: id={}", id);
+ return ApiResponse.success(policyService.updatePolicy(id, request));
+ }
+
+ /**
+ * 切换策略启用/禁用
+ * POST /api/v1/security/policies/{id}/toggle
+ */
+ @PostMapping("/{id}/toggle")
+ public ApiResponse> togglePolicy(@PathVariable Long id) {
+ log.info("切换安全策略: id={}", id);
+ return ApiResponse.success(policyService.togglePolicy(id));
+ }
+
+ /**
+ * 删除策略
+ * DELETE /api/v1/security/policies/{id}
+ */
+ @DeleteMapping("/{id}")
+ public ApiResponse