feat(agents): add Undefined self code inspection agent

[69gg]

Summary

• add undefined_self_code_agent for read-only inspection of Undefined source, docs, tests, resources, scripts, and apps
• restrict the agent to the requested allowlisted paths and expose read/list/glob/search tools only
• update NagaAgent submodule intro after syncing the NagaAgent submodule

Tests

• uv run pytest tests/test_undefined_self_code_agent.py tests/test_naga_code_analysis_agent.py tests/test_system_prompt_constraints.py tests/test_ai_client_setup_paths.py
• uv run ruff check .
• uv run mypy .

Summary by CodeRabbit

Release Notes

• New Features

  • Added undefined_self_code_agent for read-only lookup of Undefined’s own source/tests/docs/resources/scripts and app implementation, restricted to an allowlisted set of directories and root files.

• Documentation

  • Updated architecture diagrams/tables and prompts to include the new agent and enforce its read-only constraints.
  • Expanded usage/config documentation and added a dedicated agent README.
  • README now notes automatic scanning of skills/agents/.

• Tests

  • Added coverage for the new agent, prompt routing constraints, and security behavior.

• Chores

  • Updated the NagaAgent submodule reference.

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 925dd69b-b14b-4d76-9dcc-bd546cd0f846

📥 Commits

Reviewing files that changed from the base of the PR and between 8445851 and 1e09d17.

📒 Files selected for processing (6)

• src/Undefined/skills/agents/undefined_self_code_agent/tools/_shared.py
• src/Undefined/skills/agents/undefined_self_code_agent/tools/glob/handler.py
• src/Undefined/skills/agents/undefined_self_code_agent/tools/list_directory/handler.py
• src/Undefined/skills/agents/undefined_self_code_agent/tools/read_file/handler.py
• src/Undefined/skills/agents/undefined_self_code_agent/tools/search_file_content/handler.py
• tests/test_undefined_self_code_agent.py

🚧 Files skipped from review as they are similar to previous changes (5)

• src/Undefined/skills/agents/undefined_self_code_agent/tools/glob/handler.py
• src/Undefined/skills/agents/undefined_self_code_agent/tools/list_directory/handler.py
• src/Undefined/skills/agents/undefined_self_code_agent/tools/search_file_content/handler.py
• src/Undefined/skills/agents/undefined_self_code_agent/tools/read_file/handler.py
• src/Undefined/skills/agents/undefined_self_code_agent/tools/_shared.py

---

📝 Walkthrough

Walkthrough

A new undefined_self_code_agent is introduced as the 7th agent in the Undefined project. It provides read-only code inspection of the Undefined repository via four tools (read_file, list_directory, glob, search_file_content), backed by a shared path-allowlist/text-reading library (_shared.py). System prompts are updated to route self-code queries to this agent, comprehensive security and integration tests validate filesystem access enforcement and tool behavior, and documentation/architecture diagrams reflect the new agent.

Changes

undefined_self_code_agent: read-only code inspection agent

Layer / File(s)	Summary
Shared filesystem access-control and text-reading utilities src/Undefined/skills/agents/undefined_self_code_agent/tools/_shared.py, src/Undefined/utils/io.py	Defines repository-root discovery via PROJECT_MARKERS, path allowlist enforcement (ALLOWED_DIRECTORIES, ALLOWED_ROOT_FILES, EXCLUDED_DIR_NAMES), ResolvedPath dataclass, resolve_allowed_path/resolve_search_root raising PermissionError on violations, iter_allowed_files async generator, binary detection via is_probably_text, multi-encoding decoding, bounded file reading with truncation detection, glob/pattern matching with filtering, and line/string formatting helpers. utils/io.py adds async directory-entry lister and async rglob-style file iterator.
Agent entrypoint, config, and system prompts src/Undefined/skills/agents/undefined_self_code_agent/config.json, handler.py, __init__.py, intro.md, prompt.md, README.md, tools/__init__.py	Declares the undefined_self_code_agent tool schema with required prompt parameter; implements async execute dispatcher calling run_agent_with_tools with agent name, prompts, context, and max iterations; defines Chinese read-only role prompt with evidence-first workflow, strict path allowlist/blocklist, explicit prohibitions (no code changes/command execution/internet search), and delegation rules for specialized agents; provides capability introduction and agent README documenting access scope and prohibited operations.
Four tool handlers and schemas src/Undefined/skills/agents/undefined_self_code_agent/tools/read_file/..., list_directory/..., glob/..., search_file_content/...	Implements four async tool handlers with config.json schemas: read_file (supports line-window pagination via offset/limit and character-truncation mode, reports truncation in header), list_directory (lists allowed directories/root files on empty path, filters by max_entries, shows emoji indicators), glob (validates pattern, deduplicates matches, caps results and appends truncation notice), search_file_content (regex or literal pattern with case-sensitivity, include filter, per-line match formatting with path:line:content). All tools filter results through shared allowlist.
System prompt routing rules res/prompts/undefined.xml, res/prompts/undefined_nagaagent.xml	Inserts routing rules requiring undefined_self_code_agent for Undefined's own source/tests/docs/resources/scripts/config/app queries; extends agent-capability-limit guidance to explicitly state the agent is read-only and cannot write code, execute commands, or perform unauthorized operations.
Documentation and architecture updates ARCHITECTURE.md, CHANGELOG.md, README.md, docs/usage.md, src/Undefined/skills/agents/README.md, src/Undefined/skills/agents/naga_code_analysis_agent/tools/read_naga_intro/handler.py, code/NagaAgent	Updates ARCHITECTURE.md diagrams and agent table from 6→7 agents with new node, wiring, and table row; adds CHANGELOG entry documenting agent scope and routing; clarifies README auto-scan comment for skills/agents/; refocuses naga_code_analysis_agent documentation to NagaAgent framework-only scope with updated toolset (list_directory, glob, search_file_content, read_naga_intro); adds undefined_self_code_agent usage documentation with access-scope and tool list; refreshes NAGA_INTRO_CONTENT constant with updated project overview, module list, directory table, build/package guidance, and current state notes; bumps NagaAgent submodule to new commit.
Security, schema, and integration tests tests/test_undefined_self_code_agent.py, tests/test_system_prompt_constraints.py, tests/test_naga_code_analysis_agent.py	Comprehensive test coverage: config schema validation and AgentRegistry description loading; allowed path reads (src/Undefined/main.py, config.toml.example) and rejection of disallowed paths (.env, secrets, logs, code hidden files, .. traversal) with permission-denied messages; list_directory scope enforcement (shows allowed, hides disallowed); glob filtering to allowed files; search_file_content leakage prevention (no matches from secrets/env); binary file rejection with "not a readable text file" message; line-window pagination edge case (empty file header validity); system prompt routing constraint assertions; updated read_naga_intro content assertions for version/paths/modules.

Sequence Diagram(s)

sequenceDiagram
    participant LLM as Orchestrator LLM
    participant AgentHandler as undefined_self_code_agent/handler.py
    participant ToolHandler as Tool Handler<br/>read_file/list_directory/glob/search
    participant Shared as _shared.py
    participant FS as Filesystem

    LLM->>AgentHandler: execute({prompt: "..."}, context)
    AgentHandler->>AgentHandler: run_agent_with_tools(...)
    AgentHandler->>ToolHandler: call tool(args, context)
    ToolHandler->>ToolHandler: validate + parse args
    ToolHandler->>Shared: resolve_allowed_path or<br/>resolve_search_root
    Shared->>Shared: find_repo_root(context)
    Shared->>Shared: is_allowed_path(resolved_path)
    alt path outside allowlist or traversal detected
        Shared-->>ToolHandler: PermissionError
        ToolHandler-->>AgentHandler: 权限不足：{allowed_roots_text()}
    else path allowed
        Shared-->>ToolHandler: ResolvedPath
        alt read_file
            ToolHandler->>FS: check exists + is_file
            ToolHandler->>Shared: read_text_file in thread
            Shared-->>ToolHandler: (text, truncated, size)
            ToolHandler-->>AgentHandler: file header + content
        else list_directory
            ToolHandler->>Shared: list_allowed_directory_entries
            Shared-->>ToolHandler: [(rel_path, is_dir), ...]
            ToolHandler-->>AgentHandler: 📁📄 sorted list
        else glob
            ToolHandler->>Shared: collect_allowed_glob_matches in thread
            Shared-->>ToolHandler: [rel_path, ...]
            ToolHandler-->>AgentHandler: newline-joined paths
        else search_file_content
            ToolHandler->>Shared: iter_allowed_files + compile_pattern
            ToolHandler->>Shared: read_text_file per file
            Shared-->>ToolHandler: decoded text + line numbers
            ToolHandler-->>AgentHandler: path:line:content matches
        end
    end
    AgentHandler-->>LLM: agent response

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Poem

🐇 A rabbit once needed to peek at the code,
But secrets were guarded along every road.
With allowlists firm and a whitelist in place,
read_file and glob found each module with grace.
No \.env shall leak, no traversal shall stray —
The Undefined bunny reads safely today! 🌿

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 49.15% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately and concisely describes the main change: introducing a new agent for Undefined self code inspection.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feature/self-look

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[69gg]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.

[coderabbitai]

Actionable comments posted: 10

🧹 Nitpick comments (1)

tests/test_naga_code_analysis_agent.py (1)

14-14: ⚡ Quick win

Avoid pinning this test to an exact submodule hash marker.

Asserting "eb71318" makes the test fail on normal NagaAgent syncs even when behavior is correct. Prefer stable capability/layout markers only.

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@tests/test_naga_code_analysis_agent.py` at line 14, The assertion checking
for the exact submodule hash "eb71318" is too brittle and causes test failures
during normal submodule syncs even when the behavior is correct. Replace this
exact hash check with stable capability or layout markers that validate the
correct behavior without depending on specific commit hashes.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@ARCHITECTURE.md`:
- Line 120: The A_Self node documentation indicates the
undefined_self_code_agent has 4 tools (as shown by "4个工具"), but the bullet list
under it only documents 3 tools: read_file / glob and search_file_content. Add a
new bullet point to include list_directory in the tool list to accurately
document all 4 tools that the agent actually exposes.

In `@res/prompts/undefined_nagaagent.xml`:
- Line 889: In the rule describing undefined_self_code_agent capabilities, there
is a duplicated "只" character in the phrase "只能只读查阅". Remove one instance of the
"只" character to normalize the phrase and ensure it reads naturally without
redundancy. The phrase should convey that the agent can only read and consult
the code, not write or execute commands.

In `@res/prompts/undefined.xml`:
- Line 838: In the rule describing undefined_self_code_agent limitations, remove
the duplicate character "只" from the phrase `只能只读查阅`. Replace `只能只读查阅` with
either `只能查阅` (simpler) or `仅可只读查阅` (preserving the read-only intent) to make
the sentence grammatically correct and easier to read. The phrase appears in the
constraint text that describes what undefined_self_code_agent cannot do.

In
`@src/Undefined/skills/agents/naga_code_analysis_agent/tools/read_naga_intro/handler.py`:
- Around line 6-71: Update the outdated startup and build command references in
the embedded intro text within the handler.py file (around lines 93–98). Replace
the non-existent entry points `python apiserver/start_server.py api` and
`uvicorn agentserver.agent_server:app` with the correct unified entry point
`python main.py` or `python -m Undefined`. Update the build script reference
from `python scripts/build-win.py` to point to the correct build script that
exists in the `scripts/` directory (such as `build_native_apps.py`). Update the
documentation reference from `docs/build-windows.md` to `docs/build.md`. Ensure
all command examples and file paths in the intro match the actual current
repository structure.

In `@src/Undefined/skills/agents/undefined_self_code_agent/tools/_shared.py`:
- Around line 165-190: The function iter_allowed_files uses blocking filesystem
operations (exists, is_file, is_dir, rglob) that can stall the event loop in
async contexts. Replace these direct blocking calls with async-safe helpers from
src/Undefined/utils/io.py. Convert iter_allowed_files from a synchronous
generator to an async generator that uses asyncio.to_thread() to wrap blocking
filesystem operations, ensuring file existence checks, directory traversals, and
path validation are properly handled through the project's I/O layer instead of
direct Path method calls.

In `@src/Undefined/skills/agents/undefined_self_code_agent/tools/glob/handler.py`:
- Around line 44-59: The synchronous filesystem traversal operations in the loop
spanning lines 44-59 (iterating through search_roots, calling glob(), is_file(),
is_allowed_path(), format_relative(), and managing matches) are executing
directly on the event loop and blocking concurrent work. Extract this entire
disk traversal logic into a separate synchronous helper function, then call that
function using asyncio.to_thread() from the async handler to offload the
blocking I/O operations to a thread pool, following the coding guidelines
requirement to use asyncio.to_thread for disk read operations.

In
`@src/Undefined/skills/agents/undefined_self_code_agent/tools/list_directory/handler.py`:
- Around line 40-42: The execute method is performing blocking synchronous
filesystem operations (iterdir() calls and is_dir() checks) directly in the
async coroutine context on lines 40-42 and 57-59, which blocks the event loop.
Create utility functions in the utils/io.py module to handle directory scanning
and file type checking, then import and call these utilities in the execute
method using asyncio.to_thread to execute them asynchronously. This ensures all
disk I/O operations are wrapped appropriately and non-blocking within the async
context.

In
`@src/Undefined/skills/agents/undefined_self_code_agent/tools/read_file/handler.py`:
- Around line 51-60: The range_header construction on line 59 produces an
invalid format like "行 1-0/0" when the file is empty. Add a conditional check
after calculating end_line to detect when the file is empty (when total_lines is
0 or selected is empty) and set range_header to an explicit empty-range header
in that case, otherwise use the existing range_header format. This ensures the
header accurately represents empty files instead of emitting invalid line
ranges.

In
`@src/Undefined/skills/agents/undefined_self_code_agent/tools/search_file_content/handler.py`:
- Around line 57-76: The code is performing synchronous blocking file operations
directly in an async context by eagerly materializing all files with
list(iter_allowed_files(...)) and calling read_text_file() synchronously.
Convert the function to be async and wrap the blocking IO operations with
asyncio.to_thread() when calling read_text_file() and any other disk operations.
Remove the list() call around iter_allowed_files() to make file enumeration
lazy, allowing the event loop to continue processing while file operations
complete. This prevents blocking the event loop and reduces memory usage on
larger repositories.

In `@tests/test_undefined_self_code_agent.py`:
- Around line 46-71: Replace all direct Path.write_text() calls throughout the
test setup with the project's async-safe I/O utilities from
src/Undefined/utils/io.py. Each line creating files using the pattern (root /
"...").write_text() should be refactored to use the appropriate utility function
from the io module, ensuring all disk writes are atomic and async-safe as
required by the project's coding guidelines. This applies to all file creation
operations including pyproject.toml, README.md, CHANGELOG.md, ARCHITECTURE.md,
config.toml.example, main.py, .hidden.py, tool.py, test_main.py, prompt.txt,
usage.md, App.tsx, secret.txt, run.log, and .env files.

---

Nitpick comments:
In `@tests/test_naga_code_analysis_agent.py`:
- Line 14: The assertion checking for the exact submodule hash "eb71318" is too
brittle and causes test failures during normal submodule syncs even when the
behavior is correct. Replace this exact hash check with stable capability or
layout markers that validate the correct behavior without depending on specific
commit hashes.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 9e99344b-ef36-4839-b6d6-88b556c8a382

📥 Commits

Reviewing files that changed from the base of the PR and between 62e28f7 and 59b7830.

📒 Files selected for processing (28)

• ARCHITECTURE.md
• CHANGELOG.md
• README.md
• code/NagaAgent
• docs/usage.md
• res/prompts/undefined.xml
• res/prompts/undefined_nagaagent.xml
• src/Undefined/skills/agents/README.md
• src/Undefined/skills/agents/naga_code_analysis_agent/tools/read_naga_intro/handler.py
• src/Undefined/skills/agents/undefined_self_code_agent/README.md
• src/Undefined/skills/agents/undefined_self_code_agent/__init__.py
• src/Undefined/skills/agents/undefined_self_code_agent/config.json
• src/Undefined/skills/agents/undefined_self_code_agent/handler.py
• src/Undefined/skills/agents/undefined_self_code_agent/intro.md
• src/Undefined/skills/agents/undefined_self_code_agent/prompt.md
• src/Undefined/skills/agents/undefined_self_code_agent/tools/__init__.py
• src/Undefined/skills/agents/undefined_self_code_agent/tools/_shared.py
• src/Undefined/skills/agents/undefined_self_code_agent/tools/glob/config.json
• src/Undefined/skills/agents/undefined_self_code_agent/tools/glob/handler.py
• src/Undefined/skills/agents/undefined_self_code_agent/tools/list_directory/config.json
• src/Undefined/skills/agents/undefined_self_code_agent/tools/list_directory/handler.py
• src/Undefined/skills/agents/undefined_self_code_agent/tools/read_file/config.json
• src/Undefined/skills/agents/undefined_self_code_agent/tools/read_file/handler.py
• src/Undefined/skills/agents/undefined_self_code_agent/tools/search_file_content/config.json
• src/Undefined/skills/agents/undefined_self_code_agent/tools/search_file_content/handler.py
• tests/test_naga_code_analysis_agent.py
• tests/test_system_prompt_constraints.py
• tests/test_undefined_self_code_agent.py

[coderabbitai]

Actionable comments posted: 3

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/Undefined/skills/agents/undefined_self_code_agent/tools/_shared.py`:
- Around line 207-217: The glob operation in the loop starting with `for root in
roots:` traverses the entire repository including disallowed directories before
filtering occurs, and patterns containing `..` can force traversal outside the
search root. Before calling `root.glob(pattern)`, validate that the pattern does
not contain `..` or absolute path components that could enable traversal outside
allowed roots. Additionally, add explicit logic to handle allowed root files
separately and ensure that glob operations are constrained to only search within
the approved roots rather than relying on post-glob filtering with
`is_allowed_path()` to exclude unwanted directories.

In `@src/Undefined/skills/agents/undefined_self_code_agent/tools/glob/handler.py`:
- Line 13: The handler.py file directly imports from Undefined.utils (the
async_io module), which violates the skills handler boundary by importing from
outside the skills/ directory. Remove the direct import statement "from
Undefined.utils import io as async_io" and instead either inject the async_io
dependency through the execution context parameter passed to the handler, or
expose it via _shared.py and import from there instead. This ensures
dependencies are properly passed through the context rather than directly
importing from repo-local modules outside the skills/ directory.

In
`@src/Undefined/skills/agents/undefined_self_code_agent/tools/list_directory/handler.py`:
- Line 13: The handler at list_directory/handler.py violates the skills module
boundary by directly importing from Undefined.utils (line 13: from
Undefined.utils import io as async_io). Remove this direct import statement and
instead inject the async_io dependency through the execution context that is
passed to the handler function. Update all usages of async_io within the handler
to reference it from the injected context parameter rather than the module
import.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro Plus

Run ID: 75ec38e4-5b4d-4cd7-b020-39fa5c122da8

📥 Commits

Reviewing files that changed from the base of the PR and between 59b7830 and 8445851.

📒 Files selected for processing (13)

• ARCHITECTURE.md
• res/prompts/undefined.xml
• res/prompts/undefined_nagaagent.xml
• src/Undefined/skills/agents/naga_code_analysis_agent/tools/read_naga_intro/handler.py
• src/Undefined/skills/agents/undefined_self_code_agent/tools/_shared.py
• src/Undefined/skills/agents/undefined_self_code_agent/tools/glob/handler.py
• src/Undefined/skills/agents/undefined_self_code_agent/tools/list_directory/handler.py
• src/Undefined/skills/agents/undefined_self_code_agent/tools/read_file/handler.py
• src/Undefined/skills/agents/undefined_self_code_agent/tools/search_file_content/handler.py
• src/Undefined/utils/io.py
• tests/test_naga_code_analysis_agent.py
• tests/test_system_prompt_constraints.py
• tests/test_undefined_self_code_agent.py

✅ Files skipped from review due to trivial changes (2)

• src/Undefined/skills/agents/naga_code_analysis_agent/tools/read_naga_intro/handler.py
• ARCHITECTURE.md

🚧 Files skipped from review as they are similar to previous changes (6)

• res/prompts/undefined.xml
• src/Undefined/skills/agents/undefined_self_code_agent/tools/search_file_content/handler.py
• tests/test_system_prompt_constraints.py
• res/prompts/undefined_nagaagent.xml
• tests/test_undefined_self_code_agent.py
• src/Undefined/skills/agents/undefined_self_code_agent/tools/read_file/handler.py

[69gg]

@coderabbitai review

[coderabbitai]

✅ Action performed

Review finished.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.