Skip to content

feat(sec-core): route prompt scan to daemon and add prompt model preload#786

Merged
edonyzpc merged 3 commits into
alibaba:mainfrom
RemindD:feature/sec-core/daemon
Jun 10, 2026
Merged

feat(sec-core): route prompt scan to daemon and add prompt model preload#786
edonyzpc merged 3 commits into
alibaba:mainfrom
RemindD:feature/sec-core/daemon

Conversation

@RemindD

@RemindD RemindD commented Jun 8, 2026
edited
Loading

Copy link
Copy Markdown
Collaborator

Description

本 PR 将 scan-prompt 从每次 CLI 进程内直接加载/执行模型,迁移为通过 agent-sec
daemon 接口执行。daemon 启动时会触发 prompt scan 模型预加载,CLI 只负责透传请求并输出
扫描结果。

主要改动:

  • 新增 daemon background jobs 目录,用于承载启动时常驻任务
  • 新增 prompt scan 模型 preload job
  • daemon 暴露 scan-prompt 方法
  • CLI scan-prompt 改为调用 daemon client
  • security middleware 新增显式 context 调用入口
  • prompt scanner e2e 测试增加 daemon 启动与模型 ready 等待逻辑
  • daemon health 请求关闭 access log,避免 readiness polling 产生大量日志
  • preload 下载过程 suppress stdout/stderr,避免后台下载污染 daemon 输出
类型 耗时 备注
模型下载 2 分钟 之前用户手动下载,现在daemon启动时自动下载
模型加载 平均 4.35s 之前每轮cli 调用都需要,现在模型在内存中就无需反复加载
CLI 调用 平均 311.81ms;p95 367.32ms cli module import和scan耗时,前者还有优化空间
daemon 调用 平均 94.48ms;p95 131.31ms 目前daemon实际调用耗时

Related Issue

closes #

Type of Change

  • Bug fix (non-breaking change that fixes an issue)
  • New feature (non-breaking change that adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update
  • Refactoring (no functional change)
  • Performance improvement
  • CI/CD or build changes

Scope

  • cosh (copilot-shell)
  • sec-core (agent-sec-core)
  • skill (os-skills)
  • sight (agentsight)
  • tokenless (tokenless)
  • ckpt (ws-ckpt)
  • memory (agent-memory)
  • anolisa (anolisa-cli)
  • Multiple / Project-wide

Checklist

  • I have read the Contributing Guide
  • My code follows the project's code style
  • I have added tests that prove my fix is effective or that my feature works
  • I have updated the documentation accordingly
  • For cosh: Lint passes, type check passes, and tests pass
  • For sec-core (Rust): cargo clippy -- -D warnings and cargo fmt --check pass
  • For sec-core (Python): Ruff format and pytest pass
  • For skill: Skill directory structure is valid and shell scripts pass syntax check
  • For sight: cargo clippy -- -D warnings and cargo fmt --check pass
  • For tokenless: cargo clippy -- -D warnings and cargo fmt --check pass
  • For memory (Linux only): cargo clippy --all-targets -- -D warnings, cargo fmt --check, and cargo test pass
  • For anolisa: cargo clippy --all-targets --locked -- -D warnings, cargo fmt --all --check, and cargo test --locked pass
  • Lock files are up to date (package-lock.json / Cargo.lock)

Testing

Additional Notes

@RemindD RemindD force-pushed the feature/sec-core/daemon branch from ced89f5 to 0299152 Compare June 8, 2026 11:59
@github-actions github-actions Bot added component:sec-core src/agent-sec-core/ scope:documentation ./docs/|./*.md|./NOTICE labels Jun 8, 2026
@jfeng18 jfeng18 mentioned this pull request Jun 8, 2026
Open
@RemindD RemindD force-pushed the feature/sec-core/daemon branch from 0299152 to 1bf6281 Compare June 9, 2026 01:58
edonyzpc
edonyzpc reviewed Jun 9, 2026
View reviewed changes
Comment thread src/agent-sec-core/agent-sec-cli/src/agent_sec_cli/prompt_scanner/cli.py Outdated
@yangdao479 yangdao479 requested a review from haosanzi June 9, 2026 08:18
edonyzpc
edonyzpc reviewed Jun 9, 2026
View reviewed changes
Comment thread src/agent-sec-core/agent-sec-cli/src/agent_sec_cli/prompt_scanner/cli.py Outdated
edonyzpc
edonyzpc reviewed Jun 9, 2026
View reviewed changes
Comment thread src/agent-sec-core/agent-sec-cli/src/agent_sec_cli/prompt_scanner/cli.py Outdated
edonyzpc
edonyzpc reviewed Jun 9, 2026
View reviewed changes
Comment thread src/agent-sec-core/agent-sec-cli/src/agent_sec_cli/daemon/server.py Outdated
@RemindD RemindD requested a review from edonyzpc June 9, 2026 11:56
edonyzpc
edonyzpc reviewed Jun 10, 2026
View reviewed changes
Comment thread src/agent-sec-core/agent-sec-cli/src/agent_sec_cli/daemon/jobs/prompt_preload.py Outdated
edonyzpc
edonyzpc reviewed Jun 10, 2026
View reviewed changes
Comment thread src/agent-sec-core/agent-sec-cli/src/agent_sec_cli/prompt_scanner/cli.py Outdated
@RemindD RemindD requested a review from edonyzpc June 10, 2026 07:37
edonyzpc
edonyzpc approved these changes Jun 10, 2026
View reviewed changes

@edonyzpc edonyzpc left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@edonyzpc edonyzpc merged commit 2e0d022 into alibaba:main Jun 10, 2026
16 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@edonyzpc edonyzpc edonyzpc approved these changes

@casparant casparant Awaiting requested review from casparant casparant is a code owner

@yangdao479 yangdao479 Awaiting requested review from yangdao479 yangdao479 is a code owner

@kid9 kid9 Awaiting requested review from kid9 kid9 is a code owner

@haosanzi haosanzi Awaiting requested review from haosanzi

Assignees

No one assigned

Labels

component:sec-core src/agent-sec-core/ scope:documentation ./docs/|./*.md|./NOTICE

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@RemindD @edonyzpc