feat: add workspace file explorer and runbook file APIs

Author: jerry609

docs/DEEPCODE_TODO.md

@@ -25,7 +25,7 @@
 ### 1) 数据模型与存储（Run / Step / Artifact / Snapshot）
 
 - [x] `RunbookStepModel`（runbook_steps）表：step 生命周期与配置
-- [ ] 新增 `ArtifactModel` 表（产物索引）
+- [x] 新增 `ArtifactModel` 表（产物索引）
   - [ ] 字段：`run_id`、`step_id`(可空)、`type`(log/metric/report/file/zip)、
     `path_or_uri`、`mime`、`size_bytes`、`sha256`、`metadata_json`、`created_at`
   - [ ] DoD：可记录 outputDir、报告、曲线图、导出的 evidence 包
@@ -52,12 +52,13 @@
 
 - [ ] 后端：文件系统 API（严格限制在允许目录）
   - [ ] `GET /api/runbook/projects`（可选：列出最近项目/输出目录）
-  - [ ] `GET /api/runbook/projects/{id}/files`（树）
-  - [ ] `GET /api/runbook/projects/{id}/file?path=...`（读）
-  - [ ] `POST /api/runbook/projects/{id}/file`（写：只允许 workspace 内）
+  - [x] `GET /api/runbook/files?project_dir=...`（索引）
+  - [x] `GET /api/runbook/file?project_dir=...&path=...`（读）
+  - [x] `POST /api/runbook/file`（写：只允许 workspace 内）
   - [ ] 安全：路径规范化、防穿越、白名单根目录
-- [ ] 前端：文件树组件（左侧或 Workspace 顶部）
-  - [ ] 支持搜索/最近文件/仅显示改动
+- [x] 前端：文件树组件（Workspace 左侧）
+  - [x] 支持搜索 + 刷新索引 + 打开文件到 Editor
+  - [x] Save Active（写回后端文件）
 - [ ] Diff Staging（必须）
   - [ ] 生成 diff（基于“原始快照 vs 当前”）
   - [ ] Apply/Reject（按文件/按 hunk）
@@ -126,3 +127,4 @@
 ## Progress Log（每次完成请追加）
 
 - YYYY-MM-DD: ...
+- 2025-12-22: Add ArtifactModel + Runbook file APIs + Workspace real file explorer (open/save) + panel collapse controls.

src/paperbot/api/routes/runbook.py

@@ -21,7 +21,7 @@
 from pathlib import Path
 from typing import Any, Dict, List, Literal, Optional
 
-from fastapi import APIRouter, HTTPException
+from fastapi import APIRouter, HTTPException, Query
 from pydantic import BaseModel, Field
 
 from paperbot.application.collaboration.message_schema import new_run_id
@@ -153,6 +153,125 @@ async def start_smoke(body: SmokeRequest) -> SmokeStartResponse:
     return SmokeStartResponse(run_id=run_id, status="running")
 
 
+@router.get("/runbook/files")
+async def list_project_files(
+    project_dir: str = Query(..., description="Project directory on the API host"),
+    recursive: bool = Query(True, description="List files recursively"),
+    max_files: int = Query(2000, ge=1, le=20000),
+):
+    """
+    List files under a project directory (best-effort).
+
+    Notes:
+    - This endpoint is intentionally restrictive and will only serve allowed roots.
+    - Large directories (e.g. node_modules) are skipped by default.
+    """
+    root = Path(project_dir)
+    if not root.exists() or not root.is_dir():
+        raise HTTPException(status_code=400, detail="project_dir must be an existing directory")
+    if not _allowed_workdir(root):
+        raise HTTPException(status_code=403, detail="project_dir is not allowed")
+
+    ignore_dirs = {".git", ".next", "node_modules", ".venv", "__pycache__", ".pytest_cache", ".mypy_cache"}
+
+    files: List[str] = []
+    directories: List[str] = []
+
+    if not recursive:
+        for p in root.iterdir():
+            if p.is_dir():
+                directories.append(p.name)
+            elif p.is_file():
+                files.append(p.name)
+        return {"project_dir": str(root), "files": sorted(files), "directories": sorted(directories)}
+
+    for dirpath, dirnames, filenames in os.walk(root):
+        # prune
+        dirnames[:] = [d for d in dirnames if d not in ignore_dirs]
+        rel_dir = os.path.relpath(dirpath, root)
+        if rel_dir != ".":
+            directories.append(rel_dir)
+
+        for name in filenames:
+            if len(files) >= max_files:
+                break
+            rel = os.path.relpath(os.path.join(dirpath, name), root)
+            files.append(rel)
+        if len(files) >= max_files:
+            break
+
+    return {
+        "project_dir": str(root),
+        "files": sorted(files),
+        "directories": sorted(set(directories)),
+        "truncated": len(files) >= max_files,
+        "max_files": max_files,
+    }
+
+
+class ReadFileResponse(BaseModel):
+    path: str
+    content: str
+
+
+@router.get("/runbook/file", response_model=ReadFileResponse)
+async def read_project_file(
+    project_dir: str = Query(..., description="Project directory on the API host"),
+    path: str = Query(..., description="Relative file path within project_dir"),
+    max_bytes: int = Query(2_000_000, ge=1, le=20_000_000),
+):
+    """Read a single file under project_dir (UTF-8 best effort)."""
+    root = Path(project_dir)
+    if not root.exists() or not root.is_dir():
+        raise HTTPException(status_code=400, detail="project_dir must be an existing directory")
+    if not _allowed_workdir(root):
+        raise HTTPException(status_code=403, detail="project_dir is not allowed")
+
+    target = (root / path).resolve()
+    root_resolved = root.resolve()
+    if not (target == root_resolved or str(target).startswith(str(root_resolved) + os.sep)):
+        raise HTTPException(status_code=400, detail="invalid path")
+    if not target.exists() or not target.is_file():
+        raise HTTPException(status_code=404, detail="file not found")
+
+    size = target.stat().st_size
+    if size > max_bytes:
+        raise HTTPException(status_code=413, detail=f"file too large ({size} bytes)")
+
+    try:
+        content = target.read_text(encoding="utf-8")
+    except Exception:
+        content = target.read_text(errors="ignore")
+
+    return ReadFileResponse(path=path, content=content)
+
+
+class WriteFileRequest(BaseModel):
+    project_dir: str
+    path: str
+    content: str
+
+
+@router.post("/runbook/file")
+async def write_project_file(body: WriteFileRequest):
+    """Write a file under project_dir (creates parents)."""
+    root = Path(body.project_dir)
+    if not root.exists() or not root.is_dir():
+        raise HTTPException(status_code=400, detail="project_dir must be an existing directory")
+    if not _allowed_workdir(root):
+        raise HTTPException(status_code=403, detail="project_dir is not allowed")
+
+    target = (root / body.path).resolve()
+    root_resolved = root.resolve()
+    if not (target == root_resolved or str(target).startswith(str(root_resolved) + os.sep)):
+        raise HTTPException(status_code=400, detail="invalid path")
+
+    target.parent.mkdir(parents=True, exist_ok=True)
+    target.write_text(body.content, encoding="utf-8")
+
+    return {"ok": True, "path": body.path}
+
+
 @router.get("/runbook/runs/{run_id}", response_model=RunStatusResponse)
 async def get_run_status(run_id: str) -> RunStatusResponse:
     with _provider.session() as session:

src/paperbot/infrastructure/stores/models.py

@@ -34,6 +34,7 @@ class AgentRunModel(Base):
     logs = relationship("ExecutionLogModel", back_populates="run", cascade="all, delete-orphan")
     metrics = relationship("ResourceMetricModel", back_populates="run", cascade="all, delete-orphan")
     runbook_steps = relationship("RunbookStepModel", back_populates="run", cascade="all, delete-orphan")
+    artifacts = relationship("ArtifactModel", back_populates="run", cascade="all, delete-orphan")
 
     def set_metadata(self, data: Dict[str, Any]) -> None:
         self.metadata_json = json.dumps(data or {}, ensure_ascii=False)
@@ -157,3 +158,27 @@ class RunbookStepModel(Base):
     run = relationship("AgentRunModel", back_populates="runbook_steps")
 
 
+class ArtifactModel(Base):
+    """
+    Artifact index for evidence tracking.
+
+    This table stores references (paths/URIs) to outputs produced during a run/step:
+    - logs (raw/filtered), metrics snapshots, reports, figures, exported evidence packs, etc.
+    """
+    __tablename__ = "artifacts"
+
+    id: Mapped[int] = mapped_column(Integer, primary_key=True, autoincrement=True)
+    run_id: Mapped[str] = mapped_column(String(64), ForeignKey("agent_runs.run_id"), index=True)
+    step_id: Mapped[Optional[int]] = mapped_column(Integer, ForeignKey("runbook_steps.id"), nullable=True, index=True)
+
+    type: Mapped[str] = mapped_column(String(32), index=True)  # log/metric/report/file/zip/...
+    path_or_uri: Mapped[str] = mapped_column(Text, default="")
+    mime: Mapped[Optional[str]] = mapped_column(String(128), nullable=True)
+    size_bytes: Mapped[Optional[int]] = mapped_column(Integer, nullable=True)
+    sha256: Mapped[Optional[str]] = mapped_column(String(64), nullable=True)
+    created_at: Mapped[Optional[datetime]] = mapped_column(DateTime(timezone=True), nullable=True, index=True)
+    metadata_json: Mapped[str] = mapped_column(Text, default="{}")
+
+    run = relationship("AgentRunModel", back_populates="artifacts")
+    step = relationship("RunbookStepModel")
+

web/src/app/api/runbook/file/route.ts

@@ -0,0 +1,42 @@
+export const runtime = "nodejs"
+
+function apiBaseUrl() {
+  return process.env.PAPERBOT_API_BASE_URL || "http://127.0.0.1:8000"
+}
+
+export async function GET(req: Request) {
+  const url = new URL(req.url)
+  const upstream = await fetch(`${apiBaseUrl()}/api/runbook/file?${url.searchParams.toString()}`, {
+    method: "GET",
+    headers: { Accept: "application/json" },
+  })
+  const text = await upstream.text()
+  return new Response(text, {
+    status: upstream.status,
+    headers: {
+      "Content-Type": upstream.headers.get("content-type") || "application/json",
+      "Cache-Control": "no-cache",
+    },
+  })
+}
+
+export async function POST(req: Request) {
+  const body = await req.text()
+  const upstream = await fetch(`${apiBaseUrl()}/api/runbook/file`, {
+    method: "POST",
+    headers: {
+      "Content-Type": req.headers.get("content-type") || "application/json",
+      Accept: "application/json",
+    },
+    body,
+  })
+  const text = await upstream.text()
+  return new Response(text, {
+    status: upstream.status,
+    headers: {
+      "Content-Type": upstream.headers.get("content-type") || "application/json",
+      "Cache-Control": "no-cache",
+    },
+  })
+}
+

web/src/app/api/runbook/files/route.ts

@@ -0,0 +1,22 @@
+export const runtime = "nodejs"
+
+function apiBaseUrl() {
+  return process.env.PAPERBOT_API_BASE_URL || "http://127.0.0.1:8000"
+}
+
+export async function GET(req: Request) {
+  const url = new URL(req.url)
+  const upstream = await fetch(`${apiBaseUrl()}/api/runbook/files?${url.searchParams.toString()}`, {
+    method: "GET",
+    headers: { Accept: "application/json" },
+  })
+  const text = await upstream.text()
+  return new Response(text, {
+    status: upstream.status,
+    headers: {
+      "Content-Type": upstream.headers.get("content-type") || "application/json",
+      "Cache-Control": "no-cache",
+    },
+  })
+}
+

web/src/app/studio/page.tsx

@@ -7,7 +7,7 @@ import { TasksPanel } from "@/components/studio/TasksPanel"
 import { ExecutionLog } from "@/components/studio/ExecutionLog"
 import { PromptInput } from "@/components/studio/PromptInput"
 import { MCPSettings } from "@/components/studio/MCPSettings"
-import { DeepCodeEditor } from "@/components/studio/DeepCodeEditor"
+import { WorkspacePanel } from "@/components/studio/WorkspacePanel"
 import { RunbookPanel } from "@/components/studio/RunbookPanel"
 import { BlueprintPanel } from "@/components/studio/BlueprintPanel"
 import { MCPProvider } from "@/lib/mcp"
@@ -340,9 +340,7 @@ function StudioContent() {
                         minSize="30"
                         onResize={({ inPixels }) => setCollapsedKey("workspace", inPixels < 2)}
                     >
-                        <div className="h-full min-w-0 min-h-0 bg-background">
-                            <DeepCodeEditor />
-                        </div>
+                        <WorkspacePanel />
                     </ResizablePanel>
 
                     <ResizableHandle withHandle />
@@ -472,7 +470,7 @@ function StudioContent() {
                         </TabsTrigger>
                     </TabsList>
                     <TabsContent value="workspace" className="flex-1 min-h-0 m-0 overflow-hidden">
-                        <DeepCodeEditor />
+                        <WorkspacePanel />
                     </TabsContent>
                     <TabsContent value="runbook" className="flex-1 min-h-0 m-0 overflow-hidden">
                         <RunbookPanel />