Update config.yaml

README.md

@@ -29,7 +29,6 @@ If CyberStrikeAI helps you, you can support the project via **WeChat Pay** or **
 
 CyberStrikeAI is an **AI-native security testing platform** built in Go. It integrates 100+ security tools, an intelligent orchestration engine, role-based testing with predefined security roles, a skills system with specialized testing skills, comprehensive lifecycle management capabilities, and a **built-in lightweight C2 (Command & Control) framework** for **authorized** engagements (listeners, encrypted implants, sessions, tasks, real-time events, REST and MCP). Through native MCP protocol and AI agents, it enables end-to-end automation from conversational commands to vulnerability discovery, attack-chain analysis, knowledge retrieval, and result visualization—delivering an auditable, traceable, and collaborative testing environment for security teams.
 
-
 ## Interface & Integration Preview
 
 <div align="center">
@@ -117,9 +116,9 @@ CyberStrikeAI is an **AI-native security testing platform** built in Go. It inte
 - 🛡️ Vulnerability management with CRUD operations, severity tracking, status workflow, and statistics
 - 📋 Batch task management: create task queues, add multiple tasks, and execute them sequentially
 - 🎭 Role-based testing: predefined security testing roles (Penetration Testing, CTF, Web App Scanning, etc.) with custom prompts and tool restrictions
-- 🧩 **Agent orchestration (CloudWeGo Eino)**: **single-agent** via **`/api/eino-agent/stream`** (Eino ADK `ChatModelAgent`); **multi-agent** via **`/api/multi-agent/stream`** with **`deep`** (coordinator + `task` sub-agents), **`plan_execute`**, or **`supervisor`** (`orchestration` in the request body). Markdown under `agents/`: `orchestrator.md`, `orchestrator-plan-execute.md`, `orchestrator-supervisor.md`, plus sub-agent `*.md` (see [Multi-agent doc](docs/MULTI_AGENT_EINO.md))
+- 🧩 **Agent orchestration (CloudWeGo Eino)**: **single-agent** via **`/api/eino-agent/stream`** (Eino ADK `ChatModelAgent`); **multi-agent** via **`/api/multi-agent/stream`** with **`deep`** (coordinator + `task` sub-agents), **`plan_execute`**, or **`supervisor`** (`orchestration` in the request body). ADK **summarization** compresses long contexts; pre-compaction **transcripts** land at `data/conversation_artifacts/<conversation-id>/summarization/transcript.txt` (full user/assistant/tool turns; static system omitted). Markdown under `agents/`: `orchestrator.md`, `orchestrator-plan-execute.md`, `orchestrator-supervisor.md`, plus sub-agent `*.md` (see [Multi-agent doc](docs/MULTI_AGENT_EINO.md))
 - 🖼️ **Vision analysis (`analyze_image`)**: separate VL model (e.g. `qwen-vl-max`) via MCP for local screenshots, captchas, and UI; image bytes stay out of agent history (text summaries only). Configure `vision` in `config.yaml`; see [docs/VISION.md](docs/VISION.md)
-- 🎯 **Skills (refactored for Eino)**: packs under `skills_dir` follow **Agent Skills** layout (`SKILL.md` + optional files); **multi-agent** sessions use the official Eino ADK **`skill`** tool for **progressive disclosure** (load by name), with optional **host filesystem / shell** via `multi_agent.eino_skills`; optional **`eino_middleware`** adds patchtoolcalls, tool_search, plantask, reduction, checkpoints, and Deep tuning—20+ sample domains (SQLi, XSS, API security, …) ship under `skills/`
+- 🎯 **Skills (refactored for Eino)**: packs under `skills_dir` follow **Agent Skills** layout (`SKILL.md` + optional files); **multi-agent** sessions use the official Eino ADK **`skill`** tool for **progressive disclosure** (load by name), with optional **host filesystem / shell** via `multi_agent.eino_skills`; optional **`eino_middleware`** adds patchtoolcalls, tool_search, **plantask** (`TaskCreate` / `TaskList` boards under `skills_dir/.eino/plantask/`), reduction, file **checkpoints** (`checkpoint_dir`), ChatModel **retries**, session **output key**, and Deep tuning—20+ sample domains (SQLi, XSS, API security, …) ship under `skills/`
 - 📱 **Chatbot**: DingTalk and Lark (Feishu) long-lived connections so you can talk to CyberStrikeAI from mobile (see [Robot / Chatbot guide](docs/robot_en.md) for setup and commands)
 - 🧑‍⚖️ **Human-in-the-loop (HITL)**: Chat sidebar to set approval mode and tool allowlists (listed tools skip approval); global list in `config.yaml` under `hitl.tool_whitelist`; **Apply** can merge new tools into the file and update the running server without restart; dedicated **HITL** page for pending approvals
 - 🐚 **WebShell management**: Add and manage WebShell connections (e.g. IceSword/AntSword compatible), use a virtual terminal for command execution, a built-in file manager for file operations, and an AI assistant tab that orchestrates tests and keeps per-connection conversation history; supports PHP, ASP, ASPX, JSP and custom shell types with configurable request method and command parameter.
@@ -261,7 +260,7 @@ Requirements / tips:
 - **Predefined roles** – System includes 12+ predefined security testing roles (Penetration Testing, CTF, Web App Scanning, API Security Testing, Binary Analysis, Cloud Security Audit, etc.) in the `roles/` directory.
 - **Custom prompts** – Each role can define a `user_prompt` that prepends to user messages, guiding the AI to adopt specialized testing methodologies and focus areas.
 - **Tool restrictions** – Roles can specify a `tools` list to limit available tools, ensuring focused testing workflows (e.g., CTF role restricts to CTF-specific utilities).
-- **Skills** – Skill packs live under `skills_dir` and load via the Eino ADK **`skill`** tool (**progressive disclosure**) in both **single- and multi-agent** sessions when **`multi_agent.eino_skills`** is enabled. Optional host **read_file / glob / grep / write / edit / execute** and **`eino_middleware`** (tool_search, reduction, checkpoints, etc.) apply per mode—see docs.
+- **Skills** – Skill packs live under `skills_dir` and load via the Eino ADK **`skill`** tool (**progressive disclosure**) in both **single- and multi-agent** sessions when **`multi_agent.eino_skills`** is enabled. Optional host **read_file / glob / grep / write / edit / execute** and **`eino_middleware`** (tool_search, plantask, reduction, checkpoints, summarization transcripts, etc.) apply per mode—see docs.
 - **Easy role creation** – Create custom roles by adding YAML files to the `roles/` directory. Each role defines `name`, `description`, `user_prompt`, `icon`, `tools`, and `enabled` fields.
 - **Web UI integration** – Select roles from a dropdown in the chat interface. Role selection affects both AI behavior and available tool suggestions.
 
@@ -289,6 +288,7 @@ Requirements / tips:
   - **Sub-agents** (for **deep** / **supervisor**): other `*.md` files (YAML front matter + body). Not used as **`task`** targets if marked orchestrator-only.
 - **Management** – Web UI: **Agents → Agent management**; API `/api/multi-agent/markdown-agents`.
 - **Config** – `multi_agent` in `config.yaml`: `enabled`, `robot_default_agent_mode`, `batch_use_multi_agent`, `max_iteration`, `plan_execute_loop_max_iterations`, per-mode orchestrator instruction fields, optional YAML `sub_agents` merged with disk (`id` clash → Markdown wins), **`eino_skills`**, **`eino_middleware`** (optional ADK middleware and Deep/Supervisor tuning).
+- **Resilience & long runs** – `checkpoint_dir` enables ADK **resume** after process crashes (distinct from trace-based “interrupt & continue”). `deep_model_retry_max_retries` retries transient LLM API failures within a single call. **Summarization** writes a filtered **transcript** when compression fires; the summary message includes the path so the model can `read_file` for scan output and other pre-compaction details.
 - **Details** – **[docs/MULTI_AGENT_EINO.md](docs/MULTI_AGENT_EINO.md)** (streaming, robots, batch, middleware caveats).
 
 ### Skills System (Agent Skills + Eino)
@@ -296,7 +296,7 @@ Requirements / tips:
 - **Runtime refactor** – **`skills_dir`** is the single root for packs. **Multi-agent** loads them through Eino’s official **`skill`** middleware (**progressive disclosure**: model calls `skill` with a pack **name** instead of receiving full SKILL text up front). Configure via **`multi_agent.eino_skills`**: `disable`, `filesystem_tools` (host read/glob/grep/write/edit/execute), `skill_tool_name`.
 - **Eino / RAG** – Packages are also split into `schema.Document` chunks for `FilesystemSkillsRetriever` (`skills.AsEinoRetriever()`) in **compose** graphs (e.g. knowledge/indexing pipelines).
 - **HTTP API** – `/api/skills` listing and `depth` (`summary` | `full`), `section`, and `resource_path` remain for the web UI and ops; **model-side** skill loading in multi-agent uses the **`skill`** tool, not MCP.
-- **Optional `eino_middleware`** – e.g. `tool_search` (dynamic MCP tool list), `patch_tool_calls`, `plantask` (structured tasks; persistence defaults under a subdirectory of `skills_dir`), `reduction`, `checkpoint_dir`, Deep output key / model retries / task-tool description prefix—see `config.yaml` and `internal/config/config.go`.
+- **Optional `eino_middleware`** – e.g. `tool_search` (dynamic MCP tool list), `patch_tool_calls`, **`plantask`** (Eino `TaskCreate` / `TaskGet` / `TaskUpdate` / `TaskList`; JSON under `skills_dir/.eino/plantask/<conversation-id>/`; Eino clears task files when **all** tasks are marked completed), `reduction`, **`checkpoint_dir`** (`data/eino-checkpoints/`), **`deep_model_retry_max_retries`**, **`deep_output_key`**, task-tool description prefix—see `config.yaml` and `internal/config/config.go`.
 - **Shipped demo** – `skills/cyberstrike-eino-demo/`; see `skills/README.md`.
 
 **Creating a skill:**
@@ -544,7 +544,7 @@ multi_agent:
   orchestrator_instruction: ""  # Deep; used when orchestrator.md body is empty
   # orchestrator_instruction_plan_execute / orchestrator_instruction_supervisor optional
   # eino_skills: { disable: false, filesystem_tools: true, skill_tool_name: skill }
-  # eino_middleware: optional patch_tool_calls, tool_search, plantask, reduction, checkpoint_dir, ...
+  # eino_middleware: plantask_enable, checkpoint_dir, deep_model_retry_max_retries, deep_output_key, ...
 ```
 
 ### Tool Definition Example (`tools/nmap.yaml`)

README_CN.md

@@ -28,7 +28,6 @@
 
 CyberStrikeAI 是一款 **AI 原生安全测试平台**，基于 Go 构建，集成了 100+ 安全工具、智能编排引擎、角色化测试与预设安全测试角色、Skills 技能系统与专业测试技能、完整的测试生命周期管理能力，以及面向 **授权场景** 的 **内置轻量 C2（Command & Control，指挥与控制）** 能力（监听器、加密通信、会话与任务、实时事件、REST 与 MCP 协同）。通过原生 MCP 协议与 AI 智能体，支持从对话指令到漏洞发现、攻击链分析、知识检索与结果可视化的全流程自动化，为安全团队提供可审计、可追溯、可协作的专业测试环境。
 
-
 ## 界面与集成预览
 
 <div align="center">
@@ -116,9 +115,9 @@ CyberStrikeAI 是一款 **AI 原生安全测试平台**，基于 Go 构建，集
 - 🛡️ 漏洞管理功能：完整的漏洞 CRUD 操作，支持严重程度分级、状态流转、按对话/严重程度/状态过滤，以及统计看板
 - 📋 批量任务管理：创建任务队列，批量添加任务，依次顺序执行，支持任务编辑与状态跟踪
 - 🎭 角色化测试：预设安全测试角色（渗透测试、CTF、Web 应用扫描等），支持自定义提示词和工具限制
-- 🧩 **Agent 编排（CloudWeGo Eino）**：**单代理** `POST /api/eino-agent/stream`（Eino ADK）；**多代理** `POST /api/multi-agent/stream`，`orchestration` 选 **`deep`** / **`plan_execute`** / **`supervisor`**。`agents/` 下主代理与子代理 Markdown 见 [多代理说明](docs/MULTI_AGENT_EINO.md)
+- 🧩 **Agent 编排（CloudWeGo Eino）**：**单代理** `POST /api/eino-agent/stream`（Eino ADK）；**多代理** `POST /api/multi-agent/stream`，`orchestration` 选 **`deep`** / **`plan_execute`** / **`supervisor`**。ADK **Summarization** 在上下文过长时压缩历史；压缩前将可恢复 **转录** 写入 `data/conversation_artifacts/<会话ID>/summarization/transcript.txt`（保留完整 user/assistant/tool 轮次，省略静态 system）。`agents/` 下主代理与子代理 Markdown 见 [多代理说明](docs/MULTI_AGENT_EINO.md)
 - 🖼️ **视觉分析（`analyze_image`）**：独立 Vision 模型（如 `qwen-vl-max`），MCP 工具分析本地截图/验证码/UI；图片仅在单次 VL 调用中出现，对话上下文只保留文字摘要。配置见 `config.yaml` → `vision` 与 [视觉分析说明](docs/VISION.md)
-- 🎯 **Skills（面向 Eino 重构）**：技能包放在 **`skills_dir`**，遵循 **Agent Skills** 目录规范（`SKILL.md` + 可选文件）；**多代理** 下通过 Eino 官方 **`skill`** 工具 **渐进式披露**（按 name 加载）。**`multi_agent.eino_skills`** 控制是否启用、本机文件/Shell 工具、工具名覆盖；**`eino_middleware`** 可选 patch、tool_search、plantask、reduction、断点目录及 Deep 调参。20+ 领域示例仍可绑定角色
+- 🎯 **Skills（面向 Eino 重构）**：技能包放在 **`skills_dir`**，遵循 **Agent Skills** 目录规范（`SKILL.md` + 可选文件）；**多代理** 下通过 Eino 官方 **`skill`** 工具 **渐进式披露**（按 name 加载）。**`multi_agent.eino_skills`** 控制是否启用、本机文件/Shell 工具、工具名覆盖；**`eino_middleware`** 可选 patch、tool_search、**plantask**（`TaskCreate` / `TaskList` 任务板，落在 `skills_dir/.eino/plantask/`）、reduction、文件型 **checkpoint**（`checkpoint_dir`）、ChatModel **重试**、会话 **输出键** 及 Deep 调参。20+ 领域示例仍可绑定角色
 - 📱 **机器人**：支持钉钉、飞书长连接，在手机端与 CyberStrikeAI 对话（配置与命令详见 [机器人使用说明](docs/robot.md)）
 - 🧑‍⚖️ **人机协同（HITL）**：对话页侧栏配置协同模式与免审批工具白名单；全局列表在 `config.yaml` 的 `hitl.tool_whitelist`；点「应用」可将新增工具合并写入配置文件且**无需重启**即可生效；导航 **人机协同** 页处理待审批工具调用
 - 🐚 **WebShell 管理**：添加与管理 WebShell 连接（兼容冰蝎/蚁剑等），通过虚拟终端执行命令、内置文件管理进行文件操作，并提供按连接维度保存历史的 AI 助手标签页；支持 PHP/ASP/ASPX/JSP 及自定义类型，可配置请求方法与命令参数。
@@ -259,7 +258,7 @@ go build -o cyberstrike-ai cmd/server/main.go
 - **预设角色**：系统内置 12+ 个预设的安全测试角色（渗透测试、CTF、Web 应用扫描、API 安全测试、二进制分析、云安全审计等），位于 `roles/` 目录。
 - **自定义提示词**：每个角色可定义 `user_prompt`，会在用户消息前自动添加，引导 AI 采用特定的测试方法和关注重点。
 - **工具限制**：角色可指定 `tools` 列表，限制可用工具，实现聚焦的测试流程（如 CTF 角色限制为 CTF 专用工具）。
-- **Skills**：技能包位于 `skills_dir`；启用 **`multi_agent.eino_skills`** 后，**单代理与多代理**均可通过 Eino **`skill`** 工具按需加载。中间件与本机 read_file/glob/grep 等见文档。
+- **Skills**：技能包位于 `skills_dir`；启用 **`multi_agent.eino_skills`** 后，**单代理与多代理**均可通过 Eino **`skill`** 工具按需加载。可选 **`eino_middleware`**（tool_search、plantask、reduction、checkpoint、Summarization 转录等）与本机 read_file/glob/grep 等见文档。
 - **轻松创建角色**：通过在 `roles/` 目录添加 YAML 文件即可创建自定义角色。每个角色定义 `name`、`description`、`user_prompt`、`icon`、`tools`、`enabled` 字段。
 - **Web 界面集成**：在聊天界面通过下拉菜单选择角色。角色选择会影响 AI 行为和可用工具建议。
 
@@ -287,6 +286,7 @@ go build -o cyberstrike-ai cmd/server/main.go
   - **子代理**（**deep** / **supervisor**）：其余 `*.md`；标成 orchestrator 的不会进入 `task` 列表。
 - **界面管理**：**Agents → Agent 管理**；API `/api/multi-agent/markdown-agents`。
 - **配置项**：`multi_agent`：`enabled`、`robot_default_agent_mode`、`batch_use_multi_agent`、`max_iteration`、`plan_execute_loop_max_iterations`、各模式 orchestrator 指令字段、可选 YAML `sub_agents` 与目录合并（同 `id` → Markdown 优先）、**`eino_skills`**、**`eino_middleware`**。
+- **长任务与恢复**：`checkpoint_dir` 支持进程崩溃后 ADK **断点续跑**（与基于 trace 的「中断继续」不同）。`deep_model_retry_max_retries` 在同一次 LLM 调用内重试瞬时 API 失败。**Summarization** 触发压缩时会写入过滤后的 **transcript**，摘要消息中带路径，模型可用 `read_file` 找回扫描输出等压缩前细节。
 - **更多细节**：[docs/MULTI_AGENT_EINO.md](docs/MULTI_AGENT_EINO.md)（流式、机器人、批量、中间件差异）。
 
 ### Skills 技能系统（Agent Skills + Eino）
@@ -294,7 +294,7 @@ go build -o cyberstrike-ai cmd/server/main.go
 - **运行侧重构**：**`skills_dir`** 为技能包唯一根目录；**多代理** 通过 Eino 官方 **`skill`** 中间件做 **渐进式披露**（模型按 **name** 调用 `skill`，而非一次性注入全文）。由 **`multi_agent.eino_skills`** 控制：`disable`、`filesystem_tools`（本机读写与 Shell）、`skill_tool_name`。
 - **Eino / 知识流水线**：技能包可切分为 `schema.Document`，供 `FilesystemSkillsRetriever`（`skills.AsEinoRetriever()`）在 **compose** 图（如索引/编排）中使用。
 - **HTTP 管理**：`/api/skills` 列表与 `depth=summary|full`、`section`、`resource_path` 等仍用于 Web 与运维；**模型侧** 多代理走 **`skill`** 工具，而非 MCP。
-- **可选 `eino_middleware`**：如 `tool_search`（动态工具列表）、`patch_tool_calls`、`plantask`（结构化任务；默认落在 `skills_dir` 下子目录）、`reduction`、`checkpoint_dir`、Deep 输出键 / 模型重试 / task 描述前缀等，见 `config.yaml` 与 `internal/config/config.go`。
+- **可选 `eino_middleware`**：如 `tool_search`（动态工具列表）、`patch_tool_calls`、**`plantask`**（Eino `TaskCreate` / `TaskGet` / `TaskUpdate` / `TaskList`；JSON 存于 `skills_dir/.eino/plantask/<会话ID>/`；**全部**任务标为 completed 后 Eino 会清理任务文件）、`reduction`、**`checkpoint_dir`**（如 `data/eino-checkpoints/`）、**`deep_model_retry_max_retries`**、**`deep_output_key`**、task 描述前缀等，见 `config.yaml` 与 `internal/config/config.go`。
 - **自带示例**：`skills/cyberstrike-eino-demo/`；说明见 `skills/README.md`。
 
 **新建技能：**
@@ -542,7 +542,7 @@ multi_agent:
   orchestrator_instruction: ""  # Deep；orchestrator.md 正文为空时使用
   # orchestrator_instruction_plan_execute / orchestrator_instruction_supervisor 可选
   # eino_skills: { disable: false, filesystem_tools: true, skill_tool_name: skill }
-  # eino_middleware: 可选 patch_tool_calls、tool_search、plantask、reduction、checkpoint_dir 等
+  # eino_middleware: plantask_enable、checkpoint_dir、deep_model_retry_max_retries、deep_output_key 等
 ```
 
 ### 工具模版示例（`tools/nmap.yaml`）

config.yaml

@@ -10,7 +10,7 @@
 # ============================================
 
 # 前端显示的版本号（可选，不填则显示默认版本）
-version: "v1.6.34"
+version: "v1.6.35"
 # 服务器配置
 server:
   host: 0.0.0.0 # 监听地址，0.0.0.0 表示监听所有网络接口
@@ -129,8 +129,8 @@ multi_agent:
     tool_search_min_tools: 20 # 达到该数量才启用 tool_search（避免工具很少时多此一举）；与 always_visible 配合使用
     tool_search_always_visible: 12 # 始终直接暴露给模型的工具个数（顺序与角色工具列表一致）；其余工具进入动态池，需 tool_search 解锁
     tool_search_always_visible_tools: [read_file, glob, grep, analyze_image, write_file, edit_file, execute, task, transfer_to_agent, exit, write_todos, skill, tool_search, TaskCreate, TaskGet, TaskUpdate, TaskList, record_vulnerability, list_vulnerabilities, get_vulnerability, list_knowledge_risk_types, search_knowledge_base, webshell_exec, webshell_file_list, webshell_file_read, webshell_file_write, manage_webshell_list, manage_webshell_add, manage_webshell_update, manage_webshell_delete, manage_webshell_test, batch_task_list, batch_task_get, batch_task_start, batch_task_rerun, batch_task_pause, batch_task_update_metadata, batch_task_update_schedule, batch_task_schedule_enabled, batch_task_update_task, batch_task_remove_task, batch_task_delete, batch_task_create, batch_task_add_task, http-framework-test] # 后端内置常驻工具白名单（优先于 always_visible 数量策略）
-    plantask_enable: false # true：主代理（Deep / Supervisor 主）挂载 TaskCreate/Get/Update/List；需 eino_skills 可用且 skills_dir 存在，否则仅打日志并跳过
+    plantask_enable: true # P0：主代理挂载 TaskCreate/Get/Update/List 结构化任务板；需 eino_skills 可用且 skills_dir 存在
-    plantask_rel_dir: .eino/plantask # 结构化任务文件相对 skills_dir 的子目录，其下再按会话 ID 分子目录存放
+    plantask_rel_dir: .eino/plantask # 任务文件相对 skills_dir，按会话分子目录：skills/.eino/plantask/<conversationId>/
     reduction_enable: true # true：大工具输出截断/落盘以控上下文；依赖与 plantask 相同的 eino local 写盘后端，无后端时不挂载
     reduction_max_length_for_trunc: 50000 # 单条工具结果超过该字符数（bytes）时截断并落盘（由 reduction 中间件处理）
     reduction_max_tokens_for_clear: 160000 # 历史工具结果清理阈值（tokens），超阈值时在模型调用前清理旧结果
@@ -143,11 +143,11 @@ multi_agent:
     plan_execute_executed_steps_budget_ratio: 0.2 # plan_execute 中 executed_steps 预算比例
     plan_execute_max_step_result_runes: 4000 # plan_execute 每步结果最大字符数（超出截断）
     plan_execute_keep_last_steps: 8 # plan_execute 仅保留最近 N 步正文，早期步骤折叠为标题
-    checkpoint_dir: "" # 非空：为 adk.NewRunner 启用按会话子目录的文件型 CheckPointStore，便于中断恢复持久化；Resume 的 HTTP/前端流程需另行对接
+    checkpoint_dir: data/eino-checkpoints # P0：进程崩溃/OOM 后同会话自动 ADK Resume；正常结束会删 .ckpt；与「中断并继续」(last_react_*) 是两套机制
-    run_retry_max_attempts: 0 # >0：429/5xx/网络抖动时 ADK 运行循环指数退避续跑次数；0=默认 10
+    run_retry_max_attempts: 0 # 429/5xx/网络抖动时整轮 Run 指数退避续跑；0=默认 10（与 deep_model_retry 互补，建议保持默认）
     run_retry_max_backoff_sec: 0 # 单次退避上限秒数；0=默认 30
-    deep_output_key: "" # 非空：将最终助手输出写入 adk session 的键名（Deep 与 Supervisor 主代理）；空表示不写入
+    deep_output_key: final_answer # P0：Eino session 写入最终助手结论（框架内部；Deep/Supervisor 主/eino_single）
-    deep_model_retry_max_retries: 0 # >0：ChatModel 调用失败时的框架级最大重试次数（Deep 与 Supervisor 主）；0：不重试
+    deep_model_retry_max_retries: 3 # P0：单次 ChatModel API 失败时框架自动重试（超时/502 等）；子代理模型不受此项影响
     task_tool_description_prefix: "" # 非空：仅 Deep 的 task 工具使用自定义描述前缀，运行时会拼接子代理名称；空则走 Eino 默认生成逻辑
   # Eino callbacks + OpenTelemetry：框架级 span（与 Zap 对齐）；默认不向终端用户 UI 推 eino_trace_*（见 sse_trace_to_client）
   eino_callbacks:

internal/app/app.go

@@ -315,6 +315,14 @@ func New(cfg *config.Config, log *logger.Logger, configPath string) (*App, error
 	skillsDir := skillpackage.SkillsRootFromConfig(cfg.SkillsDir, configPath)
 	log.Logger.Info("Skills 目录（Eino ADK skill 中间件 + Web 管理 API）", zap.String("skillsDir", skillsDir))
 	configDir := filepath.Dir(configPath)
+	plantaskRel := strings.TrimSpace(cfg.MultiAgent.EinoMiddleware.PlantaskRelDir)
+	if plantaskRel == "" {
+		plantaskRel = ".eino/plantask"
+	}
+	plantaskBase := filepath.Join(skillsDir, plantaskRel)
+	// Match eino_adk_run_loop: checkpoint_dir is used as configured (relative to process CWD when not absolute).
+	checkpointBase := strings.TrimSpace(cfg.MultiAgent.EinoMiddleware.CheckpointDir)
+	db.SetEinoConversationDirs(plantaskBase, checkpointBase)
 	agent.SetPromptBaseDir(configDir)
 
 	agentsDir := cfg.AgentsDir

internal/app/main_server_http_redirect.go

@@ -47,6 +47,24 @@ func (l *oneConnListener) Accept() (net.Conn, error) {
 func (l *oneConnListener) Close() error   { return nil }
 func (l *oneConnListener) Addr() net.Addr { return l.addr }
 
+// httpServerForTLSConn 从已有 Server 复制可服务字段，用于已握手 TLS 连接上的 HTTP 服务。
+// 不能复制整个 http.Server（内含 atomic/noCopy 字段）。
+func httpServerForTLSConn(src *http.Server) *http.Server {
+	return &http.Server{
+		Handler:                      src.Handler,
+		DisableGeneralOptionsHandler: src.DisableGeneralOptionsHandler,
+		ReadTimeout:                  src.ReadTimeout,
+		ReadHeaderTimeout:            src.ReadHeaderTimeout,
+		WriteTimeout:                 src.WriteTimeout,
+		IdleTimeout:                  src.IdleTimeout,
+		MaxHeaderBytes:               src.MaxHeaderBytes,
+		ConnState:                    src.ConnState,
+		ErrorLog:                     src.ErrorLog,
+		BaseContext:                  src.BaseContext,
+		ConnContext:                  src.ConnContext,
+	}
+}
+
 func isTLSHandshakeRecord(b byte) bool {
 	return b == 0x16
 }
@@ -172,8 +190,7 @@ func (m *mainServerMux) serveHTTPS(pc *peekedConn, localAddr net.Addr) {
 		}
 	}
 
-	plain := *srv
+	plain := httpServerForTLSConn(srv)
-	plain.TLSConfig = nil
 	ocl := &oneConnListener{conn: tlsConn, addr: localAddr}
 	if err := plain.Serve(ocl); err != nil && !errors.Is(err, net.ErrClosed) && !errors.Is(err, http.ErrServerClosed) {
 		m.logger.Debug("HTTPS 连接处理结束", zap.Error(err))

internal/database/conversation.go

@@ -565,19 +565,53 @@ func (db *DB) DeleteConversation(id string) error {
 	if err != nil {
 		return fmt.Errorf("删除对话失败: %w", err)
 	}
-	// Best-effort cleanup for conversation-scoped filesystem artifacts
+	db.removeConversationScopedDirs(id)
-	// (e.g., summarization transcript, reduction/checkpoint files under conversation_artifacts/<id>).
-	if base := strings.TrimSpace(db.conversationArtifactsDir); base != "" {
-		artDir := filepath.Join(base, id)
-		if rmErr := os.RemoveAll(artDir); rmErr != nil {
-			db.logger.Warn("删除会话 artifacts 目录失败", zap.String("conversationId", id), zap.String("dir", artDir), zap.Error(rmErr))
-		}
-	}
 
 	db.logger.Info("对话及其所有相关数据已删除", zap.String("conversationId", id))
 	return nil
 }
 
+func sanitizeConversationPathSegment(s string) string {
+	s = strings.TrimSpace(s)
+	if s == "" {
+		return "default"
+	}
+	s = strings.ReplaceAll(s, string(filepath.Separator), "-")
+	s = strings.ReplaceAll(s, "/", "-")
+	s = strings.ReplaceAll(s, "\\", "-")
+	s = strings.ReplaceAll(s, "..", "__")
+	if len(s) > 180 {
+		s = s[:180]
+	}
+	return s
+}
+
+func (db *DB) removeConversationScopedDir(base, conversationID, label string) {
+	base = strings.TrimSpace(base)
+	if base == "" {
+		return
+	}
+	dir := filepath.Join(base, sanitizeConversationPathSegment(conversationID))
+	if rmErr := os.RemoveAll(dir); rmErr != nil {
+		if db.logger != nil {
+			db.logger.Warn("删除会话目录失败",
+				zap.String("conversationId", conversationID),
+				zap.String("kind", label),
+				zap.String("dir", dir),
+				zap.Error(rmErr))
+		}
+	}
+}
+
+func (db *DB) removeConversationScopedDirs(conversationID string) {
+	// summarization transcript, reduction files, etc.
+	db.removeConversationScopedDir(db.conversationArtifactsDir, conversationID, "conversation_artifacts")
+	// Eino plantask JSON boards (skills_dir/.eino/plantask/<id>/).
+	db.removeConversationScopedDir(db.einoPlantaskBaseDir, conversationID, "plantask")
+	// Eino ADK runner checkpoints (checkpoint_dir/<id>/).
+	db.removeConversationScopedDir(db.einoCheckpointBaseDir, conversationID, "eino_checkpoint")
+}
+
 // SaveAgentTrace 保存最后一轮代理消息轨迹与助手输出摘要。
 // SQLite 列名仍为 last_react_input / last_react_output，与历史库表兼容；语义上为「全模式代理轨迹」，非仅 ReAct。
 func (db *DB) SaveAgentTrace(conversationID, traceInputJSON, assistantOutput string) error {

internal/database/conversation_cleanup_test.go

@@ -0,0 +1,57 @@
+package database
+
+import (
+	"os"
+	"path/filepath"
+	"testing"
+
+	"go.uber.org/zap"
+)
+
+func TestDeleteConversationRemovesEinoScopedDirs(t *testing.T) {
+	tmp := t.TempDir()
+	dbPath := filepath.Join(tmp, "conversations.db")
+	db, err := NewDB(dbPath, zap.NewNop())
+	if err != nil {
+		t.Fatalf("NewDB: %v", err)
+	}
+	defer db.Close()
+
+	plantaskBase := filepath.Join(tmp, "skills", ".eino", "plantask")
+	checkpointBase := filepath.Join(tmp, "eino-checkpoints")
+	db.SetEinoConversationDirs(plantaskBase, checkpointBase)
+
+	conv, err := db.CreateConversation("cleanup test", ConversationCreateMeta{})
+	if err != nil {
+		t.Fatalf("CreateConversation: %v", err)
+	}
+	convID := conv.ID
+	seg := sanitizeConversationPathSegment(convID)
+	for _, base := range []struct {
+		root string
+		file string
+	}{
+		{db.conversationArtifactsDir, "transcript.txt"},
+		{plantaskBase, "task-1.json"},
+		{checkpointBase, "runner-deep.ckpt"},
+	} {
+		dir := filepath.Join(base.root, seg)
+		if err := os.MkdirAll(dir, 0o755); err != nil {
+			t.Fatalf("mkdir %s: %v", dir, err)
+		}
+		if err := os.WriteFile(filepath.Join(dir, base.file), []byte("x"), 0o644); err != nil {
+			t.Fatalf("write %s: %v", base.file, err)
+		}
+	}
+
+	if err := db.DeleteConversation(convID); err != nil {
+		t.Fatalf("DeleteConversation: %v", err)
+	}
+
+	for _, base := range []string{db.conversationArtifactsDir, plantaskBase, checkpointBase} {
+		dir := filepath.Join(base, seg)
+		if _, statErr := os.Stat(dir); !os.IsNotExist(statErr) {
+			t.Fatalf("expected removed dir %s, stat err=%v", dir, statErr)
+		}
+	}
+}

internal/database/database.go

@@ -49,6 +49,8 @@ type DB struct {
 	*sql.DB
 	logger                   *zap.Logger
 	conversationArtifactsDir string
+	einoPlantaskBaseDir      string // skills_dir + plantask_rel_dir (per-conversation subdirs)
+	einoCheckpointBaseDir    string // checkpoint_dir root (per-conversation subdirs)
 	checkpointLoopName       string
 	checkpointStop           chan struct{}
 	checkpointDone           chan struct{}
@@ -155,6 +157,16 @@ func NewDB(dbPath string, logger *zap.Logger) (*DB, error) {
 	return database, nil
 }
 
+// SetEinoConversationDirs configures best-effort filesystem cleanup on DeleteConversation.
+// plantaskBase is skills_root/plantask_rel (no conversation id); checkpointBase is checkpoint_dir root.
+func (db *DB) SetEinoConversationDirs(plantaskBase, checkpointBase string) {
+	if db == nil {
+		return
+	}
+	db.einoPlantaskBaseDir = strings.TrimSpace(plantaskBase)
+	db.einoCheckpointBaseDir = strings.TrimSpace(checkpointBase)
+}
+
 // initTables 初始化数据库表
 func (db *DB) initTables() error {
 	// 创建对话表（last_react_input / last_react_output 存「代理消息轨迹」JSON 与助手摘要，列名保留以兼容已有库）

internal/multiagent/eino_middleware.go

@@ -43,22 +43,6 @@ func sanitizeEinoPathSegment(s string) string {
 	return s
 }
 
-// localPlantaskBackend wraps the eino-ext local backend with plantask.Delete (Local has no Delete).
-type localPlantaskBackend struct {
-	*localbk.Local
-}
-
-func (l *localPlantaskBackend) Delete(ctx context.Context, req *plantask.DeleteRequest) error {
-	if l == nil || l.Local == nil || req == nil {
-		return nil
-	}
-	p := strings.TrimSpace(req.FilePath)
-	if p == "" {
-		return nil
-	}
-	return os.Remove(p)
-}
-
 func splitToolsForToolSearch(all []tool.BaseTool, alwaysVisible int) (static []tool.BaseTool, dynamic []tool.BaseTool, ok bool) {
 	if alwaysVisible <= 0 || len(all) <= alwaysVisible+1 {
 		return all, nil, false
@@ -238,7 +222,7 @@ func prependEinoMiddlewares(
 			if mk := os.MkdirAll(baseDir, 0o755); mk != nil {
 				return nil, nil, toolSearchActive, fmt.Errorf("plantask mkdir: %w", mk)
 			}
-			ptBE := &localPlantaskBackend{Local: einoLoc}
+			ptBE := newLocalPlantaskBackend(einoLoc)
 			pt, perr := plantask.New(ctx, &plantask.Config{Backend: ptBE, BaseDir: baseDir})
 			if perr != nil {
 				return nil, nil, toolSearchActive, fmt.Errorf("plantask: %w", perr)

internal/multiagent/eino_summarize.go

@@ -146,20 +146,27 @@ func newEinoSummarizationMiddleware(
 			return summarizeFinalizeWithRecentAssistantToolTrail(ctx, originalMessages, summary, tokenCounter, recentTrailMax)
 		},
 		Callback: func(ctx context.Context, before, after adk.ChatModelAgentState) error {
-			if logger == nil {
+			if transcriptPath != "" && len(before.Messages) > 0 {
-				return nil
+				if werr := writeSummarizationTranscript(transcriptPath, before.Messages); werr != nil && logger != nil {
+					logger.Warn("eino summarization transcript 写入失败",
+						zap.String("path", transcriptPath),
+						zap.Error(werr),
+					)
+				}
+			}
+			if logger != nil {
+				beforeTokens, _ := tokenCounter(ctx, &summarization.TokenCounterInput{Messages: before.Messages})
+				afterTokens, _ := tokenCounter(ctx, &summarization.TokenCounterInput{Messages: after.Messages})
+				logger.Info("eino summarization 已压缩上下文",
+					zap.Int("messages_before", len(before.Messages)),
+					zap.Int("messages_after", len(after.Messages)),
+					zap.Int("tokens_before_estimated", beforeTokens),
+					zap.Int("tokens_after_estimated", afterTokens),
+					zap.Int("max_total_tokens", maxTotal),
+					zap.Int("trigger_context_tokens", trigger),
+					zap.String("transcript_file", transcriptPath),
+				)
 			}
-			beforeTokens, _ := tokenCounter(ctx, &summarization.TokenCounterInput{Messages: before.Messages})
-			afterTokens, _ := tokenCounter(ctx, &summarization.TokenCounterInput{Messages: after.Messages})
-			logger.Info("eino summarization 已压缩上下文",
-				zap.Int("messages_before", len(before.Messages)),
-				zap.Int("messages_after", len(after.Messages)),
-				zap.Int("tokens_before_estimated", beforeTokens),
-				zap.Int("tokens_after_estimated", afterTokens),
-				zap.Int("max_total_tokens", maxTotal),
-				zap.Int("trigger_context_tokens", trigger),
-				zap.String("transcript_file", transcriptPath),
-			)
 			return nil
 		},
 	})
@@ -335,6 +342,23 @@ func splitMessagesIntoRounds(msgs []adk.Message) []messageRound {
 	return rounds
 }
 
+// writeSummarizationTranscript persists pre-compaction history for read_file after summarization.
+// Eino TranscriptFilePath only embeds the path in summary text; the file must be written by the host app.
+func writeSummarizationTranscript(path string, msgs []adk.Message) error {
+	path = strings.TrimSpace(path)
+	if path == "" {
+		return nil
+	}
+	body := formatSummarizationTranscript(msgs)
+	if err := os.MkdirAll(filepath.Dir(path), 0o755); err != nil {
+		return fmt.Errorf("mkdir transcript dir: %w", err)
+	}
+	if err := os.WriteFile(path, []byte(body), 0o600); err != nil {
+		return fmt.Errorf("write transcript: %w", err)
+	}
+	return nil
+}
+
 func einoSummarizationTokenCounter(openAIModel string) summarization.TokenCounterFunc {
 	tc := agent.NewTikTokenCounter()
 	return func(ctx context.Context, input *summarization.TokenCounterInput) (int, error) {

internal/multiagent/eino_summarize_test.go

@@ -2,6 +2,9 @@ package multiagent
 
 import (
 	"context"
+	"os"
+	"path/filepath"
+	"strings"
 	"testing"
 
 	"github.com/cloudwego/eino/adk"
@@ -343,3 +346,91 @@ func assertNoOrphanTool(t *testing.T, msgs []adk.Message) {
 		}
 	}
 }
+
+func TestWriteSummarizationTranscript(t *testing.T) {
+	t.Parallel()
+	dir := t.TempDir()
+	path := filepath.Join(dir, "summarization", "transcript.txt")
+	msgs := []adk.Message{
+		schema.UserMessage("scan target"),
+		assistantToolCallsMsg("", "tc1"),
+		schema.ToolMessage("nmap output", "tc1"),
+	}
+	if err := writeSummarizationTranscript(path, msgs); err != nil {
+		t.Fatalf("writeSummarizationTranscript: %v", err)
+	}
+	body, err := os.ReadFile(path)
+	if err != nil {
+		t.Fatalf("read transcript: %v", err)
+	}
+	text := string(body)
+	if !strings.Contains(text, "Pre-compaction session record") {
+		t.Fatalf("missing transcript header: %q", text)
+	}
+	if !strings.Contains(text, "[user]") || !strings.Contains(text, "scan target") {
+		t.Fatalf("missing user section: %q", text)
+	}
+	if !strings.Contains(text, "tool_calls:") || !strings.Contains(text, "nmap output") {
+		t.Fatalf("missing tool round: %q", text)
+	}
+}
+
+func TestSanitizeSystemContentForTranscript_BestPractice(t *testing.T) {
+	t.Parallel()
+	system := strings.Join([]string{
+		"以下是当前会话绑定的工具名称索引（仅名称，无参数 JSON Schema）。",
+		"- nmap",
+		"- nuclei",
+		"",
+		"使用规则：",
+		"1) 上表仅为名称索引",
+		"5) 不要臆造不存在的工具名。",
+		"",
+		"你是CyberStrikeAI，是一个专业的网络安全渗透测试专家。",
+		"高强度扫描要求：全力出击",
+		"",
+		"## 项目黑板索引（project: 123, id: abc）",
+		"（暂无事实）",
+		"需要写入请使用 upsert_project_fact。",
+		"",
+		"# Skills System",
+		"**How to Use Skills**",
+		"Remember: Skills make you more capable",
+	}, "\n")
+
+	out := sanitizeSystemContentForTranscript(system)
+	if strings.Contains(out, "以下是当前会话绑定的工具名称索引") {
+		t.Fatalf("tool index should be stripped: %q", out)
+	}
+	if strings.Contains(out, "- nmap") || strings.Contains(out, "高强度扫描要求") {
+		t.Fatalf("static persona should be stripped: %q", out)
+	}
+	if strings.Contains(out, "# Skills System") || strings.Contains(out, "How to Use Skills") {
+		t.Fatalf("skills boilerplate should be stripped: %q", out)
+	}
+	if !strings.Contains(out, transcriptStaticSystemOmitNote) {
+		t.Fatalf("missing omission note: %q", out)
+	}
+	if !strings.Contains(out, "## 项目黑板索引（project: 123, id: abc）") {
+		t.Fatalf("project blackboard should be kept: %q", out)
+	}
+}
+
+func TestFormatSummarizationTranscript_OmitsBloatedSystem(t *testing.T) {
+	t.Parallel()
+	msgs := []adk.Message{
+		schema.SystemMessage("以下是当前会话绑定的工具名称索引\n- nmap\n\n你是CyberStrikeAI\n## 项目黑板索引（project: p1, id: x）\n（暂无事实）\n# Skills System\nboiler"),
+		schema.UserMessage("hello"),
+		schema.AssistantMessage("reply", nil),
+	}
+	out := formatSummarizationTranscript(msgs)
+	if strings.Contains(out, "- nmap") {
+		t.Fatalf("tool list leaked into transcript: %q", out)
+	}
+	if !strings.Contains(out, "hello") || !strings.Contains(out, "reply") {
+		t.Fatalf("conversation turns missing: %q", out)
+	}
+	if !strings.Contains(out, "## 项目黑板索引（project: p1, id: x）") {
+		t.Fatalf("dynamic blackboard missing: %q", out)
+	}
+}

internal/multiagent/eino_summarize_transcript.go

@@ -0,0 +1,145 @@
+package multiagent
+
+import (
+	"strings"
+
+	"github.com/cloudwego/eino/adk"
+	"github.com/cloudwego/eino/schema"
+
+	"github.com/bytedance/sonic"
+)
+
+const (
+	transcriptFileHeader = `# CyberStrikeAI summarization transcript
+# Pre-compaction session record for read_file after context compression.
+# Omits static system/tool-index/skills boilerplate; full user/assistant/tool turns below.
+
+`
+	transcriptStaticSystemOmitNote = "[static system prompt omitted — unchanged in live context after compaction]"
+	transcriptToolIndexStartMarker   = "以下是当前会话绑定的工具名称索引"
+	transcriptPersonaStartMarker     = "你是CyberStrikeAI"
+	transcriptSkillsSystemMarker     = "# Skills System"
+	transcriptProjectBlackboardMarker  = "## 项目黑板索引"
+)
+
+// formatSummarizationTranscript renders pre-compaction messages for transcript.txt.
+// Best practice: keep full user/assistant/tool turns; slim system to dynamic blocks only.
+func formatSummarizationTranscript(msgs []adk.Message) string {
+	var sb strings.Builder
+	sb.WriteString(transcriptFileHeader)
+	wrote := false
+	for _, msg := range msgs {
+		if msg == nil {
+			continue
+		}
+		switch msg.Role {
+		case schema.System:
+			body := sanitizeSystemContentForTranscript(msg.Content)
+			if strings.TrimSpace(body) == "" {
+				continue
+			}
+			if wrote {
+				sb.WriteString("\n")
+			}
+			appendTranscriptSection(&sb, schema.System, body)
+			wrote = true
+		default:
+			if wrote {
+				sb.WriteString("\n")
+			}
+			appendTranscriptMessage(&sb, msg)
+			wrote = true
+		}
+	}
+	return sb.String()
+}
+
+func sanitizeSystemContentForTranscript(content string) string {
+	content = stripToolNamesIndexFromSystem(content)
+	content = stripSkillsSystemBoilerplate(content)
+	blackboard := extractProjectBlackboardSection(content)
+
+	var sb strings.Builder
+	sb.WriteString(transcriptStaticSystemOmitNote)
+	if bb := strings.TrimSpace(blackboard); bb != "" {
+		sb.WriteString("\n\n")
+		sb.WriteString(bb)
+	}
+	return sb.String()
+}
+
+func stripToolNamesIndexFromSystem(s string) string {
+	if !strings.Contains(s, transcriptToolIndexStartMarker) {
+		return s
+	}
+	idx := strings.Index(s, transcriptPersonaStartMarker)
+	if idx < 0 {
+		return s
+	}
+	return strings.TrimSpace(s[idx:])
+}
+
+func stripSkillsSystemBoilerplate(s string) string {
+	idx := strings.Index(s, transcriptSkillsSystemMarker)
+	if idx < 0 {
+		return strings.TrimSpace(s)
+	}
+	return strings.TrimSpace(s[:idx])
+}
+
+func extractProjectBlackboardSection(s string) string {
+	idx := strings.Index(s, transcriptProjectBlackboardMarker)
+	if idx < 0 {
+		return ""
+	}
+	return strings.TrimSpace(s[idx:])
+}
+
+func appendTranscriptSection(sb *strings.Builder, role schema.RoleType, body string) {
+	sb.WriteString("--- [")
+	sb.WriteString(string(role))
+	sb.WriteString("] ---\n")
+	sb.WriteString(body)
+	if !strings.HasSuffix(body, "\n") {
+		sb.WriteByte('\n')
+	}
+}
+
+func appendTranscriptMessage(sb *strings.Builder, msg adk.Message) {
+	sb.WriteString("--- [")
+	sb.WriteString(string(msg.Role))
+	sb.WriteString("] ---\n")
+	if msg.Content != "" {
+		sb.WriteString(msg.Content)
+		if !strings.HasSuffix(msg.Content, "\n") {
+			sb.WriteByte('\n')
+		}
+	}
+	if msg.ReasoningContent != "" {
+		sb.WriteString("[reasoning]\n")
+		sb.WriteString(msg.ReasoningContent)
+		if !strings.HasSuffix(msg.ReasoningContent, "\n") {
+			sb.WriteByte('\n')
+		}
+	}
+	for _, part := range msg.UserInputMultiContent {
+		if part.Type == schema.ChatMessagePartTypeText && strings.TrimSpace(part.Text) != "" {
+			sb.WriteString(part.Text)
+			if !strings.HasSuffix(part.Text, "\n") {
+				sb.WriteByte('\n')
+			}
+		}
+	}
+	if len(msg.ToolCalls) > 0 {
+		if b, err := sonic.Marshal(msg.ToolCalls); err == nil {
+			sb.WriteString("tool_calls: ")
+			sb.Write(b)
+			sb.WriteByte('\n')
+		}
+	}
+	if msg.ToolCallID != "" {
+		sb.WriteString("tool_call_id: ")
+		sb.WriteString(msg.ToolCallID)
+		sb.WriteByte('\n')
+	}
+}

internal/multiagent/plantask_local_backend.go

@@ -0,0 +1,71 @@
+package multiagent
+
+import (
+	"context"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+
+	localbk "github.com/cloudwego/eino-ext/adk/backend/local"
+	"github.com/cloudwego/eino/adk/middlewares/plantask"
+)
+
+// localPlantaskBackend adapts eino-ext local filesystem backend for Eino plantask.
+//
+// plantask TaskCreate/TaskList list a directory via LsInfo, then Read using each entry's Path.
+// local.LsInfo returns basenames only (e.g. ".highwatermark"), while local.Read expects a
+// resolvable path — causing "file not found: .highwatermark" on the second TaskCreate.
+type localPlantaskBackend struct {
+	*localbk.Local
+}
+
+func newLocalPlantaskBackend(loc *localbk.Local) *localPlantaskBackend {
+	if loc == nil {
+		return nil
+	}
+	return &localPlantaskBackend{Local: loc}
+}
+
+// LsInfo lists files under req.Path and returns absolute paths suitable for subsequent Read calls.
+func (l *localPlantaskBackend) LsInfo(ctx context.Context, req *plantask.LsInfoRequest) ([]plantask.FileInfo, error) {
+	if l == nil || l.Local == nil {
+		return nil, fmt.Errorf("plantask backend: local nil")
+	}
+	if req == nil || strings.TrimSpace(req.Path) == "" {
+		return nil, fmt.Errorf("plantask backend: list path empty")
+	}
+	files, err := l.Local.LsInfo(ctx, req)
+	if err != nil {
+		return nil, err
+	}
+	if len(files) == 0 {
+		return files, nil
+	}
+	base := filepath.Clean(req.Path)
+	out := make([]plantask.FileInfo, len(files))
+	for i, f := range files {
+		out[i] = f
+		name := strings.TrimSpace(f.Path)
+		if name == "" {
+			continue
+		}
+		if filepath.IsAbs(name) {
+			out[i].Path = filepath.Clean(name)
+			continue
+		}
+		out[i].Path = filepath.Join(base, name)
+	}
+	return out, nil
+}
+
+func (l *localPlantaskBackend) Delete(ctx context.Context, req *plantask.DeleteRequest) error {
+	if l == nil || l.Local == nil || req == nil {
+		return nil
+	}
+	p := strings.TrimSpace(req.FilePath)
+	if p == "" {
+		return nil
+	}
+	return os.Remove(p)
+}

internal/multiagent/plantask_local_backend_test.go

@@ -0,0 +1,83 @@
+package multiagent
+
+import (
+	"context"
+	"os"
+	"path/filepath"
+	"testing"
+
+	localbk "github.com/cloudwego/eino-ext/adk/backend/local"
+	"github.com/cloudwego/eino/adk/filesystem"
+	"github.com/cloudwego/eino/adk/middlewares/plantask"
+)
+
+func TestLocalPlantaskBackendLsInfoReturnsFullPaths(t *testing.T) {
+	t.Parallel()
+	ctx := context.Background()
+	baseDir := t.TempDir()
+
+	loc, err := localbk.NewBackend(ctx, &localbk.Config{})
+	if err != nil {
+		t.Fatalf("NewBackend: %v", err)
+	}
+	be := newLocalPlantaskBackend(loc)
+
+	hwPath := filepath.Join(baseDir, ".highwatermark")
+	if err := os.WriteFile(hwPath, []byte("1"), 0o600); err != nil {
+		t.Fatalf("write highwatermark: %v", err)
+	}
+
+	files, err := be.LsInfo(ctx, &plantask.LsInfoRequest{Path: baseDir})
+	if err != nil {
+		t.Fatalf("LsInfo: %v", err)
+	}
+	if len(files) != 1 {
+		t.Fatalf("expected 1 file, got %d", len(files))
+	}
+	if files[0].Path != hwPath {
+		t.Fatalf("expected full path %q, got %q", hwPath, files[0].Path)
+	}
+
+	content, err := be.Read(ctx, &plantask.ReadRequest{FilePath: files[0].Path})
+	if err != nil {
+		t.Fatalf("Read via LsInfo path: %v", err)
+	}
+	if content.Content != "1" {
+		t.Fatalf("unexpected content: %q", content.Content)
+	}
+}
+
+func TestLocalPlantaskBackendSecondTaskCreateScenario(t *testing.T) {
+	t.Parallel()
+	ctx := context.Background()
+	baseDir := t.TempDir()
+
+	loc, err := localbk.NewBackend(ctx, &localbk.Config{})
+	if err != nil {
+		t.Fatalf("NewBackend: %v", err)
+	}
+	be := newLocalPlantaskBackend(loc)
+
+	hwPath := filepath.Join(baseDir, ".highwatermark")
+	if err := loc.Write(ctx, &filesystem.WriteRequest{FilePath: hwPath, Content: "1"}); err != nil {
+		t.Fatalf("seed highwatermark: %v", err)
+	}
+
+	files, err := be.LsInfo(ctx, &plantask.LsInfoRequest{Path: baseDir})
+	if err != nil {
+		t.Fatalf("LsInfo: %v", err)
+	}
+	var hwFile string
+	for _, f := range files {
+		if filepath.Base(f.Path) == ".highwatermark" {
+			hwFile = f.Path
+			break
+		}
+	}
+	if hwFile == "" {
+		t.Fatal("highwatermark not listed")
+	}
+	if _, err := be.Read(ctx, &plantask.ReadRequest{FilePath: hwFile}); err != nil {
+		t.Fatalf("Read highwatermark (second TaskCreate path): %v", err)
+	}
+}