Merge branch 'main' of https://github.com/modelscope/ms-agent into release/1.6

Author: alcholiclg

.github/SECURITY.md

@@ -0,0 +1,39 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+If you believe you have found a security vulnerability in **MS-Agent**, please report it responsibly.
+
+- **Preferred**: Use GitHub **Private Vulnerability Reporting** (Security → Advisories → Report a vulnerability), if enabled.
+- **Do not** open a public GitHub Issue for security reports.
+
+Please include:
+- A clear description of the issue and impact
+- A minimal proof-of-concept (PoC), if possible
+- Affected versions/commits
+- Reproduction steps and environment details
+- Any suggested mitigations/fix ideas (optional)
+
+We will acknowledge receipt as soon as possible and work with you on coordinated disclosure.
+
+## Scope
+
+In scope includes (but is not limited to):
+- Tool execution security
+- Prompt/document injection leading to unsafe tool usage
+- Arbitrary file read/write, path traversal
+- SSRF and internal network access through tools
+- Unsafe deserialization (pickle/yaml/etc.)
+
+Out of scope:
+- Issues in third-party dependencies with no exploitable path through MS-Agent
+- Misconfigurations or insecure deployments not recommended by the project
+- Social engineering attacks that do not involve a technical vulnerability in MS-Agent
+
+## Disclosure Process
+
+- We will confirm receipt of your report.
+- We will investigate and validate the issue.
+- We will coordinate a fix and release.
+- We may publish a GitHub Security Advisory (and request a CVE when appropriate).
+- We will credit reporters where possible (unless you prefer to remain anonymous).

.gitignore

@@ -153,7 +153,7 @@ apps/agentfabric/config/local_user/*
 ast_index_file.py
 
 
-#neo4j
+# neo4j
 .neo4j.lock
 neo4j.lock
 /temp/

README.md

@@ -307,41 +307,8 @@ For more details, please refer to [**MS-Agent Skills**](ms_agent/skill/README.md
 
 ---
 
-### Agent Skills
-
-The **MS-Agent Skill Module** is **Implementation** of [Anthropic-Agent-Skills](https://platform.claude.com/docs/en/agents-and-tools/agent-skills) Protocol.
-
-#### 🔍 Intelligent Skill Retrieval
-- **Hybrid Search**: Combines FAISS dense retrieval with BM25 sparse retrieval
-- **LLM-based Filtering**: Uses LLM to filter and validate skill relevance
-- **Query Analysis**: Automatically determines if skills are needed for a query
-
-#### 📊 DAG-based Execution
-- **Dependency Management**: Builds execution DAG based on skill dependencies
-- **Parallel Execution**: Runs independent skills concurrently
-- **Input/Output Linking**: Automatically passes outputs between dependent skills
-
-#### 🧠 Progressive Skill Analysis
-- **Two-phase Analysis**: Plan first, then load resources
-- **Incremental Loading**: Only loads required scripts/references/resources
-- **Context Optimization**: Minimizes token usage while maximizing understanding
-- **Auto Bug Fixing**: Analyzes errors and attempts automatic fixes
-
-#### 🔒 Secure Execution Environment
-- **Docker Sandbox**: Isolated execution using [ms-enclave](https://github.com/modelscope/ms-enclave) containers
-- **Local Execution**: Controlled local execution with RCE prevention
-- **Security Checks**: Pattern-based detection of dangerous code
-
-#### 🔄 Self-Reflection & Retry
-- **Error Analysis**: LLM-based analysis of execution failures
-- **Auto-Fix**: Attempts to fix code based on error messages
-- **Configurable Retries**: Up to N retry attempts with fixes
-
-
-For more details, please refer to [**MS-Agent Skills**](ms_agent/skill/README.md).
 
-
-### Agentic Insight
+### Agentic Insight (Deep Research)
 
 #### - Lightweight, Efficient, and Extensible Multi-modal Deep Research Framework
 
@@ -558,6 +525,12 @@ MS-Agent provides a modern web interface for interacting with agents. Built with
 ms-agent ui
 ```
 
+**Windows tip:** If the console shows garbled text, use the PowerShell helper:
+
+```powershell
+webui/scripts/start-webui.ps1
+```
+
 The browser will automatically open at http://localhost:7860
 
 **Command Options:**

README_ZH.md

@@ -311,8 +311,7 @@ asyncio.run(main())
 
 ---
 
-
-### Agentic Insight
+### Agentic Insight (Deep Research)
 
 #### - 轻量级、高效且可扩展的多模态深度研究框架
 
@@ -568,6 +567,12 @@ MS-Agent提供了一个简洁轻量的Web界面，用于与智能体进行交互
 ms-agent ui
 ```
 
+**Windows 提示：** 若控制台出现乱码，建议使用 PowerShell 启动脚本：
+
+```powershell
+webui/scripts/start-webui.ps1
+```
+
 浏览器打开： http://localhost:7860
 
 **命令参数**

docs/en/Components/Config.md

@@ -166,3 +166,20 @@ In addition to yaml configuration, MS-Agent also supports several additional com
     ```
 
 > Any configuration in agent.yaml can be passed in with new values via command line, and also supports reading from environment variables with the same name (case insensitive), for example `--llm.modelscope_api_key xxx-xxx`.
+
+- knowledge_search_paths: Knowledge search paths, comma-separated multiple paths. When provided, automatically enables SirchmunkSearch for knowledge retrieval, with LLM configuration automatically inherited from the `llm` module.
+
+### Quick Start for Knowledge Search
+
+Use the `--knowledge_search_paths` parameter to quickly enable knowledge search based on local documents:
+
+```bash
+# Using default agent.yaml configuration, automatically reuses LLM settings
+ms-agent run --query "How to implement user authentication?" --knowledge_search_paths "./src,./docs"
+
+# Specify configuration file
+ms-agent run --config /path/to/agent.yaml --query "your question" --knowledge_search_paths "/path/to/docs"
+```
+
+LLM-related parameters (api_key, base_url, model) are automatically inherited from the `llm` module in the configuration file, no need to configure them repeatedly.
+If you need to use independent LLM configuration in the `knowledge_search` module, you can explicitly configure `knowledge_search.llm_api_key` and other parameters in the yaml.

docs/en/Projects/CodeGenesis.md

@@ -0,0 +1,133 @@
+---
+slug: CodeGenesis
+title: Code Genesis
+description: Ms-Agent Code Genesis Project for production-ready software project generation from natural language
+---
+
+# Code Genesis
+
+Code Genesis is an open-source multi-agent framework that generates production-ready software projects from natural language requirements. It orchestrates specialized AI agents to autonomously deliver end-to-end project generation with frontend, backend, and database integration.
+
+## Overview
+
+### Features
+
+- **End-to-end project generation**: Automatically generates complete projects with frontend, backend, and database integration from natural language descriptions
+- **High-quality code**: LSP validation and dependency resolution ensure production-ready output
+- **Topology-aware generation**: Eliminates reference errors through dependency-driven code generation
+- **Automated deployment**: Deploys to EdgeOne Pages automatically with MCP integration
+- **Flexible workflows**: Choose between standard (7-stage) or simple (4-stage) pipelines based on project complexity
+
+### Architecture
+
+Code Genesis provides two configurable workflow modes:
+
+#### Standard Workflow (Production-Grade)
+
+![Standard Workflow](../../../projects/code_genesis/asset/workflow.jpg)
+
+The standard pipeline implements a rigorous 7-stage process optimized for complex, production-ready projects:
+
+```
+User Story → Architect → File Design → File Order → Install → Coding → Refine
+```
+
+**Pipeline Stages**:
+1. **User Story Agent**: Parses user requirements into structured user stories
+2. **Architect Agent**: Selects technology stack and defines system architecture
+3. **File Design Agent**: Generates physical file structure from architectural blueprint
+4. **File Order Agent**: Constructs dependency DAG and topological sort for parallel code generation
+5. **Install Agent**: Bootstraps environment and resolves dependencies
+6. **Coding Agent**: Synthesizes code with LSP validation, following dependency order
+7. **Refine Agent**: Performs runtime validation, bug fixing, and automated deployment
+
+Each agent produces structured intermediate outputs, ensuring engineering rigor throughout the pipeline.
+
+#### Simple Workflow (Rapid Prototyping)
+
+![Simple Workflow](../../../projects/code_genesis/asset/simple_workflow.jpg)
+
+For lightweight projects or quick iterations, the simple workflow condenses the pipeline into 4 core stages:
+
+```
+Orchestrator → Install → Coding → Refine
+```
+
+**Streamlined Process**:
+1. **Orchestrator Agent**: Unified requirement analysis, architecture design, and file planning
+2. **Install Agent**: Dependency resolution and environment setup
+3. **Coding Agent**: Direct code generation with integrated file ordering
+4. **Refine Agent**: Validation and deployment
+
+#### Workflow Comparison
+
+| Aspect | Standard Workflow | Simple Workflow |
+|--------|-------------------|-----------------|
+| **Agent Stages** | 7 specialized agents | 4 consolidated agents |
+| **Architecture Quality** | Explicit, auditable design | Implicit, monolithic design |
+| **Generation Time** | Moderate (thorough planning) | Fast (direct execution) |
+| **Use Cases** | Production systems, complex apps | Prototypes, demos, simple tools |
+
+## How to Use
+
+### Installation
+
+Clone the repository and prepare the environment:
+
+```bash
+git clone https://github.com/modelscope/ms-agent
+cd ms-agent
+pip install -r requirements/code.txt
+pip install -e .
+```
+
+Prepare npm environment, following https://nodejs.org/en/download. If you are using Mac, using Homebrew is recommended: https://formulae.brew.sh/formula/node
+
+Make sure your installation is successful:
+```bash
+npm --version
+```
+
+Make sure the npm installation is successful, or the npm install/build/dev will fail.
+
+### Quick Start
+
+Run the standard workflow:
+
+```bash
+PYTHONPATH=. openai_api_key=your-api-key openai_base_url=your-api-url \
+python ms_agent/cli/cli.py run \
+  --config projects/code_genesis \
+  --query 'make a demo website' \
+  --trust_remote_code true
+```
+
+The code will be output to the `output` folder in the current directory by default.
+
+### Advanced Configuration
+
+#### Enable Diff-Based File Editing
+
+Add `edit_file_config` to both `coding.yaml` and `refine.yaml`:
+
+```yaml
+edit_file_config:
+  model: morph-v3-fast  # or other compatible models
+  api_key: your-api-key
+  base_url: https://api.morphllm.com/v1
+```
+
+Get your model and API key from https://www.morphllm.com
+
+#### Enable Automated Deployment
+
+Add `edgeone-pages-mcp` configuration to `refine.yaml`:
+
+```yaml
+mcp_servers:
+  edgeone-pages:
+    env:
+      EDGEONE_PAGES_API_TOKEN: your-edgeone-token
+```
+
+Get your `EDGEONE_PAGES_API_TOKEN` from https://pages.edgeone.ai/zh/document/pages-mcp