feat(config): 统一配置加载入口,启动时校验所有YAML配置
将分散的 config.yml、workflow.yaml、sandbox.yaml 加载逻辑统一到 AppConfig 模型, 启动时一次性校验,失败则 fast-fail。sandbox.py 改为从统一配置取值,消除重复加载。 同时修复 onebot 测试并新增14个统一配置测试(总测试 285→300)。 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
+46
-35
@@ -4,11 +4,16 @@ import os
|
||||
import pytest
|
||||
from unittest.mock import patch
|
||||
|
||||
from kilostar.utils.sandbox import (
|
||||
from kilostar.utils.config_loader import (
|
||||
SandboxConfig,
|
||||
FilesystemPolicy,
|
||||
ShellPolicy,
|
||||
PythonExecutorPolicy,
|
||||
AppConfig,
|
||||
AppInfo,
|
||||
WorkflowConfig,
|
||||
)
|
||||
from kilostar.utils.sandbox import (
|
||||
validate_path,
|
||||
validate_shell_command,
|
||||
validate_python_code,
|
||||
@@ -24,47 +29,49 @@ from kilostar.utils.sandbox import (
|
||||
|
||||
@pytest.fixture(autouse=True)
|
||||
def reset_sandbox_config():
|
||||
"""每个测试前重置沙箱配置缓存。"""
|
||||
import kilostar.utils.sandbox as mod
|
||||
mod._current = None
|
||||
"""每个测试前重置配置缓存。"""
|
||||
import kilostar.utils.config_loader as loader
|
||||
loader._app_current = None
|
||||
yield
|
||||
mod._current = None
|
||||
loader._app_current = None
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def mock_config():
|
||||
"""注入测试用的沙箱配置。"""
|
||||
import kilostar.utils.sandbox as mod
|
||||
cfg = SandboxConfig(
|
||||
enabled=True,
|
||||
filesystem=FilesystemPolicy(
|
||||
workspace_root="/tmp/kilostar_workspace",
|
||||
allowed_read_paths=["/tmp"],
|
||||
denied_paths=["/etc/shadow", "/root"],
|
||||
),
|
||||
shell=ShellPolicy(
|
||||
import kilostar.utils.config_loader as loader
|
||||
cfg = AppConfig(
|
||||
sandbox=SandboxConfig(
|
||||
enabled=True,
|
||||
blocked_commands=["rm -rf /", "mkfs", "shutdown"],
|
||||
blocked_operators=["&&", "||", ";", "`", "$("],
|
||||
max_timeout=60,
|
||||
),
|
||||
python_executor=PythonExecutorPolicy(
|
||||
enabled=True,
|
||||
max_timeout=30,
|
||||
blocked_imports=["os", "subprocess", "shutil"],
|
||||
blocked_builtins=["exec", "eval", "__import__"],
|
||||
filesystem=FilesystemPolicy(
|
||||
workspace_root="/tmp/kilostar_workspace",
|
||||
allowed_read_paths=["/tmp"],
|
||||
denied_paths=["/etc/shadow", "/root"],
|
||||
),
|
||||
shell=ShellPolicy(
|
||||
enabled=True,
|
||||
blocked_commands=["rm -rf /", "mkfs", "shutdown"],
|
||||
blocked_operators=["&&", "||", ";", "`", "$("],
|
||||
max_timeout=60,
|
||||
),
|
||||
python_executor=PythonExecutorPolicy(
|
||||
enabled=True,
|
||||
max_timeout=30,
|
||||
blocked_imports=["os", "subprocess", "shutil"],
|
||||
blocked_builtins=["exec", "eval", "__import__"],
|
||||
),
|
||||
),
|
||||
)
|
||||
mod._current = cfg
|
||||
loader._app_current = cfg
|
||||
return cfg
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def disabled_config():
|
||||
"""沙箱关闭时的配置。"""
|
||||
import kilostar.utils.sandbox as mod
|
||||
cfg = SandboxConfig(enabled=False)
|
||||
mod._current = cfg
|
||||
import kilostar.utils.config_loader as loader
|
||||
cfg = AppConfig(sandbox=SandboxConfig(enabled=False))
|
||||
loader._app_current = cfg
|
||||
return cfg
|
||||
|
||||
|
||||
@@ -140,10 +147,12 @@ class TestValidateShellCommand:
|
||||
assert validate_shell_command("rm -rf /") == "rm -rf /"
|
||||
|
||||
def test_shell_disabled_in_policy(self):
|
||||
import kilostar.utils.sandbox as mod
|
||||
mod._current = SandboxConfig(
|
||||
enabled=True,
|
||||
shell=ShellPolicy(enabled=False),
|
||||
import kilostar.utils.config_loader as loader
|
||||
loader._app_current = AppConfig(
|
||||
sandbox=SandboxConfig(
|
||||
enabled=True,
|
||||
shell=ShellPolicy(enabled=False),
|
||||
),
|
||||
)
|
||||
with pytest.raises(CommandViolation, match="已被沙箱策略禁用"):
|
||||
validate_shell_command("ls")
|
||||
@@ -190,10 +199,12 @@ class TestValidatePythonCode:
|
||||
assert validate_python_code("import os") == "import os"
|
||||
|
||||
def test_python_disabled_in_policy(self):
|
||||
import kilostar.utils.sandbox as mod
|
||||
mod._current = SandboxConfig(
|
||||
enabled=True,
|
||||
python_executor=PythonExecutorPolicy(enabled=False),
|
||||
import kilostar.utils.config_loader as loader
|
||||
loader._app_current = AppConfig(
|
||||
sandbox=SandboxConfig(
|
||||
enabled=True,
|
||||
python_executor=PythonExecutorPolicy(enabled=False),
|
||||
),
|
||||
)
|
||||
with pytest.raises(CodeViolation, match="已被沙箱策略禁用"):
|
||||
validate_python_code("print(1)")
|
||||
|
||||
Reference in New Issue
Block a user