feat(config): 统一配置加载入口,启动时校验所有YAML配置

将分散的 config.yml、workflow.yaml、sandbox.yaml 加载逻辑统一到 AppConfig 模型,
启动时一次性校验,失败则 fast-fail。sandbox.py 改为从统一配置取值,消除重复加载。
同时修复 onebot 测试并新增14个统一配置测试(总测试 285→300)。

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-06-03 13:52:03 +00:00
parent 80174acaae
commit 76a67e8237
8 changed files with 358 additions and 116 deletions
+46 -35
View File
@@ -4,11 +4,16 @@ import os
import pytest
from unittest.mock import patch
from kilostar.utils.sandbox import (
from kilostar.utils.config_loader import (
SandboxConfig,
FilesystemPolicy,
ShellPolicy,
PythonExecutorPolicy,
AppConfig,
AppInfo,
WorkflowConfig,
)
from kilostar.utils.sandbox import (
validate_path,
validate_shell_command,
validate_python_code,
@@ -24,47 +29,49 @@ from kilostar.utils.sandbox import (
@pytest.fixture(autouse=True)
def reset_sandbox_config():
"""每个测试前重置沙箱配置缓存。"""
import kilostar.utils.sandbox as mod
mod._current = None
"""每个测试前重置配置缓存。"""
import kilostar.utils.config_loader as loader
loader._app_current = None
yield
mod._current = None
loader._app_current = None
@pytest.fixture
def mock_config():
"""注入测试用的沙箱配置。"""
import kilostar.utils.sandbox as mod
cfg = SandboxConfig(
enabled=True,
filesystem=FilesystemPolicy(
workspace_root="/tmp/kilostar_workspace",
allowed_read_paths=["/tmp"],
denied_paths=["/etc/shadow", "/root"],
),
shell=ShellPolicy(
import kilostar.utils.config_loader as loader
cfg = AppConfig(
sandbox=SandboxConfig(
enabled=True,
blocked_commands=["rm -rf /", "mkfs", "shutdown"],
blocked_operators=["&&", "||", ";", "`", "$("],
max_timeout=60,
),
python_executor=PythonExecutorPolicy(
enabled=True,
max_timeout=30,
blocked_imports=["os", "subprocess", "shutil"],
blocked_builtins=["exec", "eval", "__import__"],
filesystem=FilesystemPolicy(
workspace_root="/tmp/kilostar_workspace",
allowed_read_paths=["/tmp"],
denied_paths=["/etc/shadow", "/root"],
),
shell=ShellPolicy(
enabled=True,
blocked_commands=["rm -rf /", "mkfs", "shutdown"],
blocked_operators=["&&", "||", ";", "`", "$("],
max_timeout=60,
),
python_executor=PythonExecutorPolicy(
enabled=True,
max_timeout=30,
blocked_imports=["os", "subprocess", "shutil"],
blocked_builtins=["exec", "eval", "__import__"],
),
),
)
mod._current = cfg
loader._app_current = cfg
return cfg
@pytest.fixture
def disabled_config():
"""沙箱关闭时的配置。"""
import kilostar.utils.sandbox as mod
cfg = SandboxConfig(enabled=False)
mod._current = cfg
import kilostar.utils.config_loader as loader
cfg = AppConfig(sandbox=SandboxConfig(enabled=False))
loader._app_current = cfg
return cfg
@@ -140,10 +147,12 @@ class TestValidateShellCommand:
assert validate_shell_command("rm -rf /") == "rm -rf /"
def test_shell_disabled_in_policy(self):
import kilostar.utils.sandbox as mod
mod._current = SandboxConfig(
enabled=True,
shell=ShellPolicy(enabled=False),
import kilostar.utils.config_loader as loader
loader._app_current = AppConfig(
sandbox=SandboxConfig(
enabled=True,
shell=ShellPolicy(enabled=False),
),
)
with pytest.raises(CommandViolation, match="已被沙箱策略禁用"):
validate_shell_command("ls")
@@ -190,10 +199,12 @@ class TestValidatePythonCode:
assert validate_python_code("import os") == "import os"
def test_python_disabled_in_policy(self):
import kilostar.utils.sandbox as mod
mod._current = SandboxConfig(
enabled=True,
python_executor=PythonExecutorPolicy(enabled=False),
import kilostar.utils.config_loader as loader
loader._app_current = AppConfig(
sandbox=SandboxConfig(
enabled=True,
python_executor=PythonExecutorPolicy(enabled=False),
),
)
with pytest.raises(CodeViolation, match="已被沙箱策略禁用"):
validate_python_code("print(1)")