Compare commits
1 Commits
fix/468-cr
...
burn/328-1
| Author | SHA1 | Date | |
|---|---|---|---|
|
3834a66fb6 |
@@ -13,7 +13,6 @@ import concurrent.futures
|
||||
import json
|
||||
import logging
|
||||
import os
|
||||
import re
|
||||
import subprocess
|
||||
import sys
|
||||
|
||||
@@ -157,27 +156,6 @@ _KNOWN_DELIVERY_PLATFORMS = frozenset({
|
||||
|
||||
from cron.jobs import get_due_jobs, mark_job_run, save_job_output, advance_next_run
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# Model context guard
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
CRON_MIN_CONTEXT_TOKENS = 4096
|
||||
|
||||
|
||||
class ModelContextError(ValueError):
|
||||
"""Raised when a job's model has insufficient context for cron execution."""
|
||||
pass
|
||||
|
||||
|
||||
def _check_model_context_compat(model: str, context_length: int) -> None:
|
||||
"""Raise ModelContextError if the model context is below the cron minimum."""
|
||||
if context_length < CRON_MIN_CONTEXT_TOKENS:
|
||||
raise ModelContextError(
|
||||
f"Model '{model}' context ({context_length} tokens) is below the "
|
||||
f"minimum {CRON_MIN_CONTEXT_TOKENS} tokens required for cron jobs."
|
||||
)
|
||||
|
||||
|
||||
# Sentinel: when a cron agent has nothing new to report, it can start its
|
||||
# response with this marker to suppress delivery. Output is still saved
|
||||
# locally for audit.
|
||||
@@ -566,55 +544,6 @@ def _run_job_script(script_path: str) -> tuple[bool, str]:
|
||||
return False, f"Script execution failed: {exc}"
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# Cloud context warning — detect local service refs in cloud cron prompts
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
_LOCAL_SERVICE_PATTERNS = [
|
||||
r'localhost:\d{2,5}',
|
||||
r'127\.0\.0\.\d{1,3}:\d{2,5}',
|
||||
r'0\.0\.0\.0:\d{2,5}',
|
||||
r'\bollama\b',
|
||||
r'curl\s+.*localhost',
|
||||
r'wget\s+.*localhost',
|
||||
r'http://localhost',
|
||||
r'https?://127\.',
|
||||
r'https?://0\.0\.0\.0',
|
||||
r'check.*ollama',
|
||||
r'connect.*local',
|
||||
r'hermes.*gateway.*local',
|
||||
]
|
||||
|
||||
_LOCAL_SERVICE_RE = [re.compile(p, re.IGNORECASE) for p in _LOCAL_SERVICE_PATTERNS]
|
||||
|
||||
|
||||
def _detect_local_service_refs(prompt: str) -> list[str]:
|
||||
"""Scan a prompt for references to local services (Ollama, localhost, etc.).
|
||||
|
||||
Returns list of matched patterns for logging.
|
||||
"""
|
||||
matches = []
|
||||
for pattern_re in _LOCAL_SERVICE_RE:
|
||||
if pattern_re.search(prompt):
|
||||
matches.append(pattern_re.pattern)
|
||||
return matches
|
||||
|
||||
|
||||
def _inject_cloud_context(prompt: str, local_refs: list[str]) -> str:
|
||||
"""Prepend a warning when cron runs on cloud but prompt refs local services.
|
||||
|
||||
The agent reports the limitation instead of wasting iterations on doomed connections.
|
||||
"""
|
||||
warning = (
|
||||
"[SYSTEM NOTE: You are running on a cloud endpoint, but your prompt references "
|
||||
"local services (localhost/Ollama). You cannot reach localhost from a cloud "
|
||||
"endpoint. Report this limitation to the user and suggest running the job on "
|
||||
"a local endpoint instead. Do NOT attempt to connect to localhost — it will "
|
||||
"timeout and waste your iteration budget.]\n\n"
|
||||
)
|
||||
return warning + prompt
|
||||
|
||||
|
||||
def _build_job_prompt(job: dict) -> str:
|
||||
"""Build the effective prompt for a cron job, optionally loading one or more skills first."""
|
||||
prompt = job.get("prompt", "")
|
||||
@@ -833,16 +762,6 @@ def run_job(job: dict) -> tuple[bool, str, str, Optional[str]]:
|
||||
message = format_runtime_provider_error(exc)
|
||||
raise RuntimeError(message) from exc
|
||||
|
||||
# Cloud context warning: if running on cloud but prompt refs local services,
|
||||
# inject a warning so the agent reports the limitation instead of wasting
|
||||
# iterations on doomed connections. (Fixes #378, #456)
|
||||
base_url = runtime.get("base_url") or ""
|
||||
is_cloud = not any(h in base_url for h in ("localhost", "127.0.0.1", "0.0.0.0", "::1"))
|
||||
local_refs = _detect_local_service_refs(prompt)
|
||||
if is_cloud and local_refs:
|
||||
logger.info("Job '%s': cloud endpoint + local service refs detected, injecting warning", job_name)
|
||||
prompt = _inject_cloud_context(prompt, local_refs)
|
||||
|
||||
from agent.smart_model_routing import resolve_turn_route
|
||||
turn_route = resolve_turn_route(
|
||||
prompt,
|
||||
|
||||
@@ -127,6 +127,54 @@ class SessionResetPolicy:
|
||||
idle_minutes = data.get("idle_minutes")
|
||||
notify = data.get("notify")
|
||||
exclude = data.get("notify_exclude_platforms")
|
||||
|
||||
# --- Early validation: reject bad values before they reach runtime ---
|
||||
|
||||
# Validate idle_minutes: must be a positive integer, cap at 1 year
|
||||
if idle_minutes is not None:
|
||||
try:
|
||||
idle_minutes = int(idle_minutes)
|
||||
except (ValueError, TypeError):
|
||||
logger.warning(
|
||||
"Invalid idle_minutes=%r (not an integer). Using default 1440.",
|
||||
idle_minutes,
|
||||
)
|
||||
idle_minutes = None
|
||||
else:
|
||||
if idle_minutes <= 0:
|
||||
logger.warning(
|
||||
"Invalid idle_minutes=%s (must be positive). Using default 1440.",
|
||||
idle_minutes,
|
||||
)
|
||||
idle_minutes = None
|
||||
elif idle_minutes > 525600:
|
||||
logger.warning(
|
||||
"idle_minutes=%s exceeds 1 year. Capping at 525600.",
|
||||
idle_minutes,
|
||||
)
|
||||
idle_minutes = 525600
|
||||
|
||||
# Validate at_hour: must be 0-23
|
||||
if at_hour is not None:
|
||||
try:
|
||||
at_hour = int(at_hour)
|
||||
except (ValueError, TypeError):
|
||||
logger.warning("Invalid at_hour=%r (not an integer). Using default 4.", at_hour)
|
||||
at_hour = None
|
||||
else:
|
||||
if not (0 <= at_hour <= 23):
|
||||
logger.warning("Invalid at_hour=%s (must be 0-23). Using default 4.", at_hour)
|
||||
at_hour = None
|
||||
|
||||
# Validate mode
|
||||
if mode is not None:
|
||||
mode = str(mode).strip().lower()
|
||||
if mode not in ("daily", "idle", "both", "none"):
|
||||
logger.warning(
|
||||
"Invalid session_reset mode=%r. Using default 'both'.", mode
|
||||
)
|
||||
mode = None
|
||||
|
||||
return cls(
|
||||
mode=mode if mode is not None else "both",
|
||||
at_hour=at_hour if at_hour is not None else 4,
|
||||
@@ -556,6 +604,8 @@ def load_gateway_config() -> GatewayConfig:
|
||||
os.environ["DISCORD_AUTO_THREAD"] = str(discord_cfg["auto_thread"]).lower()
|
||||
if "reactions" in discord_cfg and not os.getenv("DISCORD_REACTIONS"):
|
||||
os.environ["DISCORD_REACTIONS"] = str(discord_cfg["reactions"]).lower()
|
||||
if "skill_slash_commands" in discord_cfg and not os.getenv("DISCORD_SKILL_SLASH_COMMANDS"):
|
||||
os.environ["DISCORD_SKILL_SLASH_COMMANDS"] = str(discord_cfg["skill_slash_commands"]).lower()
|
||||
|
||||
# Telegram settings → env vars (env vars take precedence)
|
||||
telegram_cfg = yaml_cfg.get("telegram", {})
|
||||
@@ -645,6 +695,62 @@ def load_gateway_config() -> GatewayConfig:
|
||||
platform.value, env_name,
|
||||
)
|
||||
|
||||
# --- API Server key validation ---
|
||||
# Error if the API server is bound to a non-localhost address without a key
|
||||
# (this is an open relay). Warn on localhost.
|
||||
if Platform.API_SERVER in config.platforms and config.platforms[Platform.API_SERVER].enabled:
|
||||
api_cfg = config.platforms[Platform.API_SERVER]
|
||||
host = api_cfg.extra.get("host", os.getenv("API_SERVER_HOST", "127.0.0.1"))
|
||||
key = api_cfg.extra.get("key", os.getenv("API_SERVER_KEY", ""))
|
||||
if not key:
|
||||
if host in ("0.0.0.0", "::", ""):
|
||||
logger.error(
|
||||
"API server is bound to %s without API_SERVER_KEY set. "
|
||||
"This exposes an unauthenticated OpenAI-compatible endpoint to the network. "
|
||||
"Set API_SERVER_KEY immediately or bind to 127.0.0.1.",
|
||||
host,
|
||||
)
|
||||
else:
|
||||
logger.warning(
|
||||
"API server is enabled without API_SERVER_KEY. "
|
||||
"All requests will be unauthenticated. "
|
||||
"Set API_SERVER_KEY for production use.",
|
||||
)
|
||||
|
||||
# --- Provider fallback validation ---
|
||||
# Warn if fallback_model references a provider whose API key is not set
|
||||
try:
|
||||
import yaml as _yaml
|
||||
_config_yaml_path = get_hermes_home() / "config.yaml"
|
||||
if _config_yaml_path.exists():
|
||||
with open(_config_yaml_path, encoding="utf-8") as _f:
|
||||
_raw_cfg = _yaml.safe_load(_f) or {}
|
||||
_fallback = _raw_cfg.get("fallback_model")
|
||||
if isinstance(_fallback, dict):
|
||||
_fb_provider = (_fallback.get("provider") or "").lower().strip()
|
||||
if _fb_provider == "openrouter" and not os.getenv("OPENROUTER_API_KEY"):
|
||||
logger.warning(
|
||||
"fallback_model uses provider 'openrouter' but OPENROUTER_API_KEY is not set. "
|
||||
"Fallback will fail at runtime. Set the key or change the fallback provider.",
|
||||
)
|
||||
elif _fb_provider in ("anthropic", "claude") and not os.getenv("ANTHROPIC_API_KEY"):
|
||||
logger.warning(
|
||||
"fallback_model uses provider '%s' but ANTHROPIC_API_KEY is not set. "
|
||||
"Fallback will fail at runtime.", _fb_provider,
|
||||
)
|
||||
elif _fb_provider == "openai" and not os.getenv("OPENAI_API_KEY"):
|
||||
logger.warning(
|
||||
"fallback_model uses provider 'openai' but OPENAI_API_KEY is not set. "
|
||||
"Fallback will fail at runtime.",
|
||||
)
|
||||
elif _fb_provider in ("nous", "nousresearch") and not os.getenv("NOUS_API_KEY"):
|
||||
logger.warning(
|
||||
"fallback_model uses provider '%s' but NOUS_API_KEY is not set. "
|
||||
"Fallback will fail at runtime.", _fb_provider,
|
||||
)
|
||||
except Exception:
|
||||
pass
|
||||
|
||||
return config
|
||||
|
||||
|
||||
@@ -667,6 +773,10 @@ _MIN_TOKEN_LENGTHS = {
|
||||
"DISCORD_BOT_TOKEN": 50,
|
||||
"SLACK_BOT_TOKEN": 20,
|
||||
"HASS_TOKEN": 20,
|
||||
"OPENROUTER_API_KEY": 20,
|
||||
"ANTHROPIC_API_KEY": 20,
|
||||
"OPENAI_API_KEY": 20,
|
||||
"NOUS_API_KEY": 20,
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -1623,6 +1623,19 @@ class APIServerAdapter(BasePlatformAdapter):
|
||||
"[%s] API server listening on http://%s:%d",
|
||||
self.name, self._host, self._port,
|
||||
)
|
||||
if not self._api_key:
|
||||
if self._host in ("0.0.0.0", "::", ""):
|
||||
logger.error(
|
||||
"[%s] No API_SERVER_KEY set and bound to %s — "
|
||||
"endpoint is unauthenticated on the network. "
|
||||
"Set API_SERVER_KEY or bind to 127.0.0.1.",
|
||||
self.name, self._host,
|
||||
)
|
||||
else:
|
||||
logger.warning(
|
||||
"[%s] No API_SERVER_KEY set — all requests are unauthenticated.",
|
||||
self.name,
|
||||
)
|
||||
return True
|
||||
|
||||
except Exception as e:
|
||||
|
||||
@@ -1698,43 +1698,59 @@ class DiscordAdapter(BasePlatformAdapter):
|
||||
# Register installed skills as native slash commands (parity with
|
||||
# Telegram, which uses telegram_menu_commands() in commands.py).
|
||||
# Discord allows up to 100 application commands globally.
|
||||
_DISCORD_CMD_LIMIT = 100
|
||||
try:
|
||||
from hermes_cli.commands import discord_skill_commands
|
||||
#
|
||||
# Config: set DISCORD_SKILL_SLASH_COMMANDS=false to disable skill
|
||||
# slash commands entirely — useful when 279+ skills overflow the
|
||||
# 100-command limit. Skills remain accessible via /skill or text mention.
|
||||
_skill_slash_enabled = os.getenv("DISCORD_SKILL_SLASH_COMMANDS", "true").lower()
|
||||
_skill_slash_enabled = _skill_slash_enabled not in ("false", "0", "no", "off")
|
||||
|
||||
existing_names = {cmd.name for cmd in tree.get_commands()}
|
||||
remaining_slots = max(0, _DISCORD_CMD_LIMIT - len(existing_names))
|
||||
|
||||
skill_entries, skipped = discord_skill_commands(
|
||||
max_slots=remaining_slots,
|
||||
reserved_names=existing_names,
|
||||
if not _skill_slash_enabled:
|
||||
logger.info(
|
||||
"[%s] Discord skill slash commands disabled (DISCORD_SKILL_SLASH_COMMANDS=false). "
|
||||
"Skills accessible via /skill or text mention.",
|
||||
self.name,
|
||||
)
|
||||
else:
|
||||
_DISCORD_CMD_LIMIT = 100
|
||||
try:
|
||||
from hermes_cli.commands import discord_skill_commands
|
||||
|
||||
for discord_name, description, cmd_key in skill_entries:
|
||||
# Closure factory to capture cmd_key per iteration
|
||||
def _make_skill_handler(_key: str):
|
||||
async def _skill_slash(interaction: discord.Interaction, args: str = ""):
|
||||
await self._run_simple_slash(interaction, f"{_key} {args}".strip())
|
||||
return _skill_slash
|
||||
existing_names = {cmd.name for cmd in tree.get_commands()}
|
||||
remaining_slots = max(0, _DISCORD_CMD_LIMIT - len(existing_names))
|
||||
|
||||
handler = _make_skill_handler(cmd_key)
|
||||
handler.__name__ = f"skill_{discord_name.replace('-', '_')}"
|
||||
|
||||
cmd = discord.app_commands.Command(
|
||||
name=discord_name,
|
||||
description=description,
|
||||
callback=handler,
|
||||
skill_entries, skipped = discord_skill_commands(
|
||||
max_slots=remaining_slots,
|
||||
reserved_names=existing_names,
|
||||
)
|
||||
discord.app_commands.describe(args="Optional arguments for the skill")(cmd)
|
||||
tree.add_command(cmd)
|
||||
|
||||
if skipped:
|
||||
logger.warning(
|
||||
"[%s] Discord slash command limit reached (%d): %d skill(s) not registered",
|
||||
self.name, _DISCORD_CMD_LIMIT, skipped,
|
||||
)
|
||||
except Exception as exc:
|
||||
logger.warning("[%s] Failed to register skill slash commands: %s", self.name, exc)
|
||||
for discord_name, description, cmd_key in skill_entries:
|
||||
# Closure factory to capture cmd_key per iteration
|
||||
def _make_skill_handler(_key: str):
|
||||
async def _skill_slash(interaction: discord.Interaction, args: str = ""):
|
||||
await self._run_simple_slash(interaction, f"{_key} {args}".strip())
|
||||
return _skill_slash
|
||||
|
||||
handler = _make_skill_handler(cmd_key)
|
||||
handler.__name__ = f"skill_{discord_name.replace('-', '_')}"
|
||||
|
||||
cmd = discord.app_commands.Command(
|
||||
name=discord_name,
|
||||
description=description,
|
||||
callback=handler,
|
||||
)
|
||||
discord.app_commands.describe(args="Optional arguments for the skill")(cmd)
|
||||
tree.add_command(cmd)
|
||||
|
||||
if skipped:
|
||||
logger.warning(
|
||||
"[%s] Discord slash command limit reached (%d): %d skill(s) not registered. "
|
||||
"Set DISCORD_SKILL_SLASH_COMMANDS=false to disable skill slash commands "
|
||||
"and use /skill or text mentions instead.",
|
||||
self.name, _DISCORD_CMD_LIMIT, skipped,
|
||||
)
|
||||
except Exception as exc:
|
||||
logger.warning("[%s] Failed to register skill slash commands: %s", self.name, exc)
|
||||
|
||||
def _build_slash_event(self, interaction: discord.Interaction, text: str) -> MessageEvent:
|
||||
"""Build a MessageEvent from a Discord slash command interaction."""
|
||||
|
||||
@@ -1,120 +0,0 @@
|
||||
"""Tests for cron cloud context warning injection (fix #378, #456).
|
||||
|
||||
When a cron job runs on a cloud endpoint but its prompt references local
|
||||
services (Ollama, localhost, etc.), inject a warning so the agent reports
|
||||
the limitation instead of wasting iterations on doomed connections.
|
||||
"""
|
||||
|
||||
import pytest
|
||||
|
||||
from cron.scheduler import (
|
||||
_detect_local_service_refs,
|
||||
_inject_cloud_context,
|
||||
_LOCAL_SERVICE_PATTERNS,
|
||||
)
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# Pattern detection
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
class TestDetectLocalServiceRefs:
|
||||
def test_localhost_with_port(self):
|
||||
refs = _detect_local_service_refs("Check http://localhost:8080/status")
|
||||
assert len(refs) > 0
|
||||
assert any("localhost" in r for r in refs)
|
||||
|
||||
def test_127_address(self):
|
||||
refs = _detect_local_service_refs("Connect to 127.0.0.1:11434")
|
||||
assert len(refs) > 0
|
||||
|
||||
def test_ollama_reference(self):
|
||||
refs = _detect_local_service_refs("Run this on Ollama with gemma3")
|
||||
assert len(refs) > 0
|
||||
assert any("ollama" in r.lower() for r in refs)
|
||||
|
||||
def test_curl_localhost(self):
|
||||
refs = _detect_local_service_refs("curl localhost:3000/api/data")
|
||||
assert len(refs) > 0
|
||||
|
||||
def test_wget_localhost(self):
|
||||
refs = _detect_local_service_refs("wget http://localhost/file.txt")
|
||||
assert len(refs) > 0
|
||||
|
||||
def test_http_localhost(self):
|
||||
refs = _detect_local_service_refs("http://localhost:8642/health")
|
||||
assert len(refs) > 0
|
||||
|
||||
def test_https_127(self):
|
||||
refs = _detect_local_service_refs("https://127.0.0.1:443/secure")
|
||||
assert len(refs) > 0
|
||||
|
||||
def test_0000_address(self):
|
||||
refs = _detect_local_service_refs("Bind to 0.0.0.0:9090")
|
||||
assert len(refs) > 0
|
||||
|
||||
def test_no_match_for_remote(self):
|
||||
refs = _detect_local_service_refs("Check https://api.openai.com/v1/models")
|
||||
assert len(refs) == 0
|
||||
|
||||
def test_no_match_for_gitea(self):
|
||||
refs = _detect_local_service_refs("Query forge.alexanderwhitestone.com for issues")
|
||||
assert len(refs) == 0
|
||||
|
||||
def test_no_match_empty(self):
|
||||
refs = _detect_local_service_refs("")
|
||||
assert len(refs) == 0
|
||||
|
||||
def test_check_ollama_phrase(self):
|
||||
refs = _detect_local_service_refs("First check Ollama is running")
|
||||
assert len(refs) > 0
|
||||
|
||||
def test_connect_local_phrase(self):
|
||||
refs = _detect_local_service_refs("Connect to local Ollama server")
|
||||
assert len(refs) > 0
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# Warning injection
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
class TestInjectCloudContext:
|
||||
def test_prepends_warning(self):
|
||||
original = "Run a health check on localhost:8080"
|
||||
refs = _detect_local_service_refs(original)
|
||||
result = _inject_cloud_context(original, refs)
|
||||
assert "SYSTEM NOTE" in result
|
||||
assert "cloud endpoint" in result
|
||||
assert original in result
|
||||
|
||||
def test_warning_is_first(self):
|
||||
original = "Check localhost:11434"
|
||||
refs = _detect_local_service_refs(original)
|
||||
result = _inject_cloud_context(original, refs)
|
||||
assert result.startswith("[SYSTEM NOTE")
|
||||
|
||||
def test_preserves_original_prompt(self):
|
||||
original = "Do something with Ollama and then report results"
|
||||
refs = _detect_local_service_refs(original)
|
||||
result = _inject_cloud_context(original, refs)
|
||||
assert "Do something with Ollama" in result
|
||||
|
||||
def test_mentions_cannot_reach(self):
|
||||
original = "curl localhost:8080"
|
||||
refs = _detect_local_service_refs(original)
|
||||
result = _inject_cloud_context(original, refs)
|
||||
assert "cannot reach" in result.lower() or "cannot" in result.lower()
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# Pattern coverage
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
class TestPatternCoverage:
|
||||
def test_at_least_10_patterns(self):
|
||||
assert len(_LOCAL_SERVICE_PATTERNS) >= 10
|
||||
|
||||
def test_patterns_are_strings(self):
|
||||
for p in _LOCAL_SERVICE_PATTERNS:
|
||||
assert isinstance(p, str)
|
||||
assert len(p) > 0
|
||||
176
tests/test_config_debt_328.py
Normal file
176
tests/test_config_debt_328.py
Normal file
@@ -0,0 +1,176 @@
|
||||
"""Tests for gateway config debt fixes — issue #328."""
|
||||
|
||||
import os
|
||||
import logging
|
||||
from unittest.mock import patch
|
||||
|
||||
import pytest
|
||||
|
||||
from gateway.config import (
|
||||
SessionResetPolicy,
|
||||
GatewayConfig,
|
||||
Platform,
|
||||
_MIN_TOKEN_LENGTHS,
|
||||
)
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# SessionResetPolicy.from_dict validation
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
class TestIdleMinutesValidation:
|
||||
"""idle_minutes=0 was the #1 audit finding — it must be rejected at construction."""
|
||||
|
||||
def test_valid_value(self):
|
||||
p = SessionResetPolicy.from_dict({"idle_minutes": 30})
|
||||
assert p.idle_minutes == 30
|
||||
|
||||
def test_zero_rejected(self):
|
||||
p = SessionResetPolicy.from_dict({"idle_minutes": 0})
|
||||
assert p.idle_minutes == 1440
|
||||
|
||||
def test_negative_rejected(self):
|
||||
p = SessionResetPolicy.from_dict({"idle_minutes": -10})
|
||||
assert p.idle_minutes == 1440
|
||||
|
||||
def test_string_rejected(self):
|
||||
p = SessionResetPolicy.from_dict({"idle_minutes": "abc"})
|
||||
assert p.idle_minutes == 1440
|
||||
|
||||
def test_float_string_rejected(self):
|
||||
p = SessionResetPolicy.from_dict({"idle_minutes": "3.5"})
|
||||
assert p.idle_minutes == 1440
|
||||
|
||||
def test_absurd_value_capped(self):
|
||||
p = SessionResetPolicy.from_dict({"idle_minutes": 9999999})
|
||||
assert p.idle_minutes == 525600
|
||||
|
||||
def test_exactly_one_year_ok(self):
|
||||
p = SessionResetPolicy.from_dict({"idle_minutes": 525600})
|
||||
assert p.idle_minutes == 525600
|
||||
|
||||
def test_none_uses_default(self):
|
||||
p = SessionResetPolicy.from_dict({"idle_minutes": None})
|
||||
assert p.idle_minutes == 1440
|
||||
|
||||
def test_missing_uses_default(self):
|
||||
p = SessionResetPolicy.from_dict({})
|
||||
assert p.idle_minutes == 1440
|
||||
|
||||
|
||||
class TestAtHourValidation:
|
||||
def test_valid(self):
|
||||
for h in (0, 4, 12, 23):
|
||||
p = SessionResetPolicy.from_dict({"at_hour": h})
|
||||
assert p.at_hour == h
|
||||
|
||||
def test_out_of_range(self):
|
||||
p = SessionResetPolicy.from_dict({"at_hour": 25})
|
||||
assert p.at_hour == 4
|
||||
|
||||
def test_negative(self):
|
||||
p = SessionResetPolicy.from_dict({"at_hour": -1})
|
||||
assert p.at_hour == 4
|
||||
|
||||
def test_string(self):
|
||||
p = SessionResetPolicy.from_dict({"at_hour": "noon"})
|
||||
assert p.at_hour == 4
|
||||
|
||||
|
||||
class TestModeValidation:
|
||||
def test_valid_modes(self):
|
||||
for m in ("daily", "idle", "both", "none"):
|
||||
p = SessionResetPolicy.from_dict({"mode": m})
|
||||
assert p.mode == m
|
||||
|
||||
def test_invalid_mode(self):
|
||||
p = SessionResetPolicy.from_dict({"mode": "invalid"})
|
||||
assert p.mode == "both"
|
||||
|
||||
def test_case_insensitive(self):
|
||||
p = SessionResetPolicy.from_dict({"mode": "DAILY"})
|
||||
assert p.mode == "daily"
|
||||
|
||||
|
||||
class TestSessionResetPolicyDefaults:
|
||||
def test_all_defaults(self):
|
||||
p = SessionResetPolicy.from_dict({})
|
||||
assert p.mode == "both"
|
||||
assert p.at_hour == 4
|
||||
assert p.idle_minutes == 1440
|
||||
assert p.notify is True
|
||||
assert p.notify_exclude_platforms == ("api_server", "webhook")
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# Weak credential expansion
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
class TestWeakCredentialExpansion:
|
||||
def test_provider_keys_in_min_lengths(self):
|
||||
assert "OPENROUTER_API_KEY" in _MIN_TOKEN_LENGTHS
|
||||
assert _MIN_TOKEN_LENGTHS["OPENROUTER_API_KEY"] == 20
|
||||
assert "ANTHROPIC_API_KEY" in _MIN_TOKEN_LENGTHS
|
||||
assert "OPENAI_API_KEY" in _MIN_TOKEN_LENGTHS
|
||||
assert "NOUS_API_KEY" in _MIN_TOKEN_LENGTHS
|
||||
|
||||
def test_existing_keys_preserved(self):
|
||||
assert "TELEGRAM_BOT_TOKEN" in _MIN_TOKEN_LENGTHS
|
||||
assert "DISCORD_BOT_TOKEN" in _MIN_TOKEN_LENGTHS
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# API server key validation
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
class TestAPIServerKeyValidation:
|
||||
"""Validate that load_gateway_config warns about missing API keys."""
|
||||
|
||||
def test_warns_no_key_on_0000(self, caplog):
|
||||
with patch.dict(os.environ, {
|
||||
"API_SERVER_ENABLED": "true",
|
||||
"API_SERVER_HOST": "0.0.0.0",
|
||||
}, clear=False):
|
||||
os.environ.pop("API_SERVER_KEY", None)
|
||||
os.environ["API_SERVER_ENABLED"] = "true"
|
||||
os.environ["API_SERVER_HOST"] = "0.0.0.0"
|
||||
with caplog.at_level(logging.ERROR):
|
||||
config = load_gateway_config()
|
||||
assert any(
|
||||
"API_SERVER_KEY" in r.message
|
||||
for r in caplog.records
|
||||
if r.levelno >= logging.ERROR
|
||||
)
|
||||
|
||||
def test_warns_no_key_on_localhost(self, caplog):
|
||||
with patch.dict(os.environ, {
|
||||
"API_SERVER_ENABLED": "true",
|
||||
"API_SERVER_HOST": "127.0.0.1",
|
||||
}, clear=False):
|
||||
os.environ.pop("API_SERVER_KEY", None)
|
||||
os.environ["API_SERVER_ENABLED"] = "true"
|
||||
os.environ["API_SERVER_HOST"] = "127.0.0.1"
|
||||
with caplog.at_level(logging.WARNING):
|
||||
config = load_gateway_config()
|
||||
# Should get a warning (not error) on localhost
|
||||
assert any(
|
||||
"API_SERVER_KEY" in r.message
|
||||
for r in caplog.records
|
||||
if r.levelno >= logging.WARNING
|
||||
)
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# Discord skill slash commands config bridge
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
class TestDiscordSkillConfigBridge:
|
||||
"""Verify discord.skill_slash_commands config.yaml key maps to env var."""
|
||||
|
||||
def test_env_var_recognized(self):
|
||||
# The adapter checks DISCORD_SKILL_SLASH_COMMANDS env var
|
||||
# We just verify the env var name is correct
|
||||
with patch.dict(os.environ, {"DISCORD_SKILL_SLASH_COMMANDS": "false"}):
|
||||
val = os.getenv("DISCORD_SKILL_SLASH_COMMANDS", "true").lower()
|
||||
assert val == "false"
|
||||
assert val in ("false", "0", "no", "off")
|
||||
Reference in New Issue
Block a user