feat: 增加 Codex Secret dry-run 工具
This commit is contained in:
+38
-1
@@ -7,6 +7,8 @@ import { startManagerServer } from "../mgr/server.js";
|
||||
import { ManagerClient } from "../mgr/client.js";
|
||||
import { runOnce } from "../runner/run-once.js";
|
||||
import { redactText } from "../common/redaction.js";
|
||||
import { AgentRunError } from "../common/errors.js";
|
||||
import { renderCodexProviderSecretPlan } from "../../scripts/src/secret-render.js";
|
||||
|
||||
const root = path.resolve(path.dirname(fileURLToPath(import.meta.url)), "../..");
|
||||
const tmp = await mkdtemp(path.join(os.tmpdir(), "agentrun-selftest-"));
|
||||
@@ -22,6 +24,41 @@ try {
|
||||
|
||||
assert.equal(redactText("Authorization: Bearer abc123"), "Authorization: Bearer REDACTED");
|
||||
|
||||
const secretPlan = await renderCodexProviderSecretPlan({ codexHome, dryRun: true });
|
||||
assert.equal(secretPlan.namespace, "agentrun-v01");
|
||||
assert.equal(secretPlan.secretName, "agentrun-v01-provider-codex");
|
||||
assert.deepEqual(secretPlan.keys, ["auth.json", "config.toml"]);
|
||||
assert.equal(secretPlan.writeAttempted, false);
|
||||
assert.equal(secretPlan.totalBytes, Buffer.byteLength(JSON.stringify({ token: "test-token-material" }), "utf8") + Buffer.byteLength("model = \"gpt-test\"\n", "utf8"));
|
||||
assert.match(String(secretPlan.sha256), /^[a-f0-9]{64}$/u);
|
||||
const renderedSecretJson = JSON.stringify(secretPlan);
|
||||
assert.equal(renderedSecretJson.includes("test-token-material"), false);
|
||||
assert.equal(renderedSecretJson.includes("gpt-test"), false);
|
||||
assert.equal(renderedSecretJson.includes("model ="), false);
|
||||
await assert.rejects(
|
||||
() => renderCodexProviderSecretPlan({ codexHome: path.join(tmp, "missing-codex-home"), dryRun: true }),
|
||||
(error) => error instanceof AgentRunError && error.failureKind === "secret-unavailable",
|
||||
);
|
||||
const invalidCodexHome = path.join(tmp, "invalid-codex-home");
|
||||
await mkdir(invalidCodexHome, { recursive: true });
|
||||
await writeFile(path.join(invalidCodexHome, "auth.json"), "not-json");
|
||||
await writeFile(path.join(invalidCodexHome, "config.toml"), "model = \"gpt-test\"\n");
|
||||
await assert.rejects(
|
||||
() => renderCodexProviderSecretPlan({ codexHome: invalidCodexHome, dryRun: true }),
|
||||
(error) => error instanceof AgentRunError && error.failureKind === "schema-invalid",
|
||||
);
|
||||
await writeFile(path.join(invalidCodexHome, "auth.json"), JSON.stringify({ token: "" }));
|
||||
await assert.rejects(
|
||||
() => renderCodexProviderSecretPlan({ codexHome: invalidCodexHome, dryRun: true }),
|
||||
(error) => error instanceof AgentRunError && error.failureKind === "secret-unavailable",
|
||||
);
|
||||
await writeFile(path.join(invalidCodexHome, "auth.json"), JSON.stringify({ token: "test-token-material" }));
|
||||
await writeFile(path.join(invalidCodexHome, "config.toml"), "model =");
|
||||
await assert.rejects(
|
||||
() => renderCodexProviderSecretPlan({ codexHome: invalidCodexHome, dryRun: true }),
|
||||
(error) => error instanceof AgentRunError && error.failureKind === "schema-invalid",
|
||||
);
|
||||
|
||||
const server = await startManagerServer({ port: 0, host: "127.0.0.1", sourceCommit: "self-test" });
|
||||
try {
|
||||
const client = new ManagerClient(server.baseUrl);
|
||||
@@ -56,7 +93,7 @@ try {
|
||||
assert.equal(JSON.stringify(events).includes("Bearer test-token"), false);
|
||||
const finalRun = await client.get(`/api/v1/runs/${run.id}`) as { terminalStatus?: string };
|
||||
assert.equal(finalRun.terminalStatus, "completed");
|
||||
console.log(JSON.stringify({ ok: true, tests: ["manager-memory-lifecycle", "codex-stdio-fake-turn", "redaction"], runId: run.id }));
|
||||
console.log(JSON.stringify({ ok: true, tests: ["manager-memory-lifecycle", "codex-stdio-fake-turn", "redaction", "codex-secret-dry-run"], runId: run.id }));
|
||||
} finally {
|
||||
await new Promise<void>((resolve) => server.server.close(() => resolve()));
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user