feat: 增加 Codex Secret dry-run 工具

This commit is contained in:
Codex
2026-05-29 11:46:07 +08:00
parent a240122039
commit 71e025f920
5 changed files with 276 additions and 2 deletions
+38 -1
View File
@@ -7,6 +7,8 @@ import { startManagerServer } from "../mgr/server.js";
import { ManagerClient } from "../mgr/client.js";
import { runOnce } from "../runner/run-once.js";
import { redactText } from "../common/redaction.js";
import { AgentRunError } from "../common/errors.js";
import { renderCodexProviderSecretPlan } from "../../scripts/src/secret-render.js";
const root = path.resolve(path.dirname(fileURLToPath(import.meta.url)), "../..");
const tmp = await mkdtemp(path.join(os.tmpdir(), "agentrun-selftest-"));
@@ -22,6 +24,41 @@ try {
assert.equal(redactText("Authorization: Bearer abc123"), "Authorization: Bearer REDACTED");
const secretPlan = await renderCodexProviderSecretPlan({ codexHome, dryRun: true });
assert.equal(secretPlan.namespace, "agentrun-v01");
assert.equal(secretPlan.secretName, "agentrun-v01-provider-codex");
assert.deepEqual(secretPlan.keys, ["auth.json", "config.toml"]);
assert.equal(secretPlan.writeAttempted, false);
assert.equal(secretPlan.totalBytes, Buffer.byteLength(JSON.stringify({ token: "test-token-material" }), "utf8") + Buffer.byteLength("model = \"gpt-test\"\n", "utf8"));
assert.match(String(secretPlan.sha256), /^[a-f0-9]{64}$/u);
const renderedSecretJson = JSON.stringify(secretPlan);
assert.equal(renderedSecretJson.includes("test-token-material"), false);
assert.equal(renderedSecretJson.includes("gpt-test"), false);
assert.equal(renderedSecretJson.includes("model ="), false);
await assert.rejects(
() => renderCodexProviderSecretPlan({ codexHome: path.join(tmp, "missing-codex-home"), dryRun: true }),
(error) => error instanceof AgentRunError && error.failureKind === "secret-unavailable",
);
const invalidCodexHome = path.join(tmp, "invalid-codex-home");
await mkdir(invalidCodexHome, { recursive: true });
await writeFile(path.join(invalidCodexHome, "auth.json"), "not-json");
await writeFile(path.join(invalidCodexHome, "config.toml"), "model = \"gpt-test\"\n");
await assert.rejects(
() => renderCodexProviderSecretPlan({ codexHome: invalidCodexHome, dryRun: true }),
(error) => error instanceof AgentRunError && error.failureKind === "schema-invalid",
);
await writeFile(path.join(invalidCodexHome, "auth.json"), JSON.stringify({ token: "" }));
await assert.rejects(
() => renderCodexProviderSecretPlan({ codexHome: invalidCodexHome, dryRun: true }),
(error) => error instanceof AgentRunError && error.failureKind === "secret-unavailable",
);
await writeFile(path.join(invalidCodexHome, "auth.json"), JSON.stringify({ token: "test-token-material" }));
await writeFile(path.join(invalidCodexHome, "config.toml"), "model =");
await assert.rejects(
() => renderCodexProviderSecretPlan({ codexHome: invalidCodexHome, dryRun: true }),
(error) => error instanceof AgentRunError && error.failureKind === "schema-invalid",
);
const server = await startManagerServer({ port: 0, host: "127.0.0.1", sourceCommit: "self-test" });
try {
const client = new ManagerClient(server.baseUrl);
@@ -56,7 +93,7 @@ try {
assert.equal(JSON.stringify(events).includes("Bearer test-token"), false);
const finalRun = await client.get(`/api/v1/runs/${run.id}`) as { terminalStatus?: string };
assert.equal(finalRun.terminalStatus, "completed");
console.log(JSON.stringify({ ok: true, tests: ["manager-memory-lifecycle", "codex-stdio-fake-turn", "redaction"], runId: run.id }));
console.log(JSON.stringify({ ok: true, tests: ["manager-memory-lifecycle", "codex-stdio-fake-turn", "redaction", "codex-secret-dry-run"], runId: run.id }));
} finally {
await new Promise<void>((resolve) => server.server.close(() => resolve()));
}