Merge pull request #1945 from pikasTech/fix/1944-agentrun-session-timeout
Pipelines as Code CI / hwlab-web-probe-sentinel-nc01- Success
Pipelines as Code CI / platform-infra-gitea-nc01- Success
Pipelines as Code CI / unidesk-host- Success

fix: 统一 AgentRun session hard-timeout
This commit is contained in:
Lyon
2026-07-14 00:10:04 +08:00
committed by GitHub
7 changed files with 68 additions and 6 deletions
+1 -1
View File
@@ -42,7 +42,7 @@ const agentRunClientYaml = [
" executionPolicy:",
" sandbox: workspace-write",
" approval: never",
" timeoutMs: 900000",
" timeoutMs: 7200000",
" network: enabled",
" secretScope:",
" allowCredentialEcho: false",
+14 -2
View File
@@ -76,7 +76,7 @@ const agentRunClientYaml = [
" executionPolicy:",
" sandbox: workspace-write",
" approval: never",
" timeoutMs: 900000",
" timeoutMs: 7200000",
" network: enabled",
" secretScope:",
" allowCredentialEcho: false",
@@ -108,7 +108,7 @@ const agentRunMinimalClientYaml = [
" executionPolicy:",
" sandbox: workspace-write",
" approval: never",
" timeoutMs: 900000",
" timeoutMs: 7200000",
" network: enabled",
" secretScope:",
" allowCredentialEcho: false",
@@ -166,6 +166,18 @@ describe("AgentRun render-only REST client config", () => {
expect(config.client.transport).toBe("direct-http");
});
test("uses the owning YAML two-hour session hard-timeout", () => {
const config = parseAgentRunClientConfigYaml(readFileSync("config/agentrun.yaml", "utf8"), "config/agentrun.yaml");
expect(config.client.sessionPolicy.executionPolicy.timeoutMs).toBe(7_200_000);
});
test("rejects a session hard-timeout below one hour", () => {
const invalid = agentRunClientYaml.replace(" timeoutMs: 7200000", " timeoutMs: 3599999");
expect(() => parseAgentRunClientConfigYaml(invalid, "config/agentrun.yaml")).toThrow(
"client.sessionPolicy.executionPolicy.timeoutMs hard-timeout must be at least 3600000 ms",
);
});
test("uses env auth before configured file auth without exposing the key", () => {
const config = parseAgentRunClientConfigYaml(agentRunClientYaml, "config/agentrun.yaml");
const auth = resolveAgentRunAuth(config, { HWLAB_API_KEY: "secret-value" });
+4 -1
View File
@@ -124,7 +124,10 @@ export function readAgentRunSessionPolicyConfig(client: Record<string, unknown>,
stringFieldFromRecord(workspaceRef, "kind", `${pathValue}.workspaceRef`);
stringFieldFromRecord(executionPolicy, "sandbox", `${pathValue}.executionPolicy`);
stringFieldFromRecord(executionPolicy, "approval", `${pathValue}.executionPolicy`);
positiveIntegerFieldFromRecord(executionPolicy, "timeoutMs", `${pathValue}.executionPolicy`);
const timeoutMs = positiveIntegerFieldFromRecord(executionPolicy, "timeoutMs", `${pathValue}.executionPolicy`);
if (timeoutMs < 3_600_000) {
throw new Error(`${sourcePath}: ${pathValue}.executionPolicy.timeoutMs hard-timeout must be at least 3600000 ms`);
}
stringFieldFromRecord(executionPolicy, "network", `${pathValue}.executionPolicy`);
booleanFieldFromRecord(secretScope, "allowCredentialEcho", `${pathValue}.executionPolicy.secretScope`);
return {