fix: 统一 AgentRun session hard-timeout
This commit is contained in:
@@ -42,7 +42,7 @@ const agentRunClientYaml = [
|
||||
" executionPolicy:",
|
||||
" sandbox: workspace-write",
|
||||
" approval: never",
|
||||
" timeoutMs: 900000",
|
||||
" timeoutMs: 7200000",
|
||||
" network: enabled",
|
||||
" secretScope:",
|
||||
" allowCredentialEcho: false",
|
||||
|
||||
@@ -76,7 +76,7 @@ const agentRunClientYaml = [
|
||||
" executionPolicy:",
|
||||
" sandbox: workspace-write",
|
||||
" approval: never",
|
||||
" timeoutMs: 900000",
|
||||
" timeoutMs: 7200000",
|
||||
" network: enabled",
|
||||
" secretScope:",
|
||||
" allowCredentialEcho: false",
|
||||
@@ -108,7 +108,7 @@ const agentRunMinimalClientYaml = [
|
||||
" executionPolicy:",
|
||||
" sandbox: workspace-write",
|
||||
" approval: never",
|
||||
" timeoutMs: 900000",
|
||||
" timeoutMs: 7200000",
|
||||
" network: enabled",
|
||||
" secretScope:",
|
||||
" allowCredentialEcho: false",
|
||||
@@ -166,6 +166,18 @@ describe("AgentRun render-only REST client config", () => {
|
||||
expect(config.client.transport).toBe("direct-http");
|
||||
});
|
||||
|
||||
test("uses the owning YAML two-hour session hard-timeout", () => {
|
||||
const config = parseAgentRunClientConfigYaml(readFileSync("config/agentrun.yaml", "utf8"), "config/agentrun.yaml");
|
||||
expect(config.client.sessionPolicy.executionPolicy.timeoutMs).toBe(7_200_000);
|
||||
});
|
||||
|
||||
test("rejects a session hard-timeout below one hour", () => {
|
||||
const invalid = agentRunClientYaml.replace(" timeoutMs: 7200000", " timeoutMs: 3599999");
|
||||
expect(() => parseAgentRunClientConfigYaml(invalid, "config/agentrun.yaml")).toThrow(
|
||||
"client.sessionPolicy.executionPolicy.timeoutMs hard-timeout must be at least 3600000 ms",
|
||||
);
|
||||
});
|
||||
|
||||
test("uses env auth before configured file auth without exposing the key", () => {
|
||||
const config = parseAgentRunClientConfigYaml(agentRunClientYaml, "config/agentrun.yaml");
|
||||
const auth = resolveAgentRunAuth(config, { HWLAB_API_KEY: "secret-value" });
|
||||
|
||||
@@ -124,7 +124,10 @@ export function readAgentRunSessionPolicyConfig(client: Record<string, unknown>,
|
||||
stringFieldFromRecord(workspaceRef, "kind", `${pathValue}.workspaceRef`);
|
||||
stringFieldFromRecord(executionPolicy, "sandbox", `${pathValue}.executionPolicy`);
|
||||
stringFieldFromRecord(executionPolicy, "approval", `${pathValue}.executionPolicy`);
|
||||
positiveIntegerFieldFromRecord(executionPolicy, "timeoutMs", `${pathValue}.executionPolicy`);
|
||||
const timeoutMs = positiveIntegerFieldFromRecord(executionPolicy, "timeoutMs", `${pathValue}.executionPolicy`);
|
||||
if (timeoutMs < 3_600_000) {
|
||||
throw new Error(`${sourcePath}: ${pathValue}.executionPolicy.timeoutMs hard-timeout must be at least 3600000 ms`);
|
||||
}
|
||||
stringFieldFromRecord(executionPolicy, "network", `${pathValue}.executionPolicy`);
|
||||
booleanFieldFromRecord(secretScope, "allowCredentialEcho", `${pathValue}.executionPolicy.secretScope`);
|
||||
return {
|
||||
|
||||
Reference in New Issue
Block a user