From 460524f44ac61c0843cfb73eb4c4627d0ebcbb0e Mon Sep 17 00:00:00 2001 From: Codex Date: Thu, 2 Jul 2026 13:10:52 +0000 Subject: [PATCH] fix: render codex-pool Python JSON literals safely --- .../remote-python-sync.ts | 42 ++++++++++--------- 1 file changed, 23 insertions(+), 19 deletions(-) diff --git a/scripts/src/platform-infra-sub2api-codex/remote-python-sync.ts b/scripts/src/platform-infra-sub2api-codex/remote-python-sync.ts index 8dc21ada..43edb6f8 100644 --- a/scripts/src/platform-infra-sub2api-codex/remote-python-sync.ts +++ b/scripts/src/platform-infra-sub2api-codex/remote-python-sync.ts @@ -26,6 +26,10 @@ import { desiredAccountCapacityMap, desiredAccountLoadFactorMap, desiredAccountT import { resolvedManualAccountProtections } from "./public-exposure"; import { fieldManager } from "./types"; +function pyJson(value: unknown): string { + return `json.loads(${JSON.stringify(JSON.stringify(value))})`; +} + export function remotePythonScript(mode: "sync" | "validate" | "trace" | "cleanup-probes" | "sentinel-probe", encodedPayload: string, pool: CodexPoolConfig, target: CodexPoolRuntimeTarget): string { const hostDockerEnvPath = target.runtimeMode === "host-docker" ? target.hostDockerEnvPath : null; return ` @@ -44,31 +48,31 @@ import time from datetime import datetime, timezone, timedelta from urllib.parse import quote -TARGET_ID = ${JSON.stringify(target.id)} -RUNTIME_MODE = ${JSON.stringify(target.runtimeMode)} -NAMESPACE = ${JSON.stringify(target.namespace)} -SERVICE_NAME = ${JSON.stringify(target.serviceName)} -SERVICE_DNS = ${JSON.stringify(target.serviceDns)} -HOST_DOCKER_APP_PORT = ${JSON.stringify(target.hostDockerAppPort)} -HOST_DOCKER_ENV_PATH = ${JSON.stringify(hostDockerEnvPath)} +TARGET_ID = ${pyJson(target.id)} +RUNTIME_MODE = ${pyJson(target.runtimeMode)} +NAMESPACE = ${pyJson(target.namespace)} +SERVICE_NAME = ${pyJson(target.serviceName)} +SERVICE_DNS = ${pyJson(target.serviceDns)} +HOST_DOCKER_APP_PORT = ${pyJson(target.hostDockerAppPort)} +HOST_DOCKER_ENV_PATH = ${pyJson(hostDockerEnvPath)} HOST_DOCKER_APP_CONTAINER = "sub2api-app" FIELD_MANAGER = "${fieldManager}" -APP_SECRET_NAME = ${JSON.stringify(target.appSecretName)} +APP_SECRET_NAME = ${pyJson(target.appSecretName)} POOL_GROUP_NAME = "${pool.groupName}" -POOL_GROUP_DESCRIPTION = ${JSON.stringify(pool.groupDescription)} +POOL_GROUP_DESCRIPTION = ${pyJson(pool.groupDescription)} POOL_API_KEY_NAME = "${pool.apiKeyName}" POOL_API_KEY_SECRET_NAME = "${pool.apiKeySecretName}" POOL_API_KEY_SECRET_KEY = "${pool.apiKeySecretKey}" -POOL_ADMIN_EMAIL_DEFAULT = ${JSON.stringify(pool.adminEmailDefault)} -MIN_OWNER_BALANCE_USD = ${JSON.stringify(pool.minOwnerBalanceUsd)} -MIN_OWNER_CONCURRENCY = ${JSON.stringify(pool.minOwnerConcurrency)} -MIN_OWNER_CONCURRENCY_SOURCE = ${JSON.stringify(pool.minOwnerConcurrencySource)} -POOL_DEFAULT_ACCOUNT_PRIORITY = ${JSON.stringify(pool.defaultAccountPriority)} -POOL_DEFAULT_ACCOUNT_CAPACITY = ${JSON.stringify(pool.defaultAccountCapacity)} -POOL_DEFAULT_ACCOUNT_LOAD_FACTOR = ${JSON.stringify(pool.defaultAccountLoadFactor)} -RESPONSES_SMOKE_MODEL = ${JSON.stringify(pool.localCodex.responsesSmokeModel)} -EXPECTED_ACCOUNT_CAPACITIES = ${JSON.stringify(desiredAccountCapacityMap(pool))} -EXPECTED_ACCOUNT_LOAD_FACTORS = ${JSON.stringify(desiredAccountLoadFactorMap(pool))} +POOL_ADMIN_EMAIL_DEFAULT = ${pyJson(pool.adminEmailDefault)} +MIN_OWNER_BALANCE_USD = ${pyJson(pool.minOwnerBalanceUsd)} +MIN_OWNER_CONCURRENCY = ${pyJson(pool.minOwnerConcurrency)} +MIN_OWNER_CONCURRENCY_SOURCE = ${pyJson(pool.minOwnerConcurrencySource)} +POOL_DEFAULT_ACCOUNT_PRIORITY = ${pyJson(pool.defaultAccountPriority)} +POOL_DEFAULT_ACCOUNT_CAPACITY = ${pyJson(pool.defaultAccountCapacity)} +POOL_DEFAULT_ACCOUNT_LOAD_FACTOR = ${pyJson(pool.defaultAccountLoadFactor)} +RESPONSES_SMOKE_MODEL = ${pyJson(pool.localCodex.responsesSmokeModel)} +EXPECTED_ACCOUNT_CAPACITIES = ${pyJson(desiredAccountCapacityMap(pool))} +EXPECTED_ACCOUNT_LOAD_FACTORS = ${pyJson(desiredAccountLoadFactorMap(pool))} EXPECTED_ACCOUNT_WS_MODES = json.loads(${JSON.stringify(JSON.stringify(desiredAccountWebSocketsV2ModeMap(pool)))}) EXPECTED_ACCOUNT_TEMP_UNSCHEDULABLE = json.loads(${JSON.stringify(JSON.stringify(desiredAccountTempUnschedulableMap(pool)))}) MANUAL_ACCOUNT_PROTECTIONS = json.loads(${JSON.stringify(JSON.stringify(resolvedManualAccountProtections(pool, target)))})