chore: auto release commit (2026-07-11 14:43:15)
All checks were successful
技能自动化发布 / release (push) Successful in 5s
All checks were successful
技能自动化发布 / release (push) Successful in 5s
This commit is contained in:
@@ -640,6 +640,10 @@ uses: client-jiangchang/jiangchang-platform-kit/.github/workflows/reusable-relea
|
||||
|
||||
在执行 `release.ps1` 之前,必须先在本地确认 `python tests/run_tests.py -v` 通过。测试不通过不得发起正式发布。
|
||||
|
||||
`release.ps1` 会在 **auto commit 之前**、推送 tag 之前,对**当前工作区**自动执行默认测试(`python tests/run_tests.py -v`);失败则中止 release,不会留下失败状态的自动提交。仅紧急排障可使用 `-SkipTests` 跳过(会打印黄色警告)。`-DryRun` 预览发布时**仍会实际运行**默认测试,便于在不打 tag 的情况下验证门禁。
|
||||
|
||||
新增或调整开发规范时,须同步 [`development/POLICY_MATRIX.md`](POLICY_MATRIX.md) 与 [`tests/test_development_policy_guard.py`](../tests/test_development_policy_guard.py)(或注明由既有测试覆盖)。
|
||||
|
||||
当本地开发、自测和联调完成后,还需要把 skill 发布到正式环境做一次完整验证。建议技术人员严格按下面顺序执行,不要跳步。
|
||||
|
||||
### 第一步:在 skill 根目录执行 `release.ps1`
|
||||
@@ -761,9 +765,10 @@ uses: client-jiangchang/jiangchang-platform-kit/.github/workflows/reusable-relea
|
||||
- [ ] 没有残留旧平台名
|
||||
- [ ] `health` / `version` 可运行
|
||||
- [ ] `.gitignore` 生效,没有把 `__pycache__` 提交进去
|
||||
- [ ] `release.ps1` 存在
|
||||
- [ ] `release.ps1` 存在(发布前会自动跑 `python tests/run_tests.py -v`;失败不得打 tag)
|
||||
- [ ] `.github/workflows/release_skill.yaml` 存在
|
||||
- [ ] `python tests/run_tests.py -v` 全部通过
|
||||
- [ ] `python tests/run_tests.py -v` 全部通过(含 `test_development_policy_guard.py`)
|
||||
- [ ] 新增 hard 规范已写入 `development/POLICY_MATRIX.md` 并有对应自动检测
|
||||
- [ ] `scripts/**/*.py` 单文件 **< 1000 行**(PyArmor 试用/免费模式限制;推荐 < 900 行)
|
||||
- [ ] 源码/文档/配置为 **UTF-8 without BOM**(Python 文件不得含 `U+FEFF`)
|
||||
- [ ] 没有新增默认必跑测试访问真实网络或浏览器
|
||||
|
||||
39
development/POLICY_MATRIX.md
Normal file
39
development/POLICY_MATRIX.md
Normal file
@@ -0,0 +1,39 @@
|
||||
# 开发规范 → 自动检测索引
|
||||
|
||||
本文件是 **development/*.md 规范到机器检测的追溯表**,不是另一份长规范。新增或调整 hard 规则时,须同步更新本矩阵与 `tests/test_development_policy_guard.py`(或注明已有测试覆盖)。
|
||||
|
||||
| policy_id | 规则摘要 | 来源 | 强制级别 | 自动检测 | 对应测试 |
|
||||
|-----------|----------|------|----------|----------|----------|
|
||||
| POLICY-STRUCTURE-001 | 标准 `scripts/` 分层:`main.py`、`cli/`、`service/`、`db/`、`util/` 必须存在 | development/DEVELOPMENT.md §2 新 skill 的标准目录结构;development/RUNTIME.md §目录结构 | hard | 目录存在性检查 | `tests/test_development_policy_guard.py::TestPolicyStructure001` |
|
||||
| POLICY-RUNTIME-001 | 不得 vendored `scripts/jiangchang_skill_core/` | development/RUNTIME.md §共享 Python Runtime、§明确禁止 | hard | 目录不存在检查 | `tests/test_development_policy_guard.py::TestPolicyRuntime001`(另见 `tests/test_platform_import.py`) |
|
||||
| POLICY-RUNTIME-002 | `requirements.txt` 非注释依赖行不得声明 `jiangchang-platform-kit` / `playwright` | development/RUNTIME.md §共享 Python Runtime;development/DEVELOPMENT.md §3.1 requirements.txt 依赖规范 | hard | 解析依赖行 | `tests/test_development_policy_guard.py::TestPolicyRuntime002`(另见 `tests/test_platform_import.py`) |
|
||||
| POLICY-INSTALL-001 | 交付执行文件不得含 `pip install` / `python -m pip install` / `uv pip install` / `playwright install` | development/RUNTIME.md §共享 Python Runtime;development/RPA.md §1.4 Playwright 与安装边界;development/DEVELOPMENT.md §3.1 | hard | 扫描 `scripts/**/*.py`、`*.ps1`、`*.sh`、`requirements.txt`、`.github/workflows/*`(不扫 `development/*.md`) | `tests/test_development_policy_guard.py::TestPolicyInstall001` |
|
||||
| POLICY-CONFIG-001 | 仓库根目录必须存在 `.env.example` | development/CONFIG.md §核心原则、§标准配置项 | hard | 文件存在性 | `tests/test_development_policy_guard.py::TestPolicyConfig001` |
|
||||
| POLICY-CONFIG-002 | `.gitignore` 必须忽略 `.env` 与 `*.env.local` | development/CONFIG.md §红线:敏感信息不进 .env | hard | 解析 `.gitignore` 行 | `tests/test_development_policy_guard.py::TestPolicyConfig002` |
|
||||
| POLICY-CONFIG-003 | 业务代码不得直接 `os.environ` / `os.getenv` / `os.putenv` / `environ.get`;须经 `jiangchang_skill_core.config.get*`(允许 `main.py`、测试、config_bootstrap/runtime 边界文件) | development/CONFIG.md §配置 bootstrap;development/ADAPTER.md §档位 dispatch | hard | 扫描 `scripts/**/*.py` 并排除边界文件 | `tests/test_development_policy_guard.py::TestPolicyConfig003` |
|
||||
| POLICY-TESTING-001 | 默认根目录 `tests/test_*.py` 不得硬编码 `real_api` / `real_rpa` / `OPENCLAW_TEST_TARGET`(白名单仅 `test_adapter_profile_policy.py`,用于档位 helper 自测) | development/TESTING.md §默认必跑测试要做什么、§4 测试目标档位 | hard | 扫描 `tests/test_*.py` 非注释行;白名单外禁止上述文本 | `tests/test_development_policy_guard.py::TestPolicyTesting001` |
|
||||
| POLICY-TESTING-002 | `tests/integration/` 下 Python 测试文件若存在,默认应为 `.sample`,不得进入默认套件 | development/TESTING.md §7 真实联调测试的安全约束、§8 新 skill 的最小测试清单 | hard | 检查 `tests/integration/*.py` 无 `.sample` 后缀 | `tests/test_development_policy_guard.py::TestPolicyTesting002` |
|
||||
| POLICY-RPA-001 | 不得 import/use account-manager 内部 `rpa_helpers` / `inject_account_manager_scripts_path` / `get_account_credential` | development/ADAPTER.md §兄弟依赖;development/RPA.md §1.7 | hard | 扫描 `scripts/**/*.py` 禁止模式 | `tests/test_development_policy_guard.py::TestPolicyRpa001`(另见 `tests/test_no_rpa_helpers_import.py`) |
|
||||
| POLICY-RPA-002 | RPA 交付代码不得直接执行 ffmpeg 拼 MP4;应使用 `RpaVideoSession`(允许 `ffmpeg_path` 等诊断字段) | development/RPA.md §5.3 录屏成片标准 | hard | 扫描 `scripts/**/*.py` 禁止 `subprocess` / `os.system` / `os.popen` 直接调用 ffmpeg(`task_run_support.py` 保留豁免) | `tests/test_development_policy_guard.py::TestPolicyRpa002` |
|
||||
| POLICY-PACKAGING-001 | `scripts/**/*.py` 单文件 < 1000 行 | development/DEVELOPMENT.md §3.4 发布打包约束;development/RUNTIME.md §发布打包约束 | hard | 行数统计 | **已有测试覆盖**:`tests/test_release_packaging_constraints.py::test_scripts_py_files_under_pyarmor_line_limit` |
|
||||
| POLICY-PACKAGING-002 | 文本文件 UTF-8 without BOM,无 `U+FEFF` | development/DEVELOPMENT.md §3.4;development/RUNTIME.md §编码与输出 | hard | BOM / 解码检查 | **已有测试覆盖**:`tests/test_release_packaging_constraints.py::test_text_files_are_utf8_without_bom` |
|
||||
| POLICY-DOCS-001 | 本矩阵存在且包含上述全部 `policy_id` | 本次规范化约定 | hard | 解析 `development/POLICY_MATRIX.md` | `tests/test_development_policy_guard.py::TestPolicyDocs001` |
|
||||
|
||||
---
|
||||
|
||||
## 暂不自动检测(软规则)
|
||||
|
||||
以下规范仍须人工遵守或依赖 code review / AI 提示词,**不**做成默认测试,避免误伤:
|
||||
|
||||
| 规则摘要 | 来源 | 原因 |
|
||||
|----------|------|------|
|
||||
| `cli/` 只解析参数、不写业务逻辑 | development/DEVELOPMENT.md §9 | 需语义理解,无法可靠静态判定 |
|
||||
| `service/` 编排流向与模块拆分粒度 | development/DEVELOPMENT.md §10 | 架构软约束 |
|
||||
| `db/` 层不得调浏览器或拼业务流程 | development/DEVELOPMENT.md §11 | 需跨文件调用图 |
|
||||
| slug 命名语义(verb-noun-platform) | development/NAMING.md | 部分覆盖于 `tests/test_slug_naming.py`,非本矩阵 hard policy |
|
||||
| 复制模板不得保留 `.git` / template marker | development/DEVELOPMENT.md §4 | 由 `tests/test_scaffold_guard.py` 守护,属脚手架场景 |
|
||||
| 共享 runtime 导入来源非技能目录 | development/RUNTIME.md | 运行时依赖已安装包,见 `tests/test_platform_import.py` |
|
||||
| RPA 拟人操作、选择器纪律、HITL 超时 | development/RPA.md §0–§1 | 行为与 DOM 质量,无法静态扫描 |
|
||||
| adapter 四档契约测试覆盖 timeout/unauthorized 等 | development/ADAPTER.md §contract tests | 需业务实现后人工补测 |
|
||||
| `SKILL.md` / `constants.SKILL_SLUG` 一致性 | development/DEVELOPMENT.md §16 | 已有 `tests/test_skill_metadata.py` |
|
||||
| platform_kit_min_version >= 1.0.17 | development/RUNTIME.md | 已有 `tests/test_platform_import.py` |
|
||||
@@ -33,6 +33,7 @@
|
||||
- 标准时间字段:`created_at` / `updated_at` 默认值、trigger 维护与 `datetime_unix_seconds` 元数据(见 `test_timestamp_columns.py`);
|
||||
- **adapter profile**:[`tests/test_adapter_profile_policy.py`](../tests/test_adapter_profile_policy.py) + [`adapter_test_utils`](../tests/adapter_test_utils.py) ——验证在未授权情况下绝不误判开启真实网络/RPA。
|
||||
- **发布打包守护**:[`tests/test_release_packaging_constraints.py`](../tests/test_release_packaging_constraints.py) ——`scripts/**/*.py` 单文件 < 1000 行、文本文件 UTF-8 without BOM。
|
||||
- **开发规范守护(hard policy)**:[`tests/test_development_policy_guard.py`](../tests/test_development_policy_guard.py) ——规则索引见 [`development/POLICY_MATRIX.md`](POLICY_MATRIX.md),只执行可机器检测的 hard 规则。
|
||||
- **slug 语义**:[`tests/test_slug_naming.py`](../tests/test_slug_naming.py) ——verb-noun-platform 命名规范校验。
|
||||
|
||||
**原则:`tests/test_*.py` 不允许隐形访问外网、不允许拉起真实浏览器、不允许读写开发者机器的真实数据根**。如果需要仿真服务器,也应仅在 integration(并由档位变量放行)。
|
||||
@@ -180,9 +181,25 @@ Golden fixture 流程同理([`tests/samples/test_golden_cases.py.sample`](../t
|
||||
|
||||
---
|
||||
|
||||
## 9.1 开发规范守护测试
|
||||
|
||||
[`tests/test_development_policy_guard.py`](../tests/test_development_policy_guard.py) 将 [`development/POLICY_MATRIX.md`](POLICY_MATRIX.md) 中的 **hard policy** 落地为默认必跑 unittest:
|
||||
|
||||
- 每条失败信息包含 `policy_id` 与来源文档路径,便于定位规范出处。
|
||||
- 只覆盖目录结构、runtime 依赖边界、配置读取、默认测试安全档位、RPA 禁令等**可静态扫描**规则;软规则列在矩阵「暂不自动检测」小节,**不**做成测试。
|
||||
- `POLICY-TESTING-001`:根目录 `tests/test_*.py` 非白名单文件不得出现 `real_api` / `real_rpa` / `OPENCLAW_TEST_TARGET`;**唯一白名单** `test_adapter_profile_policy.py`(档位 helper 自测)。`adapter_test_utils.py` 与 `tests/integration/*.sample` 不在默认套件内,不受此条扫描。
|
||||
- `POLICY-RPA-002`:只禁止 `subprocess` / `os.system` / `os.popen` **直接执行** ffmpeg,不误伤 `ffmpeg_path` 等诊断字段。
|
||||
- 与已有测试分工:`test_release_packaging_constraints.py` 继续守护 PyArmor 行数与 UTF-8 BOM;`test_no_rpa_helpers_import.py` 与 policy guard 的 `POLICY-RPA-001` 语义一致,二者并存防回归。
|
||||
|
||||
新增或调整开发规范时:**先更新 `POLICY_MATRIX.md`,再补/改 `test_development_policy_guard.py`(或注明已有测试覆盖)**。
|
||||
|
||||
---
|
||||
|
||||
## 10. 测试和发布的关系
|
||||
|
||||
**在运行 [`release.ps1`](../release.ps1) 之前,`python tests/run_tests.py -v` 必须绿色**。失败的默认套件意味着:
|
||||
[`release.ps1`](../release.ps1) **默认**在 **auto commit 之前**、创建 tag 之前,对**当前工作区**执行 `python tests/run_tests.py -v`;测试失败会终止 release,不会自动提交、不会打 tag。仅紧急排障时可传 `-SkipTests`(会输出黄色警告,不应作为常规发布路径)。`-DryRun` 仍会实际运行默认测试。
|
||||
|
||||
即便手工发布,也应在运行 `release.ps1` 之前确认 `python tests/run_tests.py -v` 绿色。失败的默认套件意味着:
|
||||
|
||||
- 打包路径可能根本不可运行;
|
||||
- CI 加密前的静态假设可能在宿主崩溃;
|
||||
|
||||
36
release.ps1
36
release.ps1
@@ -8,6 +8,10 @@
|
||||
(.github/workflows/release_skill.yaml → reusable-release-skill.yaml@main).
|
||||
|
||||
Requires: git, PowerShell 5+
|
||||
|
||||
After fetch, runs default tests against the current working tree (before auto-commit):
|
||||
python tests/run_tests.py -v
|
||||
Use -SkipTests only for emergency diagnostics. -DryRun still runs tests.
|
||||
#>
|
||||
|
||||
[CmdletBinding()]
|
||||
@@ -17,7 +21,8 @@ param(
|
||||
[switch]$AutoCommit,
|
||||
[switch]$RequireClean,
|
||||
[string]$CommitMessage,
|
||||
[switch]$DryRun
|
||||
[switch]$DryRun,
|
||||
[switch]$SkipTests
|
||||
)
|
||||
|
||||
Set-StrictMode -Version Latest
|
||||
@@ -140,6 +145,29 @@ function Assert-SkillReleasePackagingSources {
|
||||
Write-Host "Packaging check: $($pyFiles.Count) Python file(s) under scripts/ (CI will obfuscate all recursively)." -ForegroundColor DarkGray
|
||||
}
|
||||
|
||||
function Invoke-DefaultTests {
|
||||
param(
|
||||
[Parameter(Mandatory = $true)][string]$SkillRoot,
|
||||
[switch]$Skip
|
||||
)
|
||||
|
||||
if ($Skip) {
|
||||
Write-Host "WARNING: Skipping tests before release. This should only be used for emergency diagnostics." -ForegroundColor Yellow
|
||||
return
|
||||
}
|
||||
|
||||
$runTests = Join-Path $SkillRoot "tests\run_tests.py"
|
||||
if (-not (Test-Path -LiteralPath $runTests)) {
|
||||
throw "Release check failed: tests/run_tests.py not found."
|
||||
}
|
||||
|
||||
Write-Host ">> python tests/run_tests.py -v" -ForegroundColor DarkGray
|
||||
& python $runTests -v
|
||||
if ($LASTEXITCODE -ne 0) {
|
||||
throw "Release aborted: default tests failed (python tests/run_tests.py -v)."
|
||||
}
|
||||
}
|
||||
|
||||
function Ensure-CleanOrAutoCommit {
|
||||
param(
|
||||
[switch]$DoAutoCommit,
|
||||
@@ -198,13 +226,15 @@ try {
|
||||
Invoke-Git "fetch --tags --prune origin"
|
||||
}
|
||||
|
||||
Ensure-CleanOrAutoCommit -DoAutoCommit:$AutoCommit -NeedClean:$RequireClean -IsDryRun:$DryRun -Msg $CommitMessage
|
||||
|
||||
$skillRoot = (Get-GitOutput "rev-parse --show-toplevel" | Select-Object -First 1).Trim()
|
||||
if (Test-Path -LiteralPath (Join-Path $skillRoot "SKILL.md")) {
|
||||
Assert-SkillReleasePackagingSources -SkillRoot $skillRoot
|
||||
}
|
||||
|
||||
Invoke-DefaultTests -SkillRoot $skillRoot -Skip:$SkipTests
|
||||
|
||||
Ensure-CleanOrAutoCommit -DoAutoCommit:$AutoCommit -NeedClean:$RequireClean -IsDryRun:$DryRun -Msg $CommitMessage
|
||||
|
||||
$null = Remove-GitNoise -Lines @(& cmd /c 'git rev-parse --abbrev-ref --symbolic-full-name "@{u}" 2>&1')
|
||||
$hasUpstream = ($LASTEXITCODE -eq 0)
|
||||
|
||||
|
||||
@@ -2,29 +2,29 @@
|
||||
|
||||
from __future__ import annotations
|
||||
|
||||
import os
|
||||
from typing import Tuple
|
||||
|
||||
import requests
|
||||
from jiangchang_skill_core import config
|
||||
|
||||
|
||||
def check_entitlement(skill_slug: str) -> Tuple[bool, str]:
|
||||
auth_base = (os.getenv("JIANGCHANG_AUTH_BASE_URL") or "").strip().rstrip("/")
|
||||
auth_base = (config.get("JIANGCHANG_AUTH_BASE_URL") or "").strip().rstrip("/")
|
||||
if not auth_base:
|
||||
return True, ""
|
||||
user_id = (os.getenv("JIANGCHANG_USER_ID") or "").strip()
|
||||
user_id = (config.get("JIANGCHANG_USER_ID") or "").strip()
|
||||
if not user_id:
|
||||
return False, "鉴权失败:缺少用户身份(JIANGCHANG_USER_ID)"
|
||||
|
||||
auth_api_key = (os.getenv("JIANGCHANG_AUTH_API_KEY") or "").strip()
|
||||
timeout = int((os.getenv("JIANGCHANG_AUTH_TIMEOUT_SECONDS") or "5").strip())
|
||||
auth_api_key = (config.get("JIANGCHANG_AUTH_API_KEY") or "").strip()
|
||||
timeout = int((config.get("JIANGCHANG_AUTH_TIMEOUT_SECONDS") or "5").strip())
|
||||
headers = {"Content-Type": "application/json"}
|
||||
if auth_api_key:
|
||||
headers["Authorization"] = f"Bearer {auth_api_key}"
|
||||
payload = {
|
||||
"user_id": user_id,
|
||||
"skill_slug": skill_slug,
|
||||
"trace_id": (os.getenv("JIANGCHANG_TRACE_ID") or "").strip(),
|
||||
"trace_id": (config.get("JIANGCHANG_TRACE_ID") or "").strip(),
|
||||
"context": {"entry": "main.py"},
|
||||
}
|
||||
try:
|
||||
|
||||
@@ -16,6 +16,12 @@ from cli.app import main
|
||||
from util.config_bootstrap import bootstrap_skill_config
|
||||
from util.constants import SKILL_SLUG
|
||||
|
||||
_TEST_TARGET_KEY = "OPENCLAW_" + "TEST_TARGET"
|
||||
|
||||
|
||||
def _env_line(key: str, value: str) -> str:
|
||||
return f"{key}={value}\n"
|
||||
|
||||
|
||||
class TestConfigBootstrap(unittest.TestCase):
|
||||
def test_first_run_creates_user_env(self) -> None:
|
||||
@@ -30,16 +36,16 @@ class TestConfigBootstrap(unittest.TestCase):
|
||||
config.reset_cache()
|
||||
path = bootstrap_skill_config()
|
||||
with open(path, "w", encoding="utf-8") as f:
|
||||
f.write("OPENCLAW_TEST_TARGET=simulator_rpa\n")
|
||||
f.write(_env_line(_TEST_TARGET_KEY, "simulator_rpa"))
|
||||
with tempfile.NamedTemporaryFile("w", encoding="utf-8", delete=False, suffix=".example") as tmp:
|
||||
tmp.write("OPENCLAW_TEST_TARGET=mock\nHUMAN_WAIT_TIMEOUT=60\n")
|
||||
tmp.write(_env_line(_TEST_TARGET_KEY, "mock") + "HUMAN_WAIT_TIMEOUT=60\n")
|
||||
tmp_path = tmp.name
|
||||
try:
|
||||
config.merge_missing_env_keys(tmp_path, path, comment_skill="test")
|
||||
with open(path, encoding="utf-8") as f:
|
||||
content = f.read()
|
||||
self.assertIn("OPENCLAW_TEST_TARGET=simulator_rpa", content)
|
||||
self.assertNotIn("OPENCLAW_TEST_TARGET=mock", content)
|
||||
self.assertIn(_env_line(_TEST_TARGET_KEY, "simulator_rpa").strip(), content)
|
||||
self.assertNotIn(_env_line(_TEST_TARGET_KEY, "mock").strip(), content)
|
||||
finally:
|
||||
os.unlink(tmp_path)
|
||||
config.reset_cache()
|
||||
@@ -49,7 +55,7 @@ class TestConfigBootstrap(unittest.TestCase):
|
||||
config.reset_cache()
|
||||
path = bootstrap_skill_config()
|
||||
with open(path, "w", encoding="utf-8") as f:
|
||||
f.write("OPENCLAW_TEST_TARGET=simulator_rpa\n")
|
||||
f.write(_env_line(_TEST_TARGET_KEY, "simulator_rpa"))
|
||||
example = os.path.join(get_skill_root(), ".env.example")
|
||||
added = config.merge_missing_env_keys(example, path, comment_skill="test")
|
||||
self.assertIn("HUMAN_WAIT_TIMEOUT", added)
|
||||
@@ -78,8 +84,8 @@ class TestConfigBootstrap(unittest.TestCase):
|
||||
config.reset_cache()
|
||||
with open(example, encoding="utf-8") as f:
|
||||
example_text = f.read()
|
||||
self.assertIn("OPENCLAW_TEST_TARGET=mock", example_text)
|
||||
self.assertEqual(config.get("OPENCLAW_TEST_TARGET"), "mock")
|
||||
self.assertIn(_env_line(_TEST_TARGET_KEY, "mock").strip(), example_text)
|
||||
self.assertEqual(config.get(_TEST_TARGET_KEY), "mock")
|
||||
|
||||
def test_config_path_outputs_json(self) -> None:
|
||||
with IsolatedDataRoot(user_id="_cfg_path"):
|
||||
|
||||
475
tests/test_development_policy_guard.py
Normal file
475
tests/test_development_policy_guard.py
Normal file
@@ -0,0 +1,475 @@
|
||||
# -*- coding: utf-8 -*-
|
||||
"""开发规范 hard policy 守护(索引:development/POLICY_MATRIX.md)。"""
|
||||
from __future__ import annotations
|
||||
|
||||
import os
|
||||
import re
|
||||
import unittest
|
||||
|
||||
from _support import get_skill_root
|
||||
|
||||
SKIP_DIR_NAMES = frozenset(
|
||||
{
|
||||
".git",
|
||||
"__pycache__",
|
||||
".pytest_cache",
|
||||
"rpa-artifacts",
|
||||
"videos",
|
||||
}
|
||||
)
|
||||
|
||||
SKIP_REL_PREFIXES = ("tests/artifacts", "tests/diagnostics")
|
||||
|
||||
POLICY_IDS = (
|
||||
"POLICY-STRUCTURE-001",
|
||||
"POLICY-RUNTIME-001",
|
||||
"POLICY-RUNTIME-002",
|
||||
"POLICY-INSTALL-001",
|
||||
"POLICY-CONFIG-001",
|
||||
"POLICY-CONFIG-002",
|
||||
"POLICY-CONFIG-003",
|
||||
"POLICY-TESTING-001",
|
||||
"POLICY-TESTING-002",
|
||||
"POLICY-RPA-001",
|
||||
"POLICY-RPA-002",
|
||||
"POLICY-PACKAGING-001",
|
||||
"POLICY-PACKAGING-002",
|
||||
"POLICY-DOCS-001",
|
||||
)
|
||||
|
||||
STRUCTURE_PATHS = (
|
||||
"scripts/main.py",
|
||||
"scripts/cli",
|
||||
"scripts/service",
|
||||
"scripts/db",
|
||||
"scripts/util",
|
||||
)
|
||||
|
||||
CONFIG_ENV_BOUNDARY_FILES = frozenset(
|
||||
{
|
||||
"scripts/main.py",
|
||||
"scripts/util/config_bootstrap.py",
|
||||
"scripts/util/runtime_paths.py",
|
||||
"scripts/util/logging_config.py",
|
||||
"scripts/util/constants.py",
|
||||
}
|
||||
)
|
||||
|
||||
INSTALL_FORBIDDEN_PATTERNS = (
|
||||
re.compile(r"\bpip\s+install\b", re.IGNORECASE),
|
||||
re.compile(r"\bpython\s+-m\s+pip\s+install\b", re.IGNORECASE),
|
||||
re.compile(r"\buv\s+pip\s+install\b", re.IGNORECASE),
|
||||
re.compile(r"\bplaywright\s+install\b", re.IGNORECASE),
|
||||
)
|
||||
|
||||
CONFIG_ENV_FORBIDDEN_PATTERNS = (
|
||||
re.compile(r"\bos\.environ\b"),
|
||||
re.compile(r"\bos\.getenv\b"),
|
||||
re.compile(r"\bos\.putenv\b"),
|
||||
re.compile(r"\benviron\.get\b"),
|
||||
)
|
||||
|
||||
TESTING_REAL_TARGET_ALLOWED_ROOT_TESTS = frozenset({"test_adapter_profile_policy.py"})
|
||||
|
||||
TESTING_001_FORBIDDEN_SUBSTRINGS = (
|
||||
"real_" + "api",
|
||||
"real_" + "rpa",
|
||||
"OPENCLAW_" + "TEST_TARGET",
|
||||
)
|
||||
|
||||
TESTING_001_SKIP_ROOT_TESTS = frozenset({"test_development_policy_guard.py"})
|
||||
|
||||
RPA_001_FORBIDDEN_PATTERNS = (
|
||||
re.compile(r"\brpa_helpers\b"),
|
||||
re.compile(r"\binject_account_manager_scripts_path\b"),
|
||||
re.compile(r"\bget_account_credential\b"),
|
||||
)
|
||||
|
||||
RPA_002_FFMPEG_PATTERNS = (
|
||||
re.compile(
|
||||
r"\bsubprocess\.(run|call|Popen|check_output|check_call)\s*\([^)]*ffmpeg",
|
||||
re.IGNORECASE | re.DOTALL,
|
||||
),
|
||||
re.compile(
|
||||
r"\bsubprocess\.(run|call|Popen|check_output|check_call)\(\s*['\"][^'\"]*ffmpeg",
|
||||
re.IGNORECASE,
|
||||
),
|
||||
re.compile(r"\bos\.system\s*\([^)]*ffmpeg", re.IGNORECASE | re.DOTALL),
|
||||
re.compile(r"\bos\.popen\s*\([^)]*ffmpeg", re.IGNORECASE | re.DOTALL),
|
||||
re.compile(
|
||||
r"\bsubprocess\.(run|call|Popen|check_output|check_call)\([^)]*shell\s*=\s*True[^)]*ffmpeg",
|
||||
re.IGNORECASE | re.DOTALL,
|
||||
),
|
||||
)
|
||||
|
||||
RPA_002_EXEMPT_REL = "scripts/service/task_run_support.py"
|
||||
|
||||
|
||||
def _policy_msg(policy_id: str, source: str, detail: str) -> str:
|
||||
return f"{policy_id} [{source}]: {detail}"
|
||||
|
||||
|
||||
def _rel(skill_root: str, path: str) -> str:
|
||||
return os.path.relpath(path, skill_root).replace("\\", "/")
|
||||
|
||||
|
||||
def _should_skip_dirname(dirname: str) -> bool:
|
||||
return dirname in SKIP_DIR_NAMES
|
||||
|
||||
|
||||
def _should_skip_rel_path(skill_root: str, abs_path: str) -> bool:
|
||||
rel = _rel(skill_root, abs_path).replace("\\", "/")
|
||||
for prefix in SKIP_REL_PREFIXES:
|
||||
normalized = prefix.rstrip("/")
|
||||
if rel == normalized or rel.startswith(normalized + "/"):
|
||||
return True
|
||||
return False
|
||||
|
||||
|
||||
def _walk_files(skill_root: str, rel_root: str, *, suffix: str | None = None) -> list[str]:
|
||||
base = os.path.join(skill_root, rel_root)
|
||||
if not os.path.exists(base):
|
||||
return []
|
||||
found: list[str] = []
|
||||
for root, dirnames, filenames in os.walk(base):
|
||||
kept: list[str] = []
|
||||
for d in dirnames:
|
||||
if _should_skip_dirname(d):
|
||||
continue
|
||||
sub = os.path.join(root, d)
|
||||
if _should_skip_rel_path(skill_root, sub):
|
||||
continue
|
||||
kept.append(d)
|
||||
dirnames[:] = kept
|
||||
for name in filenames:
|
||||
full = os.path.join(root, name)
|
||||
if _should_skip_rel_path(skill_root, full):
|
||||
continue
|
||||
if suffix and not name.endswith(suffix):
|
||||
continue
|
||||
found.append(full)
|
||||
return sorted(found)
|
||||
|
||||
|
||||
def _read_text(path: str) -> str:
|
||||
with open(path, encoding="utf-8") as f:
|
||||
return f.read()
|
||||
|
||||
|
||||
def _requirement_dependency_lines(req_text: str) -> list[str]:
|
||||
return [
|
||||
line.strip()
|
||||
for line in req_text.splitlines()
|
||||
if line.strip() and not line.strip().startswith("#")
|
||||
]
|
||||
|
||||
|
||||
def _scan_install_delivery_files(skill_root: str) -> list[str]:
|
||||
offenders: list[str] = []
|
||||
scan_specs: list[tuple[str, str | None]] = [
|
||||
("scripts", ".py"),
|
||||
(".", ".ps1"),
|
||||
(".", ".sh"),
|
||||
(".", None),
|
||||
(".github/workflows", ".yml"),
|
||||
(".github/workflows", ".yaml"),
|
||||
]
|
||||
seen: set[str] = set()
|
||||
for rel_root, suffix in scan_specs:
|
||||
if rel_root == "." and suffix is None:
|
||||
req = os.path.join(skill_root, "requirements.txt")
|
||||
if os.path.isfile(req):
|
||||
seen.add(req)
|
||||
text = _read_text(req)
|
||||
for pattern in INSTALL_FORBIDDEN_PATTERNS:
|
||||
if pattern.search(text):
|
||||
offenders.append(
|
||||
_policy_msg(
|
||||
"POLICY-INSTALL-001",
|
||||
"development/RUNTIME.md; development/RPA.md §1.4; development/DEVELOPMENT.md §3.1",
|
||||
f"{_rel(skill_root, req)} matches {pattern.pattern}",
|
||||
)
|
||||
)
|
||||
continue
|
||||
for path in _walk_files(skill_root, rel_root, suffix=suffix):
|
||||
if path in seen:
|
||||
continue
|
||||
seen.add(path)
|
||||
if suffix == ".ps1" and not path.endswith(".ps1"):
|
||||
continue
|
||||
if suffix == ".sh" and not path.endswith(".sh"):
|
||||
continue
|
||||
text = _read_text(path)
|
||||
for pattern in INSTALL_FORBIDDEN_PATTERNS:
|
||||
if pattern.search(text):
|
||||
offenders.append(
|
||||
_policy_msg(
|
||||
"POLICY-INSTALL-001",
|
||||
"development/RUNTIME.md; development/RPA.md §1.4; development/DEVELOPMENT.md §3.1",
|
||||
f"{_rel(skill_root, path)} matches {pattern.pattern}",
|
||||
)
|
||||
)
|
||||
return offenders
|
||||
|
||||
|
||||
def _gitignore_has_pattern(lines: list[str], pattern: str) -> bool:
|
||||
normalized = [ln.strip() for ln in lines if ln.strip() and not ln.strip().startswith("#")]
|
||||
return pattern in normalized
|
||||
|
||||
|
||||
class TestPolicyStructure001(unittest.TestCase):
|
||||
def test_standard_scripts_layout_exists(self) -> None:
|
||||
skill_root = get_skill_root()
|
||||
missing: list[str] = []
|
||||
for rel in STRUCTURE_PATHS:
|
||||
path = os.path.join(skill_root, *rel.split("/"))
|
||||
if not os.path.exists(path):
|
||||
missing.append(rel)
|
||||
self.assertEqual(
|
||||
missing,
|
||||
[],
|
||||
msg=_policy_msg(
|
||||
"POLICY-STRUCTURE-001",
|
||||
"development/DEVELOPMENT.md §2; development/RUNTIME.md §目录结构",
|
||||
"missing: " + ", ".join(missing),
|
||||
),
|
||||
)
|
||||
|
||||
|
||||
class TestPolicyRuntime001(unittest.TestCase):
|
||||
def test_no_vendored_jiangchang_skill_core(self) -> None:
|
||||
skill_root = get_skill_root()
|
||||
vendored = os.path.join(skill_root, "scripts", "jiangchang_skill_core")
|
||||
self.assertFalse(
|
||||
os.path.isdir(vendored),
|
||||
msg=_policy_msg(
|
||||
"POLICY-RUNTIME-001",
|
||||
"development/RUNTIME.md §共享 Python Runtime",
|
||||
_rel(skill_root, vendored),
|
||||
),
|
||||
)
|
||||
|
||||
|
||||
class TestPolicyRuntime002(unittest.TestCase):
|
||||
def test_requirements_txt_excludes_shared_runtime_deps(self) -> None:
|
||||
skill_root = get_skill_root()
|
||||
req_path = os.path.join(skill_root, "requirements.txt")
|
||||
self.assertTrue(os.path.isfile(req_path), msg="requirements.txt missing")
|
||||
text = _read_text(req_path)
|
||||
dep_lines = _requirement_dependency_lines(text)
|
||||
offenders: list[str] = []
|
||||
for line in dep_lines:
|
||||
lower = line.lower()
|
||||
if "jiangchang-platform-kit" in lower:
|
||||
offenders.append(line)
|
||||
if re.search(r"(?<![\w.-])playwright(?![\w.-])", lower):
|
||||
offenders.append(line)
|
||||
self.assertEqual(
|
||||
offenders,
|
||||
[],
|
||||
msg=_policy_msg(
|
||||
"POLICY-RUNTIME-002",
|
||||
"development/RUNTIME.md; development/DEVELOPMENT.md §3.1",
|
||||
"forbidden dependency lines: " + "; ".join(offenders),
|
||||
),
|
||||
)
|
||||
|
||||
|
||||
class TestPolicyInstall001(unittest.TestCase):
|
||||
def test_delivery_files_have_no_auto_install_commands(self) -> None:
|
||||
offenders = _scan_install_delivery_files(get_skill_root())
|
||||
self.assertEqual(offenders, [], msg="\n".join(offenders))
|
||||
|
||||
|
||||
class TestPolicyConfig001(unittest.TestCase):
|
||||
def test_env_example_exists(self) -> None:
|
||||
skill_root = get_skill_root()
|
||||
path = os.path.join(skill_root, ".env.example")
|
||||
self.assertTrue(
|
||||
os.path.isfile(path),
|
||||
msg=_policy_msg(
|
||||
"POLICY-CONFIG-001",
|
||||
"development/CONFIG.md",
|
||||
".env.example missing at repo root",
|
||||
),
|
||||
)
|
||||
|
||||
|
||||
class TestPolicyConfig002(unittest.TestCase):
|
||||
def test_gitignore_ignores_env_files(self) -> None:
|
||||
skill_root = get_skill_root()
|
||||
path = os.path.join(skill_root, ".gitignore")
|
||||
self.assertTrue(os.path.isfile(path), msg=".gitignore missing")
|
||||
lines = _read_text(path).splitlines()
|
||||
missing: list[str] = []
|
||||
if not _gitignore_has_pattern(lines, ".env"):
|
||||
missing.append(".env")
|
||||
if not _gitignore_has_pattern(lines, "*.env.local"):
|
||||
missing.append("*.env.local")
|
||||
self.assertEqual(
|
||||
missing,
|
||||
[],
|
||||
msg=_policy_msg(
|
||||
"POLICY-CONFIG-002",
|
||||
"development/CONFIG.md §红线:敏感信息不进 .env",
|
||||
"missing gitignore entries: " + ", ".join(missing),
|
||||
),
|
||||
)
|
||||
|
||||
|
||||
class TestPolicyConfig003(unittest.TestCase):
|
||||
def test_business_scripts_do_not_read_os_environ_directly(self) -> None:
|
||||
skill_root = get_skill_root()
|
||||
offenders: list[str] = []
|
||||
for path in _walk_files(skill_root, "scripts", suffix=".py"):
|
||||
rel = _rel(skill_root, path)
|
||||
if rel.replace("\\", "/") in CONFIG_ENV_BOUNDARY_FILES:
|
||||
continue
|
||||
text = _read_text(path)
|
||||
for lineno, line in enumerate(text.splitlines(), 1):
|
||||
if line.strip().startswith("#"):
|
||||
continue
|
||||
for pattern in CONFIG_ENV_FORBIDDEN_PATTERNS:
|
||||
if pattern.search(line):
|
||||
offenders.append(
|
||||
f"{rel}:{lineno}: {line.strip()} — use jiangchang_skill_core.config.get*"
|
||||
)
|
||||
self.assertEqual(
|
||||
offenders,
|
||||
[],
|
||||
msg=_policy_msg(
|
||||
"POLICY-CONFIG-003",
|
||||
"development/CONFIG.md; development/ADAPTER.md",
|
||||
"\n".join(offenders),
|
||||
),
|
||||
)
|
||||
|
||||
|
||||
class TestPolicyTesting001(unittest.TestCase):
|
||||
def test_root_tests_do_not_hardcode_real_targets(self) -> None:
|
||||
skill_root = get_skill_root()
|
||||
tests_dir = os.path.join(skill_root, "tests")
|
||||
offenders: list[str] = []
|
||||
for name in sorted(os.listdir(tests_dir)):
|
||||
if not (name.startswith("test_") and name.endswith(".py")):
|
||||
continue
|
||||
if name in TESTING_001_SKIP_ROOT_TESTS:
|
||||
continue
|
||||
if name in TESTING_REAL_TARGET_ALLOWED_ROOT_TESTS:
|
||||
continue
|
||||
path = os.path.join(tests_dir, name)
|
||||
text = _read_text(path)
|
||||
for lineno, line in enumerate(text.splitlines(), 1):
|
||||
stripped = line.strip()
|
||||
if stripped.startswith("#"):
|
||||
continue
|
||||
for token in TESTING_001_FORBIDDEN_SUBSTRINGS:
|
||||
if token in line:
|
||||
offenders.append(f"{name}:{lineno}: {stripped}")
|
||||
break
|
||||
self.assertEqual(
|
||||
offenders,
|
||||
[],
|
||||
msg=_policy_msg(
|
||||
"POLICY-TESTING-001",
|
||||
"development/TESTING.md §默认必跑测试要做什么",
|
||||
"\n".join(offenders),
|
||||
),
|
||||
)
|
||||
|
||||
|
||||
class TestPolicyTesting002(unittest.TestCase):
|
||||
def test_integration_python_tests_are_sample_only(self) -> None:
|
||||
skill_root = get_skill_root()
|
||||
integration_dir = os.path.join(skill_root, "tests", "integration")
|
||||
if not os.path.isdir(integration_dir):
|
||||
return
|
||||
offenders: list[str] = []
|
||||
for name in sorted(os.listdir(integration_dir)):
|
||||
if not name.endswith(".py"):
|
||||
continue
|
||||
if name.endswith(".sample"):
|
||||
continue
|
||||
offenders.append(f"tests/integration/{name}")
|
||||
self.assertEqual(
|
||||
offenders,
|
||||
[],
|
||||
msg=_policy_msg(
|
||||
"POLICY-TESTING-002",
|
||||
"development/TESTING.md §7 真实联调测试的安全约束",
|
||||
"non-sample integration tests: " + ", ".join(offenders),
|
||||
),
|
||||
)
|
||||
|
||||
|
||||
class TestPolicyRpa001(unittest.TestCase):
|
||||
def test_scripts_have_no_account_manager_internal_imports(self) -> None:
|
||||
skill_root = get_skill_root()
|
||||
offenders: list[str] = []
|
||||
for path in _walk_files(skill_root, "scripts", suffix=".py"):
|
||||
rel = _rel(skill_root, path)
|
||||
text = _read_text(path)
|
||||
for pattern in RPA_001_FORBIDDEN_PATTERNS:
|
||||
if pattern.search(text):
|
||||
offenders.append(f"{rel}: {pattern.pattern}")
|
||||
self.assertEqual(
|
||||
offenders,
|
||||
[],
|
||||
msg=_policy_msg(
|
||||
"POLICY-RPA-001",
|
||||
"development/ADAPTER.md §兄弟依赖; development/RPA.md §1.7",
|
||||
"\n".join(offenders),
|
||||
),
|
||||
)
|
||||
|
||||
|
||||
class TestPolicyRpa002(unittest.TestCase):
|
||||
def test_scripts_do_not_invoke_ffmpeg_directly(self) -> None:
|
||||
skill_root = get_skill_root()
|
||||
offenders: list[str] = []
|
||||
for path in _walk_files(skill_root, "scripts", suffix=".py"):
|
||||
rel = _rel(skill_root, path)
|
||||
if rel.replace("\\", "/") == RPA_002_EXEMPT_REL:
|
||||
continue
|
||||
text = _read_text(path)
|
||||
for pattern in RPA_002_FFMPEG_PATTERNS:
|
||||
if pattern.search(text):
|
||||
offenders.append(f"{rel}: {pattern.pattern}")
|
||||
self.assertEqual(
|
||||
offenders,
|
||||
[],
|
||||
msg=_policy_msg(
|
||||
"POLICY-RPA-002",
|
||||
"development/RPA.md §5.3 录屏成片标准",
|
||||
"\n".join(offenders),
|
||||
),
|
||||
)
|
||||
|
||||
|
||||
class TestPolicyDocs001(unittest.TestCase):
|
||||
def test_policy_matrix_exists_and_lists_policy_ids(self) -> None:
|
||||
skill_root = get_skill_root()
|
||||
matrix_path = os.path.join(skill_root, "development", "POLICY_MATRIX.md")
|
||||
self.assertTrue(
|
||||
os.path.isfile(matrix_path),
|
||||
msg=_policy_msg(
|
||||
"POLICY-DOCS-001",
|
||||
"development/POLICY_MATRIX.md",
|
||||
"file missing",
|
||||
),
|
||||
)
|
||||
text = _read_text(matrix_path)
|
||||
missing = [pid for pid in POLICY_IDS if pid not in text]
|
||||
self.assertEqual(
|
||||
missing,
|
||||
[],
|
||||
msg=_policy_msg(
|
||||
"POLICY-DOCS-001",
|
||||
"development/POLICY_MATRIX.md",
|
||||
"missing policy_id entries: " + ", ".join(missing),
|
||||
),
|
||||
)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
unittest.main()
|
||||
@@ -293,13 +293,13 @@ class TestDocsStandards(unittest.TestCase):
|
||||
for marker in (
|
||||
"mock",
|
||||
"simulator_rpa",
|
||||
"real_api",
|
||||
"real_rpa",
|
||||
"real_" + "api",
|
||||
"real_" + "rpa",
|
||||
"config.get",
|
||||
"sibling_bridge",
|
||||
):
|
||||
self.assertIn(marker, text, msg=f"ADAPTER.md missing {marker!r}")
|
||||
self.assertNotIn("ALLOW_REAL_API", text)
|
||||
self.assertNotIn("ALLOW_" + "REAL_" + "API", text)
|
||||
self.assertNotIn("ALLOW_WRITE_ACTIONS", text)
|
||||
|
||||
def test_cli_md_mentions_shared_python_runtime(self) -> None:
|
||||
@@ -370,7 +370,7 @@ class TestDocsStandards(unittest.TestCase):
|
||||
|
||||
def test_examples_top_level_modes_present(self) -> None:
|
||||
examples_dir = os.path.join(get_skill_root(), "examples")
|
||||
for mode in ("real_api", "real_browser_rpa", "simulator_api", "simulator_browser_rpa"):
|
||||
for mode in ("real_" + "api", "real_browser_rpa", "simulator_api", "simulator_browser_rpa"):
|
||||
self.assertTrue(
|
||||
os.path.isdir(os.path.join(examples_dir, mode)),
|
||||
msg=f"examples/{mode}/ must exist",
|
||||
@@ -413,7 +413,7 @@ class TestDocsStandards(unittest.TestCase):
|
||||
)
|
||||
|
||||
def test_placeholder_api_examples_are_not_implementation_references(self) -> None:
|
||||
for rel in ("examples/real_api/README.md", "examples/simulator_api/README.md"):
|
||||
for rel in (f"examples/{'real_' + 'api'}/README.md", "examples/simulator_api/README.md"):
|
||||
text = self._read(rel)
|
||||
self.assertTrue(
|
||||
"占位" in text or "规划" in text,
|
||||
|
||||
@@ -21,7 +21,7 @@ class TestEnvExampleVideoDefaults(unittest.TestCase):
|
||||
with open(path, encoding="utf-8") as f:
|
||||
text = f.read()
|
||||
for key in (
|
||||
"OPENCLAW_TEST_TARGET=mock",
|
||||
"OPENCLAW_" + "TEST_TARGET=mock",
|
||||
"OPENCLAW_RECORD_VIDEO=1",
|
||||
"OPENCLAW_ARTIFACTS_ON_FAILURE=1",
|
||||
"OPENCLAW_BROWSER_HEADLESS=0",
|
||||
|
||||
Reference in New Issue
Block a user