mirror of
https://github.com/we-promise/sure.git
synced 2026-04-09 15:24:48 +00:00
84bfe5b7ab
* feat(helm): add Pipelock ConfigMap, scanning config, and consolidate compose - Add ConfigMap template rendering DLP, response scanning, MCP input/tool scanning, and forward proxy settings from values - Mount ConfigMap as /etc/pipelock/pipelock.yaml volume in deployment - Add checksum/config annotation for automatic pod restart on config change - Gate HTTPS_PROXY/HTTP_PROXY env injection on forwardProxy.enabled (skip in MCP-only mode) - Use hasKey for all boolean values to prevent Helm default swallowing false - Single source of truth for ports (forwardProxy.port/mcpProxy.port) - Pipelock-specific imagePullSecrets with fallback to app secrets - Merge standalone compose.example.pipelock.yml into compose.example.ai.yml - Add pipelock.example.yaml for Docker Compose users - Add exclude-paths to CI workflow for locale file false positives * Add external assistant support (OpenAI-compatible SSE proxy) Allow self-hosted instances to delegate chat to an external AI agent via an OpenAI-compatible streaming endpoint. Configurable per-family through Settings UI or ASSISTANT_TYPE env override. - Assistant::External::Client: SSE streaming HTTP client (no new gems) - Settings UI with type selector, env lock indicator, config status - Helm chart and Docker Compose env var support - 45 tests covering client, config, routing, controller, integration * Add session key routing, email allowlist, and config plumbing Route to the actual OpenClaw session via x-openclaw-session-key header instead of creating isolated sessions. Gate external assistant access behind an email allowlist (EXTERNAL_ASSISTANT_ALLOWED_EMAILS env var). Plumb session_key and allowedEmails through Helm chart, compose, and env template. * Add HTTPS_PROXY support to External::Client for Pipelock integration Net::HTTP does not auto-read HTTPS_PROXY/HTTP_PROXY env vars (unlike Faraday). Explicitly resolve proxy from environment in build_http so outbound traffic to the external assistant routes through Pipelock's forward proxy when enabled. Respects NO_PROXY for internal hosts. * Add UI fields for external assistant config (Setting-backed with env fallback) Follow the same pattern as OpenAI settings: database-backed Setting fields with env var defaults. Self-hosters can now configure the external assistant URL, token, and agent ID from the browser (Settings > Self-Hosting > AI Assistant) instead of requiring env vars. Fields disable when the corresponding env var is set. * Improve external assistant UI labels and add help text Change placeholder to generic OpenAI-compatible URL pattern. Add help text under each field explaining where the values come from: URL from agent provider, token for authentication, agent ID for multi-agent routing. * Add external assistant docs and fix URL help text Add External AI Assistant section to docs/hosting/ai.md covering setup (UI and env vars), how it works, Pipelock security scanning, access control, and Docker Compose example. Drop "chat completions" jargon from URL help text. * Harden external assistant: retry logic, disconnect UI, error handling, and test coverage - Add retry with backoff for transient network errors (no retry after streaming starts) - Add disconnect button with confirmation modal in self-hosting settings - Narrow rescue scope with fallback logging for unexpected errors - Safe cleanup of partial responses on stream interruption - Gate ai_available? on family assistant_type instead of OR-ing all providers - Truncate conversation history to last 20 messages - Proxy-aware HTTP client with NO_PROXY support - Sanitize protocol to use generic headers (X-Agent-Id, X-Session-Key) - Full test coverage for streaming, retries, proxy routing, config, and disconnect * Exclude external assistant client from Pipelock scan-diff False positive: `@token` instance variable flagged as "Credential in URL". Temporary workaround until Pipelock supports inline suppression. * Address review feedback: NO_PROXY boundary fix, SSE done flag, design tokens - Fix NO_PROXY matching to require domain boundary (exact match or .suffix), case-insensitive. Prevents badexample.com matching example.com. - Add done flag to SSE streaming so read_body stops after [DONE] - Move MAX_CONVERSATION_MESSAGES to class level - Use bg-success/bg-destructive design tokens for status indicators - Add rationale comment for pipelock scan exclusion - Update docs last-updated date * Address second round of review feedback - Allowlist email comparison is now case-insensitive and nil-safe - Cap SSE buffer at 1 MB to prevent memory blowup from malformed streams - Don't expose upstream HTTP response body in user-facing errors (log it instead) - Fix frozen string warning on buffer initialization - Fix "builtin" typo in docs (should be "built-in") * Protect completed responses from cleanup, sanitize error messages - Don't destroy a fully streamed assistant message if post-stream metadata update fails (only cleanup partial responses) - Log raw connection/HTTP errors internally, show generic messages to users to avoid leaking network/proxy details - Update test assertions for new error message wording * Fix SSE content guard and NO_PROXY test correctness Use nil check instead of present? for SSE delta content to preserve whitespace-only chunks (newlines, spaces) that can occur in code output. Fix NO_PROXY test to use HTTP_PROXY matching the http:// client URL so the proxy resolution and NO_PROXY bypass logic are actually exercised. * Forward proxy credentials to Net::HTTP Pass proxy_uri.user and proxy_uri.password to Net::HTTP.new so authenticated proxies (http://user:pass@host:port) work correctly. Without this, credentials parsed from the proxy URL were silently dropped. Nil values are safe as positional args when no creds exist. * Update pipelock integration to v0.3.1 with full scanning config Bump Helm image tag from 0.2.7 to 0.3.1. Add missing security sections to both the Helm ConfigMap and compose example config: mcp_tool_policy, mcp_session_binding, and tool_chain_detection. These protect the /mcp endpoint against tool injection, session hijacking, and multi-step exfiltration chains. Add version and mode fields to config files. Enable include_defaults for DLP and response scanning to merge user patterns with the 35 built-in patterns. Remove redundant --mode CLI flag from the Helm deployment template since mode is now in the config file.
284 lines
9.6 KiB
Ruby
284 lines
9.6 KiB
Ruby
require "test_helper"
|
|
|
|
class Assistant::External::ClientTest < ActiveSupport::TestCase
|
|
setup do
|
|
@client = Assistant::External::Client.new(
|
|
url: "http://localhost:18789/v1/chat",
|
|
token: "test-token",
|
|
agent_id: "test-agent"
|
|
)
|
|
end
|
|
|
|
test "streams text chunks from SSE response" do
|
|
sse_body = <<~SSE
|
|
data: {"id":"chatcmpl-1","object":"chat.completion.chunk","choices":[{"index":0,"delta":{"role":"assistant"},"finish_reason":null}],"model":"test-agent"}
|
|
|
|
data: {"id":"chatcmpl-1","object":"chat.completion.chunk","choices":[{"index":0,"delta":{"content":"Your net worth"},"finish_reason":null}],"model":"test-agent"}
|
|
|
|
data: {"id":"chatcmpl-1","object":"chat.completion.chunk","choices":[{"index":0,"delta":{"content":" is $124,200."},"finish_reason":null}],"model":"test-agent"}
|
|
|
|
data: {"id":"chatcmpl-1","object":"chat.completion.chunk","choices":[{"index":0,"delta":{},"finish_reason":"stop"}],"model":"test-agent"}
|
|
|
|
data: [DONE]
|
|
|
|
SSE
|
|
|
|
mock_http_streaming_response(sse_body)
|
|
|
|
chunks = []
|
|
model = @client.chat(messages: [ { role: "user", content: "test" } ]) do |text|
|
|
chunks << text
|
|
end
|
|
|
|
assert_equal [ "Your net worth", " is $124,200." ], chunks
|
|
assert_equal "test-agent", model
|
|
end
|
|
|
|
test "raises on non-200 response" do
|
|
mock_http_error_response(503, "Service Unavailable")
|
|
|
|
assert_raises(Assistant::Error) do
|
|
@client.chat(messages: [ { role: "user", content: "test" } ]) { |_| }
|
|
end
|
|
end
|
|
|
|
test "retries transient errors then raises Assistant::Error" do
|
|
Net::HTTP.any_instance.stubs(:request).raises(Net::OpenTimeout, "connection timed out")
|
|
|
|
error = assert_raises(Assistant::Error) do
|
|
@client.chat(messages: [ { role: "user", content: "test" } ]) { |_| }
|
|
end
|
|
|
|
assert_match(/temporarily unavailable/, error.message)
|
|
end
|
|
|
|
test "does not retry after streaming has started" do
|
|
call_count = 0
|
|
|
|
# Custom response that yields one chunk then raises mid-stream
|
|
mock_response = Object.new
|
|
mock_response.define_singleton_method(:is_a?) { |klass| klass == Net::HTTPSuccess }
|
|
mock_response.define_singleton_method(:read_body) do |&blk|
|
|
blk.call("data: {\"choices\":[{\"delta\":{\"content\":\"partial\"}}],\"model\":\"m\"}\n\n")
|
|
raise Errno::ECONNRESET, "connection reset mid-stream"
|
|
end
|
|
|
|
mock_http = stub("http")
|
|
mock_http.stubs(:use_ssl=)
|
|
mock_http.stubs(:open_timeout=)
|
|
mock_http.stubs(:read_timeout=)
|
|
mock_http.define_singleton_method(:request) do |_req, &blk|
|
|
call_count += 1
|
|
blk.call(mock_response)
|
|
end
|
|
|
|
Net::HTTP.stubs(:new).returns(mock_http)
|
|
|
|
chunks = []
|
|
error = assert_raises(Assistant::Error) do
|
|
@client.chat(messages: [ { role: "user", content: "test" } ]) { |t| chunks << t }
|
|
end
|
|
|
|
assert_equal 1, call_count, "Should not retry after streaming started"
|
|
assert_equal [ "partial" ], chunks
|
|
assert_match(/connection was interrupted/, error.message)
|
|
end
|
|
|
|
test "builds correct request payload" do
|
|
sse_body = "data: {\"choices\":[{\"delta\":{\"content\":\"hi\"}}],\"model\":\"m\"}\n\ndata: [DONE]\n\n"
|
|
capture = mock_http_streaming_response(sse_body)
|
|
|
|
@client.chat(
|
|
messages: [
|
|
{ role: "user", content: "Hello" },
|
|
{ role: "assistant", content: "Hi there" },
|
|
{ role: "user", content: "What is my balance?" }
|
|
],
|
|
user: "sure-family-42"
|
|
) { |_| }
|
|
|
|
body = JSON.parse(capture[0].body)
|
|
assert_equal "test-agent", body["model"]
|
|
assert_equal true, body["stream"]
|
|
assert_equal 3, body["messages"].size
|
|
assert_equal "sure-family-42", body["user"]
|
|
end
|
|
|
|
test "sets authorization header and agent_id header" do
|
|
sse_body = "data: {\"choices\":[{\"delta\":{\"content\":\"hi\"}}],\"model\":\"m\"}\n\ndata: [DONE]\n\n"
|
|
capture = mock_http_streaming_response(sse_body)
|
|
|
|
@client.chat(messages: [ { role: "user", content: "test" } ]) { |_| }
|
|
|
|
assert_equal "Bearer test-token", capture[0]["Authorization"]
|
|
assert_equal "test-agent", capture[0]["X-Agent-Id"]
|
|
assert_equal "agent:main:main", capture[0]["X-Session-Key"]
|
|
assert_equal "text/event-stream", capture[0]["Accept"]
|
|
assert_equal "application/json", capture[0]["Content-Type"]
|
|
end
|
|
|
|
test "omits user field when not provided" do
|
|
sse_body = "data: {\"choices\":[{\"delta\":{\"content\":\"hi\"}}],\"model\":\"m\"}\n\ndata: [DONE]\n\n"
|
|
capture = mock_http_streaming_response(sse_body)
|
|
|
|
@client.chat(messages: [ { role: "user", content: "test" } ]) { |_| }
|
|
|
|
body = JSON.parse(capture[0].body)
|
|
assert_not body.key?("user")
|
|
end
|
|
|
|
test "handles malformed JSON in SSE data gracefully" do
|
|
sse_body = "data: {not valid json}\n\ndata: {\"choices\":[{\"delta\":{\"content\":\"OK\"}}],\"model\":\"m\"}\n\ndata: [DONE]\n\n"
|
|
mock_http_streaming_response(sse_body)
|
|
|
|
chunks = []
|
|
@client.chat(messages: [ { role: "user", content: "test" } ]) { |t| chunks << t }
|
|
|
|
assert_equal [ "OK" ], chunks
|
|
end
|
|
|
|
test "handles SSE data: field without space after colon (spec-compliant)" do
|
|
sse_body = "data:{\"choices\":[{\"delta\":{\"content\":\"no space\"}}],\"model\":\"m\"}\n\ndata:[DONE]\n\n"
|
|
mock_http_streaming_response(sse_body)
|
|
|
|
chunks = []
|
|
@client.chat(messages: [ { role: "user", content: "test" } ]) { |t| chunks << t }
|
|
|
|
assert_equal [ "no space" ], chunks
|
|
end
|
|
|
|
test "handles chunked SSE data split across read_body calls" do
|
|
chunk1 = "data: {\"choices\":[{\"delta\":{\"content\":\"Hel"
|
|
chunk2 = "lo\"}}],\"model\":\"m\"}\n\ndata: [DONE]\n\n"
|
|
|
|
mock_http_streaming_response_chunked([ chunk1, chunk2 ])
|
|
|
|
chunks = []
|
|
@client.chat(messages: [ { role: "user", content: "test" } ]) { |t| chunks << t }
|
|
|
|
assert_equal [ "Hello" ], chunks
|
|
end
|
|
|
|
test "routes through HTTPS_PROXY when set" do
|
|
sse_body = "data: {\"choices\":[{\"delta\":{\"content\":\"hi\"}}],\"model\":\"m\"}\n\ndata: [DONE]\n\n"
|
|
|
|
mock_response = stub("response")
|
|
mock_response.stubs(:code).returns("200")
|
|
mock_response.stubs(:is_a?).with(Net::HTTPSuccess).returns(true)
|
|
mock_response.stubs(:read_body).yields(sse_body)
|
|
|
|
mock_http = stub("http")
|
|
mock_http.stubs(:use_ssl=)
|
|
mock_http.stubs(:open_timeout=)
|
|
mock_http.stubs(:read_timeout=)
|
|
mock_http.stubs(:request).yields(mock_response)
|
|
|
|
captured_args = nil
|
|
Net::HTTP.stubs(:new).with do |*args|
|
|
captured_args = args
|
|
true
|
|
end.returns(mock_http)
|
|
|
|
client = Assistant::External::Client.new(
|
|
url: "https://example.com/v1/chat",
|
|
token: "test-token"
|
|
)
|
|
|
|
ClimateControl.modify(HTTPS_PROXY: "http://proxyuser:proxypass@proxy:8888") do
|
|
client.chat(messages: [ { role: "user", content: "test" } ]) { |_| }
|
|
end
|
|
|
|
assert_equal "example.com", captured_args[0]
|
|
assert_equal 443, captured_args[1]
|
|
assert_equal "proxy", captured_args[2]
|
|
assert_equal 8888, captured_args[3]
|
|
assert_equal "proxyuser", captured_args[4]
|
|
assert_equal "proxypass", captured_args[5]
|
|
end
|
|
|
|
test "skips proxy for hosts in NO_PROXY" do
|
|
sse_body = "data: {\"choices\":[{\"delta\":{\"content\":\"hi\"}}],\"model\":\"m\"}\n\ndata: [DONE]\n\n"
|
|
|
|
mock_response = stub("response")
|
|
mock_response.stubs(:code).returns("200")
|
|
mock_response.stubs(:is_a?).with(Net::HTTPSuccess).returns(true)
|
|
mock_response.stubs(:read_body).yields(sse_body)
|
|
|
|
mock_http = stub("http")
|
|
mock_http.stubs(:use_ssl=)
|
|
mock_http.stubs(:open_timeout=)
|
|
mock_http.stubs(:read_timeout=)
|
|
mock_http.stubs(:request).yields(mock_response)
|
|
|
|
captured_args = nil
|
|
Net::HTTP.stubs(:new).with do |*args|
|
|
captured_args = args
|
|
true
|
|
end.returns(mock_http)
|
|
|
|
client = Assistant::External::Client.new(
|
|
url: "http://agent.internal.example.com:18789/v1/chat",
|
|
token: "test-token"
|
|
)
|
|
|
|
ClimateControl.modify(HTTP_PROXY: "http://proxy:8888", NO_PROXY: "localhost,.example.com") do
|
|
client.chat(messages: [ { role: "user", content: "test" } ]) { |_| }
|
|
end
|
|
|
|
# Should NOT pass proxy args — only host and port
|
|
assert_equal 2, captured_args.length
|
|
end
|
|
|
|
private
|
|
|
|
def mock_http_streaming_response(sse_body)
|
|
capture = []
|
|
mock_response = stub("response")
|
|
mock_response.stubs(:code).returns("200")
|
|
mock_response.stubs(:is_a?).with(Net::HTTPSuccess).returns(true)
|
|
mock_response.stubs(:read_body).yields(sse_body)
|
|
|
|
mock_http = stub("http")
|
|
mock_http.stubs(:use_ssl=)
|
|
mock_http.stubs(:open_timeout=)
|
|
mock_http.stubs(:read_timeout=)
|
|
mock_http.stubs(:request).with do |req|
|
|
capture[0] = req
|
|
true
|
|
end.yields(mock_response)
|
|
|
|
Net::HTTP.stubs(:new).returns(mock_http)
|
|
capture
|
|
end
|
|
|
|
def mock_http_streaming_response_chunked(chunks)
|
|
mock_response = stub("response")
|
|
mock_response.stubs(:code).returns("200")
|
|
mock_response.stubs(:is_a?).with(Net::HTTPSuccess).returns(true)
|
|
mock_response.stubs(:read_body).multiple_yields(*chunks.map { |c| [ c ] })
|
|
|
|
mock_http = stub("http")
|
|
mock_http.stubs(:use_ssl=)
|
|
mock_http.stubs(:open_timeout=)
|
|
mock_http.stubs(:read_timeout=)
|
|
mock_http.stubs(:request).yields(mock_response)
|
|
|
|
Net::HTTP.stubs(:new).returns(mock_http)
|
|
end
|
|
|
|
def mock_http_error_response(code, message)
|
|
mock_response = stub("response")
|
|
mock_response.stubs(:code).returns(code.to_s)
|
|
mock_response.stubs(:is_a?).with(Net::HTTPSuccess).returns(false)
|
|
mock_response.stubs(:body).returns(message)
|
|
|
|
mock_http = stub("http")
|
|
mock_http.stubs(:use_ssl=)
|
|
mock_http.stubs(:open_timeout=)
|
|
mock_http.stubs(:read_timeout=)
|
|
mock_http.stubs(:request).yields(mock_response)
|
|
|
|
Net::HTTP.stubs(:new).returns(mock_http)
|
|
end
|
|
end
|