mirror of
https://github.com/we-promise/sure.git
synced 2026-04-09 15:24:48 +00:00
84bfe5b7ab
* feat(helm): add Pipelock ConfigMap, scanning config, and consolidate compose - Add ConfigMap template rendering DLP, response scanning, MCP input/tool scanning, and forward proxy settings from values - Mount ConfigMap as /etc/pipelock/pipelock.yaml volume in deployment - Add checksum/config annotation for automatic pod restart on config change - Gate HTTPS_PROXY/HTTP_PROXY env injection on forwardProxy.enabled (skip in MCP-only mode) - Use hasKey for all boolean values to prevent Helm default swallowing false - Single source of truth for ports (forwardProxy.port/mcpProxy.port) - Pipelock-specific imagePullSecrets with fallback to app secrets - Merge standalone compose.example.pipelock.yml into compose.example.ai.yml - Add pipelock.example.yaml for Docker Compose users - Add exclude-paths to CI workflow for locale file false positives * Add external assistant support (OpenAI-compatible SSE proxy) Allow self-hosted instances to delegate chat to an external AI agent via an OpenAI-compatible streaming endpoint. Configurable per-family through Settings UI or ASSISTANT_TYPE env override. - Assistant::External::Client: SSE streaming HTTP client (no new gems) - Settings UI with type selector, env lock indicator, config status - Helm chart and Docker Compose env var support - 45 tests covering client, config, routing, controller, integration * Add session key routing, email allowlist, and config plumbing Route to the actual OpenClaw session via x-openclaw-session-key header instead of creating isolated sessions. Gate external assistant access behind an email allowlist (EXTERNAL_ASSISTANT_ALLOWED_EMAILS env var). Plumb session_key and allowedEmails through Helm chart, compose, and env template. * Add HTTPS_PROXY support to External::Client for Pipelock integration Net::HTTP does not auto-read HTTPS_PROXY/HTTP_PROXY env vars (unlike Faraday). Explicitly resolve proxy from environment in build_http so outbound traffic to the external assistant routes through Pipelock's forward proxy when enabled. Respects NO_PROXY for internal hosts. * Add UI fields for external assistant config (Setting-backed with env fallback) Follow the same pattern as OpenAI settings: database-backed Setting fields with env var defaults. Self-hosters can now configure the external assistant URL, token, and agent ID from the browser (Settings > Self-Hosting > AI Assistant) instead of requiring env vars. Fields disable when the corresponding env var is set. * Improve external assistant UI labels and add help text Change placeholder to generic OpenAI-compatible URL pattern. Add help text under each field explaining where the values come from: URL from agent provider, token for authentication, agent ID for multi-agent routing. * Add external assistant docs and fix URL help text Add External AI Assistant section to docs/hosting/ai.md covering setup (UI and env vars), how it works, Pipelock security scanning, access control, and Docker Compose example. Drop "chat completions" jargon from URL help text. * Harden external assistant: retry logic, disconnect UI, error handling, and test coverage - Add retry with backoff for transient network errors (no retry after streaming starts) - Add disconnect button with confirmation modal in self-hosting settings - Narrow rescue scope with fallback logging for unexpected errors - Safe cleanup of partial responses on stream interruption - Gate ai_available? on family assistant_type instead of OR-ing all providers - Truncate conversation history to last 20 messages - Proxy-aware HTTP client with NO_PROXY support - Sanitize protocol to use generic headers (X-Agent-Id, X-Session-Key) - Full test coverage for streaming, retries, proxy routing, config, and disconnect * Exclude external assistant client from Pipelock scan-diff False positive: `@token` instance variable flagged as "Credential in URL". Temporary workaround until Pipelock supports inline suppression. * Address review feedback: NO_PROXY boundary fix, SSE done flag, design tokens - Fix NO_PROXY matching to require domain boundary (exact match or .suffix), case-insensitive. Prevents badexample.com matching example.com. - Add done flag to SSE streaming so read_body stops after [DONE] - Move MAX_CONVERSATION_MESSAGES to class level - Use bg-success/bg-destructive design tokens for status indicators - Add rationale comment for pipelock scan exclusion - Update docs last-updated date * Address second round of review feedback - Allowlist email comparison is now case-insensitive and nil-safe - Cap SSE buffer at 1 MB to prevent memory blowup from malformed streams - Don't expose upstream HTTP response body in user-facing errors (log it instead) - Fix frozen string warning on buffer initialization - Fix "builtin" typo in docs (should be "built-in") * Protect completed responses from cleanup, sanitize error messages - Don't destroy a fully streamed assistant message if post-stream metadata update fails (only cleanup partial responses) - Log raw connection/HTTP errors internally, show generic messages to users to avoid leaking network/proxy details - Update test assertions for new error message wording * Fix SSE content guard and NO_PROXY test correctness Use nil check instead of present? for SSE delta content to preserve whitespace-only chunks (newlines, spaces) that can occur in code output. Fix NO_PROXY test to use HTTP_PROXY matching the http:// client URL so the proxy resolution and NO_PROXY bypass logic are actually exercised. * Forward proxy credentials to Net::HTTP Pass proxy_uri.user and proxy_uri.password to Net::HTTP.new so authenticated proxies (http://user:pass@host:port) work correctly. Without this, credentials parsed from the proxy URL were silently dropped. Nil values are safe as positional args when no creds exist. * Update pipelock integration to v0.3.1 with full scanning config Bump Helm image tag from 0.2.7 to 0.3.1. Add missing security sections to both the Helm ConfigMap and compose example config: mcp_tool_policy, mcp_session_binding, and tool_chain_detection. These protect the /mcp endpoint against tool injection, session hijacking, and multi-step exfiltration chains. Add version and mode fields to config files. Enable include_defaults for DLP and response scanning to merge user patterns with the 35 built-in patterns. Remove redundant --mode CLI flag from the Helm deployment template since mode is now in the config file.
94 lines
3.7 KiB
Ruby
94 lines
3.7 KiB
Ruby
require "test_helper"
|
|
|
|
class Assistant::ExternalConfigTest < ActiveSupport::TestCase
|
|
test "config reads URL from environment with priority over Setting" do
|
|
with_env_overrides("EXTERNAL_ASSISTANT_URL" => "http://from-env/v1/chat") do
|
|
assert_equal "http://from-env/v1/chat", Assistant::External.config.url
|
|
assert_equal "main", Assistant::External.config.agent_id
|
|
assert_equal "agent:main:main", Assistant::External.config.session_key
|
|
end
|
|
end
|
|
|
|
test "config falls back to Setting when env var is absent" do
|
|
Setting.external_assistant_url = "http://from-setting/v1/chat"
|
|
Setting.external_assistant_token = "setting-token"
|
|
|
|
with_env_overrides("EXTERNAL_ASSISTANT_URL" => nil, "EXTERNAL_ASSISTANT_TOKEN" => nil) do
|
|
assert_equal "http://from-setting/v1/chat", Assistant::External.config.url
|
|
assert_equal "setting-token", Assistant::External.config.token
|
|
end
|
|
ensure
|
|
Setting.external_assistant_url = nil
|
|
Setting.external_assistant_token = nil
|
|
end
|
|
|
|
test "config reads agent_id with custom value" do
|
|
with_env_overrides(
|
|
"EXTERNAL_ASSISTANT_URL" => "http://example.com/v1/chat",
|
|
"EXTERNAL_ASSISTANT_TOKEN" => "test-token",
|
|
"EXTERNAL_ASSISTANT_AGENT_ID" => "finance-bot"
|
|
) do
|
|
assert_equal "finance-bot", Assistant::External.config.agent_id
|
|
assert_equal "test-token", Assistant::External.config.token
|
|
end
|
|
end
|
|
|
|
test "config reads session_key with custom value" do
|
|
with_env_overrides(
|
|
"EXTERNAL_ASSISTANT_URL" => "http://example.com/v1/chat",
|
|
"EXTERNAL_ASSISTANT_TOKEN" => "test-token",
|
|
"EXTERNAL_ASSISTANT_SESSION_KEY" => "agent:finance-bot:finance"
|
|
) do
|
|
assert_equal "agent:finance-bot:finance", Assistant::External.config.session_key
|
|
end
|
|
end
|
|
|
|
test "available_for? allows any user when no allowlist is set" do
|
|
user = OpenStruct.new(email: "anyone@example.com")
|
|
with_env_overrides("EXTERNAL_ASSISTANT_URL" => "http://x", "EXTERNAL_ASSISTANT_TOKEN" => "t", "EXTERNAL_ASSISTANT_ALLOWED_EMAILS" => nil) do
|
|
assert Assistant::External.available_for?(user)
|
|
end
|
|
end
|
|
|
|
test "available_for? restricts to allowlisted emails" do
|
|
allowed = OpenStruct.new(email: "josh@example.com")
|
|
denied = OpenStruct.new(email: "other@example.com")
|
|
with_env_overrides("EXTERNAL_ASSISTANT_URL" => "http://x", "EXTERNAL_ASSISTANT_TOKEN" => "t", "EXTERNAL_ASSISTANT_ALLOWED_EMAILS" => "josh@example.com, admin@example.com") do
|
|
assert Assistant::External.available_for?(allowed)
|
|
assert_not Assistant::External.available_for?(denied)
|
|
end
|
|
end
|
|
|
|
test "build_conversation_messages truncates to last 20 messages" do
|
|
chat = chats(:one)
|
|
|
|
# Create enough messages to exceed the 20-message cap
|
|
25.times do |i|
|
|
role_class = i.even? ? UserMessage : AssistantMessage
|
|
role_class.create!(chat: chat, content: "msg #{i}", ai_model: "test")
|
|
end
|
|
|
|
with_env_overrides("EXTERNAL_ASSISTANT_URL" => "http://x", "EXTERNAL_ASSISTANT_TOKEN" => "t") do
|
|
external = Assistant::External.new(chat)
|
|
messages = external.send(:build_conversation_messages)
|
|
|
|
assert_equal 20, messages.length
|
|
# Last message should be the most recent one we created
|
|
assert_equal "msg 24", messages.last[:content]
|
|
end
|
|
end
|
|
|
|
test "configured? returns true only when URL and token are both present" do
|
|
Setting.external_assistant_url = nil
|
|
Setting.external_assistant_token = nil
|
|
|
|
with_env_overrides("EXTERNAL_ASSISTANT_URL" => "http://x", "EXTERNAL_ASSISTANT_TOKEN" => nil) do
|
|
assert_not Assistant::External.configured?
|
|
end
|
|
|
|
with_env_overrides("EXTERNAL_ASSISTANT_URL" => "http://x", "EXTERNAL_ASSISTANT_TOKEN" => "t") do
|
|
assert Assistant::External.configured?
|
|
end
|
|
end
|
|
end
|