2026-03-13 22:38:32 +08:00
|
|
|
from pathlib import Path
|
|
|
|
|
|
|
|
|
|
import pytest
|
|
|
|
|
|
refactor: split backend into harness (deerflow.*) and app (app.*) (#1131)
* refactor: extract shared utils to break harness→app cross-layer imports
Move _validate_skill_frontmatter to src/skills/validation.py and
CONVERTIBLE_EXTENSIONS + convert_file_to_markdown to src/utils/file_conversion.py.
This eliminates the two reverse dependencies from client.py (harness layer)
into gateway/routers/ (app layer), preparing for the harness/app package split.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* refactor: split backend/src into harness (deerflow.*) and app (app.*)
Physically split the monolithic backend/src/ package into two layers:
- **Harness** (`packages/harness/deerflow/`): publishable agent framework
package with import prefix `deerflow.*`. Contains agents, sandbox, tools,
models, MCP, skills, config, and all core infrastructure.
- **App** (`app/`): unpublished application code with import prefix `app.*`.
Contains gateway (FastAPI REST API) and channels (IM integrations).
Key changes:
- Move 13 harness modules to packages/harness/deerflow/ via git mv
- Move gateway + channels to app/ via git mv
- Rename all imports: src.* → deerflow.* (harness) / app.* (app layer)
- Set up uv workspace with deerflow-harness as workspace member
- Update langgraph.json, config.example.yaml, all scripts, Docker files
- Add build-system (hatchling) to harness pyproject.toml
- Add PYTHONPATH=. to gateway startup commands for app.* resolution
- Update ruff.toml with known-first-party for import sorting
- Update all documentation to reflect new directory structure
Boundary rule enforced: harness code never imports from app.
All 429 tests pass. Lint clean.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* chore: add harness→app boundary check test and update docs
Add test_harness_boundary.py that scans all Python files in
packages/harness/deerflow/ and fails if any `from app.*` or
`import app.*` statement is found. This enforces the architectural
rule that the harness layer never depends on the app layer.
Update CLAUDE.md to document the harness/app split architecture,
import conventions, and the boundary enforcement test.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* feat: add config versioning with auto-upgrade on startup
When config.example.yaml schema changes, developers' local config.yaml
files can silently become outdated. This adds a config_version field and
auto-upgrade mechanism so breaking changes (like src.* → deerflow.*
renames) are applied automatically before services start.
- Add config_version: 1 to config.example.yaml
- Add startup version check warning in AppConfig.from_file()
- Add scripts/config-upgrade.sh with migration registry for value replacements
- Add `make config-upgrade` target
- Auto-run config-upgrade in serve.sh and start-daemon.sh before starting services
- Add config error hints in service failure messages
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix comments
* fix: update src.* import in test_sandbox_tools_security to deerflow.*
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: handle empty config and search parent dirs for config.example.yaml
Address Copilot review comments on PR #1131:
- Guard against yaml.safe_load() returning None for empty config files
- Search parent directories for config.example.yaml instead of only
looking next to config.yaml, fixing detection in common setups
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fix: correct skills root path depth and config_version type coercion
- loader.py: fix get_skills_root_path() to use 5 parent levels (was 3)
after harness split, file lives at packages/harness/deerflow/skills/
so parent×3 resolved to backend/packages/harness/ instead of backend/
- app_config.py: coerce config_version to int() before comparison in
_check_config_version() to prevent TypeError when YAML stores value
as string (e.g. config_version: "1")
- tests: add regression tests for both fixes
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
* fix: update test imports from src.* to deerflow.*/app.* after harness refactor
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-14 22:55:52 +08:00
|
|
|
from deerflow.sandbox.tools import (
|
2026-03-13 22:38:32 +08:00
|
|
|
VIRTUAL_PATH_PREFIX,
|
|
|
|
|
mask_local_paths_in_output,
|
|
|
|
|
replace_virtual_path,
|
|
|
|
|
resolve_local_tool_path,
|
|
|
|
|
validate_local_bash_command_paths,
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_replace_virtual_path_maps_virtual_root_and_subpaths() -> None:
|
|
|
|
|
thread_data = {
|
|
|
|
|
"workspace_path": "/tmp/deer-flow/threads/t1/user-data/workspace",
|
|
|
|
|
"uploads_path": "/tmp/deer-flow/threads/t1/user-data/uploads",
|
|
|
|
|
"outputs_path": "/tmp/deer-flow/threads/t1/user-data/outputs",
|
|
|
|
|
}
|
|
|
|
|
|
2026-03-16 16:53:12 +08:00
|
|
|
assert Path(replace_virtual_path("/mnt/user-data/workspace/a.txt", thread_data)).as_posix() == "/tmp/deer-flow/threads/t1/user-data/workspace/a.txt"
|
|
|
|
|
assert Path(replace_virtual_path("/mnt/user-data", thread_data)).as_posix() == "/tmp/deer-flow/threads/t1/user-data"
|
2026-03-13 22:38:32 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_mask_local_paths_in_output_hides_host_paths() -> None:
|
|
|
|
|
thread_data = {
|
|
|
|
|
"workspace_path": "/tmp/deer-flow/threads/t1/user-data/workspace",
|
|
|
|
|
"uploads_path": "/tmp/deer-flow/threads/t1/user-data/uploads",
|
|
|
|
|
"outputs_path": "/tmp/deer-flow/threads/t1/user-data/outputs",
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
output = "Created: /tmp/deer-flow/threads/t1/user-data/workspace/result.txt"
|
|
|
|
|
masked = mask_local_paths_in_output(output, thread_data)
|
|
|
|
|
|
|
|
|
|
assert "/tmp/deer-flow/threads/t1/user-data" not in masked
|
|
|
|
|
assert "/mnt/user-data/workspace/result.txt" in masked
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_resolve_local_tool_path_rejects_non_virtual_path() -> None:
|
|
|
|
|
thread_data = {
|
|
|
|
|
"workspace_path": "/tmp/deer-flow/threads/t1/user-data/workspace",
|
|
|
|
|
"uploads_path": "/tmp/deer-flow/threads/t1/user-data/uploads",
|
|
|
|
|
"outputs_path": "/tmp/deer-flow/threads/t1/user-data/outputs",
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
with pytest.raises(PermissionError, match="Only paths under"):
|
|
|
|
|
resolve_local_tool_path("/Users/someone/config.yaml", thread_data)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_resolve_local_tool_path_rejects_virtual_root_with_clear_message() -> None:
|
|
|
|
|
"""Passing the bare virtual root /mnt/user-data should be rejected early with a
|
|
|
|
|
clear 'Only paths under' message, not the misleading 'path traversal detected'
|
|
|
|
|
error that would result from the root mapping to a common parent directory."""
|
|
|
|
|
thread_data = {
|
|
|
|
|
"workspace_path": "/tmp/deer-flow/threads/t1/user-data/workspace",
|
|
|
|
|
"uploads_path": "/tmp/deer-flow/threads/t1/user-data/uploads",
|
|
|
|
|
"outputs_path": "/tmp/deer-flow/threads/t1/user-data/outputs",
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
with pytest.raises(PermissionError, match="Only paths under"):
|
|
|
|
|
resolve_local_tool_path(VIRTUAL_PATH_PREFIX, thread_data)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_resolve_local_tool_path_returns_host_path_for_valid_virtual_path() -> None:
|
|
|
|
|
base = Path("/tmp/deer-flow/threads/t1/user-data")
|
|
|
|
|
thread_data = {
|
|
|
|
|
"workspace_path": str(base / "workspace"),
|
|
|
|
|
"uploads_path": str(base / "uploads"),
|
|
|
|
|
"outputs_path": str(base / "outputs"),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
result = resolve_local_tool_path(f"{VIRTUAL_PATH_PREFIX}/workspace/file.txt", thread_data)
|
|
|
|
|
|
|
|
|
|
expected = str((base / "workspace" / "file.txt").resolve())
|
|
|
|
|
assert result == expected
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_resolve_local_tool_path_rejects_path_traversal() -> None:
|
|
|
|
|
base = Path("/tmp/deer-flow/threads/t1/user-data")
|
|
|
|
|
thread_data = {
|
|
|
|
|
"workspace_path": str(base / "workspace"),
|
|
|
|
|
"uploads_path": str(base / "uploads"),
|
|
|
|
|
"outputs_path": str(base / "outputs"),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
with pytest.raises(PermissionError, match="path traversal"):
|
|
|
|
|
resolve_local_tool_path(f"{VIRTUAL_PATH_PREFIX}/workspace/../../../../etc/passwd", thread_data)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_validate_local_bash_command_paths_blocks_host_paths() -> None:
|
|
|
|
|
thread_data = {
|
|
|
|
|
"workspace_path": "/tmp/deer-flow/threads/t1/user-data/workspace",
|
|
|
|
|
"uploads_path": "/tmp/deer-flow/threads/t1/user-data/uploads",
|
|
|
|
|
"outputs_path": "/tmp/deer-flow/threads/t1/user-data/outputs",
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
with pytest.raises(PermissionError, match="Unsafe absolute paths"):
|
|
|
|
|
validate_local_bash_command_paths("cat /etc/passwd", thread_data)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def test_validate_local_bash_command_paths_allows_virtual_and_system_paths() -> None:
|
|
|
|
|
thread_data = {
|
|
|
|
|
"workspace_path": "/tmp/deer-flow/threads/t1/user-data/workspace",
|
|
|
|
|
"uploads_path": "/tmp/deer-flow/threads/t1/user-data/uploads",
|
|
|
|
|
"outputs_path": "/tmp/deer-flow/threads/t1/user-data/outputs",
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
validate_local_bash_command_paths(
|
|
|
|
|
"/bin/echo ok > /mnt/user-data/workspace/out.txt && cat /dev/null",
|
|
|
|
|
thread_data,
|
|
|
|
|
)
|