Leo/Arcrun
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8e2c32e4664c48245fd767d547d0b08f8ec6c338
Arcrun/registry/tests/sandboxAcceptance.test.ts
T
Leo 8e2c32e466 feat(registry): component_hash_id — stable id system for workflow references 
Problem: canonical_id is readable but mutable; if a component is renamed,
all workflows referencing it by canonical_id break.

Solution: dual-id system
- component_hash_id: cmp_{sha256(canonical_id).slice(0,8)}, derived deterministically,
  never changes, safe for workflow references
- canonical_id: human-readable name, used for search and display
- idx:{canonical_id} KV key: reverse-lookup index for resolving canonical_id → hash_id

Changes:
- types.ts: SandboxResult.component_id → component_hash_id + canonical_id,
  added 'data' to category enum
- submitComponent.ts: deriveHashId(), writes idx: reverse-lookup on submit
- queryComponents.ts: full rewrite — removed KBDB dependency, uses SUBMISSIONS_KV;
  supports both cmp_* and canonical_id as query id; Phase 0 keyword search
  with note to upgrade to Vectorize in Phase 2
- sandboxAcceptance.ts: updated field names, fixed TextDecoder TS type
- ensureTemplate.ts: removed KBDB dependency, now a KV health check
- tests: updated component_id → canonical_id
- CONTRIBUTING.md: explain hash_id derivation and dual-id workflow reference syntax

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-16 14:41:22 +08:00

94 lines
3.7 KiB
TypeScript
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
// 單元測試:sandboxAcceptance
// Requirements: 2.1, 2.2
import { describe, it, expect } from 'vitest';
import { runSandboxAcceptance } from '../src/actions/sandboxAcceptance';
import type { ComponentContract } from '../src/types';
const BASE_CONTRACT: ComponentContract = {
canonical_id: 'validate_json',
display_name: 'JSON 格式驗證器',
category: 'logic',
version: 'v1',
wasi_target: 'preview1',
stability: 'floating',
runtime_compat: ['cf-workers', 'wazero'],
constraints: {
max_size_kb: 100,
max_cold_start_ms: 50,
no_network_syscall: true,
io_model: 'stdin_stdout_json',
},
input_schema: { type: 'object' },
output_schema: { type: 'object' },
gherkin_tests: [
{ scenario: 'happy', given: '{}', then_contains: '{}' },
{ scenario: 'error', given: '{}', then_contains: '{}' },
],
};
// 建立合法的小型 WASM(最小 WASM magic + version header
function makeMinimalWasm(extraBytes = 0): Uint8Array {
const magic = [0x00, 0x61, 0x73, 0x6d]; // \0asm
const version = [0x01, 0x00, 0x00, 0x00];
const padding = new Array(extraBytes).fill(0x00);
return new Uint8Array([...magic, ...version, ...padding]);
}
describe('runSandboxAcceptance', () => {
it('合法小型 WASM 通過所有步驟', () => {
const wasm = makeMinimalWasm(10);
const result = runSandboxAcceptance(wasm, BASE_CONTRACT);
expect(result.success).toBe(true);
expect(result.canonical_id).toBe('validate_json');
expect(result.version).toBe('v1');
});
it('步驟 (a):體積超過上限時失敗', () => {
// max_size_kb = 1,但 wasm 超過 1KB
const contract = { ...BASE_CONTRACT, constraints: { ...BASE_CONTRACT.constraints, max_size_kb: 1 } };
const wasm = makeMinimalWasm(2000); // > 1KB
const result = runSandboxAcceptance(wasm, contract);
expect(result.success).toBe(false);
expect(result.failed_step).toBe('size_check');
expect(result.reason).toContain('超過上限');
expect(result.guide_anchor).toBeDefined();
expect(result.canonical_id).toBe('validate_json');
expect(result.version).toBe('v1');
});
it('步驟 (c):含禁止 syscall 時失敗', () => {
// 在 wasm bytes 中嵌入禁止的 syscall 字串
const syscallStr = 'sock_connect';
const encoder = new TextEncoder();
const syscallBytes = encoder.encode(syscallStr);
const wasm = new Uint8Array([0x00, 0x61, 0x73, 0x6d, 0x01, 0x00, 0x00, 0x00, ...syscallBytes]);
const result = runSandboxAcceptance(wasm, BASE_CONTRACT);
expect(result.success).toBe(false);
expect(result.failed_step).toBe('syscall_scan');
expect(result.reason).toContain('sock_connect');
expect(result.guide_anchor).toBe('#syscall-constraints');
});
it('步驟 (c):含 path_open 時失敗', () => {
const encoder = new TextEncoder();
const syscallBytes = encoder.encode('path_open');
const wasm = new Uint8Array([0x00, 0x61, 0x73, 0x6d, 0x01, 0x00, 0x00, 0x00, ...syscallBytes]);
const result = runSandboxAcceptance(wasm, BASE_CONTRACT);
expect(result.success).toBe(false);
expect(result.failed_step).toBe('syscall_scan');
});
it('size_check 失敗後不執行後續步驟(含禁止 syscall 的大型 wasm', () => {
// 同時違反 size_check 和 syscall_scan
const encoder = new TextEncoder();
const syscallBytes = encoder.encode('sock_connect');
const padding = new Uint8Array(2000); // > 1KB
const wasm = new Uint8Array([0x00, 0x61, 0x73, 0x6d, 0x01, 0x00, 0x00, 0x00, ...syscallBytes, ...padding]);
const contract = { ...BASE_CONTRACT, constraints: { ...BASE_CONTRACT.constraints, max_size_kb: 1 } };
const result = runSandboxAcceptance(wasm, contract);
// 應在 size_check 就停止,不到 syscall_scan
expect(result.failed_step).toBe('size_check');
});
});
Reference in New Issue View Git Blame Copy Permalink