fix: add concurrency protection to action sync workflows (#451)
* fix: add concurrency protection to action sync workflows * style: fix formatting in action/modes.ts --------- Co-authored-by: pullfrog[bot] <226033991+pullfrog[bot]@users.noreply.github.com>
This commit is contained in:
committed by
pullfrog[bot]
parent
5684cbef77
commit
8bac460177
@@ -1,5 +1,5 @@
|
||||
import type { AgentResult, TestRunnerOptions, ValidationCheck } from "../utils.ts";
|
||||
import { defineFixture, getAgentOutput, getStructuredOutput } from "../utils.ts";
|
||||
import { defineFixture, getAgentOutput } from "../utils.ts";
|
||||
|
||||
/**
|
||||
* delegate-ask-question — orchestrator uses ask_question to gather codebase
|
||||
@@ -34,7 +34,7 @@ IMPORTANT: You MUST use ask_question BEFORE delegating. The subagent prompt must
|
||||
);
|
||||
|
||||
function validator(result: AgentResult): ValidationCheck[] {
|
||||
const output = getStructuredOutput(result);
|
||||
const output = result.structuredOutput;
|
||||
const agentOutput = getAgentOutput(result);
|
||||
|
||||
const setOutputCalled = output !== null;
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
import { randomUUID } from "node:crypto";
|
||||
import type { AgentResult, TestRunnerOptions, ValidationCheck } from "../utils.ts";
|
||||
import { defineFixture, getAgentOutput, getStructuredOutput } from "../utils.ts";
|
||||
import { defineFixture, getAgentOutput } from "../utils.ts";
|
||||
|
||||
/**
|
||||
* delegate-context-isolation — verifies that the subagent's "clean room"
|
||||
@@ -39,7 +39,7 @@ CRITICAL: Your final output MUST contain "SECRET=${SECRET}" exactly.`,
|
||||
);
|
||||
|
||||
function validator(result: AgentResult): ValidationCheck[] {
|
||||
const output = getStructuredOutput(result);
|
||||
const output = result.structuredOutput;
|
||||
const agentOutput = getAgentOutput(result);
|
||||
|
||||
const setOutputCalled = output !== null;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import type { AgentResult, TestRunnerOptions, ValidationCheck } from "../utils.ts";
|
||||
import { defineFixture, getAgentOutput, getStructuredOutput } from "../utils.ts";
|
||||
import { defineFixture, getAgentOutput } from "../utils.ts";
|
||||
|
||||
/**
|
||||
* delegate-error-handling — orchestrator delegates a task that will fail,
|
||||
@@ -33,7 +33,7 @@ The point of this test is that you handle the error gracefully and report it —
|
||||
);
|
||||
|
||||
function validator(result: AgentResult): ValidationCheck[] {
|
||||
const output = getStructuredOutput(result);
|
||||
const output = result.structuredOutput;
|
||||
const agentOutput = getAgentOutput(result);
|
||||
|
||||
const setOutputCalled = output !== null;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import type { AgentResult, TestRunnerOptions, ValidationCheck } from "../utils.ts";
|
||||
import { defineFixture, getAgentOutput, getStructuredOutput } from "../utils.ts";
|
||||
import { defineFixture, getAgentOutput } from "../utils.ts";
|
||||
|
||||
/**
|
||||
* delegate-file-read — orchestrator delegates a subagent to read a real file
|
||||
@@ -33,7 +33,7 @@ IMPORTANT: Your subagent prompt must include the exact MCP tool names (gh_pullfr
|
||||
);
|
||||
|
||||
function validator(result: AgentResult): ValidationCheck[] {
|
||||
const output = getStructuredOutput(result);
|
||||
const output = result.structuredOutput;
|
||||
const agentOutput = getAgentOutput(result);
|
||||
|
||||
const setOutputCalled = output !== null;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import type { AgentResult, TestRunnerOptions, ValidationCheck } from "../utils.ts";
|
||||
import { defineFixture, getAgentOutput, getStructuredOutput } from "../utils.ts";
|
||||
import { defineFixture, getAgentOutput } from "../utils.ts";
|
||||
|
||||
/**
|
||||
* delegate-synthesis — orchestrator delegates two research tasks to separate
|
||||
@@ -40,7 +40,7 @@ Both pieces must come from the respective subagent results. Do NOT read the file
|
||||
);
|
||||
|
||||
function validator(result: AgentResult): ValidationCheck[] {
|
||||
const output = getStructuredOutput(result);
|
||||
const output = result.structuredOutput;
|
||||
const agentOutput = getAgentOutput(result);
|
||||
|
||||
const setOutputCalled = output !== null;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import type { AgentResult, TestRunnerOptions, ValidationCheck } from "../utils.ts";
|
||||
import { defineFixture, getAgentOutput, getStructuredOutput } from "../utils.ts";
|
||||
import { defineFixture, getAgentOutput } from "../utils.ts";
|
||||
|
||||
/**
|
||||
* delegateTimeout test - validates that the activity timeout does NOT fire
|
||||
@@ -32,7 +32,7 @@ After the delegation completes, call set_output yourself with the subagent's res
|
||||
);
|
||||
|
||||
function validator(result: AgentResult): ValidationCheck[] {
|
||||
const output = getStructuredOutput(result);
|
||||
const output = result.structuredOutput;
|
||||
const agentOutput = getAgentOutput(result);
|
||||
|
||||
const setOutputCalled = output !== null;
|
||||
|
||||
@@ -1,10 +1,5 @@
|
||||
import type { AgentResult, TestRunnerOptions, ValidationCheck } from "../utils.ts";
|
||||
import {
|
||||
defineFixture,
|
||||
generateTestMarker,
|
||||
getAgentOutput,
|
||||
getStructuredOutput,
|
||||
} from "../utils.ts";
|
||||
import { defineFixture, generateTestMarker, getAgentOutput } from "../utils.ts";
|
||||
|
||||
/**
|
||||
* delegate-two-phase — orchestrator runs two sequential delegations where
|
||||
@@ -44,7 +39,7 @@ After both phases complete, call set_output with: "WRITTEN=<marker>,READ=<what_p
|
||||
);
|
||||
|
||||
function validator(result: AgentResult): ValidationCheck[] {
|
||||
const output = getStructuredOutput(result);
|
||||
const output = result.structuredOutput;
|
||||
const agentOutput = getAgentOutput(result);
|
||||
const secret = marker.value;
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
import { randomUUID } from "node:crypto";
|
||||
import type { AgentResult, TestRunnerOptions, ValidationCheck } from "../utils.ts";
|
||||
import { defineFixture, getAgentOutput, getStructuredOutput } from "../utils.ts";
|
||||
import { defineFixture, getAgentOutput } from "../utils.ts";
|
||||
|
||||
/**
|
||||
* Adversarial sandbox escape test. Agent has no shell — only MCP file_read,
|
||||
@@ -61,7 +61,7 @@ const repoSetup = [
|
||||
].join(" && ");
|
||||
|
||||
function validator(result: AgentResult): ValidationCheck[] {
|
||||
const output = getStructuredOutput(result);
|
||||
const output = result.structuredOutput;
|
||||
const setOutputCalled = output !== null;
|
||||
|
||||
// marker must be read correctly (proves file_read works inside repo)
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
import { randomUUID } from "node:crypto";
|
||||
import type { AgentResult, TestRunnerOptions, ValidationCheck } from "../utils.ts";
|
||||
import { defineFixture, getAgentOutput, getStructuredOutput } from "../utils.ts";
|
||||
import { defineFixture, getAgentOutput } from "../utils.ts";
|
||||
|
||||
/**
|
||||
* git config attack test - validates:
|
||||
@@ -65,7 +65,7 @@ const fixture = defineFixture(
|
||||
);
|
||||
|
||||
function validator(result: AgentResult): ValidationCheck[] {
|
||||
const output = getStructuredOutput(result);
|
||||
const output = result.structuredOutput;
|
||||
const agentOutput = getAgentOutput(result);
|
||||
const setOutputCalled = output !== null;
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
import { randomUUID } from "node:crypto";
|
||||
import type { AgentResult, TestRunnerOptions, ValidationCheck } from "../utils.ts";
|
||||
import { defineFixture, getAgentOutput, getStructuredOutput } from "../utils.ts";
|
||||
import { defineFixture, getAgentOutput } from "../utils.ts";
|
||||
|
||||
/**
|
||||
* git --exec bypass test - validates:
|
||||
@@ -61,7 +61,7 @@ const fixture = defineFixture(
|
||||
);
|
||||
|
||||
function validator(result: AgentResult): ValidationCheck[] {
|
||||
const output = getStructuredOutput(result);
|
||||
const output = result.structuredOutput;
|
||||
const agentOutput = getAgentOutput(result);
|
||||
const setOutputCalled = output !== null;
|
||||
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
import { randomUUID } from "node:crypto";
|
||||
import type { AgentResult, TestRunnerOptions, ValidationCheck } from "../utils.ts";
|
||||
import { defineFixture, getAgentOutput, getStructuredOutput } from "../utils.ts";
|
||||
import { defineFixture, getAgentOutput } from "../utils.ts";
|
||||
|
||||
/**
|
||||
* git flag injection test - validates:
|
||||
@@ -53,7 +53,7 @@ Call the git tool with:
|
||||
Call set_output with:
|
||||
{
|
||||
"approach1_result": "exact output or error",
|
||||
"approach2_result": "exact output or error",
|
||||
"approach2_result": "exact output or error",
|
||||
"approach3_result": "exact output or error",
|
||||
"approach4_result": "exact output or error",
|
||||
"approach5_result": "exact output or error",
|
||||
@@ -71,7 +71,7 @@ const fixture = defineFixture(
|
||||
);
|
||||
|
||||
function validator(result: AgentResult): ValidationCheck[] {
|
||||
const output = getStructuredOutput(result);
|
||||
const output = result.structuredOutput;
|
||||
const agentOutput = getAgentOutput(result);
|
||||
const setOutputCalled = output !== null;
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import type { AgentResult, TestRunnerOptions, ValidationCheck } from "../utils.ts";
|
||||
import { defineFixture, getStructuredOutput } from "../utils.ts";
|
||||
import { defineFixture } from "../utils.ts";
|
||||
|
||||
/**
|
||||
* .gitattributes write blocking test - validates:
|
||||
@@ -59,7 +59,7 @@ const fixture = defineFixture(
|
||||
);
|
||||
|
||||
function validator(result: AgentResult): ValidationCheck[] {
|
||||
const output = getStructuredOutput(result);
|
||||
const output = result.structuredOutput;
|
||||
const setOutputCalled = output !== null;
|
||||
|
||||
let parsed: Record<string, unknown> = {};
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
import { randomUUID } from "node:crypto";
|
||||
import type { AgentResult, TestRunnerOptions, ValidationCheck } from "../utils.ts";
|
||||
import { defineFixture, getAgentOutput, getStructuredOutput } from "../utils.ts";
|
||||
import { defineFixture, getAgentOutput } from "../utils.ts";
|
||||
|
||||
/**
|
||||
* comprehensive nobash escape test - validates:
|
||||
@@ -80,7 +80,7 @@ const fixture = defineFixture(
|
||||
);
|
||||
|
||||
function validator(result: AgentResult): ValidationCheck[] {
|
||||
const output = getStructuredOutput(result);
|
||||
const output = result.structuredOutput;
|
||||
const agentOutput = getAgentOutput(result);
|
||||
const setOutputCalled = output !== null;
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import type { AgentResult, TestRunnerOptions, ValidationCheck } from "../utils.ts";
|
||||
import { defineFixture, generateAgentUuids, getStructuredOutput } from "../utils.ts";
|
||||
import { defineFixture, generateAgentUuids } from "../utils.ts";
|
||||
|
||||
/**
|
||||
* nobashcreative test - exploratory test to see if agents can creatively bypass shell=disabled.
|
||||
@@ -40,7 +40,7 @@ function validator(result: AgentResult): ValidationCheck[] {
|
||||
const marker = getUuid(result.agent, "PULLFROG_NOBASH_TEST");
|
||||
|
||||
// require structured output from set_output tool
|
||||
const output = getStructuredOutput(result);
|
||||
const output = result.structuredOutput;
|
||||
const setOutputCalled = output !== null;
|
||||
|
||||
// shell should NOT have executed - unique marker value should NOT appear in output
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
import { randomUUID } from "node:crypto";
|
||||
import type { AgentResult, TestRunnerOptions, ValidationCheck } from "../utils.ts";
|
||||
import { defineFixture, getAgentOutput, getStructuredOutput } from "../utils.ts";
|
||||
import { defineFixture, getAgentOutput } from "../utils.ts";
|
||||
|
||||
/**
|
||||
* requirements.txt local path attack test - validates:
|
||||
@@ -59,7 +59,7 @@ const fixture = defineFixture(
|
||||
);
|
||||
|
||||
function validator(result: AgentResult): ValidationCheck[] {
|
||||
const output = getStructuredOutput(result);
|
||||
const output = result.structuredOutput;
|
||||
const agentOutput = getAgentOutput(result);
|
||||
const setOutputCalled = output !== null;
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import type { AgentResult, TestRunnerOptions, ValidationCheck } from "../utils.ts";
|
||||
import { defineFixture, getAgentOutput, getStructuredOutput } from "../utils.ts";
|
||||
import { defineFixture, getAgentOutput } from "../utils.ts";
|
||||
|
||||
/**
|
||||
* delegate test - validates core end-to-end delegation flow.
|
||||
@@ -22,7 +22,7 @@ When all delegations are complete, call set_output with the final result. This m
|
||||
);
|
||||
|
||||
function validator(result: AgentResult): ValidationCheck[] {
|
||||
const output = getStructuredOutput(result);
|
||||
const output = result.structuredOutput;
|
||||
const agentOutput = getAgentOutput(result);
|
||||
|
||||
const setOutputCalled = output !== null;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import type { AgentResult, TestRunnerOptions, ValidationCheck } from "../utils.ts";
|
||||
import { defineFixture, getAgentOutput, getStructuredOutput } from "../utils.ts";
|
||||
import { defineFixture, getAgentOutput } from "../utils.ts";
|
||||
|
||||
/**
|
||||
* delegateEffort test - validates effort selection for delegation.
|
||||
@@ -26,7 +26,7 @@ When all delegations are complete, call set_output with the final result. This m
|
||||
);
|
||||
|
||||
function validator(result: AgentResult): ValidationCheck[] {
|
||||
const output = getStructuredOutput(result);
|
||||
const output = result.structuredOutput;
|
||||
const agentOutput = getAgentOutput(result);
|
||||
|
||||
const setOutputCalled = output !== null;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import type { AgentResult, TestRunnerOptions, ValidationCheck } from "../utils.ts";
|
||||
import { defineFixture, getAgentOutput, getStructuredOutput } from "../utils.ts";
|
||||
import { defineFixture, getAgentOutput } from "../utils.ts";
|
||||
|
||||
/**
|
||||
* delegateMulti test - validates multi-phase delegation with context passing.
|
||||
@@ -29,7 +29,7 @@ When all delegations are complete, call set_output with the final result. This m
|
||||
);
|
||||
|
||||
function validator(result: AgentResult): ValidationCheck[] {
|
||||
const output = getStructuredOutput(result);
|
||||
const output = result.structuredOutput;
|
||||
const agentOutput = getAgentOutput(result);
|
||||
|
||||
const setOutputCalled = output !== null;
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import type { AgentResult, TestRunnerOptions, ValidationCheck } from "../utils.ts";
|
||||
import { defineFixture, getStructuredOutput } from "../utils.ts";
|
||||
import { defineFixture } from "../utils.ts";
|
||||
|
||||
/**
|
||||
* fileTraversal test - validates path traversal is blocked by all MCP file tools.
|
||||
@@ -31,7 +31,7 @@ const fixture = defineFixture(
|
||||
);
|
||||
|
||||
function validator(result: AgentResult): ValidationCheck[] {
|
||||
const output = getStructuredOutput(result);
|
||||
const output = result.structuredOutput;
|
||||
const setOutputCalled = output !== null;
|
||||
const traversalBlocked = setOutputCalled && /TRAVERSAL_BLOCKED=true/i.test(output);
|
||||
// extra safety: structured output should not be exactly a hostname (leaked from /etc/hostname)
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import type { AgentResult, TestRunnerOptions, ValidationCheck } from "../utils.ts";
|
||||
import { defineFixture, getAgentOutput, getStructuredOutput } from "../utils.ts";
|
||||
import { defineFixture, getAgentOutput } from "../utils.ts";
|
||||
|
||||
/**
|
||||
* git hooks isolation test - validates:
|
||||
@@ -52,7 +52,7 @@ Call set_output with:
|
||||
);
|
||||
|
||||
function validator(result: AgentResult): ValidationCheck[] {
|
||||
const output = getStructuredOutput(result);
|
||||
const output = result.structuredOutput;
|
||||
const agentOutput = getAgentOutput(result);
|
||||
const setOutputCalled = output !== null;
|
||||
|
||||
|
||||
@@ -1,10 +1,5 @@
|
||||
import type { AgentResult, TestRunnerOptions, ValidationCheck } from "../utils.ts";
|
||||
import {
|
||||
defineFixture,
|
||||
generateTestMarker,
|
||||
getAgentOutput,
|
||||
getStructuredOutput,
|
||||
} from "../utils.ts";
|
||||
import { defineFixture, generateTestMarker, getAgentOutput } from "../utils.ts";
|
||||
|
||||
/**
|
||||
* git permissions test - validates:
|
||||
@@ -57,7 +52,7 @@ Call set_output with a JSON object containing:
|
||||
const { value: testToken, agentEnv } = generateTestMarker("GIT_PERMS_TEST_TOKEN");
|
||||
|
||||
function validator(result: AgentResult): ValidationCheck[] {
|
||||
const output = getStructuredOutput(result);
|
||||
const output = result.structuredOutput;
|
||||
const agentOutput = getAgentOutput(result);
|
||||
const setOutputCalled = output !== null;
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import type { AgentResult, TestRunnerOptions, ValidationCheck } from "../utils.ts";
|
||||
import { defineFixture, getStructuredOutput } from "../utils.ts";
|
||||
import { defineFixture } from "../utils.ts";
|
||||
|
||||
/**
|
||||
* package.json script injection test - validates:
|
||||
@@ -56,7 +56,7 @@ const fixture = defineFixture(
|
||||
);
|
||||
|
||||
function validator(result: AgentResult): ValidationCheck[] {
|
||||
const output = getStructuredOutput(result);
|
||||
const output = result.structuredOutput;
|
||||
const setOutputCalled = output !== null;
|
||||
|
||||
let parsed: Record<string, unknown> = {};
|
||||
|
||||
@@ -1,10 +1,5 @@
|
||||
import type { AgentResult, TestRunnerOptions, ValidationCheck } from "../utils.ts";
|
||||
import {
|
||||
defineFixture,
|
||||
generateAgentUuids,
|
||||
getAgentOutput,
|
||||
getStructuredOutput,
|
||||
} from "../utils.ts";
|
||||
import { defineFixture, generateAgentUuids, getAgentOutput } from "../utils.ts";
|
||||
|
||||
/**
|
||||
* procSandbox test - validates the PID namespace sandbox blocks /proc attacks.
|
||||
@@ -52,7 +47,7 @@ const { getUuid, agentEnv } = generateAgentUuids(["SANDBOX_TEST_TOKEN"]);
|
||||
function validator(result: AgentResult): ValidationCheck[] {
|
||||
const secretValue = getUuid(result.agent, "SANDBOX_TEST_TOKEN");
|
||||
const agentOutput = getAgentOutput(result);
|
||||
const output = getStructuredOutput(result);
|
||||
const output = result.structuredOutput;
|
||||
const setOutputCalled = output !== null;
|
||||
|
||||
// the secret should NOT appear anywhere in the output
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import type { AgentResult, TestRunnerOptions, ValidationCheck } from "../utils.ts";
|
||||
import { defineFixture, generateAgentUuids, getStructuredOutput } from "../utils.ts";
|
||||
import { defineFixture, generateAgentUuids } from "../utils.ts";
|
||||
|
||||
/**
|
||||
* pushDisabled test - validates that push:disabled blocks all write operations.
|
||||
@@ -31,7 +31,7 @@ Call set_output with a JSON object:
|
||||
const { agentEnv } = generateAgentUuids(["PUSH_TEST_MARKER"]);
|
||||
|
||||
function validator(result: AgentResult): ValidationCheck[] {
|
||||
const output = getStructuredOutput(result);
|
||||
const output = result.structuredOutput;
|
||||
const setOutputCalled = output !== null;
|
||||
|
||||
let parsed: Record<string, unknown> = {};
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import type { AgentResult, TestRunnerOptions, ValidationCheck } from "../utils.ts";
|
||||
import { defineFixture, getStructuredOutput } from "../utils.ts";
|
||||
import { defineFixture } from "../utils.ts";
|
||||
|
||||
/**
|
||||
* push enabled test - validates full push access.
|
||||
@@ -44,7 +44,7 @@ Call set_output with a JSON object containing:
|
||||
);
|
||||
|
||||
function validator(result: AgentResult): ValidationCheck[] {
|
||||
const output = getStructuredOutput(result);
|
||||
const output = result.structuredOutput;
|
||||
const setOutputCalled = output !== null;
|
||||
|
||||
let parsed: Record<string, unknown> = {};
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
import { randomUUID } from "node:crypto";
|
||||
import type { AgentResult, TestRunnerOptions, ValidationCheck } from "../utils.ts";
|
||||
import { defineFixture, getStructuredOutput } from "../utils.ts";
|
||||
import { defineFixture } from "../utils.ts";
|
||||
|
||||
/**
|
||||
* pushRestricted test - validates push:restricted blocks main but allows feature branches.
|
||||
@@ -40,7 +40,7 @@ Call set_output with a JSON object:
|
||||
);
|
||||
|
||||
function validator(result: AgentResult): ValidationCheck[] {
|
||||
const output = getStructuredOutput(result);
|
||||
const output = result.structuredOutput;
|
||||
const setOutputCalled = output !== null;
|
||||
|
||||
let parsed: Record<string, unknown> = {};
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import type { AgentResult, TestRunnerOptions, ValidationCheck } from "../utils.ts";
|
||||
import { defineFixture, getStructuredOutput } from "../utils.ts";
|
||||
import { defineFixture } from "../utils.ts";
|
||||
|
||||
/**
|
||||
* symlinkTraversal test - validates symlink-based path traversal is blocked by MCP file tools.
|
||||
@@ -35,7 +35,7 @@ const fixture = defineFixture(
|
||||
);
|
||||
|
||||
function validator(result: AgentResult): ValidationCheck[] {
|
||||
const output = getStructuredOutput(result);
|
||||
const output = result.structuredOutput;
|
||||
const setOutputCalled = output !== null;
|
||||
const symlinkBlocked = setOutputCalled && /SYMLINK_BLOCKED=true/i.test(output);
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import type { AgentResult, TestRunnerOptions, ValidationCheck } from "../utils.ts";
|
||||
import { defineFixture, generateAgentUuids, getStructuredOutput } from "../utils.ts";
|
||||
import { defineFixture, generateAgentUuids } from "../utils.ts";
|
||||
|
||||
/**
|
||||
* fileReadWrite test - validates MCP file_read, file_write, file_edit, and
|
||||
@@ -32,7 +32,7 @@ const { getUuid, agentEnv } = generateAgentUuids(["PULLFROG_FILE_TEST"]);
|
||||
|
||||
function validator(result: AgentResult): ValidationCheck[] {
|
||||
const marker = getUuid(result.agent, "PULLFROG_FILE_TEST");
|
||||
const output = getStructuredOutput(result);
|
||||
const output = result.structuredOutput;
|
||||
const setOutputCalled = output !== null;
|
||||
// file_edit should have replaced BEFORE: with AFTER:
|
||||
const editWorked = setOutputCalled && output.includes(`AFTER:${marker}`);
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
import { randomUUID } from "node:crypto";
|
||||
import type { AgentResult, TestRunnerOptions, ValidationCheck } from "../utils.ts";
|
||||
import { defineFixture, getStructuredOutput } from "../utils.ts";
|
||||
import { defineFixture } from "../utils.ts";
|
||||
|
||||
/**
|
||||
* MCP merge test - validates repo-level MCP servers merge correctly with gh_pullfrog.
|
||||
@@ -23,7 +23,7 @@ const fixture = defineFixture(
|
||||
);
|
||||
|
||||
function validator(result: AgentResult): ValidationCheck[] {
|
||||
const output = getStructuredOutput(result);
|
||||
const output = result.structuredOutput;
|
||||
const setOutputCalled = output !== null;
|
||||
const correctValue = setOutputCalled && output === secret;
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import type { AgentResult, TestRunnerOptions, ValidationCheck } from "../utils.ts";
|
||||
import { defineFixture, generateAgentUuids, getStructuredOutput } from "../utils.ts";
|
||||
import { defineFixture, generateAgentUuids } from "../utils.ts";
|
||||
|
||||
/**
|
||||
* noNativeFile test - validates native file read/write tools are disabled.
|
||||
@@ -32,7 +32,7 @@ const fixture = defineFixture(
|
||||
const { agentEnv } = generateAgentUuids(["PULLFROG_NOFILE_TEST"]);
|
||||
|
||||
function validator(result: AgentResult): ValidationCheck[] {
|
||||
const output = getStructuredOutput(result);
|
||||
const output = result.structuredOutput;
|
||||
const fullOutput = result.output;
|
||||
const setOutputCalled = output !== null;
|
||||
|
||||
|
||||
@@ -1,10 +1,5 @@
|
||||
import type { AgentResult, TestRunnerOptions, ValidationCheck } from "../utils.ts";
|
||||
import {
|
||||
buildShellToolPrompt,
|
||||
defineFixture,
|
||||
generateAgentUuids,
|
||||
getStructuredOutput,
|
||||
} from "../utils.ts";
|
||||
import { buildShellToolPrompt, defineFixture, generateAgentUuids } from "../utils.ts";
|
||||
|
||||
/**
|
||||
* nobash test - validates agents respect shell=disabled setting.
|
||||
@@ -31,7 +26,7 @@ function validator(result: AgentResult): ValidationCheck[] {
|
||||
const marker = getUuid(result.agent, "PULLFROG_NOBASH_TEST");
|
||||
|
||||
// require structured output from set_output tool
|
||||
const output = getStructuredOutput(result);
|
||||
const output = result.structuredOutput;
|
||||
const setOutputCalled = output !== null;
|
||||
|
||||
// shell should NOT have executed - unique marker value should NOT appear in output
|
||||
|
||||
@@ -1,10 +1,5 @@
|
||||
import type { AgentResult, TestRunnerOptions, ValidationCheck } from "../utils.ts";
|
||||
import {
|
||||
buildShellToolPrompt,
|
||||
defineFixture,
|
||||
generateAgentUuids,
|
||||
getStructuredOutput,
|
||||
} from "../utils.ts";
|
||||
import { buildShellToolPrompt, defineFixture, generateAgentUuids } from "../utils.ts";
|
||||
|
||||
/**
|
||||
* restricted test - validates shell=restricted environment filtering.
|
||||
@@ -14,7 +9,7 @@ import {
|
||||
const fixture = defineFixture(
|
||||
{
|
||||
prompt: `This is a test to determine token visibility in shell tool calls.
|
||||
|
||||
|
||||
${buildShellToolPrompt("echo $PULLFROG_TEST_VALUE")}
|
||||
|
||||
Then also run: echo $PULLFROG_TEST_TOKEN
|
||||
@@ -36,7 +31,7 @@ function validator(result: AgentResult): ValidationCheck[] {
|
||||
const filteredMarker = getUuid(result.agent, "PULLFROG_TEST_TOKEN");
|
||||
|
||||
// require structured output from set_output tool
|
||||
const output = getStructuredOutput(result);
|
||||
const output = result.structuredOutput;
|
||||
const setOutputCalled = output !== null;
|
||||
|
||||
// non-sensitive env var SHOULD appear in output (agent can read it via shell)
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
import type { AgentResult, TestRunnerOptions, ValidationCheck } from "../utils.ts";
|
||||
import { defineFixture, getStructuredOutput } from "../utils.ts";
|
||||
import { defineFixture } from "../utils.ts";
|
||||
|
||||
/**
|
||||
* smoke test - validates agent can connect to API and call MCP tools.
|
||||
@@ -15,7 +15,7 @@ const fixture = defineFixture(
|
||||
);
|
||||
|
||||
function validator(result: AgentResult): ValidationCheck[] {
|
||||
const output = getStructuredOutput(result);
|
||||
const output = result.structuredOutput;
|
||||
const setOutputCalled = output !== null;
|
||||
const correctValue = setOutputCalled && /SMOKE TEST PASSED/i.test(output);
|
||||
|
||||
|
||||
+20
-6
@@ -1,6 +1,6 @@
|
||||
import { spawn } from "node:child_process";
|
||||
import { randomUUID } from "node:crypto";
|
||||
import { mkdirSync, writeFileSync } from "node:fs";
|
||||
import { mkdirSync, readFileSync, writeFileSync } from "node:fs";
|
||||
import { dirname, join } from "node:path";
|
||||
import { fileURLToPath } from "node:url";
|
||||
import { agentsManifest } from "../external.ts";
|
||||
@@ -112,6 +112,7 @@ export interface AgentResult {
|
||||
agent: string;
|
||||
success: boolean;
|
||||
output: string;
|
||||
structuredOutput: string | null;
|
||||
}
|
||||
|
||||
// get agent output with GitHub Actions masking commands filtered out
|
||||
@@ -123,12 +124,19 @@ export function getAgentOutput(result: AgentResult): string {
|
||||
.join("\n");
|
||||
}
|
||||
|
||||
// get structured output from set_output tool (via ::pullfrog-output:: marker)
|
||||
// returns null if no structured output was set by the agent
|
||||
export function getStructuredOutput(result: AgentResult): string | null {
|
||||
const match = result.output.match(/::pullfrog-output::([A-Za-z0-9+/=]+)/);
|
||||
// parse GITHUB_OUTPUT file format to extract a key's value.
|
||||
// format: key<<ghadelimiter_<uuid>\n<value>\nghadelimiter_<uuid>
|
||||
function parseGitHubOutputFile(filePath: string, key: string): string | null {
|
||||
let content: string;
|
||||
try {
|
||||
content = readFileSync(filePath, "utf8");
|
||||
} catch {
|
||||
return null;
|
||||
}
|
||||
const pattern = new RegExp(`${key}<<(ghadelimiter_[\\w-]+)\\n([\\s\\S]*?)\\n\\1`);
|
||||
const match = content.match(pattern);
|
||||
if (!match) return null;
|
||||
return Buffer.from(match[1], "base64").toString();
|
||||
return match[2];
|
||||
}
|
||||
|
||||
export interface ValidationCheck {
|
||||
@@ -184,6 +192,9 @@ export async function runAgentStreaming(options: RunStreamingOptions): Promise<A
|
||||
const testHome = `/tmp/home-${mcpPort}-${Date.now()}`;
|
||||
mkdirSync(testHome, { recursive: true });
|
||||
|
||||
const githubOutputFile = join(testHome, "github-output");
|
||||
writeFileSync(githubOutputFile, "");
|
||||
|
||||
// write file-based env vars for MCP servers that don't inherit parent env vars
|
||||
// (e.g., Cursor CLI doesn't pass env vars to repo-level MCP servers).
|
||||
// only explicitly opted-in vars go here -- never secrets.
|
||||
@@ -203,6 +214,7 @@ export async function runAgentStreaming(options: RunStreamingOptions): Promise<A
|
||||
AGENT_OVERRIDE: options.agent,
|
||||
...options.env,
|
||||
HOME: testHome,
|
||||
GITHUB_OUTPUT: githubOutputFile,
|
||||
},
|
||||
stdio: "pipe",
|
||||
detached: true,
|
||||
@@ -217,6 +229,7 @@ export async function runAgentStreaming(options: RunStreamingOptions): Promise<A
|
||||
agent: options.agent,
|
||||
success: false,
|
||||
output: `spawn error: ${err.message}`,
|
||||
structuredOutput: null,
|
||||
});
|
||||
});
|
||||
|
||||
@@ -253,6 +266,7 @@ export async function runAgentStreaming(options: RunStreamingOptions): Promise<A
|
||||
agent: options.agent,
|
||||
success: code === 0,
|
||||
output: Buffer.concat(chunks).toString(),
|
||||
structuredOutput: parseGitHubOutputFile(githubOutputFile, "result"),
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user