mirror of
https://github.com/bytedance/deer-flow.git
synced 2026-05-10 18:58:21 +00:00
daa3ffc29b
* Make loop detection configurable Expose LoopDetectionMiddleware thresholds through config.yaml while preserving existing defaults and allowing the middleware to be disabled. Refs bytedance/deer-flow#2517 * feat(loop-detection): add per-tool tool_freq_overrides to Phase 1 Adds ToolFreqOverride model and tool_freq_overrides field to LoopDetectionConfig, wires it through LoopDetectionMiddleware, and documents the option in config.example.yaml. Resolves the gap flagged in the #2586 review: without per-tool overrides, users hit by #2510/#2511 (RNA-seq workflows exceeding the bash hard limit) had no way to raise thresholds for one tool without loosening the global limit for every tool. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> * Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> * docs(loop-detection): document tool_freq_overrides in LoopDetectionMiddleware docstring Add the missing Args entry for tool_freq_overrides, explaining the (warn, hard_limit) tuple structure and how per-tool thresholds supersede the global tool_freq_warn / tool_freq_hard_limit for named tools. Also run ruff format on the three files flagged by the lint check. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(loop-detection): validate LoopDetectionMiddleware __init__ params eagerly Raise clear ValueError at construction time instead of crashing at unpack-time inside _track_and_check when bad values are passed: - tool_freq_overrides: must be 2-tuples of positive ints with hard_limit >= warn - scalar thresholds: warn_threshold, hard_limit, tool_freq_warn, tool_freq_hard_limit must be >= 1 and hard limits must >= their warn pairs - window_size, max_tracked_threads must be >= 1 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * fix(test): isolate credential loader directory-path test from real ~/.claude The test didn't monkeypatch HOME, so on any machine with real Claude Code credentials at ~/.claude/.credentials.json the function fell through to those credentials and the assertion failed. Adding HOME redirect ensures the default credential path doesn't exist during the test. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * style(test): add blank lines after import pytest in TestInitValidation Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> * refactor(loop-detection): collapse dual validation to LoopDetectionConfig Modifications - LoopDetectionMiddleware.__init__: stripped of all ValueError raises; becomes a plain field-assignment constructor. - LoopDetectionMiddleware.from_config: classmethod that builds the middleware from a Pydantic-validated LoopDetectionConfig and handles the ToolFreqOverride -> tuple[int, int] conversion. - agents/factory.py: SDK construction routed through LoopDetectionMiddleware.from_config(LoopDetectionConfig()) so the defaults path is Pydantic-validated too. - agents/lead_agent/agent.py: uses from_config instead of unpacking config fields by hand. - tests/test_loop_detection_middleware.py: deleted TestInitValidation (16 methods exercising the removed __init__ checks); added TestFromConfig (4 tests: scalar field mapping, override tuple conversion, empty overrides, behavioral smoke test). Result: one validation layer (Pydantic), zero duplication, no __new__ hacks. Both production construction sites flow through LoopDetectionConfig. Test results make test -> 2977 passed, 18 skipped, 0 failed (137s) make format -> All checks passed; 411 files left unchanged * feat(agents): make loop_detection configurable in create_deerflow_agent Adds a `loop_detection: bool | AgentMiddleware = True` field to RuntimeFeatures, mirroring the existing pattern used by `sandbox`, `memory`, and `vision`. SDK users can now disable LoopDetectionMiddleware or replace it with a custom instance built from their own LoopDetectionConfig — e.g. `LoopDetectionMiddleware.from_config(my_cfg)` — instead of being stuck with the hardcoded defaults previously installed by the SDK factory. The lead-agent path (which already reads AppConfig.loop_detection) is unchanged, and the default `True` preserves prior always-on behavior for all existing callers. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> --------- Co-authored-by: knight0940 <631532668@qq.com> Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com> Co-authored-by: Amorend <142649913+knight0940@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> Co-authored-by: Willem Jiang <willem.jiang@gmail.com>
159 lines
4.9 KiB
Python
159 lines
4.9 KiB
Python
import json
|
|
import os
|
|
|
|
from deerflow.models.credential_loader import (
|
|
load_claude_code_credential,
|
|
load_codex_cli_credential,
|
|
)
|
|
|
|
|
|
def _clear_claude_code_env(monkeypatch) -> None:
|
|
for env_var in (
|
|
"CLAUDE_CODE_OAUTH_TOKEN",
|
|
"ANTHROPIC_AUTH_TOKEN",
|
|
"CLAUDE_CODE_OAUTH_TOKEN_FILE_DESCRIPTOR",
|
|
"CLAUDE_CODE_CREDENTIALS_PATH",
|
|
):
|
|
monkeypatch.delenv(env_var, raising=False)
|
|
|
|
|
|
def test_load_claude_code_credential_from_direct_env(monkeypatch):
|
|
_clear_claude_code_env(monkeypatch)
|
|
monkeypatch.setenv("CLAUDE_CODE_OAUTH_TOKEN", " sk-ant-oat01-env ")
|
|
|
|
cred = load_claude_code_credential()
|
|
|
|
assert cred is not None
|
|
assert cred.access_token == "sk-ant-oat01-env"
|
|
assert cred.refresh_token == ""
|
|
assert cred.source == "claude-cli-env"
|
|
|
|
|
|
def test_load_claude_code_credential_from_anthropic_auth_env(monkeypatch):
|
|
_clear_claude_code_env(monkeypatch)
|
|
monkeypatch.setenv("ANTHROPIC_AUTH_TOKEN", "sk-ant-oat01-anthropic-auth")
|
|
|
|
cred = load_claude_code_credential()
|
|
|
|
assert cred is not None
|
|
assert cred.access_token == "sk-ant-oat01-anthropic-auth"
|
|
assert cred.source == "claude-cli-env"
|
|
|
|
|
|
def test_load_claude_code_credential_from_file_descriptor(monkeypatch):
|
|
_clear_claude_code_env(monkeypatch)
|
|
|
|
read_fd, write_fd = os.pipe()
|
|
try:
|
|
os.write(write_fd, b"sk-ant-oat01-fd")
|
|
os.close(write_fd)
|
|
monkeypatch.setenv("CLAUDE_CODE_OAUTH_TOKEN_FILE_DESCRIPTOR", str(read_fd))
|
|
|
|
cred = load_claude_code_credential()
|
|
finally:
|
|
os.close(read_fd)
|
|
|
|
assert cred is not None
|
|
assert cred.access_token == "sk-ant-oat01-fd"
|
|
assert cred.refresh_token == ""
|
|
assert cred.source == "claude-cli-fd"
|
|
|
|
|
|
def test_load_claude_code_credential_from_override_path(tmp_path, monkeypatch):
|
|
_clear_claude_code_env(monkeypatch)
|
|
cred_path = tmp_path / "claude-credentials.json"
|
|
cred_path.write_text(
|
|
json.dumps(
|
|
{
|
|
"claudeAiOauth": {
|
|
"accessToken": "sk-ant-oat01-test",
|
|
"refreshToken": "sk-ant-ort01-test",
|
|
"expiresAt": 4_102_444_800_000,
|
|
}
|
|
}
|
|
)
|
|
)
|
|
monkeypatch.setenv("CLAUDE_CODE_CREDENTIALS_PATH", str(cred_path))
|
|
|
|
cred = load_claude_code_credential()
|
|
|
|
assert cred is not None
|
|
assert cred.access_token == "sk-ant-oat01-test"
|
|
assert cred.refresh_token == "sk-ant-ort01-test"
|
|
assert cred.source == "claude-cli-file"
|
|
|
|
|
|
def test_load_claude_code_credential_ignores_directory_path(tmp_path, monkeypatch):
|
|
_clear_claude_code_env(monkeypatch)
|
|
# Redirect HOME so the default ~/.claude/.credentials.json doesn't exist
|
|
monkeypatch.setenv("HOME", str(tmp_path))
|
|
cred_dir = tmp_path / "claude-creds-dir"
|
|
cred_dir.mkdir()
|
|
monkeypatch.setenv("CLAUDE_CODE_CREDENTIALS_PATH", str(cred_dir))
|
|
|
|
assert load_claude_code_credential() is None
|
|
|
|
|
|
def test_load_claude_code_credential_falls_back_to_default_file_when_override_is_invalid(tmp_path, monkeypatch):
|
|
_clear_claude_code_env(monkeypatch)
|
|
monkeypatch.setenv("HOME", str(tmp_path))
|
|
|
|
cred_dir = tmp_path / "claude-creds-dir"
|
|
cred_dir.mkdir()
|
|
monkeypatch.setenv("CLAUDE_CODE_CREDENTIALS_PATH", str(cred_dir))
|
|
|
|
default_path = tmp_path / ".claude" / ".credentials.json"
|
|
default_path.parent.mkdir()
|
|
default_path.write_text(
|
|
json.dumps(
|
|
{
|
|
"claudeAiOauth": {
|
|
"accessToken": "sk-ant-oat01-default",
|
|
"refreshToken": "sk-ant-ort01-default",
|
|
"expiresAt": 4_102_444_800_000,
|
|
}
|
|
}
|
|
)
|
|
)
|
|
|
|
cred = load_claude_code_credential()
|
|
|
|
assert cred is not None
|
|
assert cred.access_token == "sk-ant-oat01-default"
|
|
assert cred.refresh_token == "sk-ant-ort01-default"
|
|
assert cred.source == "claude-cli-file"
|
|
|
|
|
|
def test_load_codex_cli_credential_supports_nested_tokens_shape(tmp_path, monkeypatch):
|
|
auth_path = tmp_path / "auth.json"
|
|
auth_path.write_text(
|
|
json.dumps(
|
|
{
|
|
"tokens": {
|
|
"access_token": "codex-access-token",
|
|
"account_id": "acct_123",
|
|
}
|
|
}
|
|
)
|
|
)
|
|
monkeypatch.setenv("CODEX_AUTH_PATH", str(auth_path))
|
|
|
|
cred = load_codex_cli_credential()
|
|
|
|
assert cred is not None
|
|
assert cred.access_token == "codex-access-token"
|
|
assert cred.account_id == "acct_123"
|
|
assert cred.source == "codex-cli"
|
|
|
|
|
|
def test_load_codex_cli_credential_supports_legacy_top_level_shape(tmp_path, monkeypatch):
|
|
auth_path = tmp_path / "auth.json"
|
|
auth_path.write_text(json.dumps({"access_token": "legacy-access-token"}))
|
|
monkeypatch.setenv("CODEX_AUTH_PATH", str(auth_path))
|
|
|
|
cred = load_codex_cli_credential()
|
|
|
|
assert cred is not None
|
|
assert cred.access_token == "legacy-access-token"
|
|
assert cred.account_id == ""
|