fix(auto): use action parser for repair gates
Some checks failed
CD Pipeline / tests (push) Failing after 1m2s
CD Pipeline / build-and-deploy (push) Has been skipped
CD Pipeline / post-deploy-checks (push) Has been skipped
Code Review / ai-code-review (push) Successful in 24s

This commit is contained in:
Your Name
2026-04-30 14:06:09 +08:00
parent 9ee3cc6242
commit ed2a4838f2
11 changed files with 279 additions and 60 deletions

View File

@@ -64,7 +64,7 @@ def _run_cs1_block(
回傳 (mock_executor_class, mock_execute_method)
"""
from src.services.auto_approve import _DESTRUCTIVE_PATTERNS
from src.services.action_parser import is_safe_kubectl_action
mock_exec_instance = MagicMock()
if exec_side_effect is not None:
@@ -94,7 +94,7 @@ def _run_cs1_block(
and analysis_result.confidence >= 0.85
and risk_level != RiskLevel.CRITICAL
and _sa_val not in _non_destructive_actions
and not any(p in _cs1_kubectl.lower() for p in _DESTRUCTIVE_PATTERNS)
and is_safe_kubectl_action(_cs1_kubectl)
)
if _cs1_can_auto:
import asyncio
@@ -155,6 +155,15 @@ class TestCS1AutoExecuteConditions:
_, mock_exec = _run_cs1_block(analysis, RiskLevel.LOW)
mock_exec.execute_approved_action.assert_not_called()
def test_single_delete_pod_executes(self):
"""單一 Pod delete 是可恢復操作parser 不應誤殺"""
analysis = _make_analysis(
confidence=0.90,
kubectl_command="kubectl delete pod api-xxx-yyy -n prod",
)
_, mock_exec = _run_cs1_block(analysis, RiskLevel.LOW)
mock_exec.execute_approved_action.assert_called_once()
def test_no_action_does_not_execute(self):
"""suggested_action=NO_ACTION → 不執行"""
analysis = _make_analysis(
@@ -182,7 +191,7 @@ class TestCS1AutoExecuteFailureDegradation:
analysis = _make_analysis(confidence=0.90)
# 直接測試條件邏輯,確保例外被吞掉
from src.services.auto_approve import _DESTRUCTIVE_PATTERNS
from src.services.action_parser import is_safe_kubectl_action
_non_destructive_actions = {"NO_ACTION", "INVESTIGATE", "OBSERVE"}
_sa_val = analysis.suggested_action.value
@@ -192,7 +201,7 @@ class TestCS1AutoExecuteFailureDegradation:
and analysis.confidence >= 0.85
and RiskLevel.LOW != RiskLevel.CRITICAL
and _sa_val not in _non_destructive_actions
and not any(p in _cs1_kubectl.lower() for p in _DESTRUCTIVE_PATTERNS)
and is_safe_kubectl_action(_cs1_kubectl)
)
assert _cs1_can_auto, "前置條件必須為 True 才能測試降級"