fix(auto): use action parser for repair gates
Some checks failed
CD Pipeline / tests (push) Failing after 1m2s
CD Pipeline / build-and-deploy (push) Has been skipped
CD Pipeline / post-deploy-checks (push) Has been skipped
Code Review / ai-code-review (push) Successful in 24s

This commit is contained in:
Your Name
2026-04-30 14:06:09 +08:00
parent 9ee3cc6242
commit ed2a4838f2
11 changed files with 279 additions and 60 deletions

View File

@@ -35,13 +35,14 @@ def _make_analysis(
def _can_auto(analysis, risk_level, patterns):
from src.models.approval import RiskLevel
from src.services.action_parser import is_safe_kubectl_action
kubectl = (analysis.kubectl_command or "").strip()
return (
bool(kubectl)
and analysis.confidence >= 0.85
and risk_level != RiskLevel.CRITICAL
and "NO_ACTION" not in (analysis.action_title or "")
and not any(p in kubectl.lower() for p in patterns)
and is_safe_kubectl_action(kubectl)
)
@@ -78,9 +79,14 @@ class TestCS3AutoExecute:
a = _make_analysis(action_title="NO_ACTION: no fix needed")
assert _can_auto(a, RiskLevel.MEDIUM, patterns) is False
def test_destructive_delete_blocked(self, patterns):
def test_single_delete_pod_eligible(self, patterns):
from src.models.approval import RiskLevel
a = _make_analysis(kubectl="kubectl delete pod foo-123")
assert _can_auto(a, RiskLevel.MEDIUM, patterns) is True
def test_delete_pods_all_blocked(self, patterns):
from src.models.approval import RiskLevel
a = _make_analysis(kubectl="kubectl delete pods --all -n prod")
assert _can_auto(a, RiskLevel.MEDIUM, patterns) is False
def test_destructive_force_check(self, patterns):