mirror of
https://github.com/bytedance/deer-flow.git
synced 2026-07-09 16:08:31 +00:00
Some checks are pending
Backend Blocking IO / backend-blocking-io (push) Waiting to run
Unit Tests / backend-unit-tests (push) Waiting to run
E2E Tests / e2e-tests (push) Waiting to run
Frontend Unit Tests / frontend-unit-tests (push) Waiting to run
Lint Check / lint-backend (push) Waiting to run
Lint Check / lint-frontend (push) Waiting to run
Replay E2E (front-back contract) / Layer 1 — backend golden (no API key) (push) Waiting to run
Replay E2E (front-back contract) / Layer 2 — full-stack render (no API key) (push) Waiting to run
* feat(persistence): wire alembic migrations + bootstrap schema on startup Closes #3682. Pre-#3658 DBs lack the `runs.token_usage_by_model` column because alembic was never wired up — startup only ran `create_all`, which never ALTERs existing tables. Adds a hybrid bootstrap in FastAPI lifespan (replaces bare `create_all`): - empty DB → create_all + stamp head - legacy DB → stamp 0001_baseline + upgrade head - versioned DB → upgrade head Concurrency: Postgres `pg_advisory_lock` (cross-process); SQLite per-engine `asyncio.Lock` + 30s `PRAGMA busy_timeout` on both prod and alembic engines. Column revisions use `safe_add_column` / `safe_drop_column` idempotent helpers as fallback. Other bits: - 0001 baseline (chain root) + 0002 add `runs.token_usage_by_model` - `include_object` filter so alembic ignores LangGraph checkpointer tables - `make migrate-rev MSG="..."` for authoring new revisions (no migrate/stamp targets — startup is the only execution path) - Tests: three-branch decision, concurrency, #3682 regression, env filter, blocking-IO gate anchor - CLAUDE.md: new "Schema migrations" section * fix(style): fix lint error * perf(persistence): address review feedback on alembic bootstrap Behavioural fixes - _SQLITE_LOCKS now keyed via WeakKeyDictionary so id-reuse after GC cannot return a stale, loop-bound lock and the cache cannot leak one entry per disposed engine. - safe_add_column compares nullable / server_default against the desired column when the name already exists and emits a warning on drift, surfacing manual-ALTER workarounds instead of silently no-op'ing. - _postgres_lock issues SET LOCAL idle_in_transaction_session_timeout=0 before pg_advisory_lock, so managed Postgres cannot kill the idle lock-holding session mid-upgrade and silently release the advisory lock. - legacy branch now backfills missing baseline tables via a restricted create_all (Base.metadata.create_all scoped to _BASELINE_TABLE_NAMES). Restores pre-#1930 upgraders whose channel_* tables were never provisioned, without pre-empting future create_table revisions for newly-added models. Schema parity - runs.token_usage_by_model gains server_default=text("'{}'") in both the ORM model and the 0001_baseline create_table, matching what 0002 adds via ALTER. create_all and alembic-upgrade paths now produce identical column definitions. - New parity test compares Base.metadata.create_all output against a pure alembic upgrade base->head, asserting column-set, nullable, and server_default agree across all tables (normalized through the same helper safe_add_column's drift check uses). Guards - test_baseline_table_names_constant_matches_0001 pins _BASELINE_TABLE_NAMES to 0001_baseline.upgrade()'s actual output -- the constant cannot drift silently when someone edits 0001. - test_legacy_backfill_skips_non_baseline_tables verifies the restricted backfill does not create a phantom table on Base.metadata, modelling a future revision that would otherwise collide on op.create_table. Doc residuals - Three-branch decision table is now consistent across bootstrap.py top docstring, engine.py comment, test module docstring, and CLAUDE.md. - Stale test anchor in blocking_io/test_persistence_engine_sqlite.py docstring now points at the real file. * fix(style): fix lint error * fix(persistence): close drift detection holes - _check_column_drift compares column type via a family equivalence allowlist ({JSON, JSONB}). Catches the wrong-type workaround `TEXT NOT NULL DEFAULT '{}'` that previously slipped through silently, while keeping Postgres JSON/JSONB dialect reflection quiet. Reflected and desired type are also echoed in every drift warning's payload for operator triage. - Extract _escape_url_for_alembic so bootstrap._alembic_safe_url and scripts/_autogen_revision share the ConfigParser % escape rule instead of duplicating it. - backend/README.md: add `make migrate-rev MSG=...` to Commands and a Schema Migrations section per the repo's README/CLAUDE.md sync policy. - test_base_to_dict.py: scope the test ORM class to an isolated MetaData so the create_all-vs-alembic parity test (added in the previous commit) is not polluted by the phantom table on the full pytest session.
71 lines
3.3 KiB
Python
71 lines
3.3 KiB
Python
"""Tests for the Postgres URL / ConfigParser pitfalls in ``bootstrap``.
|
|
|
|
Two failure modes the ``_alembic_safe_url`` helper exists to prevent:
|
|
|
|
1. ``str(engine.url)`` (and the default ``URL.render_as_string()``) masks the
|
|
password as ``***``. The live engine would still work because it carries
|
|
the password in-memory, but alembic ``stamp`` / ``upgrade`` (which open
|
|
their own connection from the URL we pass in) would authenticate with
|
|
garbage and fail at runtime.
|
|
2. ``alembic.config.Config.set_main_option`` forwards to ``ConfigParser.set``,
|
|
which performs ``%(name)s``-style interpolation on the value. A URL-encoded
|
|
password containing ``%`` (e.g. ``p%40ss`` for ``p@ss``) raises
|
|
``InterpolationSyntaxError``. Every literal ``%`` must be doubled.
|
|
"""
|
|
|
|
from __future__ import annotations
|
|
|
|
from types import SimpleNamespace
|
|
|
|
from sqlalchemy.engine.url import make_url
|
|
|
|
from deerflow.persistence.bootstrap import _alembic_safe_url, _escape_url_for_alembic, _get_alembic_config
|
|
|
|
|
|
def _fake_engine(url: str) -> SimpleNamespace:
|
|
"""Build a minimal stand-in for ``AsyncEngine`` so we don't need a real
|
|
driver (e.g. asyncpg) installed just to exercise the URL path."""
|
|
return SimpleNamespace(url=make_url(url))
|
|
|
|
|
|
def test_safe_url_preserves_password_for_postgres() -> None:
|
|
engine = _fake_engine("postgresql://alice:s3cret@db.example.com/app")
|
|
safe = _alembic_safe_url(engine)
|
|
assert "s3cret" in safe, "password got masked: alembic would auth with garbage"
|
|
assert "***" not in safe
|
|
|
|
|
|
def test_safe_url_escapes_percent_for_configparser() -> None:
|
|
# URL-encoded ``@`` in password -> raw ``%40`` in URL -> ConfigParser
|
|
# would treat it as an interpolation marker.
|
|
engine = _fake_engine("postgresql://alice:p%40ss@db.example.com/app")
|
|
safe = _alembic_safe_url(engine)
|
|
assert "p%%40ss" in safe, f"percent not doubled, ConfigParser will fail: {safe}"
|
|
|
|
|
|
def test_alembic_config_accepts_url_with_percent_and_round_trips() -> None:
|
|
# The whole point: build_config should not raise, and the URL alembic
|
|
# reads back should match the original (single ``%``, real password).
|
|
original = "postgresql://alice:p%40ss@db.example.com/app"
|
|
engine = _fake_engine(original)
|
|
cfg = _get_alembic_config(engine)
|
|
roundtrip = cfg.get_main_option("sqlalchemy.url")
|
|
assert roundtrip == original, f"alembic sees a different URL than we set: {roundtrip}"
|
|
|
|
|
|
def test_sqlite_url_does_not_double_percent_unnecessarily() -> None:
|
|
# No percent in the URL -> no escaping needed -> output equals input.
|
|
engine = _fake_engine("sqlite+aiosqlite:///tmp/db.sqlite")
|
|
safe = _alembic_safe_url(engine)
|
|
assert safe == "sqlite+aiosqlite:///tmp/db.sqlite"
|
|
|
|
|
|
def test_escape_url_for_alembic_doubles_only_percent_signs() -> None:
|
|
# Shared helper used by both ``bootstrap._alembic_safe_url`` and
|
|
# ``scripts/_autogen_revision._alembic_config`` -- pins the round-trip
|
|
# rule so any future URL/ConfigParser corner case is fixed in one place.
|
|
assert _escape_url_for_alembic("postgresql://a:p%40ss@h/d") == "postgresql://a:p%%40ss@h/d"
|
|
assert _escape_url_for_alembic("sqlite:///x.db") == "sqlite:///x.db"
|
|
# Idempotency is intentionally NOT a property -- doubling is one-way;
|
|
# callers must escape exactly once on the way into set_main_option.
|
|
assert _escape_url_for_alembic("a%%b") == "a%%%%b"
|