4f044e7b81
Brings the MVP feature set online: upload a Rhai script, get an HTTP
endpoint that runs it sandboxed in-process, list/update/delete it, and
have invalid sources rejected at upload time. Verified live through
Caddy with a full lifecycle (`create → list → get → execute → update
→ delete`) plus error paths (syntax error, duplicate name, deleted).
Layout — every concern lands behind the trait seam its layer owns, so
cluster-mode in v1.3+ is a swap of two impls, not a rewrite:
* shared::ScriptValidator — manager calls into validation without
a hard dep on executor-core; executor-core impls the trait on
`Engine`. Pinned in shared so neither crate has to know about
the other.
* executor-core::Engine — real Rhai engine: sandbox limits (max
operations / string size / map size / call depth), disabled
`print`, blocked `import` (DummyModuleResolver), `log::trace
/info/warn/error` registered as a static module with shared
log-capture buffer (no `log::debug` because `debug` is a Rhai
reserved keyword — `log::trace` covers the same need).
- `ctx` is pushed as a Scope constant exposing
execution_id, script_id, script_name, request_id,
invocation_type, request.{path,headers,body}.
- Response convention: a Map with `statusCode` is the
structured shape (`{statusCode, headers?, body}`); any
other return value is a 200 with the value as the body.
- Engine::execute is now synchronous (pure compute); the
async wrapper + wall-clock timeout live in
LocalExecutorClient, which spawns_blocking and applies a
300s hard ceiling regardless of per-script config.
- 10 unit tests cover validate, exec, structured response,
ctx exposure, log capture, op-budget enforcement, runtime
errors, blocked imports, JSON round-tripping.
* manager-core::repo — full sqlx CRUD over the `scripts` table,
with proper unique-violation handling for duplicate names.
Embedded migrations via `sqlx::migrate!` (one initial
`0001_init.sql` for pgcrypto + scripts + execution_logs).
* manager-core::api — `admin_router` mounts `/scripts` and
`/scripts/{id}`. Create + Update validate source through the
injected `ScriptValidator` before persistence. Returns proper
422/409/404 status codes via `ApiError::IntoResponse`.
* orchestrator-core::api — `data_plane_router` mounts
`/execute/{id}`: resolves the script through `ScriptResolver`,
constructs the `ExecRequest` from headers+body, awaits
`ExecutorClient::execute(..., timeout)`, translates the
`ExecResponse` to an axum `Response` with header passthrough.
Maps `ExecError` variants to 422/504/502/507.
* picloud all-in-one — opens the pool, runs migrations, builds
one engine, nests both routers under `/api/admin` and `/api`,
enables structured JSON tracing and graceful shutdown on
SIGTERM. Single `PostgresScriptRepository` Arc is shared by
the admin router (writes) and the resolver (reads).
Other changes:
* Workspace axum bump 0.7 → 0.8 for the `{id}` path syntax
matching the route definitions.
* Workspace clippy: allow `needless_pass_by_value` and
`boxed_local` to keep API ergonomics over pedantic noise.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
158 lines
4.3 KiB
Rust
158 lines
4.3 KiB
Rust
use std::collections::BTreeMap;
|
|
|
|
use picloud_executor_core::{Engine, ExecError, ExecRequest, InvocationType, Limits, LogLevel};
|
|
use picloud_shared::{ExecutionId, RequestId, ScriptId};
|
|
use serde_json::json;
|
|
|
|
fn req(body: serde_json::Value) -> ExecRequest {
|
|
ExecRequest {
|
|
execution_id: ExecutionId::new(),
|
|
request_id: RequestId::new(),
|
|
script_id: ScriptId::new(),
|
|
script_name: "test".into(),
|
|
invocation_type: InvocationType::Http,
|
|
path: "/test".into(),
|
|
headers: BTreeMap::new(),
|
|
body,
|
|
}
|
|
}
|
|
|
|
fn engine() -> Engine {
|
|
Engine::new(Limits::default())
|
|
}
|
|
|
|
#[test]
|
|
fn validate_accepts_well_formed_script() {
|
|
engine()
|
|
.validate("let x = 1; #{ statusCode: 200, body: x }")
|
|
.expect("valid script should validate");
|
|
}
|
|
|
|
#[test]
|
|
fn validate_rejects_syntax_errors() {
|
|
let err = engine()
|
|
.validate("this is not rhai @@@")
|
|
.expect_err("invalid script should not validate");
|
|
assert!(matches!(err, ExecError::Parse(_)));
|
|
}
|
|
|
|
#[test]
|
|
fn returns_unwrapped_value_as_200_body() {
|
|
let resp = engine()
|
|
.execute("42", req(json!(null)))
|
|
.expect("should execute");
|
|
assert_eq!(resp.status_code, 200);
|
|
assert_eq!(resp.body, json!(42));
|
|
assert!(resp.headers.is_empty());
|
|
}
|
|
|
|
#[test]
|
|
fn returns_structured_response_when_status_code_present() {
|
|
let src = r#"
|
|
#{ statusCode: 201,
|
|
headers: #{ "x-test": "hello" },
|
|
body: #{ ok: true, msg: "created" } }
|
|
"#;
|
|
let resp = engine().execute(src, req(json!(null))).unwrap();
|
|
assert_eq!(resp.status_code, 201);
|
|
assert_eq!(
|
|
resp.headers.get("x-test").map(String::as_str),
|
|
Some("hello")
|
|
);
|
|
assert_eq!(resp.body, json!({ "ok": true, "msg": "created" }));
|
|
}
|
|
|
|
#[test]
|
|
fn ctx_exposes_request_data() {
|
|
let src = r"
|
|
#{ statusCode: 200,
|
|
body: #{
|
|
path: ctx.request.path,
|
|
name: ctx.script_name,
|
|
amount: ctx.request.body.amount
|
|
} }
|
|
";
|
|
let r = ExecRequest {
|
|
path: "/payments".into(),
|
|
body: json!({ "amount": 1234 }),
|
|
script_name: "payments".into(),
|
|
..req(json!(null))
|
|
};
|
|
let resp = engine().execute(src, r).unwrap();
|
|
assert_eq!(
|
|
resp.body,
|
|
json!({ "path": "/payments", "name": "payments", "amount": 1234 })
|
|
);
|
|
}
|
|
|
|
#[test]
|
|
fn captures_log_calls() {
|
|
let src = r#"
|
|
log::info("starting");
|
|
log::warn("watch out", #{ count: 3 });
|
|
log::error("oops");
|
|
log::trace("deep diagnostic");
|
|
42
|
|
"#;
|
|
let resp = engine().execute(src, req(json!(null))).unwrap();
|
|
assert_eq!(resp.logs.len(), 4);
|
|
|
|
let levels: Vec<_> = resp.logs.iter().map(|l| l.level).collect();
|
|
assert_eq!(
|
|
levels,
|
|
vec![
|
|
LogLevel::Info,
|
|
LogLevel::Warn,
|
|
LogLevel::Error,
|
|
LogLevel::Trace
|
|
]
|
|
);
|
|
assert_eq!(resp.logs[0].message, "starting");
|
|
assert_eq!(resp.logs[1].data, Some(json!({ "count": 3 })));
|
|
}
|
|
|
|
#[test]
|
|
fn enforces_operation_budget() {
|
|
let limits = Limits {
|
|
max_operations: 1_000,
|
|
..Limits::default()
|
|
};
|
|
let engine = Engine::new(limits);
|
|
// 10_000 iterations vastly exceeds 1_000 ops.
|
|
let src = r"let n = 0; for i in 0..10000 { n += 1; } n";
|
|
let err = engine
|
|
.execute(src, req(json!(null)))
|
|
.expect_err("should exceed budget");
|
|
assert!(matches!(err, ExecError::OperationBudgetExceeded));
|
|
}
|
|
|
|
#[test]
|
|
fn runtime_error_is_mapped_to_runtime_variant() {
|
|
let err = engine()
|
|
.execute("1 / 0", req(json!(null)))
|
|
.expect_err("division by zero should error");
|
|
assert!(matches!(err, ExecError::Runtime(_)));
|
|
}
|
|
|
|
#[test]
|
|
fn module_import_is_blocked() {
|
|
let err = engine()
|
|
.execute(r#"import "evil" as e; 1"#, req(json!(null)))
|
|
.expect_err("imports should be blocked");
|
|
// Module-not-found is reported as a runtime error via DummyModuleResolver.
|
|
assert!(matches!(err, ExecError::Runtime(_) | ExecError::Parse(_)));
|
|
}
|
|
|
|
#[test]
|
|
fn body_passes_through_nested_json_round_trip() {
|
|
let src = "#{ statusCode: 200, body: ctx.request.body }";
|
|
let body = json!({
|
|
"deep": {
|
|
"list": [1, "two", 3.5, null, true, { "k": "v" }],
|
|
"count": 6
|
|
}
|
|
});
|
|
let resp = engine().execute(src, req(body.clone())).unwrap();
|
|
assert_eq!(resp.body, body);
|
|
}
|