CalvinBackup/fuzzforge_ai
1
0
Fork 0
mirror of https://github.com/FuzzingLabs/fuzzforge_ai.git synced 2026-05-24 04:54:00 +02:00
Code Issues Packages Projects Releases Wiki Activity

CI/CD Integration with Ephemeral Deployment Model (#14)

Browse Source 
* feat: Complete migration from Prefect to Temporal

BREAKING CHANGE: Replaces Prefect workflow orchestration with Temporal

## Major Changes
- Replace Prefect with Temporal for workflow orchestration
- Implement vertical worker architecture (rust, android)
- Replace Docker registry with MinIO for unified storage
- Refactor activities to be co-located with workflows
- Update all API endpoints for Temporal compatibility

## Infrastructure
- New: docker-compose.temporal.yaml (Temporal + MinIO + workers)
- New: workers/ directory with rust and android vertical workers
- New: backend/src/temporal/ (manager, discovery)
- New: backend/src/storage/ (S3-cached storage with MinIO)
- New: backend/toolbox/common/ (shared storage activities)
- Deleted: docker-compose.yaml (old Prefect setup)
- Deleted: backend/src/core/prefect_manager.py
- Deleted: backend/src/services/prefect_stats_monitor.py
- Deleted: Docker registry and insecure-registries requirement

## Workflows
- Migrated: security_assessment workflow to Temporal
- New: rust_test workflow (example/test workflow)
- Deleted: secret_detection_scan (Prefect-based, to be reimplemented)
- Activities now co-located with workflows for independent testing

## API Changes
- Updated: backend/src/api/workflows.py (Temporal submission)
- Updated: backend/src/api/runs.py (Temporal status/results)
- Updated: backend/src/main.py (727 lines, TemporalManager integration)
- Updated: All 16 MCP tools to use TemporalManager

## Testing
-  All services healthy (Temporal, PostgreSQL, MinIO, workers, backend)
-  All API endpoints functional
-  End-to-end workflow test passed (72 findings from vulnerable_app)
-  MinIO storage integration working (target upload/download, results)
-  Worker activity discovery working (6 activities registered)
-  Tarball extraction working
-  SARIF report generation working

## Documentation
- ARCHITECTURE.md: Complete Temporal architecture documentation
- QUICKSTART_TEMPORAL.md: Getting started guide
- MIGRATION_DECISION.md: Why we chose Temporal over Prefect
- IMPLEMENTATION_STATUS.md: Migration progress tracking
- workers/README.md: Worker development guide

## Dependencies
- Added: temporalio>=1.6.0
- Added: boto3>=1.34.0 (MinIO S3 client)
- Removed: prefect>=3.4.18

* feat: Add Python fuzzing vertical with Atheris integration

This commit implements a complete Python fuzzing workflow using Atheris:

## Python Worker (workers/python/)
- Dockerfile with Python 3.11, Atheris, and build tools
- Generic worker.py for dynamic workflow discovery
- requirements.txt with temporalio, boto3, atheris dependencies
- Added to docker-compose.temporal.yaml with dedicated cache volume

## AtherisFuzzer Module (backend/toolbox/modules/fuzzer/)
- Reusable module extending BaseModule
- Auto-discovers fuzz targets (fuzz_*.py, *_fuzz.py, fuzz_target.py)
- Recursive search to find targets in nested directories
- Dynamically loads TestOneInput() function
- Configurable max_iterations and timeout
- Real-time stats callback support for live monitoring
- Returns findings as ModuleFinding objects

## Atheris Fuzzing Workflow (backend/toolbox/workflows/atheris_fuzzing/)
- Temporal workflow for orchestrating fuzzing
- Downloads user code from MinIO
- Executes AtherisFuzzer module
- Uploads results to MinIO
- Cleans up cache after execution
- metadata.yaml with vertical: python for routing

## Test Project (test_projects/python_fuzz_waterfall/)
- Demonstrates stateful waterfall vulnerability
- main.py with check_secret() that leaks progress
- fuzz_target.py with Atheris TestOneInput() harness
- Complete README with usage instructions

## Backend Fixes
- Fixed parameter merging in REST API endpoints (workflows.py)
- Changed workflow parameter passing from positional args to kwargs (manager.py)
- Default parameters now properly merged with user parameters

## Testing
 Worker discovered AtherisFuzzingWorkflow
 Workflow executed end-to-end successfully
 Fuzz target auto-discovered in nested directories
 Atheris ran 100,000 iterations
 Results uploaded and cache cleaned

* chore: Complete Temporal migration with updated CLI/SDK/docs

This commit includes all remaining Temporal migration changes:

## CLI Updates (cli/)
- Updated workflow execution commands for Temporal
- Enhanced error handling and exceptions
- Updated dependencies in uv.lock

## SDK Updates (sdk/)
- Client methods updated for Temporal workflows
- Updated models for new workflow execution
- Updated dependencies in uv.lock

## Documentation Updates (docs/)
- Architecture documentation for Temporal
- Workflow concept documentation
- Resource management documentation (new)
- Debugging guide (new)
- Updated tutorials and how-to guides
- Troubleshooting updates

## README Updates
- Main README with Temporal instructions
- Backend README
- CLI README
- SDK README

## Other
- Updated IMPLEMENTATION_STATUS.md
- Removed old vulnerable_app.tar.gz

These changes complete the Temporal migration and ensure the
CLI/SDK work correctly with the new backend.

* fix: Use positional args instead of kwargs for Temporal workflows

The Temporal Python SDK's start_workflow() method doesn't accept
a 'kwargs' parameter. Workflows must receive parameters as positional
arguments via the 'args' parameter.

Changed from:
  args=workflow_args  # Positional arguments

This fixes the error:
  TypeError: Client.start_workflow() got an unexpected keyword argument 'kwargs'

Workflows now correctly receive parameters in order:
- security_assessment: [target_id, scanner_config, analyzer_config, reporter_config]
- atheris_fuzzing: [target_id, target_file, max_iterations, timeout_seconds]
- rust_test: [target_id, test_message]

* fix: Filter metadata-only parameters from workflow arguments

SecurityAssessmentWorkflow was receiving 7 arguments instead of 2-5.
The issue was that target_path and volume_mode from default_parameters
were being passed to the workflow, when they should only be used by
the system for configuration.

Now filters out metadata-only parameters (target_path, volume_mode)
before passing arguments to workflow execution.

* refactor: Remove Prefect leftovers and volume mounting legacy

Complete cleanup of Prefect migration artifacts:

Backend:
- Delete registry.py and workflow_discovery.py (Prefect-specific files)
- Remove Docker validation from setup.py (no longer needed)
- Remove ResourceLimits and VolumeMount models
- Remove target_path and volume_mode from WorkflowSubmission
- Remove supported_volume_modes from API and discovery
- Clean up metadata.yaml files (remove volume/path fields)
- Simplify parameter filtering in manager.py

SDK:
- Remove volume_mode parameter from client methods
- Remove ResourceLimits and VolumeMount models
- Remove Prefect error patterns from docker_logs.py
- Clean up WorkflowSubmission and WorkflowMetadata models

CLI:
- Remove Volume Modes display from workflow info

All removed features are Prefect-specific or Docker volume mounting
artifacts. Temporal workflows use MinIO storage exclusively.

* feat: Add comprehensive test suite and benchmark infrastructure

- Add 68 unit tests for fuzzer, scanner, and analyzer modules
- Implement pytest-based test infrastructure with fixtures
- Add 6 performance benchmarks with category-specific thresholds
- Configure GitHub Actions for automated testing and benchmarking
- Add test and benchmark documentation

Test coverage:
- AtherisFuzzer: 8 tests
- CargoFuzzer: 14 tests
- FileScanner: 22 tests
- SecurityAnalyzer: 24 tests

All tests passing (68/68)
All benchmarks passing (6/6)

* fix: Resolve all ruff linting violations across codebase

Fixed 27 ruff violations in 12 files:
- Removed unused imports (Depends, Dict, Any, Optional, etc.)
- Fixed undefined workflow_info variable in workflows.py
- Removed dead code with undefined variables in atheris_fuzzer.py
- Changed f-string to regular string where no placeholders used

All files now pass ruff checks for CI/CD compliance.

* fix: Configure CI for unit tests only

- Renamed docker-compose.temporal.yaml → docker-compose.yml for CI compatibility
- Commented out integration-tests job (no integration tests yet)
- Updated test-summary to only depend on lint and unit-tests

CI will now run successfully with 68 unit tests. Integration tests can be added later.

* feat: Add CI/CD integration with ephemeral deployment model

Implements comprehensive CI/CD support for FuzzForge with on-demand worker management:

**Worker Management (v0.7.0)**
- Add WorkerManager for automatic worker lifecycle control
- Auto-start workers from stopped state when workflows execute
- Auto-stop workers after workflow completion
- Health checks and startup timeout handling (90s default)

**CI/CD Features**
- `--fail-on` flag: Fail builds based on SARIF severity levels (error/warning/note/info)
- `--export-sarif` flag: Export findings in SARIF 2.1.0 format
- `--auto-start`/`--auto-stop` flags: Control worker lifecycle
- Exit code propagation: Returns 1 on blocking findings, 0 on success

**Exit Code Fix**
- Add `except typer.Exit: raise` handlers at 3 critical locations
- Move worker cleanup to finally block for guaranteed execution
- Exit codes now propagate correctly even when build fails

**CI Scripts & Examples**
- ci-start.sh: Start FuzzForge services with health checks
- ci-stop.sh: Clean shutdown with volume preservation option
- GitHub Actions workflow example (security-scan.yml)
- GitLab CI pipeline example (.gitlab-ci.example.yml)
- docker-compose.ci.yml: CI-optimized compose file with profiles

**OSS-Fuzz Integration**
- New ossfuzz_campaign workflow for running OSS-Fuzz projects
- OSS-Fuzz worker with Docker-in-Docker support
- Configurable campaign duration and project selection

**Documentation**
- Comprehensive CI/CD integration guide (docs/how-to/cicd-integration.md)
- Updated architecture docs with worker lifecycle details
- Updated workspace isolation documentation
- CLI README with worker management examples

**SDK Enhancements**
- Add get_workflow_worker_info() endpoint
- Worker vertical metadata in workflow responses

**Testing**
- All workflows tested: security_assessment, atheris_fuzzing, secret_detection, cargo_fuzzing
- All monitoring commands tested: stats, crashes, status, finding
- Full CI pipeline simulation verified
- Exit codes verified for success/failure scenarios

Ephemeral CI/CD model: ~3-4GB RAM, ~60-90s startup, runs entirely in CI containers.

* fix: Resolve ruff linting violations in CI/CD code

- Remove unused variables (run_id, defaults, result)
- Remove unused imports
- Fix f-string without placeholders

All CI/CD integration files now pass ruff checks.
This commit is contained in:
tduhamel42
2025-10-14 10:13:45 +02:00
committed by GitHub
parent 987c49569c
commit 60ca088ecf
167 changed files with 26101 additions and 5703 deletions
Download Patch File Download Diff File Expand all files Collapse all files
sdk/src/fuzzforge_sdk/__init__.py
-4
View File
@@ -23,8 +23,6 @@ from .models import (
WorkflowListItem,
WorkflowStatus,
WorkflowFindings,
ResourceLimits,
VolumeMount,
FuzzingStats,
CrashReport,
RunSubmissionResponse,
@@ -52,8 +50,6 @@ __all__ = [
"WorkflowListItem",
"WorkflowStatus",
"WorkflowFindings",
"ResourceLimits",
"VolumeMount",
"FuzzingStats",
"CrashReport",
"RunSubmissionResponse",
sdk/src/fuzzforge_sdk/client.py
+280 -2
View File
@@ -19,9 +19,11 @@ including real-time monitoring capabilities for fuzzing workflows.
import asyncio
import json
import logging
from typing import Dict, Any, List, Optional, AsyncIterator, Iterator, Union
import tarfile
import tempfile
from pathlib import Path
from typing import Dict, Any, List, Optional, AsyncIterator, Iterator, Union, Callable
from urllib.parse import urljoin, urlparse
import warnings
import httpx
import websockets
@@ -213,6 +215,56 @@ class FuzzForgeClient:
response = await self._async_client.get(url)
return await self._ahandle_response(response)
def get_workflow_worker_info(self, workflow_name: str) -> Dict[str, Any]:
"""
Get worker information for a workflow.
Returns details about which worker is required to execute this workflow,
including container name, task queue, and vertical.
Args:
workflow_name: Name of the workflow
Returns:
Dictionary with worker info including:
- workflow: Workflow name
- vertical: Worker vertical (e.g., "ossfuzz", "python", "rust")
- worker_container: Docker container name
- task_queue: Temporal task queue name
- required: Whether worker is required (always True)
Raises:
FuzzForgeHTTPError: If workflow not found or metadata missing
"""
url = urljoin(self.base_url, f"/workflows/{workflow_name}/worker-info")
response = self._client.get(url)
return self._handle_response(response)
async def aget_workflow_worker_info(self, workflow_name: str) -> Dict[str, Any]:
"""
Get worker information for a workflow (async).
Returns details about which worker is required to execute this workflow,
including container name, task queue, and vertical.
Args:
workflow_name: Name of the workflow
Returns:
Dictionary with worker info including:
- workflow: Workflow name
- vertical: Worker vertical (e.g., "ossfuzz", "python", "rust")
- worker_container: Docker container name
- task_queue: Temporal task queue name
- required: Whether worker is required (always True)
Raises:
FuzzForgeHTTPError: If workflow not found or metadata missing
"""
url = urljoin(self.base_url, f"/workflows/{workflow_name}/worker-info")
response = await self._async_client.get(url)
return await self._ahandle_response(response)
def submit_workflow(
self,
workflow_name: str,
@@ -235,6 +287,232 @@ class FuzzForgeClient:
data = await self._ahandle_response(response)
return RunSubmissionResponse(**data)
def _create_tarball(
self,
source_path: Path,
progress_callback: Optional[Callable[[int], None]] = None
) -> Path:
"""
Create a compressed tarball from a file or directory.
Args:
source_path: Path to file or directory to archive
progress_callback: Optional callback(bytes_written) for progress tracking
Returns:
Path to the created tarball
Raises:
FileNotFoundError: If source_path doesn't exist
"""
if not source_path.exists():
raise FileNotFoundError(f"Source path not found: {source_path}")
# Create temp file for tarball
temp_fd, temp_path = tempfile.mkstemp(suffix=".tar.gz")
try:
logger.info(f"Creating tarball from {source_path}")
bytes_written = 0
with tarfile.open(temp_path, "w:gz") as tar:
if source_path.is_file():
# Add single file
tar.add(source_path, arcname=source_path.name)
bytes_written = source_path.stat().st_size
if progress_callback:
progress_callback(bytes_written)
else:
# Add directory recursively
for item in source_path.rglob("*"):
if item.is_file():
arcname = item.relative_to(source_path)
tar.add(item, arcname=arcname)
bytes_written += item.stat().st_size
if progress_callback:
progress_callback(bytes_written)
tarball_path = Path(temp_path)
tarball_size = tarball_path.stat().st_size
logger.info(
f"Created tarball: {tarball_size / (1024**2):.2f} MB "
f"(compressed from {bytes_written / (1024**2):.2f} MB)"
)
return tarball_path
except Exception:
# Cleanup on error
if Path(temp_path).exists():
Path(temp_path).unlink()
raise
def submit_workflow_with_upload(
self,
workflow_name: str,
target_path: Union[str, Path],
parameters: Optional[Dict[str, Any]] = None,
timeout: Optional[int] = None,
progress_callback: Optional[Callable[[int, int], None]] = None
) -> RunSubmissionResponse:
"""
Submit a workflow with file upload from local filesystem.
This method automatically creates a tarball if target_path is a directory,
uploads it to the backend, and submits the workflow for execution.
Args:
workflow_name: Name of the workflow to execute
target_path: Local path to file or directory to analyze
parameters: Workflow-specific parameters
timeout: Timeout in seconds
progress_callback: Optional callback(bytes_uploaded, total_bytes) for progress
Returns:
Run submission response with run_id
Raises:
FileNotFoundError: If target_path doesn't exist
FuzzForgeHTTPError: For API errors
"""
target_path = Path(target_path)
tarball_path = None
try:
# Create tarball if needed
if target_path.is_dir():
logger.info("Target is directory, creating tarball...")
tarball_path = self._create_tarball(target_path)
upload_file = tarball_path
filename = f"{target_path.name}.tar.gz"
else:
upload_file = target_path
filename = target_path.name
# Prepare multipart form data
url = urljoin(self.base_url, f"/workflows/{workflow_name}/upload-and-submit")
files = {
"file": (filename, open(upload_file, "rb"), "application/gzip")
}
data = {}
if parameters:
data["parameters"] = json.dumps(parameters)
if timeout:
data["timeout"] = str(timeout)
logger.info(f"Uploading {filename} to {workflow_name}...")
# Track upload progress
if progress_callback:
file_size = upload_file.stat().st_size
def track_progress(monitor):
progress_callback(monitor.bytes_read, file_size)
# Note: httpx doesn't have built-in progress tracking for uploads
# This is a placeholder - real implementation would need custom approach
pass
response = self._client.post(url, files=files, data=data)
# Close file handle
files["file"][1].close()
data = self._handle_response(response)
return RunSubmissionResponse(**data)
finally:
# Cleanup temporary tarball
if tarball_path and tarball_path.exists():
try:
tarball_path.unlink()
logger.debug(f"Cleaned up temporary tarball: {tarball_path}")
except Exception as e:
logger.warning(f"Failed to cleanup tarball {tarball_path}: {e}")
async def asubmit_workflow_with_upload(
self,
workflow_name: str,
target_path: Union[str, Path],
parameters: Optional[Dict[str, Any]] = None,
volume_mode: str = "ro",
timeout: Optional[int] = None,
progress_callback: Optional[Callable[[int, int], None]] = None
) -> RunSubmissionResponse:
"""
Submit a workflow with file upload from local filesystem (async).
This method automatically creates a tarball if target_path is a directory,
uploads it to the backend, and submits the workflow for execution.
Args:
workflow_name: Name of the workflow to execute
target_path: Local path to file or directory to analyze
parameters: Workflow-specific parameters
volume_mode: Volume mount mode ("ro" or "rw")
timeout: Timeout in seconds
progress_callback: Optional callback(bytes_uploaded, total_bytes) for progress
Returns:
Run submission response with run_id
Raises:
FileNotFoundError: If target_path doesn't exist
FuzzForgeHTTPError: For API errors
"""
target_path = Path(target_path)
tarball_path = None
try:
# Create tarball if needed
if target_path.is_dir():
logger.info("Target is directory, creating tarball...")
tarball_path = self._create_tarball(target_path)
upload_file = tarball_path
filename = f"{target_path.name}.tar.gz"
else:
upload_file = target_path
filename = target_path.name
# Prepare multipart form data
url = urljoin(self.base_url, f"/workflows/{workflow_name}/upload-and-submit")
files = {
"file": (filename, open(upload_file, "rb"), "application/gzip")
}
data = {}
if parameters:
data["parameters"] = json.dumps(parameters)
if timeout:
data["timeout"] = str(timeout)
logger.info(f"Uploading {filename} to {workflow_name}...")
response = await self._async_client.post(url, files=files, data=data)
# Close file handle
files["file"][1].close()
response_data = await self._ahandle_response(response)
return RunSubmissionResponse(**response_data)
finally:
# Cleanup temporary tarball
if tarball_path and tarball_path.exists():
try:
tarball_path.unlink()
logger.debug(f"Cleaned up temporary tarball: {tarball_path}")
except Exception as e:
logger.warning(f"Failed to cleanup tarball {tarball_path}: {e}")
# Run management methods
def get_run_status(self, run_id: str) -> WorkflowStatus:
sdk/src/fuzzforge_sdk/docker_logs.py
+1 -13
View File
@@ -20,7 +20,7 @@ import logging
import re
import subprocess
import json
from typing import Dict, Any, List, Optional, Tuple
from typing import Dict, Any, List, Optional
from datetime import datetime, timezone
from dataclasses import dataclass
@@ -87,11 +87,6 @@ class DockerLogIntegration:
r'network is unreachable',
r'connection refused',
r'timeout.*connect'
],
'prefect_error': [
r'prefect.*error',
r'flow run failed',
r'task.*failed'
]
}
@@ -382,13 +377,6 @@ class DockerLogIntegration:
"Check firewall settings and port availability"
])
if 'prefect_error' in error_analysis:
suggestions.extend([
"Check Prefect server connectivity",
"Verify workflow deployment is successful",
"Review workflow-specific parameters and requirements"
])
if not suggestions:
suggestions.append("Review the container logs above for specific error details")
sdk/src/fuzzforge_sdk/exceptions.py
+1 -1
View File
@@ -18,7 +18,7 @@ and actionable suggestions for troubleshooting.
import json
import re
from typing import Optional, Dict, Any, List, Union
from typing import Optional, Dict, Any, List
from dataclasses import dataclass, asdict
from .docker_logs import docker_integration, ContainerDiagnostics
sdk/src/fuzzforge_sdk/models.py
+11 -61
View File
@@ -16,49 +16,18 @@ and serialization for all API requests and responses.
# Additional attribution and requirements are provided in the NOTICE file.
from pydantic import BaseModel, Field, validator
from typing import Dict, Any, Optional, Literal, List, Union
from pydantic import BaseModel, Field
from typing import Dict, Any, Optional, List, Union
from datetime import datetime
from pathlib import Path
class ResourceLimits(BaseModel):
"""Resource limits for workflow execution"""
cpu_limit: Optional[str] = Field(None, description="CPU limit (e.g., '2' for 2 cores, '500m' for 0.5 cores)")
memory_limit: Optional[str] = Field(None, description="Memory limit (e.g., '1Gi', '512Mi')")
cpu_request: Optional[str] = Field(None, description="CPU request (guaranteed)")
memory_request: Optional[str] = Field(None, description="Memory request (guaranteed)")
class VolumeMount(BaseModel):
"""Volume mount specification"""
host_path: str = Field(..., description="Host path to mount")
container_path: str = Field(..., description="Container path for mount")
mode: Literal["ro", "rw"] = Field(default="ro", description="Mount mode")
@validator("host_path")
def validate_host_path(cls, v):
"""Validate that the host path is absolute"""
path = Path(v)
if not path.is_absolute():
raise ValueError(f"Host path must be absolute: {v}")
return str(path)
@validator("container_path")
def validate_container_path(cls, v):
"""Validate that the container path is absolute"""
if not v.startswith('/'):
raise ValueError(f"Container path must be absolute: {v}")
return v
class WorkflowSubmission(BaseModel):
"""Submit a workflow with configurable settings"""
target_path: str = Field(..., description="Absolute path to analyze")
volume_mode: Literal["ro", "rw"] = Field(
default="ro",
description="Volume mount mode: read-only (ro) or read-write (rw)"
)
"""
Submit a workflow with configurable settings.
Note: This model is deprecated in favor of direct file upload via
submit_workflow_with_upload() which handles file uploads automatically.
"""
parameters: Dict[str, Any] = Field(
default_factory=dict,
description="Workflow-specific parameters"
@@ -69,22 +38,6 @@ class WorkflowSubmission(BaseModel):
ge=1,
le=604800 # Max 7 days
)
resource_limits: Optional[ResourceLimits] = Field(
None,
description="Resource limits for workflow container"
)
additional_volumes: List[VolumeMount] = Field(
default_factory=list,
description="Additional volume mounts"
)
@validator("target_path")
def validate_path(cls, v):
"""Validate that the target path is absolute"""
path = Path(v)
if not path.is_absolute():
raise ValueError(f"Path must be absolute: {v}")
return str(path)
class WorkflowListItem(BaseModel):
@@ -112,10 +65,6 @@ class WorkflowMetadata(BaseModel):
default_factory=list,
description="Required module names"
)
supported_volume_modes: List[Literal["ro", "rw"]] = Field(
default=["ro", "rw"],
description="Supported volume mount modes"
)
has_custom_docker: bool = Field(
default=False,
description="Whether workflow has custom Dockerfile"
@@ -124,9 +73,10 @@ class WorkflowMetadata(BaseModel):
class WorkflowParametersResponse(BaseModel):
"""Response for workflow parameters endpoint"""
workflow: str = Field(..., description="Workflow name")
parameters: Dict[str, Any] = Field(..., description="Parameters schema")
defaults: Dict[str, Any] = Field(default_factory=dict, description="Default values")
required: List[str] = Field(default_factory=list, description="Required parameter names")
default_parameters: Dict[str, Any] = Field(default_factory=dict, description="Default parameter values")
required_parameters: List[str] = Field(default_factory=list, description="Required parameter names")
class RunSubmissionResponse(BaseModel):
sdk/src/fuzzforge_sdk/testing.py
+2 -3
View File
@@ -18,15 +18,14 @@ workflow functionality, performance, and expected results.
import time
from pathlib import Path
from typing import Dict, Any, List, Optional, Union
from typing import Dict, Any, List, Optional
from dataclasses import dataclass
from datetime import datetime
import logging
from .client import FuzzForgeClient
from .models import WorkflowSubmission
from .utils import validate_absolute_path, create_workflow_submission
from .exceptions import FuzzForgeError, ValidationError
from .exceptions import ValidationError
logger = logging.getLogger(__name__)
sdk/src/fuzzforge_sdk/utils.py
+7 -112
View File
@@ -20,9 +20,8 @@ import os
import json
from pathlib import Path
from typing import Dict, Any, List, Optional, Union
from datetime import datetime
from .models import VolumeMount, ResourceLimits, WorkflowSubmission
from .models import WorkflowSubmission
from .exceptions import ValidationError
@@ -50,112 +49,19 @@ def validate_absolute_path(path: Union[str, Path]) -> Path:
return path_obj
def create_volume_mount(
host_path: Union[str, Path],
container_path: str,
mode: str = "ro"
) -> VolumeMount:
"""
Create a volume mount with path validation.
Args:
host_path: Host path to mount (must exist)
container_path: Container path for the mount
mode: Mount mode ("ro" or "rw")
Returns:
VolumeMount object
Raises:
ValidationError: If paths are invalid
"""
# Validate host path exists and is absolute
validated_host_path = validate_absolute_path(host_path)
# Validate container path is absolute
if not container_path.startswith('/'):
raise ValidationError(f"Container path must be absolute: {container_path}")
# Validate mode
if mode not in ["ro", "rw"]:
raise ValidationError(f"Mode must be 'ro' or 'rw': {mode}")
return VolumeMount(
host_path=str(validated_host_path),
container_path=container_path,
mode=mode # type: ignore
)
def create_resource_limits(
cpu_limit: Optional[str] = None,
memory_limit: Optional[str] = None,
cpu_request: Optional[str] = None,
memory_request: Optional[str] = None
) -> ResourceLimits:
"""
Create resource limits with validation.
Args:
cpu_limit: CPU limit (e.g., "2", "500m")
memory_limit: Memory limit (e.g., "1Gi", "512Mi")
cpu_request: CPU request (guaranteed)
memory_request: Memory request (guaranteed)
Returns:
ResourceLimits object
Raises:
ValidationError: If resource specifications are invalid
"""
# Basic validation for CPU limits
if cpu_limit is not None:
if not (cpu_limit.endswith('m') or cpu_limit.isdigit()):
raise ValidationError(f"Invalid CPU limit format: {cpu_limit}")
if cpu_request is not None:
if not (cpu_request.endswith('m') or cpu_request.isdigit()):
raise ValidationError(f"Invalid CPU request format: {cpu_request}")
# Basic validation for memory limits
memory_suffixes = ['Ki', 'Mi', 'Gi', 'Ti', 'K', 'M', 'G', 'T']
if memory_limit is not None:
if not any(memory_limit.endswith(suffix) for suffix in memory_suffixes):
if not memory_limit.isdigit():
raise ValidationError(f"Invalid memory limit format: {memory_limit}")
if memory_request is not None:
if not any(memory_request.endswith(suffix) for suffix in memory_suffixes):
if not memory_request.isdigit():
raise ValidationError(f"Invalid memory request format: {memory_request}")
return ResourceLimits(
cpu_limit=cpu_limit,
memory_limit=memory_limit,
cpu_request=cpu_request,
memory_request=memory_request
)
def create_workflow_submission(
target_path: Union[str, Path],
volume_mode: str = "ro",
parameters: Optional[Dict[str, Any]] = None,
timeout: Optional[int] = None,
resource_limits: Optional[ResourceLimits] = None,
additional_volumes: Optional[List[VolumeMount]] = None
timeout: Optional[int] = None
) -> WorkflowSubmission:
"""
Create a workflow submission with path validation.
Create a workflow submission.
Note: This function is deprecated. Use client.submit_workflow_with_upload() instead
which handles file uploads automatically.
Args:
target_path: Path to analyze (must exist)
volume_mode: Mount mode for target path
parameters: Workflow-specific parameters
timeout: Execution timeout in seconds
resource_limits: Resource limits for the container
additional_volumes: Additional volume mounts
Returns:
WorkflowSubmission object
@@ -163,25 +69,14 @@ def create_workflow_submission(
Raises:
ValidationError: If parameters are invalid
"""
# Validate target path
validated_target_path = validate_absolute_path(target_path)
# Validate volume mode
if volume_mode not in ["ro", "rw"]:
raise ValidationError(f"Volume mode must be 'ro' or 'rw': {volume_mode}")
# Validate timeout
if timeout is not None:
if timeout < 1 or timeout > 604800: # Max 7 days
raise ValidationError(f"Timeout must be between 1 and 604800 seconds: {timeout}")
return WorkflowSubmission(
target_path=str(validated_target_path),
volume_mode=volume_mode, # type: ignore
parameters=parameters or {},
timeout=timeout,
resource_limits=resource_limits,
additional_volumes=additional_volumes or []
timeout=timeout
)