test: harden executor import contract#482
Open
dgenio wants to merge 1 commit into
Open
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
This PR strengthens ChainWeaver’s executor determinism import-contract guard (introduced in #354) by extending the static AST checks to also reject obvious string-literal dynamic import bypasses in executor.py and chainweaver/_execution/, and updates the agent-facing docs/changelog to describe the expanded enforcement.
Changes:
- Extend
tests/test_executor_import_contract.pywith AST detection for__import__("...")/importlib.import_module("...")(including simple aliases) and add self-tests. - Update
docs/agent-context/invariants.mdandAGENTS.mdto document the expanded, mechanical enforcement and its intended scope. - Add a CHANGELOG entry under Unreleased/Fixed for the #430 hardening.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| tests/test_executor_import_contract.py | Adds literal dynamic-import detection and tightens banned in-repo module matching to include banned submodules. |
| docs/agent-context/invariants.md | Documents the new literal dynamic-import enforcement and its deliberate limitations. |
| AGENTS.md | Points contributors/agents to the mechanical executor import-contract guard. |
| CHANGELOG.md | Records the #430 import-contract hardening under Unreleased/Fixed. |
Comment on lines
+261
to
+268
| module = _literal_import_name(node) | ||
| if module is None: | ||
| continue | ||
| external_root, inrepo_module = _classify_import_target(module) | ||
| if external_root is not None: | ||
| external.add(external_root) | ||
| if inrepo_module is not None: | ||
| inrepo.add(inrepo_module) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Hardens the executor determinism import contract for #430 by extending the existing #354 guard to catch obvious literal dynamic import bypasses. This keeps the executor /
_executionboundary protected against LLM, network, and randomness imports without adding dependencies or a separate CI job.Changes
tests/test_executor_import_contract.py: add AST detection for__import__("..."),importlib.import_module("..."), and simple aliases when the target is a string literal; add self-tests; treat banned in-repo submodules as banned too.docs/agent-context/invariants.md: document the dynamic-import hardening and its deliberate string-literal scope.AGENTS.md: point agents at the mechanical import-contract enforcement.CHANGELOG.md: record the Formalize and CI-protect the executor determinism invariants (no LLM / no network / no randomness) #430 hardening under Unreleased / Fixed.Why
#430 asks for CI protection of the executor invariants: no LLM calls, no network I/O, and no randomness in
executor.py/_execution. PR #384 already added direct import and transitive in-repo reach checks; this PR closes the remaining reviewable bypass where a banned module could be imported dynamically with a literal string.Testing
ruff check chainweaver/ tests/ examples/) -All checks passed!ruff format --check chainweaver/ tests/ examples/) -233 files already formattedpython -m mypy chainweaver/ tests/) -Success: no issues found in 196 source filespython -m pytest tests/ -v) -1705 passed, 1 skipped, 1 warning; coverage92.78%python -m pytest tests/test_executor_import_contract.py -v --no-covcollected 5 tests,5 passedpython -m mkdocs build --strict) - exited 0; existing MkDocs Material 2.0 warning and existing nav/link INFO notices onlyTradeoffs / risks
Scope notes
Related Issues
Closes #430
Checklist
AGENTS.mdanddocs/agent-context/)