Skip to content

test: harden executor import contract#482

Open
dgenio wants to merge 1 commit into
mainfrom
codex/430-executor-import-contract-hardening
Open

test: harden executor import contract#482
dgenio wants to merge 1 commit into
mainfrom
codex/430-executor-import-contract-hardening

Conversation

@dgenio

@dgenio dgenio commented Jun 30, 2026

Copy link
Copy Markdown
Owner

Summary

Hardens the executor determinism import contract for #430 by extending the existing #354 guard to catch obvious literal dynamic import bypasses. This keeps the executor / _execution boundary protected against LLM, network, and randomness imports without adding dependencies or a separate CI job.

Changes

  • tests/test_executor_import_contract.py: add AST detection for __import__("..."), importlib.import_module("..."), and simple aliases when the target is a string literal; add self-tests; treat banned in-repo submodules as banned too.
  • docs/agent-context/invariants.md: document the dynamic-import hardening and its deliberate string-literal scope.
  • AGENTS.md: point agents at the mechanical import-contract enforcement.
  • CHANGELOG.md: record the Formalize and CI-protect the executor determinism invariants (no LLM / no network / no randomness) #430 hardening under Unreleased / Fixed.

Why

#430 asks for CI protection of the executor invariants: no LLM calls, no network I/O, and no randomness in executor.py / _execution. PR #384 already added direct import and transitive in-repo reach checks; this PR closes the remaining reviewable bypass where a banned module could be imported dynamically with a literal string.

Testing

  • Linting passes (ruff check chainweaver/ tests/ examples/) - All checks passed!
  • Formatting check passes (ruff format --check chainweaver/ tests/ examples/) - 233 files already formatted
  • Type checking passes (python -m mypy chainweaver/ tests/) - Success: no issues found in 196 source files
  • All existing tests pass (python -m pytest tests/ -v) - 1705 passed, 1 skipped, 1 warning; coverage 92.78%
  • New tests added for new functionality - python -m pytest tests/test_executor_import_contract.py -v --no-cov collected 5 tests, 5 passed
  • Docs build passes (python -m mkdocs build --strict) - exited 0; existing MkDocs Material 2.0 warning and existing nav/link INFO notices only

Tradeoffs / risks

  • The dynamic-import detector intentionally covers literal, AST-visible patterns only. It does not evaluate runtime-built strings; executor code should not use runtime-built imports.
  • No runtime behavior, public API, dependency, or package metadata changes.

Scope notes

Related Issues

Closes #430

Checklist

  • Code follows project conventions (see AGENTS.md and docs/agent-context/)
  • Public API changes are documented (N/A: no public API changes)
  • No secrets or credentials included

@dgenio dgenio marked this pull request as ready for review June 30, 2026 11:04
Copilot AI review requested due to automatic review settings June 30, 2026 11:04

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR strengthens ChainWeaver’s executor determinism import-contract guard (introduced in #354) by extending the static AST checks to also reject obvious string-literal dynamic import bypasses in executor.py and chainweaver/_execution/, and updates the agent-facing docs/changelog to describe the expanded enforcement.

Changes:

  • Extend tests/test_executor_import_contract.py with AST detection for __import__("...") / importlib.import_module("...") (including simple aliases) and add self-tests.
  • Update docs/agent-context/invariants.md and AGENTS.md to document the expanded, mechanical enforcement and its intended scope.
  • Add a CHANGELOG entry under Unreleased/Fixed for the #430 hardening.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

File Description
tests/test_executor_import_contract.py Adds literal dynamic-import detection and tightens banned in-repo module matching to include banned submodules.
docs/agent-context/invariants.md Documents the new literal dynamic-import enforcement and its deliberate limitations.
AGENTS.md Points contributors/agents to the mechanical executor import-contract guard.
CHANGELOG.md Records the #430 import-contract hardening under Unreleased/Fixed.

Comment on lines +261 to +268
module = _literal_import_name(node)
if module is None:
continue
external_root, inrepo_module = _classify_import_target(module)
if external_root is not None:
external.add(external_root)
if inrepo_module is not None:
inrepo.add(inrepo_module)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Formalize and CI-protect the executor determinism invariants (no LLM / no network / no randomness)

2 participants