DATA
6de0bf9f5b
Vendored deer-flow upstream (bytedance/deer-flow) plus prompt-injection hardening: - New deerflow.security package: content_delimiter, html_cleaner, sanitizer (8 layers — invisible chars, control chars, symbols, NFC, PUA, tag chars, horizontal whitespace collapse with newline/tab preservation, length cap) - New deerflow.community.searx package: web_search, web_fetch, image_search backed by a private SearX instance, every external string sanitized and wrapped in <<<EXTERNAL_UNTRUSTED_CONTENT>>> delimiters - All native community web providers (ddg_search, tavily, exa, firecrawl, jina_ai, infoquest, image_search) replaced with hard-fail stubs that raise NativeWebToolDisabledError at import time, so a misconfigured tool.use path fails loud rather than silently falling back to unsanitized output - Native client back-doors (jina_client.py, infoquest_client.py) stubbed too - Native-tool tests quarantined under tests/_disabled_native/ (collect_ignore_glob via local conftest.py) - Sanitizer Layer 7 fix: only collapse horizontal whitespace, preserve newlines and tabs so list/table structure survives - Hardened runtime config.yaml references only the searx-backed tools - Factory overlay (backend/) kept in sync with deer-flow tree as a reference / source See HARDENING.md for the full audit trail and verification steps.
71 lines
2.0 KiB
Bash
71 lines
2.0 KiB
Bash
#!/usr/bin/env bash
|
|
set +e
|
|
|
|
echo "=========================================="
|
|
echo " Frontend Page Smoke Check"
|
|
echo "=========================================="
|
|
echo ""
|
|
|
|
BASE_URL="${BASE_URL:-http://localhost:2026}"
|
|
DOC_PATH="${DOC_PATH:-/en/docs}"
|
|
|
|
all_passed=true
|
|
|
|
check_status() {
|
|
local name="$1"
|
|
local url="$2"
|
|
local expected_re="$3"
|
|
|
|
local status
|
|
status="$(curl -s -o /dev/null -w "%{http_code}" -L "$url")"
|
|
if echo "$status" | grep -Eq "$expected_re"; then
|
|
echo "✓ $name ($url) -> $status"
|
|
else
|
|
echo "✗ $name ($url) -> $status (expected: $expected_re)"
|
|
all_passed=false
|
|
fi
|
|
}
|
|
|
|
check_final_url() {
|
|
local name="$1"
|
|
local url="$2"
|
|
local expected_path_re="$3"
|
|
|
|
local effective
|
|
effective="$(curl -s -o /dev/null -w "%{url_effective}" -L "$url")"
|
|
if echo "$effective" | grep -Eq "$expected_path_re"; then
|
|
echo "✓ $name redirect target -> $effective"
|
|
else
|
|
echo "✗ $name redirect target -> $effective (expected path: $expected_path_re)"
|
|
all_passed=false
|
|
fi
|
|
}
|
|
|
|
echo "1. Checking entry pages..."
|
|
check_status "Landing page" "${BASE_URL}/" "200"
|
|
check_status "Workspace redirect" "${BASE_URL}/workspace" "200|301|302|307|308"
|
|
check_final_url "Workspace redirect" "${BASE_URL}/workspace" "/workspace/chats/"
|
|
echo ""
|
|
|
|
echo "2. Checking key workspace routes..."
|
|
check_status "New chat page" "${BASE_URL}/workspace/chats/new" "200"
|
|
check_status "Chats list page" "${BASE_URL}/workspace/chats" "200"
|
|
check_status "Agents gallery page" "${BASE_URL}/workspace/agents" "200"
|
|
echo ""
|
|
|
|
echo "3. Checking docs route (optional)..."
|
|
check_status "Docs page" "${BASE_URL}${DOC_PATH}" "200|404"
|
|
echo ""
|
|
|
|
echo "=========================================="
|
|
echo " Frontend Smoke Check Summary"
|
|
echo "=========================================="
|
|
echo ""
|
|
if [ "$all_passed" = true ]; then
|
|
echo "✅ Frontend smoke checks passed!"
|
|
exit 0
|
|
else
|
|
echo "❌ Frontend smoke checks failed"
|
|
exit 1
|
|
fi
|