Compare commits
9 Commits
9605cc9d95
...
poc-dgx
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
2cabc6cb7e | ||
|
|
d686c3ac22 | ||
|
|
e212f4141c | ||
|
|
33ddb51c3c | ||
|
|
1d6efdb1b7 | ||
|
|
cf81ce4c7b | ||
|
|
ec1fb81054 | ||
|
|
6d5ef51c60 | ||
|
|
d0c794d923 |
@@ -555,6 +555,7 @@ LIVE_SESSIONS_DIR.mkdir(parents=True, exist_ok=True)
|
||||
_DATA_DIR = ROOT_DIR / "data" / "training"
|
||||
WORKER_QUEUE_FILE = _DATA_DIR / "_worker_queue.txt"
|
||||
REPLAY_LOCK_FILE = _DATA_DIR / "_replay_active.lock"
|
||||
WORKER_HEALTH_FILE = _DATA_DIR / "_worker_health.json"
|
||||
|
||||
# Instance globale partagée (le StreamProcessor reste dans le serveur HTTP
|
||||
# pour le CLIP, l'indexation FAISS, la gestion des sessions, le replay —
|
||||
@@ -807,7 +808,7 @@ def _memory_window_title_for_action(action_meta: Dict[str, Any]) -> str:
|
||||
|
||||
|
||||
def _get_worker_queue_status() -> Dict[str, Any]:
|
||||
"""Retourne l'état de la queue du worker VLM (pour le monitoring)."""
|
||||
"""Retourne l'état réel de la queue et du worker VLM (pour le monitoring)."""
|
||||
queue = []
|
||||
if WORKER_QUEUE_FILE.exists():
|
||||
try:
|
||||
@@ -819,16 +820,108 @@ def _get_worker_queue_status() -> Dict[str, Any]:
|
||||
except Exception:
|
||||
pass
|
||||
|
||||
health = None
|
||||
health_error = None
|
||||
health_age_seconds = None
|
||||
if WORKER_HEALTH_FILE.exists():
|
||||
try:
|
||||
health = json.loads(WORKER_HEALTH_FILE.read_text(encoding="utf-8"))
|
||||
health_age_seconds = max(0.0, time.time() - WORKER_HEALTH_FILE.stat().st_mtime)
|
||||
except Exception as exc:
|
||||
health_error = str(exc)
|
||||
|
||||
health_stale = health_age_seconds is None or health_age_seconds > 180
|
||||
components = (health or {}).get("components") or {}
|
||||
components_ready = bool(components) and all(bool(v) for v in components.values())
|
||||
health_status = (health or {}).get("status")
|
||||
running = bool(health) and not health_stale and health_status != "stopped"
|
||||
|
||||
# Distinction VEILLE (armé, lazy) vs DÉGRADÉ (vrai échec).
|
||||
#
|
||||
# Les composants lourds (ScreenAnalyzer/CLIP/FAISS/StateEmbedding) sont
|
||||
# chargés en lazy par run_worker : le processor n'est instancié qu'au
|
||||
# premier _process_session (cf. run_worker._get_processor / _process_session).
|
||||
# Un worker neuf qui n'a jamais reçu de session écrit donc status="healthy"
|
||||
# avec tous les composants à false — c'est l'état NORMAL « en veille », pas
|
||||
# une panne. L'étiqueter "degraded" fait lire une panne là où il n'y en a pas.
|
||||
#
|
||||
# Signal retenu pour « init jamais tentée » : TOUS les composants à false ET
|
||||
# sessions_processed == 0 ET sessions_failed == 0. Justification : run_worker
|
||||
# n'appelle _get_processor() (donc l'init lazy) que dans _process_session, qui
|
||||
# incrémente toujours exactement un compteur (processed / failed / skipped).
|
||||
# Tant que processed == 0 ET failed == 0, aucune session n'a déclenché une
|
||||
# init suivie d'un traitement — le worker est armé en attente. Un simple skip
|
||||
# (dossier/shots absents) passe quand même par _get_processor() : les
|
||||
# composants se chargent, donc tous-à-false devient faux et on n'entre pas ici.
|
||||
# run_worker._health_components() écrit toujours les 4 clés (jamais un dict
|
||||
# vide), d'où le test sur les VALEURS et non sur la présence des clés.
|
||||
# Si run_worker a lui-même forcé status="degraded" (VLM + ScreenAnalyzer
|
||||
# absent, cf. run_worker._write_health), c'est un VRAI échec : on le conserve.
|
||||
stats = (health or {}).get("stats") or {}
|
||||
init_attempted = bool(stats.get("sessions_processed", 0)) or bool(
|
||||
stats.get("sessions_failed", 0)
|
||||
)
|
||||
components_all_false = bool(components) and not any(
|
||||
bool(v) for v in components.values()
|
||||
)
|
||||
armed = (
|
||||
running
|
||||
and not components_ready
|
||||
and health_status == "healthy"
|
||||
and components_all_false # aucun composant lourd encore chargé
|
||||
and not init_attempted
|
||||
)
|
||||
|
||||
status = health_status or "unknown"
|
||||
if not running:
|
||||
status = "stale" if health else "unknown"
|
||||
elif armed:
|
||||
# En veille : worker sain, composants chargés à la 1re session.
|
||||
status = "idle"
|
||||
elif not components_ready:
|
||||
status = "degraded"
|
||||
|
||||
return {
|
||||
"running": True, # On ne sait pas si le worker process tourne, mais la queue existe
|
||||
"running": running,
|
||||
"status": status,
|
||||
"armed": armed,
|
||||
"queue_length": len(queue),
|
||||
"queue": queue,
|
||||
"replay_lock_active": REPLAY_LOCK_FILE.exists(),
|
||||
"queue_file": str(WORKER_QUEUE_FILE),
|
||||
"note": "Le worker VLM tourne dans un process séparé (run_worker.py)",
|
||||
"health_file": str(WORKER_HEALTH_FILE),
|
||||
"health_error": health_error,
|
||||
"health_age_seconds": health_age_seconds,
|
||||
"health_stale": health_stale,
|
||||
"worker_pid": (health or {}).get("pid"),
|
||||
"last_cycle": (health or {}).get("last_cycle"),
|
||||
"current_session": (health or {}).get("current_session"),
|
||||
"components": components,
|
||||
"components_ready": components_ready,
|
||||
"processing_ready": running and not REPLAY_LOCK_FILE.exists() and components_ready,
|
||||
"status_hint": _worker_status_hint(status, armed),
|
||||
"stats": stats,
|
||||
"note": "Le worker VLM tourne dans un process séparé (agent_v0.server_v1.run_worker).",
|
||||
}
|
||||
|
||||
|
||||
def _worker_status_hint(status: str, armed: bool) -> str:
|
||||
"""Message humain pour le statut worker (consommé par le dashboard)."""
|
||||
if armed or status == "idle":
|
||||
return "En veille — composants chargés à la 1re session."
|
||||
if status == "degraded":
|
||||
return "Worker apprentissage dégradé — init des composants en échec."
|
||||
if status == "stale":
|
||||
return "Health file périmé (> 180s) — worker peut-être arrêté."
|
||||
if status == "stopped":
|
||||
return "Worker arrêté."
|
||||
if status == "busy":
|
||||
return "Traitement d'une session en cours."
|
||||
if status == "healthy":
|
||||
return "Worker prêt — composants chargés."
|
||||
return "État worker inconnu."
|
||||
|
||||
|
||||
# =========================================================================
|
||||
# Compteur d'analyses en cours par session (pour attendre avant finalize)
|
||||
# =========================================================================
|
||||
@@ -1614,13 +1707,14 @@ async def startup():
|
||||
|
||||
threading.Thread(target=_smoke_model_health, name="model-health-smoke", daemon=True).start()
|
||||
|
||||
# Afficher le token API au démarrage pour que l'utilisateur puisse configurer l'agent
|
||||
# Ne jamais imprimer le token complet dans journald/stdout.
|
||||
_token_source = "env RPA_API_TOKEN" if os.environ.get("RPA_API_TOKEN") else "auto-généré"
|
||||
logger.info(f"API Token ({_token_source}): {API_TOKEN}")
|
||||
_token_hint = f"{API_TOKEN[:8]}…{API_TOKEN[-4:]}" if API_TOKEN else "<absent>"
|
||||
logger.info("API Token (%s): %s — auth Bearer obligatoire", _token_source, _token_hint)
|
||||
print(f"\n{'='*60}")
|
||||
print(f" API Token ({_token_source}):")
|
||||
print(f" {API_TOKEN}")
|
||||
print(f" Configurer l'agent : export RPA_API_TOKEN={API_TOKEN}")
|
||||
print(f" {_token_hint} (masqué)")
|
||||
print(" Configurer l'agent via .env.local ou l'enrollment; ne pas copier depuis les logs.")
|
||||
print(f"{'='*60}\n")
|
||||
|
||||
worker.start(blocking=False)
|
||||
|
||||
249
deploy/build_package_full.sh
Executable file
249
deploy/build_package_full.sh
Executable file
@@ -0,0 +1,249 @@
|
||||
#!/bin/bash
|
||||
# ============================================================
|
||||
# build_package_full.sh — Construit le ZIP Lea COMPLET autoportant
|
||||
# ------------------------------------------------------------
|
||||
#
|
||||
# Produit : deploy/build/Lea_full_v<version>.zip
|
||||
#
|
||||
# Ce ZIP est destine a etre servi par le dashboard Fleet
|
||||
# (web_dashboard/app.py -> /api/fleet/download/<machine_id>).
|
||||
# Contrairement a deploy/Lea_v1.0.0.zip (sources seules, suppose
|
||||
# Python systeme), ce ZIP est 100% autonome :
|
||||
#
|
||||
# - Code source Lea A JOUR (working tree courant du repo,
|
||||
# via build_package.sh : agent_v0/agent_v1, lea_ui, run_agent_v1)
|
||||
# - Runtime Python 3.12 embedded complet (python-embed/)
|
||||
# avec toutes les dependances pre-installees (mss, pynput,
|
||||
# pystray, plyer, requests, PIL, pywin32, socketio...)
|
||||
# - Lea.bat pointant directement sur python-embed\pythonw.exe
|
||||
# (version embedded de configure_embed.ps1 : ni venv, ni pip,
|
||||
# ni reseau, ni Python systeme)
|
||||
# - python312._pth patche (import site active)
|
||||
# - Lea/config.txt placeholder (CONFIGURE_ME) que le dashboard
|
||||
# remplace a la volee par la config de l'agent
|
||||
# - PAS de install.bat (plus aucune etape d'installation Python)
|
||||
#
|
||||
# Experience utilisateur cible (non-IT) :
|
||||
# dezipper -> double-clic Lea.bat -> Lea demarre dans le systray.
|
||||
# Aucune installation de Python, aucun UAC.
|
||||
#
|
||||
# Usage :
|
||||
# ./deploy/build_package_full.sh # Build complet
|
||||
# ./deploy/build_package_full.sh --clean # Nettoyer avant
|
||||
#
|
||||
# Pre-requis :
|
||||
# - bash, rsync, zip
|
||||
# - deploy/installer/python-3.12-embed/ (runtime embedded, ~80 Mo,
|
||||
# non versionne — restaure depuis lea_python_embed_working.tgz si absent)
|
||||
# ============================================================
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
GREEN='\033[0;32m'
|
||||
YELLOW='\033[1;33m'
|
||||
RED='\033[0;31m'
|
||||
NC='\033[0m'
|
||||
|
||||
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" # deploy/
|
||||
PROJECT_ROOT="$(dirname "$SCRIPT_DIR")" # racine repo
|
||||
INSTALLER_DIR="$SCRIPT_DIR/installer"
|
||||
STAGING_DIR="$SCRIPT_DIR/build/installer_staging"
|
||||
BUILD_DIR="$SCRIPT_DIR/build"
|
||||
ASSEMBLY_DIR="$BUILD_DIR/Lea_full_assembly" # arborescence Lea/ temporaire
|
||||
|
||||
# Version lue depuis la source courante.
|
||||
# NB : la ligne peut etre soit AGENT_VERSION = "1.0.1" soit
|
||||
# AGENT_VERSION = os.environ.get("RPA_AGENT_VERSION", "1.0.1").
|
||||
# La regex de build_package.sh/build_installer.sh ne gere QUE la 1ere forme
|
||||
# (et retombe sur 1.0.0 pour la 2e). Ici on prend le DERNIER litteral entre
|
||||
# guillemets de la ligne AGENT_VERSION (= la valeur par defaut effective),
|
||||
# pour nommer le ZIP de maniere stable quelle que soit la forme.
|
||||
VERSION=$(grep -m1 'AGENT_VERSION' "$PROJECT_ROOT/agent_v0/agent_v1/config.py" \
|
||||
| grep -oP '"[^"]+"' | tr -d '"' | tail -1)
|
||||
VERSION="${VERSION:-1.0.0}"
|
||||
OUTPUT_ZIP="$BUILD_DIR/Lea_full_v${VERSION}.zip"
|
||||
|
||||
echo -e "${GREEN}============================================================${NC}"
|
||||
echo -e "${GREEN} Build ZIP Lea COMPLET autoportant v${VERSION}${NC}"
|
||||
echo -e "${GREEN}============================================================${NC}"
|
||||
echo ""
|
||||
|
||||
CLEAN=0
|
||||
for arg in "$@"; do
|
||||
case "$arg" in
|
||||
--clean) CLEAN=1 ;;
|
||||
*) echo "Argument inconnu : $arg" ;;
|
||||
esac
|
||||
done
|
||||
|
||||
# ---------------------------------------------------------------
|
||||
# 1. Regenerer le staging depuis la SOURCE COURANTE du repo
|
||||
# build_installer.sh --stage-only appelle build_package.sh
|
||||
# (qui copie agent_v0/agent_v1, lea_ui, run_agent_v1.py courants)
|
||||
# puis ajoute python-3.12-embed/ + helpers, et exclut install.bat.
|
||||
#
|
||||
# --clean est TOUJOURS force : sans lui, build_installer.sh reutilise
|
||||
# un deploy/build/Lea/ deja present (cache du build precedent) et ne
|
||||
# re-execute PAS build_package.sh -> la source embarquee serait perimee.
|
||||
# On veut au contraire garantir le working tree COURANT du repo.
|
||||
# ---------------------------------------------------------------
|
||||
echo "[1/6] Regeneration du staging depuis la source courante (--clean force)..."
|
||||
bash "$INSTALLER_DIR/build_installer.sh" --stage-only --clean
|
||||
if [[ ! -d "$STAGING_DIR" ]]; then
|
||||
echo -e "${RED} ERREUR : staging $STAGING_DIR absent apres build_installer.sh${NC}"
|
||||
exit 1
|
||||
fi
|
||||
echo " Staging pret : $STAGING_DIR"
|
||||
echo ""
|
||||
|
||||
# ---------------------------------------------------------------
|
||||
# 2. Assembler l'arborescence Lea/ (prefixe attendu par le dashboard
|
||||
# qui remplace exactement 'Lea/config.txt').
|
||||
# ---------------------------------------------------------------
|
||||
echo "[2/6] Assemblage de l'arborescence Lea/..."
|
||||
rm -rf "$ASSEMBLY_DIR"
|
||||
mkdir -p "$ASSEMBLY_DIR/Lea"
|
||||
|
||||
# Copier le staging, en renommant python-3.12-embed -> python-embed
|
||||
# (chemin attendu par le Lea.bat embedded : %~dp0python-embed\pythonw.exe)
|
||||
rsync -a \
|
||||
--exclude='python-3.12-embed' \
|
||||
--exclude='install.bat' \
|
||||
--exclude='config.txt' \
|
||||
"$STAGING_DIR/" \
|
||||
"$ASSEMBLY_DIR/Lea/"
|
||||
|
||||
rsync -a "$STAGING_DIR/python-3.12-embed/" "$ASSEMBLY_DIR/Lea/python-embed/"
|
||||
echo " Source + python-embed/ assembles"
|
||||
echo ""
|
||||
|
||||
# ---------------------------------------------------------------
|
||||
# 3. Lea.bat embedded : extraire le bloc canonique de configure_embed.ps1
|
||||
# (le here-string $NewLeaBat). C'est la SEULE source de verite du
|
||||
# Lea.bat embedded ; on ne le duplique pas dans ce script.
|
||||
# ---------------------------------------------------------------
|
||||
echo "[3/6] Generation de Lea.bat (runtime embedded)..."
|
||||
LEA_BAT_OUT="$ASSEMBLY_DIR/Lea/Lea.bat"
|
||||
python3 - "$INSTALLER_DIR/configure_embed.ps1" "$LEA_BAT_OUT" <<'PYEOF'
|
||||
import sys, re
|
||||
ps1_path, out_path = sys.argv[1], sys.argv[2]
|
||||
text = open(ps1_path, encoding="utf-8").read()
|
||||
# Extrait le here-string PowerShell : $NewLeaBat = @" ... "@
|
||||
m = re.search(r'\$NewLeaBat\s*=\s*@"\r?\n(.*?)\r?\n"@', text, re.DOTALL)
|
||||
if not m:
|
||||
sys.exit("ERREUR : bloc $NewLeaBat introuvable dans configure_embed.ps1")
|
||||
content = m.group(1)
|
||||
# CRLF pour un .bat Windows
|
||||
content = content.replace("\r\n", "\n").replace("\n", "\r\n")
|
||||
if not content.endswith("\r\n"):
|
||||
content += "\r\n"
|
||||
open(out_path, "wb").write(content.encode("ascii"))
|
||||
print(f" Lea.bat genere depuis configure_embed.ps1 ({len(content)} octets)")
|
||||
PYEOF
|
||||
|
||||
# Installateur 1-clic non-IT (raccourci Bureau + Demarrage automatique,
|
||||
# per-user, sans admin). Asset statique CRLF/ASCII copie tel quel dans Lea/.
|
||||
INSTALLER_BAT_SRC="$INSTALLER_DIR/Installer-Lea.bat"
|
||||
if [[ ! -f "$INSTALLER_BAT_SRC" ]]; then
|
||||
echo -e "${RED} ERREUR : $INSTALLER_BAT_SRC introuvable${NC}"
|
||||
exit 1
|
||||
fi
|
||||
cp "$INSTALLER_BAT_SRC" "$ASSEMBLY_DIR/Lea/Installer-Lea.bat"
|
||||
echo " Installer-Lea.bat (installation 1-clic) ajoute"
|
||||
|
||||
# Notice utilisateur dediee a l'install autonome (remplace la LISEZMOI legacy
|
||||
# du staging, qui decrit l'ancien flux install.bat + Python systeme).
|
||||
LISEZMOI_SRC="$INSTALLER_DIR/LISEZMOI-autonome.txt"
|
||||
if [[ -f "$LISEZMOI_SRC" ]]; then
|
||||
cp "$LISEZMOI_SRC" "$ASSEMBLY_DIR/Lea/LISEZMOI.txt"
|
||||
echo " LISEZMOI.txt (version install autonome) pose"
|
||||
fi
|
||||
echo ""
|
||||
|
||||
# ---------------------------------------------------------------
|
||||
# 4. Patcher python312._pth (import site active) — idempotent.
|
||||
# Necessaire pour que l'embed charge site-packages.
|
||||
# ---------------------------------------------------------------
|
||||
echo "[4/6] Patch python312._pth (import site)..."
|
||||
PTH_FILE=$(find "$ASSEMBLY_DIR/Lea/python-embed" -name "python*._pth" | head -1)
|
||||
if [[ -z "$PTH_FILE" ]]; then
|
||||
echo -e "${RED} ERREUR : python*._pth introuvable dans python-embed/${NC}"
|
||||
exit 1
|
||||
fi
|
||||
# Decommente '#import site' s'il est commente ; sinon laisse tel quel.
|
||||
sed -i 's/^#import site/import site/' "$PTH_FILE"
|
||||
if ! grep -q '^import site' "$PTH_FILE"; then
|
||||
printf 'import site\r\n' >> "$PTH_FILE"
|
||||
fi
|
||||
echo " $(basename "$PTH_FILE") : import site actif"
|
||||
echo ""
|
||||
|
||||
# ---------------------------------------------------------------
|
||||
# 5. config.txt placeholder (CONFIGURE_ME) — cible de l'injection
|
||||
# dashboard (app.py remplace 'Lea/config.txt').
|
||||
# ---------------------------------------------------------------
|
||||
echo "[5/6] Pose du config.txt placeholder..."
|
||||
cp "$INSTALLER_DIR/../lea_package/config.txt" "$ASSEMBLY_DIR/Lea/config.txt"
|
||||
if ! grep -q 'CONFIGURE_ME' "$ASSEMBLY_DIR/Lea/config.txt"; then
|
||||
echo -e "${YELLOW} AVERTISSEMENT : config.txt ne contient pas CONFIGURE_ME (placeholder inattendu)${NC}"
|
||||
fi
|
||||
echo " Lea/config.txt (placeholder) pose"
|
||||
echo ""
|
||||
|
||||
# ---------------------------------------------------------------
|
||||
# 6. Validation de completude AVANT zip (un ZIP incomplet = install
|
||||
# cassee chez le client non-IT).
|
||||
# ---------------------------------------------------------------
|
||||
echo "[6/6] Validation + creation du ZIP..."
|
||||
REQUIRED=(
|
||||
"Lea/run_agent_v1.py"
|
||||
"Lea/agent_v1/config.py"
|
||||
"Lea/agent_v1/main.py"
|
||||
"Lea/lea_ui/server_client.py"
|
||||
"Lea/Lea.bat"
|
||||
"Lea/Installer-Lea.bat"
|
||||
"Lea/config.txt"
|
||||
"Lea/python-embed/python.exe"
|
||||
"Lea/python-embed/pythonw.exe"
|
||||
"Lea/python-embed/Lib/site-packages/mss"
|
||||
"Lea/python-embed/Lib/site-packages/win32"
|
||||
"Lea/python-embed/Lib/site-packages/socketio"
|
||||
)
|
||||
MISSING=()
|
||||
for f in "${REQUIRED[@]}"; do
|
||||
[[ -e "$ASSEMBLY_DIR/$f" ]] || MISSING+=("$f")
|
||||
done
|
||||
# install.bat NE DOIT PAS etre present
|
||||
if [[ -e "$ASSEMBLY_DIR/Lea/install.bat" ]]; then
|
||||
echo -e "${RED} ERREUR : install.bat present dans l'assemblage (doit etre absent).${NC}"
|
||||
exit 1
|
||||
fi
|
||||
if [[ ${#MISSING[@]} -gt 0 ]]; then
|
||||
echo -e "${RED} ERREUR : assemblage incomplet. Manquants :${NC}"
|
||||
printf ' - %s\n' "${MISSING[@]}"
|
||||
exit 1
|
||||
fi
|
||||
echo " Completude verifiee (${#REQUIRED[@]} elements, install.bat absent)"
|
||||
|
||||
# Verif source A JOUR : le config.py embarque doit etre identique au repo
|
||||
if ! diff -q "$PROJECT_ROOT/agent_v0/agent_v1/config.py" "$ASSEMBLY_DIR/Lea/agent_v1/config.py" >/dev/null; then
|
||||
echo -e "${RED} ERREUR : agent_v1/config.py embarque DIFFERE de la source repo !${NC}"
|
||||
echo " Le ZIP n'embarque pas la source a jour — build interrompu."
|
||||
exit 1
|
||||
fi
|
||||
echo " Source a jour confirmee (agent_v1/config.py == repo)"
|
||||
|
||||
rm -f "$OUTPUT_ZIP"
|
||||
( cd "$ASSEMBLY_DIR" && zip -q -r -X "$OUTPUT_ZIP" Lea )
|
||||
ZIP_SIZE=$(du -h "$OUTPUT_ZIP" | cut -f1)
|
||||
echo ""
|
||||
echo -e "${GREEN}============================================================${NC}"
|
||||
echo -e "${GREEN} ZIP complet produit !${NC}"
|
||||
echo -e "${GREEN}============================================================${NC}"
|
||||
echo ""
|
||||
echo " Fichier : $OUTPUT_ZIP"
|
||||
echo " Taille : $ZIP_SIZE"
|
||||
echo ""
|
||||
echo " Servi par le dashboard via web_dashboard/app.py (_LEA_ZIP_TEMPLATE)."
|
||||
echo " L'utilisateur : dezippe -> double-clic Lea.bat (aucun Python systeme requis)."
|
||||
echo ""
|
||||
152
deploy/installer/Installer-Lea.bat
Normal file
152
deploy/installer/Installer-Lea.bat
Normal file
@@ -0,0 +1,152 @@
|
||||
@echo off
|
||||
chcp 65001 >nul 2>&1
|
||||
title Lea - Installation 1-clic
|
||||
setlocal EnableDelayedExpansion
|
||||
|
||||
:: ============================================================
|
||||
:: Installer-Lea.bat - Installation 1-clic per-user (sans admin)
|
||||
:: ------------------------------------------------------------
|
||||
:: - Copie le paquet Lea (y compris python-embed) vers
|
||||
:: %LOCALAPPDATA%\Lea (emplacement stable per-user).
|
||||
:: - Cree un raccourci sur le Bureau.
|
||||
:: - Cree un raccourci dans le dossier Demarrage (lancement
|
||||
:: automatique a chaque ouverture de session Windows).
|
||||
:: - Lance Lea une premiere fois (pythonw, sans console).
|
||||
::
|
||||
:: Aucun droit administrateur requis. Aucun service Windows
|
||||
:: (Lea est une application systray, doit tourner dans la
|
||||
:: session utilisateur).
|
||||
:: ============================================================
|
||||
|
||||
echo.
|
||||
echo ============================================================
|
||||
echo Lea - Installation
|
||||
echo ============================================================
|
||||
echo.
|
||||
|
||||
:: --- Emplacement source (dossier de ce script) -------------
|
||||
set "SRC=%~dp0"
|
||||
:: Retirer l'antislash final eventuel
|
||||
if "%SRC:~-1%"=="\" set "SRC=%SRC:~0,-1%"
|
||||
|
||||
:: --- Emplacement cible per-user ----------------------------
|
||||
set "DEST=%LOCALAPPDATA%\Lea"
|
||||
|
||||
echo Installation vers : %DEST%
|
||||
echo (copie du runtime embarque, cela prend quelques secondes)
|
||||
echo.
|
||||
|
||||
:: --- Verification du runtime embarque dans la source -------
|
||||
if not exist "%SRC%\python-embed\pythonw.exe" (
|
||||
echo ERREUR : python-embed\pythonw.exe introuvable dans le paquet.
|
||||
echo Le paquet semble incomplet. Re-telechargez Lea depuis le tableau de bord.
|
||||
echo.
|
||||
pause
|
||||
exit /b 1
|
||||
)
|
||||
|
||||
:: --- Si Lea tourne deja depuis la cible, l'arreter ----------
|
||||
if exist "%DEST%\lea_agent.lock" (
|
||||
for /f "usebackq tokens=* delims=" %%i in ("%DEST%\lea_agent.lock") do (
|
||||
taskkill /F /PID %%i >nul 2>&1
|
||||
)
|
||||
del /f /q "%DEST%\lea_agent.lock" >nul 2>&1
|
||||
timeout /t 1 >nul
|
||||
)
|
||||
|
||||
:: --- Copie du paquet vers la cible -------------------------
|
||||
:: robocopy : robuste pour la grosse arborescence python-embed.
|
||||
:: /E sous-dossiers (vides inclus), /NFL /NDL /NJH /NJS /NP silencieux.
|
||||
:: Codes de sortie robocopy < 8 = succes ; >= 8 = echec.
|
||||
if not exist "%DEST%" mkdir "%DEST%" >nul 2>&1
|
||||
robocopy "%SRC%" "%DEST%" /E /NFL /NDL /NJH /NJS /NP >nul
|
||||
if %ERRORLEVEL% GEQ 8 (
|
||||
echo robocopy a echoue, tentative avec xcopy...
|
||||
xcopy "%SRC%\*" "%DEST%\" /E /I /H /Y >nul
|
||||
if errorlevel 1 (
|
||||
echo.
|
||||
echo ERREUR : la copie vers %DEST% a echoue.
|
||||
echo Verifiez l'espace disque et les droits sur votre profil.
|
||||
echo.
|
||||
pause
|
||||
exit /b 1
|
||||
)
|
||||
)
|
||||
echo Copie terminee - OK
|
||||
echo.
|
||||
|
||||
:: --- Ne pas laisser l'installeur se relancer en boucle -----
|
||||
:: (on supprime la copie de l'installeur dans la cible : inutile une fois installe)
|
||||
del /f /q "%DEST%\Installer-Lea.bat" >nul 2>&1
|
||||
|
||||
:: --- Detection d'une icone optionnelle ---------------------
|
||||
:: Cherche un .ico dans le paquet installe (best-effort).
|
||||
set "ICON="
|
||||
for /f "delims=" %%f in ('dir /b /s "%DEST%\*.ico" 2^>nul') do (
|
||||
if not defined ICON set "ICON=%%f"
|
||||
)
|
||||
|
||||
:: --- Cibles des raccourcis ---------------------------------
|
||||
set "TARGET=%DEST%\python-embed\pythonw.exe"
|
||||
set "ARGS=run_agent_v1.py"
|
||||
set "WORKDIR=%DEST%"
|
||||
set "DESKTOP_LNK=%USERPROFILE%\Desktop\Lea.lnk"
|
||||
set "STARTUP_LNK=%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Lea.lnk"
|
||||
|
||||
:: --- Creation des raccourcis via PowerShell (WScript.Shell) -
|
||||
echo Creation des raccourcis (Bureau + Demarrage automatique)...
|
||||
powershell -NoProfile -ExecutionPolicy Bypass -Command ^
|
||||
"$ws = New-Object -ComObject WScript.Shell;" ^
|
||||
"foreach ($p in @('%DESKTOP_LNK%','%STARTUP_LNK%')) {" ^
|
||||
" $dir = Split-Path $p -Parent;" ^
|
||||
" if (-not (Test-Path $dir)) { New-Item -ItemType Directory -Path $dir -Force | Out-Null }" ^
|
||||
" $s = $ws.CreateShortcut($p);" ^
|
||||
" $s.TargetPath = '%TARGET%';" ^
|
||||
" $s.Arguments = '%ARGS%';" ^
|
||||
" $s.WorkingDirectory = '%WORKDIR%';" ^
|
||||
" $s.Description = 'Lea - Assistante IA';" ^
|
||||
" if ('%ICON%' -ne '' -and (Test-Path '%ICON%')) { $s.IconLocation = '%ICON%' }" ^
|
||||
" $s.Save();" ^
|
||||
"}"
|
||||
if errorlevel 1 (
|
||||
echo ATTENTION : la creation des raccourcis a partiellement echoue.
|
||||
echo Vous pourrez tout de meme lancer Lea via %TARGET%.
|
||||
) else (
|
||||
echo Raccourcis crees - OK
|
||||
)
|
||||
echo.
|
||||
|
||||
:: --- Premier lancement de Lea (sans console) ---------------
|
||||
echo Demarrage de Lea...
|
||||
pushd "%DEST%"
|
||||
start "" /b "%TARGET%" %ARGS%
|
||||
popd
|
||||
|
||||
:: --- Verification rapide (via le lock PID) -----------------
|
||||
timeout /t 3 >nul
|
||||
set "LEA_ALIVE=0"
|
||||
if exist "%DEST%\lea_agent.lock" (
|
||||
for /f "usebackq tokens=* delims=" %%i in ("%DEST%\lea_agent.lock") do (
|
||||
tasklist /FI "PID eq %%i" /NH 2>nul | findstr /I "pythonw" >nul && set "LEA_ALIVE=1"
|
||||
)
|
||||
)
|
||||
|
||||
echo.
|
||||
echo ============================================================
|
||||
if "%LEA_ALIVE%"=="1" (
|
||||
echo Lea est installee et demarree !
|
||||
) else (
|
||||
echo Lea est installee.
|
||||
)
|
||||
echo ============================================================
|
||||
echo.
|
||||
echo - Lea apparait en bas a droite, dans la barre des taches
|
||||
echo (petite icone ronde, a cote de l'horloge).
|
||||
echo - Lea demarrera AUTOMATIQUEMENT a chaque ouverture de session.
|
||||
echo - Un raccourci "Lea" a ete ajoute sur votre Bureau.
|
||||
echo.
|
||||
echo Vous pouvez fermer cette fenetre.
|
||||
echo.
|
||||
pause
|
||||
endlocal
|
||||
exit /b 0
|
||||
105
deploy/installer/LISEZMOI-autonome.txt
Normal file
105
deploy/installer/LISEZMOI-autonome.txt
Normal file
@@ -0,0 +1,105 @@
|
||||
============================================================
|
||||
Lea - Votre assistante intelligente
|
||||
============================================================
|
||||
|
||||
Bienvenue ! Lea est une assistante qui apprend vos taches
|
||||
repetitives sur l'ordinateur pour pouvoir vous aider.
|
||||
|
||||
Cette version est 100% autonome : aucun Python a installer,
|
||||
aucun droit administrateur necessaire.
|
||||
|
||||
|
||||
INSTALLATION (une seule fois)
|
||||
-----------------------------
|
||||
|
||||
1. Si Lea est dans un fichier ZIP, faites un clic droit
|
||||
dessus puis "Extraire tout..." (ne lancez pas Lea
|
||||
directement depuis le ZIP).
|
||||
|
||||
2. Ouvrez le dossier extrait et double-cliquez sur
|
||||
"Installer-Lea.bat".
|
||||
|
||||
3. Patientez quelques secondes (copie du programme).
|
||||
A la fin, le message "Lea est installee et demarree"
|
||||
s'affiche.
|
||||
|
||||
C'est tout. Lea est installee dans votre profil utilisateur
|
||||
et :
|
||||
|
||||
- un raccourci "Lea" est ajoute sur votre Bureau ;
|
||||
- Lea demarrera AUTOMATIQUEMENT a chaque fois que vous
|
||||
ouvrez votre session Windows.
|
||||
|
||||
Vous pouvez ensuite supprimer le dossier extrait et le ZIP :
|
||||
Lea continue de fonctionner (elle a ete copiee a part).
|
||||
|
||||
|
||||
LANCER LEA MANUELLEMENT
|
||||
-----------------------
|
||||
|
||||
Si besoin, double-cliquez sur le raccourci "Lea" du Bureau.
|
||||
|
||||
Lea apparait en bas a droite de votre ecran, dans la barre
|
||||
des taches (petite icone ronde, a cote de l'horloge).
|
||||
|
||||
Clic droit sur l'icone pour ouvrir le menu :
|
||||
|
||||
- "Apprenez-moi une tache" : Lea observe ce que vous faites
|
||||
et memorise les etapes. Travaillez normalement, Lea
|
||||
apprend en vous regardant.
|
||||
|
||||
- "C'est termine" : Arrete l'enregistrement quand vous
|
||||
avez fini la tache. Si vous oubliez, Lea s'arrete
|
||||
automatiquement apres 1 heure.
|
||||
|
||||
- "Discuter avec Lea" : Ouvre une fenetre de discussion
|
||||
pour poser des questions.
|
||||
|
||||
- "ARRET D'URGENCE" : Arrete immediatement tout ce que
|
||||
Lea est en train de faire.
|
||||
|
||||
- "Quitter Lea" : Ferme le programme.
|
||||
|
||||
|
||||
INFORMATIONS IMPORTANTES
|
||||
------------------------
|
||||
|
||||
Quand Lea enregistre vos actions, elle capture votre ecran,
|
||||
vos clics et vos frappes clavier.
|
||||
|
||||
- Lea vous previent AVANT chaque enregistrement
|
||||
- Les donnees sensibles (mots de passe, informations
|
||||
medicales) sont automatiquement floutees
|
||||
- L'enregistrement s'arrete automatiquement apres 1 heure
|
||||
- Vous pouvez arreter a tout moment via le menu
|
||||
|
||||
Lea est un systeme base sur l'intelligence artificielle
|
||||
(Article 50, Reglement europeen sur l'IA).
|
||||
|
||||
|
||||
CONFIGURATION
|
||||
-------------
|
||||
|
||||
Si vous devez modifier l'adresse du serveur, ouvrez le fichier
|
||||
"config.txt" (dans le dossier d'installation de Lea) avec le
|
||||
Bloc-notes et changez les valeurs.
|
||||
|
||||
Ne modifiez rien d'autre sans l'accord de votre administrateur.
|
||||
|
||||
|
||||
EN CAS DE PROBLEME
|
||||
-------------------
|
||||
|
||||
- Lea ne demarre pas : double-cliquez a nouveau sur le
|
||||
raccourci "Lea" du Bureau, ou relancez "Installer-Lea.bat".
|
||||
|
||||
- Lea est deconnectee : Verifiez votre connexion
|
||||
reseau. Le serveur est peut-etre en maintenance.
|
||||
|
||||
- Pour desinstaller : supprimez le dossier "Lea" dans
|
||||
votre profil (dossier %LOCALAPPDATA%\Lea) ainsi que les
|
||||
raccourcis "Lea" du Bureau et du Demarrage.
|
||||
|
||||
- En cas de doute, contactez votre administrateur.
|
||||
|
||||
============================================================
|
||||
@@ -14,6 +14,8 @@ EnvironmentFile=/home/dom/ai/rpa_vision_v3/.env.local
|
||||
Environment="PYTHONUNBUFFERED=1"
|
||||
Environment="ENVIRONMENT=production"
|
||||
Environment="RPA_SERVICE_NAME=rpa-vision-v3-api"
|
||||
# Keep the upload API internal to the DGX; other LAN-facing services keep the shared bind host.
|
||||
Environment="RPA_BIND_HOST=127.0.0.1"
|
||||
# Service grounding persistant — socket + répertoire d'images partagés via /run/rpa/.
|
||||
# Si le service rpa-grounding n'est pas démarré, le client retombe automatiquement
|
||||
# sur le subprocess one-shot (cf. ui_tars_grounder.py).
|
||||
|
||||
@@ -38,7 +38,11 @@ def load_env_file(env_path):
|
||||
line = line.strip()
|
||||
if line and not line.startswith('#') and '=' in line:
|
||||
key, value = line.split('=', 1)
|
||||
os.environ[key.strip()] = value.strip()
|
||||
# setdefault : l'environnement déjà défini par le service (systemd
|
||||
# Environment=/EnvironmentFile=) prime ; .env.local ne fournit que des
|
||||
# valeurs par défaut. Évite d'écraser une variable volontairement
|
||||
# surchargée côté service (ex. RPA_BIND_HOST=127.0.0.1).
|
||||
os.environ.setdefault(key.strip(), value.strip())
|
||||
return True
|
||||
|
||||
# Charger .env.local depuis le répertoire parent (racine du projet)
|
||||
|
||||
@@ -119,8 +119,10 @@ def test_export_vwb_workflow_with_pause_step():
|
||||
]
|
||||
core = convert_vwb_to_core_workflow(workflow_data, steps_data)
|
||||
assert core["learning_state"] == "COACHING"
|
||||
assert len(core["nodes"]) == 3
|
||||
assert len(core["edges"]) == 2
|
||||
assert len(core["nodes"]) == 4
|
||||
assert len(core["edges"]) == 3
|
||||
assert core["edges"][-1]["action"]["type"] == "mouse_click"
|
||||
assert core["nodes"][-1]["is_end"] is True
|
||||
|
||||
# L'edge sortant du node de pause doit avoir le bon type + message
|
||||
pause_edges = [
|
||||
|
||||
@@ -1289,3 +1289,158 @@ class TestAPIEndpoints:
|
||||
assert len(workflows) == 1
|
||||
assert workflows[0]["workflow_id"] == "wf_api_001"
|
||||
assert workflows[0]["nodes"] == 2
|
||||
|
||||
|
||||
class TestWorkerStatusTruthfulness:
|
||||
"""Truthfulness du statut worker exposé par _get_worker_queue_status.
|
||||
|
||||
Distingue VEILLE (armé, lazy : worker neuf qui n'a jamais traité de
|
||||
session, composants chargés à la 1re session) de DÉGRADÉ (init tentée
|
||||
et en échec). Un worker en veille ne doit JAMAIS être étiqueté 'degraded'.
|
||||
"""
|
||||
|
||||
# Même contrainte que TestAPIEndpoints : api_stream fail-closed à l'import
|
||||
# si RPA_API_TOKEN absent.
|
||||
_TEST_API_TOKEN = "test_token_for_worker_status_0123456789abcdef"
|
||||
|
||||
@pytest.fixture(autouse=True)
|
||||
def _ensure_api_token(self, monkeypatch):
|
||||
monkeypatch.setenv("RPA_API_TOKEN", self._TEST_API_TOKEN)
|
||||
|
||||
@pytest.fixture
|
||||
def status_env(self, tmp_path, monkeypatch):
|
||||
"""Isole les fichiers worker (health/queue/lock) sur tmp_path."""
|
||||
from agent_v0.server_v1 import api_stream
|
||||
|
||||
health_file = tmp_path / "_worker_health.json"
|
||||
queue_file = tmp_path / "_worker_queue.txt"
|
||||
lock_file = tmp_path / "_replay_active.lock"
|
||||
monkeypatch.setattr(api_stream, "WORKER_HEALTH_FILE", health_file)
|
||||
monkeypatch.setattr(api_stream, "WORKER_QUEUE_FILE", queue_file)
|
||||
monkeypatch.setattr(api_stream, "REPLAY_LOCK_FILE", lock_file)
|
||||
return api_stream, health_file
|
||||
|
||||
@staticmethod
|
||||
def _write_health(health_file, **overrides):
|
||||
"""Écrit un health file frais (mtime récent => non stale)."""
|
||||
payload = {
|
||||
"pid": 1234,
|
||||
"started_at": "2026-06-18T10:00:00",
|
||||
"last_cycle": "2026-06-18T10:00:30",
|
||||
"current_session": None,
|
||||
"queue_length": 0,
|
||||
"components": {
|
||||
"screen_analyzer": False,
|
||||
"clip_embedder": False,
|
||||
"faiss_manager": False,
|
||||
"state_embedding_builder": False,
|
||||
},
|
||||
"stats": {
|
||||
"sessions_processed": 0,
|
||||
"sessions_failed": 0,
|
||||
"sessions_skipped": 0,
|
||||
"total_screenshots_analyzed": 0,
|
||||
},
|
||||
"status": "healthy",
|
||||
}
|
||||
payload.update(overrides)
|
||||
health_file.write_text(json.dumps(payload), encoding="utf-8")
|
||||
|
||||
def test_fresh_worker_is_idle_not_degraded(self, status_env):
|
||||
"""Worker neuf : healthy, 0 session, tous composants false
|
||||
=> statut 'idle' (en veille / armé), PAS 'degraded'."""
|
||||
api_stream, health_file = status_env
|
||||
self._write_health(health_file) # défaut = état neuf
|
||||
|
||||
status = api_stream._get_worker_queue_status()
|
||||
|
||||
assert status["running"] is True
|
||||
assert status["status"] == "idle", status
|
||||
assert status["armed"] is True
|
||||
assert status["components_ready"] is False
|
||||
# processing_ready reste False tant que les composants ne sont pas chargés
|
||||
assert status["processing_ready"] is False
|
||||
assert "veille" in status["status_hint"].lower()
|
||||
|
||||
def test_worker_init_failed_is_degraded(self, status_env):
|
||||
"""Init tentée et en échec : run_worker force status='degraded'
|
||||
(VLM + ScreenAnalyzer absent) => on conserve 'degraded'."""
|
||||
api_stream, health_file = status_env
|
||||
self._write_health(
|
||||
health_file,
|
||||
status="degraded", # forcé par run_worker._write_health
|
||||
components={
|
||||
"screen_analyzer": False,
|
||||
"clip_embedder": True,
|
||||
"faiss_manager": True,
|
||||
"state_embedding_builder": False,
|
||||
},
|
||||
stats={
|
||||
"sessions_processed": 0,
|
||||
"sessions_failed": 1, # une session a tenté l'init et échoué
|
||||
"sessions_skipped": 0,
|
||||
"total_screenshots_analyzed": 0,
|
||||
},
|
||||
)
|
||||
|
||||
status = api_stream._get_worker_queue_status()
|
||||
|
||||
assert status["running"] is True
|
||||
assert status["status"] == "degraded", status
|
||||
assert status["armed"] is False
|
||||
assert status["processing_ready"] is False
|
||||
assert "dégradé" in status["status_hint"].lower()
|
||||
|
||||
def test_worker_partial_components_after_attempt_is_degraded(self, status_env):
|
||||
"""Composants partiels après tentative de traitement (sessions_failed>0),
|
||||
sans status forcé par le worker => 'degraded' (pas 'idle')."""
|
||||
api_stream, health_file = status_env
|
||||
self._write_health(
|
||||
health_file,
|
||||
status="healthy",
|
||||
components={
|
||||
"screen_analyzer": True,
|
||||
"clip_embedder": True,
|
||||
"faiss_manager": False, # un composant manquant
|
||||
"state_embedding_builder": True,
|
||||
},
|
||||
stats={
|
||||
"sessions_processed": 0,
|
||||
"sessions_failed": 2,
|
||||
"sessions_skipped": 0,
|
||||
"total_screenshots_analyzed": 0,
|
||||
},
|
||||
)
|
||||
|
||||
status = api_stream._get_worker_queue_status()
|
||||
|
||||
assert status["status"] == "degraded", status
|
||||
assert status["armed"] is False
|
||||
|
||||
def test_worker_ready_after_processing_is_healthy(self, status_env):
|
||||
"""Worker ayant traité au moins une session, tous composants chargés
|
||||
=> 'healthy' et processing_ready=True."""
|
||||
api_stream, health_file = status_env
|
||||
self._write_health(
|
||||
health_file,
|
||||
status="healthy",
|
||||
components={
|
||||
"screen_analyzer": True,
|
||||
"clip_embedder": True,
|
||||
"faiss_manager": True,
|
||||
"state_embedding_builder": True,
|
||||
},
|
||||
stats={
|
||||
"sessions_processed": 3,
|
||||
"sessions_failed": 0,
|
||||
"sessions_skipped": 0,
|
||||
"total_screenshots_analyzed": 42,
|
||||
},
|
||||
)
|
||||
|
||||
status = api_stream._get_worker_queue_status()
|
||||
|
||||
assert status["status"] == "healthy", status
|
||||
assert status["armed"] is False
|
||||
assert status["components_ready"] is True
|
||||
assert status["processing_ready"] is True
|
||||
|
||||
@@ -296,9 +296,11 @@ def test_export_workflow_with_t2a_chain():
|
||||
]
|
||||
core = convert_vwb_to_core_workflow(workflow_data, steps_data)
|
||||
edge_types = [e["action"]["type"] for e in core["edges"]]
|
||||
assert len(core["edges"]) == len(steps_data)
|
||||
assert "extract_text" in edge_types
|
||||
assert "t2a_decision" in edge_types
|
||||
assert "pause_for_human" in edge_types
|
||||
assert edge_types[-1] == "mouse_click"
|
||||
# Vérifier que le templating est bien transporté
|
||||
t2a_edge = next(e for e in core["edges"] if e["action"]["type"] == "t2a_decision")
|
||||
assert t2a_edge["action"]["parameters"]["input_template"] == "{{dpi}}"
|
||||
|
||||
44
tests/test_dashboard_server_url.py
Normal file
44
tests/test_dashboard_server_url.py
Normal file
@@ -0,0 +1,44 @@
|
||||
"""TDD — résolution de l'URL serveur d'enrôlement depuis system_config.json.
|
||||
|
||||
Câble l'éditeur adresses/ports du dashboard (`services.streaming`) vers le
|
||||
`RPA_SERVER_URL` généré pour chaque agent Léa.
|
||||
|
||||
Priorité : config (`system_config.json`) > variable d'env > défaut.
|
||||
Un host loopback/vide dans la config = « non configuré » → fallback env, pour
|
||||
ne PAS régresser le déploiement actuel où l'URL vient de l'environnement.
|
||||
"""
|
||||
import os
|
||||
|
||||
# L'import du dashboard est fail-closed sur l'auth → escape dev/test documenté.
|
||||
os.environ.setdefault("DASHBOARD_AUTH_DISABLED", "true")
|
||||
|
||||
from web_dashboard import app as dash # noqa: E402
|
||||
|
||||
|
||||
def test_resolve_url_from_config_streaming_host(monkeypatch):
|
||||
"""La config (host streaming édité dans l'UI) prime, même si l'env existe."""
|
||||
monkeypatch.setattr(
|
||||
dash, "load_system_config",
|
||||
lambda: {"services": {"streaming": {"host": "192.168.1.178", "port": 5005}}},
|
||||
)
|
||||
monkeypatch.setenv("RPA_SERVER_URL", "http://192.168.1.45:5005/api/v1")
|
||||
assert dash._resolve_public_server_url() == "http://192.168.1.178:5005/api/v1"
|
||||
|
||||
|
||||
def test_resolve_url_loopback_in_config_falls_back_to_env(monkeypatch):
|
||||
"""host=localhost dans la config = non configuré → on garde l'env (pas de régression)."""
|
||||
monkeypatch.setattr(
|
||||
dash, "load_system_config",
|
||||
lambda: {"services": {"streaming": {"host": "localhost", "port": 5005}}},
|
||||
)
|
||||
monkeypatch.delenv("RPA_PUBLIC_URL", raising=False)
|
||||
monkeypatch.setenv("RPA_SERVER_URL", "http://192.168.1.45:5005/api/v1")
|
||||
assert dash._resolve_public_server_url() == "http://192.168.1.45:5005/api/v1"
|
||||
|
||||
|
||||
def test_resolve_url_no_config_uses_env(monkeypatch):
|
||||
"""Aucune section streaming → fallback env, normalisé en /api/v1."""
|
||||
monkeypatch.setattr(dash, "load_system_config", lambda: {"services": {}})
|
||||
monkeypatch.delenv("RPA_PUBLIC_URL", raising=False)
|
||||
monkeypatch.setenv("RPA_SERVER_URL", "http://10.0.0.5:5005/api/v1")
|
||||
assert dash._resolve_public_server_url() == "http://10.0.0.5:5005/api/v1"
|
||||
@@ -114,6 +114,37 @@ class TestDashboardRoutes:
|
||||
'timeout': 30,
|
||||
}]
|
||||
|
||||
def test_streaming_status_snapshot_aggregates_existing_endpoints(self, monkeypatch):
|
||||
"""Le proxy legacy /status agrège les endpoints streaming reels."""
|
||||
calls = []
|
||||
|
||||
def fake_fetch(endpoint, query_string=''):
|
||||
calls.append((endpoint, query_string))
|
||||
if endpoint == 'stats':
|
||||
return {'active_sessions': 1, 'total_events': 7}
|
||||
if endpoint == 'sessions':
|
||||
return {'sessions': [{'session_id': 's1'}]}
|
||||
if endpoint == 'processing/status':
|
||||
return {'status': 'degraded', 'components_ready': False}
|
||||
if endpoint == 'replays':
|
||||
return {'replays': [{'replay_id': 'r1', 'active': True}]}
|
||||
raise AssertionError(endpoint)
|
||||
|
||||
monkeypatch.setattr(dashboard_app, '_fetch_streaming_json', fake_fetch)
|
||||
|
||||
snapshot = dashboard_app._streaming_status_snapshot()
|
||||
|
||||
assert snapshot['active_sessions'] == 1
|
||||
assert snapshot['sessions'] == [{'session_id': 's1'}]
|
||||
assert snapshot['processing']['status'] == 'degraded'
|
||||
assert snapshot['replay']['replay_id'] == 'r1'
|
||||
assert calls == [
|
||||
('stats', ''),
|
||||
('sessions', ''),
|
||||
('processing/status', ''),
|
||||
('replays', ''),
|
||||
]
|
||||
|
||||
def test_dashboard_submit_competence_verdict(self, client, monkeypatch):
|
||||
"""Le dashboard journalise un verdict sans write-back YAML."""
|
||||
import core.competences.verdicts as verdicts_module
|
||||
@@ -212,6 +243,58 @@ class TestDashboardRoutes:
|
||||
data = resp.get_json()
|
||||
assert 'workflows' in data
|
||||
|
||||
def test_workflows_list_reads_vwb_db(self, client, monkeypatch, tmp_path):
|
||||
"""Régression red-gate : /api/workflows reflète la base VWB v3, pas 0.
|
||||
|
||||
Avant correctif l'endpoint globait un store JSON vide et renvoyait
|
||||
toujours total:0. On construit une DB VWB minimale (schéma canonique
|
||||
workflows + steps) et on vérifie que l'endpoint expose le compte réel.
|
||||
"""
|
||||
import sqlite3
|
||||
from pathlib import Path
|
||||
|
||||
db_path = tmp_path / "instance" / "workflows.db"
|
||||
db_path.parent.mkdir(parents=True, exist_ok=True)
|
||||
conn = sqlite3.connect(str(db_path))
|
||||
conn.execute(
|
||||
"CREATE TABLE workflows (id VARCHAR(64) PRIMARY KEY, name VARCHAR(255), "
|
||||
"description TEXT, created_at DATETIME, updated_at DATETIME, "
|
||||
"is_active BOOLEAN, source VARCHAR(64), review_status VARCHAR(32))"
|
||||
)
|
||||
conn.execute(
|
||||
"CREATE TABLE steps (id VARCHAR(64) PRIMARY KEY, workflow_id VARCHAR(64), "
|
||||
"action_type VARCHAR(64))"
|
||||
)
|
||||
conn.execute(
|
||||
"INSERT INTO workflows VALUES (?,?,?,?,?,?,?,?)",
|
||||
("wf_aiva", "Urgence_aiva_demo", "demo", "2026-06-01", "2026-06-18",
|
||||
1, "manual", ""),
|
||||
)
|
||||
conn.execute(
|
||||
"INSERT INTO workflows VALUES (?,?,?,?,?,?,?,?)",
|
||||
("wf_learned", "Learned_flow", "", "2026-06-02", "2026-06-17",
|
||||
1, "learned_import", "pending"),
|
||||
)
|
||||
# 3 steps pour wf_aiva → nodes_count attendu = 3
|
||||
for i in range(3):
|
||||
conn.execute(
|
||||
"INSERT INTO steps VALUES (?,?,?)", (f"s{i}", "wf_aiva", "click")
|
||||
)
|
||||
conn.commit()
|
||||
conn.close()
|
||||
|
||||
monkeypatch.setattr(dashboard_app, "VWB_DB_PATH", Path(db_path))
|
||||
|
||||
resp = client.get('/api/workflows')
|
||||
assert resp.status_code == 200
|
||||
data = resp.get_json()
|
||||
assert data['total'] == 2, f"attendu 2 workflows, obtenu {data['total']}"
|
||||
names = {w['name'] for w in data['workflows']}
|
||||
assert 'Urgence_aiva_demo' in names
|
||||
aiva = next(w for w in data['workflows'] if w['name'] == 'Urgence_aiva_demo')
|
||||
assert aiva['nodes_count'] == 3
|
||||
assert aiva['source'] == 'manual'
|
||||
|
||||
def test_sessions_list(self, client):
|
||||
"""L'API sessions retourne la liste."""
|
||||
resp = client.get('/api/agent/sessions')
|
||||
|
||||
@@ -28,6 +28,109 @@ load_dotenv() # fallback .env dans cwd (n'écrase pas les vars déjà définies
|
||||
# Initialize Flask app
|
||||
app = Flask(__name__)
|
||||
|
||||
# ============================================================
|
||||
# HTTP Basic Auth LAN (cohérent avec le dashboard 5001)
|
||||
# ============================================================
|
||||
# Le VWB (backend 5002) était exposé au LAN SANS authentification. On ajoute
|
||||
# un middleware before_request qui exige un header Authorization: Basic <b64>
|
||||
# pour toute requête NON-loopback (LAN), avec les MÊMES credentials que le
|
||||
# dashboard : DASHBOARD_USER / DASHBOARD_PASSWORD (dans .env.local).
|
||||
#
|
||||
# GARDE-FOU CRITIQUE — exemption loopback :
|
||||
# Le dashboard (agent_chat/app.py `_fetch_vwb_workflows`) et les healthchecks
|
||||
# appellent ce backend en boucle locale (http://localhost:5002 → 127.0.0.1).
|
||||
# Exiger l'auth en loopback CASSERAIT l'intégration dashboard↔VWB. On exempte
|
||||
# donc 127.0.0.1 / ::1 (et ::ffff:127.0.0.1) de toute auth.
|
||||
#
|
||||
# Différence assumée avec le dashboard (fail-closed) : ici on NE crashe PAS si
|
||||
# DASHBOARD_PASSWORD est absent. On log un warning et on laisse passer le LAN
|
||||
# (mode POC dev/dégradé). En clinique, DASHBOARD_PASSWORD est défini dans
|
||||
# .env.local (chargé ci-dessus, lignes 24-26) → l'auth LAN est effective.
|
||||
import base64 as _base64
|
||||
import hmac as _hmac
|
||||
|
||||
_VWB_AUTH_USER = os.getenv("DASHBOARD_USER", "lea").strip()
|
||||
_VWB_AUTH_PASSWORD = os.getenv("DASHBOARD_PASSWORD", "").strip()
|
||||
# Désactivation explicite (dev/tests, parité avec le dashboard).
|
||||
_VWB_AUTH_DISABLED = os.getenv("DASHBOARD_AUTH_DISABLED", "").lower() in (
|
||||
"1", "true", "yes",
|
||||
)
|
||||
|
||||
# Adresses considérées comme loopback (server-to-server, jamais challengées).
|
||||
_VWB_LOOPBACK_ADDRS = {"127.0.0.1", "::1", "::ffff:127.0.0.1"}
|
||||
|
||||
# Paths publics (pas d'auth) — healthchecks systemd / NPM / smokes.
|
||||
_VWB_PUBLIC_PATHS = {"/health", "/api/health"}
|
||||
|
||||
if not _VWB_AUTH_PASSWORD and not _VWB_AUTH_DISABLED:
|
||||
logging.getLogger("vwb.auth").warning(
|
||||
"[SECURITE] DASHBOARD_PASSWORD non defini : l'auth Basic LAN du VWB "
|
||||
"(5002) est INACTIVE (le LAN passe sans credentials). Definir "
|
||||
"DASHBOARD_PASSWORD dans .env.local pour l'activer (cible clinique)."
|
||||
)
|
||||
|
||||
|
||||
def _vwb_auth_ok(header_value: str) -> bool:
|
||||
"""Valide le header Authorization Basic. Comparaison constant-time.
|
||||
|
||||
Logique identique au dashboard (`web_dashboard/app.py::_dashboard_auth_ok`).
|
||||
"""
|
||||
if not header_value or not header_value.lower().startswith("basic "):
|
||||
return False
|
||||
try:
|
||||
decoded = _base64.b64decode(header_value[6:].strip()).decode("utf-8")
|
||||
except (ValueError, UnicodeDecodeError):
|
||||
return False
|
||||
if ":" not in decoded:
|
||||
return False
|
||||
user, _, password = decoded.partition(":")
|
||||
user_ok = _hmac.compare_digest(user, _VWB_AUTH_USER)
|
||||
pwd_ok = _hmac.compare_digest(password, _VWB_AUTH_PASSWORD)
|
||||
return user_ok and pwd_ok
|
||||
|
||||
|
||||
@app.before_request
|
||||
def _vwb_basic_auth_middleware():
|
||||
"""Middleware d'auth HTTP Basic LAN sur le backend VWB (port 5002).
|
||||
|
||||
- Bypass total si DASHBOARD_AUTH_DISABLED=true (dev/tests).
|
||||
- Bypass total si DASHBOARD_PASSWORD absent (mode POC degrade, warning emis
|
||||
au demarrage) — on ne casse pas le service faute de secret.
|
||||
- Loopback (127.0.0.1 / ::1) : JAMAIS challenge (proxy dashboard, healthcheck).
|
||||
- Preflight CORS (OPTIONS) : laisse passer (le navigateur n'envoie pas
|
||||
l'en-tete Authorization au preflight).
|
||||
- Paths publics (_VWB_PUBLIC_PATHS) : healthchecks externes.
|
||||
- Sinon (requete LAN) : header Authorization: Basic <b64> obligatoire, sinon 401.
|
||||
"""
|
||||
from flask import request, Response
|
||||
|
||||
# Dev / tests / mode degrade sans secret : bypass total
|
||||
if _VWB_AUTH_DISABLED or not _VWB_AUTH_PASSWORD:
|
||||
return None
|
||||
|
||||
# Preflight CORS : pas d'auth (le navigateur n'envoie pas les credentials)
|
||||
if request.method == "OPTIONS":
|
||||
return None
|
||||
|
||||
# Exemption loopback (server-to-server : dashboard, healthcheck)
|
||||
if (request.remote_addr or "") in _VWB_LOOPBACK_ADDRS:
|
||||
return None
|
||||
|
||||
# Paths publics (healthchecks externes)
|
||||
if (request.path or "/") in _VWB_PUBLIC_PATHS:
|
||||
return None
|
||||
|
||||
if _vwb_auth_ok(request.headers.get("Authorization", "")):
|
||||
return None
|
||||
|
||||
# Pas authentifie — challenge 401 avec WWW-Authenticate
|
||||
return Response(
|
||||
'{"error": "authentication required"}',
|
||||
status=401,
|
||||
mimetype="application/json",
|
||||
headers={"WWW-Authenticate": 'Basic realm="RPA Vision V3 VWB"'},
|
||||
)
|
||||
|
||||
# ============================================================
|
||||
# Logging — fichier rotatif + console (idempotent)
|
||||
# ============================================================
|
||||
|
||||
@@ -166,11 +166,30 @@ def convert_learned_to_vwb_steps(
|
||||
)
|
||||
continue
|
||||
|
||||
# Image d'ancre du parent : à poser sur le 1er substep cliquable.
|
||||
# Les actions simples l'obtiennent déjà (branche `else` plus bas) ;
|
||||
# les compound ne la propageaient pas → substeps anchor_id NULL.
|
||||
compound_anchor_b64 = (
|
||||
target.get("anchor_image_base64")
|
||||
or target.get("screenshot")
|
||||
or (target.get("context_hints") or {}).get("anchor_image_base64")
|
||||
)
|
||||
compound_anchor_attached = False
|
||||
|
||||
for sub_idx, sub in enumerate(sub_steps):
|
||||
sub_type = sub.get("type", "unknown")
|
||||
sub_vwb_type, sub_params = _convert_compound_substep(
|
||||
sub_type, sub, target
|
||||
)
|
||||
# Poser l'ancre du parent sur le 1er substep cliquable uniquement
|
||||
# (éviter de la dupliquer sur les N substeps).
|
||||
if (
|
||||
compound_anchor_b64
|
||||
and not compound_anchor_attached
|
||||
and sub_vwb_type in ("click_anchor", "double_click_anchor", "right_click_anchor")
|
||||
):
|
||||
sub_params["_anchor_image_base64"] = compound_anchor_b64
|
||||
compound_anchor_attached = True
|
||||
label = _build_step_label(sub_vwb_type, sub_params, from_name, to_name)
|
||||
steps.append({
|
||||
"action_type": sub_vwb_type,
|
||||
@@ -480,21 +499,24 @@ def convert_vwb_to_core_workflow(
|
||||
now = datetime.now().isoformat()
|
||||
wf_id = workflow_data.get("id", f"wf_{uuid.uuid4().hex[:12]}")
|
||||
|
||||
# Créer les nodes : un node par étape (chaque étape = un état écran)
|
||||
# Les actions sont portées par les edges. N étapes VWB doivent donc donner
|
||||
# N edges core, et N+1 états écran (avant chaque action + terminal).
|
||||
nodes = []
|
||||
edges = []
|
||||
|
||||
for idx, step in enumerate(steps_data):
|
||||
node_count = len(steps_data) + 1 if steps_data else 0
|
||||
for idx in range(node_count):
|
||||
step = steps_data[idx] if idx < len(steps_data) else {}
|
||||
node_id = f"node_{idx:03d}"
|
||||
action_type = step.get("action_type", "click_anchor")
|
||||
params = step.get("parameters", {})
|
||||
label = step.get("label", action_type)
|
||||
label = step.get("label", action_type) if idx < len(steps_data) else "Fin du workflow"
|
||||
|
||||
# Créer le node (template minimal)
|
||||
node = {
|
||||
"node_id": node_id,
|
||||
"name": label,
|
||||
"description": f"Étape {idx + 1} : {label}",
|
||||
"description": f"Étape {idx + 1} : {label}" if idx < len(steps_data) else "État terminal",
|
||||
"template": {
|
||||
"window": {
|
||||
"title_pattern": params.get("window_title"),
|
||||
@@ -518,7 +540,7 @@ def convert_vwb_to_core_workflow(
|
||||
},
|
||||
},
|
||||
"is_entry": idx == 0,
|
||||
"is_end": idx == len(steps_data) - 1,
|
||||
"is_end": idx == node_count - 1,
|
||||
"variants": [],
|
||||
"primary_variant_id": None,
|
||||
"max_variants": 5,
|
||||
@@ -529,12 +551,13 @@ def convert_vwb_to_core_workflow(
|
||||
"metadata": {
|
||||
"vwb_step_id": step.get("id", ""),
|
||||
"visual_type": _action_type_to_visual(action_type),
|
||||
"terminal": idx >= len(steps_data),
|
||||
},
|
||||
}
|
||||
nodes.append(node)
|
||||
|
||||
# Créer l'edge vers le node suivant (sauf pour le dernier)
|
||||
if idx < len(steps_data) - 1:
|
||||
# Créer un edge/action pour chaque step VWB, y compris la dernière.
|
||||
if idx < len(steps_data):
|
||||
next_node_id = f"node_{idx + 1:03d}"
|
||||
|
||||
# Convertir l'action VWB → action core
|
||||
|
||||
@@ -0,0 +1,69 @@
|
||||
#!/usr/bin/env python3
|
||||
"""
|
||||
Test TDD — propagation de l'image d'ancre aux substeps *compound* (SP-1 / U-B).
|
||||
|
||||
Bug : `convert_learned_to_vwb_steps` ne propage `anchor_image_base64` qu'aux
|
||||
actions simples (branche L226-233). Les substeps des actions *compound*
|
||||
(majoritaires côté Léa) passent par `_convert_compound_substep` qui ne lit
|
||||
jamais l'ancre → `anchor_id NULL` → "Ancre requise" sans image dans le VWB.
|
||||
|
||||
Cible du fix : poser l'image d'ancre du parent sur le 1er substep cliquable.
|
||||
"""
|
||||
|
||||
import sys
|
||||
from pathlib import Path
|
||||
|
||||
sys.path.insert(0, str(Path(__file__).resolve().parent))
|
||||
|
||||
from services.learned_workflow_bridge import convert_learned_to_vwb_steps
|
||||
|
||||
_CLICK_TYPES = ("click_anchor", "double_click_anchor", "right_click_anchor")
|
||||
|
||||
|
||||
def _compound_workflow_with_anchor(b64: str) -> dict:
|
||||
"""Workflow core minimal : un edge compound dont la cible porte une image
|
||||
d'ancre dans `context_hints`, avec un substep cliquable suivi d'une saisie."""
|
||||
return {
|
||||
"workflow_id": "wf_test_compound_anchor",
|
||||
"name": "Test compound anchor",
|
||||
"entry_nodes": ["n1"],
|
||||
"nodes": [
|
||||
{"node_id": "n1", "name": "Start"},
|
||||
{"node_id": "n2", "name": "End"},
|
||||
],
|
||||
"edges": [
|
||||
{
|
||||
"edge_id": "e1",
|
||||
"from_node": "n1",
|
||||
"to_node": "n2",
|
||||
"action": {
|
||||
"type": "compound",
|
||||
"target": {
|
||||
"by_text": "Fichier",
|
||||
"context_hints": {"anchor_image_base64": b64},
|
||||
},
|
||||
"parameters": {
|
||||
"steps": [
|
||||
{"type": "mouse_click", "pos": [0.5, 0.5], "button": "left"},
|
||||
{"type": "text_input", "text": "bonjour"},
|
||||
]
|
||||
},
|
||||
},
|
||||
}
|
||||
],
|
||||
}
|
||||
|
||||
|
||||
def test_compound_substep_inherits_anchor_image():
|
||||
"""Le 1er substep cliquable d'un compound doit hériter de l'image d'ancre du parent."""
|
||||
b64 = "ZmFrZV9hbmNob3I=" # "fake_anchor" encodé base64
|
||||
_meta, steps, _warnings = convert_learned_to_vwb_steps(
|
||||
_compound_workflow_with_anchor(b64)
|
||||
)
|
||||
|
||||
clickable = [s for s in steps if s["action_type"] in _CLICK_TYPES]
|
||||
assert clickable, "le compound aurait dû produire au moins un step cliquable"
|
||||
assert clickable[0]["parameters"].get("_anchor_image_base64") == b64, (
|
||||
"le 1er substep cliquable doit hériter de l'image d'ancre du parent "
|
||||
"(target.context_hints.anchor_image_base64)"
|
||||
)
|
||||
195
visual_workflow_builder/backend/tests/test_vwb_basic_auth.py
Normal file
195
visual_workflow_builder/backend/tests/test_vwb_basic_auth.py
Normal file
@@ -0,0 +1,195 @@
|
||||
"""
|
||||
Tests de l'auth HTTP Basic LAN du backend VWB (port 5002).
|
||||
|
||||
Le VWB etait expose au LAN SANS authentification. Le middleware
|
||||
`_vwb_basic_auth_middleware` ajoute un challenge 401 sur toute requete
|
||||
NON-loopback, avec les MEMES credentials que le dashboard
|
||||
(DASHBOARD_USER / DASHBOARD_PASSWORD).
|
||||
|
||||
Controles cles :
|
||||
- Loopback (127.0.0.1) sans credentials -> 200 (proxy dashboard / healthcheck).
|
||||
- LAN (REMOTE_ADDR non loopback) sans credentials -> 401 + WWW-Authenticate.
|
||||
- LAN avec mauvais mot de passe -> 401.
|
||||
- LAN avec bons credentials -> passage (pas de 401).
|
||||
- /health public meme en LAN.
|
||||
- DASHBOARD_AUTH_DISABLED=true -> bypass total.
|
||||
- DASHBOARD_PASSWORD absent -> auth inactive (mode POC degrade, pas de crash).
|
||||
"""
|
||||
from __future__ import annotations
|
||||
|
||||
import base64
|
||||
import importlib
|
||||
import os
|
||||
import sys
|
||||
from pathlib import Path
|
||||
|
||||
import pytest
|
||||
|
||||
# Le backend VWB s'importe en tant que module top-level `app`
|
||||
# (cf. tests/conftest.py : `from app import app, db`). On ajoute le repertoire
|
||||
# backend au path pour pouvoir le recharger avec les variables d'env voulues.
|
||||
_BACKEND_DIR = Path(__file__).resolve().parent.parent
|
||||
if str(_BACKEND_DIR) not in sys.path:
|
||||
sys.path.insert(0, str(_BACKEND_DIR))
|
||||
|
||||
# Adresse LAN simulee (non loopback)
|
||||
_LAN_ADDR = "192.168.1.50"
|
||||
_LAN_ENV = {"REMOTE_ADDR": _LAN_ADDR}
|
||||
|
||||
|
||||
def _basic_auth_header(user: str, password: str) -> str:
|
||||
token = base64.b64encode(f"{user}:{password}".encode()).decode()
|
||||
return f"Basic {token}"
|
||||
|
||||
|
||||
def _reload_app():
|
||||
"""Recharge le module `app` pour relire les constantes d'auth depuis l'env."""
|
||||
if "app" in sys.modules:
|
||||
return importlib.reload(sys.modules["app"])
|
||||
return importlib.import_module("app")
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def auth_enabled_client(monkeypatch):
|
||||
"""Client VWB avec auth LAN active (DASHBOARD_USER/PASSWORD definis)."""
|
||||
monkeypatch.setenv("DASHBOARD_USER", "lea")
|
||||
monkeypatch.setenv("DASHBOARD_PASSWORD", "secret-test-pwd")
|
||||
monkeypatch.delenv("DASHBOARD_AUTH_DISABLED", raising=False)
|
||||
mod = _reload_app()
|
||||
mod.app.config["TESTING"] = True
|
||||
mod.app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///:memory:"
|
||||
with mod.app.test_client() as c:
|
||||
with mod.app.app_context():
|
||||
mod.db.create_all()
|
||||
yield c
|
||||
mod.db.drop_all()
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def auth_disabled_client(monkeypatch):
|
||||
"""Client VWB avec auth desactivee (DASHBOARD_AUTH_DISABLED=true)."""
|
||||
monkeypatch.setenv("DASHBOARD_AUTH_DISABLED", "true")
|
||||
monkeypatch.setenv("DASHBOARD_PASSWORD", "secret-test-pwd")
|
||||
mod = _reload_app()
|
||||
mod.app.config["TESTING"] = True
|
||||
mod.app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///:memory:"
|
||||
with mod.app.test_client() as c:
|
||||
with mod.app.app_context():
|
||||
mod.db.create_all()
|
||||
yield c
|
||||
mod.db.drop_all()
|
||||
|
||||
|
||||
@pytest.fixture
|
||||
def no_password_client(monkeypatch):
|
||||
"""Client VWB sans DASHBOARD_PASSWORD (mode POC degrade : auth inactive)."""
|
||||
monkeypatch.delenv("DASHBOARD_PASSWORD", raising=False)
|
||||
monkeypatch.delenv("DASHBOARD_AUTH_DISABLED", raising=False)
|
||||
mod = _reload_app()
|
||||
mod.app.config["TESTING"] = True
|
||||
mod.app.config["SQLALCHEMY_DATABASE_URI"] = "sqlite:///:memory:"
|
||||
with mod.app.test_client() as c:
|
||||
with mod.app.app_context():
|
||||
mod.db.create_all()
|
||||
yield c
|
||||
mod.db.drop_all()
|
||||
|
||||
|
||||
class TestVwbBasicAuth:
|
||||
"""Auth HTTP Basic LAN sur le backend VWB (5002)."""
|
||||
|
||||
def test_loopback_no_creds_passes(self, auth_enabled_client):
|
||||
"""Requete loopback (127.0.0.1) sans creds -> PAS de 401.
|
||||
|
||||
Garde-fou critique : le dashboard proxifie en loopback. La requete
|
||||
ne doit jamais etre challengee (200, ou autre code applicatif != 401).
|
||||
"""
|
||||
resp = auth_enabled_client.get("/api/v3/session/state")
|
||||
assert resp.status_code != 401, (
|
||||
f"Loopback ne doit jamais etre challenge (got {resp.status_code})"
|
||||
)
|
||||
|
||||
def test_lan_no_creds_returns_401(self, auth_enabled_client):
|
||||
"""Requete LAN (non loopback) sans creds -> 401 + WWW-Authenticate."""
|
||||
resp = auth_enabled_client.get(
|
||||
"/api/v3/session/state", environ_base=_LAN_ENV
|
||||
)
|
||||
assert resp.status_code == 401
|
||||
assert "WWW-Authenticate" in resp.headers
|
||||
assert "Basic" in resp.headers["WWW-Authenticate"]
|
||||
|
||||
def test_lan_wrong_password_returns_401(self, auth_enabled_client):
|
||||
"""Requete LAN avec mauvais mot de passe -> 401."""
|
||||
resp = auth_enabled_client.get(
|
||||
"/api/v3/session/state",
|
||||
environ_base=_LAN_ENV,
|
||||
headers={"Authorization": _basic_auth_header("lea", "wrong")},
|
||||
)
|
||||
assert resp.status_code == 401
|
||||
|
||||
def test_lan_wrong_user_returns_401(self, auth_enabled_client):
|
||||
"""Requete LAN avec mauvais utilisateur -> 401."""
|
||||
resp = auth_enabled_client.get(
|
||||
"/api/v3/session/state",
|
||||
environ_base=_LAN_ENV,
|
||||
headers={"Authorization": _basic_auth_header("intruder", "secret-test-pwd")},
|
||||
)
|
||||
assert resp.status_code == 401
|
||||
|
||||
def test_lan_valid_credentials_pass(self, auth_enabled_client):
|
||||
"""Requete LAN avec bons creds -> PAS de 401 (auth franchie)."""
|
||||
resp = auth_enabled_client.get(
|
||||
"/api/v3/session/state",
|
||||
environ_base=_LAN_ENV,
|
||||
headers={"Authorization": _basic_auth_header("lea", "secret-test-pwd")},
|
||||
)
|
||||
assert resp.status_code != 401, (
|
||||
f"Bons creds doivent franchir l'auth (got {resp.status_code})"
|
||||
)
|
||||
|
||||
def test_lan_malformed_header_returns_401(self, auth_enabled_client):
|
||||
"""Requete LAN avec header mal forme (Bearer) -> 401."""
|
||||
resp = auth_enabled_client.get(
|
||||
"/api/v3/session/state",
|
||||
environ_base=_LAN_ENV,
|
||||
headers={"Authorization": "Bearer tototoken"},
|
||||
)
|
||||
assert resp.status_code == 401
|
||||
|
||||
def test_lan_health_is_public(self, auth_enabled_client):
|
||||
"""/health reste public meme en LAN (healthcheck externe)."""
|
||||
resp = auth_enabled_client.get("/health", environ_base=_LAN_ENV)
|
||||
assert resp.status_code == 200
|
||||
|
||||
def test_lan_options_preflight_not_blocked(self, auth_enabled_client):
|
||||
"""Preflight CORS (OPTIONS) en LAN -> pas de 401 (CORS preserve)."""
|
||||
resp = auth_enabled_client.open(
|
||||
"/api/v3/session/state", method="OPTIONS", environ_base=_LAN_ENV
|
||||
)
|
||||
assert resp.status_code != 401
|
||||
|
||||
def test_auth_disabled_bypass_lan(self, auth_disabled_client):
|
||||
"""DASHBOARD_AUTH_DISABLED=true -> LAN passe sans creds."""
|
||||
resp = auth_disabled_client.get(
|
||||
"/api/v3/session/state", environ_base=_LAN_ENV
|
||||
)
|
||||
assert resp.status_code != 401
|
||||
|
||||
def test_no_password_degraded_lan_passes(self, no_password_client):
|
||||
"""DASHBOARD_PASSWORD absent -> mode POC degrade : LAN passe (pas de crash)."""
|
||||
resp = no_password_client.get(
|
||||
"/api/v3/session/state", environ_base=_LAN_ENV
|
||||
)
|
||||
assert resp.status_code != 401
|
||||
|
||||
|
||||
@pytest.fixture(autouse=True)
|
||||
def _restore_module(monkeypatch):
|
||||
"""Restaure le module `app` en mode auth desactivee apres chaque test,
|
||||
pour ne pas contaminer les autres tests VWB (qui importent `app`)."""
|
||||
yield
|
||||
monkeypatch.setenv("DASHBOARD_AUTH_DISABLED", "true")
|
||||
monkeypatch.delenv("DASHBOARD_PASSWORD", raising=False)
|
||||
monkeypatch.delenv("DASHBOARD_USER", raising=False)
|
||||
if "app" in sys.modules:
|
||||
importlib.reload(sys.modules["app"])
|
||||
@@ -189,6 +189,20 @@ SESSIONS_PATH = DATA_PATH / "sessions"
|
||||
WORKFLOWS_PATH = DATA_PATH / "workflows"
|
||||
LOGS_PATH = BASE_PATH / "logs"
|
||||
|
||||
# Source canonique des workflows (décision produit D3) : la base VWB v3
|
||||
# (SQLAlchemy/SQLite) que Léa lit déjà au runtime. Chemin absolu robuste (PAS la
|
||||
# DB fantôme vide à la racine du repo `instance/workflows.db`, schéma obsolète,
|
||||
# ni l'ancien store JSON `data/training/workflows/` créé vide sur DGX).
|
||||
# Surchargeable via RPA_VWB_DB_PATH pour les déploiements atypiques.
|
||||
def _resolve_vwb_db_path() -> Path:
|
||||
override = os.getenv("RPA_VWB_DB_PATH", "").strip()
|
||||
if override:
|
||||
return Path(override).expanduser()
|
||||
return BASE_PATH / "visual_workflow_builder" / "backend" / "instance" / "workflows.db"
|
||||
|
||||
|
||||
VWB_DB_PATH = _resolve_vwb_db_path()
|
||||
|
||||
# StorageManager
|
||||
storage = StorageManager(base_path=str(DATA_PATH))
|
||||
|
||||
@@ -261,7 +275,9 @@ def system_status():
|
||||
"""Statut du système."""
|
||||
try:
|
||||
sessions_count = len(list(SESSIONS_PATH.glob('*'))) if SESSIONS_PATH.exists() else 0
|
||||
workflows_count = len(list(WORKFLOWS_PATH.glob('*.json'))) if WORKFLOWS_PATH.exists() else 0
|
||||
# Source canonique D3 : base VWB v3 (même comptage que /api/workflows),
|
||||
# pas l'ancien store JSON `data/training/workflows/` créé vide sur DGX.
|
||||
workflows_count = len(_load_workflows_from_vwb_db())
|
||||
|
||||
dependencies_ok = True
|
||||
try:
|
||||
@@ -296,8 +312,26 @@ def system_performance():
|
||||
faiss_metadata_path = DATA_PATH / "faiss_index" / "main.metadata"
|
||||
|
||||
if faiss_index_path.exists() and faiss_metadata_path.exists():
|
||||
fm = FAISSManager.load(faiss_index_path, faiss_metadata_path)
|
||||
faiss_stats = fm.get_stats()
|
||||
try:
|
||||
fm = FAISSManager.load(faiss_index_path, faiss_metadata_path)
|
||||
faiss_stats = fm.get_stats()
|
||||
faiss_stats.setdefault("status", "active")
|
||||
faiss_stats.setdefault("metadata_status", "valid")
|
||||
except Exception as e:
|
||||
faiss_stats = _read_raw_faiss_index_stats(faiss_index_path)
|
||||
faiss_stats.update({
|
||||
"status": "metadata_invalid",
|
||||
"metadata_status": "invalid",
|
||||
"metadata_error": str(e),
|
||||
"action_required": "re-sign-or-rebuild-faiss-metadata",
|
||||
})
|
||||
elif faiss_index_path.exists():
|
||||
faiss_stats = _read_raw_faiss_index_stats(faiss_index_path)
|
||||
faiss_stats.update({
|
||||
"status": "metadata_missing",
|
||||
"metadata_status": "missing",
|
||||
"action_required": "rebuild-faiss-metadata",
|
||||
})
|
||||
else:
|
||||
faiss_stats = {"total_vectors": 0, "status": "index_not_found"}
|
||||
except Exception as e:
|
||||
@@ -319,6 +353,26 @@ def system_performance():
|
||||
return jsonify({'error': str(e)}), 500
|
||||
|
||||
|
||||
def _read_raw_faiss_index_stats(index_path: Path) -> dict:
|
||||
"""Read non-authoritative FAISS stats when signed metadata cannot load."""
|
||||
try:
|
||||
import faiss
|
||||
index = faiss.read_index(str(index_path))
|
||||
return {
|
||||
"raw_index_available": True,
|
||||
"total_vectors": int(getattr(index, "ntotal", 0)),
|
||||
"dimensions": int(getattr(index, "d", 0)),
|
||||
"is_trained": bool(getattr(index, "is_trained", False)),
|
||||
"index_type": type(index).__name__.replace("Index", "") or "FAISS",
|
||||
}
|
||||
except Exception as e:
|
||||
return {
|
||||
"raw_index_available": False,
|
||||
"total_vectors": 0,
|
||||
"error": f"Index FAISS illisible: {e}",
|
||||
}
|
||||
|
||||
|
||||
@app.route('/api/system/faiss/test', methods=['POST'])
|
||||
def test_faiss_index():
|
||||
"""Teste l'index FAISS avec une recherche aléatoire."""
|
||||
@@ -785,36 +839,83 @@ def rename_session_workflow(session_id):
|
||||
# API Workflows
|
||||
# =============================================================================
|
||||
|
||||
def _load_workflows_from_vwb_db() -> list:
|
||||
"""Charge les workflows depuis la base VWB v3 (source canonique D3).
|
||||
|
||||
Lit directement le SQLite que Léa interroge au runtime (cf.
|
||||
`agent_chat/app.py` → `GET /api/v3/session/state`). On compte les `steps`
|
||||
par workflow pour `nodes_count` (pas de notion d'`edges` en DAG linéaire :
|
||||
`edges_count` = max(steps-1, 0)). Robuste à l'absence de la DB ou des
|
||||
colonnes `source`/`review_status` (DB ancienne) : retourne [] sans planter.
|
||||
"""
|
||||
import sqlite3
|
||||
|
||||
if not VWB_DB_PATH.exists():
|
||||
return []
|
||||
|
||||
workflows = []
|
||||
conn = sqlite3.connect(str(VWB_DB_PATH))
|
||||
try:
|
||||
conn.row_factory = sqlite3.Row
|
||||
# Colonnes disponibles (la DB fantôme/ancienne n'a pas source/review_status)
|
||||
cols = {row[1] for row in conn.execute("PRAGMA table_info(workflows)")}
|
||||
has_source = 'source' in cols
|
||||
has_review = 'review_status' in cols
|
||||
|
||||
select_cols = ['id', 'name', 'description', 'created_at', 'updated_at']
|
||||
if has_source:
|
||||
select_cols.append('source')
|
||||
if has_review:
|
||||
select_cols.append('review_status')
|
||||
|
||||
# Nombre de steps par workflow (= nodes du DAG)
|
||||
step_counts = {
|
||||
row[0]: row[1]
|
||||
for row in conn.execute(
|
||||
"SELECT workflow_id, COUNT(*) FROM steps GROUP BY workflow_id"
|
||||
)
|
||||
}
|
||||
|
||||
rows = conn.execute(
|
||||
f"SELECT {', '.join(select_cols)} FROM workflows ORDER BY updated_at DESC"
|
||||
).fetchall()
|
||||
|
||||
for row in rows:
|
||||
wf_id = row['id']
|
||||
nodes_count = step_counts.get(wf_id, 0)
|
||||
workflows.append({
|
||||
'workflow_id': wf_id,
|
||||
'name': row['name'] or wf_id,
|
||||
'description': row['description'] or '',
|
||||
'nodes_count': nodes_count,
|
||||
'edges_count': max(nodes_count - 1, 0),
|
||||
'learning_state': 'OBSERVATION',
|
||||
'created_at': str(row['created_at'] or ''),
|
||||
'updated_at': str(row['updated_at'] or ''),
|
||||
'execution_count': 0,
|
||||
'source': row['source'] if has_source else 'manual',
|
||||
'review_status': row['review_status'] if has_review else '',
|
||||
'file_path': f"vwb_db://{wf_id}",
|
||||
})
|
||||
finally:
|
||||
conn.close()
|
||||
|
||||
return workflows
|
||||
|
||||
|
||||
@app.route('/api/workflows')
|
||||
def list_workflows():
|
||||
"""Liste tous les workflows."""
|
||||
"""Liste tous les workflows depuis la base VWB v3 (source canonique D3).
|
||||
|
||||
Avant ce correctif, l'endpoint globait `data/training/workflows/*.json`
|
||||
(ancien store JSON, créé vide sur DGX) et renvoyait toujours `total: 0`,
|
||||
rendant la surface « ce que Léa sait » faussement vide. On lit désormais la
|
||||
même base SQLite que Léa au runtime.
|
||||
"""
|
||||
try:
|
||||
workflows = []
|
||||
hide_unnamed = request.args.get('hide_unnamed', 'true').lower() == 'true'
|
||||
|
||||
if not WORKFLOWS_PATH.exists():
|
||||
WORKFLOWS_PATH.mkdir(parents=True, exist_ok=True)
|
||||
return jsonify({'workflows': [], 'total': 0, 'hidden_unnamed': 0})
|
||||
|
||||
for wf_file in WORKFLOWS_PATH.glob('*.json'):
|
||||
try:
|
||||
with open(wf_file, 'r') as f:
|
||||
wf_data = json.load(f)
|
||||
|
||||
workflows.append({
|
||||
'workflow_id': wf_data.get('workflow_id', wf_file.stem),
|
||||
'name': wf_data.get('name', wf_file.stem),
|
||||
'description': wf_data.get('description', ''),
|
||||
'nodes_count': len(wf_data.get('nodes', [])),
|
||||
'edges_count': len(wf_data.get('edges', [])),
|
||||
'learning_state': wf_data.get('learning_state', 'OBSERVATION'),
|
||||
'created_at': wf_data.get('created_at', ''),
|
||||
'updated_at': wf_data.get('updated_at', ''),
|
||||
'execution_count': wf_data.get('execution_count', 0),
|
||||
'file_path': str(wf_file)
|
||||
})
|
||||
except Exception as e:
|
||||
print(f"Erreur lecture workflow {wf_file}: {e}")
|
||||
workflows = _load_workflows_from_vwb_db()
|
||||
|
||||
# Filtrer les workflows "Unnamed" si demandé
|
||||
if hide_unnamed:
|
||||
@@ -1970,19 +2071,83 @@ def import_config():
|
||||
# API Streaming - Proxy vers le serveur de streaming (port 5005)
|
||||
# =============================================================================
|
||||
|
||||
STREAMING_BASE_URL = 'http://localhost:5005/api/v1/traces/stream'
|
||||
def _normalize_streaming_base_url(raw_url: str) -> str:
|
||||
"""Normalise l'URL du serveur streaming vers le préfixe API attendu."""
|
||||
base = (raw_url or 'http://localhost:5005').strip().rstrip('/')
|
||||
if base.endswith('/api/v1/traces/stream'):
|
||||
return base
|
||||
if base.endswith('/api/v1/traces'):
|
||||
return f'{base}/stream'
|
||||
return f'{base}/api/v1/traces/stream'
|
||||
|
||||
|
||||
STREAMING_BASE_URL = _normalize_streaming_base_url(
|
||||
os.getenv('RPA_STREAMING_URL')
|
||||
or os.getenv('STREAMING_BASE_URL')
|
||||
or 'http://localhost:5005'
|
||||
)
|
||||
|
||||
|
||||
def _streaming_headers():
|
||||
headers = {'Accept': 'application/json'}
|
||||
token = os.getenv('RPA_API_TOKEN', '').strip()
|
||||
if token:
|
||||
headers['Authorization'] = f'Bearer {token}'
|
||||
return headers
|
||||
|
||||
|
||||
def _fetch_streaming_json(endpoint, query_string=''):
|
||||
import urllib.request
|
||||
|
||||
endpoint = endpoint.strip('/')
|
||||
url = f'{STREAMING_BASE_URL}/{endpoint}'
|
||||
if query_string:
|
||||
url = f'{url}?{query_string}'
|
||||
req = urllib.request.Request(url, headers=_streaming_headers())
|
||||
with urllib.request.urlopen(req, timeout=5) as response:
|
||||
return json.loads(response.read().decode())
|
||||
|
||||
|
||||
def _streaming_status_snapshot():
|
||||
"""Compat legacy dashboard: agrège les endpoints streaming qui existent."""
|
||||
snapshot = _fetch_streaming_json('stats')
|
||||
try:
|
||||
sessions = _fetch_streaming_json('sessions')
|
||||
snapshot['sessions'] = sessions.get('sessions', sessions if isinstance(sessions, list) else [])
|
||||
except Exception as exc:
|
||||
snapshot['sessions_error'] = str(exc)
|
||||
try:
|
||||
snapshot['processing'] = _fetch_streaming_json('processing/status')
|
||||
except Exception as exc:
|
||||
snapshot['processing_error'] = str(exc)
|
||||
try:
|
||||
replays = _fetch_streaming_json('replays')
|
||||
replay_items = replays.get('replays', []) if isinstance(replays, dict) else []
|
||||
snapshot['replay'] = next((r for r in replay_items if r.get('active')), None)
|
||||
snapshot['replays'] = replay_items
|
||||
except Exception as exc:
|
||||
snapshot['replay_error'] = str(exc)
|
||||
return snapshot
|
||||
|
||||
@app.route('/api/streaming/<path:endpoint>')
|
||||
def proxy_streaming(endpoint):
|
||||
"""Proxy vers le serveur de streaming pour éviter les problèmes CORS."""
|
||||
import urllib.request
|
||||
import urllib.error
|
||||
try:
|
||||
url = f'{STREAMING_BASE_URL}/{endpoint}'
|
||||
req = urllib.request.Request(url, headers={'Accept': 'application/json'})
|
||||
with urllib.request.urlopen(req, timeout=5) as response:
|
||||
data = json.loads(response.read().decode())
|
||||
clean_endpoint = endpoint.strip('/')
|
||||
if clean_endpoint == 'status':
|
||||
data = _streaming_status_snapshot()
|
||||
else:
|
||||
query_string = request.query_string.decode('utf-8')
|
||||
data = _fetch_streaming_json(clean_endpoint, query_string)
|
||||
return jsonify(data)
|
||||
return jsonify(data)
|
||||
except urllib.error.HTTPError as e:
|
||||
try:
|
||||
payload = json.loads(e.read().decode())
|
||||
except Exception:
|
||||
payload = {'error': e.reason}
|
||||
return jsonify(payload), e.code
|
||||
except urllib.error.URLError as e:
|
||||
return jsonify({'error': f'Serveur streaming inaccessible: {e}'}), 502
|
||||
except Exception as e:
|
||||
@@ -2054,8 +2219,33 @@ def proxy_fleet(endpoint):
|
||||
# Fleet — Téléchargement du ZIP installeur pré-configuré
|
||||
# =============================================================================
|
||||
|
||||
# Chemin du ZIP template Léa
|
||||
_LEA_ZIP_TEMPLATE = BASE_PATH / "deploy" / "Lea_v1.0.0.zip"
|
||||
# Chemin du ZIP template Léa.
|
||||
# ZIP COMPLET autoportant (runtime Python embedded inclus + source à jour) :
|
||||
# l'utilisateur dézippe puis double-clique Lea.bat, sans Python système ni UAC.
|
||||
# Construit par deploy/build_package_full.sh. Le placeholder Lea/config.txt
|
||||
# (CONFIGURE_ME) est remplacé à la volée par download_agent_package().
|
||||
# Fallback historique vers l'ancien ZIP léger (sources seules, suppose Python
|
||||
# système) uniquement s'il existe et que le complet est absent — pour ne pas
|
||||
# casser un environnement où le complet n'a pas encore été buildé.
|
||||
_LEA_ZIP_TEMPLATE_FULL = BASE_PATH / "deploy" / "build" / "Lea_full_v1.0.1.zip"
|
||||
_LEA_ZIP_TEMPLATE_LEGACY = BASE_PATH / "deploy" / "Lea_v1.0.0.zip"
|
||||
|
||||
|
||||
def _resolve_lea_zip_template():
|
||||
"""Résout le ZIP à servir, à la volée (le complet peut être buildé
|
||||
après le démarrage du dashboard). Préfère le ZIP complet autoportant ;
|
||||
retombe sur l'ancien ZIP léger uniquement s'il existe.
|
||||
Retourne None si aucun template n'est présent.
|
||||
"""
|
||||
if _LEA_ZIP_TEMPLATE_FULL.exists():
|
||||
return _LEA_ZIP_TEMPLATE_FULL
|
||||
if _LEA_ZIP_TEMPLATE_LEGACY.exists():
|
||||
return _LEA_ZIP_TEMPLATE_LEGACY
|
||||
return None
|
||||
|
||||
|
||||
# Compat : référence statique conservée pour le code/log historique.
|
||||
_LEA_ZIP_TEMPLATE = _resolve_lea_zip_template() or _LEA_ZIP_TEMPLATE_FULL
|
||||
|
||||
# URL publique du serveur (env ou fallback)
|
||||
_RPA_PUBLIC_URL = os.getenv(
|
||||
@@ -2083,6 +2273,33 @@ def _extract_host(url: str) -> str:
|
||||
_RPA_PUBLIC_HOST = _extract_host(_RPA_PUBLIC_URL)
|
||||
|
||||
|
||||
def _resolve_public_server_url() -> str:
|
||||
"""URL publique du serveur Léa pour l'enrôlement (config.txt des agents).
|
||||
|
||||
Priorité :
|
||||
1. system_config.json → services.streaming.{host,port} (édité dans le dashboard)
|
||||
2. variables d'env RPA_PUBLIC_URL / RPA_SERVER_URL
|
||||
3. défaut historique
|
||||
|
||||
Un host vide ou loopback dans la config = « non configuré » : on retombe sur
|
||||
l'env pour ne pas régresser un déploiement qui pilote l'URL par l'environnement.
|
||||
Toujours normalisée pour se terminer par /api/v1.
|
||||
"""
|
||||
_NON_ROUTABLE = {"", "localhost", "127.0.0.1", "0.0.0.0", "configure_me"}
|
||||
try:
|
||||
streaming = (load_system_config().get("services") or {}).get("streaming") or {}
|
||||
host = str(streaming.get("host") or "").strip()
|
||||
if host.lower() not in _NON_ROUTABLE:
|
||||
port = streaming.get("port") or 5005
|
||||
return _normalize_server_url(f"http://{host}:{port}")
|
||||
except Exception as exc: # config illisible → ne jamais casser l'enrôlement
|
||||
api_logger.warning(f"Résolution URL via system_config échouée: {exc}")
|
||||
env_url = os.getenv("RPA_PUBLIC_URL") or os.getenv("RPA_SERVER_URL")
|
||||
if env_url:
|
||||
return _normalize_server_url(env_url)
|
||||
return _normalize_server_url("https://lea.labs.laurinebazin.design")
|
||||
|
||||
|
||||
def _fetch_fleet_agent(machine_id: str):
|
||||
"""Récupère un agent depuis le serveur streaming (5005).
|
||||
|
||||
@@ -2119,7 +2336,7 @@ def _build_custom_config(machine_id: str, user_name: str, token: str) -> str:
|
||||
Le host est extrait proprement via urlparse (sans schema/port/path).
|
||||
"""
|
||||
now = datetime.now().strftime("%Y-%m-%d %H:%M")
|
||||
server_url = _normalize_server_url(_RPA_PUBLIC_URL)
|
||||
server_url = _resolve_public_server_url()
|
||||
|
||||
return f"""\
|
||||
# ============================================================
|
||||
@@ -2164,17 +2381,23 @@ def download_agent_package(machine_id):
|
||||
"""Génère et sert un ZIP Léa pré-configuré pour ce machine_id.
|
||||
|
||||
- Vérifie que le machine_id est enregistré et actif dans la fleet.
|
||||
- Lit le ZIP template (deploy/Lea_v1.0.0.zip).
|
||||
- Remplace config.txt par une version personnalisée.
|
||||
- Lit le ZIP template complet autoportant (deploy/build/Lea_full_v*.zip),
|
||||
avec fallback sur l'ancien ZIP léger (deploy/Lea_v1.0.0.zip) s'il est seul.
|
||||
- Remplace Lea/config.txt par une version personnalisée.
|
||||
- Renvoie le ZIP modifié en téléchargement (tout en mémoire).
|
||||
"""
|
||||
# Sécurité : l'auth Basic est déjà gérée par before_request
|
||||
|
||||
# 1. Vérifier que le ZIP template existe
|
||||
if not _LEA_ZIP_TEMPLATE.exists():
|
||||
# 1. Résoudre + vérifier que le ZIP template existe (à la volée)
|
||||
zip_template = _resolve_lea_zip_template()
|
||||
if zip_template is None:
|
||||
return jsonify({
|
||||
'error': 'ZIP template introuvable',
|
||||
'detail': f'{_LEA_ZIP_TEMPLATE} absent — exécuter deploy/build_package.sh',
|
||||
'detail': (
|
||||
f'Ni {_LEA_ZIP_TEMPLATE_FULL} ni {_LEA_ZIP_TEMPLATE_LEGACY} '
|
||||
'présents — exécuter deploy/build_package_full.sh (ZIP complet '
|
||||
'autoportant) ou deploy/build_package.sh (ZIP léger).'
|
||||
),
|
||||
}), 500
|
||||
|
||||
# 2. Vérifier que le machine_id est enregistré
|
||||
@@ -2195,7 +2418,7 @@ def download_agent_package(machine_id):
|
||||
# 5. Créer le ZIP personnalisé en mémoire
|
||||
output_buffer = io.BytesIO()
|
||||
try:
|
||||
with zipfile.ZipFile(_LEA_ZIP_TEMPLATE, 'r') as src_zip:
|
||||
with zipfile.ZipFile(zip_template, 'r') as src_zip:
|
||||
with zipfile.ZipFile(output_buffer, 'w', zipfile.ZIP_DEFLATED) as dst_zip:
|
||||
for item in src_zip.infolist():
|
||||
if item.filename == 'Lea/config.txt':
|
||||
@@ -2207,7 +2430,7 @@ def download_agent_package(machine_id):
|
||||
except zipfile.BadZipFile:
|
||||
return jsonify({
|
||||
'error': 'ZIP template corrompu',
|
||||
'detail': f'{_LEA_ZIP_TEMPLATE} n\'est pas un ZIP valide.',
|
||||
'detail': f'{zip_template} n\'est pas un ZIP valide.',
|
||||
}), 500
|
||||
|
||||
output_buffer.seek(0)
|
||||
@@ -2273,10 +2496,17 @@ def process_mining_discover():
|
||||
load_jsonl_session,
|
||||
PM4PY_AVAILABLE,
|
||||
)
|
||||
except ImportError:
|
||||
except ImportError as exc:
|
||||
missing = getattr(exc, "name", None) or str(exc)
|
||||
return jsonify({
|
||||
'error': "Module d'analyse non disponible",
|
||||
'detail': "Le module core.analytics.process_mining_bridge est introuvable.",
|
||||
'detail': (
|
||||
"Dépendance analytics manquante pendant l'import du bridge "
|
||||
f"({missing}). Installer le bundle process-mining dans le venv DGX "
|
||||
"avant de générer la cartographie."
|
||||
),
|
||||
'missing_dependency': missing,
|
||||
'action_required': "install-process-mining-dependencies",
|
||||
}), 503
|
||||
|
||||
if not PM4PY_AVAILABLE:
|
||||
|
||||
@@ -1392,7 +1392,13 @@
|
||||
|
||||
// Status indicator
|
||||
const faissStatusEl = document.getElementById('faissStatus');
|
||||
if (faiss.error) {
|
||||
if (faiss.status === 'metadata_invalid') {
|
||||
faissStatusEl.textContent = '⚠️';
|
||||
faissStatusEl.title = 'Index brut présent, métadonnées invalides';
|
||||
} else if (faiss.status === 'metadata_missing') {
|
||||
faissStatusEl.textContent = '⚠️';
|
||||
faissStatusEl.title = 'Index brut présent, métadonnées absentes';
|
||||
} else if (faiss.error) {
|
||||
faissStatusEl.textContent = '❌';
|
||||
faissStatusEl.title = faiss.error;
|
||||
} else if (faiss.status === 'index_not_found') {
|
||||
@@ -1419,6 +1425,8 @@
|
||||
if (faiss.nlist) details.push(`nlist: ${faiss.nlist}`);
|
||||
if (faiss.nprobe) details.push(`nprobe: ${faiss.nprobe}`);
|
||||
if (faiss.metadata_count) details.push(`Métadonnées: ${faiss.metadata_count}`);
|
||||
if (faiss.metadata_status) details.push(`Metadata: ${faiss.metadata_status}`);
|
||||
if (faiss.metadata_error) details.push(`Metadata error: ${faiss.metadata_error}`);
|
||||
document.getElementById('faissDetails').textContent = details.length > 0 ?
|
||||
details.join(' • ') : (faiss.error || faiss.status || 'Aucune info disponible');
|
||||
|
||||
@@ -1434,6 +1442,12 @@
|
||||
if (faiss.status === 'index_not_found') {
|
||||
recommendations.push('📝 Traitez des sessions pour créer l\'index FAISS');
|
||||
}
|
||||
if (faiss.status === 'metadata_invalid') {
|
||||
recommendations.push('⚠️ Index brut présent mais métadonnées invalides : re-signer ou régénérer les métadonnées FAISS');
|
||||
}
|
||||
if (faiss.status === 'metadata_missing') {
|
||||
recommendations.push('⚠️ Index brut présent sans métadonnées : reconstruire les métadonnées FAISS');
|
||||
}
|
||||
if (recommendations.length > 0) {
|
||||
recoEl.innerHTML = recommendations.join('<br>');
|
||||
recoEl.style.display = 'block';
|
||||
@@ -2276,7 +2290,7 @@
|
||||
: '<span style="display:inline-block;padding:3px 10px;border-radius:12px;font-size:11px;font-weight:600;background:rgba(100,116,139,0.15);color:#64748b;">révoqué</span>';
|
||||
|
||||
const downloadBtn = isActive
|
||||
? `<a href="/api/fleet/download/${encodeURIComponent(agent.machine_id)}" class="btn btn-primary btn-small" style="text-decoration:none;font-size:11px;" title="Télécharger l'installeur pré-configuré">📥</a>`
|
||||
? `<a href="/api/fleet/download/${encodeURIComponent(agent.machine_id)}" class="btn btn-primary btn-small" style="text-decoration:none;font-size:11px;" title="Télécharger Léa (installation autonome, sans Python — dézipper puis double-cliquer Lea.bat)">📥</a>`
|
||||
: `<span style="font-size:16px;color:#475569;cursor:not-allowed;opacity:0.4;" title="Agent révoqué — installeur indisponible">📥</span>`;
|
||||
|
||||
return `<tr style="border-bottom:1px solid #334155;">
|
||||
@@ -2818,10 +2832,29 @@
|
||||
const detailsEl = document.getElementById('streamServerDetails');
|
||||
|
||||
try {
|
||||
const data = await fetchJSON(`${STREAMING_BASE}/stats`);
|
||||
const [data, processing] = await Promise.all([
|
||||
fetchJSON(`${STREAMING_BASE}/stats`),
|
||||
fetchJSON(`${STREAMING_BASE}/processing/status`).catch(e => ({error: e.message}))
|
||||
]);
|
||||
|
||||
statusEl.innerHTML = '<span style="color:#22c55e;">✅</span>';
|
||||
statusEl.title = 'Serveur streaming en ligne';
|
||||
const processingReady = processing && processing.processing_ready === true;
|
||||
// « En veille » (armé/lazy) ≠ « dégradé » : un worker neuf sans
|
||||
// session a tous ses composants à false par design (chargement à la
|
||||
// 1re session), ce n'est PAS une panne. Seul status==='degraded'
|
||||
// (init tentée et en échec) est une vraie alerte.
|
||||
const processingArmed = processing && (processing.armed === true || processing.status === 'idle');
|
||||
const processingDegraded = processing && !processing.error && processing.status === 'degraded';
|
||||
const statusHint = (processing && processing.status_hint) || '';
|
||||
statusEl.innerHTML = processingDegraded
|
||||
? '<span style="color:#f59e0b;">⚠️</span>'
|
||||
: processingArmed
|
||||
? '<span style="color:#3b82f6;">⏸️</span>'
|
||||
: '<span style="color:#22c55e;">✅</span>';
|
||||
statusEl.title = processingDegraded
|
||||
? `Streaming en ligne, worker apprentissage dégradé${statusHint ? ' — ' + statusHint : ''}`
|
||||
: processingArmed
|
||||
? `Streaming en ligne, worker en veille${statusHint ? ' — ' + statusHint : ''}`
|
||||
: 'Serveur streaming en ligne';
|
||||
|
||||
document.getElementById('streamActiveSessions').textContent = data.active_sessions || 0;
|
||||
document.getElementById('streamTotalEvents').textContent = data.total_events || 0;
|
||||
@@ -2837,6 +2870,31 @@
|
||||
if (data.events_per_second !== undefined) rows.push({label: 'Événements/sec', value: (data.events_per_second || 0).toFixed(2)});
|
||||
if (data.memory_usage_mb !== undefined) rows.push({label: 'Mémoire utilisée', value: Math.round(data.memory_usage_mb) + ' MB'});
|
||||
if (data.server_version) rows.push({label: 'Version serveur', value: data.server_version});
|
||||
if (processing && !processing.error) {
|
||||
const status = processing.status || 'unknown';
|
||||
const workerIcon = processingReady ? '✅' : (processingArmed ? '⏸️' : '⚠️');
|
||||
rows.push({
|
||||
label: 'Worker apprentissage',
|
||||
value: `${workerIcon} ${status}`
|
||||
});
|
||||
rows.push({
|
||||
label: 'Composants intelligence',
|
||||
value: processing.components_ready
|
||||
? 'prêts'
|
||||
: (processingArmed ? 'en veille (chargés à la 1re session)' : 'non prêts')
|
||||
});
|
||||
if (statusHint) {
|
||||
rows.push({label: 'Détail worker', value: statusHint});
|
||||
}
|
||||
if (processing.queue_length !== undefined) {
|
||||
rows.push({label: 'Queue apprentissage', value: processing.queue_length});
|
||||
}
|
||||
if (processing.last_cycle) {
|
||||
rows.push({label: 'Dernier cycle worker', value: new Date(processing.last_cycle).toLocaleString('fr-FR')});
|
||||
}
|
||||
} else if (processing && processing.error) {
|
||||
rows.push({label: 'Worker apprentissage', value: `❌ ${processing.error}`});
|
||||
}
|
||||
|
||||
if (rows.length === 0) {
|
||||
// Afficher les données brutes si les clés attendues ne sont pas présentes
|
||||
|
||||
Reference in New Issue
Block a user