fix: QA findings — GRACE contracts for _get_verify, fix _llm_http.py structure

- Added #region/#endregion contracts with @RATIONALE/@REJECTED to
  _get_verify() in both translate plugins (P1 HIGH, P2 MEDIUM)
- Removed orphaned duplicates #endregion in _llm_http.py (P1 HIGH, P6 HIGH)
This commit is contained in:
2026-05-29 11:10:11 +03:00
parent 8ecea09222
commit d294e0295b
2 changed files with 20 additions and 17 deletions

View File

@@ -18,18 +18,21 @@ from typing import Any
from ...core.logger import logger
# #region _get_verify [C:1] [TYPE Function] [SEMANTICS translate, ssl, verify]
# @BRIEF Resolve SSL verification path from LLM_SSL_VERIFY env var.
# @RATIONALE Используем capath=/etc/ssl/certs/ вместо cafile, потому что
# OpenSSL 3.x не использует intermediate CA сертификаты из cafile для
# построения цепочки (verify code 20). capath с хеш-симлинками работает
# корректно (verify code 0).
# @REJECTED cafile отвергнут — OpenSSL 3.x не использует intermediate CA
# из единого bundle-файла. Только capath с хеш-симлинками даёт code 0.
# @POST Returns path to /etc/ssl/certs/ when enabled, False when disabled.
def _get_verify() -> str | bool:
"""Resolve SSL verify from LLM_SSL_VERIFY env var.
Returns:
- Path to system CA directory when verification enabled
(uses capath, not cafile — OpenSSL 3.x ignores intermediates in cafile)
- False when LLM_SSL_VERIFY is set to false/0/no/off
"""
raw = os.getenv("LLM_SSL_VERIFY", "true").strip().lower()
if raw in ("false", "0", "no", "off"):
return False
return "/etc/ssl/certs/"
# #endregion _get_verify
# #region call_openai_compatible [C:3] [TYPE Function] [SEMANTICS translate, llm, http, openai]
@@ -200,7 +203,4 @@ def _handle_response_format_fallback(
response.encoding = new_response.encoding
response.headers = new_response.headers
# #endregion _handle_response_format_fallback
# #endregion LLMHttpClient
response.headers = new_response.headers
# #endregion _handle_response_format_fallback
# #endregion LLMHttpClient

View File

@@ -10,18 +10,21 @@ from typing import Any
from ...core.logger import logger
# #region _get_verify [C:1] [TYPE Function] [SEMANTICS translate, ssl, verify]
# @BRIEF Resolve SSL verification path from LLM_SSL_VERIFY env var.
# @RATIONALE Используем capath=/etc/ssl/certs/ вместо cafile, потому что
# OpenSSL 3.x не использует intermediate CA сертификаты из cafile для
# построения цепочки (verify code 20). capath с хеш-симлинками работает
# корректно (verify code 0).
# @REJECTED cafile отвергнут — OpenSSL 3.x не использует intermediate CA
# из единого bundle-файла. Только capath с хеш-симлинками даёт code 0.
# @POST Returns path to /etc/ssl/certs/ when enabled, False when disabled.
def _get_verify() -> str | bool:
"""Resolve SSL verify from LLM_SSL_VERIFY env var.
Returns:
- Path to system CA directory when verification enabled
(uses capath, not cafile — OpenSSL 3.x ignores intermediates in cafile)
- False when LLM_SSL_VERIFY is set to false/0/no/off
"""
raw = os.getenv("LLM_SSL_VERIFY", "true").strip().lower()
if raw in ("false", "0", "no", "off"):
return False
return "/etc/ssl/certs/"
# #endregion _get_verify
class LLMClient: