fix: QA findings — GRACE contracts for _get_verify, fix _llm_http.py structure
- Added #region/#endregion contracts with @RATIONALE/@REJECTED to _get_verify() in both translate plugins (P1 HIGH, P2 MEDIUM) - Removed orphaned duplicates #endregion in _llm_http.py (P1 HIGH, P6 HIGH)
This commit is contained in:
@@ -18,18 +18,21 @@ from typing import Any
|
||||
from ...core.logger import logger
|
||||
|
||||
|
||||
# #region _get_verify [C:1] [TYPE Function] [SEMANTICS translate, ssl, verify]
|
||||
# @BRIEF Resolve SSL verification path from LLM_SSL_VERIFY env var.
|
||||
# @RATIONALE Используем capath=/etc/ssl/certs/ вместо cafile, потому что
|
||||
# OpenSSL 3.x не использует intermediate CA сертификаты из cafile для
|
||||
# построения цепочки (verify code 20). capath с хеш-симлинками работает
|
||||
# корректно (verify code 0).
|
||||
# @REJECTED cafile отвергнут — OpenSSL 3.x не использует intermediate CA
|
||||
# из единого bundle-файла. Только capath с хеш-симлинками даёт code 0.
|
||||
# @POST Returns path to /etc/ssl/certs/ when enabled, False when disabled.
|
||||
def _get_verify() -> str | bool:
|
||||
"""Resolve SSL verify from LLM_SSL_VERIFY env var.
|
||||
|
||||
Returns:
|
||||
- Path to system CA directory when verification enabled
|
||||
(uses capath, not cafile — OpenSSL 3.x ignores intermediates in cafile)
|
||||
- False when LLM_SSL_VERIFY is set to false/0/no/off
|
||||
"""
|
||||
raw = os.getenv("LLM_SSL_VERIFY", "true").strip().lower()
|
||||
if raw in ("false", "0", "no", "off"):
|
||||
return False
|
||||
return "/etc/ssl/certs/"
|
||||
# #endregion _get_verify
|
||||
|
||||
|
||||
# #region call_openai_compatible [C:3] [TYPE Function] [SEMANTICS translate, llm, http, openai]
|
||||
@@ -200,7 +203,4 @@ def _handle_response_format_fallback(
|
||||
response.encoding = new_response.encoding
|
||||
response.headers = new_response.headers
|
||||
# #endregion _handle_response_format_fallback
|
||||
# #endregion LLMHttpClient
|
||||
response.headers = new_response.headers
|
||||
# #endregion _handle_response_format_fallback
|
||||
# #endregion LLMHttpClient
|
||||
|
||||
@@ -10,18 +10,21 @@ from typing import Any
|
||||
from ...core.logger import logger
|
||||
|
||||
|
||||
# #region _get_verify [C:1] [TYPE Function] [SEMANTICS translate, ssl, verify]
|
||||
# @BRIEF Resolve SSL verification path from LLM_SSL_VERIFY env var.
|
||||
# @RATIONALE Используем capath=/etc/ssl/certs/ вместо cafile, потому что
|
||||
# OpenSSL 3.x не использует intermediate CA сертификаты из cafile для
|
||||
# построения цепочки (verify code 20). capath с хеш-симлинками работает
|
||||
# корректно (verify code 0).
|
||||
# @REJECTED cafile отвергнут — OpenSSL 3.x не использует intermediate CA
|
||||
# из единого bundle-файла. Только capath с хеш-симлинками даёт code 0.
|
||||
# @POST Returns path to /etc/ssl/certs/ when enabled, False when disabled.
|
||||
def _get_verify() -> str | bool:
|
||||
"""Resolve SSL verify from LLM_SSL_VERIFY env var.
|
||||
|
||||
Returns:
|
||||
- Path to system CA directory when verification enabled
|
||||
(uses capath, not cafile — OpenSSL 3.x ignores intermediates in cafile)
|
||||
- False when LLM_SSL_VERIFY is set to false/0/no/off
|
||||
"""
|
||||
raw = os.getenv("LLM_SSL_VERIFY", "true").strip().lower()
|
||||
if raw in ("false", "0", "no", "off"):
|
||||
return False
|
||||
return "/etc/ssl/certs/"
|
||||
# #endregion _get_verify
|
||||
|
||||
|
||||
class LLMClient:
|
||||
|
||||
Reference in New Issue
Block a user