devsquad 3.6.0__py3-none-any.whl

scripts/collaboration/input_validator.py

@@ -0,0 +1,401 @@
+"""
+Input Validator — 输入验证模块
+
+提供任务描述和用户输入的验证功能，防止恶意输入和过长内容。
+
+Author: DevSquad Team
+Version: 3.6.0
+"""
+
+import re
+import unicodedata
+from typing import Dict, List, Optional
+from dataclasses import dataclass
+
+
+@dataclass
+class ValidationResult:
+    """验证结果"""
+    valid: bool
+    reason: Optional[str] = None
+    sanitized_input: Optional[str] = None
+
+
+class InputValidator:
+    """
+    输入验证器
+    
+    功能：
+    1. 长度验证：防止过长的任务描述
+    2. 内容过滤：检测和阻止恶意模式
+    3. 字符验证：确保输入为有效的 UTF-8 文本
+    4. 输入清理：移除危险字符和模式
+    """
+    
+    # 配置常量
+    MAX_TASK_LENGTH = 10000  # 最大任务描述长度（字符）
+    MIN_TASK_LENGTH = 5      # 最小任务描述长度（字符）
+    MAX_ROLE_COUNT = 10      # 最大角色数量
+    
+    # 危险模式（正则表达式）
+    FORBIDDEN_PATTERNS = [
+        # XSS 攻击模式
+        r"<script[^>]*>.*?</script>",
+        r"javascript:",
+        r"onerror\s*=",
+        r"onload\s*=",
+        
+        # SQL 注入模式
+        r";\s*DROP\s+TABLE",
+        r";\s*DELETE\s+FROM",
+        r"UNION\s+SELECT",
+        
+        # 命令注入模式
+        r"\$\(.*?\)",
+        r"`.*?`",
+        r"&&\s*rm\s+-rf",
+        
+        # HTML 注入
+        r"<iframe[^>]*>",
+        r"<embed[^>]*>",
+        r"<object[^>]*>",
+        
+        # 数据 URI（可能包含恶意内容）
+        r"data:text/html",
+        r"data:application/",
+    ]
+    
+    # 可疑模式（警告但不阻止）
+    SUSPICIOUS_PATTERNS = [
+        r"eval\s*\(",
+        r"exec\s*\(",
+        r"__import__",
+        r"subprocess",
+        r"os\.system",
+    ]
+
+    PROMPT_INJECTION_PATTERNS = [
+        r"ignore\s+(all\s+)?previous\s+(instructions?|prompts?|rules?)",
+        r"forget\s+(all\s+)?previous\s+(instructions?|context)",
+        r"disregard\s+(all\s+)?(previous|above|prior)",
+        r"you\s+are\s+now\s+(?:a\s+)?(?:different|new|admin|root|system)\s+(?:role|user|agent|persona)",
+        r"new\s+instructions?\s*:",
+        r"override\s+(all\s+)?(?:previous|existing|current)\s+(?:instructions?|rules?|settings?)",
+        r"system\s*prompt\s*:",
+        r"pretend\s+(you\s+are|to\s+be)\s+",
+        r"act\s+as\s+if\s+you\s+(are|were)\s+",
+        r"jailbreak",
+        r"DAN\s+(mode|prompt)",
+        r"developer\s+mode",
+        r"sudo\s+mode",
+        r"reveal\s+(your|the|system)\s+(instructions?|prompt|rules?)",
+        r"show\s+me\s+(your|the|system)\s+(instructions?|prompt|rules?)",
+        r"what\s+(are|is)\s+(your|the)\s+(system|initial|original)\s+(instructions?|prompt)",
+        r"忽略\s*(之前的|上面的|先前的)?\s*(指令|指示|规则|提示)",
+        r"忘记\s*(之前的|上面的|先前的)?\s*(指令|上下文|内容)",
+        r"假装\s*(你是|你是一个)",
+        r"扮演\s*(管理员|root|系统|超级用户)",
+        r"前の指示を無視",
+    ]
+    
+    def __init__(
+        self,
+        max_length: int = MAX_TASK_LENGTH,
+        min_length: int = MIN_TASK_LENGTH,
+        strict_mode: bool = True
+    ):
+        """
+        初始化验证器
+        
+        Args:
+            max_length: 最大任务长度
+            min_length: 最小任务长度
+            strict_mode: 严格模式（检测到可疑模式也拒绝）
+        """
+        self.max_length = max_length
+        self.min_length = min_length
+        self.strict_mode = strict_mode
+        
+        # 编译正则表达式（提高性能）
+        self._forbidden_regex = [
+            re.compile(pattern, re.IGNORECASE | re.DOTALL)
+            for pattern in self.FORBIDDEN_PATTERNS
+        ]
+        self._suspicious_regex = [
+            re.compile(pattern, re.IGNORECASE)
+            for pattern in self.SUSPICIOUS_PATTERNS
+        ]
+        self._injection_regex = [
+            re.compile(pattern, re.IGNORECASE)
+            for pattern in self.PROMPT_INJECTION_PATTERNS
+        ]
+    
+    RULE_COMMAND_PATTERNS = [
+        re.compile(r"^(?:列出|查看|显示).*(?:规则|规范)$"),
+        re.compile(r"^(?:list|show|display)\s+(?:rules?|norms?)$", re.IGNORECASE),
+        re.compile(r"^(?:ルール|規範)(?:一覧|確認)$"),
+        re.compile(r"^(?:删除|移除).*(?:规则|RULE)"),
+        re.compile(r"^(?:delete|remove)\s+(?:rule|RULE)", re.IGNORECASE),
+    ]
+
+    def validate_task(self, task: str) -> ValidationResult:
+        """
+        验证任务描述
+        
+        Args:
+            task: 任务描述字符串
+            
+        Returns:
+            ValidationResult: 验证结果
+        """
+        # 1. 类型检查
+        if not isinstance(task, str):
+            return ValidationResult(
+                valid=False,
+                reason=f"Task must be a string, got {type(task).__name__}"
+            )
+        
+        # 2. 长度检查
+        task_length = len(task)
+        is_rule_command = any(p.search(task) for p in self.RULE_COMMAND_PATTERNS)
+        if task_length < self.min_length and not is_rule_command:
+            return ValidationResult(
+                valid=False,
+                reason=f"Task too short (min {self.min_length} chars, got {task_length})"
+            )
+        
+        if task_length > self.max_length:
+            return ValidationResult(
+                valid=False,
+                reason=f"Task too long (max {self.max_length} chars, got {task_length})"
+            )
+        
+        # 3. 空白检查
+        if not task.strip():
+            return ValidationResult(
+                valid=False,
+                reason="Task cannot be empty or whitespace only"
+            )
+
+        # 3.5 Unicode 规范化 + 零宽字符移除
+        task_normalized = unicodedata.normalize('NFKC', task)
+        task_normalized = re.sub(r'[\u200b-\u200f\u2028-\u202f\ufeff]', '', task_normalized)
+        
+        # 4. 字符编码检查
+        try:
+            task.encode('utf-8')
+        except UnicodeEncodeError as e:
+            return ValidationResult(
+                valid=False,
+                reason=f"Invalid UTF-8 encoding: {e}"
+            )
+        
+        # 5. 危险模式检查（使用规范化文本）
+        for regex in self._forbidden_regex:
+            match = regex.search(task_normalized)
+            if match:
+                return ValidationResult(
+                    valid=False,
+                    reason="Input contains forbidden content"
+                )
+
+        # 6. Prompt 注入检测（使用规范化文本）
+        injection_detected = []
+        for regex in self._injection_regex:
+            match = regex.search(task_normalized)
+            if match:
+                injection_detected.append(match.group(0))
+
+        if injection_detected:
+            if self.strict_mode:
+                return ValidationResult(
+                    valid=False,
+                    reason="Input contains potentially harmful content"
+                )
+
+        # 7. 可疑模式检查（严格模式）
+        if self.strict_mode:
+            for regex in self._suspicious_regex:
+                match = regex.search(task_normalized)
+                if match:
+                    return ValidationResult(
+                        valid=False,
+                        reason=f"Suspicious pattern detected (strict mode): {match.group(0)}"
+                    )
+
+        sanitized = self._sanitize_input(task_normalized)
+        
+        return ValidationResult(
+            valid=True,
+            sanitized_input=sanitized
+        )
+    
+    def validate_roles(self, roles: List[str]) -> ValidationResult:
+        """
+        验证角色列表
+        
+        Args:
+            roles: 角色 ID 列表
+            
+        Returns:
+            ValidationResult: 验证结果
+        """
+        # 1. 类型检查
+        if not isinstance(roles, list):
+            return ValidationResult(
+                valid=False,
+                reason=f"Roles must be a list, got {type(roles).__name__}"
+            )
+        
+        # 2. 数量检查
+        if len(roles) > self.MAX_ROLE_COUNT:
+            return ValidationResult(
+                valid=False,
+                reason=f"Too many roles (max {self.MAX_ROLE_COUNT}, got {len(roles)})"
+            )
+        
+        # 3. 空列表检查
+        if not roles:
+            return ValidationResult(
+                valid=False,
+                reason="Roles list cannot be empty"
+            )
+        
+        # 4. 每个角色的验证
+        for role in roles:
+            if not isinstance(role, str):
+                return ValidationResult(
+                    valid=False,
+                    reason=f"Role must be a string, got {type(role).__name__}"
+                )
+            
+            if not role.strip():
+                return ValidationResult(
+                    valid=False,
+                    reason="Role cannot be empty or whitespace only"
+                )
+            
+            # 角色 ID 只能包含字母、数字、连字符和下划线
+            if not re.match(r'^[a-zA-Z0-9_-]+$', role):
+                return ValidationResult(
+                    valid=False,
+                    reason=f"Invalid role ID: {role} (only alphanumeric, -, _ allowed)"
+                )
+        
+        return ValidationResult(valid=True)
+    
+    def _sanitize_input(self, text: str) -> str:
+        """
+        清理输入文本
+        
+        移除或转义潜在危险的字符和模式
+        
+        Args:
+            text: 原始文本
+            
+        Returns:
+            str: 清理后的文本
+        """
+        # 1. 移除控制字符（保留换行和制表符）
+        sanitized = re.sub(r'[\x00-\x08\x0B\x0C\x0E-\x1F\x7F]', '', text)
+        
+        # 2. 规范化空白字符
+        sanitized = re.sub(r'[^\S\n]+', ' ', sanitized)
+        
+        # 3. 移除前后空白
+        sanitized = sanitized.strip()
+        
+        return sanitized
+    
+    def check_suspicious_patterns(self, task: str) -> List[str]:
+        """
+        检查可疑模式（不阻止，仅警告）
+
+        Args:
+            task: 任务描述
+
+        Returns:
+            List[str]: 检测到的可疑模式列表
+        """
+        warnings = []
+        task_normalized = unicodedata.normalize('NFKC', task)
+        task_normalized = re.sub(r'[\u200b-\u200f\u2028-\u202f\ufeff]', '', task_normalized)
+        for regex in self._suspicious_regex:
+            match = regex.search(task_normalized)
+            if match:
+                warnings.append(match.group(0))
+        return warnings
+
+    def check_prompt_injection(self, task: str) -> List[str]:
+        """
+        检查 Prompt 注入模式（不阻止，仅警告）
+
+        Args:
+            task: 任务描述
+
+        Returns:
+            List[str]: 检测到的 Prompt 注入模式列表
+        """
+        detected = []
+        task_normalized = unicodedata.normalize('NFKC', task)
+        task_normalized = re.sub(r'[\u200b-\u200f\u2028-\u202f\ufeff]', '', task_normalized)
+        for regex in self._injection_regex:
+            match = regex.search(task_normalized)
+            if match:
+                detected.append(match.group(0))
+        return detected
+
+
+# 便捷函数
+def validate_task(task: str, strict: bool = False) -> ValidationResult:
+    """
+    验证任务描述（便捷函数）
+    
+    Args:
+        task: 任务描述
+        strict: 是否使用严格模式
+        
+    Returns:
+        ValidationResult: 验证结果
+    """
+    validator = InputValidator(strict_mode=strict)
+    return validator.validate_task(task)
+
+
+def validate_roles(roles: List[str]) -> ValidationResult:
+    """
+    验证角色列表（便捷函数）
+    
+    Args:
+        roles: 角色列表
+        
+    Returns:
+        ValidationResult: 验证结果
+    """
+    validator = InputValidator()
+    return validator.validate_roles(roles)
+
+
+# 示例用法
+if __name__ == "__main__":
+    validator = InputValidator()
+    
+    # 测试 1: 正常任务
+    result = validator.validate_task("Design a user authentication system")
+    print(f"Test 1: {result}")
+    
+    # 测试 2: 过长任务
+    result = validator.validate_task("A" * 20000)
+    print(f"Test 2: {result}")
+    
+    # 测试 3: XSS 攻击
+    result = validator.validate_task("<script>alert('xss')</script>")
+    print(f"Test 3: {result}")
+    
+    # 测试 4: 正常角色列表
+    result = validator.validate_roles(["architect", "pm", "tester"])
+    print(f"Test 4: {result}")
+    
+    # 测试 5: 无效角色 ID
+    result = validator.validate_roles(["architect", "pm@invalid"])
+    print(f"Test 5: {result}")

scripts/collaboration/integration_example.py

@@ -0,0 +1,287 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+"""
+Integration Example: LLM Cache + Retry + Performance Monitoring
+
+Demonstrates how to use all three optimization modules together
+for robust, efficient, and monitored LLM API calls.
+
+Usage:
+    python scripts/collaboration/integration_example.py
+"""
+
+import time
+import random
+from typing import Optional
+
+# Import optimization modules
+from scripts.collaboration.llm_cache import get_llm_cache
+from scripts.collaboration.llm_retry import retry_with_fallback, get_retry_manager
+from scripts.collaboration.performance_monitor import monitor_performance, get_monitor
+
+
+# Simulated LLM API call (replace with real API)
+def _mock_llm_api(prompt: str, backend: str, model: str) -> str:
+    """模拟 LLM API 调用"""
+    # Simulate network delay
+    time.sleep(random.uniform(0.1, 0.3))
+    
+    # Simulate occasional failures (10% chance)
+    if random.random() < 0.1:
+        raise Exception(f"API Error: {backend} temporarily unavailable")
+    
+    return f"[{backend}:{model}] Response to: {prompt[:50]}..."
+
+
+@monitor_performance("optimized_llm_call")
+@retry_with_fallback(
+    max_retries=3,
+    initial_delay=1.0,
+    fallback_backends=["openai", "anthropic", "zhipu"]
+)
+def optimized_llm_call(
+    prompt: str,
+    backend: str = "openai",
+    model: str = "gpt-4"
+) -> str:
+    """
+    优化的 LLM 调用函数
+    
+    集成了：
+    1. 缓存机制 - 避免重复调用
+    2. 重试机制 - 处理临时故障
+    3. 性能监控 - 追踪性能指标
+    
+    Args:
+        prompt: 提示词
+        backend: 后端服务
+        model: 模型名称
+    
+    Returns:
+        LLM 响应
+    """
+    cache = get_llm_cache()
+    
+    # 1. 尝试从缓存获取
+    cached_response = cache.get(prompt, backend, model)
+    if cached_response:
+        print(f"✓ Cache hit for: {prompt[:30]}...")
+        return cached_response
+    
+    print(f"✗ Cache miss, calling API: {backend}:{model}")
+    
+    # 2. 调用 API（带重试和故障转移）
+    response = _mock_llm_api(prompt, backend, model)
+    
+    # 3. 保存到缓存
+    cache.set(prompt, response, backend, model)
+    
+    return response
+
+
+def demo_basic_usage():
+    """演示基本用法"""
+    print("\n" + "="*60)
+    print("Demo 1: Basic Usage")
+    print("="*60)
+    
+    prompts = [
+        "What is Python?",
+        "Explain machine learning",
+        "What is Python?",  # 重复，应该命中缓存
+        "How does AI work?",
+    ]
+    
+    for i, prompt in enumerate(prompts, 1):
+        print(f"\n[{i}/{len(prompts)}] Calling: {prompt}")
+        try:
+            response = optimized_llm_call(prompt)
+            print(f"Response: {response[:80]}...")
+        except Exception as e:
+            print(f"Error: {e}")
+        time.sleep(0.5)
+
+
+def demo_cache_performance():
+    """演示缓存性能提升"""
+    print("\n" + "="*60)
+    print("Demo 2: Cache Performance")
+    print("="*60)
+    
+    prompt = "Explain quantum computing"
+    
+    # 第一次调用（无缓存）
+    print("\nFirst call (no cache):")
+    start = time.time()
+    response1 = optimized_llm_call(prompt)
+    duration1 = time.time() - start
+    print(f"Duration: {duration1*1000:.0f}ms")
+    
+    # 第二次调用（有缓存）
+    print("\nSecond call (with cache):")
+    start = time.time()
+    response2 = optimized_llm_call(prompt)
+    duration2 = time.time() - start
+    print(f"Duration: {duration2*1000:.0f}ms")
+    
+    # 性能提升
+    speedup = duration1 / duration2 if duration2 > 0 else 0
+    print(f"\n✓ Speed improvement: {speedup:.1f}x faster")
+    print(f"✓ Time saved: {(duration1 - duration2)*1000:.0f}ms")
+
+
+def demo_retry_fallback():
+    """演示重试和故障转移"""
+    print("\n" + "="*60)
+    print("Demo 3: Retry and Fallback")
+    print("="*60)
+    
+    # 模拟主后端故障
+    print("\nSimulating backend failures...")
+    
+    for i in range(3):
+        try:
+            prompt = f"Test prompt {i+1}"
+            response = optimized_llm_call(prompt, backend="openai")
+            print(f"✓ Call {i+1} succeeded")
+        except Exception as e:
+            print(f"✗ Call {i+1} failed: {e}")
+        time.sleep(0.5)
+
+
+def demo_performance_monitoring():
+    """演示性能监控"""
+    print("\n" + "="*60)
+    print("Demo 4: Performance Monitoring")
+    print("="*60)
+    
+    # 执行多次调用
+    print("\nExecuting multiple calls...")
+    prompts = [
+        "What is AI?",
+        "Explain neural networks",
+        "What is deep learning?",
+        "What is AI?",  # 重复
+        "How does NLP work?",
+    ]
+    
+    for prompt in prompts:
+        try:
+            optimized_llm_call(prompt)
+        except Exception as e:
+            print(f"Warning: LLM call failed for '{prompt[:30]}...': {e}")
+        time.sleep(0.3)
+    
+    # 获取性能统计
+    monitor = get_monitor()
+    stats = monitor.get_stats("optimized_llm_call")
+    
+    print("\n📊 Performance Statistics:")
+    print(f"  Total calls: {stats['call_count']}")
+    print(f"  Success rate: {stats['success_rate']}")
+    print(f"  Avg duration: {stats['avg_duration_ms']:.1f}ms")
+    print(f"  Min duration: {stats['min_duration_ms']:.1f}ms")
+    print(f"  Max duration: {stats['max_duration_ms']:.1f}ms")
+    print(f"  P95 duration: {stats['p95_duration_ms']:.1f}ms")
+    print(f"  P99 duration: {stats['p99_duration_ms']:.1f}ms")
+
+
+def demo_comprehensive_stats():
+    """演示综合统计信息"""
+    print("\n" + "="*60)
+    print("Demo 5: Comprehensive Statistics")
+    print("="*60)
+    
+    # 缓存统计
+    cache = get_llm_cache()
+    cache_stats = cache.get_stats()
+    
+    print("\n📦 Cache Statistics:")
+    print(f"  Hit rate: {cache_stats['hit_rate_percent']}")
+    print(f"  Total requests: {cache_stats['total_requests']}")
+    print(f"  Hits: {cache_stats['hits']}")
+    print(f"  Misses: {cache_stats['misses']}")
+    print(f"  Memory entries: {cache_stats['memory_entries']}")
+    print(f"  Disk entries: {cache_stats['disk_entries']}")
+    
+    # 重试统计
+    retry_manager = get_retry_manager()
+    retry_stats = retry_manager.get_stats()
+    
+    print("\n🔄 Retry Statistics:")
+    print(f"  Success rate: {retry_stats['success_rate']}")
+    print(f"  Total calls: {retry_stats['total_calls']}")
+    print(f"  Successful: {retry_stats['successful_calls']}")
+    print(f"  Failed: {retry_stats['failed_calls']}")
+    print(f"  Retries: {retry_stats['retries']}")
+    print(f"  Fallbacks: {retry_stats['fallbacks']}")
+    print(f"  Circuit breaks: {retry_stats['circuit_breaks']}")
+    
+    # 性能监控统计
+    monitor = get_monitor()
+    perf_stats = monitor.get_stats()
+    
+    print("\n⚡ Performance Statistics:")
+    print(f"  Uptime: {perf_stats['uptime_seconds']:.0f}s")
+    print(f"  Total metrics: {perf_stats['total_metrics']}")
+    print(f"  Monitored functions: {len(perf_stats['functions'])}")
+
+
+def demo_export_reports():
+    """演示导出报告"""
+    print("\n" + "="*60)
+    print("Demo 6: Export Reports")
+    print("="*60)
+    
+    # 导出缓存报告
+    cache = get_llm_cache()
+    cache_report = cache.export_stats_report()
+    
+    cache_file = "data/cache_report.md"
+    with open(cache_file, "w", encoding="utf-8") as f:
+        f.write(cache_report)
+    print(f"\n✓ Cache report exported to: {cache_file}")
+    
+    # 导出性能报告
+    monitor = get_monitor()
+    perf_report = monitor.export_report()
+    
+    perf_file = "data/performance_report.md"
+    with open(perf_file, "w", encoding="utf-8") as f:
+        f.write(perf_report)
+    print(f"✓ Performance report exported to: {perf_file}")
+
+
+def main():
+    """主函数"""
+    print("\n" + "="*60)
+    print("LLM Optimization Integration Demo")
+    print("="*60)
+    print("\nThis demo showcases:")
+    print("  1. LLM Response Caching")
+    print("  2. Retry with Fallback")
+    print("  3. Performance Monitoring")
+    
+    try:
+        # 运行所有演示
+        demo_basic_usage()
+        demo_cache_performance()
+        demo_retry_fallback()
+        demo_performance_monitoring()
+        demo_comprehensive_stats()
+        demo_export_reports()
+        
+        print("\n" + "="*60)
+        print("✓ All demos completed successfully!")
+        print("="*60)
+        
+    except KeyboardInterrupt:
+        print("\n\n✗ Demo interrupted by user")
+    except Exception as e:
+        print(f"\n\n✗ Demo failed: {e}")
+        import traceback
+        traceback.print_exc()
+
+
+if __name__ == "__main__":
+    main()