diff --git a/src/nullrun/decorators.py b/src/nullrun/decorators.py index 4b97fc1..8256c61 100644 --- a/src/nullrun/decorators.py +++ b/src/nullrun/decorators.py @@ -157,9 +157,16 @@ def _safe_args(fn: Callable[..., Any], args: tuple[Any, ...]) -> list[Any]: # repr(value) of an arbitrary object. return [_safe_repr(a) for a in args] + # `bound_params` is sliced to at most `len(args)`, so when the + # function has FEWER positional parameters than args provided + # (e.g. `*args`-style callables), `bound_params` is shorter + # than `args` and the trailing loop below handles the excess. + # We use `strict=False` to make that tolerance explicit and + # satisfy B905; without it the two iterables must be exactly + # the same length, which they are not in the *args case. bound_params = list(sig.parameters.items())[: len(args)] masked: list[Any] = [] - for (pname, _param), value in zip(bound_params, args): + for (pname, _param), value in zip(bound_params, args, strict=False): if pname.lower() in SENSITIVE_ARG_KEYS: masked.append("***") else: diff --git a/src/nullrun/instrumentation/auto.py b/src/nullrun/instrumentation/auto.py index 0659c18..a985914 100644 --- a/src/nullrun/instrumentation/auto.py +++ b/src/nullrun/instrumentation/auto.py @@ -38,6 +38,7 @@ import hashlib import json import logging +import os import threading from collections import OrderedDict from collections.abc import Callable @@ -1143,10 +1144,9 @@ def reset_for_tests() -> None: # Env-var override: NULLRUN_MAX_RESPONSE_BYTES. None disables the cap # (escape hatch for users who really need full-body inspection and # can tolerate the memory cost). -import os as _os _DEFAULT_MAX_RESPONSE_BYTES = 16 * 1024 * 1024 # 16 MiB MAX_RESPONSE_BYTES = int( - _os.environ.get("NULLRUN_MAX_RESPONSE_BYTES", _DEFAULT_MAX_RESPONSE_BYTES) + os.environ.get("NULLRUN_MAX_RESPONSE_BYTES", _DEFAULT_MAX_RESPONSE_BYTES) ) or _DEFAULT_MAX_RESPONSE_BYTES diff --git a/src/nullrun/transport.py b/src/nullrun/transport.py index 2d27278..a737da0 100644 --- a/src/nullrun/transport.py +++ b/src/nullrun/transport.py @@ -11,6 +11,7 @@ import logging import os import random +import tempfile import threading import time import uuid @@ -622,14 +623,18 @@ def _wal_path(self) -> str: Honours ``NULLRUN_WAL_PATH`` so crash-recovery lands on a writable mount in containers with - ``readOnlyRootFilesystem: true``. Default - ``/tmp/nullrun.wal`` matches the convention other agents - use for ephemeral crash-recovery state. + ``readOnlyRootFilesystem: true``. Default lands in the + platform temp dir (``tempfile.gettempdir()`` — typically + ``/tmp`` on Linux, ``/var/folders/...`` on macOS, + ``%TEMP%`` on Windows). Using the platform helper rather + than a hardcoded ``/tmp`` keeps us off S108's insecure + path list and lets the SDK work on Windows out of the + box. """ env_path = os.environ.get("NULLRUN_WAL_PATH") if env_path: return env_path - return os.path.join("/tmp", "nullrun.wal") + return os.path.join(tempfile.gettempdir(), "nullrun.wal") def _rotate_wal_if_needed(self) -> None: """Rotate ```` to ``.1`` if it exceeds the size cap."""