fix: enforce ARTIFACTORY_ONLY for virtual package types (#418)

chkp-roniz · claude · danielmeppiel · web-flow · commit 6945193380ba · 2026-03-23T11:12:07.000+01:00
Virtual file, collection, and subdirectory packages now respect
ARTIFACTORY_ONLY=1. Previously only the primary zip-archive download
path enforced the proxy-only guard; virtual packages could bypass it
and reach GitHub directly in air-gapped or proxy-only environments.

Co-authored-by: Claude Sonnet 4.6 &lt;noreply@anthropic.com&gt;
Co-authored-by: Daniel Meppiel &lt;51440732+danielmeppiel@users.noreply.github.com&gt;
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,6 +8,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Fixed
+
+- Virtual package types (files, collections, subdirectories) now respect `ARTIFACTORY_ONLY=1`, matching the primary zip-archive proxy-only behavior (#418)
+
 ### Added
 
 - `ci-runtime.yml` workflow for nightly + manual runtime inference tests, decoupled from release pipeline (#371)
diff --git a/src/apm_cli/deps/github_downloader.py b/src/apm_cli/deps/github_downloader.py
@@ -1848,13 +1848,18 @@ def download_package(
         
         # Handle virtual packages differently
         if dep_ref.is_virtual:
+            art_proxy = self._parse_artifactory_base_url()
+            if self._is_artifactory_only() and not dep_ref.is_artifactory() and not art_proxy:
+                raise RuntimeError(
+                    f"ARTIFACTORY_ONLY is set but no Artifactory proxy is configured for '{repo_ref}'. "
+                    "Set ARTIFACTORY_BASE_URL or use explicit Artifactory FQDN syntax."
+                )
             if dep_ref.is_virtual_file():
                 return self.download_virtual_file_package(dep_ref, target_path, progress_task_id, progress_obj)
             elif dep_ref.is_virtual_collection():
                 return self.download_collection_package(dep_ref, target_path, progress_task_id, progress_obj)
             elif dep_ref.is_virtual_subdirectory():
                 # When ARTIFACTORY_ONLY is set, download full archive and extract subdir
-                art_proxy = self._parse_artifactory_base_url()
                 if self._is_artifactory_only() and art_proxy:
                     return self._download_subdirectory_from_artifactory(
                         dep_ref, target_path, art_proxy, progress_task_id, progress_obj
diff --git a/tests/unit/test_artifactory_support.py b/tests/unit/test_artifactory_support.py
@@ -789,3 +789,56 @@ def test_download_package_errors_without_base_url(self):
             dl = GitHubPackageDownloader()
             with pytest.raises(RuntimeError, match="ARTIFACTORY_ONLY is set"):
                 dl.download_package("microsoft/some-package", Path("/tmp/test-pkg"))
+
+    def test_virtual_file_errors_without_base_url(self):
+        """ARTIFACTORY_ONLY without ARTIFACTORY_BASE_URL raises for virtual file packages."""
+        with patch.dict(os.environ, {"ARTIFACTORY_ONLY": "1"}, clear=True):
+            dl = GitHubPackageDownloader()
+            with pytest.raises(RuntimeError, match="ARTIFACTORY_ONLY is set"):
+                dl.download_package(
+                    "owner/repo/prompts/deploy.prompt.md", Path("/tmp/test-pkg")
+                )
+
+    def test_virtual_collection_errors_without_base_url(self):
+        """ARTIFACTORY_ONLY without ARTIFACTORY_BASE_URL raises for virtual collection packages."""
+        with patch.dict(os.environ, {"ARTIFACTORY_ONLY": "1"}, clear=True):
+            dl = GitHubPackageDownloader()
+            with pytest.raises(RuntimeError, match="ARTIFACTORY_ONLY is set"):
+                dl.download_package(
+                    "owner/repo/collections/my-collection", Path("/tmp/test-pkg")
+                )
+
+    def test_virtual_subdirectory_errors_without_base_url(self):
+        """ARTIFACTORY_ONLY without ARTIFACTORY_BASE_URL raises for virtual subdirectory packages."""
+        with patch.dict(os.environ, {"ARTIFACTORY_ONLY": "1"}, clear=True):
+            dl = GitHubPackageDownloader()
+            with pytest.raises(RuntimeError, match="ARTIFACTORY_ONLY is set"):
+                dl.download_package(
+                    "owner/repo/skills/my-skill", Path("/tmp/test-pkg")
+                )
+
+    def test_explicit_artifactory_fqdn_virtual_file_passes(self):
+        """Explicit Artifactory FQDN on virtual file dep is NOT blocked by ARTIFACTORY_ONLY."""
+        with patch.dict(os.environ, {"ARTIFACTORY_ONLY": "1"}, clear=True):
+            dl = GitHubPackageDownloader()
+            dep = DependencyReference.parse(
+                "art.example.com/artifactory/github/owner/repo/prompts/deploy.prompt.md"
+            )
+            assert dep.is_artifactory()
+            assert dep.is_virtual_file()
+            # Should not raise - explicit Artifactory FQDN bypasses the guard
+            with patch.object(dl, 'download_virtual_file_package', return_value=MagicMock()):
+                dl.download_package(dep, Path("/tmp/test-pkg"))
+
+    def test_explicit_artifactory_fqdn_virtual_collection_passes(self):
+        """Explicit Artifactory FQDN on virtual collection dep is NOT blocked by ARTIFACTORY_ONLY."""
+        with patch.dict(os.environ, {"ARTIFACTORY_ONLY": "1"}, clear=True):
+            dl = GitHubPackageDownloader()
+            dep = DependencyReference.parse(
+                "art.example.com/artifactory/github/owner/repo/collections/my-collection"
+            )
+            assert dep.is_artifactory()
+            assert dep.is_virtual_collection()
+            # Should not raise - explicit Artifactory FQDN bypasses the guard
+            with patch.object(dl, 'download_collection_package', return_value=MagicMock()):
+                dl.download_package(dep, Path("/tmp/test-pkg"))
