i8BdZddlZddlZddlZddlZddlmZddlZdZdZ ejje ddZ ejjde ded ed ed efd Zd ed eded ej"fdZdZdZdZdZdZdZdZdZdZdZdZdZy)u^ tests/dev7/test_scope_guard.py dev7 scope-guard pytest 시나리오 5종 (task-2364) 시나리오: 1. 정상 케이스: snapshot 작성 → 정상 diff → exit 0 2. forbidden 위반: codegraph cron 케이스 → exit 1 + scope-violation.json 3. legacy 호환: snapshot 없음 + .allow-no-scope.log 마커 → exit 0 4. snapshot 없음, 마커도 없음: exit 1 5. 시스템 자동 파일 무시: diff에 memory/heartbeats/foo.json만 → exit 0 함수 단위 테스트: - _parse_allowed_resources: yaml 파싱, inline list, 못 찾는 경우 - _save_capability_snapshot: sha256, auto forbidden 보강 N)Pathz/home/jay/workspacez-/home/jay/workspace/.worktrees/task-2364-dev7scriptsztask-scope-guard.shcaps_dirtask_idsnapshotreturnc|jdd||dz }|jtj|d|S)u$테스트용 snapshot 파일 작성.Tparentsexist_ok.jsonzutf-8)encoding)mkdir write_textjsondumps)rrr snap_files L/home/jay/workspace/.worktrees/task-2374-dev7/tests/dev7/test_scope_guard.pywrite_snapshotr&sE NN4$N/gYe,,I H-@  diff_content env_workspacecddl}|jddd5}|j||j}ddd tj j }||d<tjdt|gd d | }|t j|S#1swYexYw#t jwxYw) u,task-scope-guard.sh를 subprocess로 호출.rNwz.txtF)modesuffixdelete WORKSPACEbashT)capture_outputtextenv) tempfileNamedTemporaryFilewritenameosenvironcopy subprocessrunSCOPE_GUARD_SCRIPTunlink)rrrr#f diff_filer"results rrun_scope_guardr1.s  $ $#fU $ Kq  FF  jjoo(K ') <    ) )sBAB'B$'B>c (d}|dz dz }|dz dz }|jdd|ddd d gd ggd d dd}t|||d}t||t|} |jdk(s.Jd|jd|j d|j d|j vsJd|j  ||dz }|jr|jyy#||dz }|jr|jwwxYw)uF정상 케이스: snapshot 있고 diff 파일이 scope 내 → exit 0.ztest-sg-scenario1memory capabilitieseventsTr 2026-05-02T17:00:00deadbeefscripts/finish-task.sh%memory/plans/bot-capability-system/**memory/events/*.cron-*manual0pathsforbidden_pathscommands merge_policy ttl_hoursr captured_at source_sha256allowed_resourceszBscripts/finish-task.sh memory/plans/bot-capability-system/plan.md rexit 0 기대, got  stdout= stderr=PASSPASS 메시지 기대 stdout=r N rrr1str returncodestdoutstderrexistsr-tmp_pathrr events_dirrrr0rs rtest_scenario1_passrUFsd!G("^3HH$x/JTD1,#.0WX 89$  H8Wh/YL WlCM BF  A% A)z5test_scenario2_forbidden_violation..sR'1V94Rsr )rrr1rMrNrOrPrQopenrloadlenanyr-) rSrrrTrrr0violation_filer.vdatars r"test_scenario2_forbidden_violationrfls!G("^3HH$x/JTD1,#./ 89$  H8Wh/8L WlCM BFWI-B"CCN   A% A)QRRRR  "  ! ! #'%00          ! !  "  ! ! #'%00         s&#A"E.E")000M'*=>>K4::'V&LMN-L WlCM BF!  A% A))000M 8#**4$*G-L WlCM BF    !|%89J9J8K9U[UbUbTcclmsmzmzl{#|| ! ,,. .* @S@S@U2U; *6==/:; U2U .rc d}|dz dz }|dz dz }|jdd|ddd gggd d d d }t|||d}t||t|}||dz } |jdk(s.Jd|jd|j d|j d|j vsJd|j  |jr|jyy#|jr|jwwxYw)uB시스템 자동 파일(memory/heartbeats/...)만 diff → exit 0.ztest-sg-scenario5r3r4r5Tr r6r7r8r;r<r=rCzememory/heartbeats/foo.json memory/daily/2026-05-02.md bot-activity.json token-ledger.json .heartbeat r rrGrHrIrJrKNrLrRs r#test_scenario5_system_files_ignoredrssO!G("^3HH$x/JTD1,#./!$  H8Wh/ WlCM BFgYe,,I  A% A)r9r:r?rAr;rBr<rprvrvr!rs r'test_parse_allowed_resources_yaml_blockrzs1 D !&A =>>>= #qz 11 1 2aj @@ @ #q):'; ;; ; ^  (( ( [>R  rcbddlm}d}||}|Jd|dvsJd|dvsJd|d vsJy) u"인라인 리스트 형식 파싱.rruz ```yaml allowed_resources: paths: [foo.py, bar.py] forbidden_paths: [secrets/**] merge_policy: manual ttl_hours: 24 ``` Nzfoo.pyr>zbar.py secrets/**r?rwrxs r(test_parse_allowed_resources_inline_listr}sZ1 D !&A == qz !! ! qz !! ! 1./ // /rc<ddlm}d}||}| Jd|y)u,allowed_resources 없는 경우 None 반환.rruu1# 단순 task 설명 어떤 작업을 합니다. NNone 기대, got rwrxs r&test_parse_allowed_resources_not_foundr(s+1 @D &A 9-)!--9rc<ddlm}d}||}| Jd|y)u>yaml 블록이 있어도 allowed_resources 키 없으면 None.rruz# ```yaml other_key: foo: bar ``` Nrrwrxs r-test_parse_allowed_resources_yaml_without_keyr1s/1 D !&A 9-)!--9rc,ddlm}d}dgggddd}d}||||} |js Jd |t|5}t j |}d d d d |k(sJ|d sJd dd l}|j|jj}|d |k(sJd|d d| |jr|jy y #1swYxYw#|jr|jwwxYw)u'기본 snapshot 저장 + sha256 확인.r_save_capability_snapshotztask-test-snap-basicr8r;r=zhello world snapshot testusnapshot 파일 없음: NrrEusha256 비어있음usha256 불일치: z != ) rprrQr`rrahashlibsha256encode hexdigestr-) rrar source_text snap_pathr.datarexpecteds r#test_save_capability_snapshot_basicrCs<2$G*+   B.K)'2{CI !I%=i[#II! )_ 99Q>+"4"4"67AACO$0l4FtOG\F]]abjak2ll0                    s$%C0C$A'C0$C-)C00#Dcddlm}d}dgdggddd}|||d } t|5}tj|}d d d d d }d |vs Jd|d|vs Jd| |j r|j y y #1swYPxYw#|j r|j wwxYw)u,memory/capabilities/** 자동 보강 확인.rrztask-test-snap-forbiddenr8r|r;rr= test sourceNrFr?memory/capabilities/**u-memory/capabilities/** 자동 보강 없음: u&기존 forbidden_paths 유지 안됨: )rprr`rrarQr-)rrrrr.r forbiddens r9test_save_capability_snapshot_auto_forbidden_capabilitiesras2(G*+(>   B*'2}EI  )_ 99Qrs"   '? WW\\-