iidZddlmZddlZddlZddlZddlZddlZddlZddl Z ddl Z ddl m Z m Z ddl mZddlmZdZej$dej&ej(zZej$d ej&Zej$d Zd Zd#d Zd#d Zd$dZ d% d&dZd'dZd(dZ d)dZ d)dZ d*dZ!d+dZ" d,dZ#d-dZ$d.dZ% d/dZ& d(dZ' d*dZ( d(dZ)d0dZ*d1dZ+ d2dZ,d3d Z-d4d5d!Z.e/d"k(re j`e.yy)6u8taskctl_verify.py — taskctl 상태 전이 직전·직후의 11개 정합성 검사기. task-2459 Phase 2-C 구현. spec: memory/specs/taskctl-verify-spec.md (v1.0). 핵심 정책: - read-only 진단기. git history mutation 금지 (rebase/cherry-pick/reset 0줄). - LLM API 호출 0줄. 외부 네트워크 호출 0줄. - FAIL 시 evidence 만 저장하고 exit ≠ 0 으로 보고. 자동 복구 절대 금지. Exit code: 0 = PASS (모든 검사 PASS or N/A) 1 = FAIL (1건 이상 FAIL) 2 = WARN (FAIL 0건, WARN 1건 이상) 3 = internal error ) annotationsN)datetimetimezone)Path)Anyz1.0z-^\s*qc_verdict\s*[:\-]\s*(PASS|WARN|FAIL)\s*$z)##\s*QC\s+Verdict[^\n]*\n+([\s\S]{0,400})z\b(PASS|WARN|FAIL)\b) handoff_idfrom_botto_bottask_id timestampcftjtjj dS)N%Y-%m-%dT%H:%M:%SZrnowrutcstrftimeG/home/jay/workspace/.worktrees/task-2459-dev5/scripts/taskctl_verify.py_now_isor9s! << % . ./C DDrcftjtjj dS)Nz%Y%m%dT%H%M%SZrrrr _now_compactr=s! << % . ./? @@rc|jjddtjt |j|j dzd\}} t j|dd5}tj||d d |jd dddt j|t |y#1swY)xYw#t$r' t j|#t$rYwxYwwxYw) NT)parentsexist_ok.z.tmp)dirprefixsuffixwutf-8encodingF) ensure_asciiindent )parentmkdirtempfilemkstempstrnameosfdopenjsondumpwritereplace ExceptionunlinkOSError)pathdatafdtmp_pathfs r_atomic_write_jsonr<AsKKdT2##  TYY_VLB  YYr3 1 Q IIdAE! < GGDM  8SY'     IIh      sHC2+C'CC C DC10D1 C=:D<C==DcPtjdg|zt|dd|S)u4git read-only 명령. mutation 명령 호출 금지.gitTcwdcapture_outputtexttimeout) subprocessrunr,)argsr@rCs r_git_runrGSs. >> $ H   rc |jj}tj|t j jdS#t$rYywxYw)N)tzr)statst_mtimer6r fromtimestamprrr)r7tss r_file_mtime_isorN`sU YY[ ! !  ! !" 6 ? ?  sA AAc|dz dz |dz }t||jr t|ndd}|jrd|dfSd|d|dfS) N.taskslocksz.lock) lock_path lock_mtimePASSFAILz start_lock: u+ 부재 (start_task_guard 미실행 의심))r,existsrN)r workspacerRdetails rcheck_start_lockrYnsxH$w.G9E1BBI^4=4D4D4Foi0DFvt## yk!LM rctgd|}|jdk7r"ddd||jjddfS|jj}|dk(rdd|rd|d |nd|d |d d fS|r#d|d |}|||d }||k(rd |dfSd|d|d|fSd|d }||ddd }|j |rd |dfSd|d|d|dfS)N)z rev-parsez --abbrev-refHEADr@rrU)current_branchexpected_branchbot_hint git_erroru"branch_match: git rev-parse 실패r[ztask/-z-*)r]r^r_u"branch_match: detached HEAD 상태rTubranch_match: 기대 u , 실제 zzbranch_match: u 가 u prefix 와 불일치)rG returncodestderrstripstdout startswith)r botr@rescurrentexpectedrXrs rcheck_branch_matchrk}sb 8c BC ~~ "&#' ZZ--/   1  jj G& "(/2eG9AcU+%y8K   1   7)1SE*%'  h 64' '  #H:Ywi @  WIQ F!$XU+F &!vt## 6^G9E&AVW WWrc|j}|r d|d|}nd|d}t||d}t|}|r |j|s |d|dzvrd|dfS||vrd|dfSd|d|dfS) Nz .worktrees/ra)r@cwd_match_pattern/rTrUuworktree_path: cwd 가 u worktree 안이 아님)resolver,endswith)r rgr@ cwd_resolvedmarkerrXcwd_strs rcheck_worktree_pathrts;;=L wiq.wiq)< #F,G   F #&|w}'D64' ' W 64' ' !&)@A rcT|dz dz |dz |dz dz |dz g}t}d}|D]N}|jr|jn|}||vr*|j||jsL|}n|r t |nd|r t |ndd}|d|dfSd|d|fS)Nmemoryeventsz .cancelled)cancelled_marker_path cancelled_atrTrUu*cancelled_check: cancel 마커 존재 — )setrVroaddr,rN) r rWr@ candidatesseenfoundprprXs rcheck_cancelledrs Hx'WIZ*@@ h!wiz$::JeDE HHJQYY[A :   88:E 05U$27.TF }vt## 4UG< rctddg|}|jdk7r dg|jjddfS|jj Dcgc]}|js|}}g}|ddD]&}|j t|d kDr|d dn|(d |i}|sd |dfSd|d t|d fScc}w)Nstatusz --porcelainr\rrU) dirty_filesr`u$dirty_tree: git status 실행 실패2rrTz dirty_tree: z' untracked or modified file(s) detected)rGrbrcrdre splitlinesappendlen)r@rhlnlinesfilesrXs rcheck_dirty_treers Hm,# 6C ~~ SZZ-=-=-? @ 2  **//1 @BRXXZR @E @ ECRj4 s2w{RV34U #F vt## s5zl"IJ  As C1Cc>tdd|dg|}|jdk7r dg|jjddfSt |j j Dchc]#}|js|j%c}}dd|idfScc}w) Ndiffz --name-onlyz..HEADr\rrT)changed_paths_listr`r)rGrbrcrdsortedrer)baser@rhrpathss rcheck_changed_pathsrs FMdV6?; EC ~~ #%CJJ4D4D4F G   )>)>)@O2BHHJBHHJO PE (%0$ 66Ps $B:Bcd}d}d}d}g}d}|jD]d}|jd}|j} | jdr | }|sd}d}d}B|sEt |t |j dz } |s| jdrd}d}| }| dk(s| jd r|| |kr| j d rd}d}| jd rd}|s| jd ro| d dj} | jdr| j ds"| jdr| j dr| dd} |j| Pd}| j d seg|sy|S)u]task md 에서 `allowed_resources.paths` 리스트 추출 (yaml lib 미사용). Returns: - ``None`` : ``allowed_resources`` 블록 자체가 없음 (구버전 task md 호환) - ``[]`` : 블록은 있으나 ``paths`` 리스트가 비어있음 (스펙 위반 — FAIL 처리) - ``[...]``: 추출된 패턴 리스트 FNr'z``` zallowed_resources:T#:zpaths:z- r$"')rrstriprdrfrlstriprpr) task_mdin_yaml in_allowedin_paths seen_allowedr yaml_indentrawlinestrippedleadingvals r_extract_allowed_pathsrsGJHLE"K!!#8zz$::<   u %!kG"  "  d)c$++c"233""#78! # %  r>X005   "w+'=(BSBSTWBXJH    x (H  ""4(qrl((*NN3'CLL,=NN3'CLL,=a)C S!!$$S)q8r  Lrc||k(rytj||ryd|vrg}d}|t|kr|||dzdk(r7|jd|dz }|t|kr||dk(r|dz }d|d <n||d k(r|jd |dz }nl||d k(r|jd |dz }nM||dvr-|jt j |||dz }n|j|||dz }|t|krddj |zdz} t j||duSy#tj$rYywxYw)u`**` 지원하는 glob 매칭.Tz**rr$z.*rnrz(?:.*/)?r*z[^/]*?z[^/]z .+()^$|{}\^r$NF) fnmatch fnmatchcaserrreescapejoinmatcherror)r7pattern regex_partsiregexs r _glob_matchrcs$4) w"$ #g,q1q5!T)""4(Qs7|# c(9FA'1KOs"""7+Qs"""6*Q},""299WQZ#89Q""71:.Q+#g,,bggk**S0 88E4(4 4 xx  s)EEEc |dz dz |dz }ggt|d}|jsd|d|fS |jd}t |}|d |d fS||d <|sd|dfSg}|D]( t fd|Dr|j *||d<|sd|dfSd|dt|dfS#t$r!}di|d t|id |fcYd}~Sd}~wwxYw)Nrvtasks.md)allowed_patternsscope_violations task_md_pathrUu!scope_matrix: task md 부재 — r!r" read_erroru(scope_matrix: task md 읽기 실패 — WARNuAscope_matrix: allowed_resources 블록 부재 (구버전 task md)ru3scope_matrix: allowed_resources.paths 빈 리스트c36K|]}t|ywN)r).0patrs r z%check_scope_matrix..s;3;q#&;srrTzscope_matrix: z" path(s) outside allowed_resources)r,rV read_textr6ranyrr) r rW changed_pathsrrXrBexcpatterns violationsrs @rcheck_scope_matrixrsm("W,'#>GG F >>   /y 9     ' 2&d+H   O  "*F     A  J !;(;;   a !",F  vt## Z))KL E   .v .|SX .6se <   sB55 C>CCCcv|dz dz |dz }|jr t|nddgd}|jsd|dfS tj|j d}tDcgc]}|j|r|}}|r d d j|g|d <d |d|fS|d|k7rd|dd|g|d <d |d|dd|fS|jd}|s dg|d <d |dfS||d<d|dfS#t tj f$r}d|g|d <d |d |fcYd}~Sd}~wwxYwcc}w)Nrvhandoffs.json) handoff_path previous_bothandoff_schema_errorsN/Ar!r"zparse: rrUu&handoff_chain: JSON 파싱 실패 — z missing: ,u(handoff_chain: 필수 필드 누락 — r ztask_id mismatch: handoff=z arg=u,handoff_chain: task_id mismatch — handoff=r zfrom_bot emptyu3handoff_chain: from_bot(previous_bot) 추적 불가rrT) rVr,r0loadsrr6JSONDecodeErrorHANDOFF_REQUIRED_FIELDSgetr) r rWrrXr8rr;missingrs rcheck_handoff_chainrsx'*4'%7HHL-9-@-@-BL)!#F    fd"" zz,00'0BC2EQ!qEGE-6sxx7H6I+J*K&'  6wi @   I'!(i(9wi H+ &'   ?+5 ;   88J'L +;*<&'   A  *F> 64 W T)) * -4SE?*;&'  4SE :   Fs*%C?3D6 D6?D3D.(D3.D3c P|dz dz }|js ddddddfStjt||ddd t|d t|g } t j |t|d d d }|jd|jr|jddndd}|jdk(rd|dfS|jdk(rd|dfSd|d|jdfS#tj $r ddddddfcYSt$r}dddt|dd|fcYd}~Sd}~wwxYw)Nscriptszmixed_commit_detector.pyrUumixed_commit_detector.py 부재)mixed_commit_detector_exitmixed_commit_evidence_pathnoteuFmixed_commit: mixed_commit_detector.py 부재 — 안전 검증 불가--json--quiet --workspacez --git-dirT<r?rC)rrru2mixed_commit: detector timeout — 안전 측 FAILu)mixed_commit: detector 실행 실패 — i r)rr stdout_tailrrTru.mixed_commit: detector 가 alien commit 감지z,mixed_commit: detector internal_error (exit u) — 안전 측 FAIL) rVsys executabler,rDrETimeoutExpiredr6rbre)r rWr@detectorcmdrhrrXs rcheck_mixed_commitrs9$'AAH ??  .2.29  U    H  I C C nn C  <'*nn&*,/JJszz$%(BF  ~~vt## ~~vOOO :3>>:JK   C  $ $   .2.2"  A     .2.2S  8u =    s$#C D%>D%D D% D%c|dz dz |dz }|jr t|nddd}|jsd|dfS |jd}d j |j dd }d}t j|}|r|jd j}|\tj|} | rEtj| jd } | r| jd j}||d<|d|dfS|dvrd|dfS|dk(rd|dfSd|d|fS#t$r!}di|d t|id |fcYd}~Sd}~wwxYw)Nrvreportsr)qc_report_pathqc_verdict_valuerr!r"rru#qc_report_guard: 읽기 실패 — r'rrruMqc_report_guard: 보고서는 존재하지만 qc_verdict 라인 파싱 실패)rTrrTrUz qc_report_guard: qc_verdict=FAILu(qc_report_guard: 알 수 없는 verdict ) rVr,rr6rr QC_VERDICT_REsearchgroupupper QC_SECTION_RE QC_KEYWORD_RE) r rW report_pathrXrBrheadverdictmseckws rcheck_qc_report_guardrWsh&2y_DK.9.@.@.B#k* F    fd"" $$g$6 99T__&s+ ,DGT"A''!*""$""4( %%ciil3B((1+++-!(F    [  ""vt##&vAAA 27)< E   .v .|SX .1# 7   sD66 E ?EE E cd|dz dz }dddd}|jsd|dfS tjdt|gt|ddd }|j |d<dj|jjdd|d<dj|jjdd|d<|j dk(rd|dfSd |d|j fS#tj$rd i|d d id fcYSt $r!}d i|d t|id|fcYd}~Sd}~wwxYw)Nrzguard.shr) guard_sh_exitguard_sh_stdout_tailguard_sh_stderr_tailrbashTrr?rUrrCuguard_sh: timeout 60s 초과uguard_sh: 실행 실패 — rr'irrrrTzguard_sh: exit ) rVrDrEr,rr6rbrrerrc)rWr@guardrXrhrs rcheck_guard_shrsu  !J .E " "F <<>fd"" nn SZ C  ("nnF?%)YY %&F !"&*YY %&F !" ~~vt## #..)* -  $ $  *v *w * *    )v )wC )*3% 0   s#.C&&D/D/D*$D/*D/ctd|jDrytd|jDryy)Nc3&K|] }|dk( yw)rUNrrvs rrz_overall.. 111; 1)rUrc3&K|] }|dk( yw)rNrr s rrz_overall..r r )rr$)rTr)rvalues)resultss r_overallrs5 1 0 11 1 0 11 rc > ii g d fd }t||\}}}|d|||t|||\}}}|d|||t|||\}}}|d|||t|||\}}}|d|||t |\}}}|d|||t d|\}}}|d||| j d g}t|||\}}}|d |||t||\}}}|d |||t|||\}}}|d |||t||\}}}|d |||t||\}}}|d|||t\} } d<|ttt|j!| t# | | d } | S)Nc~||<|jD] \}}||< |r|dk(rj|yyy)NrU)itemsr) r-rrXreasonkr details fail_reasonsrs r_recordzrun_all_checks.._recordsO LLN DAqGAJ  f&    ''6r start_lock branch_match worktree_pathcancelled_check dirty_treez origin/mainrr scope_matrix handoff_chain mixed_commitqc_report_guardguard_shr) r verified_atverifier_versionr@r_rrroverall exit_code) r-r,rr,rXdictr str | NonereturnNone)rYrkrtrrrrrrrrrrrVERIFIER_VERSIONr,rolist)r rgrWr@rsdrchangedr%r&payloadrrrs @@@rrun_all_checksr2s!G G L(w 2GAq! L!Q" #s3GAq! NAq!$!'34GAq! OQ1%gy#6GAq! q!Q's#GAq! L!Q"!-5GAq! OQ1%kk.3G )W=GAq! NAq!$!'95GAq! OQ1% )S9GAq! NAq!$#GY7GAq! q!Q'Y,GAq! J1a !'*GY*GNz,3;;=!\* G NrcVt}|dz dz |z d|dz }t|||S)NrPevidencezverify-r)rr<)r rWr1rMr7s rwrite_evidence_filer5 s: B x * ,w 672$e9L LDtW% Krc tjd}|jdd|jddd|jd tjj d xstj d |jd d dd|jdd d|j|}t|jj}ttj j}|jstd|tjy t|j |j"||}|j*r:|j,s tt/j0|dt3|dS t5|j ||}|j,sL|d|d|d|dt9|j;|d}tt/j0|dt3|dS#t$j&$r(}td|tjYd}~yd}~wt($r(}td|tjYd}~yd}~wwxYw#t6$rT}td|tj|j,s tt/j0|dYd}~yd}~wwxYw) Nz7Run 11 task verification checks and emit evidence JSON.) descriptionr u&검증 대상 task id (예: task-2459))helpz--botu-bot 이름 (branch/worktree 정확도 향상))defaultr8rWORKSPACE_ROOTu7워크스페이스 루트 (기본 cwd / WORKSPACE_ROOT)r store_true json_onlyu?dry-run: stdout 에 전체 evidence JSON, 파일 저장 안 함)actiondestr8ru정상 stdout 메시지 억제)r=r8z&[taskctl-verify] workspace not found: )filerz%[taskctl-verify] subprocess timeout: z![taskctl-verify] internal error: F)r%r&z+[taskctl-verify] failed to write evidence: r%r)r r%r&rr4)argparseArgumentParser add_argumentr.environrgetcwd parse_argsrrWrorVprintrrcr2r rgrDrr4r<quietr0dumpsintr5r6r, relative_to) argvparserrFrWr@r1r evidence_pathsummarys rmainrOs  $ $MF  (PQ 4cd  /0?BIIK F    N   ,-M   T "DT^^$,,.I ryy{  # # %C     4YK @  txxCH ~~zz $**W59 :7;'(( +DLL)WM  ::y)y) -y)M55i@A   djju56 w{# $$G  $ $ 5cU;#**M  1#7cjjI  9# ? zz $**W59 :s=="H#&J#J 6I J %JJ  K-A K((K-__main__)r)r,)r7rr8r'r)r*))rF list[str]r@rrCrIr)zsubprocess.CompletedProcess)r7rr)r()r r,rWrr)tuple[str, dict, str | None])r r,rgr(r@rr)rS)r r,rWrr@rr)rS)r@rr)rS)rr,r@rr)rS)rr,r)list[str] | None)r7r,rr,r)bool)r r,rWrrrRr)rS)rWrr@rr)rS)rzdict[str, str]r)ztuple[str, int]) r r,rgr(rWrr@rr)r')r r,rWrr1r'r)rr)rKrTr)rI)1__doc__ __future__rr@rr0r.rrDrr*rrpathlibrtypingrr+compile IGNORECASE MULTILINErrrrrrr<rGrNrYrkrtrrrrrrrrrrrr2r5rO__name__exitrrrr_sr#  ' 4MMBLL   0MM  23 EA&02    ),    4X 4X!4X(,4X!4Xn !(,!8 !(,!<0 7  7 7! 7K\*Z9 9!92;9!9x9 9 !9 !9 xL L!L(,L!L^3 3!3!3l+dB B!B.2B9=B BJE%P z CHHTVr