i? ddZddlZddlZddlZddlZddlZddlZddlZejjdejjejje ddl Z ddlZdedej"fdZdededefdZded edeedzeffd Zd ededefd Zd ededzfdZdeededeeeffdZdedej"dedeeeffdZdededeeeffdZdedej"dedeeeffdZded ededeeeffdZ ddZ!e"dk(re!yy)u pre_push_guard.py — push 직전 4가지 안전 점검 (Guard MVP Phase 1) 4가지 검사: B-1 working tree clean 검사 (working_tree_modified ∪ untracked 기준) B-2 main...origin/main ahead/behind 검사 B-3 task scope 일치 검사 (head_diff 기준) B-4 qc-result JSON vs 보고서 일치 검사 모두 PASS → exit 0 / 한 건이라도 FAIL → exit 1 Ntask_idreturnctj|}tjd|zdz|zdz|zdz|zdzS)Nas^(memory/heartbeats/|memory/daily/|memory/logs/|memory/reports/|memory/capabilities/|memory/sessions/|memory/meetings/|memory/backups/|memory/screenshots/|memory/events/|logs/|whisper/|memory/whisper/|output/)|^bot-activity\.json$|^token-ledger\.json$|^memory/token-ledger\.json$|^memory/task-timers\.json|^memory/pipeline-status\.json$|^memory/preview-state\.json$|^memory/merge-log\.json$|^memory/bot_settings_sync\.json$|^memory/memory-check-log\.json$|^memory/canary-status\.json$|^\.heartbeat$|^memory/\.task-counter$|^config/constants\.json$|^scripts/gemini_rate_tracker\.json$|^tests/coverage-report\.txt$|^memory/tasks/z\.md$|^memory/tasks/z/|^memory/reports/zR(?:-[\w-]+)?\.md$|^memory/tasks/(?:task-|dispatch-).*\.md$|^memory/plans/tasks/(?!zr(?:/|$))[^/]+/.*$|(?:^|/)conftest\.py$|^teams/|^tests/test_(?!pre_push_guard|task_scope|qc_report_guard)[^/]*\.py$)reescapecompile)rsafe_ids G/home/jay/workspace/.worktrees/task-2464-dev6/scripts/pre_push_guard.py_build_system_ignorer sxii G :: % %( % %(  '! ' *$! $&'.' .&1P' P patternpathc|jdr |dd}||k(xs|j|dzS|dk(ryd|vrtj||jddrytj j |}tjdd |jdd }tj||ryy tj||S) u-fnmatch 기반 glob 매칭. ** 패턴 지원.z/**N/z**T*z\*\*/F) endswith startswithfnmatchreplaceosrbasenamersub)r rprefixfilename pat_simples r glob_matchrBs"v~>#!>>$ w ??4s!; <77##D)VVHb'2::5"E ??8Z 0 ??4 ))r workspacectjj|dd|d}tjj|rN t |d5}t j |}dddjdi}t||}|dfStjj|dd |d }tjj|sdd |fS t |d5}|j}dddt}|y t||}|dfS#1swYxYw#t$r}dd |fcYd}~Sd}~wwxYw#1swYPxYw#t$r}dd|fcYd}~Sd}~wwxYw)u allowed_resources 해소. 1) /memory/capabilities/.json 우선 2) 없으면 /memory/tasks/.md ## allowed_resources YAML fallback 반환: (allowed_resources_dict | None, 에러메시지|"") memory capabilitiesz.jsonzutf-8)encodingNallowed_resourcesru#capability snapshot 파싱 실패: tasksz.mdu3capability snapshot 없음, task 파일도 없음: )Nu1task 파일에 ## allowed_resources 블록 없음utask 파일 파싱 실패: ) rrjoinexistsopenjsonloadget_substitute_placeholder Exceptionread_parse_allowed_resources_yaml) rrcap_pathfsnapare task_path task_texts r _resolve_allowed_resourcesr7Vsrww||IxG9EARSH ww~~h Ch1 $Qyy| $-r2B(W5Br6M  Y'gYc?KI 77>>) $J9+VVV 7 )g . !!I ! *9 5 :L $R 12v + $ $  C>qcBB B C ! ! 721#6667sr D/D#))D/ E,E =EE#D,(D// E 8E>E E  EE E2!E-'E2-E2r3cdttdttffd }t|}d|vr||d|d<d|vr||d|d<|S)uNpaths/forbidden_paths의 'task-XXXX' placeholder → 실제 task_id로 치환.itemsrcN|Dcgc]}|jdc}Scc}w)Nz task-XXXX)r)r9itemrs r _subz%_substitute_placeholder.._sub|s"?DEt ['2EEEs"pathsforbidden_paths)liststrdict)r3rr<results ` r r,r,zsiFDIF$s)F"XF&vg/wF"$(0A)B$C ! Mr textc$tjd|tjtjz}|sy|j d}i}d}|j D]}|j }|jdrd}g||<,|jdrd}g||<E|jdr9|d vr5||j|d dj j d |s|jd rd |vsd}|r|SdS)uQ## allowed_resources 섹션에서 YAML 블록 파싱 (표준 라이브러리만).z2^##\s+allowed_resources\s*\n```(?:yaml)?\n(.*?)```Nzpaths:r=zforbidden_paths:r>z- )r=r>"-:) rsearch MULTILINEDOTALLgroup splitlinesstriprappend)rCm yaml_textrB current_keylinestrippeds r r/r/s = bllRYY& A  IF"K$$& ::<   x (!K"$F;   !3 4+K"$F;    &;:V+V ;  & &x|'9'9';'A'A#'F G h11#63(?K 6%%r argscwdcdd|g|z}tj|ddd}|j|jj fS)u1git 실행 → (returncode, stdout). shell=False.gitz-CTF)capture_outputrCcheck) subprocessrun returncodestdoutrO)rVrWcmdrs r _run_gitrbsA $ t #Cs4d%HA <<) ))r diff_setsignore_patternr$c dtdtfd}t|jdgt|jdgzDchc] }|| }}|Dcgc]}|j|r|}}|sy|jdg}|jdg}g} |D]Q t fd |Dr| j d ,t fd |DrA| j S| rHd j | d d} t| dkDr| dt| dz } ddt| d| dfSddt|dfScc}wcc}w)u working_tree_modified ∪ untracked 집합에서 system-ignore 적용 후 task scope 밖 파일이 있으면 FAIL. prcl|jdr"|jdr|jdS|S)NrG)rrrO)rfs r _strip_quotesz,check_b1_working_tree.._strip_quotess* ||C0QZZ_qwws|K!Kr working_tree_modified untracked)Tu변경 없음 (clean)r=r>c36K|]}t|ywNr.0fprs r z(check_b1_working_tree..>z"d#>z (forbidden)c36K|]}t|ywrlrmroaprs r rqz(check_b1_working_tree..@B:b$'@rs, N ... (건)Futask scope 밖 변경 건: u/ — git stash push -u 로 격리 후 재시도Tusystem-ignore 후 건 모두 scope 내)r@setr+rJanyrPr&len) rcrdr$rhrfdirty after_ignore allowed_pathsr> out_of_scopedetailrs @r check_b1_working_treersLLL  5r: ;)-- R01 2   a E  %E!N,A,A!,DAELE , 144WbAM!2!6!67H"!MO L& >o> >   4& 5 6 @-@@    %&<+, | q s<016 6F$S%6$7uVH = >  %c,&7%88LM MMK Fs E E7Ebase_refctddd|dg|\}}|dk7rdd|dfS|j}t|d k7rdd |d fSt|dt|d }}|dkDr d d|d|dfS|dk(r|dk(rydd|d|dfS)uU git rev-list --left-right --count ...HEAD behind > 0 → FAIL zrev-listz --left-rightz--countz...HEADrTurev-list 실패 (rc=u-) — 로컬 전용 환경으로 간주, PASSrFurev-list 출력 파싱 실패 (u) — PASS (관대)rEFzbehind=z ahead=u% — rebase 권장: git pull --rebase)Tu#ahead=0 behind=0 — push 불필요zahead=z behind=u — push 가능)rbsplitrint)rrWrcoutpartsbehindaheads r check_b2_ahead_behindrs  ^Y8*G0DEsGB Qw+B4/\]]] IIKE 5zQ6sg=PQQQaM3uQx=EF zxwug5Z[[[ zfk: 6%0@A AAr cN |jdg}|jdg}|jdg}|syg}g}|D]` t fd|Dr|j )|j r;t fd|DrP|j b|r'dj |dd }d d t |d |fS|rGdj |dd }t |d kDr|d t |dz }d dt |d |fSddt |dfS)u head_diff 기준 (push될 커밋). forbidden 1건이라도 → FAIL. system-ignore 후 allowed에 모두 매치되어야 PASS. head_diffr=r>)Tu)head_diff 없음 (커밋 없음) — PASSc36K|]}t|ywrlrmrns r rqz&check_b3_task_scope..rrrsc36K|]}t|ywrlrmrus r rqz&check_b3_task_scope..rwrsrxNryFuforbidden_paths 침범 r|rzr{utask scope 밖 파일 Tz head_diff r})r+rrPrJr&r) rcrdr$rrr>forbidden_hitsrrrs @r check_b3_task_scopersU%==b9I044WbAM!2!6!67H"!MO @ "N L & >o> >  ! !$ '    & @-@@    % &>"1-./N0C/DE&RRR<+, | q s<016 6F.sQS  /D^`  <TV    DllG ((CI}}H "7) ,3::>"#4GY fVG *7)5 D3::V/x=GYfVG *7)5 D3::V-YHYZGYfVG ,WIU9+ FSZZX,GY LGYfVG /yi[ IPSPZPZ[>w>7>wL 5SZZH   5SZZH  r __main__)rN)#__doc__rrr)rrr\rrinsertdirnameabspath__file__r task_scoperr@Patternr boolrtuplerAr7r,r/r?rrbrrrrr__name__r r rs   277??277??8#<=>! #"**D**3*4*(!7!7!7dTkSVFV@W!7H  s t &&t &>*49*3*5c?*3N3NJJ3N3N 49 3NpBCBcBeD#I6FB6*C*CJJ*C*C 49 *C^   49 @BJ zFr