'ii7dZddlmZddlZddlZddlZddlZddlZddlmZm Z ddl m Z e ejjdxsejjdxsdZed z d z Zed z d z Zed z Zd ZdZddZddZddZddZddd ddZddZddZedk(rej8eyy) u escalation_marker.py — .done.escalated / .done.blocked 마커 발행 단일 출입구. raw shell `: > foo.done.escalated` 을 차단하기 위해 모든 escalation/blocked marker는 이 모듈을 통해 발행되어야 한다. 요구사항 (task-2472 추가 8~10): - JSON payload validation (필수 6 필드) - post-write stat (size > 0) - post-write sha256 - post-write JSON re-parse - 실패 시 fail-closed (마커 즉시 삭제 + audit reject 기록) ) annotationsN)datetimetimezone)Path WORKSPACEWORKSPACE_ROOTz/home/jay/workspacememoryeventszorchestration-auditzstate-recovery.jsonl) escalatedblocked)reasontstask_idsourceblocking_condition evidence_pathcftjtjj dS)u$UTC ISO 8601 타임스탬프 반환.z%Y-%m-%dT%H:%M:%SZ)rnowrutcstrftimeL/home/jay/workspace/.worktrees/task-2472+1-dev2/scripts/escalation_marker.py_nowr2s! << % . ./C DDrcHtj|jS)u0바이트 데이터의 sha256 hex digest 반환.)hashlibsha256 hexdigest)datas r _sha256_hexr 7s >>$  ) ) ++rctDcgc]}||vs||dvr|}}|rd|fS tj|ddgfScc}w#ttf$r}dd|gfcYd}~Sd}~wwxYw)us필수 6 필드 + JSON 직렬화 가능성 검사. Returns: (ok: bool, missing_fields: list[str]) )NF ensure_asciizjson_serialization_error: NT)REQUIRED_PAYLOAD_FIELDSjsondumps TypeError ValueError)payloadfmissingexcs rvalidate_payloadr.<s+ G wqzZ7 Gg~; 7/ 8O z ";3C59:::;s"AAA'A"A'"A'cl tj|ddjd}t|}t ||d<t jddtj|dd z}tjtttjtjztjzd } tj||jdtj |tS#t $rd|d<YwxYw#tj |wxYw) ustate-recovery.jsonl 에 append. evidence_hash 추가. Args: record: audit 기록 dict Returns: audit 파일 경로 FT)r$ sort_keysutf-8 evidence_hasherrorparentsexist_okr# )r&r'encodedictr Exception AUDIT_DIRmkdirosopenstrESCALATION_AUDIT_PATHO_WRONLYO_APPENDO_CREATwriteclose)record content_byteslinefds r_record_emit_auditrKSs* 6NUUV]^ f"-m"<OOD4O0 ::f5 1D 8D *+R[[2;;-F-SUZ [B T[[)*    *")*  sAD%DDDD3r )kindextrac t}|tvr+dd|dtddd||d}td|||d||d |S|||||||d } |r|| d <t| \} } | s"dd | ddd }td|||d|| |d|Stj dd|d|} t| z } t j| dd}|jd} tjt| tjtjztjzd} tj ||tj"| | j-j.}|dk(r3t1| ddt| dd }td|||d|||d |S | j3}t5|} t j6|}t|\}}|s7t1| dd&|t| |d }td'|||d||||d(|Sdd)t| |||||d*}td+||t| ||||||d, |S#t$r4}dd|t| dd }td|||d||d |cYd}~Sd}~wwxYw#tj"|wxYw#t$$r4}dd|t| dd }td|||d||d |cYd}~Sd}~wt&$re} | j)r| j+n#t&$rYnwxYwdd|t| dd }td|||d||d |cYd}~Sd}~wwxYw#t&$r?}t1| dd|t| dd }td|||d||d |cYd}~Sd}~wwxYw#t&$r?}t1| dd!|t| dd }td"|||d||d |cYd}~Sd}~wwxYw#t j8$r@}t1| dd#|t| |d }td$|||d|||d%|cYd}~Sd}~wwxYw)-uescalation/blocked 마커 발행. 단계: 1. kind 검증 (escalated / blocked만 허용) 2. payload 구성 + validate_payload 3. EVENTS_DIR/{task_id}.done.{kind} 에 JSON write 4. post-write stat (size > 0) + sha256 + JSON re-parse 5. audit 기록 Returns: {"ok": bool, "reason": str, "marker_path": str, "sha256": str} fail-closed: validation 또는 post-write 실패 시 마커 삭제 + audit reject + return ok=False. Fu허용되지 않는 kind='u ' (허용: )r")okr marker_pathrrr emit_rejectr )actionrrLr rr)r rrrrrrLrMu)payload 검증 실패 — 누락 필드: )rPr rQr)rSrrLr rmissing_fieldsrTr4z.done.r$indentr1uJSON 직렬화 실패: Nr8u-마커 파일 이미 존재 (TOCTOU 차단): emit_reject_existsu마커 파일 쓰기 실패: upost-write stat 실패: emit_reject_postwrite_statru.post-write stat: 0-byte 마커 — fail-closedemit_reject_zero_byte)rSrrLr r file_sizeru!post-write sha256 계산 실패: emit_reject_postwrite_sha256u:post-write JSON re-parse 실패 (non-JSON 마커 차단): emit_reject_non_json)rSrrLr rrru/post-write JSON re-parse 필드 검증 실패: emit_reject_reparse_invalid)rSrrLr rrTrruescalation marker 발행 성공)rPr rQrr[rrLremit_ok) rSrrLrQrr[rrrr)r ALLOWED_KINDSrKr. EVENTS_DIRr=r&r'r9r;r@r>r?rBrDO_EXCLrErFFileExistsErrorOSErrorexistsunlinkstatst_size _safe_delete read_bytesr loadsJSONDecodeError)rrLr rrrrMts_nowresultr*rPr,marker_filenamerQ payload_json payload_bytesr-rJr[ written_bytesrreparsed reparse_okreparse_missings remit_escalationrvqs0VF = 24& M?RST   #X&    0&G  #7+KB A'K   #X&%   TD1 v.O.Kzz'aH $++G4 (+ WWS%r{{RZZ'?"))'KU S  HHR ' HHRLV$$&.. &A~[!F{+   -X&"   #..0 ]+(::m,*#38"<J [!GGXY{+   3X&-   3;' F;'0&   MK /u5{+   #X&    0 HHRL EcUK{+   *X&     !!#""$   5cU;{+   #X&    +8 [!06{+   2X&    !R [!9#?{+   4X&    !*   [!RSVRWX{+   ,X&   #s))IAJ+$J:J+M$N"O- J)J J JJ((J++ M4)K#M# M0 LM LML,M MM N 4NNN" O*+4O%O*%O*-Q5P;5Q;QcH |jdy#t$rYywxYw)u4마커 파일 안전 삭제 (fail-closed 정리용).T) missing_okN)rfrd)paths rriris'  t $    s  !!c tjdd}|jd}|jdd}|j d d d |j d t t dd|j dd d |j dd d |j dd dd|j dd dd|j ddd|j}|jdk(rd}|jr tj|j}t!|j"|j$|j&|j(|j*|j,|#}ttj.|d$d%&|d'ry(td)|d*tj!y"|j1y"#tj$r(}td |tj!Yd}~y"d}~wwxYw)+z{CLI: python3 escalation_marker.py emit --task-id X --kind escalated --reason ... --source ... --blocking ... --evidence ...escalation_markeruIescalation/blocked 마커 발행 (JSON payload, post-write 검증 포함))prog descriptioncommand)destemitu 마커 발행)helpz --task-idTztask ID)requiredrz--kindr u#마커 종류 (escalated / blocked))choicesdefaultrz--reasonu에스컬레이션 사유z--sourceuC발행 출처 (finish-task.sh / done-watcher.sh / taskctl / manual)z --blockingru 차단 조건)rrrz --evidenceruevidence 경로z--extraNu추가 JSON 데이터 (선택))rru$[ERROR] --extra JSON 파싱 실패: )file)rrLr rrrrMFrUrVrPru.[ERROR] 마커 발행 실패 — fail-closed: r )argparseArgumentParseradd_subparsers add_parser add_argumentlistr` parse_argsr~rMr&rkrlprintsysstderrrvrrLr rrrr' print_help)parser subparsers emit_parserargsrMr-rns rmainrs  $ $ _F&&I&6J''_'EK[4iH]# 2  Z$=XY R \D?SZij\DUfgY;[\    D ||v ::  4::. !LL;;;;#66,,  djjeA>? $< B6(CSBTU\_\f\f g/'' rrrpathlibrenvirongetrrar<rAr`r%rr r.rKrvrir__name__exitrrrrsA # ' JJNN; zz~~&'   !H ,  #8 8 !$::) E , .!B ] ] ]  ]  ]  ]] ] ]@  9x z CHHTVr