ƿi7=fdZddlmZddlZddlZddlZddlZddlZddlmZm Z ddl m Z ddl m Z eddhZe d Zej"d ej$Zd Zdd Zdd ZdddZdddZdddZd dZd!dZ d d"dZdd d#dZdd d$dZy)%u6utils/gemini_gate_validator.py — thread-aware Gemini gate 검증기. task-2472 구현 4: body keyword grep만으로는 부족한 기존 Gemini gate 보강. latestReviews + comments + threads + image badge 종합 판정. fail-closed: 어느 gh API 호출이라도 실패 시 fetch_ok=False → 자동 FAIL. ) annotationsN)datetimetimezone)Path)Optionalzgemini-code-assist[bot]zgemini-code-assistz5memory/orchestration-audit/gemini-gate-decision.jsonlz'!\[\s*(high|medium|critical|low)\s*\]\(a query ReviewThreads($owner: String!, $name: String!, $number: Int!) { repository(owner: $owner, name: $name) { pullRequest(number: $number) { reviewThreads(first: 50) { nodes { id isResolved comments(first: 50) { nodes { body author { login } } } } } } } } cftjtjj dS)Nz%Y-%m-%dT%H:%M:%SZ)rnowrutcstrftimeN/home/jay/workspace/.worktrees/task-2487-B-dev2/utils/gemini_gate_validator.py_now_isor>s! << % . ./C DDr ctj|dd}tj|j dj S)NTF) sort_keys ensure_asciiutf-8)jsondumpshashlibsha256encode hexdigest)record serializeds r_evidence_hash_strrBs7FdGJ >>*++G4 5 ? ? AAr c\|xs)ttjjddS)NWORKSPACE_ROOTz/home/jay/workspace)rosenvironget workspaces r_workspace_rootr$Gs#  URZZ^^,<>STUUr c( tjdd|gdd|dd}|jdk7s|jj sy dt j |jfS#t j$rYywxYw#t$rYywxYw)uLgh api {endpoint} → (ok, parsed_json). 실패 시 (False, None). ghapiTFcapture_outputtexttimeoutshellcheckrFN) subprocessrun returncodestdoutstriprloadsJSONDecodeError Exception)endpointr+procs r _gh_api_jsonr9Ks ~~ 5( #   ??a t{{'8'8': DKK00 0##   s0AB A,,B?BBB BBc f tj|}tjddddd|dd|gdd|dd }|jd k7s|j j sy dtj|j fS#tj$rYy wxYw#t$rYy wxYw) uIgh api graphql 호출 → (ok, data). 실패 시 (False, None). r&r'graphqlz-fzquery=z variables=TFr(rr.) rrr/r0r1r2r3r4r5r6)query variablesr+vars_strr8s r _gh_graphqlr?cs ::i(~~eYug& 8*-      ??a t{{'8'8': DKK00 0##   s0A&B$* B B!B$ B!!B$$ B0/B0c^|jdd}t|dk7r||fS|d|dfS)u-'owner/name' 형식 파싱 → (owner, name)./r)splitlen)repopartss r _parse_reporHs: JJsA E 5zQTz 8U1X r cddddd}|s|Stj|D]3}|jdj}||vs'||xxdz cc<5|S)uimage markdown alt-text 기반 severity 탐지. 패턴: ![high](...) ![medium](...) ![critical](...) ![low](...) Returns {"high": N, "medium": N, "critical": N, "low": N} r)highmediumcriticallowrB)_IMAGE_SEVERITY_PATTERNfinditergrouplower)r*countsmsevs rdetect_image_severityrUsf '(1!ANF  $ - -d 3ggaj  &= 3K1 K Mr c| tjjdd}g}td|d|d\}}|s|j dg}td|d|d\}}|s|j dg}td|d |d\}}|s|j d g}t |\} } t t| | |d \} } g} | rt| tr | d d ddd}|D]y}d}|jdijdr|dddjddxsd}| j |jdd|jdd|d{n|j d|xr|xr |xr| xr| }t|tr|ngt|tr|ng| t|tr|ng||dS#ttf$r|j dYtwxYw)u\gh API로 PR review 데이터 종합 수집. 수집 항목: - latestReviews: /repos/{repo}/pulls/{pr}/reviews - reviewComments: /repos/{repo}/pulls/{pr}/comments - reviewThreads: GraphQL (isResolved + comments[0].body) - issueComments: /repos/{repo}/issues/{pr}/comments fail-closed: 어느 호출이라도 실패 시 fetch_ok=False. Returns ------- dict { "reviews": [...], "comments": [...], "threads": [...], "issue_comments": [...], "fetch_ok": bool, "errors": [...] } GH_REPOzJeon-Jonghyuk/dev_workspacezrepos/z/pulls/z/reviewszreviews fetch failedz /commentszcomments fetch failedz/issues/zissue_comments fetch failed)ownernamenumberdata repository pullRequest reviewThreadsnodescommentsrbodyid isResolvedF)rcrdrbz"reviewThreads GraphQL parse failedz"reviewThreads GraphQL fetch failed)reviewsrathreadsissue_commentsfetch_okerrors) rr r!r9appendrHr?_REVIEW_THREADS_QUERY isinstancedictKeyError TypeErrorlist) pr_numberrFriok1reok2raok3rgrXrYok4gql_datarfr_noderbrhs rfetch_pr_review_datarxs;6 |zz~~i)FGF &gi[ IJLC  ,-!6$wyk!KLMC  -.'vXi[ 'RSC  34d#KE4;MCG z(D) @ .}=oNwW  88J+//8 +G4Q7;;FBGM2D"hhtR0&*hh|U&C $   :;9s9s9s96zH)$77R *8T :H,6~t,L.RT  )$ @ MM> ? @sBG G32G3T)block_unresolved_mediumcZ|jdds!dd|jdgddddddgddS|jd g}td |D}|sdd ddddddgddSg}|D]8}t|ts|j |jd d xsd :|jdgD]8}t|ts|j |jd d xsd :|jdgD]8}t|ts|j |jd d xsd :dj |}t jdt j} ddddd} | j|D]J} | jdxs| jdxsd j} | | vs>| | xxdz cc<Lt|} | d| dz}i| d|i}| ddkDs| ddkDrdd| dd| d|gddS|jdg}g}|D]}t|ts|jddr'|jd d xsd }ddddd}d}d }t jd!|t jD]U} | jdxs| jdxsdj}|j|d |kDsO||}|}W|d"vs|j |jd#d ||d$d%d&|Dcgc] }|d'd(vs |}}|rdd)t|d*||ddS|Dcgc] }|d'd+k(s |}}|r,|rdd,t|d-||ddSd.d,t|d/||ddSd0d1|gddScc}wcc}w)2u Gemini gate 종합 판정. 판정 규칙: 1. reviews 중 Gemini bot 작성 review 0개 → FAIL ("Gemini review 부재") 2. reviewThreads 중 unresolved && severity in (medium,high,critical) → FAIL 3. body/comment 텍스트 또는 image badge에 high/critical → FAIL 4. medium unresolved thread → block_unresolved_medium=True 시 FAIL, False 시 PASS_WITH_MEDIUM Returns ------- dict { "verdict": "PASS" | "FAIL" | "BLOCKED" | "RECOVERABLE_BLOCKED", "reason": str, "severity_counts": {"high": N, "medium": N, "low": N, "critical": N, "image_high": N}, "unresolved_threads": [{"id":..., "severity":..., "body":...}, ...], "gemini_review_present": bool, } rhFFAILuPR 데이터 fetch 실패: rir)rJrKrMrL image_high)verdictreasonseverity_countsunresolved_threadsgemini_review_presentrec3K|]@}t|tr.|jdixsijddtvByw)userloginr`N)rlrmr!GEMINI_BOT_AUTHORS).0rs r z evaluate_gate..sE  a  vr  b%%gr26HH sAAu;Gemini review 부재: gemini-code-assist[bot] 리뷰 없음rbr`rarg za(?:severity|priority)\s*[:=]\s*(high|medium|low|critical)|!\[\s*(high|medium|low|critical)\s*\]\()rJrKrMrLrBrCrJrLr|u$high/critical severity 발견: high=z , critical=Trfrd)rMrKrJrLrMza(?:severity|priority)\s*[:=]\s*(high|medium|critical|low)|!\[\s*(high|medium|critical|low)\s*\]\()rKrJrLrcN)rcseverityrbr)rJrLz unresolved high/critical thread u건rKzunresolved medium thread u"건 (block_unresolved_medium=True)RECOVERABLE_BLOCKEDu;건 (block_unresolved_medium=False → RECOVERABLE_BLOCKED)PASSuYGemini gate 통과: review 존재, unresolved medium+ thread 없음, high/critical 없음)r!anyrlrmrjjoinrecompile IGNORECASErOrPrQrUrE)pr_dataryrer all_textsrciccombined sev_pattern sev_countsrSrTimg_sevr|rrfrtrb severity_rank thread_sev best_rankhithigh_crit_unresolvedmedium_unresolveds r evaluate_gaters4 ;;z5 )3GKK"4M3NO()Qqa_`a"$%*   kk)R(G   !S()Qqa_`a"$%*   I 6 a    QUU62.4" 56[[R (6 a    QUU62.4" 56kk*B/7 b$    RVVFB/52 67yy#H** 3 K +,qPQ!RJ  ! !( +!wwqz-QWWQZ-2446 *  sOq O!$H-G7:#66J>>\:>O&AJ!7!!;6z&7I6JK&z235 /"$%)  kk)R(G%'  a quu\4'@55$*D%&A1MMJI[[;  % wwqz8QWWQZ85??A $$S"- 9 -c 2I!$J %;;"))55r? DQURUJW)4&::N)N8=Q9R8SSVW."4%)   &:()B "!5c:K6L5MMop#2&8)-  15c:K6L5MNIJ#2&8)-  m* !%  Es+ N#8N# N('N(r"c 8t} ||||||||| d } t| } i| d| i} t|} | tz }|jj ddt j| ddz}tjt|tjtjztjzd} tj||jd tj ||S#tj |wxYw) uGemini gate 판정 결과 audit 기록. memory/orchestration-audit/gemini-gate-decision.jsonl 에 line append. 필수 필드 10개: task_id, pr_number, verdict, severity_counts, unresolved_threads, gemini_review_present, actor, reason, timestamp, evidence_hash ) task_idrqr}rrractorr~ timestamp evidence_hashT)parentsexist_okF)rrir)rrr$AUDIT_JSONL_RELparentmkdirrrropenstrO_WRONLYO_APPENDO_CREATwriterclose)rrqr}rrrrr~r#r base_recordev_hashr work_roottargetlinefds rrecord_gate_decisionrs$ I*0!6 K!-G 6 6_g 6F *I  (F MMt4 ::f5 1D 8D VbkkBKK7"**De LB T[[)*  M  s %DD)returnr)rrmrr)N)r#Optional[Path]rr))r7rr+intrtuple[bool, object])r<rr=rmr+rrr)rFrrztuple[str, str])r*rrrm)rqrrFz str | Nonerrm)rrmryboolrrm)rrrqrr}rrrmrrprrrrr~rr#rrr)__doc__ __future__rrrrrr/rrpathlibrtypingr frozensetrrrrrNrkrrr$r9r?rHrUrxrrr r rrsS# ' 9;OPQNO%"**.MM 4EB V0: $WW W Wz%)f f"f ff!%, ,, ,  ,  , , , ,, ,r