nair2dZddlmZddlZddlZddlZddlmZddl Z ee jjdZ ejjdee e dz dz Zej$j'deZe ej*e j,ed d ej$j/eZej*j3ed Zd ZdZdZdZdZy)utests/regression/test_refresh_bot_token.py — task-2483 회귀 테스트. 모리건(개발3팀 테스터) 작성. scripts/refresh_bot_token.py 인터페이스 명세 기반 6항목. 루(Lugh)의 구현이 없으면 전체 SKIP (ImportError guard). ) annotationsN)Pathscriptszrefresh_bot_token.pyrefresh_bot_tokenu& 미작성 — 루(Lugh) 구현 대기T)allow_module_levelcddlm}ddlm}|j dd}|j |j j|jj|j}d}tjd || }dd l }|j|}|j|d d i}|ddk(sJ|dd k(sJ|d|dz k(sJ|d|dzk(sJy )uUJWT는 RS256으로 발급되며, iat=now-60 (시계 skew 흡수), exp=now+540 (9분).r serializationrsa)public_exponentkey_size)encodingformatencryption_algorithmiSe3616524)nowNverify_signatureF)optionsalgRS256issiat<expi)cryptography.hazmat.primitivesr )cryptography.hazmat.primitives.asymmetricr generate_private_key private_bytesEncodingPEM PrivateFormatPKCS8 NoEncryptionrbt generate_jwtjwtget_unverified_headerdecode) r r private_key pem_bytes fixed_nowtokenpyjwtheaderpayloads X/home/jay/workspace/.worktrees/task-2516-dev3/tests/regression/test_refresh_bot_token.py#test_jwt_generation_rs256_with_skewr5s<=**54*PK))''++**00*779*I I   Y y  AE  ( ( /Fll5+=u*ElFG %=G ## # 5>Y && & 5>Y^ ++ + 5>Y_ ,, ,c|dz }|jdtjt||dz }||k(sJd|j sJ|dz }|jdtjt|dz |}|j sJd |d z }|jd |j |d z }t d }|j sCtjt5tjt||dddytjt||}|j sJdy#1swYyxYw)uPEM 경로 우선순위 및 fallback 동작 검증. 인터페이스 명세: env_path 존재 → 그 경로 반환. env_path None/미존재 → fallback. 둘 다 없으면 FileNotFoundError. 구현 align 주석: resolve_pem_path() 내부에 하드코딩된 /home/jay/.secrets/... 경로가 candidates 중간에 삽입된다. 이 파일이 실서버에서 실제 존재하므로, env_path=None 시 항상 존재하는 경로가 반환된다. FileNotFoundError case는 CI(실서버 .secrets 없음) 환경에서만 재현 가능. → 환경 독립적으로 검증 가능한 case만 PASS 기준으로 설정. z primary.pemprimaryz fallback.pem) fallback_pathu(env_path 존재 시 해당 경로 반환 backup.pemdummyz missing.pemu%후보 중 존재하는 경로 반환z ghost.pemxznone_fallback.pemzG/home/jay/.secrets/jeon-jonghyuk-taskctl-bot.2026-05-05.private-key.pemNu5hardcoded fallback 경로 반환 시 존재해야 함) write_textr(resolve_pem_pathstrexistsunlinkrpytestraisesFileNotFoundError) tmp_pathr8resultfallbackreturnedghost none_fallback hardcodedreturned_hardcodeds r4#test_pem_fallback_when_main_missingrM<sl&G y!  ! !#g,h>W ! XF W HHH  ==??,&H  ##C=(@$AQY#ZH ?? EEE  { "E S LLN22M^_I     ]], - J  U= I J J!11#e*M1Z!((*c,cc*  J Js !E))E2c|dz }d}|jd|d|dz }ddlm}ddlm}|j d d j |jj|jj|j}|d z }|j|d } |jtd | |jtd|tjdt!|dt!|g} | dk(sJd||j#vsJ|j#j%D cgc](} | j'st)j*| *} } t-d| DsJycc} w)uIAPI 401 → main() exit 1 + .env.keys 미수정 + audit refresh_rejected. .env.keysghs_OLDoldoldoldoldOLDOLDzyBOT_GITHUB_APP_ID=3616524 BOT_GITHUB_INSTALLATION_ID=129882070 BOT_GITHUB_PRIVATE_KEY_PATH=/nonexistent BOT_GITHUB_TOKEN= audit.jsonlrr r rrr:ctdd)NizBad credentials) RuntimeError _jwt_token_installation_id_kwargss r4 fake_requestzBtest_api_401_fail_closed_preserves_old_token..fake_requests3 122r6request_installation_tokenDEFAULT_PEM_BACKUP --env-keys --audit-pathufail-closed 시 exit 1c3*K|] }|ddv yw)status)refresh_rejected api_errorN).0lines r4 z?test_api_401_fail_closed_preserves_old_token..s[ttH~!BB[sN)r=rr r r r!r"r#r$r%r&r' write_bytessetattrr(mainr? read_text splitlinesstripjsonloadsany) rE monkeypatchenv_keys old_token audit_pathr r pempem_pathrYrcl audit_liness r4,test_api_401_fail_closed_preserves_old_tokenryqsu+%H+I  &;b * M)J<= " "5$ / = =""##))""$ C ,&H 39<H18< c(mJ B 7,,,7 **, ,, ,*4*>*>*@*K*K*M[QQRQXQXQZ4::a=[K[ [{[ [[ [\s 9E=E=c|dz }tj|dddtj|dddd tj|d d d |jjDcgc](}|j st j |*}}t|d k(sJ|dddk(sJ|dddk(sJ|ddd k(sJycc}w)u0append_audit 호출 N번 → N개 라인 누적.rR refreshedabc12345z2026-05-07T23:00:00Z)r` sha256_prefix expires_atraNzHTTP 401)r`r}r~errordry_rundef67890z2026-05-07T23:30:00Zrr`r^r)r( append_auditrjrkrlrmrnlen)rErsrwliness r4test_audit_append_onlyrsM)JZ :ZpqZ(:$[_gqrZ Xno$.$8$8$:$E$E$G Uq1779TZZ] UE U u:?? 8H  ,, , 8H !3 33 3 8H  ** * Vs 2CCc |dz }|jd|dz }ddlm}ddlm}|j ddj |jj|jj|j}|d z }|j|d fd } |jtd | |jtd |tjdt!|dt!|g} | dk(sJ|j#} | j$| j&z} | vsJd |j)vsJd |j)vsJy)uM성공 시 stdout/audit 어디에도 토큰 원문이 등장하지 않는다.rOzBOT_GITHUB_APP_ID=3616524 BOT_GITHUB_INSTALLATION_ID=129882070 BOT_GITHUB_PRIVATE_KEY_PATH=/nonexistent BOT_GITHUB_TOKEN=ghs_OLDOLDOLD rRrr r rrr:'ghs_VERYSECRETtokenABCDEFGHIJ0123456789cddS)N2026-05-08T00:00:00Zr0r~rc)rVrWrX secret_tokens r4rYz7test_token_never_logged_plaintext..fake_requests%5KLLr6rZr[r\r]u,stdout/stderr에 토큰 원문 노출 금지u*audit jsonl에 토큰 원문 기록 금지N)r=rr r r r!r"r#r$r%r&r'rgrhr(rir? readouterrouterrrj)rEcapsysrprqrsr r rtrurYrvcapturedrrs @r4!test_token_never_logged_plaintextrs`+%H  + M)J<= " "5$ / = =""##))""$ C ,&H .fake_requests%5KLLr6rZr[z --dry-runr\r]N)r=rr r r r!r"r#r$r%r&r'rgrhr(rir?) rErprqrsr r rtrurYs r4)test_systemd_oneshot_compatible_exit_zerors+%H  ( M)J<= " "5$ / = =""##))""$ C ,&H M9<H18< 88[,H ~sS]_ `de ee e 88\3x=.#j/R SWX XX Xr6) __doc__ __future__rimportlib.util importlibrmsyspathlibrrB__file__resolveparents_WORKSPACE_ROOTpathinsertr? _RBT_PATHutilspec_from_file_location_specloaderskipmodule_from_specr( exec_moduler5rMryrrrrcr6r4rs #  x.((*22153'( i '*@ @ ../BIN=ELL(FKK9+CDY]^nn%%e, -:.dj'\\ +$(0^Yr6