<jo"dZddlmZddlZddlZddlZddlZddlZddl Z ddl m Z m Z ddl m Z e ejjddZedz d z Zed z d z Zedz d z Zedz d z Zedz Zedz Zedz ZdZdZGddZd8dZ d9 d:dZd;dZddZ d= d?dZ d= d?dZ! d= d@dZ" d=ddd dAdZ#ddd d d d d d! dBd"Z$d=dCd#Z%dd$ dDd%Z&dEd&Z'dFd'Z(dGd(Z)dd d) dHd*Z*dddd+ dId,Z+dJd-Z,dKd.Z-dddd/ dLd0Z.ddd1 dMd2Z/d=dCd3Z0dNd4Z1dd$ dOd5Z2 d=ddd6 dPd7Z3y)Qu lifecycle_guards.py — task-2467+3 silent corruption 4대 결함 차단 공통 Guard 모듈 (task-2468) 회장 명시: "task-2467+3 사례 재현 후 차단됨 증명 필수". P0-1 ~ P0-10 가드 구현: P0-1 : .g3-fail 마커 존재 시 .done 발행 금지 P0-2 : done 직전 G3 PASS evidence 재검증 P0-3 : Gemini High severity 판정 표준화 P0-4 : auto-approve / auto-merge 7조건 통합 차단 P0-5 : approver identity 시스템화 P0-6 : merge commit SHA 검증 P0-7 : state transition 엄격화 P0-8 : bypass / override audit 강제 P0-9 : bot author allowlist 외부 config화 P0-10 : TASKCTL_CWD 제거 / --worktree 정식화 ) annotationsN)datetimetimezone)PathWORKSPACE_ROOTz/home/jay/workspacememoryeventsz.tasksevidencespecszorchestration-auditzadmin-override.jsonlzallowed_bot_accounts.jsonzallowed_approvers.json)zg3-failz g3-failedg3_fail g3_failed)z g3-pass.jsonzg3.jsonzg3_verifier.jsonc>eZdZdZddd ddZddZd dZy) GuardResultu공통 결과 컨테이너.N)detailblockingcL||_||_|xsi|_|xsg|_yNokreasonrr)selfrrrrs I/home/jay/workspace/.worktrees/task-2551-dev6/scripts/lifecycle_guards.py__init__zGuardResult.__init__8s( l  B c~|jrdnd|j|j|j|jdS)NPASSFAIL)resultrrrrr)rs ras_dictzGuardResult.as_dictEs3 $fV''kkkk   rcH|jrdnd}d|d|jdS)Nrrz GuardResult(z: )rr)rstatuss r__repr__zGuardResult.__repr__Ns(77fXR a88r)rboolrstrr dict | Nonerzlist[str] | None)returndictr(r&)__name__ __module__ __qualname____doc__rrr$rrrr5sD%#%) '  ' '  ' # ' 9rrcdtjtjj Sr)rnowrutc isoformatr/rr_now_isor4Xs << % / / 11rc  tj|dd||r t|nd}|j|jj |j j fS#tj$r ddd|dfcYSt$r}ddd|fcYd}~Sd}~wt$r}ddt|fcYd}~Sd}~wwxYw) z5subprocess.run wrapper. (returncode, stdout, stderr).TN)capture_outputtexttimeoutcwdztimeout after szcommand not found: ) subprocessrunr& returncodestdoutstripstderrTimeoutExpiredFileNotFoundError Exception)argsr8r9proces r_run_cmdrI\s ~~ CT   1 1 3T[[5F5F5HHH  $ $32y222 12,QC000 2s1v~s6A%A((B?B?BB? B?' B:4B?:B?cxg}tD].}||d|z }|js|j|0|S)uDevents_dir에서 task_id 관련 g3 fail marker 파일 경로 목록..)G3_FAIL_MARKER_NAMESexistsappend)task_id events_dirfoundnameps r_g3_fail_marker_pathsrTssFE$ G9AdV, , 88: LLO Lrc||z }g}|js|StD])}||z }|js|j|+|S)uEevidence_dir// 에서 g3 PASS evidence 파일 경로 목록.)rMG3_PASS_EVIDENCE_NAMESrN)rO evidence_dir task_ev_dirrQrRrSs r_g3_pass_evidence_pathsrY}sV(KE     & $  88: LLO Lrc.|xst}t||S)uwtask_id의 g3 fail 관련 마커 모두 탐지. (.g3-fail / .g3-failed / .g3_fail / .g3_failed 모두 인식) ) EVENTS_DIRrT)rOrP_dirs rfind_g3_fail_markersr]s  #D $ //rc |xst}t||}|rK|Dcgc]}|j}}dg|z}tdd|dd|Dcgc] }t |c}i|Stddd t t i Scc}wcc}w) u5P0-1: .g3-fail 마커 존재 → .done 발행 차단.g3_fail_markerFuG3 fail marker 존재: u — .done 발행 차단 (P0-1)markersrTu-G3 fail marker 없음 — .done 발행 허용 checked_namesrrr)r[r]rRrr&listrL)rOrPr\r`mnamesblocking_entriess rcheck_g3_fail_blocks_donergs  #D"7D1G!()A)),-5,UG3RS81A89%    >&:!;< * 9s BBc |xst}||dz }t||}|j}t|dkD}|ra|r_t dd|d|j d|Dcgc]}|j c}t ||Dcgc] }t |c}ddd g S|rt dd d t |i S|r't ddd|Dcgc] }t |c}i St ddi Scc}wcc}wcc}w)u@P0-7 보조: .done + .g3-fail 동시 존재 시 conflict 판정.z.donerFu@CONFLICT: .done과 .g3-fail 마커가 동시에 존재 — task=z done=z fail_markers=T) done_file fail_markersconflictdone_fail_conflictru..done 존재, g3-fail 마커 없음 — 정상rirbu=.g3-fail 마커 존재, .done 없음 — 정상 (fail 상태)rju1.done과 .g3-fail 마커 모두 없음 — 정상)r[r]rMlenrrRr&)rOrPr\rir` done_exists fail_existsrds rcheck_done_fail_conflictrps6  #D'%((I"7D1G""$Kg,"K{yy~~&6nV]E^QRaffE^D_a!^18 9AQ 9  ++  CY0  R"W$=SV$=>   B +F_!:%>sC2C7 C<c d|xst}t||}|s&tddtddt ||z idgS|d} t j |jd }|jdd} | dk7r tdd| dt || ddgS|jdd} | r)| |k7r$tdd| d|dt || |ddgS|^|jd} |r t|nd } | t| nd } | +| )| | k7r$tdd| d| dt || | ddgS|rf|jd xs(|jd!xs|jd"xsd}|r)||k7r$tdd#|d|d$t |||d%d&gStd'd(|jd)t ||d*+S#t$r(}tdd |d t |id gcYd }~Sd }~wwxYw#ttf$rd } YwxYw#ttf$rd } YwxYw),uSP0-2: done 직전 G3 PASS evidence 재검증. - evidence file 없음 → FAIL - evidence['result'] != 'PASS' → FAIL - evidence['task_id'] != task_id → FAIL (다른 task PASS 재사용) - evidence['pr_number'] != pr_number → FAIL (이전 PR PASS 재사용) - evidence['sha'] != head_sha → FAIL (stale PASS) Fu G3 PASS evidence 파일 없음 (u) — .done 차단 (P0-2)rWno_g3_pass_evidencerrutf-8encodingu'G3 PASS evidence 파일 파싱 실패: pathevidence_parse_errorNrr;rzG3 evidence result=u& (PASS 필요) — .done 차단 (P0-2))rvevidence_result g3_not_passrOzG3 PASS evidence task_id=z != u- — 다른 task PASS 재사용 차단 (P0-2))rvevidence_task_idexpectedevidence_task_id_mismatch pr_numberzG3 PASS evidence pr_number=u+ — 이전 PR PASS 재사용 차단 (P0-2))rv evidence_pr expected_previdence_pr_mismatchshahead_shamerge_commit_shazG3 PASS evidence sha=u — stale PASS 차단 (P0-2))rv evidence_sha expected_shaevidence_sha_mismatchTuG3 PASS evidence 유효 (path=z, result=PASS))rvr rb) EVIDENCE_DIRrYrrVr&jsonloads read_textrEgetint ValueError TypeErrorrR)rOr}rrW_ev_dirpathsev_pathevrH ev_resultev_taskev_prpr_n_cmp ev_pr_cmpev_shas rcheck_done_g3_pass_evidencers*lG #GW 5E 56L5MMfg"C'(9$:;+,   AhG ZZ))7); <x$IF( 5[\LYG#_   ffY#G7g%.wkg[HuvLgSZ[12   {# )2s9~H &+&7E TI  X%9i8>S1)D KAB L#,#+ 11  X"&&"4X?Q8RXVX f(+F:T(F34 L$*$, 22    / ~^LG "5 Q  =1이면 FAIL. text 우선, 없으면 pr_number+repo로 PR 리뷰 fetch. rNFu&gemini_severity_parser import 실패: import_errorrrru8check_gemini_severity: text 또는 pr_number+repo 필요 missing_argshighzGemini High severity u/건 검출 — auto-approve/merge 차단 (P0-3)gemini_high_severityrTu-Gemini High severity 0건 — 통과 (medium=mediumz, low=lowr!rb) r&r__file__parentsysrvinsertgemini_severity_parser ImportErrorrcount_severitiesparse_pr_review_severitiesr)r7r}r _scripts_dir_gsprHsvrs rcheck_gemini_severityrSs@tH~,,-L388# <( -   " "4 (  4  , ,T9 =M$%  66&! D qy*4&0_`,-     >rvvhq?Q>RRXY[Y_Y_`efgYhXiijk 7  ;A3?$%   sC44 D=DDDFT gemini_highr ci_passhidden_path_pass merge_sha_ok author_ok approver_okc g}|dkDr|jd|d|r|jd|s|jd|s|jd|s|jd|s|jd|s|jd |r)td d t|d |||||||||d d|Stdd|||||||||d dS)uZP0-4: 7조건 중 하나라도 fail → block. blocking 리스트로 사유 모두 반환.rz gemini_high=u (High severity 검출)u-g3_fail=True (G3 verifier fail marker 존재)u,ci_pass=False (required CI checks 미통과)z/hidden_path_pass=False (hidden path audit fail)u3merge_sha_ok=False (merge commit SHA 검증 실패)u/author_ok=False (PR author allowlist 불일치)u/approver_ok=False (approver identity 불일치)Fuauto-block 7조건 위반 u 건 — task=r)rO conditionsrTu*auto-block 7조건 모두 통과 — task=rb)rNrrm) rOrr rrrrrrs rcheck_auto_block_conditionsrsHQ,{m3JKLGH FG IJ MN IJ IJ/H mG9U"#.&&(8$0!*#.   $  ;G9E*""$4 ,&*   rc|xst}|jsgS tj|j d}|j dg}t |tsgSg}|D]^}t |tr'|j dd}|s(|j|:t |tsK|sN|j|`|S#t$rgcYSwxYw)uxallowed_approvers.json에서 시스템 승인자 list 로드. 누락/공백/오류 → 빈 list (fail-closed). rsrt approversloginr;) DEFAULT_ALLOWED_APPROVERS_PATHrMrrrr isinstancercr)rNr&rE)rv_pathdatarloginsentryrs rload_allowed_approversrs  22E <<> zz%//7/;<HH["- )T*I %E%& '2.MM%(E3'E e$  %  s*AC'+C"C6C9C CC)allowlist_pathcX|stdddgSt|}|xst}g} |jrgt j |j d}|jdg}t|tr |Dcgc]}t|ts|}}d|vr|jdd n|}||vrtdd |d |d |d dgS|stdddgS||vrtdd |d|ddStdd |d||ddgScc}w#t$rYwxYw)uP0-5: approver가 시스템 승인자(taskctl-gate, anu-verifier, GitHub App bot)인지. JonghyukJeon 등 사람 → manual approval 분류 (auto evidence 인정 X). Fu1approver 미지정 — auto approve 차단 (P0-5) no_approverrrsrt manual_logins rz approver=u_ 는 human(manual) 승인자 — auto evidence 인정 불가 (P0-5). manual approval로 분류.manual)approvertyper#human_approver_not_allowed_for_autoruDallowed_approvers.json 미설정/비어있음 — fail-closed (P0-5)empty_approver_allowlistTu; 시스템 승인자 확인 — auto evidence 인정 (P0-5)system)rrrbuS 가 시스템 승인자 allowlist에 없음 — auto evidence 인정 불가 (P0-5))rallowedapprover_not_in_allowlist) rrrrMrrrrrrcr&rEsplit) rrrrrrmlxapprover_logins rcheck_approver_identityrs F#_  %^4G  <::eoowo?@D/2.B"d#,. Eq*Q2D E E03hX^^C(+HN&N-.QR!/S`a;<   Y01   ~00kl .A   )*1 2+w?-. C!F    s*ADDDDD D)(D)cntddd|d|gd\}}}|dk7s|sddd i|xsd |d d S tj|}|j dxsd}|j dxsij dxsd}||d|dS#tj$r}ddd id |d cYd}~Sd}~wwxYw)ugh api로 PR merge_commit_sha + base.ref 조회. Returns: {"merge_commit_sha": str, "base_ref": str, "ok": bool, "raw": dict} ghapizrepos/z/pulls/)r8rr;Fugh api 호출 실패 (rc=r!)rbase_refrrawerroruJSON 파싱 실패: NrbaserefT)rrrr)rIrrJSONDecodeErrorr) r}rrcr@rBrrH merge_shars rfetch_pr_merge_shar5s " utfGI;78B Qwf "@!:2$a@     zz&!+,2I &B++E28bH%      "+A3/    sB B4 B/)B4/B4cJd|d|}tdddd|gd|\}}}|d k(S) uRace-safe ``git fetch origin --no-tags +refs/heads/:refs/remotes/origin/``. subprocess shell=False, timeout=30. 실패 시 ``False``. z +refs/heads/z:refs/remotes/origin/gitfetchoriginz --no-tagsrr8r9r)rI)rr9refspecr_s r_safe_git_fetchr[sF XJ&;H:FG ;8 HB1 7Nrchtdddd|gd|\}}}|dk7ry|jxsdS) uM``git rev-parse --verify refs/remotes/origin/`` (정확한 ref 경로).rz rev-parsez--verifyzrefs/remotes/origin/rrN)rIrA)rr9rr@rs r_rev_parse_originrisI  Z+?z)JK MB  Qw <<> !T!rr9 force_fetchc.ddl}|xst}|r t||t||}|y|j dt||}|y||k(r|S|r t||t||}|y|j dt||}|||k7ry|S)uRace-safe origin HEAD SHA fetch (P0-6). Sequence -------- 1. ``force_fetch=True`` 면 ``git fetch origin --no-tags +refs/heads/:...``. 2. 1차 ``git rev-parse origin/`` -> ``sha_a``. 3. ``time.sleep(0.5)`` (race window 노출). 4. 2차 ``git rev-parse`` -> ``sha_b``. 5. ``sha_a == sha_b`` 이면 그 값을 반환. 불일치 시 1회 재 fetch + 재 조회. 그래도 불일치면 ``None``. Parameters ---------- base_ref: Base branch (보통 ``main``). cwd: Git 작업 디렉토리. 기본 ``WORKSPACE``. force_fetch: ``True`` (기본) 면 호출 직전에 ``git fetch`` 강제 실행. 테스트에서 ``False`` 로 끄고 mock 가능. rNg?)time WORKSPACErrsleep) rr9rrwork_dirsha_asha_bsha_csha_ds rfetch_origin_head_sharus6iH(+ h 1E }JJsO h 1E } ~ (+ h 1E }JJsO h 1E } Lr)r base_branchr9c |r|stdddgSt||}|ds$tdd|jddd |d g S|d }|stdd |dg S|xs|d}|stdd|dg St||d}|tdd|d||ddg S||k7r origin/ HEAD 일치 검증. - merge_commit_sha empty/null -> FAIL - base_branch 미지정 -> PR base.ref에서 동적 조회 (hardcoded 'main' 금지) - origin/ HEAD != merge_commit_sha -> FAIL Fu7check_merge_commit_sha: pr_number와 repo 필요 (P0-6)rrruPR 정보 조회 실패: runknownz (P0-6)pr_fetch_failedrru2merge_commit_sha empty/null — done 차단 (P0-6)empty_merge_sharuFPR base branch 조회 실패 — hardcoded 'main' 사용 금지 (P0-6)no_base_branchTrNzorigin/u HEAD SHA 조회 실패 (P0-6))rrorigin_sha_fetch_failedzSHA mismatch: merge_commit_sha( u...) ≠ origin/z HEAD(u...) — done 차단 (P0-6))rorigin_head_sharetry_origin_shar sha_mismatchzmerge_commit_sha == origin/z HEAD (u...) — 검증 통과 (P0-6))rrrrb)rrrr) r}rrr9pr_infor_base origin_sha retry_shas rcheck_merge_commit_shar s DL$%  !D1G 4=.w{{7I/N.OwW'(   *+I G'(     .7:.E [&'   'u#4HJUG#AB#(yA/0   Y)%SdK   Y 65in5EF""'z#2.?@-. )2'1(1#(  ))    ,UG79Sb>:JJgh ))   rcttjdz }|jsiS tj j dt|}| |jiStj j|}|jj|t|diS#t$ricYSwxYw)uMscripts/taskctl.py의 ALLOWED_TRANSITIONS를 동적 import (circular 회피).z taskctl.py_taskctl_moduleALLOWED_TRANSITIONS) rrrrM importlibutilspec_from_file_locationr&loadermodule_from_spec exec_modulegetattrrE) taskctl_pathspecmods r_load_allowed_transitionsrs>((<7L     ~~556G\IZ[ <4;;.Inn--d3 $s1266  s8B0)AB00 B>=B>c Tt}|stdddgS|j|t}hd}||vr |dk7rtdd|d|d ||d d d g S||vr0tdd|d|dt |d||t |ddg Std d|d|d||dS)uP0-7: ALLOWED_TRANSITIONS 기반 엄격 검증. fail->done 등 금지 전이 차단. 동적 import로 scripts.taskctl 참조 (circular import 회피). Fu8ALLOWED_TRANSITIONS 로드 실패 — fail-closed (P0-7)transitions_load_failedr>DONEFAILED CANCELLEDADMIN_OVERRIDE_USEDruterminal 상태 u에서 전이 불가 — u 차단 (P0-7)T)srctargetterminalterminal_state_no_transitionru금지된 상태 전이: z -> u (허용: z) (P0-7))rrrforbidden_transitionu상태 전이 허용: z (P0-7))rrrb)rrrsetsorted)rrallowed_transitions allowed_nextterminal_statess rcheck_state_transitionr( s 45 M/0  '**36L VO o#/%cW,EfZ~^&dC45   \!+C7$vjA"<01;&VL=QR,-    'wd6*GDf- r)env audit_path productionc||nttj}|xst}|j dddk(}t |j dd}|s|s t ddS|}||j d ddk(}|r?g} |r| jd |r| jdt d d | d | dddgS|js!t d d|dt|||ddgS |jdj} g} | D]P} | j} | s tj| } | j d|k(r| j| R | s t d d|dt||ddgSt dd t#| d!|| d"#S#tj$rYwxYw#t $r}t d d|ddgcYd}~Sd}~wwxYw)$uP0-8: TASKCTL_BYPASS=1 / TASKCTL_PR_AUTHOR_OVERRIDE 사용 시 audit log 필수. - production env에서는 bypass/override 기본 금지 (PRODUCTION=1 fail-fast) - audit path 미생성/항목 없음 -> FAIL - audit jsonl에 본 task_id + 사용 사유 기록 필요 NTASKCTL_BYPASSr;1TASKCTL_PR_AUTHOR_OVERRIDETu4bypass/override 미사용 — audit 불필요 (P0-8)r" PRODUCTIONzTASKCTL_BYPASS=1Fu7production 환경에서 bypass/override 사용 금지: u — fail-fast (P0-8))env_varsr+production_bypass_forbiddenru3bypass/override 사용 중이나 audit log 없음: u — fail-closed (P0-8))r*bypassoverridemissing_audit_logrsrtrOuaudit log 읽기 실패: z (P0-8)audit_read_errorruaudit log에 task_id=u> 항목 없음 — bypass/override 사유 기록 필수 (P0-8))r*rOmissing_audit_entryu%bypass/override audit log 확인 — u건 기록됨 (P0-8))rO audit_entriesrb)r)osenvironADMIN_OVERRIDE_LOGrr%rrNrMr&r splitlinesrArrrrErm)rOr)r*r+_env _audit_path bypass_activeoverride_active _production active_varslines task_entrieslinerrHs rcheck_bypass_auditrFPs[/3tBJJ'7D2 2KHH-r2c9M488$@"EFO I  Khh|R0C7 !#    1 2    ; <I+W'(!,4@34      Ek]S)*#&k"2mYhi)*   %%w%7BBD  D::?#&k"2wG+,    6s<7H6II]^"\B )''    .qc9()   sB5:G0:F-*G-GGGG G,G'!G,'G,)r}r*cT|xst}|jjdd||t|tj j ddd}|jdd5}|jtj|d d zd d d |S#1swY|SxYw) u7admin-override.jsonl append. ADMIN_OVERRIDE_LOG 기본.T)parentsexist_okUSERr)rOrtsr}actorarsrtF) ensure_ascii N) r;rmkdirr4r9r:ropenwriterdumps)rOrr}r*rrfs rappend_admin_override_auditrUs  ,,E LLtd3j 2  E C' *>a  5u5<=> L> Ls )*BB'c|xst}|jsgS tj|j d}|j dg}|j dg}g}||fD]+}t |ts|jd|D-t}g}|D])} | |vs|j| |j| +|S#t$rgcYSwxYw)utallowed_bot_accounts.json 로드. 파일 없음 / 비어있음 -> [] (fail-closed 호출자에서 처리). rsrtpatternsexactc3HK|]}t|ts|s|ywr)rr&).0rs r z,load_allowed_bot_accounts..sKa*Q2DKs """) DEFAULT_ALLOWED_BOT_PATHrMrrrrrrcextendr#addrNrE) rvrrrWrXcombinedlstseenritems rload_allowed_bot_accountsrcs  ,,E <<> zz%//7/;<88J+"% e$ LC#t$K3KK L $D4 d# $  sA"C/C1%C C%$C%c|r|sy|D]}||k(ry|dk(r|jdry|jdr|j|ry|dk(r|jdry|jdsp|jdsyy)u~author를 allowlist 패턴과 매칭. 지원 패턴: - 정확 일치 - *[bot] suffix - app/ prefix FTz*[bot]z[bot]/zapp/)endswith startswith)author allowlistpatterns r_match_bot_authorrks   W  h 6??7#;   C V%6%6w%? f !2!26!:   f %&*;*;F*C  rc|stdddgSt|}|stddd|idgSt||rtd d |d d|i Stdd |d |||ddgS)uP0-9: PR author가 allowlist에 매칭하는지. - allowlist 미설정/빈 list -> FAIL (fail-closed) - 매칭 패턴: 정확 일치 + *[bot] suffix + app/ prefix Fu:PR author 미지정 — bot allowlist 검증 불가 (P0-9) no_authorruballowed_bot_accounts.json 미설정/비어있음 — fail-closed (P0-9). 허용 bot 계정 없음.rhempty_bot_allowlistrTz PR author=u' bot allowlist 매칭 — 허용 (P0-9)rbuE 가 bot allowlist에 없음 — merge 차단 (P0-9). 허용 패턴: )rhriauthor_not_in_allowlist)rrcrk)rhrris rcheck_bot_author_allowlistrps O!]  *.9I ,f%+,  +z)PQf%    #'[ *!y9+, r)r)defaultcF||nttj}d}|/t|tr|j d}n t |dd}|r t |S|j dd}|r'tjdtdt |S|xstS)uP0-10: --worktree CLI 인자 정식화. - argparse Namespace 또는 dict 모두 허용 - args.worktree 우선 - TASKCTL_CWD env는 deprecated warning 출력 후 채택 - 둘 다 없으면 default 또는 WORKSPACE 반환 Nworktree TASKCTL_CWDr;z9TASKCTL_CWD is deprecated. Use --worktree instead.) stacklevel) r)r9r:rrrrwarningswarnDeprecationWarningr)rFr)rqr= worktree_valcwd_envs rresolve_worktree_pathr|4s/3tBJJ'7D#L  dD !88J/L"4T:LL!!hh}b)G G  G}  irr*)rN)rF list[str]r8rr9 Path | Noner(ztuple[int, str, str])rOr&rPrr( list[Path])rOr&rWrr(rr)rOr&rPr~r(r)rOr&rPr~r(r) rOr&r}int | str | Noner str | NonerWr~r(r)r7rr} int | Nonerrr(r)rOr&rrr r%rr%rr%rr%rr%rr%r(r)rvr~r(r})rrrr~r(r)r}rrr&r(r))rr&r9rr(r%)rr&r9rr(r)rr&r9r~rr%r(r) r}rrrrrr9r~r(r)r(zdict[str, set[str]])rr&rr&r(r) rOr&r)r'r*r~r+z bool | Noner(r) rOr&rr&r}rr*r~r(r)rhr&rir}r(r%)rhrrr~r(r)rFz object | Noner)r'rqr~r(r)4r. __future__rimportlib.utilr rr9r=rrwrrpathlibrr:rrr[r SPECS_DIR AUDIT_DIRr;r\rrLrVrr4rIrTrYr]rgrprrrrrrrrrr rr(rFrUrcrkrpr|r/rrrs"#  '  02GH I  !H , 8#j0  7 *  #8 8 !77$'BB!*-E!EHH99F2     . $0# 4#* ***l!% i iii i  id.! . ..  .  .r!? ?? ?  ?  ?????N:#'CC C CV#L  " 99 9 9  9~" WW W W  W  W~  (f"" [ [ [ [  [  [D#'"        66<#'- - - -l"  " "  "  "  " r