---
task_id: task-2553
type: checklist
scope: task
created: 2026-05-11
updated: 2026-05-11
status: completed
---

# 체크리스트: task-2553

**task**: task-2553

---

## Phase 0 — 엔키 (Secret 인프라)

- [x] A. `OWNER_GEMINI_TRIGGER_PAT` env 이름 정의 (별도 secret entry)
- [x] B. token loader fail-fast (token 누락 → ESCALATED)
- [x] C. token redaction guard (logger filter / stderr scrubber)

## Phase 1 — 엔키 (Decision schema)

- [x] A. `owner_trigger_decision.json` schema 구현 (pr_number, head_sha, decision, reason, ...)
- [x] B. dedupe by (pr_number, head_sha) — jsonl audit lookup
- [x] C. queue-head / current-head 검증 helper

## Phase 2 — 엔키 (Trigger-only comment writer)

- [x] A. `anu_v2/owner_trigger_pat.py` 신규 (단일 책임)
- [x] B. comment body `/gemini review` strict equality (다른 body fail-fast)
- [x] C. endpoint allowlist (issue comment POST 외 차단)
- [x] D. audit log append-only

## Phase 3 — 엔키 (merge_queue_executor 통합)

- [x] A. `merge_queue_executor.py` Phase 3 통합 — evidence missing 감지 → trigger 호출
- [x] B. trigger 후 evidence commit_id == current_head 검증
- [x] C. evidence 도착 후 BOT_GITHUB_TOKEN squash merge

## Tests — 닌기르수 (5 fixture)

- [x] A. bot trigger fail (bot token 댓글 → Gemini auto trigger 안 함)
- [x] B. owner trigger success (OWNER PAT → fresh review 시뮬레이션)
- [x] C. duplicate nudge blocked (같은 PR/head 2회 → 2회차 fail-fast)
- [x] D. update-branch stale reset (새 head → 기존 trigger stale, 새 trigger 가능)
- [x] E. non-queue-head blocked (queue-head 아닌 PR → fail-fast)
- [x] F. security boundaries 어설션 (merge/approve/close/push 차단)

## 검증

- [x] pytest 5 fixture + security boundaries PASS
- [x] pyright 0
- [x] G2 마아트 + 로키 PASS (Lv.4 security)
- [x] G3 independent verifier PASS
- [x] 보고서 저장 (`memory/reports/task-2553.md`)
- [x] finish-task.sh 실행