MjSa dZddlmZddlmZmZddlmZmZm Z ddl m Z m Z m Z mZmZmZddlmZmZdZdZd ZeeehZeGd d Zd d d d dddee ddd d1dZeGddZee d d2dZdZ dZ!dZ"dZ#dZ$dZ%dZ&dZ'd Z(d!Z)d"Z*d#Z+ehd$Z,d3d%Z-d4d&Z.dd'd5d(Z/eGd)d*Z0 d6d+Z1d d d d d d dee d, d7d-Z2gd.Z3d8d9d/Z4e5d0k(r e6e4y ):udispatch.normal_fallback_callback_helper — ANU-owned normal/fallback callback registration helper + post-registration owner cross-check. task-2553+49 (§8 / §10 / 9-R.1 — 코드/파일 자동화). The actual normal/fallback callback cron is registered via the external ``cokacdir --cron`` tool (a cron-direct path that ANU cannot file-patch, 9-R.1). So the owner=ANU-key pin is enforced at the **ANU control layer**, which IS code-patchable: 1. ``build_anu_owned_callback_request`` — the dispatch prompt generator / 4-tuple registration step builds the callback registration request HERE. It is **fail-closed**: an owner key equal to the executor self key, or not a configured independent ANU key, or a non-ANU collector role, makes the request INVALID and NO command argv is produced (회장 §2/§8/§10). 2. ``verify_post_registration_owner`` — after ``cokacdir --cron`` returns, the ANU control layer re-reads the schedule_history / registry owner binding and cross-checks key/chat/role. An owner that resolved to the executor key (or any non-ANU key) at registration time -> FAIL (회장 §8 "등록 후 schedule_history/registry 에서 chat_id·key·role binding 교차 검증"). Standalone, zero-mutation, Layer A / NO-CRON (9-R.1): this module performs ZERO cron register/remove, ZERO dispatch, ZERO ``subprocess`` / ``cokacdir`` exec. It only *builds a request descriptor* and *validates* an owner binding. The authorized session executes the (ANU-keyed) cron outside this module. ) annotations) dataclassfield)ListOptionalSequence)DEFAULT_ANU_KEYSENFORCER_SCHEMAFAILPASSenforce_callback_owner is_anu_key)ExecutorSelfKeyForbidden'assert_collector_key_is_independent_anuz+dispatch.normal_fallback_callback_helper.v1normalfallbackceZdZUdZded<ded<ded<ded<ded<ded<d ed <d ed <d ed<eeZded<eddZ ddZ y)CallbackRequestuAn owner-validated callback registration request descriptor. ``argv`` is the (data-only) ``cokacdir --cron`` argument vector an authorized session would execute. It is produced ONLY when the owner binding is fail-closed valid (owner == an independent ANU key, not the executor self key). On FAIL, ``argv`` is None — no registration is possible (회장 §2/§8/§10). strschemaverdictkindtask_id owner_keychat_id Optional[str]cron_idOptional[List[str]]argvdict enforcementdefault_factory List[str]reasonsc(|jtk(SNrr selfs Y/home/jay/workspace/.worktrees/task-2643-dev6/dispatch/normal_fallback_callback_helper.pyokzCallbackRequest.okW||t##c $|j|j|j|j|j|j |j |jt|jnd|jt|jd S)N rrrrrrrrr!r%) rrrrrrrrlistr!r%r)s r+to_jsonzCallbackRequest.to_json[shkk||II||||||'+yy' verdict FAIL and ``argv=None`` (the cron-direct path therefore CANNOT register an executor-owned callback, 회장 §2/§8/§10). HOLD propagates (§6 conditional escalation). Nzunknown callback kind z (expected )r0udispatch_callback_contract.assert_collector_key_is_independent_anu fail-closed — owner_key 가 독립 ANU key (c119085addb0f8b7) 가 아님: )r executor_key collector_keycollector_owner_keyrDrBrCrArrErFrGrHrIuiowner enforcement did not PASS — no cron-direct registration argv produced (fail-closed, §2/§8/§10).cokacdirz--cron--atz--chatz--keyz--onceu4owner=independent ANU key — fail-closed gate PASS.) VALID_KINDSr HELPER_SCHEMAr r_dcc_assert_independent_anu_DCC_ExecutorSelfKeyForbiddenr CALLBACK_KIND_NORMALCALLBACK_KIND_FALLBACKrr r2r1r%)rrrLrrpromptatrrArBrCrDrErFrGrHrI_dcc_excenfrs r+ build_anu_owned_callback_requestr[js8 ; L-dX[ QOP  ( #I.& !!%%(3 %!%99't)4 &!%;;')G $?/- C2 {{d KKL KLs{{#$  (   G  D  G  KKMGH  W )  L22:=   s D55 E2>)E-'E2-E2ceZdZUded<ded<ded<ded<ded<ded<ded <ee Zd ed <edd ZddZ y)PostRegistrationOwnerCheckrrrrr5expected_owner_is_anuobserved_owner_keyobserved_chat_id observed_roler"r$r%c(|jtk(Sr'r(r)s r+r,zPostRegistrationOwnerCheck.okr-r.c |j|j|j|j|j|j |j t|jdS)Nrrrr^r_r`rar%) rrrr^r_r`rar1r%r)s r+r2z"PostRegistrationOwnerCheck.to_jsonsQkk||||%)%?%?"&"9"9 $ 5 5!//DLL)  r.Nr3r6) r7r8r9r;rr1r%r<r,r2r=r.r+r]r]sO K L Lt4GY4 $$  r.r])rGc g}t||}|r||k(r|jd|s|jd|dt|t|k7r|jd|d|d|dk7r|jd|d |stnt} | tk(r|jd t t | |||t||| S) u)회장 §8 — 등록 후 schedule_history/registry owner 교차검증. After ``cokacdir --cron`` registers the callback, the ANU control layer re-reads the owning schedule's key/chat/role and asserts it is an independent ANU binding. An owner that resolved to the executor key (or any non-ANU key), a chat mismatch, or a non-ANU role -> FAIL (a registered executor-self callback is detected post-hoc and rejected). Read-only; the observed values are supplied by the caller from schedule_history / the durable registry. upost-registration owner key == executor self key — a cron-direct executor-self callback slipped through and is rejected (§8 post-reg owner cross-check / §2).zpost-registration owner key uA is not a configured independent ANU key (§8 owner cross-check).zchat_id mismatch: registered=z expected=u (§8 binding cross-check).r?zregistered collector role=u5 != 'ANU' (§8 owner cross-check / §2 regression 5).uxpost-registration owner binding is an independent ANU key with matching chat_id and ANU role — cross-check PASS (§8).rd)rappendrr r r]rR) rrLr_r`raexpected_chat_idrGr% owner_is_anurs r+verify_post_registration_ownerris(G0(;L0L@ 6 *+=*@AF F  $4 55+,<+?@(++F H ((9:: : "dtG$ M  &*--.#  r.z/home/jay/workspacei<z4dispatch.normal_fallback_callback_helper.launcher.v1ANU_OWNED_READYSELF_KEY_FAIL_CLOSEDCALLBACK_PROMPT_TOO_LARGECANONICAL_ROOT_INVALIDOWNER_ENFORCEMENT_FAILEDr FAIL_CLOSED COLLECTOR_ANU%RECOVERY_ONLY_NO_FINAL_REPORT_TRIGGER> rXsha256rsummaryrr report_path result_path callback_kindcanonical_rootrDc>t|xsdjdS)u&callback prompt 의 UTF-8 byte 길이.r>zutf-8)lenencode)rWs r+callback_prompt_utf8_bytesr{ms  "$$W- ..r.c|xsdjDcgc]#}|js|j%}}|sy|D]5}d|vry|jdddj}|tvs5yycc}w)uprompt 가 envelope-only 인가 — 모든 비공백 line 이 `key=value` 형태이고 key 가 ENVELOPE_ALLOWED_KEYS 에 속하면 True (자유 지시문 금지, 회장 §5.6 envelope-only).r>F=rT) splitlinesstripsplitENVELOPE_ALLOWED_KEYS)rWlnlineskeys r+is_envelope_onlyrrs$*OKTFzcallback prompt z bytes > u5 (CALLBACK_PROMPT_TOO_LARGE fail-closed, §5.5/§10).ENVELOPE_VIOLATIONu5callback prompt 가 envelope-only 가 아님 (§5.6).)r, utf8_byteschars too_large envelope_onlystatusr%)r{ryCALLBACK_PROMPT_MAX_BYTESr STATUS_CALLBACK_PROMPT_TOO_LARGErf) rWrutf8rrenv_onlyr%rr,s r+validate_callback_promptrs &f -D  " E00I'HG F B 1tfI.G-HIC C   T>)FNOuW r.ceZdZUded<ded<ded<ded<ded<ded<ded<ded <d ed <d ed <ded<dZded<eeZded<eddZ ddZ y)LaunchDecisionrrrrrrrrrwr5canonical_root_correctedrrr contract_fieldsNzOptional[dict]requestr"r$r%c(|jtk(Sr')r LAUNCH_PASSr)s r+r,zLaunchDecision.oks||{**r.cx|j|j|j|j|j|j t |j|j|j|jt|jnd|j|jt|jd S)N rrrrrrrrwrrrrr%)rrrrrrrrrwrrr1rrr%r)s r+r2zLaunchDecision.to_jsonskk||kkII||4<<("11(,(E(E'+yy') r{callback_prompt_charscallback_cron_idcallback_registration_status callback_roleenvelope_only_compliancefallback_prompt_utf8_bytesfallback_safety_net_registered'fallback_safety_net_role_single_purpose)r{ryCALLBACK_ROLE_COLLECTOR_ANUr5FALLBACK_ROLE_SINGLE_PURPOSEcallback_promptrrrrfallback_promptfallback_registereds r+_contract_fieldsrsO 'A&Q!$_%:!;#(.4$($7&@AVTV&W*./B*C3O  r.)rwrrArBrCrrrGc2g}d}|st}d}|jdnd|tk7r[t|||tt || xsdd}t t tt|||t||dd|d|dtd g St|| }|d rLt|||t|d | xsdd}t t tt|||t|||d||d S| xs|d} | xs|d} | xs|d} | |tk(r| n| }t||||t||||| | | | }|tk(xr |j}|jrt}t }|jdnUt}||k(rt"}|jdnt$}|jd|j'|j(t|||||d | xsd|}t t |||||t||||j*||j-| S)uo단일 callback/fallback 런타임 launcher (회장 §3 launcher 단일화). fail-closed 순서: canonical root → prompt byte/envelope → owner enforce (build_anu_owned_callback_request 경유). owner==executor self-key 면 SELF_KEY_FAIL_CLOSED (argv=None). ANU key 만 PASS. 실 cron 발사/ subprocess 0 — argv(데이터)만 생성한다. FTu<canonical_root 미지정 → /home/jay/workspace 로 교정.r>rNzcanonical_root=z != u → fail-closed (§5.9).) rrrrrrrrwrrrr%rrrr%z ::dispatchz::normalz ::fallback) rrrLrrrWrXrrArBrCrGu7owner=ANU key — launcher PASS, ANU-owned argv 생성.uKowner_key == executor self key → SELF_KEY_FAIL_CLOSED (argv=None, §5.3).u3owner enforcement FAIL → fail-closed (argv=None).r)CANONICAL_ROOTrfrSTATUS_CANONICAL_ROOT_INVALIDrrLAUNCHER_SCHEMALAUNCH_FAIL_CLOSEDrrrrUr[rVr,STATUS_ANU_OWNED_READYrSTATUS_SELF_KEY_FAIL_CLOSEDSTATUS_OWNER_ENFORCEMENT_FAILEDextendr%rr2)rrrLrrrWrXrwrrArBrCrrrGr%root_correctedcfpvreqrrrs r+launch_callbackrss2GN 'UV > ) "w0*62+1ru N ",>0tWW)Er&~&8^3$W)Nr2i= B B(AgYj+A7OgYh;O 9 Sy =S/37K/K+1  + 7S\&R*:!9";  C #99Dcff vv'PQ$  $0F NNh i4F NNP Qs{{# T76)?;Pb/ 1B T9c'l% XXr3;;='  SSr.)rRr rUrVrQrr[r]rirrrrrrr{rrrrrrrrrmainc ddl}ddl}|jd}|jdd}|j d}|j ddt t |j d d |j d d |j d d |j dd |j dd |j dd|j ddd}|j |dd|j dd|j|}t|j|j|j|j|j|j|j |j"|j$|j&  }t)|j+|j-d|j.rdSdS)Nrz(dispatch.normal_fallback_callback_helper)progcmdT)destrequiredlaunchz--kind)rchoicesz --task-id)rz--executor-keyz --owner-keyz --chat-idz--promptrP10m)defaultz--canonical-rootz --cron-idr)rrz--no-require-envelope store_true)action) rrrLrrrWrXrwrrF) ensure_ascii)argparsejsonArgumentParseradd_subparsers add_parser add_argumentsortedrQ parse_argsrrrrLrrrWrXrwrno_require_envelopeprintdumpsr2r,) rr_jsonapsublp _cron_flagadecs r+rr^sz"  &P QB    6C  !BOOHtVK5HOIOOK$O/OO$tO4OOMDO1OOK$O/OOJO.OOFEO*OO&O5&JOOJYO=OO+LOA dA  VVQYYQ^^++qyyadd''222  4C  %++ckkm%+ 891Ar.__main__)$rrrrrLrrrrrrWrrXrrrrArrBrrCrrDrrEr5rFrrG Sequence[str]rHr5rIr5r4r)rrrLrr_rr`rrarrgrrGrr4r])rWrr4int)rWrr4r5)rWrrr5r4r )rrrrrrrr5rrrr5r4r ) rrrrrLrrrrrrWrrXrrwrrrrArrBrrCrrrrr5rGrr4rr')rrr4r)7r: __future__r dataclassesrrtypingrrr dispatch.callback_owner_enforcerr r r r r r!anu_v3.dispatch_callback_contractrrTrrSrRrUrV frozensetrQrtupler[r]rirrrrrrrrrrrrrr{rrrrr__all__rr7 SystemExitr=r.r+rs6#(++& > #-/EFG  % %  % b".2/3(,,#$45 $%I II I  I  I I III,I -II"&II !I"#I$%I&'IX     F$$45: :: :  :  ::: :D' H+4#> 8"< "-F"#/  GK: " "  " J$(;>*.374%)!&*.2/3%)!#$45!gS gSgS gS  gS  gS gS gS"gSgS$gS,gS -gS#gSgS !gS"#gST <4 z TV r.