Sjf) dZddlmZddlZddlZddlZddlZddlmZddl m Z dZ ejdejdejgZd Zejd Zejd Zejd Zd ZejdejdgZdZejdejZdZejdejejdejdejdejejdejejdejejdejejdejgZdZgdZd(dZd)dZd)dZd)d Zd)d!Zd*d+d"Z d,d#Z!d-d$Z"d.d%Z#d/d0d&Z$e%d'k(r e&e$y)1uANU PreToolUse Guard hook — task-2643 Track A (staged · live 미적용). 목적: ANU 본체가 위험 tool call (특히 Bash CI/Gemini polling) 을 실행하기 *전에* deny 해서 session-bound polling 위반 (PR #145 bzaona6au 사건) 재발을 막는다. 본 스크립트는 **staged draft** 다: - `~/.claude/settings.json` 의 `PreToolUse` 섹션에 등록되어야 활성된다. - 본 task-2643 범위에서는 live 적용 0 (회장 verbatim). - 활성 절차: `memory/specs/task_2643_final_activation_packet_template_260523.json`. fail-closed 원칙: - 입력 JSON parse 실패, config 누락, internal exception → **deny** (allow fallback 금지). - 어떤 정상 tool call 도 차단되어선 안 되지만, 위반 시 차단이 더 안전한 trade-off. 핵심 검사: - tool_name == "Bash" 인 경우만 검사한다 (다른 tool 은 allow). - forbidden pattern 5 그룹 (spec §2.2) 정적 매칭. - match 발생 시 deny + reason + allowed_alternative + next_steps 반환. stdin/stdout 규약: - claude-code `PreToolUse` hook 규약: stdin 으로 `{tool_name, tool_input, ...}` JSON 수신. - stdout 으로 `{decision, reason, allowed_alternative?, next_steps?}` JSON 반환. - exit code 0 = decision 적용, 비0 = error (claude-code 가 fail-closed 처리). CLI 모드 (dry-run): - `--mode=dry-run --fixture=` 형태로 fixture JSON 을 입력받아 결과를 stdout 으로 dump. - `--mode=stdin` (default) 으로 claude-code hook 처럼 stdin 처리. ) annotationsN)Path)AnyBACKGROUND_GH_PR_POLLz\bgh\s+pr\s+(view|checks)\bstatusCheckRollupLOOP_SLEEP_GH_PR_POLLz\b(while|until)\bz \bsleep\s+\d+z\bgh\s+(pr|run|api)\bGH_RUN_WATCH_POLLz\bgh\s+run\s+watch\bz\bgh\s+run\s+list\bSEMANTIC_CI_GEMINI_WAITz_\b(wait\w*|until|poll\w*|monitor\w*|nudge_wait|gemini[\w\s.]*review\w*|ci[\w\s.]*complete\w*)\bEXPLICIT_FORBIDDEN_ACTIONzadmin[\s_-]*overrideBOT_GITHUB_TOKEN BOT_APP_TOKENchair_authorizationzauto[\s_-]*merge.*activatz\bPR\s*#?141\b.*pilotz\bgh\b[^|;&]*--admin\bz\bpr\s+merge\b[^|;&]*--admin\bdelegated_watcher_contract)uM1. watcher contract 9 필드 생성 (schemas/watcher_contract_v1.json 참조)u12. watcher dispatch (dev bot 또는 cron-watcher)u:3. ANU normal callback 대기 (owner_key=c119085addb0f8b7)c:|sytfdtDS)zFGroup 1: run_in_background=True + gh pr view/checks/statusCheckRollup.Fc3@K|]}|jywNsearch.0pcommands M/home/jay/workspace/.worktrees/task-2643-dev6/hooks/pre_tool_use_anu_guard.py z*_has_background_gh_poll..g;Qqxx ;)anyGROUP_1_PATTERNS)rrun_in_backgrounds` r_has_background_gh_pollr cs  ;*:; ;;cttj|}ttj|}ttj|}|xr|xr|S)u4Group 2: while/until + sleep + gh pr/run/api 결합.)boolGROUP_2_LOOP_KEYWORDSr GROUP_2_SLEEPGROUP_2_GH_POLL)rhas_loop has_sleephas_ghs r_has_loop_sleep_gh_pollr*jsR)009:H]))'23I /((1 2F  , ,f,r!c4tfdtDS)u+Group 3: gh run watch / gh run list 반복.c3@K|]}|jywrrrs rrz$_has_gh_run_watch..urr)rGROUP_3_PATTERNSrs`r_has_gh_run_watchr/s ;*:; ;;r!ctj|syttjd|xs d|vxsd|vS)u6Group 4: CI/Gemini wait 의도 + GH API 호출 결합.Fz\bgh\s+zapi.github.comr)GROUP_4_INTENT_KEYWORDSrr#rer.s r_has_semantic_waitr4xsH " ) )' 2  *g& * w & * ' ) r!c4tfdtDS)u$Group 5: 명시적 forbidden action.c3@K|]}|jywrrrs rrz*_has_explicit_forbidden..rr)rGROUP_5_PATTERNSr.s`r_has_explicit_forbiddenr8r0r!ct|tr|jsddiSg}t||r|j t t |r|j tt|r|j tt|r|j tt|r|j t|sddiS|d}dd||ttdS)uBash command 를 5 그룹 정적 검사한 뒤 decision dict 를 반환한다. Args: command: Bash tool 의 `command` 인자. run_in_background: Bash tool 의 `run_in_background` 인자 (기본 False). Returns: {"decision": "allow"} 혹은 {"decision": "deny", "reason": "...", "allowed_alternative": "...", "next_steps": [...], "match_group": "..."} decisionallowrdenyANU_DIRECT_CI_POLLING_FORBIDDEN)r:reason match_groupall_match_groupsallowed_alternative next_steps) isinstancestrstripr appendGROUP_1_BACKGROUND_GH_POLLr*GROUP_2_LOOP_POLLr/GROUP_3_RUN_WATCHr4GROUP_4_SEMANTIC_WAITr8GROUP_5_EXPLICIT_FORBIDDENALLOWED_ALTERNATIVE NEXT_STEPS)rrmatched_groupsprimary_reasons revaluate_bash_commandrPs gs #7==?G$$ "Nw(9:89w'/0!/0'"34w'89 G$$#A&N3%*2  r!cX|jdxs|jd}|dk7rdddS|jdxs|jdxsi}t|ts d d td gd S|jd d}t |jdd}t ||S)u전체 tool call payload 에서 decision 을 산출한다. Bash 가 아니면 allow. Bash 면 command/run_in_background 추출 후 evaluate_bash_command 위임. tool_nametoolNameBashr; NOT_BASH_TOOL)r:r> tool_input toolInputr<INVALID_TOOL_INPUT_TYPEu1Bash tool_input 형식 오류. payload 재검토.)r:r>rArBrrF)getrCdictrLr#rP)payloadrRrVrrs revaluate_tool_callr]s  K(CGKK ,CIF#??\*Lgkk+.FL"J j$ '/#6NO   nnY+GZ^^,?GH *; <errorrArBF) ensure_asciiindentr)argparseArgumentParser add_argument parse_argsmodefixturerbrkrfr] Exceptiontype__name__rLprintrcdumps)argvparserargsr\r:excs rmainrs  $ $1b cF 7I*>P  *UV   T "D 99 !<< !RSS#DLL1G)+G%g. $**XE! <=    (S **+2cU3#6AL    sAC C>&C99C>__main__)rrDrr#returnr#)rrDrr#)F)rrDrr#rdict[str, Any])r\rrr)rr)rjrDrrr)rzlist[str] | Nonerint)'__doc__ __future__rrvrcr3r_pathlibrtypingrrGcompile IGNORECASErrHr$r%r&rIr-rJr2rKr7rLrMr r*r/r4r8rPr]rfrkrr~ SystemExitr!rrs:# 5BJJ-.BJJ#R]]3 ," #78 +, "**56(BJJ&'BJJ%&2$"**fMM 9BJJ& 6BJJ"#BJJ BJJ%r}}5BJJ+R]];BJJ'7BJJ("--8BJJ0"--@ 3 <-< < 'T=<> < z TV r!