QjL dZddlmZddlmZmZmZddlmZmZm Z m Z m Z dZ dZ dZee ehZdZd Zd Zd Zd Zd ZdZdZdZdZeedZddZddZded ddZdd ddZy)uFutils.chair_authorization_validator — anu.chair_merge_authorization.v1 validator. task-2637 — real merge executor wiring 코드화 (activation false default · 실제 merge 실행 0). Spec: memory/specs/system_real_merge_executor_wiring_spec_260523.md §6 sha256: bcaf654e981a43083af50879164021c918eeac9753cad3b3ad146209a1a62765 회장 verbatim (spec §6.1 / §6.2 + 회장 10결정 #2): schema = "anu.chair_merge_authorization.v1" scope ∈ {"per_pr", "batch"} pr_numbers : list of explicit PRs (per_pr=1건 / batch=N건) head_shas : 본 SHA 외 머지 시도 금지 (head 변경 시 재승인 강제) expires_at_kst : TTL 미래 cap (≤24h 권장) chair_signature : 회장 verbatim 메시지 (verbatim token signature — 회장 결정 #2) issued_at_kst / task_id / expected_files_snapshot 검증: * expires_at_kst 경과 → NO_OP_NO_AUTHORIZATION * pr_identity.pr ∉ pr_numbers → NO_OP_NO_AUTHORIZATION * pr_identity.head_sha ∉ head_shas → NO_OP_NO_AUTHORIZATION * chair_signature 미수록/비-string → NO_OP_NO_AUTHORIZATION ) annotations)datetime timedeltatimezone)AnyDictListOptionalTuplez anu.chair_merge_authorization.v1per_prbatch)schemascope pr_numbers head_shasexpires_at_kstchair_signature issued_at_ksttask_idAUTH_OK AUTH_MISSINGAUTH_INVALID_SCHEMA AUTH_EXPIREDAUTH_PR_MISMATCHAUTH_HEAD_SHA_MISMATCHAUTH_SIGNATURE_MISSINGAUTH_TTL_TOO_LARGE )hoursct|tr|syd}|D]>} tj||}|j|j t }|cSy#t$rYMwxYw)uBest-effort parse of a KST-formatted timestamp. Accepts: * ``YYYY-MM-DD HH:MM`` and ``YYYY-MM-DD HH:MM:SS`` (no tz suffix → KST assumed) * ``YYYY-MM-DDTHH:MM:SS+09:00`` (explicit KST tz) N)z%Y-%m-%dT%H:%M:%S%zz%Y-%m-%d %H:%M:%S%zz%Y-%m-%dT%H:%M:%Sz%Y-%m-%d %H:%M:%Sz%Y-%m-%d %H:%Mtzinfo) isinstancestrrstrptimer#replace_KST ValueError)text candidatesfmtdts T/home/jay/workspace/.worktrees/task-2643-dev6/utils/chair_authorization_validator.py _parse_kstr/?sz dC J ""4-Byy ZZtZ,I     s9A A&%A&c4|6tjtjj t S|}t |tr$|jr|S|jt Stt|}|td||S)Nr"z#clock() returned unparsable value: ) rnowrutc astimezoner(r$r#r'r/r%r))clockvalparseds r._now_kstr7Zs} }||HLL)44T:: 'C#x jjs>ckkk&>> C !F ~>sgFGG MN)r4 max_ttl_hoursc rg}| dtdgfSt|ts dtdt|jgfS|j dt k7r*|jdt d|j dtD]}||vs|jd||j d }|tvr$|jd ttd||r dt|fS|j d }t|tr|js dtd gfS|j d }|j d} t|tr t|nd} t| tr t| nd} | dtd|gfS| dtd| gfSt!|} | | kr,dt"d| j%d| j%gfS| | z j'} | |dzkDr7dt(d| dz dd|d| j%d| j%d gfS|j d}|j d}t|t*r|s dtdgfSt|t*r|s dtdgfS|t,k(r%t/|dk7rdtdt/|dgfSt|tr|j d nd}t|tr|j d!nd}|d}n t1|}|Dcgc]?}t|t0s"t|ts$|j7s5t1|A}}|||vrdt8d"|d#|gfSt|tr||vrdt:d$|d%|d&gfSd't<gfS#t2t4f$rd}YwxYwcc}w)(uEValidate a chair_merge_authorization JSON payload against pr_identity. Returns: (ok, code, reasons) — ``code`` is one of the AUTH_* enums. Verbatim-token signature doctrine (spec §6.2 / 회장 결정 #2): chair_signature MUST be present, non-empty, and a string. The actual signature *content* is compared verbatim by the caller against the expected chair-issued token; this validator only enforces presence and type. HMAC-based hardening is reserved for a follow-up task (회장 결정 #2 후속 hardening 후보). NFzchair_authorization is Nonez&chair_authorization must be dict, got rzschema must be z, got zrequired key missing: rzscope must be one of rz#chair_signature is missing or emptyrrzexpires_at_kst unparsable: zissued_at_kst unparsable: zexpires_at_kst u ≤ now izTTL z.2fzh > cap z h (issued_at=z , expires_at=)rrz#pr_numbers must be a non-empty listz"head_shas must be a non-empty listz6per_pr scope requires exactly 1 pr in pr_numbers (got prhead_shazpr_identity.pr z not in authorized pr_numbers=zpr_identity.head_sha z not in authorized head_shas=u7 (head change requires re-authorization — spec §6.2)T)rr$dicttype__name__getCHAIR_AUTH_SCHEMAappendREQUIRED_AUTH_KEYSCHAIR_AUTH_SCOPESsortedrr%striprr/r7r isoformat total_secondsrlistCHAIR_AUTH_SCOPE_PER_PRlenint TypeErrorr)isdigitrrr) authorization pr_identityr4r9reasonskeyrsig expires_at issued_at expires_dt issued_dtr1 ttl_secondsrrr=r>pr_intp normalizeds r.validate_chair_authorizationr^fsU&Gl%B$CCC mT *l'MdS`NaNjNjMk%l$mmm"&77/2&9J9J89T8W X "; m # NN3C59 :;   g &E %%.v6G/H.IPUyYZ)722   - .C c3 syy{,/T.UUU""#34J!!/2I+5j#+FJ'DJ)3Is)C 9%I).I*,X+YYY).H ,V+WWW 5/CSlj2245Ys}}>O P%    )88:K]T))(;%c*(=/B#--/0 j>R>R>T=UUV X+   ""<0J!!+.I j$ 'z),Q+RRR i &i),P+QQQ ''C Oq,@)DS_DUUV W,   #-[$"? TB.8d.K{z*QUH z $ WF#jC&8Z3=OTUT]T]T_AJ~z1&bV#A* P)    h $ (A,#Hrps,#22336" 68NOP   + %11) "#6   1 kkk  k  k ! kd       r8