|.j #UdZddlmZddlmZmZddlmZmZm Z m Z dZ e e hZ ded<ddZd Zd Zd Zd Zd Zd ZdZdZeGddZee d ddZgdZy)uEutils.callback_authority_validator — envelope vs actual owner authority gate. task-2646 CALLBACK_REGISTRATION_AUTHORITY_GATE. Validates whether the actual schedule owner key matches the envelope collector_key and is an independent ANU key. Layer A / NO-CRON / NO-WRITE / NO-SUBPROCESS: pure function, zero side-effects. ) annotations) dataclassfield)ListOptionalSequenceTuplec119085addb0f8b7 frozensetDEFAULT_ANU_KEYSc6t|xr |t|vS)z;True iff key is a non-empty configured independent ANU key.)boolset)keyanu_keyss S/home/jay/workspace/.worktrees/task-2646-dev3/utils/callback_authority_validator.py is_anu_keyrs 9 -H --z%utils.callback_authority_validator.v1PASSFAIL*AUTHORITATIVE_CALLBACK_COLLECTOR_PROCESSED NON_AUTHORITATIVE_SELF_COLLECTOROWNER_KEY_MISMATCHOWNER_KEY_VERIFIEDceZdZUdZded<ded<ded<ded<ded<ded<d ed <ee Zd ed <eddZ ddZ y)AuthorityVerdictz(Result of an authority validation check.strschemaverdictstateenvelope_collector_keyactual_owner_key executor_keyz Optional[str]authority_marker)default_factoryz List[str]reasonsc(|jtk(S)N)rrselfs rokzAuthorityVerdict.ok8s||t##rc |j|j|j|j|j|j |j t|jdS)Nrrr r!r"r#r$r&) rrr r!r"r#r$listr&r(s rto_jsonzAuthorityVerdict.to_json<sQkk||ZZ&*&A&A $ 5 5 -- $ 5 5DLL)  rNreturnr)r0dict) __name__ __module__ __qualname____doc____annotations__rr-r&propertyr*r.rrrr+sR2 K L J##t4GY4 $$  rr)rc Rg}t||}t||}||k(rS|r|jd|d|dn|jd|dtttt |||t |S|r=|s;|jd|d|dtttt|||t |S|s@|jd|d t|d tttt|||d |S|r@||k(r;|jd|d |d tttt|||t|S|r9|s7|jd|d|dtttt|||d |S|jd|dtttt|||t|S)uGate: validate callback registration authority. Decision logic (in priority order): 1. actual == executor_key → state=NON_AUTHORITATIVE_SELF_COLLECTOR, verdict=FAIL, marker=NON_AUTHORITATIVE_SELF_COLLECTOR (self-key callback is always forbidden, regardless of envelope) If envelope=ANU, reason includes "ENVELOPE_ACTUAL_MISMATCH" (ANCHOR-1) 2. envelope_collector_key ∈ anu_keys BUT actual_owner_key ∉ anu_keys (actual != executor — handled above) → state=OWNER_KEY_MISMATCH, verdict=FAIL, marker=NON_AUTHORITATIVE_SELF_COLLECTOR reason includes "ENVELOPE_ACTUAL_MISMATCH" (ANCHOR-1) 3. envelope_collector_key ∉ anu_keys AND actual_owner_key ∉ anu_keys → state=OWNER_KEY_MISMATCH, verdict=FAIL 4. actual_owner_key ∈ anu_keys AND envelope_collector_key == actual_owner_key → state=OWNER_KEY_VERIFIED, verdict=PASS, marker=AUTHORITATIVE_CALLBACK_COLLECTOR_PROCESSED z=ENVELOPE_ACTUAL_MISMATCH: envelope.collector_key is ANU key (z) but actual_owner_key uz == executor_key → NON_AUTHORITATIVE_SELF_COLLECTOR (self-key + ANU envelope mismatch; ANCHOR-1 + ANCHOR-5 fail-closed).zactual_owner_key ua == executor_key → NON_AUTHORITATIVE_SELF_COLLECTOR (self-key callback forbidden, fail-closed).r,z) but actual schedule owner z* is not an ANU key (ANCHOR-1 fail-closed).z is not an ANU key (anu_keys=u) → OWNER_KEY_MISMATCH.Nu) ∈ anu_keys AND envelope_collector_key uO == actual → OWNER_KEY_VERIFIED / AUTHORITATIVE_CALLBACK_COLLECTOR_PROCESSED.u) ∈ anu_keys but envelope_collector_key u@ is not ANU → OWNER_KEY_MISMATCH (envelope not authoritative).uY ∈ anu_keys (PASS — envelope/actual key difference within ANU key set is acceptable).) rappendrSCHEMAr&STATE_NON_AUTHORITATIVE_SELF_COLLECTORMARKER_NON_AUTHORITATIVESTATE_OWNER_KEY_MISMATCHr-rSTATE_OWNER_KEY_VERIFIEDMARKER_AUTHORITATIVE)r!r"r#rr&envelope_is_anu actual_is_anus rvalidate_authorityrCIsW<G !7BO/:M <'  NN*--D#&'>>  NN#$4#78++   8#9-%5  } &))E""L N  *#9-%5    034h((A C  *#9-%!  /3CC 034&&<%?@O O  *#9-%1  _ 034&&<%?@? ?  *#9-%!   NN ,/0L L &5)!-  r)r;rrr@r=rrCNr/) r!rr"rr#rrz Sequence[str]r0r)r5 __future__r dataclassesrrtypingrrrr _ANU_KEY_2553r r r6rr;rrr@r=r<r>r?rtuplerC__all__r8rrrJs#(22 # '8)8. 1  D=*L&//     D$$45 UUU U  U  Up r