jV~dZddlmZddlZddlZddlZddlmZmZddl m Z ddl m Z m Z mZmZmZmZdZdZd Zd Ze d Ze d Zd ZdZdZdZdZeeeeehZeGddZeGddZ ef d&dZ!d'd(dZ"edef d)dZ#ejHdejJZ&ejHdejJZ'd*dZ(ef d+dZ)eedeeed d,dZ*eGdd Z+d!Z, d-d"Z-d.d#Z.ded$ d/d%Z/y)0uutils.callback_authority_4source_validator — 4-source callback authority gate. task-2680 — CALLBACK_SELF_KEY_REGISTRATION_HARDENING_FIX_IMPLEMENTATION chair_authorization_id: CHAIR-AUTH-CALLBACK-SELF-KEY-HARDENING-FIX-20260526-JJONGS-IMPLEMENT-001 ★ 본 module 은 callback collector spawn 시점에 4-source 교차검증을 수행하는 pure-function validator 이다. 코드 외부 (cokacdir CLI, schedule_history file) 의 actual owner key 를 query 해 envelope text 의 owner_key 와 1:1 대조한다. 4 source (회장 verbatim · task-2677 4source_verify_doctrine §1.1): * S1 schedule_history — /home/jay/.cokacdir/schedule_history/.log 의 callback fire 시점 bot_key_verifier / workspace / prompt 채록. * S2 cron-history — cokacdir --cron-history --key 의 actual owner key 채록 (★ K = ANU key + executor self-key 2회 query). * S3 envelope — S1.prompt 본문 (envelope text) 의 owner_key / self_key / schema 텍스트 채록. * S4 result artifact — memory/events/.*-result-*.json 의 callback_cron_id / callback_registration_status / callback_role 채록. 분류 enum (회장 task-2680 수정 목표 4): * ANU_AUTHORITATIVE — 4-source PASS, S2 owner == ANU key * NON_AUTHORITATIVE_SELF_COLLECTOR — S2 owner == executor self-key (★ self-key callback 자동 분류) * NON_AUTHORITATIVE_KEY_DRIFT — S2 owner != ANU and != executor self-key * UNDETERMINED_HISTORY_GAP — S1/S2 query 실패 (cron-history 부재) * PROMPT_DRIFT — S3 envelope text 의 owner_key 가 ANU 아님 Layer A · Read-only · NO-CRON (회장 9-R.1 1:1): 본 module 은 cron register/remove, dispatch, subprocess cokacdir exec 0. external state query (file read, subprocess --cron-history) 만 수행. ★ ANU independent reverify trigger (회장 task-2680 수정 목표 5): classify_collector_authority 가 NON_AUTHORITATIVE_* / UNDETERMINED_* / PROMPT_DRIFT 를 반환하면 caller (collector helper integration) 가 anu_independent_reverify_request 를 emit 해야 한다. 본 module 은 trigger 결정만 노출 — 실 dispatch 는 별도 layer. ) annotationsN) dataclassfield)Path)AnyCallableDictListOptionalSequencez-utils.callback_authority_4source_validator.v1c119085addb0f8b7 6937032012z/usr/local/bin/cokacdirz$/home/jay/.cokacdir/schedule_historyz!/home/jay/workspace/memory/eventsANU_AUTHORITATIVE NON_AUTHORITATIVE_SELF_COLLECTORNON_AUTHORITATIVE_KEY_DRIFTUNDETERMINED_HISTORY_GAP PROMPT_DRIFTceZdZUdZdZded<dZded<dZded<dZded<dZ ded<e e Z d ed <e e Z d ed <dd Zy)FourSourceEvidencez5Raw + parsed evidence from each source (audit trail).NOptional[Dict[str, Any]]s1_schedule_historys2_anu_cron_historys2_self_cron_history s3_envelopes4_result_artifactdefault_factory List[str] queried_paths query_errorsc |j|j|j|j|jt |j t |jdS)N)rrrrrrr )rrrrrlistrr selfs -utils/callback_authority_4source_validator.pyto_jsonzFourSourceEvidence.to_jsonUsU#'#;#;#'#;#;$($=$=++"&"9"9!$"4"45 !2!23  returnDict[str, Any])__name__ __module__ __qualname____doc__r__annotations__rrrrrr"rr r&r'r%rrJsc?481848185929,0K)03707$T:M9:#D9L)9  r'rceZdZUdZded<ded<ded<ded<ded<ded<d ed <d ed <ee Zd ed<dZded<dZ ded<ddZ y)AuthorityClassificationz0Final 4-source classification + escalation hint.strschemaclassification schedule_idtask_id executor_keyanu_keyboolis_authoritativerequires_anu_reverifyrrreasonsNzOptional[FourSourceEvidence]evidence Optional[str]escalation_hintc D|j|j|j|j|j|j |j |jt|j|jr|jjnd|jd S)N r4r5r6r7r8r9r;r<r=r>r@) r4r5r6r7r8r9r;r<r"r=r>r&r@r#s r%r&zAuthorityClassification.to_jsonps{kk"11++|| --|| $ 5 5%)%?%?DLL)37== --/d#33  r'r() r+r,r-r.r/rr"r=r>r@r&r0r'r%r2r2as[: K L Lt4GY4-1H*1%)O])  r'r2ch||dz }|jsy |jdd5}|jDcgc]#}|js|j%}}dddsyt j |dScc}w#1swY)xYw#t tf$rYywxYw)zRead /home/jay/.cokacdir/schedule_history/.log (JSONL). Returns the LAST line parsed as JSON (most recent execution) or None if the file is missing / unreadable / empty. .logNrutf-8encoding)existsopen readlinesstripjsonloadsOSError ValueError)r6 history_dirlog_pathflnliness r%_read_schedule_historyrWs }D11H ??  ]]3] 1 GQ*+++-FB288:RXXZFEF Gzz%)$$G G G Z sFBBBB)B+ B6BBBBB10B1cFtjt|dd|S)uDefault subprocess runner — calls cokacdir CLI. Returns subprocess.CompletedProcess (or equivalent). Callers may inject a fake runner for tests. T)capture_outputtexttimeout) subprocessrunr")argvr[s r%_default_cokacdir_runnerr_s" >> T 4dG r'c|xst}|d|dt|d|g} ||d}t|d d }t|d d xsd j } t|d d xsd j } |dk7rdd|d| ddddS| sddddS t j | jd} t| tsddddS| S#t$r}dd|ddcYd}~Sd}~wwxYw#ttf$rdd| ddddcYSwxYw)zQuery cokacdir --cron-history --key . Returns dict with parsed JSON output (or {"status":"error", ...} on failure). Schema: {status, count, history, id, ...}. z--cron-historyz--chatz--keyerrorzsubprocess raised: N)statusrbcount returncodestdoutstderrrzcokacdir exit=z stderr=z empty stdoutrIz bad json: z not a dict) r_r3 ExceptiongetattrrMrNrO splitlinesrQ IndexError isinstancedict) r6keychat_idrunner cokacdir_pathr^procexcrcrgripayloads r%_query_cron_historyrysd //F G   DZdB |Q 'BdHb)/R 6 6 8FdHb)/R 6 6 8F Qw%bT&#,@  !NTJJX**V..045 gt $!L4HH N' Z!.A#,ITXYYZ  #X!j,GRVWWXs/ C &C, C)C$C)$C),D  D z*owner_key[\"']?\s*[:=]\s*[\"']?([a-f0-9]+)z)self_key[\"']?\s*[:=]\s*[\"']?([0-9a-f]+)c|s dddddddS tj|}t|trE|j d|j d|j d|j dd d d S tj|}tj|}|r|jd nd|r|jd ndddt|xs|d d S#t t f$rYwwxYw)zParse envelope text (the cron prompt body) for owner_key / self_key / schema. Tolerates JSON envelope or YAML-style envelope text. Returns dict with keys: owner_key, self_key, schema, task_id, parse_ok. NFz empty prompt) owner_keyself_keyr4r7parse_okreasonr{r|r4r7TrN)r{r|r4r7r}formatrfregex) rNrOrorpgetrQ TypeError _OWNER_KEY_REsearch _SELF_KEY_REgroupr:)promptrxowner_mself_ms r%_parse_envelope_from_promptrs !ttUnN N  **V$ gt $$[[5#KK 3!++h/";;y1    %""6*G   (F)0W]]1%d'-FLLO4*F+    "   sA)CC0/C0c"|jsy|d}t|j|d}|D]6} |jdd5}t j |cdddcSy#1swYnxYwG#t tf$rYXwxYw)zScan memory/events/.*-result-*.json (most recent first). Returns the parsed dict of the most recent match or None if absent. Nz.*result*.jsonT)reverserErFrG)rJsortedglobrKrNloadrPrQ)r7 artifact_dirpatternmatchespathrTs r%_read_result_artifactrs     (G\&&w/>G 31 $Qyy| $ $   $ $ $$   s)A< A/! A</A8 4A<<B B)r9rrcokacdir_runnerrRrrtc ,t} g} t||} | | _| jj t ||dz | | j j d|dt|||||} t|||||} | | _| | _ d'd}| jdd k7r|| nd }| jdd k7r|| nd }| r| xsijd d nd }t|}|| _ t|| }|| _|dkr|dkr| j dt}n|dk\r'|dkr"| j d|d|d|dt }n|dk\r$|dk\r| j d|d|dt"}ni|dk(r|dk(r| j dt}nG|dk\r$|dkr| j d|d|dt$}n| j d|d|dt}|t$k(r7|jdr&|d|k7r| j d |dd!t&}|t$k(}|t(v}d}|t k(rd"}n#|t"k(rd#}n|tk(rd$}n |t&k(rd%}t+t,|||||||| | |& S)(u4-source cross-check at collector spawn time. Returns classification. ★ Transition table (task-2680 6 수정 목표 #3 + #4): | S2.anu_count | S2.self_count | S3.owner_key | result | | >=1 | 0 | == ANU | ANU_AUTHORITATIVE | | 0 | >=1 | * | NON_AUTHORITATIVE_SELF_COLLECTOR | | 0 | 0 | * | UNDETERMINED_HISTORY_GAP | | >=1 | >=1 | * | NON_AUTHORITATIVE_KEY_DRIFT (★ both registered = collision) | | * | * | != ANU (≠None) | PROMPT_DRIFT (overrides PASS) | Read-only · NO-CRON · no mutation. )rRrDNzS1: schedule_history/z .log missing)rrrsrtc|jd}t|tr|St|tr|j r t|Sy)Nrdr)rrointr3isdigit)rxcs r%_countz,classify_collector_authority.._countEs= KK  a H a !))+q6Mr'rcrbrIrrh)rruuS2 query failed for both ANU and executor self-key — cron-history unavailable (likely cokacdir CLI absent or auth).rfzS2.cron-history with --key z returned count=z (>=1) AND ANU key count=uP — executor self-key callback detected (★ NON_AUTHORITATIVE_SELF_COLLECTOR).zS2: BOTH ANU (count=z) AND executor self-key (count=ud) cron-history returned — registration drift / dual-owner collision (NON_AUTHORITATIVE_KEY_DRIFT).uS2: neither ANU nor executor self-key cron-history returned a matching schedule — registration history gap (UNDETERMINED_HISTORY_GAP).zS2: ANU key cron-history count=z# (>=1) and executor self-key count=u — actual owner is ANU.zS2: anu_count=z self_count=u1 — unhandled state, defaulting to UNDETERMINED.r{zS3.envelope.owner_key=u5 != ANU key — envelope text drifted (PROMPT_DRIFT).u★ self-key callback detected — emit ANU independent reverify request (utils.callback_collector_helper_integration.emit_anu_independent_reverify_request) + 회장 chat 보고.uX★ dual-owner cron registration — escalate to chair, halt collector self-attestation.z?retry S2 query after backoff; if persistent, escalate to chair.u_envelope text owner_key drifted from ANU canonical — reject envelope, cancel collector spawn.rB)rxr*r)r)rrWrrappendr3r ryrrrrrrrrrrrr REVERIFY_TRIGGER_CLASSIFICATIONSr2VALIDATOR_SCHEMA)r6r8r7r9rrrrRrrtr>r=s1s2_anus2_selfr anu_count self_countrs3s4clsis_authneeds_reverifyhints r%classify_collector_authorityrsR2"#HG  EB#%H  !!#k{m44H&H"IJ z$$'<[M%VW!WgmF"\7mG$*H $+H!#)**X"6'"AvrI$+KK$9W$D"J.0bhB^^Hb )RF $V ,BH w\ BB"$H1}a M ' qY!^),7Gl3I;?Z Z / aJ!O"9+. \"J J * aJ!O * ' aJ!O-i[9''1l2K M   YK|J<@; ; ' BFF;$7B{Owutils.callback_authority_4source_validator.reverify_request.v1c |jsyd|jd}|jr|jdnd|j}t t |j|j |j|||S)aBuild a reverify request descriptor if classification triggers reverify. Returns None if classification == ANU_AUTHORITATIVE (no reverify needed). Otherwise returns a ReverifyRequest the caller can pass to ANU dispatch or to chair escalation. Nzmemory/events/z%.independent_anu_reverify.result.jsonrzclassification=r)r<r7r=r5rREVERIFY_SCHEMAr6)r5r artifact_hintprimary_reasons r%&build_anu_independent_reverify_requestrs  / / //01/ / &4%;%;q!~<<= > &&+77%445( r'c(|jtk(S)zTrue if classification == NON_AUTHORITATIVE_SELF_COLLECTOR. Convenience predicate for callers that only care about the self-key case (the dominant Track A / Track J failure mode). )r5r)r5s r%is_self_key_callbackrs  ( (,L LLr')envelope_owner_keyr9c ~g}||jdt}n{||k(r|jd|dt}nZ||k(r:|r ||k7r|jd|t}n3|jdt}n|jd|dt }t t||||||tk(|tv|dd S) zTest-friendly fast-path: classify from already-observed values without hitting the filesystem or subprocess. Used by regression suite when fixtures already capture the observed owner binding (e.g. parsed schedule_history fixtures). Nu*observed_owner_key is None — history gapz$observed owner == executor self-key u% — NON_AUTHORITATIVE_SELF_COLLECTORzenvelope text drift: owner_key=u+observed owner == ANU key — authoritativezobserved owner u3 != ANU and != self — NON_AUTHORITATIVE_KEY_DRIFTrB) rrrrrrr2rr)r6r8r7observed_owner_keyrr9r=rs r%classify_from_observedrsG!CD& | +2<2BC/ / / w & "4"? NN12D1GH C NNH I#C034* * * "! 11!%EE  r')r6r3rRrr)r)ra)r^z Sequence[str]r[rr)r) r6r3rqr3rrr3rs-Optional[Callable[[Sequence[str], int], Any]]rtr3r)r*)rr3r)r*)r7r3rrr)r)r6r3r8r3r7r3r9r3rrr3rrrRrrrrtr3r)r2)r5r2rr3r)zOptional[ReverifyRequest])r5r2r)r:)r6r3r8r3r7r3rr?rr?r9r3r)r2)0r. __future__rrNrer\ dataclassesrrpathlibrtypingrrr r r r rANU_KEYDEFAULT_CHAT_ID COKACDIR_CLISCHEDULE_HISTORY_DIRRESULT_ARTIFACT_DIRrrrrr frozensetrrr2rWr_rycompile IGNORECASErrrrrrrrrrr0r'r%rs&N# (@@B ( BC>?(#E ;5 $-$ .$      ,     D-0#<@% ++ ++ : +  +  +` H"--X rzzF V !P- 8"EI,,%ccc c  c  cCcccccP     6S+  DM)-444 4 & 4 & 444r'