0bj_ dZddlmZddlmZmZddlmZmZm Z ddl m Z m Z m Z mZmZmZdZdZdZd Zd Zd Zd ZeGd dZddddee ddd ddZ ddZGddeZgdZy)uanu_v3.callback_owner_validator — callback owner/key/role runtime validator 결선 (task-2553+49 AUTHORITATIVE §4.1 / §5.A / §5.C). 회장 §3/§4: "callback owner/key/role runtime validation" 을 실제 runtime path 에 결선한다. narrow +49 는 ``dispatch.callback_owner_enforcer`` 를 standalone 으로만 두었다. 본 모듈은 그 검증 로직을 **anu_v3 runtime 계층**에 결선하는 어댑터이자, callback registration helper 가 등록 직전 **반드시 경유**해야 하는 fail-closed validator 다 (§5.C: "normal/fallback callback 등록 직전 owner/key /role 검증 / mismatch 면 등록 안 함"). reuse, not re-implement: 실제 검증 규칙은 비-frozen ``dispatch.callback_owner_enforcer`` (narrow +49 산출, byte-0 carve-out 결정으로 non-frozen) 를 단일 진실원으로 호출한다. 규칙 중복 = drift 위험이므로 금지. Layer A / NO-CRON: 순수 검증. ZERO cron / dispatch / subprocess / cokacdir. ) annotations) dataclassfield)ListOptionalSequence)DEFAULT_ANU_KEYSFAILHOLDPASSenforce_callback_owner is_anu_keyz#anu_v3.callback_owner_validation.v1CALLBACK_OWNER_MISMATCHCALLBACK_COLLECTOR_NOT_ANUSELF_COLLECTOR_FORBIDDENCALLBACK_4TUPLE_INVALIDDISPATCH_PATH_BYPASSED_CONTRACTCALLBACK_REGISTRATION_BLOCKEDceZdZUded<ded<ded<ded<ded<ded <ded <ded <ded <d ed<eeZded<eddZeddZ ddZ y)CallbackOwnerValidationResultstrschemaverdictz List[str]classificationsboolregistration_allowedowner_is_independent_anutask_id executor_key collector_keycollector_roledict enforcement)default_factoryreasonsc(|jtk(S)N)rr selfs P/home/jay/workspace/.worktrees/task-2696-dev7/anu_v3/callback_owner_validator.pyokz CallbackOwnerValidationResult.ok8s||t##c<|jr|jdSdS)Nr)rr's r)primary_classificationz4CallbackOwnerValidationResult.primary_classification<s *.*>*>t##A&HDHr+c4|j|jt|j|j|j |j |j|j|j|j|jt|jd S)N) rrrr-rrrrr r!r#r%) rrlistrr-rrrrr r!r#r%r's r)to_jsonz%CallbackOwnerValidationResult.to_json@szkk||#D$8$89&*&A&A$($=$=(,(E(E|| --!//"11++DLL)  r+N)returnr)r1 Optional[str])r1r") __name__ __module__ __qualname____annotations__rr/r%propertyr*r-r0r+r)rr*sw K L"" Lt4GY4 $$II r+rNFcokacdir_cron_directT)collector_owner_keychat_idprompt_claims_anu_collector entry_pathanu_keys no_fallbackanu_keys_resolvablecJt|||||||||| | | | | }|jtk(}t|j}|s|j ddt t|jt|j||j|||||j| S)uRuntime fail-closed owner/key/role validator (§5.A/§5.C). Delegates the rule set to ``enforce_callback_owner`` (single source of truth) and maps it to a *registration decision*: PASS -> registration allowed; FAIL -> registration blocked (mismatch -> 등록 안 함, §5.C); HOLD -> blocked + escalate (§11). The prompt-text claim is NEVER authoritative — owner/key/role identity is (§5.A/regression 4). )rrr r;r!normal_collector_cron_idfallback_callback_cron_iddispatch_cron_idr<r=r>r?r@rArucallback registration BLOCKED at the runtime validator — owner/key/role did not fail-closed validate; the registration helper MUST NOT register this callback (§5.C / regression 23).) rrrrrrrr r!r#r%) r rr r/r%insertrVALIDATOR_SCHEMArrr0)rrr r;r!rCrDrEr<r=r>r?r@rAenfrr%s r)validate_callback_owner_runtimerIQs2 !!#/%!9";)$?/ C ;;$.3;;G   N ) S0011!$!=!=!#%KKM  r+c |jtk7r;td|jd|jd|jxst dy)ucHard gate used by the registration helper just before cron register. Raises ``CallbackRegistrationBlocked`` unless the validator PASSed. This is the structural "mismatch -> 등록 안 함" enforcement point (§5.C): a caller that ignores the return value still cannot register a self-owned callback because this raises (fail-closed). z'callback registration blocked: verdict=z classifications=z ()N)rr CallbackRegistrationBlockedrr-r)results r)assert_registration_permittedrNs_~~)5fnn5EF%5567--N1NOq R  r+ceZdZdZy)rLzBRaised by ``assert_registration_permitted`` on a non-PASS verdict.N)r3r4r5__doc__r8r+r)rLrLsLr+rL)rGr r r rrrrrrrrrIrNrL)rrrrr rr;r2r!rrCr2rDr2rErr<rr=rr>rr?z Sequence[str]r@rrArr1r)rMrr1None)rP __future__r dataclassesrrtypingrrr dispatch.callback_owner_enforcerr r r r r rrGrrrrrrrtuplerIrN RuntimeErrorrL__all__r8r+r)rYsK #(++93953"C ? # #  # V*. (-,#$45 $> >> > ' >  >,> ->>>"&>>>>> #!>B )   $M,M r+