9bjN 8dZddlZddlZddlZddlZddlZddlZddlZejjejje Z ejjde ejje ZeejvrejjdeddlZddlZddlmZdededefdZdedej,fdZd ed edefd Zdededeedzeffd Zd ededefdZdedefdZdededzfdZdededzfdZ de!ededee"effdZ#dedej,dedeeeffdZ$dededeeeffdZ%dedej,dedeeeffdZ&dedededeeeffd Z'd#d!Z(e)d"k(re(yy)$u pre_push_guard.py — push 직전 4가지 안전 점검 (Guard MVP Phase 1) 4가지 검사: B-1 working tree clean 검사 (working_tree_modified ∪ untracked 기준) B-2 main...origin/main ahead/behind 검사 B-3 task scope 일치 검사 (head_diff 기준) B-4 qc-result JSON vs 보고서 일치 검사 모두 PASS → exit 0 / 한 건이라도 FAIL → exit 1 N)Pathtask_id workspacereturncR|dz dz |dz }d}|jr4 tj|jj dd}t j}d|vxs"dt jj ddv}|r|r|Sy#t $rd}YPwxYw) ulock_sha..HEAD 기준 diff base 결정 (PR sub-task worktree 오판 방지). worktree 컨텍스트 + lock 파일에 lock_sha 존재 시 lock_sha 반환, 그 외에는 origin/main fallback. z.taskslocksz.locklock_shaz /.worktrees/GIT_DIR origin/main) existsjsonloads read_textget Exceptionosgetcwdenviron)rr lock_filer cwd is_worktrees G/home/jay/workspace/.worktrees/task-2696-dev7/scripts/pre_push_guard.py_resolve_diff_baser%s H$w.G9E1BBIH zz)"5"5"78<RZZ^^IWY=Z+ZKx  H s3B B&%B&ctj|}tjd|zdz|zdz|zdz|zdzS)Nas^(memory/heartbeats/|memory/daily/|memory/logs/|memory/reports/|memory/capabilities/|memory/sessions/|memory/meetings/|memory/backups/|memory/screenshots/|memory/events/|logs/|whisper/|memory/whisper/|output/)|^bot-activity\.json$|^token-ledger\.json$|^memory/token-ledger\.json$|^memory/task-timers\.json|^memory/pipeline-status\.json$|^memory/preview-state\.json$|^memory/merge-log\.json$|^memory/bot_settings_sync\.json$|^memory/memory-check-log\.json$|^memory/canary-status\.json$|^\.heartbeat$|^memory/\.task-counter$|^config/constants\.json$|^scripts/gemini_rate_tracker\.json$|^tests/coverage-report\.txt$|^memory/tasks/z\.md$|^memory/tasks/z/|^memory/reports/zR(?:-[\w-]+)?\.md$|^memory/tasks/(?:task-|dispatch-).*\.md$|^memory/plans/tasks/(?!zr(?:/|$))[^/]+/.*$|(?:^|/)conftest\.py$|^teams/|^tests/test_(?!pre_push_guard|task_scope|qc_report_guard)[^/]*\.py$)reescapecompile)rsafe_ids r_build_system_ignorer =sxii G :: % %( % %(  '! ' *$! $&'.' .&1P' P patternpathc|jdr |dd}||k(xs|j|dzS|dk(ryd|vrtj||jddrytj j |}tjdd |jdd }tj||ryy tj||S) u-fnmatch 기반 glob 매칭. ** 패턴 지원.z/**N/z**T*z\*\*/r F) endswith startswithfnmatchreplacerr#basenamersub)r"r#prefixfilename pat_simples r glob_matchr1_s"v~>#!>>$ w ??4s!; <77##D)VVHb'2::5"E ??8Z 0 ??4 ))r!ctjj|dd|d}tjj|rN t |d5}t j |}dddjdi}t||}|dfStjj|dd |d }tjj|sdd |fS t |d5}|j}dddt}|y t||}|dfS#1swYxYw#t$r}dd |fcYd}~Sd}~wwxYw#1swYPxYw#t$r}dd|fcYd}~Sd}~wwxYw)u allowed_resources 해소. 1) /memory/capabilities/.json 우선 2) 없으면 /memory/tasks/.md ## allowed_resources YAML fallback 반환: (allowed_resources_dict | None, 에러메시지|"") memory capabilitiesz.jsonzutf-8)encodingNallowed_resourcesr u#capability snapshot 파싱 실패: tasksz.mdu3capability snapshot 없음, task 파일도 없음: )Nu1task 파일에 ## allowed_resources 블록 없음utask 파일 파싱 실패: ) rr#joinr openrloadr_substitute_placeholderrread_parse_allowed_resources_yaml) rrcap_pathfsnapare task_path task_texts r_resolve_allowed_resourcesrEssrww||IxG9EARSH ww~~h Ch1 $Qyy| $-r2B(W5Br6M  Y'gYc?KI 77>>) $J9+VVV 7 )g . !!I ! *9 5 :L $R 12v + $ $  C>qcBB B C ! ! 721#6667sr D/D#))D/ E,E =EE#D,(D// E 8E>E E  EE E2!E-'E2-E2rAcdttdttffd }t|}d|vr||d|d<d|vr||d|d<|S)uNpaths/forbidden_paths의 'task-XXXX' placeholder → 실제 task_id로 치환.itemsrcN|Dcgc]}|jdc}Scc}w)Nz task-XXXX)r+)rGitemrs r_subz%_substitute_placeholder.._subs"?DEt ['2EEEs"pathsforbidden_paths)liststrdict)rArrJresults ` rr;r;siFDIF$s)F"XF&vg/wF"$(0A)B$C ! Mr!valuecTd|vr#|jdddj}|S)uYAML list item 의 inline ``# 주석`` 제거 (single split, no quote escape). 예) ``"path/to/file" # 주석`` -> ``path/to/file``. 본 task 에서 path 안에 ``#`` 사용은 없으므로 단순 split 으로 충분. #r)splitrstrip)rQs r_strip_yaml_inline_commentrWs.  e| C#A&--/ Lr!textctjd|tjtjz}|sy|j d}i}d}|j D]}|j }|jdrd}g||<,|jdrd}g||<E|jdrh|d vrd|d dj }t|}|j j d j d }|s||j||s|jd rd|vsd}|r|SdS)u``## allowed_resources`` 섹션에서 YAML 블록 파싱. 수정 사항 (task-2471 hardening): * numbered heading 인식 (``## 7. allowed_resources`` 형식 OK) * list item 의 inline ``# 주석`` 제거 z?^##\s+(?:\d+\.\s+)?allowed_resources\s*\n```(?:yaml)?\n(.*?)```NrTzpaths:rKzforbidden_paths:rLz- )rKrL"'-:) rsearch MULTILINEDOTALLgroup splitlinesstripr)rWappend)rXm yaml_textrP current_keylinestrippedrQs rr=r=s; J bllRYY& A  IF"K$$&::<   x (!K"$F;   !3 4+K"$F;    &;:V+VQRL&&(E.u5EKKM'',2237E{#**51 h11#63(?K 6%%r!branchc ddlm}||S#t$rt|tr|sYyt j d|}|sYyd|jd}|jdr|d|jdz }|jd r|d|jd z }|jd r|d |jd z }|cYSwxYw) ubranch 에서 task id 추출 (+N suffix 보존). ``utils.task_id_parser`` 의 동명 함수에 위임. 내부적으로 Phase/parallel/retry 모두 보존한다. r)extract_task_id_from_branchNz3task-(\d+)(?:_(\d+\.\d+))?(?:_([a-z]))?(?:\+(\d+))?ztask-rTrZ_+)utils.task_id_parserrm ImportError isinstancerNrr_rb)rk _v2_extractrfouts rrmrms  6"" &#&f II B  aggaj\" 771: Qqwwqzl# #C 771: Qqwwqzl# #C 771: Qqwwqzl# #C #s CCBCCargsrcdd|g|z}tj|ddd}|j|jj fS)u1git 실행 → (returncode, stdout). shell=False.gitz-CTF)capture_outputrXcheck) subprocessrun returncodestdoutrd)rwrcmdrs r_run_gitrsA $ t #Cs4d%HA <<) ))r! diff_setsignore_patternr6c dtdtfd}t|jdgt|jdgzDchc] }|| }}|Dcgc]}|j|r|}}|sy|jdg}|jdg}g} |D]Q t fd |Dr| j d ,t fd |DrA| j S| rHd j | d d} t| dkDr| dt| dz } ddt| d| dfSddt|dfScc}wcc}w)u working_tree_modified ∪ untracked 집합에서 system-ignore 적용 후 task scope 밖 파일이 있으면 FAIL. prcl|jdr"|jdr|jdS|S)Nr[)r)r(rd)rs r _strip_quotesz,check_b1_working_tree.._strip_quotes s* ||C0QZZ_qwws|K!Kr!working_tree_modified untracked)Tu변경 없음 (clean)rKrLc36K|]}t|ywNr1.0fpr#s r z(check_b1_working_tree..#>z"d#>z (forbidden)c36K|]}t|ywrrrapr#s rrz(check_b1_working_tree..'@B:b$'@r, N ... (건)Futask scope 밖 변경 건: u/ — git stash push -u 로 격리 후 재시도Tusystem-ignore 후 건 모두 scope 내)rNsetrr_anyrer8len) rrr6rrdirty after_ignore allowed_pathsrL out_of_scopedetailr#s @rcheck_b1_working_treersLLL  5r: ;)-- R01 2   a E  %E!N,A,A!,DAELE , 144WbAM!2!6!67H"!MO L& >o> >   4& 5 6 @-@@    %&<+, | q s<016 6F$S%6$7uVH = >  %c,&7%88LM MMK Fs E E7Ebase_refctddd|dg|\}}|dk7rdd|dfS|j}t|d k7rdd |d fSt|dt|d }}|dkDr d d|d|dfS|dk(r|dk(rydd|d|dfS)uU git rev-list --left-right --count ...HEAD behind > 0 → FAIL zrev-listz --left-rightz--countz...HEADrTurev-list 실패 (rc=u-) — 로컬 전용 환경으로 간주, PASSrZurev-list 출력 파싱 실패 (u) — PASS (관대)rTFzbehind=z ahead=u% — rebase 권장: git pull --rebase)Tu#ahead=0 behind=0 — push 불필요zahead=z behind=u — push 가능)rrUrint)rrrcrvpartsbehindaheads rcheck_b2_ahead_behindr8s  ^Y8*G0DEsGB Qw+B4/\]]] IIKE 5zQ6sg=PQQQaM3uQx=EF zxwug5Z[[[ zfk: 6%0@A AAr!cN |jdg}|jdg}|jdg}|syg}g}|D]` t fd|Dr|j )|j r;t fd|DrP|j b|r'dj |dd }d d t |d |fS|rGdj |dd }t |d kDr|d t |dz }d dt |d |fSddt |dfS)u head_diff 기준 (push될 커밋). forbidden 1건이라도 → FAIL. system-ignore 후 allowed에 모두 매치되어야 PASS. head_diffrKrL)Tu)head_diff 없음 (커밋 없음) — PASSc36K|]}t|ywrrrs rrz&check_b3_task_scope..irrc36K|]}t|ywrrrs rrz&check_b3_task_scope..prrrNrFuforbidden_paths 침범 rrrutask scope 밖 파일 Tz head_diff r)rrrer_r8r) rrr6rrrLforbidden_hitsrrr#s @rcheck_b3_task_scoperSsU%==b9I044WbAM!2!6!67H"!MO @ "N L & >o> >  ! !$ '    & @-@@    % &>"1-./N0C/DE&RRR<+, | q s<016 6F.st|t|}||k7r"td|d|dtj|}td|tjt||\}}|3td|tjtjdt|} t!j"||\} } | rtd| tjt%| | |\} } | rdnd}td|d | tjt'||\}}|rdnd}td!|d |tjt)| | |\}}|rdnd}td"|d |tjt+|||j,\}}|rdnd}td#|d |tj| xr |xr|xr|}|r1td$tjtjd%ytd&tjtjdy)'NuKpre_push_guard.py — push 직전 4가지 안전 점검 (Guard MVP Phase 1)) descriptionz --task-idTutask ID (예: task-2434))requiredhelpz --base-shar u'비교 기준 ref (기본: origin/main))defaultrz--cwdz/home/jay/workspaceu2git 저장소 루트 (기본: /home/jay/workspace)z --workspaceu?capability/event 검색용 루트 (기본: /home/jay/workspace)z--strict store_trueu5qc-result 누락 시 FAIL (기본: WARN으로 통과))actionr)r autoAUTOu)[pre-push-guard] base_sha 자동 분기: u → z (lock_sha)rz[pre-push-guard] task=z&[pre-push-guard] ERROR (fail-closed): rTu2[pre-push-guard] WARN: diff 수집 일부 실패: PASSFAILz B-1 working tree clean : u — z B-2 ahead/behind : u B-3 task scope 일치 : u# B-4 보고서/qc-result 일치 : z%[pre-push-guard] OVERALL: PASS (rc=0)rz%[pre-push-guard] OVERALL: FAIL (rc=1))argparseArgumentParser add_argument parse_argsrrrbase_sharrrrrrEexitr _task_scope get_diff_setsrrrrr)parserrwrrrrresolvedr6res_errrrdiff_errb1_pass b1_detail_statusb2_pass b2_detailb3_pass b3_detailb4_pass b4_detail overall_passs rmainrs  $ $aF  d9ST  mFH )>QS  /D^`  <TV    DllG ((CI}}H22%gtI? x  =hZuXJVabilisis t "7) ,3::> "#4GY fVG *7)5 D3::V/x=GYfVG *7)5 D3::V-YHYZGYfVG ,WIU9+ FSZZX,GY LGYfVG /yi[ IPSPZPZ[>w>7>wL 5SZZH   5SZZH  r!__main__)rN)*__doc__rr*rrrr|rr#dirnameabspath__file__ _SCRIPTS_DIRinsert_WORKSPACE_ROOTr task_scoperpathlibrrNrPatternr boolr1tuplerOrEr;rWr=rmrMrrrrrrr__name__r!rrss   wwrwwx89 < ''//,/#(("HHOOA'! 0#"**D**3*4*(!7!7!7dTkSVFV@W!7H  s t cc$&$&t $&Nd B*49*3*5c?*3N3NJJ3N3N 49 3NpBCBcBeD#I6FB6*C*CJJ*C*C 49 *C^   49 @L^ zFr!