Mj1T "UdZddlmZddlZddlZddlmZddlmZddl m Z m Z ddl m Z mZmZmZmZmZmZmZddlmZmZmZmZd Zd ed <d Zd ed <ej:dZded<ej:dej:dej:dej:dej:dej:dej:dej:dej:dej:df Zded<dZ ded<ed !Gd"d#Z!Gd$d%e"Z#Gd&d'e"Z$Gd(d)e%Z&Gd*d+e"Z'd3d,Z(d4d-Z)d5d6d.Z*Gd/d0Z+ d7d1Z,d6d2Z-y)8u9anu_v2.owner_trigger_only — OWNER_TRIGGER_ONLY_CAPABILITY core module. 회장 §명시 14장 1:1 박제 (2026-05-11 KST, OWNER_TRIGGER_ONLY_CAPABILITY). task-2554+1 회장 §명시 (2026-05-12 KST) HIGH race condition fix 반영. task-2554+2 회장 §명시 (2026-05-12 KST) §1 1:1 완성: - ``RESULT_PENDING`` import + sentinel 활용. - ``http_post`` 호출 직전 ``txn.record(PENDING)`` 으로 영구 기록 — process crash 후 다음 runner 가 DEDUPED 판정 (crash-safety fail-closed). 본 모듈 범위: - public action **1 종**: ``POST_GEMINI_REVIEW_TRIGGER_COMMENT`` - comment body 상수 (외부 입력 X): ``COMMENT_BODY = "/gemini review"`` - 단일 허용 endpoint: ``POST /repos/{owner}/{repo}/issues/{pr_number}/comments`` - 금지 11 endpoint hard-block (``PermissionError`` raise) - 전용 token 1 종: ``OWNER_GEMINI_TRIGGER_TOKEN`` (다른 token fallback 0) - merge path 와 완전 분리: ``BOT_GITHUB_TOKEN`` 본 모듈 어디서도 사용 0 - dedupe atomic (audit JSONL + fcntl flock + sidecar lock transaction) - token redaction guard (audit 에 raw value 미출력) - decision JSON v1 검증 fail-closed - result enum: POSTED / DEDUPED / FAILED / PENDING result 흐름 (task-2554+2 §1): 1. txn.check_dedupe (POSTED + PENDING) 2. (DEDUPED 인 경우 audit DEDUPED + return) 3. token presence + hash_prefix 계산 4. **txn.record(PENDING)** — http_post 직전 영구 기록 (crash-safety) 5. http_post 호출 6. 성공: txn.record(POSTED) / 실패: txn.record(FAILED) one-way isolation: anu_v2/ 외부 import 금지. ) annotationsN) dataclass)Path)CallableFinal)AuditRedactionErrorDedupeViolationOwnerTriggerAuditRESULT_DEDUPED RESULT_FAILEDRESULT_PENDING RESULT_POSTEDtoken_hash_prefix)ALLOWED_ACTIONALLOWED_COMMENT_BODYDecisionInvalidErrorvalidate_decisionz/gemini reviewz Final[str] COMMENT_BODYOWNER_GEMINI_TRIGGER_TOKENTOKEN_ENV_NAMEz(^/repos/[^/]+/[^/]+/issues/\d+/comments$zFinal[re.Pattern[str]]_ALLOWED_PATH_REz/pulls/\d+/merge\bz/pulls/\d+/reviews\bz /git/refs\bz /contents\bz/issues/\d+(?:\?|$)z /labels\bz /branches\bz$/actions/(?:runs|workflows)/.*/rerunz3/check-runs/.*/rerequest|/check-suites/.*/rerequestz/pulls/\d+\?|/pulls/\d+$z"Final[tuple[re.Pattern[str], ...]]FORBIDDEN_ENDPOINT_PATTERNS)BOT_GITHUB_TOKENGH_TOKEN GITHUB_TOKEN OWNER_PAT PAT_TOKENzFinal[tuple[str, ...]]FORBIDDEN_TOKEN_ENV_NAMEST)frozencpeZdZUdZded<ded<ded<ded<ded<ded <d ed <ded <d Zded<y ) TriggerResultuP``trigger_gemini_review`` 결과 객체. token / authorization header 미포함.strstatusintprheadaction comment_bodyendpointbool token_presentrN str | None error_code)__name__ __module__ __qualname____doc____annotations__r-J/home/jay/workspace/.worktrees/task-2699-dev1/anu_v2/owner_trigger_only.pyr!r!_s:Z K G I KM!J !r4r!ceZdZdZy)ForbiddenEndpointErroru9금지 11 endpoint 호출 시도 (회장 §7 hard-block).Nr.r/r0r1r3r4r5r7r7qsCr4r7ceZdZdZy)TokenBoundaryViolationu-다른 token 사용 시도 (회장 §6 fail).Nr8r3r4r5r:r:us7r4r:ceZdZdZy)CommentBodyViolationuKCOMMENT_BODY 외부 변조 / 외부 입력 사용 시도 (회장 §4 fail).Nr8r3r4r5r<r<ysUr4r<ceZdZdZy)MergePathViolationuGmerge_queue_executor merge path 와의 분리 위반 (회장 §9 fail).Nr8r3r4r5r>r>}sQr4r>ct|tr|rd|vr tdt|tr|rd|vr tdt|trt|ts|dkr tdd|d|d|dS) N/z,owner must be a non-empty string without '/'z+repo must be a non-empty string without '/'rz pr_number must be a positive intz/repos/z/issues/z /comments) isinstancer" ValueErrorr$r*)ownerrepo pr_numbers r5_build_post_comment_pathrFs eS !#,GHH dC t FGG i %It)D UV;<< UG1TF(9+Y ??r4c6t|tr|jdk7rtd|t|ts tdtD]!}|j |std|t j|std|y)z+static + dynamic endpoint hard-block guard.POSTzforbidden method: zpath must be stringzforbidden endpoint path: z8path not in allow-list (POST issues/{n}/comments only): N)rAr"upperr7rsearchrmatch)methodpathpats r5assert_endpoint_allowedrOs fc "flln&>$'9&%DEE dC $%:;;*O ::d (+DTH)MN NO  ! !$ '$H Q   (r4cT|ytD]}||vstd|dtdy)utoken 경계 검증 (회장 §6). 명시적으로 ``env`` dict 에 다른 token env 이름이 키로 전달되면 fail. Nzforbidden token env injected: u! — owner trigger path must use  only)rr:r)env forbiddens r5assert_token_boundaryrTsI  {.  (0 <*+52 r4czeZdZdZdd d dZd dZddd ddZdZd Zd Z d Z y)OwnerTriggerOnlyu3OWNER_TRIGGER_ONLY_CAPABILITY 단일 진입점. public action: ``trigger_gemini_review(decision_path, owner, repo, current_head_actual)``. side-effect 추상화 (test injection): - ``http_post``: ``Callable[[method:str, path:str, body:dict, headers:dict], dict]`` - ``token_provider``: ``Callable[[], str]`` — OWNER_GEMINI_TRIGGER_TOKEN value 반환. task-2554+2 §1 흐름: 1. token boundary 검증 2. decision JSON 검증 3. comment_body 검증 4. endpoint hard-block 5. ── ATOMIC TRANSACTION ──────────────────────────────── 5a. audit.transaction() 진입 (sidecar lock LOCK_EX) 5b. txn.check_dedupe (POSTED + PENDING) 5c. DEDUPED 시 audit record + return 5d. token presence + hash_prefix 계산 5e. **txn.record(PENDING)** — http_post 호출 직전 영구 기록 (crash-safety) 5f. http_post 호출 5g. 성공 시 audit POSTED / 실패 시 audit FAILED 6. lock 해제 N)auditc| td| tdt|j|_||_||_|||_yt |j|_y)Nz#http_post callable must be injectedz(token_provider callable must be injected)NotImplementedErrorrresolve_workspace_root _http_post_token_providerr _audit)selfworkspace_root http_posttoken_providerrWs r5__init__zOwnerTriggerOnly.__init__sk  %&KL L  !%&PQ Q#N3;;=#-$0e 6GH\H\6] r4ct|}|js|j|z }|jst dd|t j |jd}|S)NE_FILE_MISSINGzdecision file not found: zutf-8)encoding)r is_absoluter[existsrjsonloads read_text)r_ decision_pathrMdatas r5_read_decisionzOwnerTriggerOnly._read_decisionsgM"!''$.D{{}&'7;TUYTZ9[\ \zz$..'.:; r4) env_overrider(c t||j|}t|||tn|}|tk7rt dtd|t |d} |d} t||| } td| t|} |jdd } |jj5} |j| | |j'}t)|tr|st+t,dt/|}|j| | | t t0t| | d|d d d|ddd}dti} |j3d| || i}d } |j| | | t t8t| | d|d d t%t8| | t t| d|d cdddS#t$rV|j| | | t t"t| | d d d d d t%t"| | t t| d d d  cYcdddSwxYw#t4$r?} |j| | | t t6t| | d|d dd i}d }|#i}d }wxYwd}~wwxYw#i}d }wxYw#tt:f$rwxYw#1swYyxYw)u단일 public action. /gemini review 댓글 1회 작성. race condition: 동시 2 process 가 같은 (pr, head) 호출 시 lock 직렬화로 후속 process 의 check_dedupe 가 항상 DedupeViolation 차단. crash-safety (task-2554+2 §1): http_post 호출 직전 ``txn.record(PENDING)`` 으로 영구 기록. process crash 후 다음 runner 가 ``_has_active_trigger`` 에서 PENDING 발견 → DedupeViolation → DEDUPED 판정 (fail-closed). )current_head_actualNzcomment_body must be z, got r% current_headrHtask_id)r%r&FDEDUPE) rsr%r&r'resultr(r)rlr+rtoken_value_loggedr-) r#r%r&r'r(r)r+rr-u+ not provided — owner trigger fail-closedT) rsr%r&r'rvr(r)rlr+rrwzBearer zapplication/vnd.github+jsonz 2022-11-28) AuthorizationAcceptzX-GitHub-Api-VersionbodyHTTP_POST_FAIL)rTrnrrrr<r$rFrOr"getr^ transaction check_deduper recordrr r!r]rAr:rrr r\ Exceptionr rr)r_rlrCrDrqror(decisionrzpr_numr&rMdecision_path_str task_id_valtxntoken hash_prefixheaders body_payloadexcs r5trigger_gemini_reviewz&OwnerTriggerOnly.trigger_gemini_reviews( l+&&}5(8KL ,3| ' '&'(<'?vdXN  Xd^$''tV<- .ll9b1 [[ $ $ &@ #   F 6>((*EeS),%&&QR,E2K JJ*  ,,$0 $%6%))4*/  $$+5'!27(4G #L1L lGD4  #.$ $"0"/(4$():)--8.3 $!$%)""- m@ @ #  #.$ $"0"0(4$():).-/.3&.  %))!-!"'&('  +@ @  D JJ'2"($(&4&3,8(,->-11<27*: "!GE !GE- 2&$%89  g@ @ s5I:7F0 A9I:HI:)I&I:0AHI:HI: I*I I IIIII##I:&I77I::Jctd)NzZowner_trigger_only must not perform merge. Use merge_queue_executor with BOT_GITHUB_TOKEN.)r>r_argskwargss r5mergezOwnerTriggerOnly.merges  >  r4ctd)Nz)approve forbidden (review submit blocked)r7rs r5approvezOwnerTriggerOnly.approves$%PQQr4ctd)Nzclose forbiddenrrs r5closezOwnerTriggerOnly.closes$%677r4ctd)Nzreopen forbiddenrrs r5reopenzOwnerTriggerOnly.reopens$%788r4) r` str | Pathraz&Callable[[str, str, dict, dict], dict]rbzCallable[[], str]rWzOwnerTriggerAudit | NonereturnNone)rlrrdict)rlrrCr"rDr"rqr"ro dict | Noner(r,rr!) r.r/r0r1rcrnrrrrrr3r4r5rVrVs<+/ ^#^: ^ * ^ ( ^ ^&$%)#'k"k k  k ! k"k!k k^ R89r4rVcZddlm}ddlm}t |t s t d |j||||}|jt ttt"fvrtS|jS#tttt|f$r|$r tcYSt$r tcYSwxYw)uExecutorScheduler → OwnerTriggerOnly 호출 어댑터 (task-2556 §6). 회장 §6 명시 1:1: ``owner_trigger_only.trigger_gemini_review()`` 를 scheduler 가 자동 호출. 본 wrapper 는 runner 결과를 ``merge_queue_executor.orchestrate_owner_trigger_ for_stale_pr`` 가 기대하는 string 형식 ("POSTED" / "DEDUPED" / "FAILED") 으로 정규화. 설계 원칙: - 본 함수는 token 을 직접 만지지 않는다. ``runner`` 에 이미 ``token_provider`` 가 주입되어 있어야 한다 (token boundary §11). - http_post 예외는 본 함수에서 catch — TokenBoundaryViolation / ForbiddenEndpointError / CommentBodyViolation 는 그대로 raise (fail-closed). - 일반 RuntimeError 는 "FAILED" 로 정규화 (transient 가능성, FAILED marker 가 caller 에서 생성됨). Args: runner: OwnerTriggerOnly 인스턴스 (token_provider/http_post 이미 주입). decision_path: owner_trigger_decision.json 경로 (Path 또는 str). owner: GitHub owner. repo: GitHub repo. current_head_actual: 실측 PR head SHA (40-char hex). Returns: "POSTED" | "DEDUPED" | "FAILED" | "PENDING" — orchestrate_owner_trigger_for_stale_pr 가 사용하는 enum. Raises: TokenBoundaryViolation: token 부재. ForbiddenEndpointError: 금지 endpoint 호출 시도. CommentBodyViolation: comment body 변조. MergePathViolation: merge path 침범. DecisionInvalidError: decision schema 위반. r)r)r z(runner must be OwnerTriggerOnly instance)rlrCrDrq)anu_v2.owner_trigger_decisionranu_v2.owner_trigger_auditr rArV TypeErrorrr:r7r<r>r rr r#rr )runnerrlrCrDrq_DecisionInvalidError_DedupeViolationrvs r5invoke_from_schedulerrsP\N f. /BCC--' 3 . "}}]NM>ZZ == #$: "46K M   sA22%B*B*)B*c| tdtD]}||vstd|dtdt|vrtdtd|jt}t |t r|sttdy) uFscheduler 진입 시 token boundary 검증 (task-2556 §11). scheduler 가 BOT_GITHUB_TOKEN / GH_TOKEN / OWNER_PAT 등을 들고 owner_trigger 경로로 진입하려는 시도를 hard-block. 회장 §11 / §16 1:1. 또한 ``OWNER_GEMINI_TRIGGER_TOKEN`` 이 env 에 명시되어 있지 않으면 fail-closed. Nz>scheduler env must be provided for token boundary verificationz,scheduler env contains forbidden token name u! — owner_trigger path must use rQzscheduler env missing u — owner_trigger fail-closedu- present but empty/non-string — fail-closed)r:rrr|rAr")rRrS token_values r5assert_scheduler_token_boundaryrs {$ L  /  (>ymL//=.>eE  S $$^$44R S  ''.)K k3 '{$K L  0;r4)rCr"rDr"rEr$rr")rLr"rMr"rr)N)rRrrr) rz'OwnerTriggerOnly'rlrrCr"rDr"rqr"rr").r1 __future__rrire dataclassesrpathlibrtypingrrrrr r r r r rrrrrrrrr2rcompilerrrr!PermissionErrorr7r:rBr<r>rFrOrTrVrrr3r4r5rs@# !"   , j+9 9+52::/,( BJJ$%BJJ&'BJJ~BJJ~BJJ%&BJJ|BJJ~BJJ67BJJEFBJJ*+ C? 51 $ " " ""D_D8_8V:VRR@   $s9s9rC CC  C  C  C CR r4