{jW*UdZddlmZddlZddlZddlmZmZddlm Z ddl m Z m Z m Z mZmZdZddddd dd Zd ed <d ZdZdZdZdZdZdZdddZeGddZddd d dZeGddZdd d!dZgdZy)"uYutils.bot_settings_policy_loader — callback policy loader for bot lifecycle. task-2640 Track C (회장 verbatim unfork #5) — bot_settings 정책 위치 + 정합 검증 helper. dev bot 후보 위치를 제안하고 누락 시 안전 기본값을 적용한다. 기본값 (회장 verbatim · spec §4.1): - require_anu_callback_on_finish: True - self_collector_forbidden: True - sendfile_only_forbidden: True - not_registered_forbidden: True - anu_key_single_source: "c119085addb0f8b7" - fail_closed_on_violation: True 후보 위치 (우선순위, dev bot 제안): 1. /home/jay/workspace/config/callback_policy.json (workspace config 영역) 2. /home/jay/.cokacdir/bot_settings.json 의 ``callback_policy`` 키 3. /home/jay/workspace/memory/bot_settings_callback_policy.json (memory 영역) 본 loader 는 위 후보를 순차적으로 시도하여 첫 번째 존재 파일을 채택한다. 모두 부재 시 안전 기본값을 사용 (fail-closed 보장). 본 모듈은 Layer A / NO-CRON: subprocess / cokacdir / merge / cron 0 호출. 순수 데이터 로드 + 정책 검사만 수행. ) annotationsN) dataclassfield)Path)AnyDictListOptionalSequencez#utils.bot_settings_policy_loader.v1Tc119085addb0f8b7)require_anu_callback_on_finishself_collector_forbiddensendfile_only_forbiddennot_registered_forbiddenanu_key_single_sourcefail_closed_on_violationDict[str, Any]DEFAULT_POLICYBOT_FINALIZE_POLICY_VIOLATION!SELF_COLLECTOR_FORBIDDEN_FINALIZE SENDFILE_ONLY_FORBIDDEN_FINALIZE!NOT_REGISTERED_FORBIDDEN_FINALIZEANU_KEY_MISMATCH_FINALIZEPASSFAILc N|xsGttjjdt tj dz }ttjjdt tj }|dz dz |dz dz |dz d z gS) NWORKSPACE_ROOT workspaceHOMEconfigzcallback_policy.jsonz .cokacdirzbot_settings.jsonmemoryz!bot_settings_callback_policy.json)rosenvirongetstrhome)workspace_rootwsr&s Q/home/jay/workspace/.worktrees/task-2717-dev1/utils/bot_settings_policy_loader.py_candidate_pathsr*9s  4 'TYY[;-F)GHB  vs499;'78 9D X .. {00 X ;; cZeZdZUded<ded<ded<ded<eeZd ed <d d Zy )PolicyLoadResultr%schemasourcerpolicyboolfell_back_to_defaultdefault_factory List[str]reasonsc|j|jt|j|jt |j dS)Nr.r/r0r2r6)r.r/dictr0r2listr6selfs r)to_jsonzPolicyLoadResult.to_jsonMs;kkkk4;;'$($=$=DLL)   r+Nreturnr9)__name__ __module__ __qualname____annotations__rr:r6r=r+r)r-r-Es, K K t4GY4 r+r-)r'candidate_pathsc t| t|n t|}g}|D]#} |js|jd|*|j d}t j |}t|trd|vrt|dtr|d}n)t|tr|}n|jd|dtt} | j|jD cic]\} } | tvs| | c} } |jd |d ttt!|| d | cS|jd ttdttd| S#tt jf$r"}|jd|d|Yd}~d}~wwxYwcc} } w)ukcallback policy 를 후보 경로에서 순차 로드한다. 부재 시 ``DEFAULT_POLICY`` 를 안전 기본값으로 적용한다 (fail-closed — require_anu_callback_on_finish=True 등 강한 정책이 기본). Returns: PolicyLoadResult — 채택 source 경로/`"default-safe"`, 최종 policy dict, fall-back 여부, 사유. Nzcandidate not present: zutf-8)encodingz candidate z unreadable / invalid JSON: callback_policyz has non-dict root (skipped)zpolicy loaded from zG (overlay over DEFAULT_POLICY; missing keys filled with safe defaults).Fr8uno candidate present — using DEFAULT_POLICY (safe defaults: require_anu_callback_on_finish=True, fail_closed_on_violation=True).z default-safeT)r:r*existsappend read_textjsonloadsOSErrorJSONDecodeError isinstancer9rupdateitemsr-POLICY_LOADER_SCHEMAr%) r'rEpathsr6prawobje extractedmergedkvs r)load_callback_policyr]Ws  & _ n - G %  88:!8<=++w+/C**S/C c4 %6#%=* ! "DC -.I T "I NNQC;<  !%n!5 'oo/ Gda13FQT G  !!%/ /  'q6!&   ?% N NN O #N#!  I--.  NNZs*FqcJ K  $ Hs)$E6'E61F4 F4 6F1F,,F1ceZdZUded<ded<ded<ded<ded<ee Zded <edd Zedd Z dd Z y)PolicyCheckResultr%r.verdictr5classificationsrr0finalize_stater3r6c(|jtk(SN)r`rr;s r)okzPolicyCheckResult.oks||t##r+c<|jr|jdSdS)Nr)rar;s r)primary_classificationz(PolicyCheckResult.primary_classifications *.*>*>t##A&HDHr+c |j|jt|j|jt |j t |jt|jdS)N)r.r`rargr0rbr6) r.r`r:rargr9r0rbr6r;s r)r=zPolicyCheckResult.to_jsonsWkk||#D$8$89&*&A&A4;;'"4#6#67DLL)  r+N)r?r1)r?z Optional[str]r>) r@rArBrCrr:r6propertyrergr=rDr+r)r_r_sZ K L ""t4GY4 $$II  r+r_)r0c @| t|ntt}g}g}t|jd}|jd}t|jd}t|jd}|jdxsd} |jdxsd} |jdd r*|r|s&|j t |j d |jd d r(|r&|j t |j d |jd d r3| r1| r/| | k(r*|j t |j d | d|jdd r(|r&|j t|j d|jdd r(|s&|j t|j d|jd} | r4| r2| | k7r-|j t|j d| d| dt} g} |D])}|| vs| j|| j |+| stnt}|tk(r|j dtt|| |t||S)u봇 lifecycle finalize 진입점에서 정책 필드 검사 (fail-closed). ``finalize_state`` 는 봇이 finalize 직전에 수집한 callback 상태: - callback_registered: bool — ANU normal callback cron 등록 여부 - schedule_id: Optional[str] — 등록된 cron schedule id (non-null 필요) - sendfile_only: bool — sendfile 만 수행하고 cron 0 (NOT_REGISTERED 변종) - self_collector_attempted: bool — executor self-key 로 등록 시도 - anu_key: str — 등록에 사용된 collector key - executor_key: str — executor self key (anu_key 와 달라야 함) Returns: PolicyCheckResult — verdict + classifications + reasons. callback_registered schedule_id sendfile_onlyself_collector_attemptedanu_key executor_keyr Tuorequire_anu_callback_on_finish=True but callback NOT registered (or schedule_id null) — finalize fail-closed.ru{self_collector_forbidden=True but executor self-key collector attempted — SELF_COLLECTOR 변종 차단 (회장 §2/§10).zexecutor_key == anu_key (u+) at finalize — SELF_COLLECTOR_FORBIDDEN.ruvsendfile_only_forbidden=True but sendfile-only path observed (cron 등록 0 + sendfile 만) — NOT_REGISTERED 변종.ru[not_registered_forbidden=True but callback NOT registered — NOT_REGISTERED 변종 차단.rz anu_key_used z != single source u" — ANU key 단일 출처 위반.ufinalize policy PASS — callback registered with schedule_id, no self_collector / sendfile_only / not_registered violation, anu_key 단일 출처 일치.)r.r`rar0rbr6)r9rr1r$rJrrrrrsetaddrrr_rS)rbr0polclsr6rkrlrmrn anu_key_usedrqexpected_anu_keyseenorderedcr`s r)check_finalize_policyr{s$!,$v,$~2FCCG~112GHI $$]3K++O<=M#56 "%%i06BL!%%n5;L ww/6"+ JJ4 5 NNM   ww)405M 45 L  ww)40\lWcgsWs 45' '78( (  ww($/M 34 H  ww)409L 45 , ww67L\=M-M ,-L++=""D F DG  D= HHQK NN1  "dtG$ , #N+  r+) rSrrrrrrrrr-r]r_r{rd)r'Optional[Path]r?z List[Path])r'r|rEzOptional[Sequence[Path]]r?r-)rbrr0zOptional[Dict[str, Any]]r?r_) __doc__ __future__rrLr" dataclassesrrpathlibrtypingrrr r r rSrrCrrrrrrrr*r-r]r_r{__all__rDr+r)rs 0# (66<'+ $# $/ $ "!@$G!#E $G!7        &&*04F"F.F FR     >(,a"a %a aH r+