jDdZddlmZddlZddlZddlZddlZddlmZm Z ddl m Z m Z m Z mZmZdZdZehdZehd Zd Zd Zd Zd ZdZeGddZddZddZddZ d dZ d!dZ d"dZ deedddd d#dZ!d$d%dZ"e#dk(r e$e"y)&uoANU normal callback 4-source validator. 회장 verbatim (2026-05-27, task-2694+1): "actual cron 등록 + schedule_history + owner key + ANU inbound 또는 authoritative collector receipt 가 있어야 PASS." 본 모듈은 finish-task.sh 등에서 envelope 작성만으로 .done 이 생성되던 우회 패턴을 차단하는 단일 진입점 검증기다. 검증 4-source (AND): 1) schedule_id — envelope 회수, placeholder/blocked schedule_type 거부 2) schedule_history — /home/jay/.cokacdir/schedule_history/.log status=ok 3) owner_key — envelope owner_key == ANU_KEY (executor self-key → NON_AUTHORITATIVE) 4) inbound/receipt — ANU inbound 파일 OR authoritative collector receipt 1건 이상 추가 방어 (Codex suggestion 1/3 반영): - envelope task_id ↔ 호출 task_id 결속 (stale receipt 재사용 차단) - chair_facing_sid 결속 (옵션) verdict 정책: PASS 모든 4-source PASS FAIL 1개 이상 FAIL NON_AUTHORITATIVE owner_key 가 executor self-key → downstream 은 FAIL 로 처리 ) annotationsN) dataclassfield)AnyDictListOptionalSequencec119085addb0f8b7z$/home/jay/.cokacdir/schedule_history>pendingdeferred"to_be_registered_by_finish_task_sh>nonenullr r to_be_registeredr)z./home/jay/workspace/memory/events/anu_callbackz!/home/jay/workspace/memory/eventsz/utils.normal_callback_registration_validator.v1PASSFAILNON_AUTHORITATIVEceZdZUded<ded<ded<ded<eeZded <eeZd ed <eeZ d ed <e ddZ ddZ y)ValidationResultstrschemaverdicttask_id Optional[str] schedule_id)default_factoryzDict[str, str]sources_checkedz List[str]reasonszDict[str, Any]evidencec(|jtk(SN)rrselfs ]/home/jay/workspace/.worktrees/task-2721-dev1/utils/normal_callback_registration_validator.pyokzValidationResult.okVs||t##c |j|j|j|jt |j t |jt |jdS)Nrrrrrr r!) rrrrdictrlistr r!r$s r&to_jsonzValidationResult.to_jsonZsPkk||||++#D$8$89DLL)T]]+  r(N)returnbool)r.r+) __name__ __module__ __qualname____annotations__rr+rr,r r!propertyr'r-r(r&rrLs[ K L L&+D&AO^At4GY4$T:Hn: $$  r(rc|rtjj|sy t|dd5}t j |cdddS#1swYyxYw#t ttjf$rYywxYw)u-envelope JSON 로드. 실패 시 None 반환.Nrutf-8)encoding) ospathisfileopenjsonloadOSError ValueErrorJSONDecodeError) envelope_pathfhs r&_load_enveloperEjsh } = -w 7 !299R= ! ! ! Z!5!5 6s.AA AAAAA>=A>c:|yt|jS)Nr)rstrip)vals r& _normalizerIus { s8>> r(cxg}|jd}t|}t|jd}|tvr"|jd|dt|xsd|fS|s|jdtd|fS|j t vr|jd|dt||fSt||fS)u5Source 1: schedule_id + blocked schedule_type 검증.r schedule_typez/blocked schedule_type detected: schedule_type=''Nz(schedule_id missing or empty in envelopez)schedule_id is placeholder: schedule_id=')getrIBLOCKED_SCHEDULE_TYPESappendrlower_PLACEHOLDER_SCHEDULE_IDSr)enveloper schedule_id_rawrrKs r&_check_schedule_idrT{sGll=1O_-Kx||O<=M..=m_A N [(D'11 ABT7""777 }A F [')) g %%r(cg}i}|s|jdt||fStjj ||k7s d|vsd|vs|dvr|jd|t||fStjj ||d}||d<tjj |s|jd|t||fSd } t|d d d 5}|D]\}|j}|s tj|} t| tr!t| jddk(rd}n^d d d ||jd|t||fS||d<t$||fS#ttj f$rd|vsd|vrd}Y[YwxYw#1swYbxYw#t"$r'} |jd| t||fcYd } ~ Sd } ~ wwxYw)z*Source 2: schedule_history status=ok grep.z3schedule_history check skipped: schedule_id missing/\).z..z7invalid schedule_id (path traversal attempt detected): z.logschedule_history_pathzschedule_history file missing: Nr7r8replace)r9errorsstatusr'jsonlz"status": "ok"z status=ok plain_grepzschedule_history read error: z+schedule_history status=ok line missing in schedule_history_match)rOrr:r;basenamejoinr<r=rGr>loads isinstancer+rIrMrArBr@r) rschedule_history_dirr r!r; found_viarDrawlineobjexcs r&_check_schedule_historyrjs G!H LMWh&& %4 +  ;  + %Ek_ U Wh&& 77<<, T.B CD(,H $% 77>>$ 8?@Wh&&I' $gi @ B yy{**T*C!#t,CGGHz)_check_inbound_receipt..s9    B 3 3D266M B B s36z envelope.z' path is outside allowed inbound dirs: receipt_via_envelope_fieldz path does not exist on disk: r*N inbound_hitsinbound_hit_countzpinbound/receipt evidence missing: no envelope.inbound_evidence / collector_receipt and no glob hit for task_id='z' in )r:r;isdirabspathrIrManyrOr<rrZrxglobescaperalenr)rrRinbound_search_dirsr r!d allowed_rootskeyr; containedhits safe_task_idescaped_task_idpatternpr{s @r&_check_inbound_receiptrs G!H%8 1qAQM9 (,,s+, 77??4( %   NNC5 GvN   77>>( #698_H1 2(* *u:4& A # .D??2662.Lkk,/O  a( '',,q_$5Q"787# Aww~~a  A   #'8 (+D $%Wh&& NN ::A%   ! ( ""_sHH!HrF)rornrdrrequire_chair_facing_sid_matchexpected_chair_facing_sidc i}g} d|i} t|} | !ttt|ddtidg| St | j d} | t |k7rDttt|t | j dxsddtid | d |d g| S|rpt | j d } t |}|r| |k7rDttt|t | j dxsdd tid| d|d g| St | \}}}||d<| j|t||\}}}||d<| j|| j|t| ||\}}}||d<| j|| j||r t|ntt}t|| |\}}}||d<| j|| j|td|jDrt }n-t#d|jDrt$}nt}tt||||| | S)u4-source validator. envelope 파일을 읽어 task_id 결속 후 4-source AND 검증. Args: task_id: 검증 대상 task_id (envelope.task_id 와 결속 확인) envelope_path: ANU callback envelope JSON 파일 경로 executor_key: 실행 주체 key (self-key channel hit 탐지용, 선택) anu_key: 권위 authoritative key (기본 ANU_KEY) schedule_history_dir: schedule_history 디렉토리 inbound_search_dirs: ANU inbound 파일 검색 디렉토리 require_chair_facing_sid_match: chair_facing_sid 결속 강제 여부 expected_chair_facing_sid: 결속 강제 시 기대값 Returns: ValidationResult — verdict PASS / FAIL / NON_AUTHORITATIVE rCN envelope_loadz%envelope file missing or invalid JSONr*rrtask_id_bindingzBtask_id mismatch (stale receipt reuse blocked): envelope.task_id='z ' vs caller='rLchair_facing_sidchair_facing_sid_bindingz%chair_facing_sid mismatch: envelope='z' vs expected='schedule_history)rnrorl)rrRrinbound_receiptc3.K|] }|tk(ywr#)rryvs r&r|z1validate_callback_registration..s Da1! ! Dc3.K|] }|tk(ywr#)rrs r&r|z1validate_callback_registration..s 91Q$Y 9r)rErVALIDATOR_SCHEMArrIrMrTextendrjupdaterrr,_DEFAULT_INBOUND_DIRSrrvaluesrallr)rrCrornrdrrrrr r!rRenvelope_task_idenv_cf expected_cf sid_verdictr sid_reasons hist_verdict hist_reasons hist_evidence own_verdict own_reasons own_evidencedirs inb_verdict inb_reasons inb_evidencers r&validate_callback_registrationr=s4')OG /?H m,H#,d3<=  "(,,y"9::g..#"8<< #>?G4.5%%5$6mG9AO  &HLL);<= !:; f 3#'&x||M'BCKt!;T B!!' }AG"   -?x,H)Kk%0OM" NN; 1H)1-L, +7O&' NN<  OOM" .>' .*Kl$/OK  NN; OOL! )<4# $F[A\D-C(.*Kl*5O%& NN; OOL!  D?+A+A+C DD# 9 6 6 8 9 9 ' r(cTtjd}|jdd|jdd|jdd |jd t |jd d |jd d|j |}t |j |j|j|j|j|j}ttj|jdd|j rdSdS)u=CLI: 정상 PASS면 exit 0, FAIL/NON_AUTHORITATIVE면 exit 2.&normal_callback_registration_validator)progz --task-idT)requiredz--envelope-pathz--executor-keyr)defaultz --anu-keyz--expected-chair-facing-sidNz --require-chair-facing-sid-match store_true)action)rrCrornrrF) ensure_asciiindentr)argparseArgumentParser add_argumentANU_KEY parse_argsrrrCrornrrprintr>dumpsr-r')argvapargsresults r&mainrs  &N OBOOK$O/OO%O5OO$bO1OOKO1OO14O@OO6|OL == D + ((&& "&"@"@'+'J'J F $**V^^%E! DE 1 q r(__main__)rCrr.zOptional[dict])rHrr.r)rRr+r.z$tuple[str, Optional[str], List[str]])rrrdrr.%tuple[str, List[str], Dict[str, Any]])rRr+rnrrorr.r)rrrRr+rz Sequence[str]r.r)rrrCrrorrnrrdrrOptional[List[str]]rr/rrr.rr#)rrr.int)%__doc__ __future__rrrr>r: dataclassesrrtypingrrrr r rSCHEDULE_HISTORY_DIR frozensetrNrQrrrrrrrErIrTrjrrrrrr0 SystemExitr5r(r&rs2# (66 ="$&' E  '     : &8<#<#<#+<#~!#!# !#!#+ !#H<# <#<#'<#+ <#N 4/3+0/3F FF F  F  F-F%)F -FFZ!. z TV r(