jCUdZddlmZddlZddlZddlZddlZddlZddlm Z ddl m Z m Z m Z ddlmZddlmZmZddlmZmZmZmZmZdd lmZmZdd lmZmZmZefZ d e!d <dd Z"ddZ#ddZ$ddZ%ddZ&ddddd d dZ'ddddd d!dZ(dddddd d"dZ)dddddd d#dZ*d$d%dZ+e,dk(r e-e+y)&uanu_v2.owner_trigger_entry — OwnerTriggerOnly composition root + CLI/scheduler 진입점. task-2699 production wiring: http_post/token_provider 주입 + 단발 CLI + 자동 scheduler. one-way isolation: 본 모듈은 anu_v2 내부 + stdlib(subprocess, argparse, json, os, sys) 만 import. composition root 이므로 subprocess/argparse 허용. 외부 utils/dispatch 의존성 0. 보안 원칙: - token raw 값을 stdout/stderr/예외메시지 어디에도 출력 금지. - COMMENT_BODY 외 body 인자 일체 없음 (코어가 강제, entry 는 외부 body 인자 미수령). - merge/push/PR/admin endpoint 추가 0. - BOT_GITHUB_TOKEN 등 다른 token fallback 0. - subprocess 실행 시 token 이 환경변수로 전달되지 않도록 env 주입 방식 사용. ) annotationsNPath)CallableMappingSequence)ExecutorScheduler)IdlePRSnapshotGeminiReviewMeta) AuditWriterGhRunner GitRunnerMergeQueueExecutor PytestRunner)!make_owner_trigger_token_providermake_production_http_post)OwnerTriggerOnlyTOKEN_ENV_NAMEinvoke_from_schedulerztuple[str, ...]_SENSITIVE_ENV_NAMEScdd}|S)uproduction gh CLI runner (subprocess 기반). F-4 보안 하드닝: OWNER_GEMINI_TRIGGER_TOKEN 을 gh subprocess 환경에서 항상 제거. gh runner 는 BOT_GITHUB_TOKEN 만 필요하며 OWNER 토큰은 불필요. cdg|}ttj}tD]}|j |d|&|j D]\}}|tvs|||<|}t j|dd|S)NghTcapture_outputtextenv)dictosenvironrpopitems subprocessrun)argsrcmdbasekvrun_envs ._gh>smdmBJJ% A HHQ   ?  100DG ~~    )r% Sequence[str]rMapping[str, str] | Nonereturnsubprocess.CompletedProcess)r,s r+_make_gh_runnerr37s & Jr-cdd}|S)uproduction git CLI runner (subprocess 기반). F-4 보안 하드닝: OWNER_GEMINI_TRIGGER_TOKEN 을 git subprocess 환경에서 항상 제거. cdg|}ttj}tD]}|j |dt j |dd|S)NgitTr)rrr rr!r#r$)r%r&r*r(s r+_gitz_make_git_runner.._git[sUntnrzz"% !A KK4  !~~    r-)r%r.r0r1r2)r7s r+_make_git_runnerr8Ts   Kr-cdd}|S)uBproduction pytest runner (subprocess 기반). 종료코드 반환.crtjddg|}tj|d}|jS)Nz-mpytestF)r)sys executabler#r$ returncode)r%r&results r+_pytestz$_make_pytest_runner.._pytestns9~~tX55      r-)r%r.r0intr2)r@s r+_make_pytest_runnerrBks! Nr-c*t|dfd }|S)u$JSONL append audit_writer 팩토리.cjjddtdd5}|jt j t |dddzdddy#1swYyxYw) NT)parentsexist_okazutf-8)encodingF) ensure_ascii sort_keys )parentmkdiropenwritejsondumpsr)recordfh audit_paths r+_writerz#_make_audit_writer.._writer}sft< *cG 4 Z HHTZZV 5DQTXX Y Z Z Zs 4A**A3)rRrr0Noner)pathrUrTs @r+_make_audit_writerrXysdJZ Nr-c d}dddd|d|ddd |d d g }tj|d d }|jdk7rgS tj|j }g}|D]} g}|jdgD]} | jdd} | jdijdd} | jdd} t| tsZt| dk(sitd| Ds|t| ts| sd| jvs|jt| j| |jdd} t| dk7r |jdi}t|tr|jddnd}d|vxs|jdd}t!t#|d| j|jd d|jd!dt%|d|jd"d#t'|$}|j||S#t $rgcYSwxYw#t $rYwxYw)%ugh pr list --state open --json 으로 IdlePRSnapshot 리스트 반환. dry_run / test 에서는 snapshot_provider 주입으로 대체 가능. zz(_gh_snapshot_provider..sMaA!99Msgemini) commit_id submitted_at headRefOidauthorloginz[bot]is_botFnumber headRefName createdAtstateOPEN)rrhead_shahead_ref created_atgemini_reviewsci_required_all_successru author_is_bot)r#r$r>rPloadsstdout Exceptionget isinstancestrlenalllowerappendr rr rAtuplebool)ownerrepofieldsr&r?prs snapshotsrZrzreviewr`rl submittedrwro author_loginr|snapshots r+_gh_snapshot_providerrsW LF dFUG1TF#6&5  C^^C4 @F A jj'')I+* 57N&&B/ zz&"-"JJx488C "JJ}b9 y#.I",M9MM"9c2! DJJL0"))(&/oo&7)2 &vvlB/H8}"VVHb)F6@6N6::gr2TVL#|3Rvzz(E7RM%2h<(!) r266+r2$^4(-ffWf-"=1 H   X &S+Z c  \   sPH?'A-II$I7II IA I,CI? I  I  IIF)dry_runr http_posttoken_providerc^||n t|}||n t|}t|||dS)uOwnerTriggerOnly 인스턴스 생성 + http_post/token_provider 주입. http_post 미주입 시 make_production_http_post(dry_run=dry_run), token_provider 미주입 시 make_owner_trigger_token_provider(env). Args: workspace_root: anu_v2 workspace 루트. dry_run: True 면 네트워크 호출 0 (make_production_http_post dry_run 전달). env: token 환경변수 dict. None 이면 os.environ 에서 읽음. http_post: 테스트 주입용. None 이면 production http_post 사용. token_provider: 테스트 주입용. None 이면 production token_provider 사용. Returns: OwnerTriggerOnly 인스턴스. N)r)workspace_rootrraudit)rrr)rrrrreffective_http_posteffective_token_providers r+ build_runnerrsP.(1'<)B[C  %  .s 3 %%/  r-c Bt|||||} t| ||||S)u4단발 CLI 경로: build_runner → invoke_from_scheduler → 결과 status 반환. Args: workspace_root: anu_v2 workspace 루트. decision_path: owner_trigger_decision.json 경로. owner: GitHub owner. repo: GitHub repo. current_head_actual: 실측 PR head SHA (40-char hex). dry_run: True 면 네트워크 호출 0. env: token 환경변수 dict. http_post: 테스트 주입용. token_provider: 테스트 주입용. Returns: "POSTED" | "DEDUPED" | "FAILED" | "PENDING" rrrrr) decision_pathrrcurrent_head_actual)rr) rrrrrrrrrrunners r+ run_singlers;8% % F !# /  r-)rrrrmerge_executorc t|||||} | [t|j} | dz dz dz } tt t t t| | dz dz } t|||| | ||S)uExecutorScheduler 인스턴스 생성. runner = build_runner(...). merge_executor 미주입 시 production runner 들로 MergeQueueExecutor 생성. Args: workspace_root: anu_v2 workspace 루트. decision_dir: marker / decision.json 디렉토리. owner: GitHub owner. repo: GitHub repo. snapshot_provider: Callable[[], Sequence[IdlePRSnapshot]]. dry_run: True 면 네트워크 호출 0. env: token 환경변수 dict. http_post: 테스트 주입용. token_provider: 테스트 주입용. merge_executor: 테스트 주입용. None 이면 production MergeQueueExecutor. Returns: ExecutorScheduler 인스턴스. rmemoryeventszmerge-executor-audit.jsonltasks) gh_runner git_runner pytest_runner audit_writer task_md_root)r decision_dirsnapshot_provider owner_triggerrrr) rrresolverr3r8rBrXr ) rrrrrrrrrrrworkspace_pathrTs r+build_schedulerr)sB% % Fn-557#h.9._snap_providers(5 5r-)rrrrrrrzcycle_finished=z pr_actions=z bot_should_exit=)r0list[IdlePRSnapshot])argparseArgumentParseradd_subparsers add_parser add_argument parse_argsrrr rrrrrr current_headrprintrtype__name__r<stderrrrcycle_finished_atr pr_actionsbot_should_exit) argvparsersub trigger_pscan_pr%env_mapstatusexcrr?rrs @@r+mainrs $ $ "LF   Y  >Cy/LMI -CZ[ ,tBfg 9t.I 8dG +dAcd ;|UQhi^^F)C^ DF *T@WX (4>\]  D~F 4mD  L%Nef   T "D2::G ||y  #22"00jjYY$($5$5 F &M   yy 6 (#22!..jjYY"0 F !&":":!;<!&"3"3456##)#9#9":<   E  GDI../0szz B <  GDI../0szz B s2+AI54A?J<5 J9>1J44J9< L1K;;L__main__)r0r )r0r)r0r)rW str | Pathr0r )rrrrr0r) rrrrrr/r-Callable[[str, str, dict, dict], dict] | NonerCallable[[], str] | Noner0r)rrrrrrrrrrrrrr/rrrrr0r)rrrrrrrrr&Callable[[], Sequence[IdlePRSnapshot]]rrrr/rrrrrMergeQueueExecutor | Noner0r )rrrrrrrrrrrrrr/rrrrrrr)rzlist[str] | Noner0rA).__doc__ __future__rrrPrr#r<pathlibrtypingrrranu_v2.executor_schedulerr anu_v2.idle_pr_diagnoserr r anu_v2.merge_queue_executorr r rrranu_v2.owner_trigger_http_postrranu_v2.owner_trigger_onlyrrrr__annotations__r3r8rBrXrrrrrrr SystemExitr2r-r+rs_ #  ..7E*8(9o9 :.  E\$(?C/3 $$$ " $ = $ - $$\$(?C/3)))  )  )  )) ")=)-) )l$(?C/304<<<  <  < > << "<=<-<.<<L$(?C/304 O O O  O  O > O O " O= O- O. OLU p z TV r-