9jcUdZddlmZddlZddlZddlZddlZddlZddlmZm Z m Z ddl m Z ddl mZdZded <d Zd ed <d Zd ed<dZd ed<dZded<dZded<ej,dej.Zej,ddj3deDzdzZehdZded<e e dZd$d Zd%d!ZGd"d#Z y)&uanu_v2.post_merge_smoke_runner — ANU v2 post-merge smoke 실행 + 독립 evidence marker 박제 v0 (task-2539). 회장 §명시 (2026-05-10): - BOT squash merge 직후 main 기준 smoke 실행 - md/report fallback 절대 금지 — 실제 runner output / marker / exit code 기준으로만 판정 - smoke exit_code != 0 → Critical 7종 #7 (POST_MERGE_SMOKE_FAILURE) 분류 - one-way isolation: anu_v2 외부 import 금지 Critical 7종 매핑: #1 token raw 노출, #2 chat ID isolation 깨짐, #3 expected_files 외 수정, #4 owner_pat / admin override, #5 force / rebase, #6 manual .done 조작, #7 post-merge smoke failure ← 본 모듈 책임 ) annotationsN)datetime timedeltatimezone)Path)Callablez"tests/smoke/test_smoke_baseline.pystrDEFAULT_SMOKE_PROFILEi,intSMOKE_TIMEOUT_SECONDSL5:DEFAULT_CHAT_ID,CRITICAL_SEVEN_KIND_POST_MERGE_SMOKE_FAILUREPOST_MERGE_SMOKE_FAILURE"KIND_NAME_POST_MERGE_SMOKE_FAILURE) github_tokenbot_github_tokengh_token owner_patghp_ghs_ github_pat_z x-api-key authorizationsecretpasswordztuple[str, ...]TOKEN_KEY_HINTSz((?:ghp_|ghs_|github_pat_)[A-Za-z0-9_\-]+z(?i)(|c#NK|]}|dvrtj|yw))rrrN)reescape).0hs 5/home/jay/workspace/anu_v2/post_merge_smoke_runner.py r%3s*E$CC ! Es#%z)([=:\s]+[^\s,;\"']{1,200})>HOMELANGPATHLC_ALL PYTHONPATHzfrozenset[str]_ENV_WHITELIST )hoursct|tr|n t|}tjd|}tjd|}|S)uTOKEN_KEY_HINTS 관련 raw 토큰을 ***MASKED***로 치환. - ghp_ / ghs_ / github_pat_ prefix 뒤 영숫자_- → ***MASKED*** - 나머지 키워드: KEY=value / KEY:value 패턴의 value → ***MASKED*** - lowercase 비교. 너무 공격적이지 않게. ***MASKED***cT|jd|jddzdzS)Nrr/)group)ms r$z _sanitize_text..Ks$aggajm)Cn)T) isinstancer _TOKEN_PREFIX_REsub _KEY_VALUE_RE)textresults r$_sanitize_textr=@sCdC(4c$iD  ! !.$ 7F   TV\ ]F Mr6cni}tD])}tjj|}|%|||<+|S)uRsubprocess env 화이트리스트 — PATH/HOME/LANG/LC_ALL/PYTHONPATH 만 통과.)r+osenvironget)envkeyvals r$_env_whitelistrEOs= CjjnnS! ?CH Jr6ceZdZUdZeZded<eZded<ddddd ddZ d dd Z dd Z efdd Z d dd Z d dd Z d ddZ ddZ d ddZy)PostMergeSmokeRunneruANU v2 post-merge smoke 실행 + 독립 evidence marker 박제 v0. BOT squash merge 직후 main 기준 smoke 실행 후 결과를 memory/events/.smoke-evidence (jsonl) 독립 marker로 박제. 회장 §명시 (2026-05-10): - md/report fallback 절대 금지 - 실제 runner output / marker / exit code 기준으로만 판정 - smoke exit_code != 0 → Critical 7종 #7 (post-merge smoke failure) 분류 - one-way isolation: anu_v2 외부 import 금지 Critical 7종 매핑: #1 token raw 노출, #2 chat ID isolation 깨짐, #3 expected_files 외 수정, #4 owner_pat / admin override, #5 force / rebase, #6 manual .done 조작, #7 post-merge smoke failure ← 본 모듈 책임 r r r r N)subprocess_runnercapabilities_loaderclockworkspace_rootc||ntj|_||n |j|_||nd|_|||_yt d|_y)u주입 가능한 외부 부수효과 callable 초기화. Args: subprocess_runner: subprocess.run 대체. None이면 subprocess.run 사용. capabilities_loader: memory/capabilities/.json 읽고 smoke_command 반환. None이면 _default_capabilities_loader 사용. clock: 현재 시각 반환 callable. None이면 KST datetime.now. workspace_root: 작업 루트 디렉토리. None이면 /home/jay/workspace. Nc6tjtS)N)tz)rnow_KSTr6r$r5z/PostMergeSmokeRunner.__init__..s.r6z/home/jay/workspace) subprocessrun_subprocess_runner_default_capabilities_loader_capabilities_loader_clockr_workspace_root)selfrHrIrJrKs r$__init__zPostMergeSmokeRunner.__init__osn$"3!> JNN $7#B 22 ! &E. -8N +, r6c |tk(sJd|sJdt|dk7rtdt|d|d} |jgdddd t |j  }|j d k(r|jj}|s |j|||} d | ddd d d|ddd S|j|||} |j| } | d} | d} | d} | d}t| dd}t|dd}| d k(rd|j||| |t|}d} |j||}d}d} |j!|d }dt| | | |||||d||d Sdt| | | ||||dt"d S#t$rd}YwxYw#t$rd t| | | ||||ddd cYSwxYw#t$r!}tt |dd}Yd}~d}~wwxYw)u BOT squash merge 직후 호출. main checkout → smoke 실행 → marker 박제. Args: task_id: e.g. "task-2537" merge_commit: full SHA40 (e.g. "da3d568aeabc29d48c9322829f36918442fa3e17") expected_files: PR의 expected_files 목록 (smoke가 이 파일들을 다루는지 검증용) smoke_command: task config 우선. None 시 smoke_profile 또는 DEFAULT_SMOKE_PROFILE smoke_profile: e.g. "tests/smoke/test_smoke_baseline.py" chat_id: 6937032012 격리 어설션 Returns: { "outcome": "PASS" | "FAIL" | "EVIDENCE_INCOMPLETE", "command": str, "exit_code": int, "duration_seconds": float, "stdout_summary": str (max 1024 chars), "stderr_summary": str (max 1024 chars), "main_head": str (resolved at run time), "merge_commit": str (input, 일치 검증), "smoke_evidence_marker_path": str | None, "critical_seven_classification": int | None # 7 if FAIL, else None } Side effects: - PASS 시 memory/events/.smoke-evidence (jsonl) 생성 내용: {task_id, merge_sha, outcome="probe_pass", ts, tests, build_ok, test_ok, command, exit_code, duration_seconds} - FAIL 시 marker 미생성, 호출자에게 critical_seven_classification=7 반환 - md/report 본문 분석 절대 금지 (회장 §명시) u0chat_id != 6937032012 (cross-chat 누출 차단)ztask_id must not be empty(z,merge_commit must be full SHA40 (got length z): N)gitz rev-parsez origin/mainTF)capture_outputr;checkcwdrEVIDENCE_INCOMPLETE) outcomecommand exit_codeduration_secondsstdout_summarystderr_summary main_head merge_commitsmoke_evidence_marker_pathcritical_seven_classificationrerfstdoutstderri)expected_files_countapplyPASS) rcrdrerfrgrhrirjrkrlworktree_cleanup_summaryworktree_cleanup_errorFAIL)rlen ValueErrorrTr rX returncodermstrip Exception_resolve_smoke_command_execute_smoker=_build_smoke_evidence_write_smoke_evidence_markerOSError'run_post_merge_worktree_cleanup_dry_runr)rYtask_idrjexpected_files smoke_command smoke_profilechat_idri git_resultrdexecution_resultreduration stdout_raw stderr_rawrgrhevidence marker_pathcleanup_summary cleanup_errores r$run_post_merge_smokez)PostMergeSmokeRunner.run_post_merge_smokesP/)]+]])333w |  ">sQQTUaTde  !%  003#,,- 1J$$)&--335 11'=-XG0"!$("$"$! ,.215  --g}mT ..w7)+6 *+=>*84 *84 ' 3ET:' 3ET: >11'7%(%82H'+K "??R ,0O(,M ="&"N"Nw^c"N"d ")'2&$,"0"0& ,.915,;*7  "")'2&$,"0"0& ,.21]  a I T 4-g6!*(0&4&4!*$02659   & = .s1v 6t <  =s=AF6F$ G  F! F!$GG G3G..G3c||r|S|j|}|r|jdr|dS|rd|SdtS)u%smoke command 결정 우선순위: 1. 명시 smoke_command 입력 2. task config (memory/capabilities/.json::smoke_command) 3. smoke_profile 입력 → f"python3 -m pytest {smoke_profile}" 래핑 4. f"python3 -m pytest {DEFAULT_SMOKE_PROFILE}" rzpython3 -m pytest )rVrAr )rYrrrcapss r$r|z+PostMergeSmokeRunner._resolve_smoke_command,s[  ((1 DHH_-( ( ' 7 7$$9#:;;r6c |j} |jtj|dddt |j |t }|j}||z j}||j|jxsd|jxsd|dS#tj$r|dddt|dcYSwxYw)u/subprocess.run으로 실행. timeout / exit_code / stdout / stderr / duration 반환. - check=False (FAIL 시 Critical 7종 분류 위해 raise 안 함) - text=True - cwd=workspace root - env에서 token/key 노출 0 어설션 (env 화이트리스트만 통과) TF)r^r;r_r`timeoutrBrb)rdrermrnrf|z )rWrTshlexsplitr rXrE total_secondsryrmrnrRTimeoutExpiredfloat)rYrdrt_startproct_endrs r$r}z#PostMergeSmokeRunner._execute_smokeIs++- ** G$#,,-"$+DKKME668H"!__++++++$,  (( " %%$)'N   sBB))$CCc|d}|d}|d}t||d|jjt|d|ddt|||t|||d S)umarker 본문 dict 생성. task-2524 박제 형식 1:1 호환. format: { "task_id": "task-XXXX", "merge_sha": "", "outcome": "probe_pass", "ts": "", "tests": " exit=", "build_ok": bool, "test_ok": bool, "command": str, "exit_code": int, "duration_seconds": float, "main_head": str, "merge_commit": str, "expected_files_count": int, # smoke가 다뤄야 할 expected_files 수 (검증 hook) } 토큰 raw 0 / chat_id 0 / API key 0 (회장 §명시 박제 원칙) rdrerf probe_passz exit=T) r merge_sharctstestsbuild_oktest_okrdrerfrirjro)r=rW isoformat) rYrrjrrirordrers r$r~z*PostMergeSmokeRunner._build_smoke_evidenceos8#9-$[1 #$67&g.%#++-))+#wivi[$AB%g." (' 2($8  r6c^d|vr|dtk(sJd|j|z |dz }|jjddt |dd5}|j t j|d d zd d d t|jS#1swY"xYw) umemory/events/.smoke-evidence 작성 (jsonl). idempotent: 기존 marker 존재 시 append (덮어쓰기 X). chat_id != 6937032012 record 절대 작성 X. Args: task_id: e.g. "task-2539" evidence: _build_smoke_evidence 반환값 marker_dir: workspace_root 기준 상대 경로 Returns: marker 절대 경로 str ru9chat_id != 6937032012 — cross-chat record 작성 차단z.smoke-evidenceT)parentsexist_okautf-8encodingF) ensure_ascii N) rrXparentmkdiropenwritejsondumpsr resolve)rYrr marker_dirrfs r$rz1PostMergeSmokeRunner._write_smoke_evidence_markers(  I&/9 K 9**Z7WI_:UU    =+sW 5 E GGDJJxe.json 읽고 smoke_command 키 반환. 파일이 없거나 읽기 실패 시 None 반환. memory capabilitiesz.jsonrrN)rXrrloadrJSONDecodeError)rYr caps_pathrs r$rUz1PostMergeSmokeRunner._default_capabilities_loaderss ((83nD'RWGXX  i'2 $ayy| $ $ $--.  s- AA AA AAA.-A.c ddlm}m ||j|j|j }|j |}t fd|D}td|D}td|D}td|D} td |D} dd lm } ||t||||| | |j j|D cgc] } | |  c} d Scc} w) upost-merge 후 worktree cleanup dry-run 1회 시도. Args: task_id: 현재 머지된 task_id (참고용 — cleanup은 전체 worktree 대상) apply: 실제 삭제 여부. 기본 False (dry-run). True 시 회장 별도 승인 의미. Returns: { "task_id": str, "apply": bool, "total_worktrees": int, "cleanup_candidates": int, # safety 1~5 PASS + not main + not dirty (apply_explicit 제외) "applied_count": int, # 실제 삭제된 수 "skipped_count": int, "dirty_skipped": int, "main_protected": int, "ts": str, "results": list[dict], # 각 worktree CleanupResult.asdict() } Side effects: - dirty worktree skip 시 memory/events/worktree-cleanup-skipped--.json 작성 - apply=True 시 git worktree remove 실행 task-2550+1 medium fix (cleanup_candidates 산정): - 기존 `r.all_safe` 는 dry-run 에서 항상 False (apply_explicit FAIL) → cleanup_candidates 항상 0 으로 가시성 상실. - 신규: `is_safe_ignoring_apply(r)` helper 사용 — safety 1~5 PASS + not main + not dirty 로 산정 (apply_explicit 단독 FAIL 은 dry-run 정상 동작이므로 candidate 카운트에서 분리). r)WorktreeCleanupis_safe_ignoring_apply)rHrJrKrpc34K|]}|s dywr1NrQ)r"rrs r$r%zOPostMergeSmokeRunner.run_post_merge_worktree_cleanup_dry_run..&s Qq7Ma7P Qs c3:K|]}|jsdywr)appliedr"rs r$r%zOPostMergeSmokeRunner.run_post_merge_worktree_cleanup_dry_run..'.(rrc3:K|]}|jsdywr)dirtyrs r$r%zOPostMergeSmokeRunner.run_post_merge_worktree_cleanup_dry_run..)s:!!''A:rc3:K|]}|jsdywr)is_mainrs r$r%zOPostMergeSmokeRunner.run_post_merge_worktree_cleanup_dry_run..*s=1199Q=r)asdict) rrqtotal_worktreescleanup_candidates applied_count skipped_count dirty_skippedmain_protectedrresults) anu_v2.worktree_cleanuprrrTrWrXcleanup_all_dry_runsum dataclassesrrwr)rYrrqrcleanuprrrrrrrrrs @r$rzrs # 22BsA s !!45,c5*D"CD$2::/MM  sxxEoEEEH"" "++[!\\ "# ^ ^ r6