9jdZddlmZddlZddlmcmZddl Z ddl m Z ddl Z e e jjdZeee j$vr"e j$j'deeddlmZddlmZddlmZdd lmZdd lmZmZmZdd l m!Z!m"Z"m#Z#m$Z$m%Z%d Z&dd Z'dZ(dZ)dZ*e jVjYdgddZ-dZ.dZ/dZ0dZ1dZ2dZ3dZ4dZ5y)u#task-2556 §11 — OWNER token 부재 시 TokenBoundaryViolation 회귀. 회장 §명시 2026-05-12 §11: "token boundary 검증 — BOT_GITHUB_TOKEN 으로 /gemini review 호출 차단 + OWNER token actor 검증" 검증 포인트: 1. env 가 None 이면 TokenBoundaryViolation. 2. env 에 OWNER_GEMINI_TRIGGER_TOKEN 누락이면 TokenBoundaryViolation. 3. env 에 BOT_GITHUB_TOKEN 이 있으면 TokenBoundaryViolation. 4. env 에 GH_TOKEN/GITHUB_TOKEN/OWNER_PAT/PAT_TOKEN 어느 것이라도 있으면 violation. 5. 빈 문자열 token 도 violation. 6. fixture (executor_token_unavailable.json) 결과 어셀션. 7. token 부재 시 http_post 호출 0, decision.json 미생성. 8. 또한 polling_policy long polling 게이트 통합 — bot session 종료 후 재진입 확인. ) annotationsN)Path)ExecutorSchedulerIdlePRSnapshot)MergeQueueExecutor)OwnerTriggerAudit)OwnerTriggerOnlyTokenBoundaryViolationassert_scheduler_token_boundary)BotSessionExitRequired PollingState MAX_RECHECKSadvance_recheck must_exit_nowc$tddddddS)N(aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaztask/task-2556-dev5z2026-05-12T10:00:00+00:00T)numberhead_shahead_ref created_atgemini_reviewsci_required_all_successrrC/home/jay/workspace/anu_v2/tests/test_executor_token_unavailable.py_snapr0s! &. $  rc gfd}t||dt|}t||dz dz d|tddd d | d d }|fS)Nc4j||dddiS)N)pathbodyid)append)methodr"r#headers http_callss r http_postz"_make_scheduler..http_post>s 467ayrcy)N"ghp_x_xxxxxxxxxxxxxxxxxxxxxxxxxxxxrrrrz!_make_scheduler..Er)workspace_rootr*token_providerauditmemoryeventsctgSN)rrrrr-z!_make_scheduler..Ks 57)rciSr5r)aes rr-z!_make_scheduler..Ns2rcy)Nr)r7s rr-z!_make_scheduler..Or.rcy)Nrrps rr-z!_make_scheduler..Pr.rcyr5rr<s rr-z!_make_scheduler..Qr.r) gh_runner git_runner pytest_runner audit_writer task_md_rootor)r/ decision_dirsnapshot_provider owner_triggermerge_executorownerrepo)r r rr )tmp_pathr*runner schedulerr)s @r_make_schedulerrO;swJC) F "(83+)%#%'!   I j  rcvtjt5tddddy#1swYyxYwr5)pytestraisesr r rrr-test_env_none_raises_token_boundary_violationrSYs, - ..'-...s /8ctjt5}tidddd}j}t |}||v}|s t jd|fd||ft j|dtjvst jt rt jt nddtjvst j|rt j|ndt j|t j|dz}dd|iz}tt j|dx}x}x}}y#1swY=xYw) NOWNER_GEMINI_TRIGGER_TOKENinzK%(py1)s in %(py8)s {%(py8)s = %(py3)s(%(py6)s {%(py6)s = %(py4)s.value }) }strexcpy1py3py4py6py8assert %(py10)spy10rQrRr r valuerY @pytest_ar_call_reprcompare _saferepr @py_builtinslocals_should_repr_global_nameAssertionError_format_explanationrZ @py_assert0 @py_assert5 @py_assert7 @py_assert2 @py_format9 @py_format11s r-test_env_missing_owner_token_raises_violationrt^s - .,#'+, '9syy93y>9 '> 9999 '>999 '99999939993999999s999s999y999>9999999,,s E!!E+ctjt5}tddddddd}j}t |}||v}|s t jd|fd||ft j|dtjvst jt rt jt nddtjvst j|rt j|ndt j|t j|d z}d d |iz}tt j|dx}x}x}}y#1swY=xYw) N ghp_bot_xxxxghp_owner_xxxxBOT_GITHUB_TOKENrUryrVrXrYrZr[rarbrcrms r+test_env_bot_token_present_raises_violationrzds - . #' .*:)   /SYY/Y/  //// /// ///////////////S///S///Y//////////   s E$$E.forbidden_env_name)ryGH_TOKEN GITHUB_TOKEN OWNER_PAT PAT_TOKENc6tjt5}t|dddidddj}t |}||v}|s7t jd|fd||fdtjvst j|rt j|nddtjvst jt rt jt nddtjvst j|rt j|ndt j|t j|d z}d d |iz}tt j|dx}x}}y#1swYfxYw) NxrUrwrV)zK%(py0)s in %(py7)s {%(py7)s = %(py2)s(%(py5)s {%(py5)s = %(py3)s.value }) }r{rYrZ)py0py2r]py5py7zassert %(py9)spy9)rQrRr r rdrYrerfrhrirjrgrkrl)r{rZ @py_assert4 @py_assert6 @py_assert1 @py_format8 @py_format10s r&test_all_forbidden_token_names_blockedrms - . #'  (*:)   &)YY/Y/  //// ////// /// ///////////////S///S///Y//////////   s FFc ^tjt5}tddidddd}j}t |}|j }|}||v}|s2tjd|fd||ftj|dtjvstjt rtjt nddtjvstj|rtj|ndtj|tj|tj|tj|dz}d d |iz}ttj|dx}x}x}x}x}}y#1swY|xYw) NrUr:emptyrV)z%(py1)s in %(py12)s {%(py12)s = %(py10)s {%(py10)s = %(py8)s {%(py8)s = %(py3)s(%(py6)s {%(py6)s = %(py4)s.value }) }.lower }() }rYrZ)r\r]r^r_r`rbpy12zassert %(py14)spy14)rQrRr r rdrYlowerrerfrgrhrirjrkrl) rZrnrorp @py_assert9 @py_assert11rq @py_format13 @py_format15s r(test_empty_string_token_raises_violationrzs  - .L#')Er(JKL ,#)),c)n,n**,*,,7, ,,,,7,,,,7,,,,,,c,,,c,,,,,,#,,,#,,,),,,n,,,*,,,,,,,,,,,,LLs F""F,c0t|\}}tjt5|j iddddt |}d}||k(}|st jd|fd||fdtjvst jt rt jt nddtjvst j|rt j|ndt j|t j|dz}d d |iz}tt j|dx}x}}|d z d z d z }|j} | } | }|sddtjvst j|rt j|ndt j| t j| dz} tt j| dx} x} }y#1swYxYw)N2026-05-12T11:00:00+00:00envnowr==z0%(py3)s {%(py3)s = %(py0)s(%(py1)s) } == %(py6)slenr)rr\r]r_assert %(py8)sr`r2r3z%task-2556.owner_trigger_decision.jsonzEassert not %(py4)s {%(py4)s = %(py2)s {%(py2)s = %(py0)s.exists }() } decision_path)rrr^)rOrQrRr run_one_cyclerrerfrhrirjrgrkrlexists) rLrNr)rqror @py_format7rrrr @py_assert3 @py_format6s r*test_run_one_cycle_blocks_when_env_missingrsU+H5Iz - .IB,GHI z?a?a ?a33zz?ax'(25\\M##%#%%% %% %%%%%%}%%%}%%%#%%%%%%%%%% IIs H  Hct|\}}tjt5|j dddddddt |}d}||k(}|st jd|fd||fd tjvst jt rt jt nd d tjvst j|rt j|nd t j|t j|d z}d d |iz}tt j|dx}x}}y#1swYxYw)Nrvrwrxrrrrrrr)rrr`)rOrQrRr rrrerfrhrirjrgrkrl)rLrNr)rqrorrrrs r1test_run_one_cycle_blocks_when_bot_token_injectedrs+H5Iz - . $2.>,    z?a?a ?a33zz?a  s EE"c ddl}ttjjddz dz }|j |j d}|dD]}|d}tjt5}t|ddd|d }|j}|}j} t| } | j} | } || v} | stjd | fd || ftj |tj |tj |d t#j$vstj&trtj tnd d t#j$vstj&|rtj |nd tj | tj | tj | tj | d z}tj(d|dd|d d|jdzd|iz}t+tj,|dx}x}x}x} x} x} x} } y#1swYxYw)Nrr%fixtureszexecutor_token_unavailable.jsonzutf-8)encoding env_casesrexpected_message_containsrV)z%(py5)s {%(py5)s = %(py3)s {%(py3)s = %(py1)s.lower }() } in %(py16)s {%(py16)s = %(py14)s {%(py14)s = %(py12)s {%(py12)s = %(py7)s(%(py10)s {%(py10)s = %(py8)s.value }) }.lower }() }rYrZ) r\r]rrr`rbrrpy16zcase=labelz : expected z in z >assert %(py18)spy18)jsonr__file__resolveparentsloads read_textrQrRr r rrdrYrerfrgrhrirj_format_assertmsgrkrl)r fixture_pathfixturecaserrZrnrqrrr @py_assert13 @py_assert15r @py_format17 @py_format19s r.test_token_unavailable_fixture_cases_all_raisers X ((+j8;\\jj///ABG $d5k ]]1 2 1c +C 0 1 , - d - 3 3 d 3 5 d=@YY d9A d dZcZc>A d dZcZc>G d dZcZc:H d dZcZc:N d dZcZc:P d dRcRcU4=/T2M-N,QQUVYV_V_Ub c d d dPcPc d d d d d 1 1s = I77J c6tdd}t|}|j}d}||k(}|stjd|fd||fdt j vstj|rtj|ndtj|tj|dz}d d |iz}ttj|d x}x}}tjt5t|d d d y #1swYy xYw) uIrecheck 1 회 후 즉시 봇 종료, 다음 cycle 은 외부 cron 책임.riX rechecks_doneelapsed_secondsr%r)z5%(py2)s {%(py2)s = %(py0)s.rechecks_done } == %(py5)sstate_after_first)rrrzassert %(py7)srN)rrrrerfrhrirjrgrkrlrQrRr)staterrrrrrs r1test_bot_session_exit_required_after_max_rechecksrs q# >E'.  * */a/ *a //// *a////// /// /// *///a/////// - .+)*+++s : DDcDttd}t|}d}||u}|stjd|fd||fdt j vstjtrtjtnddt j vstj|rtj|ndtj|tj|dz}d d |iz}ttj|dx}x}}y) NrrT)is)z0%(py3)s {%(py3)s = %(py0)s(%(py1)s) } is %(py6)srrrrr`) rrrrerfrhrirjrgrkrl)rrqrorrrrs r'test_must_exit_now_at_max_rechecks_truers |Q GE  '4' 4 '''' 4''''''='''='''''''''''' '''4'''''''rct|\}}ttd}tjt 5|j ddid|dddt|}d}||k(}|stjd|fd||fd tjvstjtrtjtnd d tjvstj|rtj|nd tj|tj|d z}d d |iz}ttj|dx}x}}y#1swYxYw)NrrrUghp_x_xxxxxxxxxxxxxxxxxxxxr)rrcycle_polling_staterrrr)rrr`)rOrrrQrRrrrrerfrhrirjrgrkrl) rLrNr) exit_staterqrorrrrs r4test_run_one_cycle_raises_when_already_at_exit_staters+H5IzL!LJ - . -/KL+ *   z?a?a ?a33zz?a   s E))E3c t|\}}|jddidt|}d}||k(}|stjd|fd||fdt j vstjtrtjtndd t j vstj|rtj|nd tj|tj|d z}d d |iz}ttj|d x}x}}|jddid}|jd} | j}d}||k(}|stjd|fd||ftj| tj|tj|dz}d d |iz}ttj|d x} x}x}}t|}d}||k(}|stjd|fd||fdt j vstjtrtjtndd t j vstj|rtj|nd tj|tj|d z}d d |iz}ttj|d x}x}}y )ustate persisted markers 기반 재진입 확인 (회장 §12). 1st cycle 종료 후 audit JSONL + decision.json + POSTED marker 가 박제되어 2nd cycle (외부 cron) 이 동일 (pr, head) 를 보면 SAME_HEAD_DEDUPED 로 fail-closed. rUrrrr%rrrr)rrr`Nz2026-05-12T11:05:00+00:00rSAME_HEAD_DEDUPED)z.%(py3)s {%(py3)s = %(py1)s.action } == %(py6)s)r\r]r_) rOrrrerfrhrirjrgrkrl pr_actionsaction) rLrNr)rqrorrrrresult2rns r3test_scheduler_audit_persists_for_next_cycle_resumers ,H5Iz  )+G H ' z?a?a ?a33zz?a%% )+G H '&G   a > ' '>+>> '+> >>>> '+>>>> >>> '>>>+>>>>>>>> z?a?a ?a33zz?ar)rLrreturnztuple[ExecutorScheduler, list])6__doc__ __future__rbuiltinsrh_pytest.assertion.rewrite assertionrewriteresyspathlibrrQrrrWORKSPACE_ROOTrYr"insertanu_v2.executor_schedulerranu_v2.idle_pr_diagnoserranu_v2.merge_queue_executorr anu_v2.owner_trigger_auditr anu_v2.owner_trigger_onlyr r r anu_v2.polling_policyrrrrrrrOrSrtrzmark parametrizerrrrrrrrrrrrrs"#  h'')11!4~chh&HHOOAs>*+73:8 !<. : 0N0 0- &   d$+(   r