wjkdZddlmZddlZddlmcmZddl Z ddl m Z ddl Z ddl mZddlmZmZmZmZdZddZd d dd Zd Zd ZdZdZy)utask-2554+2 §5 신규 fixture #5: OWNER_GEMINI_TRIGGER_TOKEN env 부재 시 FAILED + audit. 회장 §명시 (2026-05-12): token_provider 가 빈 문자열을 반환하면 TokenBoundaryViolation 즉시 발생. http_post 0회. audit 에 PENDING 등 사전 기록도 발생하지 않음. 추가: env_override 에 BOT_GITHUB_TOKEN / GH_TOKEN / GITHUB_TOKEN / OWNER_PAT / PAT_TOKEN 등 forbidden token env 가 명시 전달되면 TokenBoundaryViolation. fallback 절대 X. ) annotationsN)Path)OwnerTriggerAudit)FORBIDDEN_TOKEN_ENV_NAMESOwnerTriggerOnlyTOKEN_ENV_NAMETokenBoundaryViolation(aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaac dddtdddddddd }|d z }|jtj|d |S) Nz anu_v2.owner_trigger_decision.v1ztask-2554+2-testiTFr"POST_GEMINI_REVIEW_TRIGGER_COMMENTz/gemini review) schematask_idpr current_head queue_headcurrent_head_confirmedgemini_evidence_freshnudge_count_for_pr_headallowed_action comment_bodyallowedz decision.jsonzutf-8)encoding)_HEAD_A write_textjsondumps)tmp_pathdecisionps H/home/jay/workspace/anu_v2/tests/test_owner_trigger_token_unavailable.py_write_decisionr"sT4%"&!&#$>( H ?"ALLH%L8 Hz owner-tokentokencXgt|}fd}t||fd|}||fS)NcHj||t|dddiS)N)methodpathbodystatus)appenddictr(r)r*headerspostss r! http_postz _build_module..http_post4s$ d4jIJ#r#cSNr$sr!z_build_module..;sur#workspace_rootr2token_provideraudit)rr)rr%r:r2modr1s ` @r! _build_moduler<0s>E h 'E $  C u r#c"t|}t|d\}}}tjtt 5|j |ddtdddg}||k(}|stjd|fd ||fd tjvstj|rtj|nd tj|d z}d d |iz}ttj|dx}}y#1swYxYw)uOtoken_provider 가 빈 문자열 → TokenBoundaryViolation 즉시 fail-closed.r$matchor decision_pathownerrepocurrent_head_actualN==z%(py0)s == %(py3)sr1py0py3assert %(py5)spy5)r"r<pytestraisesr rtrigger_gemini_reviewr @pytest_ar_call_reprcompare @py_builtinslocals_should_repr_global_name _safereprAssertionError_format_explanation) rrDr;r1r: @py_assert2 @py_assert1 @py_format4 @py_format6s r!0test_empty_token_raises_token_boundary_violationr_As#H-M%hb9C -^ D  !!' ' "  5B;5B55B  s DDc: t|}g t|} fd}t||d|}tjt 5|j |ddtdddg} |k(}|stjd|fd |fd tjvstj rtj nd tj|d z}d d |iz}ttj|dx}}y#1swYxYw)uNtoken_provider 가 None / int / dict 반환 시도 → TokenBoundaryViolation.c2jd|iddiSNr(r+r,r-r/s r!r2zHtest_non_string_token_raises_token_boundary_violation..http_postV h'(#r#cyr4r5r5r#r!r6zGtest_non_string_token_raises_token_boundary_violation..]r#r7rArBrCNrHrJr1rKrNrO)r"rrrPrQr rRrrSrTrUrVrWrXrYrZ) rrDr:r2r;r[r\r]r^r1s @r!5test_non_string_token_raises_token_boundary_violationrgPs#H-ME h 'E #  C - .  !!' ' "  5B;5B55B  s DDc 6t|}t|\}}}tD]D}|di}tjt |5|j |ddt|dddFg}||k(}|stjd|fd||fd tjvstj|rtj|nd tj|d z} d d | iz} ttj| dx}}y#1swYxYw) u^env_override 에 BOT_GITHUB_TOKEN 등 forbidden token 이 명시되면 TokenBoundaryViolation.z do-not-user?rArB)rDrErFrG env_overrideNrHrJr1rKrNrO)r"r<rrPrQr rRrrSrTrUrVrWrXrYrZ) rrDr;r1_ forbiddenrir[r\r]r^s r!>test_forbidden_token_env_in_override_raises_boundary_violationrljs#H-M!(+MC.  !<0 ]]1 C   % %+$+) &    5B;5B55B  s DD c t|}g t|} fd}t||d|}tjt 5|j |ddtdddt|j}g}||k(}|stjd|fd ||fd tjvstj|rtj|nd tj|d z}d d |iz} t!tj"| dx}}g} |k(}|stjd|fd |fdtjvstj rtj ndtj|d z}d d |iz} t!tj"| dx}}y#1swYpxYw)uotoken 부재 시 PENDING/POSTED/FAILED 어느 record 도 audit 에 남지 않음 (transaction 안에서 raise).c2jd|iddiSrbrcr/s r!r2zDtest_empty_token_does_not_record_pending_in_audit..http_postrdr#cy)Nr>r5r5r#r!r6zCtest_empty_token_does_not_record_pending_in_audit..rfr#r7rArBrCNrHrJrowsrKrNrOr1)r"rrrPrQr rRrlist _iter_rowsrSrTrUrVrWrXrYrZ) rrDr:r2r;rpr[r\r]r^r1s @r!1test_empty_token_does_not_record_pending_in_auditrs|sA#H-ME h 'E !  C - .  !!' ' "     " #D42:424425B;5B55B  s GG)rrreturnr)rrr%str)__doc__ __future__rbuiltinsrU_pytest.assertion.rewrite assertionrewriterSrpathlibrrPanu_v2.owner_trigger_auditranu_v2.owner_trigger_onlyrrrr rr"r<r_rgrlrsr5r#r!rsT#  8  &3@" 4$r#