3jUdZddlmZddlZddlZddlZddlZddlmZm Z ddl m Z ddl m Z mZmZmZmZddlZdZdZd Zd Ze ej1j2j2Zed z d z Zd ZdZdZdZdZ dZ!dUdZ"dVdZ#dVdZ$dWdZ%eGddZ&GddZ'dd dXdZ(ddddd d!fd"dd#dd d$fd%dd&dd d'fd(dd)dd d*fd+dd,dd d-fd.dd/dd d0fd1dd2dd d3fd4dd5dd6dfd7dd8dd6dfd9dd:dd6dfd;ddd?d@dd6dfdAddBdCdDd d*fdEddFdGgdHd d-fdIddJdd d3fdKddLdd d$fdMddNdOgdPd d=fgZ)dYdQZ*dZd[dRZ+gdSZ,e-dTk(r e.e+y)\u>anu_v3.critical7_classifier — Critical7 분류기 (task-2611 Track B). 회장 verbatim 2026-05-19 §2: Codex HIGH/HOLD 한 건이 Critical7 (보안·credential·permission·forbidden-path·scope-expansion·merge-write· OWNER PAT) 계열인지 **코드로** 판정한다. Critical7 = CHAIR_HOLD(회장 보고), 아니면 non-Critical → AUTO_REMEDIATION_HOLD 후보. 단일 진실원: ``config/critical7_rules.yaml`` (7 family ruleset). 규칙을 코드에 중복 구현하지 않는다(drift 방지). shared invariant 파손은 Critical7 동급으로 CHAIR_HOLD (회장 §6). Layer A / NO-CRON: 순수 결정 함수. ZERO cron / dispatch / subprocess / cokacdir / GitHub / 파일쓰기. CLI ``--selftest`` 는 실 entrypoint regression (mock-only 면 FAIL — 상수 분류기는 케이스별 verdict 불일치로 탈락). ) annotationsN) dataclassfield)Path)AnyDictListOptionalSequencezanu.critical7_classification.v1PASS CHAIR_HOLDAUTO_REMEDIATION_HOLDconfigzcritical7_rules.yaml)security credential permissionforbidden_pathscope_expansion merge_write owner_pat).z no z(no z no_z(zero z zero z = 0z= 0,z = 0.z =0z==0z == 0z 0 z: 0,z: 0.z: 0 z: 0"zcount=0zcount: 0zcount:0z 0,z 0.z 0 zclaim: 0zclaim:0z is falsez = falsez=falsez false flagu없음u없다u 없습니다u없었u아님u 아닙니다u금지u거부u허위u거짓u 0회u0회의u 0건u0건의u 0개u0개의u절대 사용 불가u 사용 불가) refutationrefutedrefutezfalse positivezfalse-positivezintended_is_critical7=falsezintended_is_critical7: falsez forbidden prohibited()z. z.  z? z! z; z | cd}d} |j||}|dk(r | St|||t|zsd} | S|t|z}I)u keyword 매치가 negation/REFUTATION 문맥에 등장하는지 확인. SAFE 방향만: * 한 문서 안에서 keyword 가 negation 없는 진짜 신호로 한 번이라도 등장 하면(any non-negated occurrence) False — detection coverage 감소 0. * 모든 occurrence 가 negation 또는 구조 REFUTATION 마커와 동반될 때만 True 반환(false-positive 차단). 회장 verbatim §2.3: '0/no/없음/금지/forbidden/refute/false 동반· REFUTATION 패턴 인식'. rFT)find_occurrence_is_negatedlen) hay_lower keyword_lcstartany_non_negatedidxs 2/home/jay/workspace/anu_v3/critical7_classifier.py_keyword_is_negatedr(bss EO nnZ/ "9    &icC O6KL"O  c*o% ct|||S)u=regex 매치의 위치가 negation/REFUTATION context 인지.)r )r" start_idxend_idxs r'_regex_match_is_negatedr-{s !)Y @@r)ctd|tz }tt||tz}|||}t D]}||vsyt |||}tD]}||vsyy)NrTF)max_NEGATION_WINDOW_BEFOREminr!_NEGATION_WINDOW_AFTER_TIGHT_NEGATION_TOKENS_enclosing_sentence_STRUCTURAL_REFUTATION_MARKERS) r"r+r,lo_thi_ttighttoksentencemks r'r r s} q)55 6D s9~w)?? @D d4 E% %< #9iAH, > r)cd}tD]3}|j|d|}|dk7st||t|z}5t|}tD]&}|j ||}|dk7st ||}(|||S)ukeyword 를 둘러싼 한 '문장'을 추출. 문장 경계는 ``. / \n / ? / ! / ;``. 완벽한 NL 문장 분할은 아니지만 false-positive/negative 균형에 충분 — SAFE 방향만(약화 없음). rr)_SENTENCE_BOUNDARIESrfindr/r!rr1)r"r+r, sent_startbpossent_ends r'r4r4sJ !7ooaI. "9Zs1v6J7 9~H !*nnQ( "98S)H* Z ))r)ceZdZUded<ded<ded<ded<ded<ded <ded <d ed <ee Zd ed<eddZddZ y)Critical7Resultstrschema finding_idbool is_critical7is_invariant_breakverdictz Optional[str]matched_rule_idfamily List[str] matched_terms)default_factoryreasonsc(|jtk(SN)rKr selfs r' chair_holdzCritical7Result.chair_holds||z))r)c |j|j|j|j|j|j |j t|jt|jd S)N rFrGrIrJrKrLrMrOrQ) rFrGrIrJrKrLrMlistrOrQrTs r'to_jsonzCritical7Result.to_jsons]kk// --"&"9"9||#33kk!$"4"45DLL)  r)N)returnrH)r[dict) __name__ __module__ __qualname____annotations__rrYrQpropertyrVrZr)r'rDrDsU KO L"" t4GY4 **  r)rDceZdZdZd dZd dZed ddZeddZ eddZ ddZ dd Z dd Z y)Critical7RulesetuQconfig/critical7_rules.yaml 로더 + 분류 엔진. 룰은 yaml 단일 진실원.c||_|jd|_|jd|_|jdddgDchc]}|j c}|_t |jdg|_|jdgDcgc]}|jc}|_ t|jdd |_ |jycc}wcc}w) NrFversionseverity_in_scopeHIGHCRITICALrulesinvariant_break_signalsinvariant_break_is_chair_holdT) rawgetrFrfupperrgrYrjlowerrkrHrl_assert_ruleset_not_weakened)rUrjss r'__init__zCritical7Ruleset.__init__sii) yy+ $yy)RS" AGGI" ,0 '20F+G $yy)BBG( AGGI( $.2 II5t <. * ))+" ( s C-C2c|jDchc]}|jd}}tDcgc] }||vs| }}|r tddj |zdzycc}wcc}w)NrMu2Critical7 ruleset weakened — missing family(s): , u0 (회장 §5 분류 기준 임의 약화 금지))rjrnCRITICAL7_FAMILIES ValueErrorjoin)rUrpresentfmissings r'rqz-Critical7Ruleset._assert_ruleset_not_weakenedsu,0JJ7q155?770EAW4D1EE D))G$%DE  8EsA$ A)A)Nc|r t|nt}t|dd5}|tj|cdddS#1swYyxYw)Nryutf-8encoding)r_DEFAULT_RULESopenyaml safe_load)clspathpfhs r'loadzCritical7Ruleset.loadsCDJN !S7 + +rt~~b)* + + +s AAcZg}dD]0}|j|}|s|jt|2dD]_}|j|}|st|tt fr|j d|DF|jt|adj|S)N)messagetexttitledetailactionsummary)pathsfilesrfilec32K|]}t|ywrS)rE.0xs r' z-Critical7Ruleset._haystack..s0SV0s )rnappendrE isinstancerYtupleextendrx)findingpartskeyvpkeypvs r' _haystackzCritical7Ruleset._haystacksN %C C A SV$ %7 &DT"B"tUm, 0R00 SW% &{{5!!r)cg}dD]m}|j|}t|ttfr|j d|DC|sF|j t |jo|S)N)category categoriesruletypetagtagsc3NK|]}t|jywrS)rErprs r'rz/Critical7Ruleset._categories..s6qCFLLN6s#%)rnrrYrrrrErp)rcatsrrs r' _categorieszCritical7Ruleset._categoriessdL ,C C A!dE]+ 6A66 CFLLN+  ,  r)cL|j|j}|dzdj|j|z}t j dd|}g}|j D]6}|st j dd|}||vs||vs&|j|8|S)Nrz[-_]+ )rrprxrresubrkr)rUrblobnormhitssigsig_norms r'detect_invariant_breakz'Critical7Ruleset.detect_invariant_break s~~g&,,.f}v{{4+;+;G+DEEvvhT*// !CvvhS1Hd{h$. C  !  r)cg}|jdixsi}|jdgxsgD]2}t|j|vs|jd|4|jdgxsgD]D}|st|j}||vs$t ||r1|jd|F|jdgxsgD]X} t j | |} | r=t|| j| js|jd| Z|S#t j$rYrwxYw)Nmatchrz category:keywordszkw:regexzre:) rnrErprr(rsearchr-r$enderror) rUrr"rrmcatkwkw_lcrxm_objs r' _rule_matchzCritical7Ruleset._rule_matchsE HHWb ! 'R55r*0b /C3x~~4' iu-. /%% B'-2 (BGMMOE !*=i*O c"J'  ( %%$* B  "i0!8u{{}eiik"KK#bT +   88  sAD44E  E c  t|jdxs|jdxsd}t|jddj}g}|j|}|rK|jr?|j ddj |ztt|ddtd d || S||jvrG|j d |d t|jdtt|ddtddg| S|j|j}|j|}|j D]}|j#|||} | s|j d|jdd|jddtt|ddt|jd|jd| | cS|j dtt|ddtddg| S)NidrGunknownseverityrhuDshared invariant 파손 = Critical7 동급 CHAIR_HOLD (회장 §6): ruTINVARIANT_BREAKinvariant_breakrXz severity z not in scope u — Critical7 후보 아님FuCritical7 매치 rule=z family=rMz -> CHAIR_HOLDuoCritical7 어느 rule 에도 미매치 — non-Critical (AUTO_REMEDIATION_HOLD 후보, 회장 §3 자동수렴))rErnrorrlrrxrDCLASSIFIER_SCHEMAr rgsortedr rrprrjr) rUrfidrrQinvr"rrrs r'classifyzCritical7Ruleset.classify<s'++d#Mw{{<'@MINw{{:v67==?))'2 455 NNV))C.! #(!#'" 1(!   411 1 NNH:^F4;Q;Q4R3S./ #("#( $   NN7+113 (JJ D##D)T:D,TXXd^,<="hhx01A',"!%',&$(HHTN88H-"&#   &  F $$   r))rjDict[str, Any])r[NonerS)rzOptional[Path]r[z'Critical7Ruleset')rrr[rE)rrr[rN)rrr"rErz Sequence[str]r[rN)rrr[rD)r]r^r___doc__rsrq classmethodr staticmethodrrrrrrbr)r'rdrds{[,"++ ""*("/2:G .s!T!W!sz1mock_only_guard: ruleset has no non-critical casezruleset weakened: zanu_v3.critical7_classifierrr FAILT) modulerFrruleset_versioncasespassedfailuresrKmock_only_would_failF ensure_asciiindentr)rdr_SELFTEST_CASESrrIrrMrKr anyrqrwrrEr relative_to_ROOTrfr!printjsondumps) rrrexp_c7 exp_familyryconst_chair_would_faileresults r' _selftestrs    BH'6 # KK  >>V # OO4=/0@ 6(S   !ahh*&< OO4=/188*JzlK  aii:- OO4=/AII;6JK  "!!"1! "KL2 '') 0#~11%89::_%2:#o&*!)6v $ F $**V% :;1#!# 2,QC0112sF G'GGc&tjd}|jddd|jdtdd |jd tdd |j | t |nd}|j r tS|jr%t|jjd ntjj}tj|}t j#|j$rt|j$nd}t'|t r|n|g}|Dcgc]!}|j)|j+#}}t-tj.|ddycc}w)Nz(Critical7 classifier (task-2611 Track B)) descriptionz --selftest store_trueu 실 entrypoint regression 실행)rhelpz--inputu,finding JSON 파일 경로 (없으면 stdin))rdefaultrz--rulesu$critical7_rules.yaml 경로 overrider~rFrrr)argparseArgumentParser add_argumentrE parse_argsrYselftestrinputr read_textsysstdinreadrloadsrdrrjrrrZrr) argvapargsrmpayloadrfindingsr{outs r'_mainrsB  -W XBOOL;=OOICGIOOIC?A ==t'7dT BD }}{jj   % %w % 7!iinn.jjoG   4::tDJJ/4 HB$Wd3w'H-5 62;;q> ! ! # 6C 6 $**SuQ 78  7s&F)rr r rrvrDrdr__main__)r"rEr#rEr[rH)r"rEr+intr,rr[rH)r"rEr+rr,rr[rE)rrrzOptional[Critical7Ruleset]r[rD)r[rrS)r zOptional[Sequence[str]]r[r)/r __future__rrrrr dataclassesrrpathlibrtypingrrr r r rrr r r__file__resolveparentrrrvr3r5r0r2r=r(r-r r4rDrdrrrr__all__r] SystemExitrbr)r'rs# (66 5   / X ''..!$::4("D2A "**     :C C NGK  )C   DF : &CE < &FH < &CE  6HJ  646 = <> ; JL D &DF D 6BD D GI  57 D 7  &6+,.  f>@ ; v<> < V+'(* k9x,$^ .  z UW r)