>'jYUdZddlmZddlZddlZddlmZmZddlmZm Z m Z ddl m Z dZ ded <d Zded <d Zded <dZded<dZded<dZded<dZded<dZded<dZded<GddeZd9dZd:dZd;dZdd"Zd?d#Zd:d$Z d:d%Z!d@d&Z"dAd'Z#dBd(Z$dCd)Z%dCd*Z&dCd+Z'dAd,Z(d:d-Z) dDd.Z*dEd/Z+ dFd0Z, dGd1Z-dAd2Z.d3Z/ded4<dHd5Z0d6d7 dId8Z1y)Juanu_v3.pre_authorized_contract_deriver — PRE_AUTHORIZED contract auto-derivation (task-2553+5). 회장 §2/§12 verbatim 박제: GO-ready packet 을 사람이 손으로 contract 로 옮기지 않도록, **검증 가능한 evidence** 에서 ``pre_authorized_action_contract`` 를 자동 생성한다. gate decision 이 ALLOW 일 때만 (별도 binding 모듈이) clean replacement PR open executor 로 연결한다. 본 모듈 한정 책임 (fail-closed, 순수 함수, 부작용 0): - evidence bundle (schemas/pre_authorized_evidence_bundle.schema.json) 소비 - 9-R.2 normative derivation matrix 로 gate contract 전 field 기계 도출 - self-assertion 차단: GO-ready packet 은 **식별자만 권위 (9-R.3)**. gate 관련 모든 boolean 은 독립 evidence(git/scan/marker)에서 재계산 - evidence 부재/모호/추론불가 field → 자동 채움 금지 → HOLD_FOR_CHAIR - negative(안전) bool 은 scan 으로 false 를 적극 증명. 증명 불가 → HOLD - packet 주장 vs 독립 재계산 불일치 → HOLD + mismatch 기록 (9-R.3) - 9-R.8 provenance stamp 부착: 수동/위조 contract 는 stamp 위조 불가 (evidence_bundle_sha256 = 실 evidence 번들 재해시 — binding 이 재검증) one-way isolation: anu_v3 외부 import 금지. git/scan 은 evidence bundle 의 ``observed_value`` 로 **사전 수집** — 본 deriver 는 subprocess/network 0, 순수하게 bundle 만 기계 변환한다 (gate 본체 무수정, deriver 출력 = gate 입력). ) annotationsN)datetimetimezone)AnyFinalMapping)CONTRACT_SCHEMA_NAMEz&anu_v3.pre_authorized_contract_deriverz Final[str]DERIVER_MODULEz1.0.0DERIVER_VERSIONz(anu_v3.pre_authorized_evidence_bundle.v1EVIDENCE_BUNDLE_SCHEMA_NAMEz,anu_v3.pre_authorized_contract_derivation.v1DERIVATION_SCHEMA_NAMEDERIVEDSTATUS_DERIVEDHOLD_FOR_CHAIR STATUS_HOLD) task_identityaction_method_marker source_prsource_pr_preservationsame_branch_push_zero fresh_baseexpected_filesgit_effective_diffforbidden_path_scancritical_7_markercodex_verdict_markercredential_scanowner_pat_scanactual_api_scanreal_write_scanlimited_real_write_scanscope_declarationcallback_policy_markergo_ready_packet_claimszFinal[tuple[str, ...]]REQUIRED_EVIDENCE_KINDS)kindsourceobserved_value collected_tsderivation_rule_id_EVIDENCE_OBJECT_KEYSclean_replacement_pr_open_ACTION_CLEAN_REPLACEMENTc$eZdZdZdfd ZxZS)_HolduJ단일 field 도출 실패 → HOLD_FOR_CHAIR 사유. 호출자가 수집.c2t||||_yN)super__init__reason)selfr4 __class__s =/home/jay/workspace/anu_v3/pre_authorized_contract_deriver.pyr3z_Hold.__init__Ps   )r4strreturnNone)__name__ __module__ __qualname____doc__r3 __classcell__)r6s@r7r/r/MsTr8r/cftjtjj dS)Nz%Y-%m-%dT%H:%M:%SZ)rnowrutcstrftimer8r7_now_utcrFUs! << % . ./C DDr8ct|jDcic]\}}|dk7s ||}}}tj|ddd}t j |j djScc}}w)uevidence bundle 의 결정적 sha256. ``_provenance`` 미리보기 블록은 해시 대상에서 제외 (fixture 가 stamp 를 자기-포함할 수 있도록). deriver 와 binding 이 **동일 함수** 를 써서 위조/치환된 번들을 검출한다 (9-R.8). _provenanceT),:F) sort_keys separators ensure_asciizutf-8)dictitemsjsondumpshashlibsha256encode hexdigest)bundlekvpayloadblobs r7canonical_evidence_sha256r[Yss!%V 2 2 4K1]8Jq!tKGK ::4JU D >>$++g. / 9 9 ;; Ls A>A>c|jd}t|tsy|j|ttsytfdtDryS)Nevidencec3&K|]}|v ywr1rE).0rWobjs r7 z _evidence_obj..ns 7A1C< 7s)get isinstanceranyr+)rVr&evr`s @r7 _evidence_objrfgsO J B b' " &&,C c7 # 7!6 77 Jr8ct||}|td||d}t|tstd||S)Nuevidence 부재: r(u'evidence observed_value 형식 오류: )rfr/rcr)rVr&r`ovs r7 _observedrissS  %C {'v.//  B b' "=dVDEE Ir8c8||vrtd|d|d||S)Nevidence 모호: .u 미기록)r/)rhkeyr&s r7_reqrn}s- "}'vQse:>?? c7Nr8cJt|tstd|d|d|S)Nrkrlu 가 bool 아님)rcboolr/)valuer&rms r7 _strict_boolrrs- eT "'vQse3CDEE Lr8ct||}tt|d||d}|std|dt|d|}t |t t fstd|dt|S)uscan evidence 로 negative(false)를 **적극 증명**. scanned==true AND hits==[] → false (안전 증명). scanned!=true / hits 미기록 → 증명 불가 → HOLD. hits 비어있지 않음 → true (gate 가 HOLD 처리). scannedunegative bool 증명불가: z.scanned=falsehitsu.hits 형식 오류)rirrrnr/rclisttuplerp)rVr&rhrtrus r7_prove_negativerxs{ 64 B4It4dIFG 24&GHH FD !D dT5M *24&8KLMM :r8ct|d}t|dd}t|dd}t|dd}t|tr|r ||cxk(r|k(snt d|d|d||S)Nrgo_ready_packet_task_idtask_md_filename_task_iddispatch_marker_task_idu&task_id 3자 불일치/공백: packet=z md=z dispatch=rirnrcr9r/)rVrhabcs r7_derive_task_idrs{ 6? +B R*O?J_.DEM **7zBCC z3 'JDEE]" )   %$r8ct|d}t|d}t|dd}t|dd}t|tr|s t d||k(}|st d|d||j d}|j d }t|t rt|tr t d t|tr|s t d |d ||d S)Nrrrecorded_head_sharecomputed_head_shau+source_pr.head_sha 미기록 (preservation)u)source PR 원본 변경 감지: recorded=z != recomputed=numberbranchu%source_pr.number 부재/형식 오류u%source_pr.branch 부재/형식 오류T)head_sha preservedrr)rirnrcr9r/rbintrp)rVidentpresrecorded recomputedrnumbrs r7_derive_source_prrs fk *E V5 6DD-/GHHd13KLJ x %(ABBJ&I 7|D'N ,  ))H C 8 B c3 :c4#8;<< b# b;<<  r8c~t|d}t|dd}t|tr|dkr t d|dk7S)Nrsource_branch_push_countru:same_branch_push 증명불가: push_count 미기록/음수)rirnrcrr/)rVrhcounts r7_derive_same_branch_pushrsE 62 3B /1H IE eS !UQYPQQ A:r8ct|d}t|dd}t|dd}tt|dddd}t|tr|s t d||k7s|st d|d|d|d |fS) Nrrecorded_base_shacurrent_origin_main_sha is_ancestoru4fresh_base 증명불가: recorded_base_sha 미기록ufresh_base 미충족: base=z origin/main=z ancestor=T)rirnrrrcr9r/)rVrhrcurrentis_ancs r7_derive_fresh_basers 6< (BB+\:H20,?G  R -|]F x %(JKK7&)(]7+Nx !   >r8ct|d}t|dd}t|ttfr|s t dt d|Ds t dt|S)Nrfilesu6expected_files 파싱불가 (task md §expected_files)c3DK|]}t|txr|ywr1rcr9r_fs r7raz)_derive_expected_files..s7Az!S!'a'7s u#expected_files 항목 형식 오류rirnrcrvrwr/allrVrhrs r7_derive_expected_filesrs^ 6+ ,B W. /E edE] +5LMM 77 79:: ;r8ct|d}t|dd}t|ttfs t dt d|Ds t dt|S)Nrru,effective_diff_files: git diff 산출 실패c3<K|]}t|tywr1rrs r7raz)_derive_effective_diff..s1az!S!1su)effective_diff_files 항목 형식 오류rrs r7_derive_effective_diffrs\ 6/ 0B W2 3E edE] +BCC 151 1?@@ ;r8ct|d}t|dd}t|ttfs t d|Dcgc] }t |c}Scc}w)Nrforbidden_write_targetsu:forbidden_path_scan: forbidden_write_targets 형식 오류)rirnrcrvrwr/r9)rVrhtargetsts r7_derive_forbidden_targetsrsQ 60 1B202GHG ge} -PQQ# $qCF $$ $sAcJt|d}tt|ddddS)Nr critical_7)rirrrn)rVrhs r7_derive_critical_7rs/ 6. /B  R23 r8crt|d}t|dd}t|tr|s t d|S)Nrverdictu5codex_verdict marker.verdict 미기록 (prose 금지)r})rVrhrs r7_derive_codex_verdictrs; 61 2B2y"89G gs #7KLL Nr8cnt||}t|d}tt||dd|}|xs|S)uQnegative bool: scan 0 hit AND scope 선언 none → false. 그 외 → true/HOLD.r")rxrirrrn)rV scan_kind scope_keyscan_hitscoperequiress r7_derive_scope_flagrsGvy1H f1 2E UI23H  xr8ct|d}tt|dddd}tt|dddd}t|dd}tt|dddd}tt|dddd}tt|dddd}tt|dddd}|d k7rtd |d |r|r|r|s td |r|s td dddS)Nr#normalfallback authorityno_writeno_dev_reactivation no_dispatch no_closeoutcollector_onlyu(callback 광의권위 거부: authority=z != 'collector_only'uIcallback 광의권위 거부: write/재가동/dispatch/closeout 비차단u1callback contract 누락: normal/fallback != trueT)rrrirrrnr/) rVrhrrrrno_reactrrs r7_derive_callbackr's5 63 4B  R34 F  R56 H R&>?I R56 H  R&(@A H  R 89 K  R 89 K $$6ymCW X   kk W   xGHH --r8ct|d}|jd}|!t|ttfs t dt |}t |}|j|sy|r|jt |syy)Nr"declared_scope_filesu=scope_declaration.declared_scope_files 형식 오류 (모호)TF)rirbrcrvrwr/setissubset)rVexpected effectiverdeclaredeff_setexp_sets r7_derive_scope_expansionrVs} f1 2Eyy/0HJx$$GSTT)nG(mG   G $H . r8clt|d}tt||dd|}|rt|dy)uauto_closeout / dev_status_change — deriver 항상 false. evidence(scope)가 요구하면 설계상 HOLD (자동 채움 금지). r"u8 요구 감지 → 설계상 HOLD (자동 채움 금지)Fr)rVrlabelrrs r7_derive_design_fixed_falsergsI f1 2E UI23H ugUVWW r8cnt|d}t|dd}t|ts t d|S)Nr"requires_mergeu(merge_required 모호 → 보수적 HOLD)rirnrcrpr/)rVrrs r7_derive_merge_requiredrys: f1 2EE+-@AH h %>?? Or8) same_branch_pushreffective_diff_contaminationrcredential_change_requiredowner_pat_touch_requiredactual_api_call_requiredreal_write_required!limited_real_write_entry_requiredscope_expansionmerge_required auto_closeoutdev_status_change_PACKET_CLAIMABLEc t}ttstd|dgigSj dt k7r;tt j dd|dj dgigSgidtidd<dEfd }|dfdd |d fd d |d fdd|dfddidFfd }|d|ddvrdd<|dfdd|dfddj d}j d}t|trAt|tr1tt|tt|k7d<dd<dGfd }|d |d!|d"fd#d$|d%fd&d'd(D]\}}} } |||| ffd) | dFfd* } |d+| d,|d-fd.d/|d0fd1d2|d3fd4d5|d6fd7d5g} td8} | j d9}t|trj!d?| Dzt#}r:tt j dj dd|| |@St$|dAt&dBdC<t(t$t&|dt*gg|dD S#t$r(}jd;|jYd<}~d<}~wwxYw)Huevidence bundle → derivation result. 부작용 0. trust boundary: bundle 신뢰 불가. 반환: status == DERIVED → ``contract`` (9-R.8 ``_provenance`` stamp 포함, gate 입력) status == HOLD_FOR_CHAIR → ``contract`` 없음 + ``hold_reasons`` u"evidence bundle 이 Mapping 아님schematask_idu"evidence bundle schema 불일치: zconst:CONTRACT_SCHEMA_NAMEc ||<||<y#t$r*}j|d|jYd}~yd}~wwxYw)Nz: )r/appendr4)fieldfnrule_idecontract field_provholds r7_tryzderive.._trysK 0 dHUO 'Ju  0 KK5'AHH:. / / 0s A AActSr1)rrVsr7zderive..s OF3r8z9-R.2/task_id/3way action_typectSr1)rrsr7rzderive..s #F+r8z9-R.2/action_type/method+gitrctSr1)rrsr7rzderive..s !&)r8z9-R.2/source_pr/git-rev-parserctSr1)rrsr7rzderive..s (0r8z9-R.2/same_branch_push/reflogc.t\}}|d<|S)Nbase_sha)r)rXbasebase_sha_holderrVs r7_freshzderive.._freshs $V,4&* #r8rz%9-R.2/fresh_base/origin-main-ancestorrrctSr1)rrsr7rzderive.. &v.r8z9-R.2/expected_files/task-mdeffective_diff_filesctSr1)rrsr7rzderive..rr8z9-R.2/effective_diff/git-diffrz9-R.2/set-compare/deterministicct}jd}t|ts t dt t |t |zS)Nru=effective_diff_files 미도출 → forbidden 교집합 불가)rrbrcrvr/sortedr)reffrVrs r7_forbidden_touchedz"derive.._forbidden_touchedsJ+F3ll12#t$WX Xc#hW-..r8forbidden_paths_touchedz9-R.2/forbidden/intersectionrctSr1)rrsr7rzderive..s "6*r8z9-R.2/critical_7/marker codex_verdictctSr1)rrsr7rzderive..s %f-r8z9-R.2/codex_verdict/marker))rrrequires_credentialz9-R.2/negative/credential)rrrequires_owner_patz9-R.2/negative/owner_pat)rrrequires_actual_apiz9-R.2/negative/actual_api)rr requires_real_writez9-R.2/negative/real_write)rr!requires_limited_real_writez!9-R.2/negative/limited_real_writect||Sr1)r)skpkrVs r7rzderive..s0B62r0Rr8cjd}jd}t|trt|ts tdt ||S)Nrru-scope_expansion: expected/effective 미도출)rbrcrvr/r)exprrVrs r7 _scope_expzderive.._scope_expsOll+,ll123%*S$*?GH H&vsC88r8rz9-R.2/scope_expansion/subsetcallbackctSr1)rrsr7rzderive..'s -f5r8z9-R.2/callback/marker+invariantrctSr1)rrsr7rzderive..*rr8z9-R.2/merge/scoperctddS)Nrequires_auto_closeoutrrrsr7rzderive../s* ,o r8z9-R.2/design-fixed-falserctddS)Nrequires_dev_status_changerrrsr7rzderive..6s* 02E r8r$claimed_booleans)r packet_claimindependent_derivationzgo_ready_packet_claims: NuFpacket-evidence mismatch (packet=비권위, 독립 재계산 우선): z, c3&K|] }|d yw)rNrE)r_ms r7razderive..Qs7q' 7sevidence_bundle_sha256T) derived_byr'recomputed_all_gate_booleansderiver_versionrH rderiver_moduler*ts_utcrstatusr hold_reasonsfield_provenancepacket_evidence_mismatchesr')rr9rr9r:r;)r:rp)r: list[str])rFrcr _hold_resultrbr r9r rvrrrirrr/r4joinr[r r r r)rVtsrrrrr rrrridr mismatches claims_ovclaimedrWr bundle_sharrrrs` @@@@r7deriver;s B fg &B%I$JBPRSS zz(::  9b) * 1&**X2F1I J K     D!#J (*>?H7Jx0 35IJ+&  )'  0' ')O  vFG_$.z:.&  .' ||,-H 34I(D!jD&A39#i.3IV MN 4 /06W 12/ !&  *!  -$ -$ (y)S@  Y R  A$ L9 J(FG57XY.    #    # (*J;f&>? -- 23 gw '& r&r9r:zMapping[str, Any] | None)rVr>r&r9r:r>)rhr>rmr9r&r9r:r)rqrr&r9rmr9r:rp)rVr>r&r9r:rp)rVr>r:dict[str, Any])rVr>r:rp)rVr>r:ztuple[bool, str])rVr>r:r2)rVr>rr9rr9r:rp)rVr>r:zdict[str, bool])rVr>rr2rr2r:rp)rVr>rr9rr9r:rp)rVrr:r?)rr9r5r9r=r2rzMapping[str, str]r7zlist[dict[str, Any]]r'r9r:r?)2r? __future__rrRrPrrtypingrrr!anu_v3.pre_authorized_action_gater r __annotations__r r r rrr%r+r- Exceptionr/rFr[rfrirnrrrxrrrrrrrrrrrrrrrrr;r3rEr8r7rEs0# '&&BE E%%*TZT%S S& &* Z*3/.1-)D:CIE <   "  %"8"%    *-  :=     ,.^ )2?H " *-69 $-)"aV#%  "  %  r8