S%j44UdZddlmZddlmZmZddlmZmZmZddl m Z m Z m Z m ZddlmZmZmZmZdZded <d Zded <d Zded <dZded<dZded<dZded<GddeZd dZd!dZd"dZ dd d#dZ! d$dZ" d%dZ#y)&uanu_v3.pre_authorized_executor_binding — gate decision → dry-run plan / HOLD packet (task-2553+5). 회장 §12 핵심 불변식 verbatim 박제: binding 입력 = gate decision 출력. decision != ALLOW 면 executor binding 진행 금지. binding **dry-run only**. raw GO-ready packet 이 gate·binding accepted ALLOW 로 직접 들어가면 안 됨 (9-R.8 provenance precondition). 9-R.1 (CRITICAL LINT-5) — 비네트워크 dry-run plan emitter 강제 하드배리어: - GitHub client / ``gh`` subprocess / ``requests``·``urllib``·``httpx`` / token env read / 네트워크 호출 **import 자체 금지** (0건). 본 모듈은 stdlib(hashlib/json/datetime/typing/pathlib) + anu_v3(gate/deriver) 만 import. - 출력 = **dry-run executor plan JSON** + (decision != ALLOW 시) HOLD_FOR_CHAIR packet **만**. 실 branch/commit/push/PR open 코드 경로 부재. - 실 PR open executor 호출 = task-2553+6 (별도 task) + 별도 회장 GO. 본 task 밖. 9-R.4 (MEDIUM LINT-4) — binding control-flow 는 decision 의 machine-readable 4 field 만 검증·분기: ``schema`` / ``gate_module`` / ``decision`` / ``no_github_write_performed``. ``executor_contract``·``reasons`` prose 는 control-flow 에 **사용 금지** (로깅만). 9-R.8 — binding precondition (3개 모두 충족 시에만 dry-run plan): (a) contract 에 유효 ``_provenance`` stamp 존재 (b) ``evidence_bundle_sha256`` 가 실 evidence 번들 재해시와 일치 (c) gate decision 이 그 provenance-stamped contract 위에서 산출됨 하나라도 불충족(raw packet/위조/미스탬프 유래 ALLOW) → HOLD_FOR_CHAIR. 9-R.5 — callback injection = normal+fallback contract 주입까지만. policy marker 가 collector-only/no-write/no-reactivation 보다 광의 권위면 거부 → HOLD. ) annotations)datetimetimezone)AnyFinalMapping)DECISION_ALLOWDECISION_SCHEMA_NAME GATE_MODULEevaluate)DERIVER_MODULESTATUS_DERIVEDcanonical_evidence_sha256derivez&anu_v3.pre_authorized_executor_bindingz Final[str]BINDING_MODULEz1.0.0BINDING_VERSIONz.anu_v3.pre_authorized_executor_binding_plan.v1BINDING_PLAN_SCHEMADRY_RUN_PLAN_ONLYSTATUS_DRY_RUN_PLANHOLD_FOR_CHAIR STATUS_HOLD)z/branch_create(dry-run: plan only, no git write)z(commit(dry-run: plan only, no git write)z$push(dry-run: plan only, no network)z1"8<< #;">>Y Z ||/0<CD Nr cg}|jd}t|tsddgfS|jdtk7r#|j d|jd|jddur|j dt|jd t r|jd s|j d |jd }t|t rt |d k7r|j d d}||fS)u[9-R.8 (a): contract 에 유효 ``_provenance`` stamp 존재. 반환 (stamped_sha, reasons). _provenanceuFraw-packet/미스탬프 contract: _provenance 부재 → bypass 차단 derived_byu_provenance.derived_by 위조: recomputed_all_gate_booleansTz0_provenance.recomputed_all_gate_booleans != truederiver_versionu%_provenance.deriver_version 미기록evidence_bundle_sha256@u0_provenance.evidence_bundle_sha256 형식 오류)r, isinstancerr r-strlen)contractr.provshas r!_validate_provenancer>_sG << &D dG $\]]] xx /-dhh|.D-G H  xx./t;IJ dhh013 7txx@ >? ((+ ,C c3 3s8r>IJ <r T)dry_runc t}d}t|trt|j dd}n+t|trt|j dd}g}|dur|j dt|ts|j dt|ts|j dt|ts|j d|r t |||S|t|z }t|\}}||z }t|} |r#|| k7r|j d|d d d | d d d d } t|} | j dtk7r%|j d| j ddn(| j d|k7r|j dnd} t|} | j d|j dk7r5|j d| j dd|j d| j d|j dk7r|j d| j dtk7r|j dt|\} }|| z }|r t |||Sidtdt dt"d|d|dt$ddddddddd ddd| d!d"|j d|j d#|j d|j dd$d%| d&|d'd(t't(d)d*d+d,d-d.t|j d.t&t*frt'|j d.giSgiS)/ugate decision + provenance-stamped contract + 실 evidence 번들 → binding 결과. 부작용 0 (GitHub write/network/subprocess/파일쓰기 0). 출력은 dry-run plan JSON 또는 HOLD packet **만**. r2task_idTuMdry-run flag 부재/false → 실 write 경로 금지 (9-R.1 하드배리어)u,decision 이 Mapping 아님 (spoofed/누락)ucontract 가 Mapping 아님u5evidence_bundle 이 Mapping 아님 (재해시 불가)u]evidence_bundle_sha256 불일치 (위조/치환된 번들 또는 raw-packet 유래): stamped=N u… recomputed=u…FstatusuJderiver 재도출 status != DERIVED → provenance 진위 실증 실패 (=u) → raw-packet/위조 차단r;ucontract 가 deriver(evidence_bundle) 산출물과 불일치 → 위조 _provenance/self-assert contract 차단 (9-R.8 진위 실증)r*uKdecision 이 이 contract 산출물 아님 (raw-packet/spoofed): recompute=z != provided=u>decision.task_id 가 contract 재평가와 불일치 (spoofed)uAgate 재평가 결과 != ALLOW → executor binding 진행 금지r(binding_modulebinding_versionts_utcr?r+no_network_performedno_subprocess_performedprecondition_9R8)provenance_stamp_presentevidence_bundle_sha256_match%decision_bound_to_provenance_contractcontract_matches_deriver_output consumed_decision_machine_fieldsr))r(r)r*r+r6callback_injectiondry_run_executor_planu<clean_replacement_pr_open_executor (NOT INVOKED — dry-run)uABLOCKED — task-2553+6 별도 task + 별도 회장 GO 전 금지)executorsteps real_pr_opennoteudry-run plan only. 실 branch/commit/push/PR open 코드 경로 부재. decision prose(reasons/executor_contract) 는 control-flow 미사용 (로깅만).decision_prose_logged_onlyr.)r&r8rr9r,r- _hold_packetr/r>r_deriver_deriver_gate_evaluater _callback_injection_contractrrrrlistrtuple)r*r;evidence_bundler?tsrAhold stamped_sha prov_reasonsrecomputed_shacontract_matches_deriver rederivedrecomputed_decision cb_reasons cb_contracts r!bindrgvs  BG(G$hll9b12 Hg &hll9b12Dd [  h ( BC h ( 12 ow / KL GR.. ' 11D!5X >KLD/?N{n4  +CR 01PSQSAT@UUX Z  %0I}}X.0  x(++I K  z "h .  W $( )2z*hll:.FF  ,00<?@#<< 36 8 y)X\\)-DD TUz*n< O ;?KJ JD GR..) %) .)  ?)  " )  7 )  % )  4)  $T)  )  "4)  (,,059/G  ) " +ll8,#<< 6 Z0)16Q)R - #) . !./) 0 k1) 2 V.)_" 3) <  `?) D % hll95e}EX\\)R01' E) )L ' E) )r c J|jd}t|tsdgifS|jd}t|trt|jdtsdgifS|d}g}|jddk7r$|jd|jdd d D]+}|j|d us|jd |d -|jdd us|jdd ur|jd|r|ifSgd d dd d d d ddfS)u9-R.5: callback policy marker → normal+fallback 주입 contract. collector-only / no write / no dev reactivation / no dispatch / no closeout 가 명시 인코딩돼야 함. 그보다 광의 권위면 거부 → HOLD. 권한 확대 0. evidenceu/callback marker 부재 (evidence 블록 없음)callback_policy_markerobserved_valueu'ALLOW + callback marker 부재 → HOLD authoritycollector_onlyzcallback authority escalation: u! (collector_only 아님) → HOLD)no_writeno_dev_reactivation no_dispatch no_closeoutTucallback 광의권위: u != true → HOLDnormalfallbacku)callback normal/fallback != true → HOLDz6dry-run contract injection (no registration performed))rrrsrlrnrorprqinjection_mode)r,r8rr-)r\evobjovr.ks r!rYrYsW   Z (B b' "BCRHH &&) *C c7 #:  !7,;;R@@  BG vvk..-bff[.A-DE/ / OK 66!9D NN4QC7HI JK vvht#rvvj'9'EBC} )#'V   r cXttt||tddddt |didddS)NTunHOLD_FOR_CHAIR packet. executor binding 미진행. 실 PR open 0. 회장 보고 대상 (자동 진행 금지).)r(rDrErFrArCr?r+rGrH hold_reasonsrPrOreport_to_chairrT)rrrrrZ)rAr]r.s r!rVrV/sA&(*%) $#'W !%  ;! r N)returnr9)r*Mapping[str, Any]r| list[str])r;r}r|ztuple[str, list[str]]) r*rr;rr\rr?boolr|dict[str, Any])r\r}r|z tuple[list[str], dict[str, Any]])rAr9r]r9r.r~r|r)$r __future__rrrtypingrrr!anu_v3.pre_authorized_action_gater r r r rX&anu_v3.pre_authorized_contract_deriverr rrrrWr__annotations__rrrrr Exceptionrr&r/r>rgrYrVrr r!rs <#'&& F E%%"RZR"5Z5* Z**&`9`E(8 III I  I  IX*&*%*Z $-r