{ "schema": "bot_token_redacted_preflight.v1", "track": "Track G — MERGE_QUEUE_AND_AUTO_MERGE_READINESS_AUDIT", "ts_kst": "2026-05-21 04:45 KST", "mode": "read-only · static code audit · 실제 token value 0 노출", "purpose": "BOT_GITHUB_TOKEN(=ghs_ App installation token) preflight 결선 + OWNER PAT fallback 차단 결선 검증", "redaction_invariant": "본 산출물에는 token value 평문 0개 · prefix 5자(ghs_/ghp_) 만 분류용으로 명문", "static_findings": [ { "id": "BT1", "name": "token source classifier 모듈 결선", "verdict": "WIRED", "evidence": "utils/bot_merge_identity.py:classify_token_source (L182) + _INSTALLATION_TOKEN_PREFIXES=('ghs_',) (L99) + TOKEN_SOURCE_GITHUB_APP='GITHUB_APP_INSTALLATION_TOKEN' (L74)", "redaction_safe": "prefix 5자만 보존, token value 절대 미저장 (L205)" }, { "id": "BT2", "name": "merge token decision wiring", "verdict": "WIRED", "evidence": "utils/merge_queue_executor.py:select_merge_token_decision (L322) — 4-enum 분기: GITHUB_APP_INSTALLATION_TOKEN → allow_merge=True / GITHUB_ACTIONS_TOKEN → allow_merge=True / OWNER_PAT → allow_merge=False+OWNER_PAT_FALLBACK_BLOCKED (L351-354) / UNKNOWN → allow_merge=False+AUTOMATION_CAPABILITY_GAP (fail-closed)" }, { "id": "BT3", "name": "OWNER_PAT fail-closed const", "verdict": "WIRED", "evidence": "utils/merge_queue_executor.py:OWNER_PAT_FALLBACK_BLOCKED = 'OWNER_PAT_FALLBACK_BLOCKED' (L134) · capability_gap=True · Critical 7종 외 ops marker", "critical7_trigger": "owner_pat detected → allow_merge=False fail-closed · 회장 verbatim 'OWNER_PAT 사용 0' 위반 시 즉시 보고" }, { "id": "BT4", "name": "Actions runner token 분리 인식", "verdict": "WIRED", "evidence": "utils/bot_merge_identity.py:GITHUB_TOKEN(ghs_) on actions runner → Actions runner token 분류 (L262) · APP token 과 Actions token 모두 allow_merge=True 이지만 분리 decision 명문", "note": "Actions runner 도 ghs_ prefix 발급 가능 — env 시그널 (GITHUB_APP_* / GITHUB_ACTIONS) 교차 검증" }, { "id": "BT5", "name": "raw token logging 차단", "verdict": "WIRED", "evidence": "utils/bot_merge_identity.py L137-205 — token_prefix_observed (5자) + installation_signal (bool) 만 기록 · 값 자체 X 명문", "redaction_safe": "본 audit 의 redaction invariant 와 일치" } ], "owner_pat_no_use_invariant": { "rule": "회장 verbatim '12. OWNER PAT 사용 0'", "code_enforcement": "select_merge_token_decision src='OWNER_PAT' → allow_merge=False + decision=OWNER_PAT_FALLBACK_BLOCKED + capability_gap=True (utils/merge_queue_executor.py L351-354)", "doctrine_link": "feedback_owner_trigger_only_capability_doctrine_260511 — OWNER token 은 /gemini review 1회 작성 외 모든 action 코드 차단" }, "bot_token_must_be_app_invariant": { "rule": "회장 verbatim '11. BOT_GITHUB_TOKEN = ghs_ App token'", "code_enforcement": "_INSTALLATION_TOKEN_PREFIXES=('ghs_',) (utils/bot_merge_identity.py L99) + TOKEN_SOURCE_GITHUB_APP enum (L74) — ghs_ prefix → App token 분류", "env_signals": "GITHUB_APP_INSTALLATION_TOKEN / GITHUB_APP_* env 변수 cross-check (L194)" }, "preflight_dry_run_matrix": [ {"scenario": "ghs_ prefix detected + APP env present", "expected_decision": "APP_TOKEN_OK", "allow_merge": true, "scenario_classification": "정상 자동화 경로"}, {"scenario": "ghs_ prefix detected + ACTIONS env present", "expected_decision": "ACTIONS_TOKEN_OK", "allow_merge": true, "scenario_classification": "정상 자동화 경로"}, {"scenario": "ghp_ prefix detected (OWNER PAT)", "expected_decision": "OWNER_PAT_FALLBACK_BLOCKED", "allow_merge": false, "scenario_classification": "FAIL_CLOSED · capability_gap=True · ops marker"}, {"scenario": "token absent or empty", "expected_decision": "AUTOMATION_CAPABILITY_GAP", "allow_merge": false, "scenario_classification": "FAIL_CLOSED · capability_gap=True · 자동 머지 거부"}, {"scenario": "unknown prefix", "expected_decision": "AUTOMATION_CAPABILITY_GAP", "allow_merge": false, "scenario_classification": "FAIL_CLOSED · 분류 불가 시 보수적 차단"} ], "summary": { "total_static_findings": 5, "wired_count": 5, "fail_closed_safeguards": 2, "critical7_relevant_triggers": 1, "redaction_invariant_preserved": true, "token_value_exposure_count": 0 }, "verdict": "PASS — App token (ghs_) 인식 + OWNER PAT fail-closed + redaction safe 모두 결선. 회장 14조건 #11(BOT App token) + #12(OWNER PAT 0) 정합.", "scope_invariants_preserved": [ "read-only audit", "token value 0 노출", "PR/merge/branch/credential write 0", "Track C 미접촉", "zombie cron 미접촉", "CLOSED_ALL_SETTLED 산출물 byte-0" ] }