Ki;"UdZddlmZddlZddlZddlZddlmZddlZedZ e dz dz Z e dz d z d z Z d Z d e d Z e dde dddgddggidddd Zded< d& d'dZd(dZd)dZd)dZd)dZd)d Zd)d!Zd)d"Zd)d#Zd)d$Zd)d%Zy)*utests/handoff/test_validate_handoff.py validate_handoff.py CLI 검증 테스트 (task-2458 Phase 2-B) 테스트 케이스: - test_validate_missing_handoff — handoff JSON 미존재 → exit 1 - test_validate_schema_invalid — schema invalid (필수 필드 누락) → exit 1 - test_validate_task_id_mismatch — JSON task_id != --task → exit 1 - test_validate_branch_mismatch — JSON current_branch != --branch → exit 1 - test_validate_head_sha_mismatch — JSON head_sha != git HEAD → exit 1 - test_validate_changed_paths_violation — changed_paths가 allowed_paths 외 → exit 1 - test_validate_pending_work_too_long — pending_work 4001자 → exit 1 - test_validate_pass — 모든 조건 충족 → exit 0 ) annotationsN)Pathz-/home/jay/workspace/.worktrees/task-2458-dev4scriptszvalidate_handoff.pymemoryspecshandoff-schema.jsonz task-9010ztask/z-dev4z1.0dev4abc1234def5678z&tests/handoff/test_validate_handoff.pytests/handoff/scripts/takeover_request2026-05-05T12:00:00Zu잔여 작업 없음) task_idschema_version previous_botcurrent_branchbase_shahead_sha changed_paths allowed_pathsforbidden_paths test_resultshandoff_reason created_at pending_workdict VALID_HANDOFFcttj}t||d<|r|j |t j dttg|zttddd|S)u"validate_handoff.py 실행 헬퍼.WORKSPACE_ROOTpython3T)cwdcapture_outputtexttimeoutenv) rosenvironstrupdate subprocessrunVALIDATE_SCRIPTWORKTREE)argsworkspace_root extra_envr's :/home/jay/workspace/tests/handoff/test_validate_handoff.py _run_validater4:sg rzz C/C 9 >> C()D0 M    cD|dz dz }|jdd|dz dz }|jdd|dz }|js#|jtj ||dz }|j t j|dd d |S) uBtmp workspace 내에 handoff JSON 파일 기록 후 경로 반환.rhandoffsTparentsexist_okrr.jsonF ensure_asciiindentutf-8encoding)mkdirexists write_bytes SCHEMA_PATH read_bytes write_textjsondumps) workspacerdatahdirspec_dir schema_dsthpaths r3_write_handoffrQNs x * ,DJJtdJ+8#g-H NN4$N/11J    {5578 gYe$ $E TZZ5CgV Lr5c|dz dz }|jdd|dz jtjt dt g|}|j dk(s!Jd |jd |jd |jvs@d |jjvs#d |jvsJd|jyyy)u/handoff JSON이 존재하지 않을 때 exit 1.rrTr8r--taskr1u-handoff 없는데 exit 0 (비정상) stdout: stderr: u없음z not foundFAILu 에러 메시지 없음 stderr: N) rCrErFrGr4 TEST_TASK_ID returncodestdoutstderrlower)tmp_pathrNresults r3test_validate_missing_handoffr_cs("W,H NN4$N/ %%22;3I3I3KL Hl3H MF    ! 8zRXR_R_Q`a ! v}} $ v}}7J7J7L(LPVZ`ZgZgPg +FMM?; gPg(L $r5cRtddd}t|t|tdtg|}|jdk(s!Jd|jd|j |j |jz}d |vs,d |j vsd |vsJd |j y y y )uP필수 필드가 누락된 handoff JSON → schema validation 실패 → exit 1. interruptr)rrrrSrTrUu$schema invalid인데 exit 0 stdout: rVrWschemaSchemau*스키마 에러 메시지 없음 stderr: N)rXrQr4rYrZr[r\)r] invalid_datar^combineds r3test_validate_schema_invalidrfws %, L 8\<8 Hl3H MF    ! / jX !}}v}},H X X^^-=!=XAU 5fmm_E UAU!= r5c^tt}d|d<d|d<t|t|t dtg|}|j dk(s!Jd|j d |jd|jvs2d |jvs#d |jvsJd |jy y y )u)JSON task_id != --task 인수 → exit 1.z task-9999rztask/task-9999-dev4rrSrTrUu'task_id 불일치인데 exit 0 stdout: rV 불일치rWu2task_id 불일치 에러 메시지 없음 stderr: N)rrrQrXr4rYrZr[r]rLr^s r3test_validate_task_id_mismatchrjs  D!DO2D 8\40 Hl3H MF    ! 26==/FMM?[ !  % )ESYS`S`I` =fmm_M `I`)E %r5cttt}d|d<t|t|t dtddg|}|j dk(s!Jd|j d |jd |jjvs2d |jvs#d |jvsJd |jyyy)u2JSON current_branch != --branch 인수 → exit 1.ztask/task-9010-dev4rrSz--branchztask/task-9010-dev9rTrUu&branch 불일치인데 exit 0 stdout: rVbranchrhrWu1branch 불일치 에러 메시지 없음 stderr: N rrrQrXr4rYrZr[r\ris r3test_validate_branch_mismatchrns  D2D 8\40  <-BCF    ! 1&-- 6==/Z ! v}}**, , v}}0LPVZ`ZgZgPg r@rArSrTrUu*pending_work 4001자인데 exit 0 stdout: rVN)rrrCrErFrGrXrHrIrJr4rYrZr[)r]rLrNrMrPr^s r3#test_validate_pending_work_too_longrs  D&D("W,H NN4$N/ %%22;3I3I3KL h  +DJJtdJ+ l^5) )E TZZ59GL Hl3H MF    ! 5fmm_Jv}}o^ !r5ctt}t|t|t dtg|}|j dk(s!Jd|j d|j tj|j }jd tk(sJd |jd y#tj$r/}tjd|d|j Yd}~od}~wwxYw) u9유효한 handoff JSON → exit 0, stdout에 JSON 출력.rSrTru'유효한 handoff인데 exit 1 stdout: rVu$stdout이 유효한 JSON이 아님: z stdout: Nru"출력 JSON의 task_id 불일치: )rrrQrXr4rYrZr[rIloadsJSONDecodeErrorpytestfailget)r]rLr^out_dataes r3test_validate_passr.s  D8\40 Hl3H MF    ! 26==/FMM?[ !Y::fmm, << "l 2 ,X\\)-D,EF 2   Y :1#Z WXXYs%B66C8 %C33C8c|dz dz }|jd|tdz }|jddtt}gd |d <d g|d <t |t|t d tg|}|jdk(s!Jd|jd|j|j|jz}d|jvsd|vsd|vs Jd|yyy)uhandoff allowed_paths가 task 파일 allowed_resources를 초과(forge)하면 → exit 1. capability snapshot 교차검증: 봇이 handoff JSON에 allowed_paths를 임의로 넓혀 적어 권한을 우회하는 시도를 차단한다. rtasksT)r9z.mdut# task-9010 — test ```yaml allowed_resources: paths: - "scripts/" forbidden_paths: - ".github/**" ``` r@rA)r z.github/workflows/zsecrets/rz scripts/x.pyrrSrTrUuforgery인데 exit 0 stdout: rVforgeryru task 파일u*forgery 에러 메시지 없음 combined: N) rCrXrHrrrQr4rYrZr[r\)r]task_dirtask_mdrLr^res r3)test_validate_capability_snapshot_forgeryrDs("W,H NN4N L>--G     DJD+,D8\40 Hl3H MF    ! (z&--Q !}}v}},HX^^%% x  H $@ 5XJ? @ % $  &r5)N)r0z list[str]r1rr2z dict | Nonereturnzsubprocess.CompletedProcess)rKrrr*rLrrr)r]r)__doc__ __future__rrIr(r,pathlibrrr/r.rFrXrr__annotations__r4rQr_rfrjrnrrrrrr5r3rs #  ? @Y&)>>!G+.CC  l^5) !>?& 3((* t0" ! (* (. (,9@,@,&@r5