Mj(dZddlmZddlZddlmcmZddl Z ddl Z ddl Z ddl Z ddl Z ddlmZddlZeej%j&dZedZedZdddZej0dd Zdd Zdd Zdd Zdd Zej<j?dgdddZ ddZ!ddZ"ddZ#ddZ$y)uiAxis 3 restricted canary smoke test — SP1..SP7. chair_authorization_id = CHAIR-AUTH-AXIS-3-CANARY-20260524-JJONGS-RESTRICTED-001 Each SP simulates a single PreToolUse hook invocation by piping a synthetic event payload into the live hook script. Asserts on exit code + audit log. PYTHONPATH-agnostic: classifier is imported via explicit sys.path bootstrap. ) annotationsN)Pathz> Y(jj!    D Kc |dz dz jddtdz }|dz }|jsL|jdddD]}tj||z ||z  |dz j dd |S) zCreate an isolated workspace root with a memory/system subtree so the hook writes audit logs into the sandbox instead of the live tree. memorysystemT)parentsexist_okutils)zruntime_guard_classifier.pyzruntime_guard_policy_map.pyz __init__.pyutf-8encoding)mkdir REPO_ROOTexistsshutilcopy2 write_text)tmp_path utils_src utils_dstfnames r!isolated_audit_dirr8.s 8#**4$*GG#I7"I    t4S ?E LLU*I,= > ? ] "..rG.D Or#c|jsgSg}|jdjD]:}|j}|s |j t j |<|S#t j$rYTwxYw)Nr+r,)r0 read_text splitlinesstripappendrloadsJSONDecodeError)pathoutlines r! _read_jsonlrC@s ;;= C0;;=zz|   JJtzz$' (  J##   s $A44B  B cddddid}t||}|j}d}||k(}|stjd|fd ||fd t j vstj |rtj|nd tj|tj|d z}tjd |jd |jdzd|iz}ttj|dx}x}}t|dz }d|D}t|}|stjd|dzdt j vstj trtjtndtj|tj|dz} ttj| dx}}y)u>Plain Read tool — must allow (exit 0) and record AUDIT_ONLY.dev5-canary-session-testRead file_pathz/home/jay/workspace/README.md session_id tool_name tool_inputrr==z2%(py2)s {%(py2)s = %(py0)s.returncode } == %(py5)sr py0py2py5zSP1 expected exit 0, got :  >assert %(py7)spy7N1memory/system/.axis_3_canary_decision_audit.jsonlc3DK|]}|jddk(yw)decision AUDIT_ONLYNget.0rs r! z'test_SP1_normal_noop..\s>QquuZ L0> z%SP1 decision log missing AUDIT_ONLY: . >assert %(py4)s {%(py4)s = %(py0)s(%(py2)s) }anyrQrRpy4)r" returncode @pytest_ar_call_reprcompare @py_builtinslocals_should_repr_global_name _saferepr_format_assertmsgstderrAssertionError_format_explanationrCrc r8rr @py_assert1 @py_assert4 @py_assert3 @py_format6 @py_format8log @py_format5s r!test_SP1_normal_noopryRs@1"$CDG W-? @D ??]a]?a ]]]?a]]]]]]4]]]4]]]?]]]a]]]##>m3> >m >mmBghkgl@mmmmmmm3mmm3mmm>mmm >mmmmmmr#cddddddd}t||}|j}d }||k(}|stjd |fd ||fd t j vstj |rtj|nd tj|tj|d z}tjd|jdzd|iz}ttj|dx}x}}t|dz }d|D}t|}|stjd|dzdt j vstj trtjtndtj|tj|dz} ttj| dx}}y)uDEdit on dispatch.py forbidden_path — must allow (WARN, not BLOCK).rEEditz/home/jay/workspace/dispatch.pyxy)rG old_string new_stringrHrLrrMrOr rPz)SP2 expected allow (forbidden=WARN), got rUrVNrWc3pK|].}|jddk(xr|jddk(0yw)rYWARNcategoryforbidden_pathNr[r]s r!r`z/test_SP2_forbidden_path_warn..ps6bYZquuZ F*TquuZ/@DT/TTb46z)SP2 expected WARN forbidden_path in log: rbrcrd r"rfrgrhrirjrkrlrmrorprCrcrqs r!test_SP2_forbidden_path_warnrbsp1: G W-? @D ??^a^?a ^^^?a^^^^^^4^^^4^^^?^^^a^^^#LT__L]!^^^^^^^^ (+^^ _Cb^ab3b b b 4C59  c cr#cdddddd}t||}|j}d}||k(}|stjd |fd ||fd t j vstj |rtj|nd tj|tj|d z}tjd |jdzd|iz}ttj|dx}x}}t|dz }d|D}t|}|stjd|dzdt j vstj trtjtndtj|tj|dz} ttj| dx}}y)u1Write containing AWS key pattern — WARN, allow.rEWritez /tmp/nope.txtz&leaked AKIAABCDEFGHIJKLMNOP credentialrGcontentrHrLrrMrOr rPz*SP3 expected allow (credential=WARN), got rUrVNrWc3pK|].}|jddk(xr|jddk(0yw)rYrrcredential_patternNr[r]s r!r`z3test_SP3_credential_pattern_warn..s6f]^quuZ F*XquuZ/@DX/XXfrz-SP3 expected WARN credential_pattern in log: rbrcrdrrqs r! test_SP3_credential_pattern_warnrxsm1(? G W-? @D ??_a_?a ___?a______4___4___?___a___#MdooM^!________ (+^^ _Cfbef3f f f 8u=  g gr#zcommand,expected_rule))rm -rf /zdestructive.rm_rf_root)zgit push --force origin mainzdestructive.git_push_force_main)z"git reset --hard some_other_branchz'destructive.git_reset_hard_other_branch)zgit branch -D mainz"destructive.git_branch_delete_main)zcokacdir --cron-remove abc123z destructive.cokacdir_cron_removecddd|id}t||}|j}d}||k(}|stjd|fd||fd t j vstj |rtj|nd tj|tj|d z}tjd |d |jd |jdzd|iz} ttj| dx}x}}|j} || v}|stjd|fd|| fdt j vstj |rtj|nddt j vstj | rtj| nddz} tjd |d|d| dzd| iz} ttj| d}y)uBEach destructive command — BLOCK (exit 2) with matching rule id.rEBashcommandrHrLrrMrOr rPzSP4 [z] expected exit 2 (BLOCK), got rTrUrVN)in)z%(py0)s in %(py2)s expected_rulebody)rQrRz] expected rule z in stdout: z >assert %(py4)sre) r"rfrgrhrirjrkrlrmstdoutrorp) r8rrrr rrrsrtrurvr @py_format3rxs r!test_SP4_destructive_blockrsX1 '*G W-? @D ??qaq?a qqq?aqqqqqq4qqq4qqq?qqqaqqq5 1PQUQ`Q`Paacdhdodocp!qqqqqqqq ;;D D ddd=Ddddddd=ddd=ddddddDdddDddddE'2B=/Q]^b]c"dddddddr#c bdddddddddddd diddd d idg}|D] }d d i|}t|| }|j}d}||k(}|stjd|fd||fdt j vstj |rtj|ndtj|tj|dz}tjd|dd|dd|jdzd|iz} ttj| dx}x}}y)zBCallback ledger append + callback inbox write must NOT be blocked.rz8/home/jay/workspace/memory/system/.callback_ledger.jsonlz {"foo":1} r)rJrKz6/home/jay/workspace/memory/.callback_inbox/sample.jsonz{}rFrGz2/home/jay/workspace/utils/callback_registration.pyrIrErLrrMrOr rPz SP5 Axis 1/2 interference: tool=rJz input=rKz exit=rUrVN) r"rfrgrhrirjrkrlrmrorp) r8casescrr rrrsrtrurvs r!!test_SP5_axis_1_2_no_interferencersp!W( !U  W  Q / E< !;AqA1CD ! !#  !   6        #$  /q~.>ga oEVV\]a]l]l\m n       r#cddddid}t|ddi|}|j}d }||k(}|stjd |fd ||fd t j vstj |rtj|nd tj|tj|d z}tjd|jd|jdzd|iz}ttj|dx}x}}t|dz }d|D}t|}|stjd|dzdt j vstj trtjtndtj|tj|dz} ttj| dx}}y)uFANU_DISPATCH_RUNNING=1 → AUDIT_ONLY exclusion regardless of payload.zdispatch-sessionrrrrHANU_DISPATCH_RUNNING1rrrrMrOr rPz$SP6 dispatch must pass through, got rTrUrVNrWc3DK|]}|jddk(yw)rule_idzsession.dispatch_excludedNr[r]s r!r`z+test_SP6_dispatch_bypass..sL1quuY#>>Lraz/SP6 expected session.dispatch_excluded in log: rbrcrdr"rfrgrhrirjrkrlrmrrorprCrcrqs r!test_SP6_dispatch_bypassrs) *- G )3/) D ??hah?a hhh?ahhhhhh4hhh4hhh?hhhahhh#GGXXZ[_[f[fZg!hhhhhhhh (+^^ _CLL3L L L :#?  M Mr#cddddid}t|ddi|}|j}d }||k(}|stjd |fd ||fd t j vstj |rtj|nd tj|tj|d z}tjd|jd|jdzd|iz}ttj|dx}x}}t|dz }d|D}t|}|stjd|dzdt j vstj trtjtndtj|tj|dz} ttj| dx}}y)uFForced crash via ANU_AXIS_3_CANARY_FORCE_CRASH=1 — must still allow.rErrrrHANU_AXIS_3_CANARY_FORCE_CRASHrrrrMrOr rPzSP7 fail-safe broke: exit rTrUrVNz3memory/system/.axis_3_canary_hook_crash_audit.jsonlc3DK|]}|jddk(yw)stageforced_simulationNr[r]s r!r`z0test_SP7_hook_crash_fail_safe..sHquuW~!44Hraz*SP7 expected forced_simulation crash log: rbrcrdr) r8rr rrrsrtrurv crash_logrxs r!test_SP7_hook_crash_fail_safers1 *-G 2C8) D ??^a^?a ^^^?a^^^^^^4^^^4^^^?^^^a^^^#=doo=NbQUQ\Q\P]!^^^^^^^^.1ffgIHiH3H H H 5YK@  I Ir#ctjj}|jddt ||d<ddddid}t j tjt tgtj|d d |d }|j}d }||k(}|stjd |fd||fdtj vstj"|rtj$|ndtj$|tj$|dz}tj&d|jdzd|iz}t)tj*|dx}x}}t-|dz } g} | | k(}|stjd |fd| | fdtj vstj"| rtj$| ndtj$| dz} tj&d| dzd| iz}t)tj*|dx}} y)zFWithout ANU_CANARY_AXIS_3=true, hook must noop and NOT write any logs.rNr znon-canary-sessionrrrrHTr r rrMrOr rPz non-canary must noop allow, got rUrVrW)z%(py0)s == %(py3)srw)rQpy3z(non-canary must not write decision log: z >assert %(py5)srS)rrrpoprrrrrrrrrfrgrhrirjrkrlrmrorprC) r8rrr rrrsrtrurvrw @py_assert2 @py_format4s r!test_canary_env_flag_off_nooprs **// CGG & #$6 7C* *-G >> Y(jj!    D ??UaU?a UUU?aUUUUUU4UUU4UUU?UUUaUUU#CDOOCT!UUUUUUUU (+^^ _CF3"9FFF3"FFFFFF3FFF3FFF"FFF@FFFFFFFr#)NN)rdictrz dict | Nonerz Path | Nonereturnzsubprocess.CompletedProcess)r4rrr)r@rrz list[dict])r8r)r8rrrrr)%__doc__ __future__rbuiltinsri_pytest.assertion.rewrite assertionrewritergrrr1rrpathlibrpytest__file__resolver'r/rWORKSPACE_LIVEr"fixturer8rCryrrmark parametrizerrrrrr#r!rs#   N " " $ , ,Q / O P +, $" $ n ,*  e  e % V.,Gr#