NiX~FdZddlmZddlZddlmZmZmZddlZddlm Z m Z m Z m Z dZ dZdZd Zd Zd Zd Zd ZdZdZdZdZdZdZdZdZdZdZdZdZ dZ!dZ"dZ#dZ$dZ%dZ&d Z'd!Z(d"Z)d#Z*d$Z+d%Z,d&Z-d'Z.d(Z/d)Z0d*Z1d+Z2d,Z3d-Z4d.Z5y)/uPhase 3 evidence gate regression tests — T1~T16 + TU1~TU3. 모든 외부 GitHub API 호출은 mock_gh_api fixture로 stub. 실제 gh api / GEMINI_API_KEY / network 호출 0건. ) annotationsN)datetimetimezone timedelta)_iso make_reviewmake_issue_comment SCRIPT_DIRc d}tjtj}|t d|gt |t dz |jd|d}|dd k(sJ|d |d vsJy ) u8T1: review 1건 + SHA 일치 + severity 없음 → PASS.abc123zLGTM, looks good! secondsreviews head_sha_date owner/repostatepassvalid evidencereasonNrnowrutcrrr evaluate_gateevidence_module mock_gh_apihead_sharresults D/home/jay/workspace/tests/phase3_evidence_gate/test_evidence_gate.py test_t1_valid_review_no_severityr#sH ,,x|| $C0(;<32!667 * *1h EF '?f $,f, $ vh/ // /ctjtj}|t |t dz |j ddd}|ddk(sJ|d d ksJy ) u:T2: review 0건 + 마지막 push 후 1분 경과 → HOLD.<rrrr rrholdelapsed_secondsi,Nrrrrrrrrrrr!s r""test_t2_no_evidence_within_timeoutr,+se ,,x|| $Cd32)>#>?@  * *1h EF '?f $$ $ # $s ** *r$ctjtj}|t |t dz |j ddd}|ddk(sJd |d jvsJy ) u;T3: review 0건 + 마지막 push 후 6분 경과 → BLOCK.ihrr'rr rrblocktimeoutrN)rrrrrrrlowerr+s r"$test_t3_no_evidence_timeout_exceededr18sm ,,x|| $Cd33)?#?@A  * *1h EF '?g %% % x(..0 00 0r$c bd}d}tjtj}|t d|gt |t dz |jd|d}|d d k(sJ|d |d jvsJ|d d}t|dk(sJ|dd dusJy)uMT4: review 1건 + SHA 불일치 (force-push 후 stale) → BLOCK (all_stale). oldsha000 newsha999z Looks fine.r rrrrrr.stalerevidenceprimaryrTN) rrrrrrrrr0len)rrold_shanew_sharr!r7s r"$test_t4_stale_review_all_stale_blockr;EsGG ,,x|| $C]G4532!667 * *1g| DF '?g %-v- % fX&,,. .. .Z +G w<1   1:g $ && &r$c d}tjtj}|t d|gt |t dz |jd|d}|dd k(sJtd |d d DsJy )u3T5: review 1건 + body에 🔴 이모지 → BLOCK.r u🔴 SQL injection in line 42r rrrrrr.c3$K|]}d|v ywemojiN.0hs r" z2test_t5_high_severity_emoji_red..fsNw!|Nr6high_severity_hitsN rrrrrrrranyrs r"test_t5_high_severity_emoji_redrI\sH ,,x|| $Ctest_t6_high_severity_keyword_severity_high..x-1zQ-rEzexpected severity hit, got: NrGrrr rr!hitss r"+test_t6_high_severity_keyword_severity_highrQmsH ,,x|| $CUW_`a32!667 * *1h EF '?g %% % * 2 3D -- -T1MdV/TT -r$c &d}tjtj}|t d|gt |t dz |jd|d}|dd k(sJ|d d }td |Ds Jd |y)u;T7: review 1건 + body에 'BLOCKING' (대문자) → BLOCK.r z*BLOCKING: auth bypass vulnerability found.r rrrrrr.r6rFc30K|]}d|vxsd|vyw)BLOCKINGkeywordNr@rAs r"rDzCtest_t7_high_severity_keyword_blocking_uppercase..s ?QzQ0)q.0?zexpected keyword hit, got: NrGrOs r"0test_t7_high_severity_keyword_blocking_uppercaserWsH ,,x|| $CI8TU32!667 * *1h EF '?g %% % * 2 3D ?$? ?eC^_c^dAee ?r$c *d}tjtj}d}|t ||gt |t dz |jd|d}|dd k(sJ|d d }td |Ds Jd |y)u8T8: review 1건 + body에 '## High' h2 헤더 → BLOCK.r z=Code review results: ## High - SQL injection risk at line 10r rrrrrr.r6rFc3$K|]}d|v ywheaderNr@rAs r"rDz7test_t8_high_severity_header_h2_high..+x1}+rEzexpected header hit, got: NrG)rrr rbodyr!rPs r"$test_t8_high_severity_header_h2_highr^sH ,,x|| $C MDT8,-32!667 * *1h EF '?g %% % * 2 3D +d+ +P/I$-PP +r$c d}tjtj}|t d|gt |t dz |jd|d}|dd k(sJd |d d vsJ|d d gk(sJy)uGT9: review + 'security' 단독 보조 신호만 → PASS, audit 기록.r z&This change has security implications.r rrrrrrsecurityr6supplementary_signalsrFNrrs r"'test_t9_supplementary_security_no_blockrbsH ,,x|| $CExPQ32!667 * *1h EF '?f $$ $  +,CD DD D * 2 3r 99 9r$c d}tjtj}d}|t ||gt |t dz |jd|d}|dd k(sJ|d d gk(sJy ) u;T10: code block 안 BLOCKING은 차단 패턴에서 제외.r zCLooks good! ```python # BLOCKING comment in code print('hello') ```r rrrrrrr6rFNr)rrr rr]r!s r"test_t10_code_block_excludedrdsH ,,x|| $C TDT8,-32!667 * *1h EF '?f $$ $ * 2 3r 99 9r$c tjtj}|t dz }|t dz }|gt dt |gt ||jddd }|d d k(sJ|d |d vsJ|dd}t|dk(sJ|dddk(sJ|dddusJy)uT11: issue_comment만 1건 (review 0건) + severity 없음 → PASS. issue_comment는 created_at >= head_pushed_at 일 때만 valid primary evidence. rz(Gemini review complete. No issues found. created_atrissue_commentsrrr rrrrrr6r7rtype issue_commentr5FN) rrrrrr rrr8)rrrhead_pushed_atcomment_created_atr!r7s r",test_t11_issue_comment_only_no_severity_passrps ,,x|| $C9R00Ny33* 6./  >*  * *1h EF '?f $,f, $ vh/ // /Z +G w<1   1:f  00 0 1:g % '' 'r$c ntjtj}|t dz }|t dz }|gt dt |gt ||jddd }|d d k(sJ|d |d jvsJ|dddd dusJy)uT11b: issue_comment의 created_at이 head push 이전이면 stale → BLOCK (all_stale). force-push 시나리오: 새 SHA가 push된 후 옛 issue comment만 남아있는 상황. rfriXLGTMrhrjr newsha456rrr.r5rr6r7rTN) rrrrrr rrr0)rrrrnold_comment_created_atr!s r"1test_t11b_issue_comment_before_head_push_is_stalerus ,,x|| $C9R00N 9S#99* 23  >*  * *1k< HF '?g %-v- % fX&,,. .. . * i ( +G 4 << z.s QP]L^r$rr z-Only gemini-code-assist app should pass: got rryN)setattr_fetch_check_runsr8)r monkeypatchr!rs @r"*test_t11c_fetch_check_runs_strict_app_slugrs lFK3H I2FDX;Y Z3V_?  * *1g| DF '?f $$ $ # $r )) )r$c 6d}tjtj}|t d|gt |t dz |jd|d}|jd|d}|d|dcxk(rd k(sJJ|d |d k(sJy ) uHT14: 두 check name이 같은 evaluate_gate를 호출 — 결과 동일.r rrr rrrrrrrNr) gate_modulerrr rr1r2s r"$test_t14_two_check_names_same_resultr.sH ,,x|| $CVX./32!667  & &q(L AB  & &q(L AB g;"W+ / // // / h<2h< '' 'r$c d}tjtj}|t d|gt |t dz g d fd }|j|d|dD]B}|jtd d d d d |ddd|dg |j}|dk(r:Jd|t dk(sJ dddk(sJ dddk(sJ dd ddcxk(rdk(sJJ dd ddk(sJ dd ddcxk(rdk(sJJ dd ddcxk(r|k(sJJy) uT14b: gemini_review_gate.py CLI를 두 check name(--check-name)으로 실행했을 때 publish_check_run에 전달되는 payload가 동일해야 함 (state/conclusion/summary). 실제 wrapper가 동일 evaluate_gate를 호출하는지 CLI 레벨로 보장. r rrr rrc>j|||||dddddS)N)reposharz conclusionsummaryr{}rcstdoutstderr)append)rrrzrrdetailscaptureds r" fake_publishzHtest_t14b_cli_two_check_names_same_publish_payload..fake_publishKs/d$  4266r$publish_check_run)gemini-review-gatephase3-merge-gateargvgemini_review_gate.py --pr-number1 --commit-sha--repor --check-name--publish-checkrzPASS state should return 0 for r|rzrrrrsuccessrrrNr) rrrrrrrrsysmainr8) rrrrr rr check_namerrs @r"2test_t14b_cli_two_check_names_same_publish_payloadr<s H ,,x|| $CVX./32!667 H7 %8,GAG C # 3 lNJ  *     QwF9*FFwG x=A   A;v "6 66 6 A;v "5 55 5 A;| $ L(A NY NN NN N A;y !Xa[%; ;; ; A;v (1+f"5 E EE EE E A;u !U!3 ?x ?? ?? ?r$c ddl}ddl}gd}d}tdz tdz g}|D]}|jd} |j |t | }t} |jD]k} t| |jst| jt s5| j} t!| d | } | j#t%| | d zm|j'} t)| d D]\}}|j+}|j-d r(|| vr-|D]?}|j/||stj|jd|d|d|A|j/||stj|jd|d|y#t $r/}tj|jd |Yd}~d}~wwxYw)uUT15: 소스 코드에 generativelanguage.googleapis.com 등 Gemini API endpoint 0건.rN)z#generativelanguage\.googleapis\.comzgoogleapis\.com.*modelszgoogle\.generativeaizgenai\.GenerativeModelz>(?:os\.environ|os\.getenv)\s*[\[\(]\s*["\']GEMINI_API_KEY["\']zgemini_evidence_verify.pyrzutf-8)encoding)filenamez: SyntaxError during parse: end_linenor#:z forbidden pattern 'z': z& forbidden GEMINI_API_KEY env access: )reastr read_textparsestr SyntaxErrorpytestfailrzsetwalk isinstanceConstantvaluelinenogetattrupdaterange splitlines enumeratestrip startswithsearch)_re_astforbidden_patternsenv_access_pattern src_filessrccontenttreeestring_line_rangesnodestartendlinesln_nolinestrippedpatterns r")test_t15_no_gemini_api_endpoint_in_sourcerls[ 00,,I &---1 F::gC:9D (+uIIdO AD$ .:djj#3N dL%8"))%sQw*?@  A ""$$UA. KE4zz|H""3'**. ::gt,KK88*AeW,@ THU zz,d3 xxj%(NthW% %&  F KK388*$@D E E FsF,, G$5$GG$ct d}tjtj}|t |t dz i d fd }|j |d||j tddd d d |d d dddg |j}|dk(sJd ddk(s Jd d dvsJy)uNT16: HOLD state → GitHub check conclusion='failure' (neutral 절대 금지).r r&rr'c:j|||dddddS)N)rrrzrrrr)r)rrrzrrr publisheds r"rz?test_t16_hold_maps_to_failure_not_neutral..fake_publishs& wPTUV4266r$rrrrrrrrrrrrz%HOLD should return non-zero exit coderfailurez0HOLD must map to 'failure', not 'neutral'. got: HOLDrNr) rrrrrrrrr) rrrrcapsysr rrrrs @r")test_t16_hold_maps_to_failure_not_neutralrsH ,,x|| $Cd32)>#>?@I7 %8,GVsNH,0D &    B 7;;;7 \ "i / :9+F / Yy) )) )r$cNd}|j|}d|vsJd|vsJd|vsJy)uHTU1-a: fenced code block (``` ... ```) 내용이 제거되는지 확인.z8Normal text ```python BLOCKING code here ``` After blockrTz Normal textz After blockNstrip_code_blocksrr]rs r"!test_tu1_strip_code_blocks_fencedrsA ID006H X %% % H $$ $ H $$ $r$cNd}|j|}d|vsJd|vsJd|vsJy)u>TU1-b: inline code (` ... `) 내용이 제거되는지 확인.z Use `BLOCKING` method carefully.rTUse carefullyNrrs r"!test_tu1_strip_code_blocks_inlinersA -D006H X %% % H   ( "" "r$cV|jddk(sJ|jdJy)u,TU1-c: 빈 body 입력 시 그대로 반환.rNrrs r" test_tu1_strip_code_blocks_emptyrs2  , ,R 0B 66 6  , ,T 2 :: :r$c8d}|j|}||k(sJy)uBTU1-d: code block 없는 일반 텍스트는 변경 없이 반환.z This is a normal review comment.Nrrs r""test_tu1_strip_code_blocks_no_coders% -D006H t  r$c^|jd}td|Ds Jd|y)u.TU2-a: 🔴 이모지 → emoji 패턴 매칭.u🔴 critical issue foundc3$K|]}d|v ywr>r@rAs r"rDz9test_tu2_match_high_severity_emoji_red..*w!|*rEgot: Nmatch_high_severityrHrrPs r"&test_tu2_match_high_severity_emoji_redrs2  . ./J KD *T* *:eD6N: *r$c^|jd}td|Ds Jd|y)u-TU2-b: ❌ 이모지 → emoji 패턴 매칭.u❌ do not mergec3$K|]}d|v ywr>r@rAs r"rDz7test_tu2_match_high_severity_emoji_x..rrErNrrs r"$test_tu2_match_high_severity_emoji_xrs2  . ./A BD *T* *:eD6N: *r$c^|jd}td|Ds Jd|y)u7TU2-c: 'severity: critical' → severity 패턴 매칭.zseverity: critical bug herec3$K|]}d|v ywrLr@rAs r"rDz@test_tu2_match_high_severity_severity_keyword..rNrErNrrs r"-test_tu2_match_high_severity_severity_keywordrs2  . ./L MD -- -=tf~= -r$c^|jd}td|Ds Jd|y)u6TU2-d: 'BLOCKING' 키워드 → keyword 패턴 매칭.zBLOCKING issue: auth bypassc30K|]}d|vxsd|vyw)rUrTNr@rAs r"rDz@test_tu2_match_high_severity_blocking_keyword..s ?QyA~0q0?rVrNrrs r"-test_tu2_match_high_severity_blocking_keywordr s2  . ./L MD ?$? ?O5O ?r$c^|jd}td|Ds Jd|y)u6TU2-e: 'MUST FIX' 키워드 → keyword 패턴 매칭.zMUST FIX before mergec30K|]}d|vxsd|vyw)rUMUSTNr@rAs r"rDz@test_tu2_match_high_severity_must_fix_keyword.. s ;yA~,1,;rVrNrrs r"-test_tu2_match_high_severity_must_fix_keywordrs2  . ./F GD ;d; ;KuTF^K ;r$cbd}|j|}td|Ds Jd|y)u4TU2-f: '## High' h2 헤더 → header 패턴 매칭.z Review: ## High - SQL injectionc3$K|]}d|v ywrZr@rAs r"rDz;test_tu2_match_high_severity_header_high..r\rErNrrr]rPs r"(test_tu2_match_high_severity_header_highrs6 0D  . .t 4D +d+ +;uTF^; +r$cbd}|j|}td|Ds Jd|y)u8TU2-g: '## Blocking' h2 헤더 → header 패턴 매칭.z'## Blocking Must be fixed before merge.c3$K|]}d|v ywrZr@rAs r"rDz?test_tu2_match_high_severity_header_blocking..r\rErNrrs r",test_tu2_match_high_severity_header_blockingrs6 5D  . .t 4D +d+ +;uTF^; +r$c4|jd}|gk(sJy)u:TU2-h: severity 없는 일반 텍스트 → 빈 리스트.zLGTM, code looks cleanNrrs r"%test_tu2_match_high_severity_no_matchrs  . ./G HD 2::r$c^|jd}td|Dr Jd|y)uFTU2-i: 'blocking' 소문자는 매칭 안됨 (정확히 대문자만).z$This might be blocking the pipeline.c3$K|]}d|v yw)rUNr@rAs r"rDzKtest_tu2_match_high_severity_blocking_lowercase_no_match..&s0a9>0rEzunexpected keyword match: Nrrs r"8test_tu2_match_high_severity_blocking_lowercase_no_matchr"s7  . ./U VD0400U4Ntf2UU 00r$c\|jdgk(sJ|jdgk(sJy)u"TU2-j: 빈 body → 빈 리스트.rNrrs r""test_tu2_match_high_severity_emptyr)4  . .r 2b 88 8  . .t 4 :: :r$cB|jd}d|vs Jd|y)u4TU3-a: 'security' 단어 → security 보조 신호.zThis has security implications.r`rNmatch_supplementaryrsigss r"%test_tu3_match_supplementary_securityr$3s,  . ./P QD  -tf~- r$cB|jd}d|vs Jd|y)u6TU3-b: 'data loss' 구문 → data_loss 보조 신호.z!Risk of data loss if not handled. data_lossrNr r"s r"&test_tu3_match_supplementary_data_lossr'9s,  . ./R SD $ .%v. r$cB|jd}d|vs Jd|y)u8TU3-c: 'regression' 단어 → regression 보조 신호.zThis could cause a regression. regressionrNr r"s r"'test_tu3_match_supplementary_regressionr*?s,  . ./O PD 4 /5/ r$cNd}|j|}d|vsJd|vsJd|vsJy)u-TU3-d: 여러 보조 신호 동시에 존재.z>There's a security issue and risk of data loss and regression.r`r&r)Nr rr]r#s r"%test_tu3_match_supplementary_multipler-EsA KD  . .t 4D    $   4  r$c4|jd}|gk(sJy)u8TU3-e: 보조 신호 없는 텍스트 → 빈 리스트.zLGTM, everything looks fine.Nr r"s r"%test_tu3_match_supplementary_no_matchr/Ns  . ./M ND 2::r$cFd}|j|}d|vs Jd|y)u@TU3-f: code block 안 'security' → 보조 신호에서 제외.z(```python # security check here pass ```r`z2expected no security signal from code block, got: Nr r,s r"3test_tu3_match_supplementary_in_code_block_excludedr1Ts4 8D  . .t 4D T !^%WX\W]#^^ !r$c\|jdgk(sJ|jdgk(sJy)u"TU3-g: 빈 body → 빈 리스트.rNr rs r""test_tu3_match_supplementary_emptyr3[rr$cB|jd}d|vs Jd|y)u0TU3-h: 'Security' 대소문자 혼합도 매칭.zSecurity concern noted.r`rNr r"s r"-test_tu3_match_supplementary_case_insensitiver5as,  . ./H ID  -tf~- r$)6__doc__ __future__rrrrrr#tests.phase3_evidence_gate.conftestrrr r r#r,r1r;rIrQrWr^rbrdrprurrrrrrrrrrrrrrr rrrrrrr$r'r*r-r/r1r3r5r@r$r"r9s # 22  0"+1'. O" U$ f$ Q& :$ :$(2=, . %"* ()@`9@*B%#; ; ; > P L << V;. / 0   _; .r$