j13xdZddlmZddlZddlmcmZddl Z ddl Z ddl Z ddl Z ddl mZddlZdZdddZej$dZej(j+dgd d Zd Zd Zej(j+d gddZdZdZdZdZdZdZdZ dZ!dZ"dZ#dZ$dZ%y)utask-2578 v3 audit-trail Bash capture regression tests. 회장 결정 2026-05-14 옵션 A: minimal patch post-tool-use.sh L137-160 IS_MEANINGFUL filter 제거 + v3 schema. 검증 항목: - destructive command 박제 (rm / mv / truncate / `> file` / find -delete / git stash drop / git checkout -- file 등) - redaction 적용 (api_keys / tokens / env_secrets / korean_pii) - command_hash (SHA256 of raw) - affected_path_candidates 추출 - claimed_actor / actor_verification_evidence / owner_attribution_status 기본값 - backward compat (v2 entries 무변경 — 본 test는 v3 박제만 검증) 본 test는 production hook을 stdin feed로 호출 + AUDIT_TRAIL_LOG_DIR override. ) annotationsN)Pathz(/home/jay/.claude/hooks/post-tool-use.shchd||d|id}itjdt|i}tjdt gt j|dd|d}|j}d }||k(} | stjd | fd ||fd tjvstj|rtj|nd tj|tj|d z} tjd|j dzd| iz} t#tj$| dx}x} }|dz } | j'sgS| j)j+D cgc](} | j-st j.| *c} Scc} w)uPpost-tool-use.sh를 stdin feed로 실행하고 audit-trail.jsonl entries 반환.Bashcommand tool_namecwd session_id tool_inputAUDIT_TRAIL_LOG_DIRbashT inputcapture_outputtextenvtimeoutr==z2%(py2)s {%(py2)s = %(py0)s.returncode } == %(py5)sresultpy0py2py5z hook failed: z >assert %(py7)spy7Nzaudit-trail.jsonl)osenvironstr subprocessrun HOOK_PATHjsondumps returncode @pytest_ar_call_reprcompare @py_builtinslocals_should_repr_global_name _saferepr_format_assertmsgstderrAssertionError_format_explanationexists read_text splitlinesstriploads)rlog_dirr r payloadrr @py_assert1 @py_assert4 @py_assert3 @py_format6 @py_format8log_filelines H/home/jay/workspace/tests/regression/test_audit_trail_bash_capture_v3.py _run_hookrAsA  '* G >RZZ =.G =C ^^ jj!   F   BB  !BBB BBBBBB6BBB6BBB BBBBBB]6==/#BBBBBBBB,,H ??  )1););)=)H)H)J [djjlDJJt  [[ [s ?F/F/c |dz S)Nlogs)tmp_paths r@ tmp_audit_dirrF6s f zcommand, expected_pattern) )zrm /tmp/test_file_abcrm)zrm -rf /tmp/some_dirrH),truncate -s 0 utils/replacement_pr_runner.pytruncate)zunlink /tmp/some_fileunlink)zfind . -name '*.tmp' -deletez find-delete)zgit stash drop stash@{0}git-destructive)zgit reset --hard HEADrL)z)git checkout origin/main -- utils/file.pyzgit-checkout-file)z0git worktree remove --force .worktrees/some-taskzgit-worktree-remove)z: > utils/some_file.pyz:>)z"cat /dev/null > utils/some_file.pyzcat-devnull-redirectc| t||}t|}d}||k(}|stjd|fd||fdt j vstj trtjtnddt j vstj |rtj|ndtj|tj|dz}tjdt|dzd |iz}ttj|dx}x}}|d } | d } d } | | k(}|sltjd|fd | | ftj| tj| dz} dd| iz}ttj|dx} x}} | d} d} | | k(}|sltjd|fd | | ftj| tj| dz} dd| iz}ttj|dx} x}} | d} d} | | u}|stjd|fd| | ftj| tj| dz} tjd| dzd| iz}ttj|dx} x}} | d}||v} | stjd| fd||fdt j vstj |rtj|ndtj|dz}tjd|d| dd d!zd"|iz}ttj|dx} }| d#} | j}d$}||}|std%tj| tj|tj|tj|d&z}ttj|dx} x}x}}| d'} d(} | | k(}|sltjd|fd | | ftj| tj| dz} dd| iz}ttj|dx} x}} | d)} d} | | u}|sltjd|fd| | ftj| tj| dz} dd| iz}ttj|dx} x}} y)*Nrz0%(py3)s {%(py3)s = %(py0)s(%(py1)s) } == %(py6)slenentriesrpy1py3py6zexpected 1 entry, got z >assert %(py8)spy8rschema_versionz%(py1)s == %(py4)srSpy4assert %(py6)srUtoolris_destructiveTisz%(py1)s is %(py4)sz"is_destructive expected True, got z >assert %(py6)sdestructive_pattern_matchedinz%(py0)s in %(py3)sexpected_patternrrTz pattern 'z' not found in '' >assert %(py5)sr captured_bypost-tool-use.sh.v3Lassert %(py7)s {%(py7)s = %(py3)s {%(py3)s = %(py1)s.startswith }(%(py5)s) }rSrTrrowner_attribution_status NOT_CLAIMED claimed_actor) rArPr(r)r*r+r,r-r.r0r1 startswith)rFrrfrQ @py_assert2 @py_assert5r: @py_format7 @py_format9entry @py_assert0r; @py_format5r9 @py_format4r< @py_assert6r=s r@!test_destructive_pattern_capturedr{@s"/G w<E1E<1 EEE<1EEEEEE3EEE3EEEEEEwEEEwEEE<EEE1EEE 6s7|nEEEEEEEE AJE ! "'a' "a '''' "a''' "'''a''''''' ="F"=F """"=F"""="""F""""""" ! "XdX "d *XXX "dXXX "XXXdXXX.PQVPW,XXXXXXXX$%BC C C C   D $%%5e)z>echo GITHUB_TOKEN=ghp_abcdef1234567890ABCDEFGHIJKLMNOPQRSTUVWXr)zexport AKIA1234567890ABCDEFz)zFcurl -H 'Authorization: Bearer abc123def456ghi789jkl012' https://api.xz)u"echo '주민번호 991231-1234567')uecho '연락처 010-1234-5678'r)z'cat /home/jay/workspace/taskctl-bot.pemz)z&ssh -i /home/jay/.ssh/id_rsa user@host)z(scp /home/jay/.ssh/id_ed25519 host:/tmp/r)zJecho -----BEGIN RSA PRIVATE KEY-----abc123def-----END RSA PRIVATE KEY-----)zBecho -----BEGIN CERTIFICATE-----xyz789ghi-----END CERTIFICATE-----rct||}t|}d}||k(}|stjd|fd||fdt j vstj trtjtnddt j vstj |rtj|ndtj|tj|dz}dd|iz}ttj|dx}x}}|d } | d } d } | | u}|sltjd |fd | | ftj| tj| dz} dd| iz}ttj|dx} x}} | d}||v} | stjd| fd||fdt j vstj |rtj|ndtj|dz}tjd| ddzd|iz}ttj|dx} }y)NrNrrOrPrQrRr}rVrredaction_appliedTr_rarZr\rUrrcreplaceholder_substringrgzplaceholder missing: rir) rArPr(r)r*r+r,r-r0r1r.)rFrrrQrrrsr:rtrurvrwr;rxr9ryr<s r@test_redaction_appliedrust0/G w<1<1 <133ww<1 AJE $ %-- % ---- %--- %----------$))$4` $4 4``` $4`````` ``` ```$4```8MeT]N^M_6```````rGc@td|}t|}d}||k(}|stjd|fd||fdt j vstj trtjtnddt j vstj |rtj|ndtj|tj|dz}dd |iz}ttj|dx}x}}|d d }d }||u}|sltjd |fd||ftj|tj|dz} dd| iz}ttj|dx}x}}y)Nzgit commit -m 'test commit'rNrrOrPrQrRr}rVrrFr_rarZr\rUrrs r@-test_redaction_not_applied_for_normal_commandrs5}EG w<1<1 <133ww<1 1:) *3e3 *e 3333 *e333 *333e3333333rGcd}tj|jj}t ||}t |}d}||k(}|st jd|fd||fdtjvst jt rt jt nddtjvst j|rt j|ndt j|t j|dz}dd |iz}tt j|d x}x}}|d } | d } | |k(}|st jd|fd | |ft j| dtjvst j|rt j|nddz} dd| iz} tt j| d x} }d} | d} | | v}|slt jd|fd| | ft j| t j| dz}dd|iz}tt j|d x} x}} y )uDcommand_hash는 raw command (redaction 전) 의 SHA256이어야 함.z*echo TELEGRAM_BOT_TOKEN=abc123def456ghi789rNrrOrPrQrRr}rVNr command_hash)z%(py1)s == %(py3)s expected_hashrSrTassert %(py5)srz KNN;#5#5#78BBDM ]3G w<1<1 <133ww<1 AJE  1 M 1111 M111 111111M111M1111111 *% **;* ****;****;***********rGchd}t||}|jdz }t||}|dd}|dd}||k(}|sltjd|fd||ftj|tj|dz}dd |iz} t tj | d x}x}}y ) u동일 command는 동일 hash.zrm /tmp/same_filelogs2rrrrYrZr\rUN)rAparentr(r)r-r0r1) rFcmdentries1tmp2entries2rwr;rrrxrts r@test_command_hash_deterministicrs Cm,H   ' )Dd#H A;~ &E(1+n*EE &*E EEEE &*EEEE &EEE*EEEEEEEErGc td|}d}|dd}||v}|sltjd|fd||ftj|tj|dz}dd |iz}t tj |dx}x}}y) NrIzutils/replacement_pr_runner.pyraffected_path_candidatesrcrrZr\rUrAr(r)r-r0r1rFrQrwr;rrrxrts r@-test_affected_path_extracted_from_destructiversiF VG +Uwqz:T/UU +/U UUUU +/UUUU +UUU/UUUUUUUUrGcd}t||}|dd}d|D}t|}|sddtjvst j trt j tndt j |t j |dz}tt j|dx}}d|D}t|}|sddtjvst j trt j tndt j |t j |dz}tt j|dx}}y) Nzz.test_affected_path_multiple..*qv{*z,assert %(py4)s {%(py4)s = %(py0)s(%(py2)s) }any)rrr[c3$K|]}d|v yw)zb.pyNrDrs r@rz.test_affected_path_multiple..rr) rArr*r+r(r,r-r0r1)rFrrQpathsr9r;rxs r@test_affected_path_multiplers HC]+G AJ1 2E*E**3* ** ******3***3******* ********E**3* ** ******3***3******* *******rGc"td|}|dd}g}||k(}|sltjd|fd||ftj|tj|dz}dd|iz}t tj |dx}x}}y) NlsrrrrYrZr\rUrrs r@*test_affected_path_empty_for_no_file_tokenrsem,G 1:0 17R7 1R 7777 1R777 1777R7777777rGc"td|}|d}|d}d}||u}|sltjd|fd||ftj|tj|dz}dd|iz}t tj |dx}x}}|d }d}||u}|sltjd|fd||ftj|tj|dz}dd|iz}t tj |dx}x}}|d }d }||k(}|sltjd |fd ||ftj|tj|dz}dd|iz}t tj |dx}x}}y)Nz echo hellorrpr_rarZr\rUactor_verification_evidencernrorrYr)rFrQrvrwr;rrrxrts r@test_attribution_defaultsrs m4G AJE  !)T) !T )))) !T))) !)))T))))))) . /747 /4 7777 /4777 /77747777777 + ,= = , ==== , === ,=== =======rGc^td|}|d}hd}||jz }| }|s~tjd|dzddt j vstj |rtj|ndiz}ttj|d}|d}d }||k(} | sltjd | fd ||ftj|tj|d z} d d| iz} ttj| dx}x} }y)Nzecho schema-testr>tsbotr filer]memberts_kstrsessiontask_idrjrrpr^rWrrrnrrbzmissing v3 fields: z >assert not %(py0)srmissingrWrXrrYrZr\rU) rAkeysr(r.r*r+r,r-r0r1r)) rFrQrvrequiredrr9 @py_format2rwr;rrrxrts r@&test_schema_v3_required_fields_presentrs*M:G AJEH,%G;7;77-gY7777777w777w777777 ! "'a' "a '''' "a''' "'''a'''''''rGcTtd|}|dd}|j}d}||}|stdtj|tj|tj|tj|dz}t tj |dx}x}x}}y)Nz echo markerrrjrkrlrm)rArqr(r-r0r1)rFrQrwrrr:rzr=s r@test_captured_by_markerrs} }5G 1:m $F $ / /F0EF /0E FF FFF $FFF /FFF0EFFF FFFFFFFrGctd|}|d}|d}d}||k(}|sltjd|fd||ftj|tj|dz}dd |iz}t tj |d x}x}}d }||v}|stjd |fd ||ftj|dt jvstj|rtj|nddz}dd|iz} t tj | d x}}d}||v}|stjd |fd ||ftj|dt jvstj|rtj|nddz}dd|iz} t tj | d x}}d}||v}|stjd |fd ||ftj|dt jvstj|rtj|nddz}dd|iz} t tj | d x}}y )uWv2 reader가 사용하던 'tool', 'bot', 'task_id', 'command' field가 v3에도 존재.z git statusrr]rrrYrZr\rUNrrc)z%(py1)s in %(py3)srvrrrrr) rAr(r)r-r0r1r*r+r,) rFrQrvrwr;rrrxrtryr<s r@&test_v3_entry_has_legacy_compat_fieldsrso m4G AJE ="F"=F """"=F"""="""F""""""" 5E>5E5EE 9 99 9 99rGcLdddddid}itjdt|i}tjdt gt j|d d |d }|j}d }||k(}|stjd |fd||fdtjvstj|rtj|ndtj|tj|dz}dd|iz}ttj |dx}x}}y)u(빈 command 입력에도 hook은 exit 0.rz/tmpsrr~rr rTrrrrrrrassert %(py7)srN)rr r!r"r#r$r%r&r'r(r)r*r+r,r-r0r1) rFr8rrr9r:r;r<r=s r@+test_hook_exit_code_zero_with_empty_commandrs"6U^`bTcdG CRZZ C.M0B CC ^^ jj!   F   !!  !!!! !!!!!!6!!!6!!! !!!!!!!!!!rGcitjdt|i}tjdt gddd|d}|j }d}||k(}|stjd|fd ||fd tjvstj|rtj|nd tj|tj|d z}d d |iz}ttj|dx}x}}y)Nr rznot-json-at-allTrrrrrrrrr)rr r!r"r#r$r'r(r)r*r+r,r-r0r1)rFrrr9r:r;r<r=s r@,test_hook_exit_code_zero_with_malformed_jsonr%s CRZZ C.M0B CC ^^    F   !!  !!!! !!!!!!6!!!6!!! !!!!!!!!!!rG)z test-sessz/home/jay/workspace) rr!r7rr r!r r!returnz list[dict])&__doc__ __future__rbuiltinsr*_pytest.assertion.rewrite assertionrewriter(rr%rr"pathlibrpytestr$rAfixturerFmark parametrizer{rrrrrrrrrrrrrrrrDrGr@rs #  6 \2  *! *61$.a/.a4 +FV +8>(<G " "rG