jp.UdZddlmZddlZddlZddlZddlZddlmZ ddl m Z ddl m Z mZmZe ej#j$j$j$Zeeej*vr!ej*j-eeej*j/deeddlmZmZmZmZmZmZmZm Z m!Z!m"Z"m#Z#m$Z$ddl%m&Z&m'Z'm(Z(dd l)m*Z*m+Z+m,Z,dDdEd Z-dFd Z.d d dddddddeddZ/de0d<ddddddddd Z1de0d!<d"ddddd#d$dd Z2de0d%<d&ddddd'd(dd Z3de0d)<d*ddddd+d,dd Z4de0d-<d.ddddd/d0dd Z5de0d1<d2Z6d3Z7d4Z8d5Z9d6Z:d7Z;d8Zd;Z?d<Z@d=ZAd>ZBd?ZCd@ZDdAZEdBZFdCZGy)Gutests/regression/test_bot_merge_identity_regression_2523.py 회귀 테스트 — task-2523 bot merge identity regression / autonomy proof harness. 회장 §본질: task-2522 BOT_MERGE_IDENTITY_SUCCESS path를 **회귀로 고정**한다. PR #73 (mergeCommit b7a37521..., mergedBy=app/jeon-jonghyuk-taskctl-bot, token_source=GITHUB_APP_INSTALLATION_TOKEN) 가 1회성 우연이 아니라 향후 PR에서도 반복 가능한 표준 path 임을 박제한다. 회장 §명시 8 검증 (정확히 8개): 1. GH_TOKEN process-local injection이 owner PAT보다 우선 2. gh auth=owner여도 merge token_source=GITHUB_APP_INSTALLATION_TOKEN 기록 3. mergedBy=app/jeon-jonghyuk-taskctl-bot → BOT_MERGE_IDENTITY_SUCCESS 분류 4. mergedBy=JonghyukJeon → owner_pat fallback 분류 5. token raw value 로그 0건 6. branch cleanup도 bot token으로 가능 7. smoke + reconcile 정상 8. audit JSONL에 token_source / mergedBy / owner_pat_used / expected_bot_identity 4 필드 존재 replay fixture: - PR #73 BOT_MERGE_IDENTITY_SUCCESS (mergedBy=app/jeon-jonghyuk-taskctl-bot, mergeCommit=b7a37521c8f189bfd98b8ea047ebaa5c5fe684aa, mergedAt=2026-05-09T09:01:27Z) - PR #68/#69/#70/#71/#72 owner_pat fallback 5건 (autonomy capability gap 박제) 회장 §보안: - raw token value 절대 출력/저장 X (정적 grep 검증 포함) - gh api 실호출 X — 모두 runner mock / dataclass 직접 주입 - subprocess 실행 X — 모든 경로는 fixture replay ) annotationsN)fields)Path)AnyDictList) DEFAULT_AUDIT_JSONL_PATHMergeIdentityAuditRecordREQUIRED_AUDIT_FIELDS_2523TOKEN_SOURCE_GITHUB_APPTOKEN_SOURCE_OWNER_PATTOKEN_SOURCE_UNKNOWNappend_audit_jsonlbuild_audit_recordclassify_token_sourcecompute_autonomy_score_deltaexpected_bot_identity_for_actor'verify_branch_cleanup_token_inheritance)OWNER_PAT_FALLBACK_BLOCKEDexecute_squash_mergeselect_merge_token_decision) BlockedReasonclassify_capability_gapprobe_bot_merge_identityc4tjg|||S)N)args returncodestdoutstderr) subprocessCompletedProcess)rrrs O/home/jay/workspace/tests/regression/test_bot_merge_identity_regression_2523.pycpr#Os  & &B:f]c ddcddfd }|S)u@gh pr view --json ... 호출에 응답하는 runner factory.c(~~t|dks |ddgdk7r tdddS t|d}j |}| tddd Stdt j |dS#t$rtdddcYSwxYw) Nr)ghprviewzunexpected callz bad pr numberz Not Found)lenr#int ValueErrorgetjsondumps)rcwdkwargsnpayload pr_payloadss r"runnerz#make_pr_view_runner..runnerVs  t9q=D1I)==a./ / .DG A//!$ ?a[) )!TZZ("--  .a_- - .sA88BB)N)r List[str]r4rreturnsubprocess.CompletedProcess)r8r9s` r"make_pr_view_runnerr>Ss . Mr$Iapp/jeon-jonghyuk-taskctl-botBotT)logintypeis_botztask/task-2522-dev2 task-25222026-05-09T09:01:27Z(b7a37521c8f189bfd98b8ea047ebaa5c5fe684aa)task_idmergedAt mergeCommitexpected_token_source)numbermergedBy headRefName_metazDict[str, Any] PR_73_FIXTURED JonghyukJeonUserFz task-2517z2026-05-09T00:53:24Z)rHrI)rLrMrO PR_68_FIXTUREEz task-2519z2026-05-09T02:04:50Z PR_69_FIXTUREFz task-2518z2026-05-09T04:50:46Z PR_70_FIXTUREGz task-2520z2026-05-09T06:31:34Z PR_71_FIXTUREH task-2521z2026-05-09T13:30:00Z PR_72_FIXTUREghs_botFIXTUREsuffixghp_ownerFIXTUREsuffix)botFIXTUREsuffixownerFIXTUREsuffixcVttd}tt|}|jtk(sJd|j|j dusJ|j tddk(sJtj|j}tD]}||vrJd|y)u7(1) env에 owner PAT + GH_TOKEN=$BOT_GITHUB_TOKEN 동시 존재 → classify가 GH_TOKEN(ghs_) 값을 우선 분류 = GITHUB_APP_INSTALLATION_TOKEN. 회장 §본질: process-local GH_TOKEN injection 패턴 (task-2522에서 PR #73 머지 시 실제로 사용된 패턴) 이 owner PAT 보다 우선 적용되는지 회귀 박제. classify_token_source(token_value=...) 에 inject 된 token 값을 직접 전달하면 그 prefix가 ghs_ 인 경우 GitHub App 으로 분류된다 — env에 owner PAT가 동시에 존재해도 영향 없음. ) GITHUB_PATGH_TOKEN token_valueenvu9GH_TOKEN process-local injection이 우선되지 않음: TNzraw token leaked: ) _FIXTURE_OWNER_PAT_PREFIX _FIXTURE_BOT_INSTALLATION_PREFIXr token_sourcer installation_signaltoken_prefix_observedr2r3to_dict_RAW_LEAK_NEEDLES) env_with_bothprobe serialisedneedles r"test_v2_gh_auth_owner_but_merge_records_app_installation_tokenrs "4 8  E   !8 88 8 6C F  # #'> >> >  E )) )  ) )U 22 2r$c tdddk(sJtdddusJtdddk(sJttd ti }ttd |tddtdd tddtdd }|jt k(sJ|j dusJ|jdusJ|jdusJ|jdusJtd|}|jdk(sJ|jdk(sJy)u:(3) PR #73 fixture replay (mergedBy=app/jeon-jonghyuk-taskctl-bot, mergeCommit=b7a37521..., is_bot=true) → autonomy_capability_gap=False, expected_bot_identity=True, owner_pat_used=False = BOT_MERGE_IDENTITY_SUCCESS. 회장 §본질: 본 task의 회귀 핵심 — task-2522 success path 박제. rMrBr@rDTrOrJrGrdrerLrCrHrvFprevious_scorerr, N) rPrrjrr|r mergedBy_is_botexpected_bot_identityr~r}rdelta new_score)rqrrs r"Gtest_v3_pr_73_mergedBy_app_bot_classified_as_bot_merge_identity_successrsN  $W -1P PP P  $X .$ 66 6  !- 02   "4 9 : E )$Z09#J/7&w/ >g&y1 F  # #'> >> >  ! !T )) )  ' '4 // /  ) )U 22 2  E )) ) (& IE ;;!   ??a  r$c dtfdtfdtfdtfdtfg}|D]\}}t t dt i}t|||dd |dd |d d  }|jtk(s Jd||jdus Jd||jdus Jd||jdus Jd||jdurJd|ttttttd}tddgd|}|j dusJ|j"dusJt%|t&j(k(sJy)u%(4) PR #68~#72 5건 fixture replay (mergedBy=JonghyukJeon) → 모두 owner_pat fallback (autonomy_capability_gap=True, owner_pat_used=True). 회장 §본질: task-2522 직전 5 연속 owner_pat 패턴이 회귀로 고정되어 "성공 path"로 위장되지 않음을 박제. rQrUrWrYr[rcrerMrBrCrOrHrwrxryrzrHzPR #TF)rQrUrWrYr[z Jeon-Jonghyuk dev_workspace)r9N)rTrVrXrZr]rrirr|r r}r~rrr>r fallback_to_owner_token_detectedbot_can_merge_as_apprrAUTOMATION_CAPABILITY_GAP)fixturespr_numfixrqrr9identitys r"Ctest_v4_pr_68_to_72_mergedBy_owner_classified_as_owner_pat_fallbackrs ] ] ] ] ] H F %189 $z?73j/&1L+  ''+AART&?RA$$,=VHo=,--5FfXF5%%.?$vh?.++u4EVHoE4!F&! }- }"F(*>vH  4 4 << <  ( (E 11 1 "8 , 0W0W WW Wr$cd}d}||fD]}t|d|i}td|ddd }tj|j d }d |vs Jd |d|vsJ|dd|vsJt dz dz dz }|j r|jt|||jd}d |vsJd|vsJtd|}tj|j} d | vsJd| vsJ|jd t dz dz jd} tjd| rJdtjd| rJd y)!u(5) audit record + JSONL 라인 + delta 출력 전부에서 raw token suffix 노출 0건. 정적 grep + JSON 직렬화 검사. 회장 §보안: token raw value 출력 절대 금지. prefix 5자 + sha256 첫 8 hex만. 0ghs_PUBLICprefixULTRASECRETappBotSuffixDoNotLeak2ghp_PUBLICprefixULTRASECRETownerPatSuffixDoNotLeakrdrer@rA(deadbeefdeadbeefdeadbeefdeadbeefdeadbeef)rwrxryrzr{F) ensure_ascii ULTRASECRETzraw token leaked into record: DoNotLeakNrhmemoryeventsztest_2523_v5_tmp.jsonl audit_pathutf-8encodingrrT missing_okutilszbot_merge_identity.pyzghs_[A-Za-z0-9]{30,}z!long ghs_ token literal in sourcezghp_[A-Za-z0-9]{30,}z!long ghp_ token literal in source)rrr2r3rn_WORKTREE_ROOTexistsunlinkr read_textr__dict__research) secret_token_appsecret_token_pattokrqrrrtmpliner delta_jsonsrcs r"5test_v5_no_raw_token_value_in_any_audit_or_log_outputrAsOP "23$%#J;LM#:+  ZZ 0uE J._2PQ[P^0__.*,,,2Aw*$$$x'(25MM ::< JJL6c2}}g}.D((($&&&,AfMZZ/ J...*,,, d #;$@ G #&= = H HRY H ZCyy0#6[8[[ 6yy0#6[8[[ 66r$c<gdfd }td|}|ddk(sJtdk(sJdd}t|}|ddusJ|d dusJ|d dusJ|d gk(sJ|d dusJd |vsJd|vsJd|vsJgd}t|}|d dusJy)u(6) `gh pr merge --squash --delete-branch` 한 번의 호출 안에서 머지+삭제가 수행되므로, GH_TOKEN process-local injection이 branch cleanup에도 그대로 상속된다. PR #73 branch `task/task-2522-dev2` delete가 이 패턴으로 가능했음을 정적으로 검증. 회장 §본질: branch cleanup이 별도 호출 / 별도 token으로 분리되면 fallback 위험이 생긴다. 동일 호출 안에 묶여 있어야 한다. cT~jt|tdddS)NrzMerged.r-appendlistr#)rr5captureds r"r9zLtest_v6_branch_cleanup_inherits_bot_token_in_same_merge_call..runners% T #!Y##r$r?rrr,u0merge+cleanup은 정확히 1 호출이어야 함merge_command_presentTdelete_branch_flag_presentbranch_cleanup_in_same_callforbidden_flags_detected%token_inherits_process_local_gh_token--admin--forcerebase)r)r*merge73--squash--delete-branchNrr:r;r<)rr.r)r9resultissuedcleanup pr73_args cleanup_73rs @r"$ FF Fr$cnddlm}gdfd }|gd|}|ddk(sJtdk(sJddlm}m}m}t|d sJt|d sJt|sJttd ti }td |d ddd}|jdusJ|ddk(r |jrJy)u(7) PR #73 (mergedBy=bot) 머지 후 post-merge smoke 와 lifecycle reconcile 이 정상 수행됨을 fixture replay 로 박제. 회장 §본질: bot 머지 후에도 standard automation flow (smoke + reconcile)이 동일하게 작동해야 함 — bot 머지가 후행 단계를 깨뜨리지 않는다. 실호출 X — runner mock으로 smoke=PASS, reconcile=APPLIED 시뮬레이션. r)run_post_merge_smokecT~jt|tdddS)Nrzsmoke okr-r)rr5 smoke_callss r" smoke_runnerzZtest_v7_post_merge_smoke_and_reconcile_pass_after_bot_identity_merge..smoke_runners' 4:&!Z$$r$)python3z-czprint('smoke ok')statusPASSr,)LifecycleState StuckReason reconcile __members__rdrer?r@rArGrErvFNr) utils.merge_queue_executorrr.&utils.lifecycle_reconciliation_managerrrrhasattrcallablerrjrr~) rr smoke_resultrrrrqrrs @r"Dtest_v7_post_merge_smoke_and_reconcile_pass_after_bot_identity_mergers@$&K% (.L  !V ++ + { q   >= 11 1 ; .. . I   "4 9 : E 6C F  ) )U 22 2  !V +F4R4RR R4Rr$ctdz dz dz }|jr|jttdti}t d|ddd d }t || ttd ti}t d|ddd}t || |jdjj}t|dk(sJ|D]K}tj|}tD]}||vrJd|d|d|vsJd|vsJd|vsJd|vrKJtj|d} | dtk(sJ| ddk(sJ| ddusJ| ddusJtj|d} | dt k(sJ| ddk(sJ| ddusJ| ddusJ|jd} t"D]} | | vrJ|jd y!)"u (8) audit JSONL의 마지막 라인에 4 필드 모두 존재 검증: token_source_used / mergedBy_login / owner_pat_used / expected_bot_identity. 회장 §"audit JSONL에 token_source/mergedBy/owner_pat_used/expected_bot_identity 4 필드 존재" rrztest_2523_v8_audit_tmp.jsonlrdrer?r@rArGrErvrrcr[rRrSr\rrrzmissing required field z in r|ryr}rTFrrN)rrrrrjrrrirstrip splitlinesr.r2loadsr r r ro) r probe_apprecord_success probe_patrecord_fallbacklinesrr7requiredlastfirstfullrss r"7test_v8_audit_jsonl_contains_required_4_fields_contractrss 8 #h .1O OC zz| %4 9 :I(6C N~#6&- 4 5I)% O37 MM7M + 1 1 3 > > @E u:??2**T"2 \Hw& [*A(TRYQZ([ [& \#g---7***7***&'1112 ::eBi D # $(> >> >  !^ 33 3  !T )) ) ' (E 11 1 JJuQx E $ %)@ @@ @ ! "&E EE E ! "e ++ + ( )T 11 1 =='= *D#"T!!!"JJ$Jr$cXtthdk(sJttdk(sJy)uREQUIRED_AUDIT_FIELDS_2523 는 정확히 4종. {token_source_used, mergedBy_login, owner_pat_used, expected_bot_identity}. >ryr}r|rr'N)setr r.r=r$r"3test_sanity_required_audit_fields_contract_constantr-s7 ) */   ) *a // /r$cfttDchc]}|j}}d|vsJycc}w)uOMergeIdentityAuditRecord.owner_pat_used 필드 존재 — task-2523 §검증 8.r}N)_fieldsr name)f field_namess r"5test_sanity_owner_pat_used_field_present_in_dataclassr:s3#*+C#DEa166EKE { ** *Fs.ctt}|ddusJ|ddk(sJ|ddusJtt}|ddusJ|dtk(sJ|ddusJy)uselect_merge_token_decision: GITHUB_APP_INSTALLATION_TOKEN → allow_merge=True. 회장 §"GH_TOKEN process-local injection이 owner PAT보다 우선" 의 후속 결정. allow_mergeTdecision APP_TOKEN_OKcapability_gapFN)rr r r) decision_app decision_pats r">test_sanity_select_merge_token_decision_app_token_allows_merger@s//FGL  &$ .. .  #~ 55 5 ( )U 22 2//EFL  &% // /  #'A AA A ( )T 11 1r$cDttjdsJy)uHtask-2523에서 default audit path 변경 X — task-2522 결정 유지.zbot-merge-identity.jsonlN)strr endswithr=r$r".test_sanity_default_audit_jsonl_path_unchangedrPs ' ( 1 12L MM Mr$ctddk(sJtdddk(sJtdddusJtdd d k(sJtdd d k(sJtdd tk(sJttddtdddusJy)uPR #73 fixture는 BOT_MERGE_IDENTITY_SUCCESS 의 immutable replay 입력. 회장 §"replay fixture 필수 — PR #73 (mergedBy=app/jeon-jonghyuk-taskctl-bot mergeCommit=b7a37521)". rLr?rMrBr@rDTrOrJrGrIrFrKrCN)rPr rr=r$r"7test_sanity_pr_73_fixture_immutable_bot_identity_replayrUs  "b (( (  $W -1P PP P  $X .$ 66 6  !- 02    !* -1G GG G  !"9 :>U UU U *j!'*j!&)    r$cgd}t|}d|dvsJ|ddusJgd}t|}d|dvsJgd}t|}|d dusJ|d dusJy ) uverify_branch_cleanup_token_inheritance — admin/force 플래그 검출. 회장 §금지 18종 중 admin override / force 적용 회귀 박제. )r)r*rrrrrrrrF)r)r*rrrrrr)r)r*rrrrrN)r) bad_adminres bad_force no_cleanups r"Gtest_sanity_verify_branch_cleanup_token_inheritance_rejects_admin_forcerisVI 1) rP__annotations__rTrVrXrZr]rjrirortrrrrrrrrrrrrrrr=r$r"r s<#  )"" h'')0077>>~#(("HHOOC'(3~&'     e<95TXY(*A!8  ! ~ (&EJ$2H I! ~ (&EJ$2H I! ~ (&EJ$2H I! ~ (&EJ$2H I! ~ (&EJ$2H I! ~$: 4>ID3H# T*Xb-\h&GZ4SvH ` 0+ 2 N (6(*r$