jYdZddlmZddlZddlZddlZddlmZddlm Z ddl Z e e jjjjZeeej vr!ej j#eeej j%deeddlmZmZmZddlmZmZmZmZmZmZmZmZm Z m!Z!m"Z"m#Z#m$Z$m%Z%m&Z&m'Z'm(Z(dZ)d Z*d Z+e jXd'd Z-d(d Z.d)d Z/d)dZ0d)dZ1d)dZ2d)dZ3d)dZ4d)dZ5d)dZ6d)dZ7d)dZ8d)dZ9dZ:d)dZ;dZdZ?dZ@dZAd ZBd)d!ZCd"ZDd#ZEd$ZFd%ZGd&ZHy)*u/tests/regression/test_cron_session_safety_guard_2526.py 회귀 테스트 — task-2526 cron ``--session`` safety guard / safe_cron_dispatch wrapper. 회장 §본질 (2026-05-10): 독립 bot task cron에 ``--session`` 옵션이 잘못 붙어 봇이 아니라 **아누 자기 세션이 resume된 사고**가 발생함. 본 테스트는 이 사고를 회귀 fixture로 박제하여 동일 사고가 다시 발생하지 못하도록 wrapper preflight를 강제한다. 회장 §명시 6 회귀 검증 (정확히 6개): 1. independent_task + ``--session`` → BLOCK 2. merge_task + ``--session`` → BLOCK 3. followup_readonly + ``--session`` → ALLOW 4. bot_task + bot_key + no ``--session`` → ALLOW 5. bot_task + no bot_key → BLOCK 6. owner_pat fallback 감지 → BLOCK 본 사건 fixture (PR #74 재위임 오류): - 잘못된 cron ``5C9995CCB`` — ``--session 5eee7634-b0be-4594-b84e-311ae64e557b`` 동반 → wrapper가 BLOCK 했어야 함 (본 테스트가 박제) - 재발사 cron ``74325894`` — ``--session`` 빼고 발사 → 정상 (본 테스트가 ALLOW 박제) 회장 §보안: - raw token / raw key / raw session UUID 정적 검사 (wrapper 출력에 0 노출) - subprocess 실행 X (preflight only) - audit JSONL은 tmp_path에만 기록 (production audit-jsonl 오염 X) ) annotationsN)asdict)Path)DispatchStatussafe_cron_dispatchformat_chairman_block_notice)ACTOR_ANU_SESSIONACTOR_BOT_SESSION BlockedReasonCronTargetingAuditRecordREQUIRED_AUDIT_FIELDS_2526SUPPLEMENTARY_AUDIT_FIELDS_2526 TASK_KIND_BOTTASK_KIND_FOLLOWUP_ROTASK_KIND_INDEPENDENTTASK_KIND_MERGEbuild_audit_recorddetect_misrouted_sessionensure_no_raw_secretsevidence_based_recover hash_bot_keysanitize_command_previewsoft_kill_misrouted 69370320120b94683120a691cfz$5eee7634-b0be-4594-b84e-311ae64e557bc |dz S)u<production audit-jsonl 오염 방지 — tmp_path에 격리.zcron-targeting-audit.jsonl)tmp_paths K/home/jay/workspace/tests/regression/test_cron_session_safety_guard_2526.py audit_pathr Qs 2 22c|jsgS|jdjDcgc](}|jst j |*c}Scc}w)u>audit JSONL 파일의 모든 line을 dict 리스트로 반환.utf-8)exists read_text splitlinesstripjsonloads)r lns r_read_audit_linesr+WsO     %/%9%9'%B%M%M%O ^rSUS[S[S]DJJrN ^^ ^s A$ A$c (tddtttt|}|j t jk(sJ|jtjk(sJ|jtk(sJd|jJd|jvsJd|jvsd|jvsJt|}t|d k(sJ|d }|d tk(sJ|d d usJ|ddusJ|dtjk(sJy)uO본 사건 cron 5C9995CCB — independent dev3 task에 anu self-session 동반.z)dev3-team independent_task: rebuild stats2mpromptschedulechattarget_bot_key task_kind session_idr u&BLOCK시 command_argv는 비어야 함NCRON_TARGETING_GUARD_BLOCKED anu_sessionsessionrr3session_id_presentTsession_id_allowedFblocked_reason)r CHAIR_CHATDEV3_DAGDA_KEYrANU_SELF_SESSION_UUIDstatusrBLOCKEDr;r INDEPENDENT_TASK_WITH_SESSION command_argvtuplechairman_noticer+lenr resultlinesrecs r6test_regression_1_independent_task_with_session_blocksrJbs1 : %'(F ==N22 22 2  M$O$O OO O   %' )S+SS )  ! ! -- - )V-C-C CC C F11 1Y&BWBW5WW W j )E u:?? (C { 4 44 4 # $ ,, , # $ -- -  M$O$O OO Or!c tddtttt|}|j t jk(sJ|jtjtjfvsJ|jtk(sJy)u5PR merge 위임에 anu self-session 동반 → BLOCK.uO[task-2526] merge PR #74 — gh pr merge 74 --squash GH_TOKEN=$BOT_GITHUB_TOKENz 0 9 * * 1r.N)rr<r=rr>r?rr@r;r MERGE_TASK_WITH_SESSIONTARGET_SESSION_OWNER_MISMATCHrBrCr rGs r0test_regression_2_merge_task_with_session_blocksrOs ` %!(F ==N22 22 2  --33%     %' )) )r!c tddtdtt|}|jt j k(sJ|jJ|jsJdd|jvsJt|}t|dk(sJ|d}|d tk(sJ|d d usJ|d d usJ|d tk(sJ|dJy)uCread-only status scan followup + 같은 chat anu session → ALLOW.u6followup readonly: status scan only — no commit/push30mNr.,ALLOWED 시 command_argv가 채워져야 함 --sessionr8rr3r9Tr:actor_expectedr;) rr<rr>r?rALLOWEDr;rBr+rEr rFs r7test_regression_3_followup_readonly_with_session_allowsrVs G '(F ==N22 22 2  (( (   N NN  &-- -- - j )E u:?? (C { 4 44 4 # $ ,, , # $ ,, ,  $5 55 5  (( (r!c tddtttd|}|jt j k(sJ|jJ|jsJdd|jvsJdd|jvsJt|}|d }|d ttk(sJ|d d usJ|d tk(sJ|dJy)uZ재발사 cron 74325894 — --session 빼고 발사 → 정상 (다그다 trigger 박제).uU[dev3-team] task-2526 — independent bot task, GH_TOKEN=$BOT_GITHUB_TOKEN gh pr viewr-Nr.rRrSuObot_task에 session이 새어들어가면 본 사건 재발 — 절대 포함 Xz--keyrtarget_bot_key_hashr9FrTr;) rr<r=rr?rrUr;rBr+rr rFs r5test_regression_4_bot_task_with_key_no_session_allowsrYs f %F ==N22 22 2  (( (   N NN  f11 1Y 1 f)) )) ) j )E (C $ %n)E EE E # $ -- -  $5 55 5  (( (r!c tddtdtd|}|jtj k(sJ|j tjk(sJ|jtk(sJy)uAmerge cron + 회장 chat key만 (다그다 key 없음) → BLOCK.zK[task-2526] merge PR #74 GH_TOKEN=$BOT_GITHUB_TOKEN gh pr merge 74 --squashr-Nr.) rr<rr?rr@r;r BOT_KEY_MISSING_FOR_BOT_TASKrBrCrNs r-test_regression_5_bot_task_without_key_blocksr\sk \ !F ==N22 22 2  M$N$N NN N   %' )) )r!c tddtdtd|}|jtj k(sJ|j tjk(sJy)u>task_kind=bot_task + bot_key 누락도 BLOCK (cross-coverage).z;[dev3-team] independent bot task GH_TOKEN=$BOT_GITHUB_TOKENr-Nr.) rr<rr?rr@r;r r[rNs r3test_regression_5b_bot_task_without_key_also_blocksr^sU L F ==N22 22 2  M$N$N NN Nr!c tddtttd|}|jt j k(sJ|jtjk(sJ|jtk(sJy)uagh pr merge 명령에 GH_TOKEN=$BOT_GITHUB_TOKEN 미설정 → owner_pat fallback path → BLOCK.uD[task-2526] merge PR #74 — gh pr merge 74 --squash --delete-branchr-Nr.) rr<r=rr?rr@r;r OWNER_PAT_FALLBACK_DETECTEDrBrCrNs r+test_regression_6_owner_pat_fallback_blocksrask U %! F ==N22 22 2  M$M$M MM M   %' )) )r!c tddtttd|}|jt j k(sJ|jJy)uU대조군 — bot token이 명시 주입되면 OWNER_PAT_FALLBACK_DETECTED는 끈다.uO[task-2526] merge PR #74 — GH_TOKEN=$BOT_GITHUB_TOKEN gh pr merge 74 --squashr-Nr.)rr<r=rr?rrUr;rNs r8test_regression_6b_owner_pat_safe_when_gh_token_injectedrcsM ` %!F ==N22 22 2  (( (r!c tddtttt|}|j t jk(sJd|jtjk(sJy)u본 사건: cron 5C9995CCB — dev3 다그다에게 위임하려 했는데 --session 5eee7634... 가 붙어 있어서 PID 448820 = 아누 자기 세션이 resume되었음. 본 wrapper는 이 cron을 **실행 전에** 차단해야 함. u/[dev3-team] task-2526 발사 — gh pr merge 74r-r.u|본 사건 cron 5C9995CCB가 wrapper에 의해 BLOCK되지 않으면 PR #74 재위임 오류가 다시 발생할 수 있음.N) rr<r=rr>r?rr@r;r rArNs r3test_pr74_misroute_incident_replay_blocks_5C9995CCBre%sf  @ %'(F ==N22 2 B 2  M$O$O OO Or!c tddtttd|}|jt j k(sJd|jvsJy)u재발사 cron 74325894 — --session 제거 후 정상 위임. 다그다 PID 455634에서 trigger되어야 한다 (anu PID 448820 X).uL[dev3-team] task-2526 재발사 — GH_TOKEN=$BOT_GITHUB_TOKEN gh pr view 74r-Nr.rS)rr<r=rr?rrUrBrNs r)test_pr74_redispatch_cron_74325894_allowsrg<sQ ] %F ==N22 22 2 f11 11 1r!c  tddtttd|t |}t |dk(sJ|d}t D]}||vrJd|tD]}||vrJd|t t d k(sJy) uHaudit JSONL line에 회장 §4 명시 8 필드 + 2 보강 모두 존재.z0[dev3-team] task-2526 GH_TOKEN=$BOT_GITHUB_TOKENr-Nr.r8rzrequired audit field missing: z#supplementary audit field missing: )rr<r=rr+rEr r)r rHrIfnames r'test_audit_record_has_required_8_fieldsrkQsA % j )E u:?? (C+F|E=eWEE|F0K|JB5'JJ|K ) *a // /r!c"tddttddttddtdtd }t |t sJt|}tD]}||vrJ|jttk(sJt|dvsJy)Nchat=Fz#cokacdir --cron "x" --at 2m --chat  --key ) cron_id target_botbot_keyr4r:r3rTactor_actual_if_knowncommand_previewr;command_preview_sanitized) rr<r=rr isinstancer rr rXr)rIdrjs r-test_audit_dataclass_field_set_matches_schemarwgs :,' ("=j\Q_P`a C c3 44 4s A+zz  " "l>&B BB B #>!? ?? ?r!c Btddtttt|tddttt d||j d}t|vsJdt|vsJdtjd |rJtjd |rJy) uTaudit JSONL 전체 텍스트에 raw key / raw session UUID가 1건도 없어야 함.zdev3 indep taskr-r.z(dev3 bot task GH_TOKEN=$BOT_GITHUB_TOKENNr#u,raw bot_key가 audit에 노출되면 안 됨u1raw session UUID가 audit에 노출되면 안 됨zghp_[A-Za-z0-9]{20,}zghs_[A-Za-z0-9]{20,}) rr<r=rr>rr%research)r texts r"test_no_raw_secrets_in_audit_jsonlr|s  %'(9 %    (D  %U'UU %  ,a.aa ,yy0$77 7yy0$77 77r!cdtdtdt}t|}t|vsJt|vsJd|vsJd|vsJy)Nz*cokacdir --cron "do thing" --at 2m --chat rn --session zr)rawouts r5test_sanitize_command_preview_redacts_key_and_sessionrsj W^$45*+ - #3 'C  $$ $  ++ + s?? 3  r!ctdd}tjt5t |dddy#1swYyxYw)Nbug)session_id_rawkind)r>pytestraises ValueErrorrpayloads r.test_ensure_no_raw_secrets_blocks_session_uuidrs5!6FG z "'g&'''s 8Ac~ddi}tjt5t|dddy#1swYyxYw)Ncmdz>GH_TOKEN=ghp_aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa gh pr merge)rrrrrs r,test_ensure_no_raw_secrets_blocks_github_patrs6VWG z "'g&'''s 3<ctt}tt}||k(r|t|dk(sJtdJtdJy)N)rr=rE)h1h2s r,test_hash_bot_key_is_deterministic_and_shortrsS n %B n %B 83r7b=8 8   %% %   ## #r!cdtdtdttdfd}|jdusJ|j dusJt|j xsdvsJt|jvsJt|jvsJy ) uNcmdline에 cokacdir + --cron + --session 가 모두 있으면 misroute 의심.5/usr/local/bin/cokacdir --cron 'task' --at 2m --chat rnr~4c|rSdSNrpid fake_cmdlines rzNtest_detect_misrouted_session_flags_session_in_cron_dispatch.. 3<Dr!rcmdline_readerTrN)r<r=r>rsuspected_misroutehas_session_flagsession_id_redactedcmdline_preview_sanitizedreportrs @r.rr!rF)r<r=rrrrs @r9test_detect_misrouted_session_no_misroute_for_normal_cronrsZ $W^,< >& @F  $ $ -- -  " "e ++ +r!cbtdd}|jdusJ|jdk(sJy)Nic|rdSdSrr)rs rrzGtest_detect_misrouted_session_handles_unreadable_proc..sWZt`dr!rFproc_cmdline_unreadable)rrreason)rs r5test_detect_misrouted_session_handles_unreadable_procrs6 %(Cd eF  $ $ -- - ==5 55 5r!chgd fd }tdd||}|ddk(sJ|ddusJgk(sJy) Nc,j||fyr)append)rsig invocationss r fake_killerzBtest_soft_kill_dry_run_does_not_invoke_killer..fake_killersC:&r!rT)dry_runkillerr actionr signal_sentF)rintrrreturnNone)r)r rrGrs @r-test_soft_kill_dry_run_does_not_invoke_killerrsTK'!kV` aF ( y (( ( - E )) ) "  r!c tddddddddd}|jdk(sJ|jdusJ|jt k(sJy)N task-2526F) worktree_diffworktree_untrackedbranch_unpushed_commitsremote_branch_existsopen_pr_for_taskci_run_for_branchaudit_jsonl_evidencesignals clean_abortT)rclassificationredispatch_requiredsignals_with_evidencerCplans r8test_evidence_based_recover_clean_abort_when_no_evidencersi !""'',$) %!&$)  D   - // /  # #t ++ +  % % 00 0r!ctdddd}|jdk(sJ|jdusJd|jvsJy)NrT)rrrcontaminated_executionr)rrrrrs r=test_evidence_based_recover_contaminated_when_any_signal_truer sV !"&E D   ": :: :  # #t ++ + d88 88 8r!c@tdd}|jdk(sJy)Nrr no_evidence)rrrs r9test_evidence_based_recover_no_evidence_when_signals_noners" !+t )r3r;rpr5u4회장 짧은 보고 정합 — 200자 미만 유지CriticalCRITICAL)rrr rAr<rE)notices r7test_chairman_notice_is_short_and_not_critical_taxonomyrsi )'$BB:,&9:F *V 33 3 v; TTT  V ## # V ## #r!ctdz dz tdz dz dz tdz dz dz td z d z h}|D]}|jrJd |t|d k(sJy )u.task-2526 expected_files = 정확히 4 파일.scriptszsafe_cron_dispatch.pytests regressionz&test_cron_session_safety_guard_2526.pymemoryspecszcron-targeting-spec.mdutilszcron_targeting_audit.pyzexpected_file missing: N)_WORKTREE_ROOTr$rE)expectedps r&test_expected_files_exactly_four_existr-s "%<< </2ZZ!G+.FF #<< H 9xxz84QC88z9 x=A  r!)rrrr)r rrlist)r r)I__doc__ __future__rr(rysys dataclassesrpathlibrr__file__resolveparentrstrpathremoveinsertscripts.safe_cron_dispatchrrrutils.cron_targeting_auditr r r r r rrrrrrrrrrrrr<r=r>fixturer r+rJrOrVrYr\r^rarcrergrkrwr|rrrrrrrrrrrrrrr!rrsa6#  h'')0077>>~#(("HHOOC'(3~&' 2 #>33 _PB*2)@)@*" O&*$ )&P.2*0,@48< ' ' $B& ,6 1$90 $" r!