jLrdZddlmZddlmZmZmZddlmZmZm Z m Z m Z ddl m Z mZmZddlmZddlmZmZddlmZmZdd lmZdd lmZmZmZmZmZm Z dd l!m"Z"m#Z#d Z$d Z%dZ&dZ'dZ(dZ)dZ*dZ+dZ,dZ-dZ.dZ/dZ0dZ1dZ2dZ3e4e%e&e'e(e)e*e+e,e-e.e/e0h Z5dZ6dZ7e4ddhZ8d Z9d0d!Z:d1d"Z;d2d#Zd5d(Z?d6d)Z@e d$d$d$d*d$d$d+ d7d,ZAd$d$d$d$d*d$d$d- d8d.ZBgd/ZCy$)9u+utils.real_merge_hooks — dryrun→real switch + real_merge_execute() 순수함수. task-2637 — real merge executor wiring 코드화 (activation false default · 실제 merge 실행 0). Spec: memory/specs/system_real_merge_executor_wiring_spec_260523.md §5 + §1 sha256: bcaf654e981a43083af50879164021c918eeac9753cad3b3ad146209a1a62765 회장 verbatim (회장 10결정 #8): dryrun→real switch 위치 = 신규 real_merge_hooks 모듈 finalize_hooks 직접 확장 최소화 회장 verbatim (회장 10결정 #1): activation = env var + chair_authorization JSON 둘 다 필요. 둘 중 하나라도 없으면 NO_OP_NO_AUTHORIZATION. 회장 verbatim (회장 10결정 #4): post-merge smoke 실패 시 자동 rollback 금지. 보고 only. 회장 verbatim (회장 10결정 #6): artifact 위치 = memory/events/real_merge/// ANCHOR-3 (task md): "non-admin merge 만 허용 · admin override 코드 경로 0 · gh pr merge 실호출 0 (subprocess injection mock)" ANCHOR-6 (task md): "forbidden paths 11+종 정적 가드 (replacement_pr_runner/ finish-task.sh/merge_ready_classifier/merge_ready_dryrun_executor/ callback_envelope_schema/anu_callback_registrar/canonical_root_resolver/ anu_collector_action_trigger/dispatch_finalize_hooks/.tasks/tests/fixtures/ tests/regression)" ) annotations)datetime timedeltatimezone)AnyCallableDictListOptional)ACTIVATION_FLAG_DEFAULTassert_default_offresolve_activation_flag)validate_chair_authorization) GATE_STALEvalidate_gate_snapshot)ACTION_WOULD_MERGESCHEMA_AUTO_MERGE_CANDIDATE)PASS)EXECUTION_RESULT_SCHEMAMERGE_DECISION_SCHEMAartifact_already_presentwrite_merge_decisionwrite_merge_execution_resultwrite_pre_merge_gate_snapshot)ALLOW_REASON_SNAPSHOT_CROSSREFvalidate_snapshot_crossrefzutils.real_merge_hooks.v2NO_OP_FLAG_DISABLEDNO_OP_NO_AUTHORIZATIONNO_OP_NOT_PASSNO_OP_DRYRUN_MISMATCHNO_OP_GATE_FAILNO_OP_STALE_SNAPSHOTNO_OP_DUPLICATENO_OP_FORBIDDEN_PATHNO_OP_AUTH_MISMATCH%CHAIR_REQUIRED_PRODUCTION_IN_SNAPSHOT*CHAIR_REQUIRED_BLOCKING_SECRET_IN_SNAPSHOT&CHAIR_REQUIRED_ADMIN_OVERRIDE_REQUIREDREAL_MERGE_DONEREAL_MERGE_FAILEDPOST_MERGE_SMOKE_FAILED) zutils/replacement_pr_runner.pyzscripts/finish-task.shzutils/merge_ready_classifier.pyz$utils/merge_ready_dryrun_executor.pyz!utils/callback_envelope_schema.pyzutils/anu_callback_registrar.pyz utils/canonical_root_resolver.pyz%utils/anu_collector_action_trigger.pyzdispatch/finalize_hooks.pyzdispatch/__init__.py)z.tasks/ztests/fixtures/ztests/regression/z--adminz--force<c|dgS|sgSg}|D]\}t|ts|tvr|j|.tD]&}|j |s|j|\^|S)zReturn the subset of changed_files that hit the forbidden list. Used by real_merge_execute before any other check so a contaminated PR short-circuits to NO_OP_FORBIDDEN_PATH (+ CHAIR_REPORT) without ever reaching the gate snapshot stage. __INPUT_NONE_FAIL_CLOSED__) isinstancestrFORBIDDEN_PATHSappendFORBIDDEN_DIR_PREFIXES startswith) changed_fileshitspathprefixs -/home/jay/workspace/utils/real_merge_hooks.pydetect_forbidden_pathsr:s,--  D $$  ? " KK  , Fv& D!   Kctjtjj tt dj dS)N )hoursz%Y-%m-%dT%H:%M:%S+09:00)rnowrutc astimezonerstrftimer;r9_now_kstrDs6 X\\" HYQ/0 1 + ,r;cVt|tr|ni}|jd} | t|nd}|jdd}t|t r|nd}|||jdd|jdd|jdddS#tt f$rd}YqwxYw) Nprrhead_shatask_idbranchbase_sha)rFrGrIrJrK)r/dictgetint TypeError ValueErrorr0) pr_identitypiraw_prsafe_prraw_head safe_heads r9_identity_or_defaultrWs";52B VVD\F!'!3#f+vvj"%H&x52I66)R(&&2&FF:r*   z "sBB('B(N) allow_reasonsnapshot_crossrefc t||xs t||xsd|xsdt|t||t|| | d } | S)uzBuild a merge_decision payload (schema v2). task-2639 (spec §5): v1 → v2 bump. ``allow_reason`` + ``snapshot_crossref`` 필드 추가. 기존 callers 는 두 필드를 명시하지 않으면 ``None`` 기본값으로 누락 (json 직렬화 시 ``null``) — v1 fixture 와 차이는 두 추가 필드뿐이며 legacy 검증 키는 그대로 유지된다. rH) schemaactually_executedts_kstrQ verdict_inputdryrun_action_inputactivation_flagchair_authorization_present result_enumreasonsrXrY)rrDboollist) rQrbr`ra dryrun_actionverdictrcr]r\rXrYpayloads r9_build_decisionrisU,(.&HJ" B,20'+,G'H"=$.G Nr;cr|sy|jd}|jd}||syt||||S)NrFrG)rMr)rQdecisioncanonical_rootwrite_artifactsrFrGs r9_persist_decisionrnsA   Bz*H z Hh GGr;c>|Dcgc] }|tvs |c}Scc}w)uReturn any forbidden CLI tokens observed in argv. The injected subprocess_runner must receive argv composed by this module only — so the static guard is over our composition, not the runner. )_FORBIDDEN_CLI_TOKENS)argvtoks r9_validate_runner_no_adminrss  @C3*?#?C @@ @s c6dddtt|ddgS)uCompose the ONLY allowed gh pr merge argv (non-admin, no force). Returns the argv but does NOT execute it. Callers MUST pass it through an injected subprocess_runner; the default runner is None which means "do not call subprocess at all" — the regression contract. ghrFmergez--mergez--delete-branch=false)r0rN)rFs r9_compose_merge_argvrws% dGSR\ r;T)r`subprocess_runnerrlr5rmr]clockcJtt|} | d}| d}t|tr|j dnd}t|tr|j dnd}t | || t tt t}|W|dr|dsMt| tt|d ||d |dd |dg| d d| }t| ||| }t||ddd gdS|dd}|dd}|r\t| tt|t|du|||Dcgc]}d| c}| d d| }t| ||| }t||ddd gdS|dr|drVt| tt|d ||ddj|dzg| d d| }t| ||| }t||ddd gdS|drVt| t t|d ||ddj|dzg| d d| }t| ||| }t ||ddd gdS|rt"nd}t|sCt| t$d t|du||dg| d || }t| ||| }t$||ddd gdSt'|| | \}}}|s[t| t(d t|du|||Dcgc] }d|d| c}xs|g| d || }t| ||| }t(||ddd gdS|t*k7r }+t| ||| },d}-| rtO|||+|}-tD||,|-|+|'d gd5S ||(tP}.t[|.dDdE}0t[|.dFd<xsd<}1t[|.dGd<xsd<}2d@j|(t]|0| xs tM|1dHd|2dHddI}3|*j_|3|0d*k7rd |d8<tT|d9<|d:dJ|0dK|2jaddLgz|d:<t| ||| },tJ| xs tM| tTdcritical7_hitsforbidden_pathblocking_secretpost_merge_smokedep_cycle_or_serialreplacement_pr_failexpected_files_exactrrrnet_new_identifier_exposure)rNrrrrr)FFAILrzgate_snapshot )rbrkrrr snapshot_pathrrzCmerge_execution_result.json already present for this (pr, head_sha)z>all gates pass + chair_authorization OK + activation_flag=Truer\rbrcz-INTERNAL: admin-override token leak in argv: rHu@subprocess_runner=None — inert pass path (no gh pr merge call)) r[r]rQrbmerge_commit_shamergedAtmergedBy non_adminadmin_override_usedr post_smoke_okcallback_handoff_event_idnotezsubprocess raised:  )cmdexitts) r[r]rQrbrrrrrrrrerror returncodestdoutstderri8)rrr stdout_tail stderr_tailzsubprocess exit=z stderr=) r[r]rQrbrrrrrrrrrrr)1r rWr/rLrMrrer1r3rir%rdrnr$r&joinr'rrrrrrrr rrrr"r!r(rrr#r)rwrsrrDr_SUBPROCESS_TIMEOUT_SECONDS Exceptionr*type__name__getattrrNr2strip)4merge_ready_resultrQ gate_snapshotdryrun_artifactcallback_envelopechair_authorizationr`rxrlr5rmr]rypidrFrGrgrfcrossrefrkr7rrprXauth_ok auth_code auth_reasonsrgate_ok gate_code gate_reasonsrbadmin_override_hitgate chair_report snap_gates_C7_GATE_NAMESrrrqleaksrr decision_pathexecution_pathprocexcrcrr invocations4 r9real_merge_executers > { +C TB:H3=>PRV3W $$Y/]aG2<_d2S-.Y]* _-#$:; H&+!6" + 1(,'$Z01Xk=RU($GY  .7:.E*? # mT *%))'26<" tT*(,EETXXg./)-&  ? *"+,@K *4]D*IM  g &r    j$ '" (!$-xx'~-44dhhw>O9P#'L..HHW%*xx =>iO#'L338IU8R#'L--488G3D3Ia2O#'L--488G3D3Ia2O#'L22tDHHW9Hm^M' #'%) $*%1&(   Hn=" ' (,'Z[#%&  !h~_no* #'%) $%*&(  M:mT:5b(MSab  #$(#QR!" H r "D %d +E (-$%"1&y1;E7 C5  !h~_no* #'%) $*%)&(  46 .* * "#(&(!)+V *#xhwx  9"hHXZhiN* #0%3 0*%*&(  &  'BCN |Q 'B T8R ( .BF T8R ( .BFxx~B" de}de} J!!*- Qw(-$%"3&y1rd(6<<>$3+?*@ A5  *#xhwx -* , "#(&<!)+   9"hHXZhiN, #0%3 0*%)&<  &c8NdstM)&HJ&#D*rs=<#2266 *6 ,1!/#-#-+(O%-Y*)Q&#'3).*   $ "9i"89!8<#'26$$$ $ "& $ ! $$$ $$ $0$$N H H H" H  H  H A ,4CG$()-  E 0E E E  E   E   E E AE "E 'E E  E  E E `'+CG$()- ;?&%&#& & &  &  &$&A&"&'&&9& &&T r;