jZUdZddlmZddlZddlZddlZddlZddlZddlm Z ddl m Z dZ dZ dZdgZd ed <de d  d!d Zddd  d"dZddd  d#dZddd  d#dZddd$dZddd%dZdd d&dZ d'dd d(dZdZdZehdZd)d*dZdd d+dZd,dZdd d+dZ dddddd d-d Z!y).uZSilent corruption guard for task done preconditions. task-2472 보강: 기존 3 check에 3개 추가 → 총 6 check. 기존 3 check: 1. ``check_pr_merged_at`` — ``gh pr view --json mergedAt`` not null. 2. ``check_pr_merge_commit_oid`` — ``gh pr view --json mergeCommit`` oid not null. 3. ``check_origin_main_ancestry`` — race-safe fetch + 2회 교차 검증. task-2472 신규 3 check: 4. ``check_done_escalated_coexistence`` — .done + .done.escalated 동시 존재 차단. 5. ``check_escalated_payload`` — .done.escalated 0-byte/비-JSON fail-closed. 6. ``check_state_file_present`` — .tasks/state/{task_id}.json 존재 + checksum 검증. 각 함수는 ``GuardResult-like`` dict 를 반환 한다:: {"ok": bool, "reason": str, "detail": dict} 외부 호출 (subprocess, gh, git) 실패 시 항상 fail-closed (``ok=False``). ) annotationsN)Path)Optionalg?gh list[str]DEFAULT_GH_CMDcwdtimeoutc , tj||r t|nddd|dd}|j|j|j fS#tj ttf$r'}ddt|jd|fcYd}~Sd}~wwxYw)zRun subprocess with shell=False, capture_output, timeout. Returns ``(returncode, stdout, stderr)``. On any exception returns ``(-1, "", str(exc))`` so callers can fail-closed without try/except noise. NTF)r capture_outputtextr shellcheckz: ) subprocessrunstr returncodestdoutstderrTimeoutExpiredFileNotFoundErrorOSErrortype__name__)cmdr r procexcs 4/home/jay/workspace/utils/silent_corruption_guard.py_runr#(s 6~~ CT  T[[88  % %'8' B62$s),,-Ru5556sA AB,BBBgh_cmdr cr|r t|ntt}|ddt|d|ddgz}t||t\}}} |dk7rdd | j xsd |fS t j|} || vrdd d |fSd | |dfS#t j$r} dd d | fcYd } ~ Sd } ~ wwxYw)zRun ``gh pr view --repo --json mergedAt,mergeCommit -q ''``. Returns ``(ok, value, raw_stderr_or_msg)``. ``value`` is whatever JSON the ``-q`` selector emits (string for mergedAt, object/None for mergeCommit). prviewz--repoz--jsonzmergedAt,mergeCommitr rFNz gh exited rc=zgh JSON decode failed: zmissing field Tr) listr rr#_GH_TIMEOUT_SECstripjsonloadsJSONDecodeError) pr_numberrepofieldr%r baserrcrrpayloadr!s r"_gh_view_fieldr5Bs"4r?rDs r"check_pr_merge_commit_oidrIs$4v3NBs +C51$-tmT  eT "6$-tER  ))E C jc*/$-tER  + )4SQ rAr cd|d|}tdddd|g|t\}}}|dk7rd |jxsd |fSy ) zM``git fetch origin --no-tags +refs/heads/:refs/remotes/origin/``.z +refs/heads/z:refs/remotes/origin/gitfetchoriginz --no-tagsr rFz git fetch rc=)Trr#_GIT_TIMEOUT_SECr+) base_branchr refspecr3_rs r"_git_fetch_baserTsb[M)>{mLG ;8  MB6  Qwflln<-t(<<< rActtdddd|g|t\}}}|dk7ry|j}|xsdS)z)``git rev-parse --verify origin/``.rLz rev-parsez--verifyrefs/remotes/origin/r rNrO)rQr r3rrSshas r"_git_rev_parse_remoterXsM  Z+? })MN  MB  Qw ,,.C ;$rAcHtddd|d|g|t\}}}|dk(S)NrLz merge-basez --is-ancestorrVr r)r#rP)rErQr r3rSs r"_git_is_ancestorrZsB    ";- 0     HB1 7NrAmainc  t|tr|js dd||ddSt||\}}|s dd|||ddSt ||}|s dd||ddSt j tt ||}|s dd||ddS||k7rXt||t ||}t j tt ||}|r|r||k7r dd ||||||d dS|}t|||s dd |||d dSd d|||d dS)uRace-safe ancestry verification (fetch + 2회 교차 검증). Sequence -------- 1. ``git fetch origin --no-tags +refs/heads/:refs/remotes/origin/`` 2. 1차 ``git rev-parse origin/`` -> ``sha_a`` 3. ``time.sleep(0.5)`` 4. 2차 ``git rev-parse origin/`` -> ``sha_b`` 5. ``sha_a == sha_b`` -> ``git merge-base --is-ancestor`` 통과 검증 그렇지 않으면 1회 fetch+재조회 후 그래도 불일치면 fail-closed. Fzmerge_commit_sha empty)rErQr:rJzgit fetch failed: z$rev-parse origin/ failed (1st)z$rev-parse origin/ failed (2nd)z;origin/ SHA unstable across 2 fetches (race detected))rErQsha_asha_bsha_csha_dz*merge_commit not ancestor of origin/)rErQ origin_shaTzancestry verified) rFrr+rTrXtimesleep_FETCH_RETRY_SLEEP_SECrZ) rErQr fetchedr?r]r^r_r`s r"check_origin_main_ancestryrfs" & ,4D4J4J4L.+;KX  #;C8LGS *3%0+;KX  "+3 7E <+;KX   JJ%& !+3 7E <+;KX   ~ -%ks; )*%ks;EUe^W(8#.""""    ,ks CB$4*#  % 0&  rAz memory/eventsz .tasks/state>tsr<sourcetask_id evidence_pathblocking_conditionc\|xs)ttjjddS)uworkspace root Path 반환.WORKSPACE_ROOTz/home/jay/workspace)rosenvironrH workspaces r"_workspace_root_pathrrHs#  URZZ^^,<>STUUrArpct|}|tz }||dz }||dz }|j}|j}||t|t|d}|r |r dd||dSdd|dS) u=.done + .done.escalated 동시 존재 시 fail. task-2472 추가 11: DONE 인정 금지 조건. 두 마커가 동시 존재하면 silent corruption 가능성 → fail-closed. Returns ------- dict {"ok": bool, "reason": str, "detail": {"done_exists": bool, "escalated_exists": bool}} z.done.done.escalated) done_existsescalated_exists done_pathescalated_pathFua.done + .done.escalated 동시 존재 → DONE 인정 불가 (silent corruption 의심). task_id=r:Tu7.done + .done.escalated 동시 존재 없음 — 정상)rr_EVENTS_DIR_RELexistsr) rirq work_root events_dirrwrxrurvr=s r" check_done_escalated_coexistencer}Ms%Y/I_,Jy..IWI_"==N""$K%,,.#,^n- F'")%   K rAc8ddgd}|js dd||dS |jj}||d<|dk(r dd ||dS |j d }t j |}d |d <ttt|jz }||d<|r dd||dSd d|dS#t$r}dd||dcYd}~Sd}~wwxYw#t j$r}dd||dcYd}~Sd}~wt$r}dd||dcYd}~Sd}~wwxYw)uf.done.escalated 파일이 0-byte이거나 비-JSON이면 fail-closed. task-2472 추가 10: 0-byte escalation marker 차단. 필수 JSON 필드: reason, ts, task_id, source, blocking_condition, evidence_path Returns ------- dict {"ok": bool, "reason": str, "detail": {"size": N, "json_valid": bool, "missing_fields": [...]}} rF)size json_validmissing_fieldsu.done.escalated 파일 없음: r:u stat 실패: NruO.done.escalated 파일이 0-byte → fail-closed (raw shell emit 의심). path=utf-8encodingTru*.done.escalated 비-JSON → fail-closed: u.done.escalated 읽기 실패: ru&.done.escalated 필수 필드 누락: uD.done.escalated payload 검증 통과 (JSON valid, 필수 필드 OK)) rzstatst_size Exception read_textr,r-r.sorted_ESCALATED_REQUIRED_FIELDSsetkeys)rxr=rr!contentr4missings r"check_escalated_payloadr}sUbIF  "77GH   ""$,,F6N qyghvgwx    **G*<**W%#|/#glln2EEFG&F >wiH  X Y  %cU+   (    B3%H   7u=   sMB:,C: CC CCD,C:4D: DDDDcft|}|tz |dz }t|ddddd}|js dd|d|dSd|d< |j d }t j |}d|d <|jd}|sdd|dSd|d<|jD cic]\} } | dk7s | | } } } tjt j| ddjd j} | |k7r|d ddz|d<| d ddz|d<dd|dSd|d<|tz d|z } | jrt| |d<dd| d|dSdd|dS#t j$r}dd ||dcYd }~Sd }~wt$r}dd||dcYd }~Sd }~wwxYwcc} } w)u.tasks/state/{task_id}.json 존재 + JSON parse + _checksum field 검증. task-2472 추가 12: state file missing 상태에서 done/merge 차단. Returns ------- dict {"ok": bool, "reason": str, "detail": {...}} z.jsonF) state_pathrzrchecksum_presentchecksum_matchustate 파일 없음: u$ → done/merge 차단 (fail-closed)r:Trzrrru!state 파일 JSON 파싱 실패: Nustate 파일 읽기 실패: _checksumuKstate 파일 _checksum 필드 없음 → 수동 편집 의심 (fail-closed)r) sort_keys ensure_asciiz...stored_checksumcomputed_checksumuystate 파일 checksum mismatch → 수동 편집 감지 (fail-closed). taskctl state repair 명령으로만 복구 가능rz.verify-pending-verify_pending_markerudstate repair 후 verify_consistency 미실행 → done/merge 차단 (.verify-pending 마커 잔존: )uQstate 파일 존재 + JSON valid + checksum 일치 + verify-pending 마커 없음)rr_STATE_DIR_RELrrzrr,r-r.rrHitemshashlibsha256dumpsencode hexdigest)rirqr{rr=rstater!rkvcleancomputedrs r"check_state_file_presentrsa%Y/I^+ .??J*o! F    -j\9]^  F8 &&&8 7##|ii ,O c  "&F $kkm @daqK/?QT @E @~~ 5Du=DDWMik ?"$3CR$85$@ !&.sme&;"#E    $F &6;KG99UU##%*-.C*D&'33H2IL   e s    9#?   4SE:   $ As< ,E*) F-7F-*F*=F F* F*F%F*%F*)rirQr%r rqc i}t||||}||d<|dsdd|dd|||ddSt||||} | |d <| dsdd | dd |||ddS| d d } |d d } t| ||} | |d<| dsdd| dd||| | ||ddS|rt||} | |d<| dsdd| dd||||ddSt |}|t z |dz }|j r't|}||d<|dsdd|dd||||ddSddid|d<t||}||d<|dsdd|dd||||ddSdd| | |||||ddSdd| | ||||d dS)!u6 check 통합 (task-2472 보강: 기존 3 → 6). 하나라도 FAIL 시 ``ok=False``. 기존 3 check (순서 유지): 1. merged_at 2. merge_commit_oid 3. ancestry task-2472 신규 3 check (task_id 필요): 4. done_escalated_coexistence 5. escalated_payload (escalated 존재 시에만) 6. state_file_present Backward-compatible: task_id=None 시 신규 3 check 생략 (기존 동작 유지). Returns ------- dict ``{"ok": bool, "reason": str, "detail": {...}}``. 성공 시 ``detail`` 은 ``merge_commit_sha``, ``merged_at``, ``checks`` 키를 포함. 실패 시 어느 check 가 실패 했는지 ``detail["failed_check"]`` 에 명시. r$ merged_atr;Fzmerged_at check failed: r<) failed_checkr/r0checksr:merge_commit_oidzmerge_commit_oid check failed: r=rEr7)rQr ancestryzancestry check failed: )rr/r0rErrQrrpdone_escalated_coexistencez)done_escalated_coexistence check failed: )rr/r0rirrtescalated_payloadz escalated_payload check failed: Tu7.done.escalated 파일 없음 — payload 검증 생략state_file_presentz!state_file_present check failed: u8all 6 silent_corruption checks passed (task-2472 보강))rErr/r0rQrirz%all 3 silent_corruption checks passed)rErr/r0rQr) r@rIrfr}rrryrzrr)r/r0rirQr%r rqrmerged_at_result oid_resultrErancestry_resultcoexistence_resultr{rxpayload_result state_results r"verify_done_preconditionsr,s@!F*)T&cR*F; D !01A(1K0LM +&   +9d6sSJ!+F  d 7 88L7MN 2&   "(+,>? *:6I1ksO)F: 4 /0I/JK *&$4&*   = y 0B+,!$'EFXYaFbEcd$@!* &$   )3 "_4'/7RR  "4^DN*8F& '!$' @PXAY@Z[(;%. $#*"(   S+F& '09M '3#$D!=l8>T=UV$8!* &$   P$4&&*"   9 0""&    rA)rrr Optional[Path]r intreturnztuple[int, str, str]) r/rr0rr1rr%Optional[list[str]]r rrztuple[bool, object, str]) r/rr0rr%rr rrrG)rQrr rrztuple[bool, str])rQrr rr Optional[str])rErrQrr rrbool)r[)rErrQrr rrrG)N)rqrrr)rirrqrrrG)rxrrrG)r/rr0rrirrQrr%rr rrqrrrG)"__doc__ __future__rrr,rnrrbpathlibrtypingrr*rPrdr __annotations__r#r5r@rIrTrXrZrfryr frozensetrrrr}rrrrAr"rs*#  !F " " 6 6 6 6  6>#' #$#$ #$ #$ #$  #$#$T#'       H#' %% % %  %  %P@D FJ GK(+5C &Z ZZZ  Z  ZD" 'P V!%- -- -`FX!%c cc cT""& $mm m m  m m mm mrA