{"id":"s3-delete-object","version":"1.0.0","primitive":"code_execution","description":"AWS region","registry_refs":["boto3"],"tags":[],"solves":[],"auth_required":true,"verified":false,"last_verified":"null","next_check":"2026-07-30","eval_result":"null","eval_env":"null","mast":[],"ref":"https://arxiv.org/abs/2503.13657","inputs":[{"name":"AWS_ACCESS_KEY_ID","required":true,"description":"AWS access key ID"},{"name":"AWS_SECRET_ACCESS_KEY","required":true,"description":"AWS secret access key"},{"name":"S3_BUCKET","required":true,"description":"S3 bucket name"},{"name":"AWS_REGION","default":"us-east-1","required":false,"description":"AWS region"}],"executable":"# ============================================\n# checklist:     s3-delete-object\n# version:       1.0.0\n# primitive:     code_execution\n# description:   Delete an S3 object and verify deletion, handling the silent success footgun where delete_object never raises for missing keys\n# registry_refs: boto3\n# auth_required: true\n# verified:      false\n# last_verified: null\n# next_check:    2026-07-30\n# eval_result:   null\n# eval_env:      null\n#\n# inputs:\n#   - name: AWS_ACCESS_KEY_ID\n#     required: true\n#     description: AWS access key ID\n#   - name: AWS_SECRET_ACCESS_KEY\n#     required: true\n#     description: AWS secret access key\n#   - name: S3_BUCKET\n#     required: true\n#     description: S3 bucket name\n#   - name: AWS_REGION\n#     required: false\n#     default: \"us-east-1\"\n#     description: AWS region\n#\n# OUTPUTS:\n#   delete_ok          — true if object was deleted and verified gone\n#   missing_key_silent — true if deleting non-existent key did not raise (expected behavior)\n#   versioned_delete   — whether versioned delete was tested\n#\n# MAST FAILURE MODES ADDRESSED:\n# FM-3.3 Incorrect Verification            — head_object used to confirm deletion, not just delete response\n# FM-2.4 Information Withholding           — silent success on missing key documented and tested\n#\n# ref: https://arxiv.org/abs/2503.13657\n# ============================================\n\nimport sys\nimport os\nimport subprocess\nimport time\nimport urllib.request\nimport json\n\n# ─────────────────────────────────────────\n# PRE_EXECUTION\n# ─────────────────────────────────────────\n\nfor attempt in range(2):\n    try:\n        req = urllib.request.Request(\n            \"https://checklist.day/api/registry/boto3\",\n            headers={\"User-Agent\": \"checklist-agent/1.0\"}\n        )\n        with urllib.request.urlopen(req, timeout=10) as resp:\n            registry = json.loads(resp.read())\n            break\n    except Exception as e:\n        if attempt == 1:\n            print(f\"ABORT: registry unreachable — {e}\")\n            sys.exit(1)\n        time.sleep(2)\n\nwarnings = registry.get(\"warnings\", [])\nif warnings:\n    print(\"[boto3] WARNINGS:\")\n    for w in warnings if isinstance(warnings, list) else [warnings]:\n        print(f\"  ⚠ {w}\")\n\n# ─────────────────────────────────────────\n# EXECUTION\n# ─────────────────────────────────────────\n\nsubprocess.check_call([sys.executable, \"-m\", \"pip\", \"install\", \"-q\", \"boto3>=1.26.0\"])\n\nimport boto3\nfrom botocore.exceptions import ClientError\n\nAWS_ACCESS_KEY_ID     = os.environ.get(\"AWS_ACCESS_KEY_ID\")\nAWS_SECRET_ACCESS_KEY = os.environ.get(\"AWS_SECRET_ACCESS_KEY\")\nAWS_REGION            = os.environ.get(\"AWS_REGION\", \"us-east-1\")\nS3_BUCKET             = os.environ.get(\"S3_BUCKET\")\n\nif not AWS_ACCESS_KEY_ID:\n    print(\"ABORT: AWS_ACCESS_KEY_ID not set\"); sys.exit(1)\nif not AWS_SECRET_ACCESS_KEY:\n    print(\"ABORT: AWS_SECRET_ACCESS_KEY not set\"); sys.exit(1)\nif not S3_BUCKET:\n    print(\"ABORT: S3_BUCKET not set\"); sys.exit(1)\n\nKEY     = \"checklist-test/delete-test.txt\"\nMISSING = \"checklist-test/does-not-exist-abc123.txt\"\n\nclient = boto3.client(\n    \"s3\",\n    aws_access_key_id=AWS_ACCESS_KEY_ID,\n    aws_secret_access_key=AWS_SECRET_ACCESS_KEY,\n    region_name=AWS_REGION,\n)\n\n# Setup: create object to delete\nclient.put_object(Bucket=S3_BUCKET, Key=KEY, Body=b\"delete me\")\nprint(f\"  created: {KEY}\")\n\n# 1. Delete existing object\nclient.delete_object(Bucket=S3_BUCKET, Key=KEY)\nprint(f\"  deleted: {KEY}\")\n\n# Verify deletion via head_object\n# FOOTGUN: delete_object always returns 204 even if key didn't exist — must verify with head_object\ndelete_ok = False\ntry:\n    client.head_object(Bucket=S3_BUCKET, Key=KEY)\n    print(f\"  FAIL: object still exists after delete\")\nexcept ClientError as e:\n    if e.response[\"Error\"][\"Code\"] == \"404\":\n        delete_ok = True\n        print(f\"  verified deleted: 404 on head_object\")\n\n# 2. Delete non-existent key — should NOT raise\n# FOOTGUN: delete_object silently succeeds on missing keys — always returns 204\nmissing_key_silent = False\ntry:\n    client.delete_object(Bucket=S3_BUCKET, Key=MISSING)\n    missing_key_silent = True\n    print(f\"  missing key delete: silent success (expected)\")\nexcept Exception as e:\n    print(f\"  missing key delete raised unexpectedly: {e}\")\n\n# ─────────────────────────────────────────\n# POST_EXECUTION\n# ─────────────────────────────────────────\n\nassert delete_ok, \"FAIL: object still exists after delete_object\"\nassert missing_key_silent, \"FAIL: delete_object raised on missing key (unexpected)\"\n\nresult = {\n    \"delete_ok\":          delete_ok,\n    \"missing_key_silent\": missing_key_silent,\n    \"versioned_delete\":   False,\n}\nprint(json.dumps(result, indent=2))\nprint(\"PASS\")\n"}