{
  "id": "ENVELOPE_PROMPT_RAW_KEY_HYGIENE_HARDENING_PACKET_V2PLUS_READY",
  "state": "CONTROLLED_REAL_WAKE_CANARY_PILOT_HOLD_PRODUCTION_BLOCKING_RAW_KEY_HYGIENE",
  "ts_kst": "2026-06-09 02:20 KST",
  "base": "origin/main a311bd69",
  "chair_reinforcement": "response key-echo 0 을 prompt 지시문만으로 보장 금지 — spawned ANU autonomous → 별도 안전장치(filter + post-audit grep gate) 의무, 2중 방어, raw key in response → PASS 금지+HOLD",
  "readonly_finding_filter_layer": {
    "cokacdir_binary": "/usr/local/bin/cokacdir = stripped ELF, file-patch 불가 → cokacdir-write 계층 저장 전 filter 구현 불가",
    "cokacdir_redaction_setting": "없음",
    "launcher_no_capture": "launcher capture_output 안 함(우리 코드 response 미수집, cokacdir 가 capture)",
    "reusable_utils": ["utils/redact.py", "utils/sanitize_gate.py"],
    "session_hook_controllable": "spawned=Claude Code 세션 → PreToolUse hook 으로 통제 가능",
    "conclusion": "진정한 cokacdir-write pre-filter 불가. 통제 가능 = Layer1(input key 0 + 세션 hook deny + redact 유틸, best-effort) + Layer2(post-audit grep gate, authoritative)"
  },
  "two_layer_defense": {
    "layer1_pre_emission_best_effort": "(a) input prompt raw key/fp/derived 0(echo 원천 제거) (b) canary 세션 PreToolUse hook: .env.keys/COKACDIR_KEY_*/key패턴 deny (c) our-captured 경로 utils/redact.py",
    "layer1_not_guarantee": "autonomous agent 라 보장 아님 → Layer2 authoritative",
    "layer2_post_audit_grep_gate": "canary 후 즉시 grep schedule_history(prompt+response)+system_prompt+cron-history raw key/fp/derived → 0 PASS / ≥1 FAIL",
    "fail_action": "response(또는 prompt/system_prompt) raw key 1건이라도 → canary PASS 금지 + HOLD_FOR_CHAIR + 결과 폐기 + 추가 spawn 0",
    "orthogonal": "Layer1(입력원천차단) ⊥ Layer2(출력사후검증) — Layer1 실패해도 Layer2 독립 검출"
  },
  "owner_proof_unaffected": "owner proof = cron-history --key 실조회(schedule ownership API) — response 텍스트 content 무관 → redaction/audit/폐기 영향 0",
  "scan_once_path_preserved": "YES (lock #3)",
  "untouched": "legacy 140 / ACTIVE=false / systemd / activation_epoch / task-2716 / callback prereg Phase B",
  "packet_doc": "memory/plans/p0b-pickup/envelope_prompt_raw_key_hygiene_hardening_packet_v2plus_260609.md",
  "scope_clarification": "forward pickup-envelope prompt 정화 + response 2중 방어(다축 — 1함수 단정 회피). cokacdir 바이너리 redaction = 통제 밖(명시만). 기존 515+45 잔존 = OPERATIONAL_LOG_KEY_LITERAL_HYGIENE_BACKLOG(자동삭제·증거훼손 금지, 별도 task)",
  "verification": "regression(prompt 0 key/fp/derived + owner proof 무손상 + grep gate 단위 + 세션 hook deny 단위) + grep(dry-run 0) + dry-run(real spawn 0)",
  "re_canary_conditions": "PR merged + dry-run prompt 0 + owner proof PASS + grep gate/hook regression PASS + 재-preflight(schedule_history prompt+response+system_prompt+cron-history 0, 1건 검출 시 HOLD) → 회장 재승인",
  "state_preserved": "real spawn 0 / cron 발사 0 / scan_once 0 / canonical write 0 / temp root 0 / production patch 0 / commit 0 / PR 0. pickup chain IMPLEMENTED/VERIFIED/WIRED candidate/ACTIVE=false 유지.",
  "forbidden_now": ["production patch", "commit", "PR", "real wake", "cron spawn", "systemd 변경", "ACTIVE=true", "activation_epoch 생성"],
  "report_scope": "hardening packet v2+ 까지만 (회장 verbatim)",
  "verdict": "ENVELOPE_PROMPT_RAW_KEY_HYGIENE_HARDENING_PACKET_V2PLUS_READY (구현 0, 회장 승인 대기)"
}