# task-2652 — AXIS_3_PHASE_0_AUDIT_PRETOOLUSE_RUNTIME_GUARD

- Level: Lv.4 (Phase 0 audit only · live activation 아님)
- 담당: 회장 결정 dev6 페룬 우선 / dev5 마르둑 대안 (★ dev3 다그다·dev4 비슈누 직전 피로도 제외 · dev1·dev2 제외)
- base: origin/main 최신 + Axis 2 canonical hardening 완료 상태 보존
- 단일소스 spec: 본 task md
- chair_authorization_id: **`CHAIR-AUTH-AXIS-3-PHASE0-20260524-JJONGS-PRETOOLUSE-AUDIT-001`** (★ 회장 verbatim · marker `memory/events/chair-authorization-axis-3-phase0-audit-260524.json`)

## 목표 (회장 verbatim)
task-2643 PreToolUse runtime guard를 live에 연결하기 전, 실제 산출물·경로·위험·smoke 설계 확인. **audit/spec 확정 단계 · live activation 절대 금지**.

## 필수 확인 10 (회장 verbatim 1:1)
1. task-2643 task md 확인
2. PR #146 head 33c51992 산출물 확인
3. 실제 PreToolUse hook 파일 목록 확인
4. 실제 runtime guard utils 목록 확인
5. canonical live path 적용 가능성 확인
6. Axis 1/2 hook 및 utils와 import 충돌 여부 확인
7. forbidden path list 확정안 작성
8. destructive command list 확정안 작성
9. SP1-SP7 smoke 설계 확정
10. rollback trigger L1/L2 확정

## 금지 13 (회장 verbatim)
1. live settings.json 수정
2. live cokacdir 수정
3. hook live 등록
4. Axis 1 helper 변경 (utils/callback_registration.py / callback_authority_validator.py / callback_source_cross_checker.py)
5. Axis 2 hooks/utils 변경 (hooks 3 _v2 + utils 4종 v2 canonical · read-only)
6. dispatch.py 변경
7. commit / push / PR / merge
8. real auto-merge
9. PR #141 pilot
10. BOT App token 사용
11. HARNESS_ENFORCED 선언
12. callback system verified 전체 선언
13. Axis 3 live activation 실행

## expected_files (~8 file · 모두 audit 문서 · 코드 변경 0)
- memory/specs/axis_3_phase_0_audit_report_260524.md (실 산출물 분석)
- memory/specs/axis_3_forbidden_paths_finalized_260524.md (확정안)
- memory/specs/axis_3_destructive_commands_finalized_260524.md (확정안)
- memory/specs/axis_3_smoke_set_SP1_SP7_finalized_260524.md (smoke 설계)
- memory/specs/axis_3_rollback_plan_finalized_260524.md (L1/L2)
- memory/specs/axis_3_axis_1_2_import_collision_analysis_260524.md (충돌 분석)
- memory/events/task-2652.done
- memory/events/task-2652.axis-3-phase-0-audit-result-260524.json (9 mandatory fields)
- memory/reports/task-2652.md

## finalize 프로토콜 (★ commit 금지 · audit 문서만)
1. 별도 worktree task-2652-dev6 (★ task-2651 lifecycle WARN 교훈: start_task_guard 차단 가능성 검토 · audit-only는 read-only라 영향 최소)
2. 필수 확인 10 audit 진행 (모두 read-only 분석)
3. 산출물 9 audit 문서 작성 (memory/specs/ + memory/reports/)
4. **commit / push / PR / merge 모두 0** (★ 회장 verbatim)
5. result marker `memory/events/task-2652.axis-3-phase-0-audit-result-260524.json` 박제 (9 mandatory fields)
6. .done 생성
7. ANU normal callback cron (helper 사용 · ANU key · 4 source · 8 실제값)

## 회장 보고 형식 (verbatim 1)
- 완료: **`AXIS_3_PHASE0_AUDIT_READY_FOR_SIGNATURE`**

## 보고 필수 9 fields (회장 verbatim)
- task-2643 / PR #146 / head 33c51992 검증 결과
- staged 파일 목록
- live target 후보 목록
- forbidden path 최종 후보
- destructive command 최종 후보
- Axis 1/2 충돌 여부
- SP1-SP7 smoke 설계
- rollback plan
- forbidden_action_count

## frozen anchor
- ANCHOR-1: "chair_authorization_id = CHAIR-AUTH-AXIS-3-PHASE0-20260524-JJONGS-PRETOOLUSE-AUDIT-001 verbatim 그대로 · ANU random 0 · Axis 1/2/2-HARDEN 재사용 0"
- ANCHOR-2: "Phase 0 audit ONLY · live activation 절대 금지 · 별도 chair signature 필요"
- ANCHOR-3: "필수 확인 10 모두 audit 문서로 박제"
- ANCHOR-4: "commit / push / PR / merge 모두 0"
- ANCHOR-5: "Axis 1 helper / Axis 2 hooks·utils / dispatch.py 변경 0"
- ANCHOR-6: "HARNESS_ENFORCED / callback system verified 선언 금지"
- ANCHOR-7: "audit/spec 결과는 회장 signature 후 별도 Axis 3 live activation task에서 활용"

## allowed_resources (본 task의 capability)

```yaml
allowed_resources:
  paths:
    - "memory/specs/axis_3_phase_0_audit_report_260524.md"
    - "memory/specs/axis_3_forbidden_paths_finalized_260524.md"
    - "memory/specs/axis_3_destructive_commands_finalized_260524.md"
    - "memory/specs/axis_3_smoke_set_SP1_SP7_finalized_260524.md"
    - "memory/specs/axis_3_rollback_plan_finalized_260524.md"
    - "memory/specs/axis_3_axis_1_2_import_collision_analysis_260524.md"
    - "memory/tasks/task-2652.md"
    - "memory/reports/task-2652.md"
    - "memory/events/task-2652.done"
    - "memory/events/task-2652.axis-3-phase-0-audit-result-260524.json"
    - "INDEX.md"
  forbidden_paths:
    - "/home/jay/.claude/settings.json"
    - "/home/jay/.claude/settings.local.json"
    - "/home/jay/.claude/hooks/**"
    - "/usr/local/bin/cokacdir"
    - ".github/**"
    - "utils/callback_registration.py"
    - "utils/callback_authority_validator.py"
    - "utils/callback_source_cross_checker.py"
    - "utils/callback_collector_helper_integration.py"
    - "utils/callback_adjudicator_v2.py"
    - "utils/callback_next_action_runner_v2.py"
    - "utils/source_attribution_guard_v2.py"
    - "hooks/**"
    - "schemas/**"
    - "dispatch.py"
    - "scripts/finish-task.sh"
    - "utils/replacement_pr_runner.py"
    - "memory/tasks/task-2644*"
    - "memory/tasks/task-2645*"
    - "memory/tasks/task-2646*"
    - "memory/tasks/task-2647*"
    - "memory/tasks/task-2648*"
    - "memory/tasks/task-2649*"
    - "memory/tasks/task-2650*"
    - "memory/tasks/task-2651*"
    - "memory/tasks/task-2641*"
    - "memory/tasks/task-2642*"
    - "memory/system/.callback_ledger.jsonl"
    - "memory/system/.callback_dedupe_table.jsonl"
    - "**/.env*"
    - "**/credentials*"
  commands:
    - "git status"
    - "git diff"
    - "git log"
    - "git show"
    - "git branch"
    - "git worktree"
    - "git checkout"
    - "sha256sum"
    - "wc"
    - "printf"
    - "ls"
    - "grep"
    - "find"
    - "cat"
    - "python3 -m py_compile"
    - "python3 -m json.tool"
    - "gh pr view"
    - "gh pr diff"
    - "cokacdir --cron"
    - "cokacdir --cron-history"
    - "cokacdir --cron-list"
  merge_policy: "audit_only_no_commit"
  ttl_hours: 72
```

끝