# task-2653 — AXIS_3_RESTRICTED_CANARY_LIVE_ACTIVATION

- Level: Lv.4 (Axis 3 restricted canary live activation · full rollout 아님)
- 담당: 회장 verbatim **dev5 마르둑** (★ dev6 대안 · dev1·2·3·4 excluded)
- base: origin/main 최신 + Axis 1 LIVE_VERIFIED + Axis 2 DEPENDENCY_HARDENED + Axis 3 Phase 0 audit READY
- 단일소스 spec: 본 task md
- chair_authorization_id: **`CHAIR-AUTH-AXIS-3-CANARY-20260524-JJONGS-RESTRICTED-001`** (★ 회장 verbatim 실제 문자열 · marker `memory/events/chair-authorization-axis-3-canary-restricted-260524.json`)

## 목표 (회장 verbatim)
PreToolUse runtime guard를 제한된 canary 범위에서만 활성화. dev5 신규 canary session 1개 한정 · 24h monitoring 후 회장 결정.

## canary 조건 10 (회장 verbatim 1:1)
1. ANU_CANARY_AXIS_3=true env var 있는 별도 dev5-canary-session 1개에서만 활성화
2. 기본 정책 AUDIT_ONLY
3. forbidden path + credential pattern 초기 WARN
4. BLOCK은 destructive 5종만 허용:
   - `rm -rf /`
   - `git push --force origin/main`
   - `git reset --hard <not_current>`
   - `git branch -D main`
   - `cokacdir --cron-remove`
5. tool call crash 시 tool 호출 허용 fail-safe 유지
6. false positive 1건 → rule AUDIT_ONLY 강등
7. false positive 3건 연속 → canary session 종료 + 회장 보고
8. false positive 5건 누적 → L1 rollback
9. latency target p95 ≤50ms · WARN >100ms · L1 rollback >500ms
10. Axis 1/2 interference 1건이라도 발생 → L1 rollback

## 금지 12 (회장 verbatim)
1. 회장 본 세션 적용
2. ANU collector 세션 적용
3. Axis 1/2 runtime 변경
4. dispatch.py 변경
5. live settings.json 승인된 Axis 3 canary hook 외 변경
6. live cokacdir 임의 변경
7. real auto-merge
8. PR #141 pilot
9. BOT App token 사용
10. commit/push/PR/merge (★ Axis 3 canary hook 적용 local commit은 본 chair_auth 범위 허용)
11. Axis 3 full rollout
12. BLOCK 정책 확대 / 24h monitoring 완료 전 정책 승격

## 필수 smoke SP1-SP7 (7/7 PASS 필수)
- SP1 normal noop PASS
- SP2 forbidden path WARN PASS
- SP3 credential pattern WARN PASS
- SP4 destructive 5종 BLOCK PASS
- SP5 Axis 1/2 hook 충돌 0 PASS
- SP6 dispatch 통과 PASS
- SP7 hook crash fail-safe PASS

## expected_files (~12 file)
- /home/jay/.claude/settings.json (★ Axis 3 canary PreToolUse hook 항목만 최소 추가)
- /home/jay/.claude/hooks/pre_tool_use_runtime_guard_canary.py (★ canary-only · session filter 강제)
- utils/runtime_guard_classifier.py (★ canonical live path · Axis 2 hardening 교훈 적용)
- utils/runtime_guard_policy_map.py
- memory/system/.axis_3_canary_false_positive_audit.jsonl (initial empty)
- memory/system/.axis_3_canary_latency_audit.jsonl (initial empty)
- memory/system/.axis_3_canary_interference_audit.jsonl (initial empty)
- memory/system/.axis_3_emergency_bypass_audit.jsonl (initial empty)
- memory/system/.axis_3_canary_hook_crash_audit.jsonl (initial empty)
- tests/integration/test_axis_3_restricted_canary.py (★ SP1-SP7 자동화)
- memory/events/task-2653.done
- memory/events/task-2653.axis-3-canary-result-260524.json (12 mandatory fields)
- memory/reports/task-2653.md

## finalize 프로토콜
1. base = origin/main 최신 clean · 별도 worktree task-2653-dev5
2. dev5-canary-session 1개 spawn (env var `ANU_CANARY_AXIS_3=true` 설정)
3. PreToolUse hook 파일 작성 (★ session filter: env var 없으면 즉시 noop · 회장 본 세션·ANU collector·dispatch 세션 자동 제외)
4. utils/runtime_guard_*.py canonical 작성 (★ Axis 2 hardening 교훈: PYTHONPATH 의존 0)
5. settings.json 최소 patch (PreToolUse 항목 추가 · 다른 항목 보존)
6. SP1-SP7 smoke 자동화 실행
7. 7/7 PASS 시 AXIS_3_RESTRICTED_CANARY_RUNNING 박제
8. false positive/interference/latency 임계 발동 시 즉시 L1 rollback
9. hook crash 발생 시 fail-safe 통해 tool 호출 허용 + crash log
10. result marker `memory/events/task-2653.axis-3-canary-result-260524.json` 박제 (12 mandatory fields)
11. ANU normal callback cron (helper 사용 · ANU key · 4 source · 8 실제값)

## 회장 보고 형식 (verbatim)
- 시작: **`AXIS_3_RESTRICTED_CANARY_ACTIVATION_ATTEMPTED`**
- 성공: **`AXIS_3_RESTRICTED_CANARY_RUNNING`**
- 실패 A: **`AXIS_3_CANARY_ROLLBACK_REQUIRED`**
- 실패 B: **`AXIS_3_CANARY_HOLD_FOR_CHAIR`**

## 보고 필수 12 fields (회장 verbatim)
- canary session id
- changed_files
- live settings.json diff 요약
- 적용된 policy map (AUDIT_ONLY / WARN / BLOCK 분류)
- SP1-SP7 결과
- latency p50/p95/p99
- false_positive_count
- interference_count
- bypass_activation_count
- hook_crash_count
- rollback_trigger 여부
- forbidden_action_count

## frozen anchor
- ANCHOR-1: "chair_authorization_id = CHAIR-AUTH-AXIS-3-CANARY-20260524-JJONGS-RESTRICTED-001 verbatim · ANU random 0 · prior axis ID 재사용 0"
- ANCHOR-2: "RESTRICTED_CANARY only · full rollout 절대 금지 · 24h monitoring 후 별도 chair signature"
- ANCHOR-3: "dev5 신규 canary-session 1개 한정 · 회장 본 세션 / ANU collector / dispatch / dev1·2·3·4 제외"
- ANCHOR-4: "AUDIT_ONLY 기본 · forbidden+credential WARN · BLOCK destructive 5종만"
- ANCHOR-5: "hook crash → tool 호출 허용 fail-safe (★ 봇 멈춤 절대 방지)"
- ANCHOR-6: "false positive 1건 강등 / 3건 연속 종료 / 5건 누적 L1 rollback"
- ANCHOR-7: "latency p95 >100ms WARN / >500ms L1 rollback"
- ANCHOR-8: "Axis 1/2 interference 1건이라도 L1 rollback"
- ANCHOR-9: "Axis 1 helper / Axis 2 hooks·utils / dispatch.py 변경 0"
- ANCHOR-10: "HARNESS_ENFORCED / callback system global verified 표현 금지"

## allowed_resources (본 task의 capability)

```yaml
allowed_resources:
  paths:
    - "/home/jay/.claude/settings.json"
    - "/home/jay/.claude/hooks/pre_tool_use_runtime_guard_canary.py"
    - "utils/runtime_guard_classifier.py"
    - "utils/runtime_guard_policy_map.py"
    - "memory/system/.axis_3_canary_false_positive_audit.jsonl"
    - "memory/system/.axis_3_canary_latency_audit.jsonl"
    - "memory/system/.axis_3_canary_interference_audit.jsonl"
    - "memory/system/.axis_3_emergency_bypass_audit.jsonl"
    - "memory/system/.axis_3_canary_hook_crash_audit.jsonl"
    - "memory/system/.callback_ledger.jsonl"
    - "memory/system/.callback_dedupe_table.jsonl"
    - "memory/.callback_inbox/**"
    - "tests/integration/test_axis_3_restricted_canary.py"
    - "memory/tasks/task-2653.md"
    - "memory/reports/task-2653.md"
    - "memory/events/task-2653.done"
    - "memory/events/task-2653.axis-3-canary-result-260524.json"
    - "INDEX.md"
  forbidden_paths:
    - "/home/jay/.claude/settings.local.json"
    - "/usr/local/bin/cokacdir"
    - ".github/**"
    - "utils/callback_registration.py"
    - "utils/callback_authority_validator.py"
    - "utils/callback_source_cross_checker.py"
    - "utils/callback_collector_helper_integration.py"
    - "utils/callback_adjudicator_v2.py"
    - "utils/callback_next_action_runner_v2.py"
    - "utils/source_attribution_guard_v2.py"
    - "/home/jay/.claude/hooks/session_start_anu_callback_collector_v2.py"
    - "/home/jay/.claude/hooks/stop_anu_callback_collector_verifier_v2.py"
    - "/home/jay/.claude/hooks/user_prompt_submit_hook_callback_inbox_v2.py"
    - "schemas/**"
    - "dispatch.py"
    - "scripts/finish-task.sh"
    - "utils/replacement_pr_runner.py"
    - "memory/tasks/task-2644*"
    - "memory/tasks/task-2645*"
    - "memory/tasks/task-2646*"
    - "memory/tasks/task-2647*"
    - "memory/tasks/task-2648*"
    - "memory/tasks/task-2649*"
    - "memory/tasks/task-2650*"
    - "memory/tasks/task-2651*"
    - "memory/tasks/task-2652*"
    - "memory/tasks/task-2641*"
    - "memory/tasks/task-2642*"
    - "**/.env*"
    - "**/credentials*"
  commands:
    - "pytest"
    - "python3 -m py_compile"
    - "python3 -m json.tool"
    - "git status"
    - "git diff"
    - "git add"
    - "git commit"
    - "git log"
    - "git checkout"
    - "git branch"
    - "git worktree"
    - "git revert"
    - "sha256sum"
    - "wc"
    - "printf"
    - "ls"
    - "grep"
    - "find"
    - "cokacdir --cron"
    - "cokacdir --cron-history"
    - "cokacdir --cron-list"
    - "cp"
    - "touch"
    - "mkdir"
    - "diff"
  merge_policy: "local_main_axis_3_canary_only"
  ttl_hours: 96
```

끝