# task-2656 — AXIS_3_CANARY_SAFE_TRAFFIC_SAMPLE_GENERATION

- Level: Lv.4 (Axis 3 canary scope에 의도적 safe traffic 1건 이상 발생 · PreToolUse hook 실 trigger 확인)
- 담당: 회장 결정 후 dispatch · ANU 권장 dev5 마르둑 (★ canary session 3A287AE0 작성자 · PreToolUse hook canonical 작성자)
- base: origin/main 최신 + Axis 3 canary infra 보존 + 3A287AE0 session active + monitoring chain (60/120/180/240/300/360/420/480/540/600m) 모두 silent_continue
- 단일소스 spec: 본 task md
- chair_authorization_id: **`CHAIR-AUTH-AXIS-3-CANARY-20260524-JJONGS-RESTRICTED-001`** (★ task-2653/2654/2655 동일 ID 재사용 · canary scope 동일)
- canary scope 환경변수: `ANU_CANARY_AXIS_3=true` 강제

## 배경
canary monitoring 10h/24h 누적 silent_continue PASS · 그러나 5 audit log 모두 0 lines (real traffic 0). RUNNING 승격 차단 유지. 본 task는 safe traffic 1건 의도적 발생 + PreToolUse hook 실 trigger 검증.

## 목표 (회장 verbatim)
ANU_CANARY_AXIS_3=true canary scope 안에서 안전한 tool call 1건 이상 의도적 발생 → PreToolUse runtime guard가 실 traffic 기록하는지 확인.

## 필수 조건 10 (회장 verbatim 1:1)
1. traffic_count >= 1
2. safe noop/read-only tool call audit 기록
3. latency p50/p95/p99 측정 (★ vacuous 아닌 real value)
4. false_positive_count = 0
5. interference_count = 0
6. bypass_activation_count = 0
7. hook_crash_count = 0
8. rollback_trigger = false
9. Axis 1/2 영향 0
10. forbidden_action_count = 0

## 허용 3 (회장 verbatim)
- read-only/noop tool call 1건 (★ safe sample · 예: `ls /tmp` / `cat /etc/hostname` / `python3 --version` 등)
- forbidden path WARN dry-run/probe 1건 (★ 실 read 없이 trigger 검증만 · 예: probe `/home/jay/.env` access intent → WARN 기록)
- destructive BLOCK은 실제 실행 없이 dry-run/probe만 허용 (★ 예: `rm -rf /tmp/non-existent-probe-target-axis3-safe` dry-run)

## 금지 11 (회장 verbatim)
1. 실제 destructive command 실행 (★ rm -rf 실 path / git push --force 실행 · 절대 0)
2. 실제 credential 노출 (★ .env 실 read 0)
3. 회장 본 세션 적용
4. ANU collector 세션 적용
5. Axis 1/2 runtime 변경
6. dispatch.py 변경
7. policy 승격
8. BLOCK 정책 확대
9. full rollout
10. HARNESS_ENFORCED 전체 선언
11. commit/push/PR/merge

## 검증 절차
1. dev5 봇 spawn (env var `ANU_CANARY_AXIS_3=true` 강제)
2. PreToolUse hook이 canary scope에서 active 확인 (session filter PASS)
3. safe traffic 3종 순차 실행:
   - **T1 noop read-only**: `ls /tmp` 또는 `cat /etc/hostname` → AUDIT_ONLY 기록 + latency 측정 + traffic_count++
   - **T2 forbidden WARN probe**: `/home/jay/.env` access intent (★ 실 read 없이 stat 또는 dry-run) → WARN 기록 + false_positive 아님 확인
   - **T3 destructive BLOCK dry-run**: `rm -rf /tmp/non-existent-probe-target` (★ 실 destructive 아닌 명백한 non-existent target) → BLOCK 기록 + false_positive 아님 확인
4. 5 audit log 측정:
   - `.axis_3_canary_latency_audit.jsonl` (★ p50/p95/p99 real value 측정)
   - `.axis_3_canary_false_positive_audit.jsonl` (★ 0 유지)
   - `.axis_3_canary_interference_audit.jsonl` (★ 0 유지)
   - `.axis_3_emergency_bypass_audit.jsonl` (★ 0 유지)
   - `.axis_3_canary_hook_crash_audit.jsonl` (★ 0 유지)
5. Axis 1/2 hook 호출 시 PreToolUse 차단/WARN/latency 영향 0 확인

## expected_files (~6 file)
- memory/events/task-2656.safe-traffic-sample-evidence-260525.json (★ T1/T2/T3 결과 박제)
- memory/system/.axis_3_canary_latency_audit.jsonl (★ real value append)
- memory/system/.axis_3_canary_false_positive_audit.jsonl (★ 변경 없음 확인)
- memory/system/.axis_3_canary_interference_audit.jsonl (★ 변경 없음 확인)
- memory/events/task-2656.done
- memory/events/task-2656.axis-3-canary-safe-traffic-result-260525.json (★ 13 mandatory fields)
- memory/reports/task-2656.md

## finalize 프로토콜
1. base = origin/main + Axis 3 canary infra 보존
2. 별도 worktree task-2656-dev5
3. dev5 봇 spawn (env var ANU_CANARY_AXIS_3=true 강제)
4. T1/T2/T3 순차 실행 + audit 기록
5. 5 audit log 측정 + 10 필수 조건 평가
6. 모두 PASS → AXIS_3_CANARY_SAFE_TRAFFIC_SAMPLE_RECORDED
7. false_positive >0 / interference >0 / hook_crash >0 / rollback_trigger=true 발생 → HOLD_FOR_CHAIR 또는 ROLLBACK_REQUIRED
8. ANU normal callback cron (helper · ANU key · 4 source · 8 실제값)
9. result marker 박제 (13 mandatory fields)

## 회장 보고 형식 (verbatim)
- 성공: **`AXIS_3_CANARY_SAFE_TRAFFIC_SAMPLE_RECORDED`**
- 실패 A: **`AXIS_3_CANARY_HOLD_FOR_CHAIR`**
- 실패 B: **`AXIS_3_CANARY_ROLLBACK_REQUIRED`**

## 보고 필수 13 fields
- canary_session_id (3A287AE0)
- task_id (task-2656)
- env_var_ANU_CANARY_AXIS_3 적용 확인
- traffic_count (★ >= 1 target)
- T1 noop result (AUDIT_ONLY 기록 확인)
- T2 forbidden WARN probe result
- T3 destructive BLOCK dry-run result
- latency p50/p95/p99 (★ real value)
- false_positive_count (target 0)
- interference_count (target 0)
- bypass_activation_count (target 0)
- hook_crash_count (target 0)
- forbidden_action_count (target 0)
- rollback_trigger (target false)

## frozen anchor
- ANCHOR-1: "ANU_CANARY_AXIS_3=true canary scope에서만 traffic 발생 · 일반 봇 환경 0"
- ANCHOR-2: "safe traffic 3종 (noop AUDIT_ONLY / forbidden WARN probe / destructive BLOCK dry-run) · 실제 destructive·credential 노출 0"
- ANCHOR-3: "traffic_count >= 1 + 5 audit metric 0 유지 시 SAFE_TRAFFIC_SAMPLE_RECORDED"
- ANCHOR-4: "RUNNING 승격 · full rollout · policy 승격 · HARNESS_ENFORCED 전체 선언 절대 금지"
- ANCHOR-5: "회장 본 세션 / ANU collector 세션 적용 0"
- ANCHOR-6: "Axis 1/2 runtime · dispatch.py 변경 0"
- ANCHOR-7: "T2/T3는 실 행위 없이 trigger 검증만 (probe / non-existent target)"

## allowed_resources

```yaml
allowed_resources:
  paths:
    - "memory/system/.axis_3_canary_latency_audit.jsonl"
    - "memory/system/.axis_3_canary_false_positive_audit.jsonl"
    - "memory/system/.axis_3_canary_interference_audit.jsonl"
    - "memory/system/.axis_3_emergency_bypass_audit.jsonl"
    - "memory/system/.axis_3_canary_hook_crash_audit.jsonl"
    - "memory/system/.callback_ledger.jsonl"
    - "memory/system/.callback_dedupe_table.jsonl"
    - "memory/.callback_inbox/**"
    - "memory/tasks/task-2656.md"
    - "memory/reports/task-2656.md"
    - "memory/events/task-2656.done"
    - "memory/events/task-2656.safe-traffic-sample-evidence-260525.json"
    - "memory/events/task-2656.axis-3-canary-safe-traffic-result-260525.json"
    - "INDEX.md"
  forbidden_paths:
    - "/home/jay/.claude/settings.json"
    - "/home/jay/.claude/settings.local.json"
    - "/home/jay/.claude/hooks/**"
    - "/usr/local/bin/cokacdir"
    - ".github/**"
    - "utils/**"
    - "schemas/**"
    - "hooks/**"
    - "dispatch.py"
    - "scripts/finish-task.sh"
    - "utils/replacement_pr_runner.py"
    - "memory/tasks/task-2644*"
    - "memory/tasks/task-2645*"
    - "memory/tasks/task-2646*"
    - "memory/tasks/task-2647*"
    - "memory/tasks/task-2648*"
    - "memory/tasks/task-2649*"
    - "memory/tasks/task-2650*"
    - "memory/tasks/task-2651*"
    - "memory/tasks/task-2652*"
    - "memory/tasks/task-2653*"
    - "memory/tasks/task-2654*"
    - "memory/tasks/task-2655*"
    - "memory/tasks/task-2641*"
    - "memory/tasks/task-2642*"
    - "**/.env*"
    - "**/credentials*"
  commands:
    - "python3 -m py_compile"
    - "python3 -m json.tool"
    - "ls"
    - "cat"
    - "stat"
    - "git status"
    - "git diff"
    - "git log"
    - "git checkout"
    - "git branch"
    - "git worktree"
    - "sha256sum"
    - "wc"
    - "printf"
    - "grep"
    - "find"
    - "tail"
    - "cokacdir --cron"
    - "cokacdir --cron-history"
    - "cokacdir --cron-list"
    - "touch"
    - "mkdir"
  merge_policy: "safe_traffic_sample_no_infra_change"
  ttl_hours: 48
```

끝