# task-2729+14 — POST_PR189_ACTIVATION_INTEGRATION_SIM (isolated, activation 실행 0)

## 레벨
Lv.3 (isolated integration simulation — production activation 아님, canonical 무손상, systemd enable 0, real spawn 0)

## 발번 주석
task-2729+13(PR#189) 머지 완료 후속. lineage 연속 위해 **task-2729+14** 발번(회장 확인 요망).

## 한 줄 목표
origin/main `0307748b`(#189 sealed-key launcher_fn wiring 포함) CODE_ROOT + **isolated temp DATA root**에서 flag-on 경로(p0b_driver_enabled + p0b_real_wake_enabled + activation_epoch 전부 **temp 안에서만**) 통합 시뮬레이션을 수행한다: legacy 140 NOOP_LEGACY_SKIP, canary 1건 WAKE_BUILT→launcher_fn 진입, sealed key present/absent/invalid/exception 각 fail-closed 또는 mock launch. **canonical flag/epoch/result.json 0 터치, real ANU spawn 0, ACTIVE=false 유지.**

## 배경 (단일 소스)
- #189 main()=`build_launcher_fn(CANONICAL_ROOT)`→`scan_once(launcher_fn=...)`. flag(p0b_real_wake_enabled) 부재→launcher_fn=None. flag on+sealed key→`partial(launch_wake, dry_run=False, anu_key_verifier=hmac.compare_digest)`. fail-closed: sealed 부재/verifier fail/non-callable/예외→wake 0.
- sealed key=.env.keys COKACDIR_KEY_ANU(SATISFIED). CANONICAL_ROOT 하드코딩 → DATA=canonical. 단 sim은 root 인자/temp 주입으로 격리.
- L1/L2 단위 검증 완료. 본 task=**flag-on 통합 경로(driver scan_once→build_launcher_fn→launch_wake) end-to-end isolated 재현**.

## 작업 (isolated temp + mock/sabotage, real spawn 0)
1. CODE_ROOT=${HOME}/p0b-pickup-main을 origin/main 0307748b(또는 이후 최신) 동기화 확인.
2. isolated temp DATA root 구성: `memory/state/p0b_driver_enabled=enabled` + `p0b_real_wake_enabled=enabled` + `activation_epoch=now` **전부 temp 안에서만**. canonical 0 터치.
3. legacy fixture: canonical 140 equivalent(basename·원본 mtime 보존 복제 또는 합성, pre-epoch) temp events 구성 → scan_once(root=temp, legacy_cutoff=True) → 전부 NOOP_LEGACY_SKIP, move/quarantine 0.
4. canary 1건(post-epoch, valid schema) → WAKE_BUILT → `build_launcher_fn(root=temp)` 경로로 launcher_fn 진입 확인. subprocess_runner=mock(또는 sabotage) → real cokacdir/spawn 0.
5. ★ sealed key fail-closed **5종 — 각각 별도 케이스로 분리 검증**(non-callable과 exception 뭉뚱그리기 금지):
   - (a) **present** (mock sealed loader) → argv redacted **LAUNCHED**(mock runner, real subprocess 0)
   - (b) **absent** (loader None) → build_launcher_fn None / pickup_once SEALED_KEY_MISSING → **wake 0 fail-closed**
   - (c) **invalid verifier** (verifier가 False 반환) → `FAIL_CLOSED_NON_ANU_KEY` → **wake 0**
   - (d) **verifier exception** (verifier가 raise) → launch_wake W1 step3 except → `FAIL_CLOSED_NON_ANU_KEY` → **wake 0**
   - (e) **non-callable verifier** (verifier가 callable 아님) → launch_wake W1 step3 not-callable 가드 → `FAIL_CLOSED_NON_ANU_KEY` → **wake 0**
   - 각 fail-closed 결과: **wake 0, raw key 0, canonical write 0**. raw key/full argv 출력 0(argv_len redacted).
6. duplicate(SKIP_DEDUPE) / terminal no-op / ledger·marker fail-safe 유지.

## allowed_resources
```yaml
allowed_resources:
  paths:
    - "tests/regression/test_post_pr189_activation_integration_sim_2729p14.py"
    - "scripts/harness/v36/post_pr189_activation_integration_sim.py"
    - "memory/reports/task-2729+14.md"
    - "memory/plans/p0b-pickup/post_pr189_activation_integration_sim_design_260607.md"
    - "memory/events/task-2729+14.*"
    - "memory/tasks/task-2729+14-post-pr189-activation-integration-sim.md"
  read_only_reference:
    - "dispatch/anu_pickup_driver.py (build_launcher_fn/read_real_wake_enabled/main/scan_once — read only)"
    - "dispatch/anu_pickup_wake_launcher.py (launch_wake — read only)"
    - "dispatch/anu_result_pickup_runner.py (_default_sealed_key_loader/pickup_once — read only)"
  forbidden_paths:
    - "/home/jay/workspace (canonical working tree — reset/clean/stash/switch 금지)"
    - "dispatch/** (driver/runner/launcher 무변경 — read only)"
    - ".env.keys (실제 키 provision/기록 금지)"
    - "memory/state/** (canonical flag/real_wake/activation_epoch 생성 금지 — sim은 temp root만)"
    - "memory/events/task-*.result.json (canonical result.json 이동·삭제·quarantine 금지)"
    - "memory/events/task-*.g4-fix-loop-count (G4 counter reset 금지)"
    - "deploy/systemd/** (enable/install 금지)"
    - "dispatch.py"
    - "/usr/local/bin/cokacdir (real spawn 금지)"
    - "task-2716 branch (수정 금지)"
```

## EXPECTED FILES (정확히 5 — 초과 시 즉시 HOLD_FOR_CHAIR)
1. `scripts/harness/v36/post_pr189_activation_integration_sim.py` — isolated temp 통합 sim 하니스(real spawn 0)
2. `tests/regression/test_post_pr189_activation_integration_sim_2729p14.py` — 회귀(legacy NOOP / canary WAKE_BUILT→launcher / sealed 4-경로 / dedupe·terminal·fail-safe, subprocess sabotage 하)
3. `memory/reports/task-2729+14.md` — 결과 + 필수확인 10
4. `memory/plans/p0b-pickup/post_pr189_activation_integration_sim_design_260607.md` — 설계
5. (필요 시 evidence 1개)
- ★ driver/runner/launcher **무변경**(read-only). canonical flag/epoch/result.json 0 터치.

## 필수 확인 (회장 verbatim 10)
1. CODE_ROOT=origin/main 0307748b(이후 최신). 2. DATA root=isolated temp만. 3. temp 안에서만 flag/real_wake/epoch 생성(canonical 0). 4. legacy 140 equiv NOOP_LEGACY_SKIP·이동 0. 5. canary 1건 WAKE_BUILT→launcher_fn 진입. 6. sealed **5종**(present→mock launch / absent / invalid / exception / non-callable 각 별도 fail-closed). 7. subprocess/os.system sabotage/mock만. 8. real ANU spawn 0. 9. raw key/full argv 출력 0. 10. canonical(flag/epoch/result.json/task-2716) 무손상·ACTIVE=false.

## process caveat (회장 verbatim)
- 이 task 도 finish-task 시 **EXTERNAL_DIRTY_BLOCKER**(canonical dirty)로 .done/callback 막힐 가능성 높음. 그 경우 **task 실패 아님** — ANU 가 CODE_ROOT diff 기준 독립검증으로 회수. robust normal callback 성공으로 과장 금지. callback 미발사 = 별도 환경 블로커 분리 기록.

## 금지 (회장 verbatim)
1. systemctl enable --now  2. production ACTIVE 전환  3. canonical activation_epoch 생성  4. real ANU spawn  5. canonical result.json 이동·삭제·quarantine  6. canonical reset/clean/stash -u/checkout -f  7. task-2716 수정  8. G4 counter reset  9. ACTIVE=true 선언  10. PR push/merge/comment 자동 실행  11. raw key 출력
- 모든 검증 isolated temp + mock/sabotage. canonical 무손상.

## 이번 라운드 범위
- **isolated integration sim 구현+검증까지.** PR 생성/CI·Gemini gate/merge/activation = 별도 승인 전까지 0.

## 완료 판정
- 필수확인 10 + isolated(legacy NOOP 이동0 / canary WAKE_BUILT→launcher / sealed 4-경로 fail-closed·mock / real spawn 0 / canonical 무손상) PASS → **`POST_PR189_ACTIVATION_INTEGRATION_SIM_PASS_ACTIVE_FALSE`**(로컬 verify).
- canonical write 필요 / real spawn 필요 / systemd enable 필요 / expected_files 5 초과 → **`HOLD_FOR_CHAIR`**.
- ★ PR·activation 별도 회장 승인 전까지 금지.

## doctrine
직접 코딩 금지(ANU)/봇 위임 / canonical·task-2716 무손상 / isolated temp + mock sealed provider + subprocess sabotage(첫 launch_wake 전부터 강제) / driver·runner·launcher 무변경 / real spawn 0 / raw key 0 / same-PR push 금지·bot trigger 금지·long polling 금지.
```yaml
callback_envelope_byte_limit: 3900
callback_collector_role: ANU
callback_owner_key_source: ".env.keys COKACDIR_KEY_ANU (sealed, literal 출력 0)"
```