process: harden implementation-start gate before coding

.gitea/ISSUE_TEMPLATE/runtime_verification.md

@@ -0,0 +1,41 @@
+---
+name: Runtime Verification Incident
+about: 실운영/스테이징 동작 검증 중 발견된 이상 징후 등록
+title: "[RUNTIME-VERIFY][SCN-XXX] "
+labels: runtime, verification
+---
+
+## Summary
+
+- 현상:
+- 최초 관측 시각(UTC):
+
+## Reproduction / Observation
+
+- 실행 모드(`live`/`paper`):
+- 세션(`NXT`, `US_PRE`, `US_DAY`, `US_AFTER`, ...):
+- 실행 커맨드:
+- 로그 경로:
+
+## Expected vs Actual
+
+- Expected:
+- Actual:
+
+## Requirement Mapping
+
+- REQ:
+- TASK:
+- TEST:
+
+## Temporary Mitigation
+
+- 즉시 완화책:
+
+## Close Criteria
+
+- [ ] Dev 수정 반영
+- [ ] Verifier 재검증 PASS
+- [ ] Runtime Verifier 재관측 PASS
+- [ ] `NOT_OBSERVED = 0`
+

.gitea/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,53 @@
+## Linked Issue
+
+- Closes #N
+
+## Scope
+
+- REQ: `REQ-...`
+- TASK: `TASK-...`
+- TEST: `TEST-...`
+
+## Ticket Stage
+
+- Current stage: `Implemented` / `Integrated` / `Observed` / `Accepted`
+- Previous stage evidence link:
+
+## Main -> Verifier Directive Contract
+
+- Scope: 대상 요구사항/코드/로그 경로
+- Method: 실행 커맨드 + 관측 포인트
+- PASS criteria:
+- FAIL criteria:
+- NOT_OBSERVED criteria:
+- Evidence format: PR 코멘트 `Coverage Matrix`
+
+## Verifier Coverage Matrix (Required)
+
+| Item | Evidence | Status (PASS/FAIL/NOT_OBSERVED) |
+|---|---|---|
+| REQ-... | 링크/로그 | PASS |
+
+`NOT_OBSERVED`가 1개라도 있으면 승인/머지 금지.
+
+## Gitea Preflight
+
+- [ ] `docs/commands.md`와 `docs/workflow.md` 트러블슈팅 선확인
+- [ ] `tea` 사용 (`gh` 미사용)
+
+## Session Handover Gate
+
+- [ ] `python3 scripts/session_handover_check.py --strict` 통과
+- [ ] `workflow/session-handover.md` 최신 엔트리가 현재 브랜치/당일(UTC) 기준으로 갱신됨
+- 최신 handover 엔트리 heading:
+
+## Runtime Evidence
+
+- 시스템 실제 구동 커맨드:
+- 모니터링 로그 경로:
+- 이상 징후/이슈 링크:
+
+## Approval Gate
+
+- [ ] Static Verifier approval comment linked
+- [ ] Runtime Verifier approval comment linked

.gitea/workflows/ci.yml

@@ -0,0 +1,38 @@
+name: Gitea CI
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+      - feature/**
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+
+      - name: Install dependencies
+        run: pip install ".[dev]"
+
+      - name: Session handover gate
+        run: python3 scripts/session_handover_check.py --strict
+
+      - name: Validate governance assets
+        run: python3 scripts/validate_governance_assets.py
+
+      - name: Validate Ouroboros docs
+        run: python3 scripts/validate_ouroboros_docs.py
+
+      - name: Lint
+        run: ruff check src/ tests/
+
+      - name: Run tests with coverage
+        run: pytest -v --cov=src --cov-report=term-missing --cov-fail-under=80

.github/workflows/ci.yml

@@ -21,6 +21,15 @@ jobs:
       - name: Install dependencies
         run: pip install ".[dev]"
 
+      - name: Session handover gate
+        run: python3 scripts/session_handover_check.py --strict
+
+      - name: Validate governance assets
+        run: python3 scripts/validate_governance_assets.py
+
+      - name: Validate Ouroboros docs
+        run: python3 scripts/validate_ouroboros_docs.py
+
       - name: Lint
         run: ruff check src/ tests/
 

docs/agent-constraints.md

@@ -12,6 +12,8 @@ It is distinct from `docs/requirements-log.md`, which records **project/product
 
 1. **Workflow enforcement**
    - Follow `docs/workflow.md` for all changes.
+   - Before any Gitea issue/PR/comment operation, read `docs/commands.md` and `docs/workflow.md` troubleshooting section.
+   - Use `tea` for Gitea operations; do not use GitHub CLI (`gh`) in this repository workflow.
    - Create a Gitea issue before any code or documentation change.
    - Work on a feature branch `feature/issue-{N}-{short-description}` and open a PR.
    - Never commit directly to `main`.
@@ -30,6 +32,16 @@ It is distinct from `docs/requirements-log.md`, which records **project/product
      (or in a dedicated policy doc) and reference it when working.
    - Keep entries short and concrete, with dates.
 
+5. **Session start handover gate**
+   - Before implementation/verification work, run `python3 scripts/session_handover_check.py --strict`.
+   - Keep `workflow/session-handover.md` updated with a same-day entry for the active branch.
+   - If the check fails, stop and fix handover artifacts first.
+
+6. **Process-change-first execution gate**
+   - If process/governance change is required, merge the process ticket to the feature branch first.
+   - Do not start code/test edits for implementation tickets until process merge evidence is confirmed.
+   - Subagents must be constrained to read-only exploration until the process gate is satisfied.
+
 ## Change Control
 
 - Changes to this file follow the same workflow as code changes.
@@ -43,3 +55,15 @@ It is distinct from `docs/requirements-log.md`, which records **project/product
 - When work requires guidance, consult the relevant `docs/` policies first.
 - Any code change must be accompanied by relevant documentation updates.
 - Persist user constraints across sessions by recording them in this document.
+
+### 2026-02-27
+
+- All agents must pre-read `docs/commands.md` and `docs/workflow.md` troubleshooting before running Gitea issue/PR/comment commands.
+- `gh` CLI is prohibited for repository ticket/PR operations; use `tea` (or documented Gitea API fallback only).
+- Session start must pass `python3 scripts/session_handover_check.py --strict`, with branch-matched entry in `workflow/session-handover.md`.
+
+### 2026-02-27
+
+- Apply process-change-first as an execution gate: process ticket must be merged before implementation ticket coding.
+- Handover entry must record concrete `next_ticket` and `process_gate_checked`; placeholders are not allowed in strict gate.
+- Before process merge confirmation, all subagent tasks must remain read-only (analysis only).

docs/commands.md

@@ -4,6 +4,23 @@
 
 **Critical: Learn from failures. Never repeat the same failed command without modification.**
 
+## Repository VCS Rule (Mandatory)
+
+- 이 저장소의 티켓/PR/코멘트 작업은 Gitea 기준으로 수행한다.
+- `gh`(GitHub CLI) 명령 사용은 금지한다.
+- 기본 도구는 `tea`이며, `tea` 미지원 케이스만 Gitea API를 fallback으로 사용한다.
+- 실행 전 `docs/workflow.md`의 `Gitea CLI Formatting Troubleshooting`을 반드시 확인한다.
+
+## Session Handover Preflight (Mandatory)
+
+- 세션 시작 직후(코드 변경 전) 아래 명령을 먼저 실행한다.
+
+```bash
+python3 scripts/session_handover_check.py --strict
+```
+
+- 실패 시 `workflow/session-handover.md` 최신 엔트리를 보강한 뒤 재실행한다.
+
 ### tea CLI (Gitea Command Line Tool)
 
 #### ❌ TTY Error - Interactive Confirmation Fails
@@ -140,6 +157,15 @@ python -m src.main --mode=paper
 # Run with dashboard enabled
 python -m src.main --mode=paper --dashboard
 
+# Runtime verification monitor (NOT_OBSERVED detection)
+bash scripts/runtime_verify_monitor.sh
+
+# Session handover gate (must pass before implementation)
+python3 scripts/session_handover_check.py --strict
+
+# Follow runtime verification log
+tail -f data/overnight/runtime_verify_*.log
+
 # Docker
 docker compose up -d ouroboros          # Run agent
 docker compose --profile test up test   # Run tests in container

docs/ouroboros/50_tpm_control_protocol.md

@@ -34,6 +34,12 @@ Main Agent 아이디에이션 책임:
 - DCP-03 구현 착수: Phase 2 종료 전 Main Agent 승인 필수
 - DCP-04 배포 승인: Phase 4 종료 후 Main Agent 최종 승인 필수
 
+Main/Verifier 사고 재발 방지 규칙:
+- Main Agent는 검증 위임 시 `Directive Contract`를 충족하지 않으면 검증 착수 금지
+- Verifier Agent는 지시 누락/모호성 발견 시 즉시 `BLOCKED`를 선언하고 보완 요청
+- Verifier Agent는 `미관측(NOT_OBSERVED)` 항목을 PASS로 보고할 수 없다
+- Runtime 검증에서 요구 세션 증적이 없으면 "정상"이 아니라 `미검증 이상`으로 이슈화한다
+
 ## Phase Control Gates
 
 ### Phase 0: Scenario Intake and Scope Lock
@@ -112,7 +118,10 @@ Exit criteria:
 
 Control checks:
 - Verifier가 테스트 증적(로그/리포트/실행 커맨드) 첨부
+- Verifier가 `Coverage Matrix`(`REQ/TASK/TEST` x `PASS/FAIL/NOT_OBSERVED`) 첨부
+- `NOT_OBSERVED` 항목 수가 0인지 확인(0이 아니면 Gate 실패)
 - Runtime Verifier가 스테이징/실운영 모니터링 계획 승인
+- 정적 Verifier 승인 + Runtime Verifier 승인 2개 모두 확인
 - 산출물: 수용 승인 레코드
 
 ### Phase 5: Release and Post-Release Control
@@ -150,6 +159,17 @@ TPM 티켓 운영 규칙:
 - PR 본문에는 TPM이 지정한 우선순위와 범위가 그대로 반영되어야 한다.
 - 우선순위 변경은 TPM 제안 + Main Agent 승인으로만 가능하다.
 - PM/TPM/Dev/Reviewer/Verifier/Runtime Verifier는 주요 의사결정 시점마다 PR 코멘트를 남겨 결정 근거를 추적 가능 상태로 유지한다.
+- PM/TPM/Dev/Reviewer/Verifier/Runtime Verifier는 이슈/PR/코멘트 조작 전에 `docs/commands.md`와 `docs/workflow.md`의 Gitea 트러블슈팅 섹션을 선참조해야 한다.
+- 저장소 협업에서 GitHub CLI(`gh`) 사용은 금지하며, Gitea 작업은 `tea`(필요 시 문서화된 API fallback)만 허용한다.
+- 재발 방지/운영 규칙 변경이 합의되면, 기능 구현 이전에 process 티켓을 먼저 생성/머지해야 한다.
+- process 티켓 미반영 상태에서 구현 티켓 진행 시 TPM이 즉시 `BLOCKED` 처리한다.
+
+티켓 성숙도 단계 (Mandatory):
+- `Implemented`: 코드/문서 변경 완료
+- `Integrated`: 호출 경로/파이프라인 연결 확인
+- `Observed`: 런타임/실행 증적 확보
+- `Accepted`: Verifier + Runtime Verifier 승인 완료
+- 단계는 순차 전진만 허용되며, 단계 점프는 허용되지 않는다.
 
 브랜치 운영 규칙:
 - TPM은 각 티켓에 대해 `ticket temp branch -> program feature branch` PR 경로를 지정한다.
@@ -168,6 +188,8 @@ TPM 티켓 운영 규칙:
   - 시스템 실제 구동(스테이징/로컬 실운영 모드) 실행
   - 모니터링 체크리스트(핵심 경보/주문 경로/예외 로그) 수행
   - 결과를 티켓/PR 코멘트에 증적으로 첨부하지 않으면 완료로 간주하지 않음
+  - 세션별 필수 관측 포인트(`NXT`, `US_PRE`, `US_DAY`, `US_AFTER` 등) 중 미관측 항목은 `NOT_OBSERVED`로 기록
+  - `NOT_OBSERVED` 존재 시 승인 금지 + Runtime 이슈 발행
 
 ## Server Reflection Rule
 

docs/ouroboros/60_repo_enforcement_checklist.md

@@ -3,7 +3,7 @@ Doc-ID: DOC-OPS-002
 Version: 1.0.0
 Status: active
 Owner: tpm
-Updated: 2026-02-26
+Updated: 2026-02-27
 -->
 
 # 저장소 강제 설정 체크리스트
@@ -48,6 +48,8 @@ Updated: 2026-02-26
 병합 전 체크리스트:
 - 이슈 연결(`Closes #N`) 존재
 - PR 본문에 `REQ-*`, `TASK-*`, `TEST-*` 매핑 표 존재
+- Main -> Verifier Directive Contract(범위/방법/합격/실패/미관측/증적 형식) 기재
+- process-change-first 대상이면 process 티켓 PR이 선머지됨
 - `src/core/risk_manager.py` 변경 없음
 - 주요 의사결정 체크포인트(DCP-01~04) 중 해당 단계 Main Agent 확인 기록 존재
 - 주요 의사결정(리뷰 지적/수정 합의/검증 승인)에 대한 에이전트 PR 코멘트 존재
@@ -56,7 +58,14 @@ Updated: 2026-02-26
 자동 점검:
 - 문서 검증 스크립트 통과
 - 테스트 통과
+- `python3 scripts/session_handover_check.py --strict` 통과
 - 개발 완료 시 시스템 구동/모니터링 증적 코멘트 존재
+- 이슈/PR 조작 전에 `docs/commands.md` 및 `docs/workflow.md` 트러블슈팅 확인 코멘트 존재
+- `gh` CLI 미사용, `tea` 사용 증적 존재
+- Verifier `Coverage Matrix` 첨부(PASS/FAIL/NOT_OBSERVED)
+- `NOT_OBSERVED` 항목 0 확인(0이 아니면 머지 금지)
+- 티켓 단계 기록(`Implemented` -> `Integrated` -> `Observed` -> `Accepted`) 존재
+- 정적 Verifier 승인 + Runtime Verifier 승인 2개 확인
 
 ## 5) 감사 추적
 

docs/workflow.md

@@ -16,6 +16,33 @@
 
 **Never commit directly to `main`.** This policy applies to all changes, no exceptions.
 
+## Agent Gitea Preflight (Mandatory)
+
+Gitea 이슈/PR/코멘트 작업 전에 모든 에이전트는 아래를 먼저 확인해야 한다.
+
+1. `docs/commands.md`의 `tea CLI` 실패 사례/해결 패턴 확인
+2. 본 문서의 `Gitea CLI Formatting Troubleshooting` 확인
+3. 명령 실행 전 `gh`(GitHub CLI) 사용 금지 확인
+
+강제 규칙:
+- 이 저장소 협업 명령은 `tea`를 기본으로 사용한다.
+- `gh issue`, `gh pr` 등 GitHub CLI 명령은 사용 금지다.
+- `tea` 실패 시 동일 명령 재시도 전에 원인/수정사항을 PR 코멘트에 남긴다.
+- 필요한 경우에만 Gitea API(`localhost:3000`)를 fallback으로 사용한다.
+
+## Session Handover Gate (Mandatory)
+
+새 세션에서 구현/검증을 시작하기 전에 아래를 선행해야 한다.
+
+1. `docs/workflow.md`, `docs/commands.md`, `docs/agent-constraints.md` 재확인
+2. `workflow/session-handover.md`에 최신 세션 엔트리 추가
+3. `python3 scripts/session_handover_check.py --strict` 통과 확인
+
+강제 규칙:
+- handover check 실패 상태에서 코드 수정/이슈 상태 전이/PR 생성 금지
+- 최신 handover 엔트리는 현재 작업 브랜치를 명시해야 한다
+- 최신 handover 엔트리는 당일(UTC) 날짜를 포함해야 한다
+
 ## Branch Strategy (Mandatory)
 
 - Team operation default branch is the **program feature branch**, not `main`.
@@ -137,6 +164,57 @@ task_tool(
 
 Use `run_in_background=True` for independent tasks that don't block subsequent work.
 
+### Main -> Verifier Directive Contract (Mandatory)
+
+메인 에이전트가 검증 에이전트에 작업을 위임할 때, 아래 6개를 누락하면 지시가 무효다.
+
+1. 검증 대상 범위: `REQ-*`, `TASK-*`, 코드/로그 경로
+2. 검증 방법: 실행 커맨드와 관측 포인트(예: 세션별 로그 키워드)
+3. 합격 기준: PASS 조건을 수치/문구로 명시
+4. 실패 기준: FAIL 조건을 수치/문구로 명시
+5. 미관측 기준: `NOT_OBSERVED` 조건과 즉시 에스컬레이션 규칙
+6. 증적 형식: PR 코멘트에 `Coverage Matrix` 표로 제출
+
+`NOT_OBSERVED` 처리 규칙:
+- 요구사항 항목이 관측되지 않았으면 PASS로 간주 금지
+- `NOT_OBSERVED`는 운영상 `FAIL`과 동일하게 처리
+- `NOT_OBSERVED`가 하나라도 있으면 승인/머지 금지
+
+### Process-Change-First Rule (Mandatory)
+
+재발 방지/운영 규칙 변경이 결정되면, 기능 구현 티켓보다 먼저 서버(feature branch)에 반영해야 한다.
+
+- 순서: `process ticket merge` -> `implementation ticket start`
+- process ticket 미반영 상태에서 기능 티켓 코딩/머지 금지
+- 세션 전환 시에도 동일 규칙 유지
+
+### Implementation Start Gate (Mandatory)
+
+구현 티켓을 시작하기 전에 아래 3개를 모두 만족해야 한다.
+
+1. `process ticket merge` 증적 확인 (feature branch 반영 커밋/PR)
+2. `workflow/session-handover.md` 최신 엔트리에 `next_ticket`과 `process_gate_checked` 기록
+3. `python3 scripts/session_handover_check.py --strict` 통과
+
+강제 규칙:
+- 위 3개 중 하나라도 불충족이면 코드/테스트 수정 금지
+- 서브에이전트 지시도 동일하게 제한한다 (`process merged 확인 전 read-only 탐색만 허용`)
+- 성급 착수 발견 시 구현 작업을 즉시 중단하고 handover/proces gate부터 복구한다
+
+### Ticket Maturity Stages (Mandatory)
+
+모든 티켓은 아래 4단계를 순서대로 통과해야 한다.
+
+1. `Implemented`: 코드/문서 변경 완료
+2. `Integrated`: 호출 경로/파이프라인 연결 완료
+3. `Observed`: 런타임/실행 증적 확보 완료
+4. `Accepted`: 정적 Verifier + Runtime Verifier 승인 완료
+
+강제 규칙:
+- 단계 점프 금지 (예: Implemented -> Accepted 금지)
+- `Observed` 전에는 완료 선언 금지
+- `Accepted` 전에는 머지 금지
+
 ## Code Review Checklist
 
 **CRITICAL: Every PR review MUST verify plan-implementation consistency.**
@@ -170,3 +248,10 @@ Before approving any PR, the reviewer (human or agent) must check ALL of the fol
 - [ ] PR references the Gitea issue number
 - [ ] Feature branch follows naming convention (`feature/issue-N-description`)
 - [ ] Commit messages are clear and descriptive
+- [ ] 이슈/PR 작업 전에 `docs/commands.md`와 본 문서 트러블슈팅 섹션을 확인했다
+- [ ] `gh` 명령을 사용하지 않고 `tea`(또는 허용된 Gitea API fallback)만 사용했다
+- [ ] Main -> Verifier 지시가 Directive Contract 6개 항목을 모두 포함한다
+- [ ] Verifier 결과에 `Coverage Matrix`(PASS/FAIL/NOT_OBSERVED)가 있고, `NOT_OBSERVED=0`이다
+- [ ] Process-change-first 대상이면 해당 process PR이 먼저 머지되었다
+- [ ] 티켓 단계가 `Implemented -> Integrated -> Observed -> Accepted` 순서로 기록되었다
+- [ ] 정적 Verifier와 Runtime Verifier 승인 코멘트가 모두 존재한다

scripts/runtime_verify_monitor.sh

@@ -0,0 +1,78 @@
+#!/usr/bin/env bash
+# Runtime verification monitor with NOT_OBSERVED detection.
+
+set -euo pipefail
+
+ROOT_DIR="${ROOT_DIR:-/home/agentson/repos/The-Ouroboros}"
+LOG_DIR="${LOG_DIR:-$ROOT_DIR/data/overnight}"
+INTERVAL_SEC="${INTERVAL_SEC:-60}"
+MAX_HOURS="${MAX_HOURS:-24}"
+
+cd "$ROOT_DIR"
+
+OUT_LOG="$LOG_DIR/runtime_verify_$(date +%Y%m%d_%H%M%S).log"
+END_TS=$(( $(date +%s) + MAX_HOURS*3600 ))
+
+log() {
+  printf '%s %s\n' "$(date -u +%Y-%m-%dT%H:%M:%SZ)" "$1" | tee -a "$OUT_LOG" >/dev/null
+}
+
+check_signal() {
+  local name="$1"
+  local pattern="$2"
+  local run_log="$3"
+
+  if rg -q "$pattern" "$run_log"; then
+    log "[COVERAGE] ${name}=PASS pattern=${pattern}"
+    return 0
+  fi
+  log "[COVERAGE] ${name}=NOT_OBSERVED pattern=${pattern}"
+  return 1
+}
+
+log "[INFO] runtime verify monitor started interval=${INTERVAL_SEC}s max_hours=${MAX_HOURS}"
+
+while true; do
+  now=$(date +%s)
+  if [ "$now" -ge "$END_TS" ]; then
+    log "[INFO] monitor completed (time window reached)"
+    exit 0
+  fi
+
+  latest_run="$(ls -t "$LOG_DIR"/run_*.log 2>/dev/null | head -n1 || true)"
+  if [ -z "$latest_run" ]; then
+    log "[ANOMALY] no run log found"
+    sleep "$INTERVAL_SEC"
+    continue
+  fi
+
+  # Basic liveness hints.
+  app_pid="$(cat "$LOG_DIR/app.pid" 2>/dev/null || true)"
+  wd_pid="$(cat "$LOG_DIR/watchdog.pid" 2>/dev/null || true)"
+  app_alive=0
+  wd_alive=0
+  port_alive=0
+  [ -n "$app_pid" ] && kill -0 "$app_pid" 2>/dev/null && app_alive=1
+  [ -n "$wd_pid" ] && kill -0 "$wd_pid" 2>/dev/null && wd_alive=1
+  ss -ltnp 2>/dev/null | rg -q ':8080' && port_alive=1
+  log "[HEARTBEAT] run_log=$latest_run app_alive=$app_alive watchdog_alive=$wd_alive port8080=$port_alive"
+
+  # Coverage matrix rows (session paths and policy gate evidence).
+  not_observed=0
+  check_signal "LIVE_MODE" "Mode: live" "$latest_run" || not_observed=$((not_observed+1))
+  check_signal "KR_LOOP" "Processing market: Korea Exchange" "$latest_run" || not_observed=$((not_observed+1))
+  check_signal "NXT_PATH" "NXT_PRE|NXT_AFTER|session=NXT_" "$latest_run" || not_observed=$((not_observed+1))
+  check_signal "US_PRE_PATH" "US_PRE|session=US_PRE" "$latest_run" || not_observed=$((not_observed+1))
+  check_signal "US_DAY_PATH" "US_DAY|session=US_DAY|Processing market: .*NASDAQ|Processing market: .*NYSE|Processing market: .*AMEX" "$latest_run" || not_observed=$((not_observed+1))
+  check_signal "US_AFTER_PATH" "US_AFTER|session=US_AFTER" "$latest_run" || not_observed=$((not_observed+1))
+  check_signal "ORDER_POLICY_SESSION" "Order policy rejected .*\\[session=" "$latest_run" || not_observed=$((not_observed+1))
+
+  if [ "$not_observed" -gt 0 ]; then
+    log "[ANOMALY] coverage_not_observed=$not_observed (treat as FAIL)"
+  else
+    log "[OK] coverage complete (NOT_OBSERVED=0)"
+  fi
+
+  sleep "$INTERVAL_SEC"
+done
+

scripts/session_handover_check.py

@@ -0,0 +1,146 @@
+#!/usr/bin/env python3
+"""Session handover preflight gate.
+
+This script enforces a minimal handover record per working branch so that
+new sessions cannot start implementation without reading the required docs
+and recording current intent.
+"""
+
+from __future__ import annotations
+
+import argparse
+import subprocess
+import sys
+from datetime import UTC, datetime
+from pathlib import Path
+
+REQUIRED_DOCS = (
+    Path("docs/workflow.md"),
+    Path("docs/commands.md"),
+    Path("docs/agent-constraints.md"),
+)
+HANDOVER_LOG = Path("workflow/session-handover.md")
+
+
+def _run_git(*args: str) -> str:
+    try:
+        return (
+            subprocess.check_output(["git", *args], stderr=subprocess.DEVNULL)
+            .decode("utf-8")
+            .strip()
+        )
+    except Exception:
+        return ""
+
+
+def _current_branch() -> str:
+    branch = _run_git("branch", "--show-current")
+    if branch:
+        return branch
+    return _run_git("rev-parse", "--abbrev-ref", "HEAD")
+
+
+def _latest_entry(text: str) -> str:
+    chunks = text.split("\n### ")
+    if not chunks:
+        return ""
+    if chunks[0].startswith("### "):
+        chunks[0] = chunks[0][4:]
+    latest = chunks[-1].strip()
+    if not latest:
+        return ""
+    if not latest.startswith("### "):
+        latest = f"### {latest}"
+    return latest
+
+
+def _check_required_files(errors: list[str]) -> None:
+    for path in REQUIRED_DOCS:
+        if not path.exists():
+            errors.append(f"missing required document: {path}")
+    if not HANDOVER_LOG.exists():
+        errors.append(f"missing handover log: {HANDOVER_LOG}")
+
+
+def _check_handover_entry(
+    *,
+    branch: str,
+    strict: bool,
+    errors: list[str],
+) -> None:
+    if not HANDOVER_LOG.exists():
+        return
+    text = HANDOVER_LOG.read_text(encoding="utf-8")
+    latest = _latest_entry(text)
+    if not latest:
+        errors.append("handover log has no session entry")
+        return
+
+    required_tokens = (
+        "- branch:",
+        "- docs_checked:",
+        "- open_issues_reviewed:",
+        "- next_ticket:",
+        "- process_gate_checked:",
+    )
+    for token in required_tokens:
+        if token not in latest:
+            errors.append(f"latest handover entry missing token: {token}")
+
+    if strict:
+        today_utc = datetime.now(UTC).date().isoformat()
+        if today_utc not in latest:
+            errors.append(
+                f"latest handover entry must contain today's UTC date ({today_utc})"
+            )
+        branch_token = f"- branch: {branch}"
+        if branch_token not in latest:
+            errors.append(
+                "latest handover entry must target current branch "
+                f"({branch_token})"
+            )
+        if "- next_ticket: #TBD" in latest:
+            errors.append("latest handover entry must not use placeholder next_ticket (#TBD)")
+        if "merged_to_feature_branch=no" in latest:
+            errors.append(
+                "process gate indicates not merged; implementation must stay blocked "
+                "(merged_to_feature_branch=no)"
+            )
+
+
+def main() -> int:
+    parser = argparse.ArgumentParser(
+        description="Validate session handover gate requirements."
+    )
+    parser.add_argument(
+        "--strict",
+        action="store_true",
+        help="Enforce today-date and current-branch match on latest handover entry.",
+    )
+    args = parser.parse_args()
+
+    errors: list[str] = []
+    _check_required_files(errors)
+
+    branch = _current_branch()
+    if not branch:
+        errors.append("cannot resolve current git branch")
+    elif branch in {"main", "master"}:
+        errors.append(f"working branch must not be {branch}")
+
+    _check_handover_entry(branch=branch, strict=args.strict, errors=errors)
+
+    if errors:
+        print("[FAIL] session handover check failed")
+        for err in errors:
+            print(f"- {err}")
+        return 1
+
+    print("[OK] session handover check passed")
+    print(f"[OK] branch={branch}")
+    print(f"[OK] handover_log={HANDOVER_LOG}")
+    return 0
+
+
+if __name__ == "__main__":
+    sys.exit(main())

scripts/validate_governance_assets.py

@@ -0,0 +1,95 @@
+#!/usr/bin/env python3
+"""Validate persistent governance assets for agent workflow safety."""
+
+from __future__ import annotations
+
+import sys
+from pathlib import Path
+
+
+def must_contain(path: Path, required: list[str], errors: list[str]) -> None:
+    if not path.exists():
+        errors.append(f"missing file: {path}")
+        return
+    text = path.read_text(encoding="utf-8")
+    for token in required:
+        if token not in text:
+            errors.append(f"{path}: missing required token -> {token}")
+
+
+def main() -> int:
+    errors: list[str] = []
+
+    pr_template = Path(".gitea/PULL_REQUEST_TEMPLATE.md")
+    issue_template = Path(".gitea/ISSUE_TEMPLATE/runtime_verification.md")
+    workflow_doc = Path("docs/workflow.md")
+    commands_doc = Path("docs/commands.md")
+    handover_script = Path("scripts/session_handover_check.py")
+    handover_log = Path("workflow/session-handover.md")
+
+    must_contain(
+        pr_template,
+        [
+            "Closes #N",
+            "Main -> Verifier Directive Contract",
+            "Coverage Matrix",
+            "NOT_OBSERVED",
+            "tea",
+            "gh",
+            "Session Handover Gate",
+            "session_handover_check.py --strict",
+        ],
+        errors,
+    )
+    must_contain(
+        issue_template,
+        [
+            "[RUNTIME-VERIFY][SCN-XXX]",
+            "Requirement Mapping",
+            "Close Criteria",
+            "NOT_OBSERVED = 0",
+        ],
+        errors,
+    )
+    must_contain(
+        workflow_doc,
+        [
+            "Session Handover Gate (Mandatory)",
+            "session_handover_check.py --strict",
+        ],
+        errors,
+    )
+    must_contain(
+        commands_doc,
+        [
+            "Session Handover Preflight (Mandatory)",
+            "session_handover_check.py --strict",
+        ],
+        errors,
+    )
+    must_contain(
+        handover_log,
+        [
+            "Session Handover Log",
+            "- branch:",
+            "- docs_checked:",
+            "- open_issues_reviewed:",
+            "- next_ticket:",
+        ],
+        errors,
+    )
+    if not handover_script.exists():
+        errors.append(f"missing file: {handover_script}")
+
+    if errors:
+        print("[FAIL] governance asset validation failed")
+        for err in errors:
+            print(f"- {err}")
+        return 1
+
+    print("[OK] governance assets validated")
+    return 0
+
+
+if __name__ == "__main__":
+    sys.exit(main())

src/main.py

@@ -3408,7 +3408,10 @@ async def run(settings: Settings) -> None:
                 _run_context_scheduler(context_scheduler, now=datetime.now(UTC))
 
                 # Get currently open markets
-                open_markets = get_open_markets(settings.enabled_market_list)
+                open_markets = get_open_markets(
+                    settings.enabled_market_list,
+                    include_extended_sessions=True,
+                )
 
                 if not open_markets:
                     # Notify market close for any markets that were open
@@ -3437,7 +3440,8 @@ async def run(settings: Settings) -> None:
                     # No markets open — wait until next market opens
                     try:
                         next_market, next_open_time = get_next_market_open(
-                            settings.enabled_market_list
+                            settings.enabled_market_list,
+                            include_extended_sessions=True,
                         )
                         now = datetime.now(UTC)
                         wait_seconds = (next_open_time - now).total_seconds()
@@ -3459,6 +3463,14 @@ async def run(settings: Settings) -> None:
                     if shutdown.is_set():
                         break
 
+                    session_info = get_session_info(market)
+                    logger.info(
+                        "Market session active: %s (%s) session=%s",
+                        market.code,
+                        market.name,
+                        session_info.session_id,
+                    )
+
                     await process_blackout_recovery_orders(
                         broker=broker,
                         overseas_broker=overseas_broker,

src/markets/schedule.py

@@ -1,7 +1,7 @@
 """Market schedule management with timezone support."""
 
 from dataclasses import dataclass
-from datetime import datetime, time, timedelta
+from datetime import UTC, datetime, time, timedelta
 from zoneinfo import ZoneInfo
 
 
@@ -181,7 +181,10 @@ def is_market_open(market: MarketInfo, now: datetime | None = None) -> bool:
 
 
 def get_open_markets(
-    enabled_markets: list[str] | None = None, now: datetime | None = None
+    enabled_markets: list[str] | None = None,
+    now: datetime | None = None,
+    *,
+    include_extended_sessions: bool = False,
 ) -> list[MarketInfo]:
     """
     Get list of currently open markets.
@@ -196,17 +199,31 @@ def get_open_markets(
     if enabled_markets is None:
         enabled_markets = list(MARKETS.keys())
 
+    def is_available(market: MarketInfo) -> bool:
+        if not include_extended_sessions:
+            return is_market_open(market, now)
+        if market.code == "KR" or market.code.startswith("US"):
+            # Import lazily to avoid module cycle at import-time.
+            from src.core.order_policy import classify_session_id
+
+            session_id = classify_session_id(market, now)
+            return session_id not in {"KR_OFF", "US_OFF"}
+        return is_market_open(market, now)
+
     open_markets = [
         MARKETS[code]
         for code in enabled_markets
-        if code in MARKETS and is_market_open(MARKETS[code], now)
+        if code in MARKETS and is_available(MARKETS[code])
     ]
 
     return sorted(open_markets, key=lambda m: m.code)
 
 
 def get_next_market_open(
-    enabled_markets: list[str] | None = None, now: datetime | None = None
+    enabled_markets: list[str] | None = None,
+    now: datetime | None = None,
+    *,
+    include_extended_sessions: bool = False,
 ) -> tuple[MarketInfo, datetime]:
     """
     Find the next market that will open and when.
@@ -233,6 +250,21 @@ def get_next_market_open(
     next_open_time: datetime | None = None
     next_market: MarketInfo | None = None
 
+    def first_extended_open_after(market: MarketInfo, start_utc: datetime) -> datetime | None:
+        # Search minute-by-minute for KR/US session transition into active window.
+        # Bounded to 7 days to match existing behavior.
+        from src.core.order_policy import classify_session_id
+
+        ts = start_utc.astimezone(ZoneInfo("UTC")).replace(second=0, microsecond=0)
+        prev_active = classify_session_id(market, ts) not in {"KR_OFF", "US_OFF"}
+        for _ in range(7 * 24 * 60):
+            ts = ts + timedelta(minutes=1)
+            active = classify_session_id(market, ts) not in {"KR_OFF", "US_OFF"}
+            if active and not prev_active:
+                return ts
+            prev_active = active
+        return None
+
     for code in enabled_markets:
         if code not in MARKETS:
             continue
@@ -240,6 +272,13 @@ def get_next_market_open(
         market = MARKETS[code]
         market_now = now.astimezone(market.timezone)
 
+        if include_extended_sessions and (market.code == "KR" or market.code.startswith("US")):
+            ext_open = first_extended_open_after(market, now.astimezone(UTC))
+            if ext_open and (next_open_time is None or ext_open < next_open_time):
+                next_open_time = ext_open
+                next_market = market
+            continue
+
         # Calculate next open time for this market
         for days_ahead in range(7):  # Check next 7 days
             check_date = market_now.date() + timedelta(days=days_ahead)

tests/test_market_schedule.py

@@ -147,6 +147,24 @@ class TestGetOpenMarkets:
         codes = [m.code for m in open_markets]
         assert codes == sorted(codes)
 
+    def test_get_open_markets_us_pre_extended_session(self) -> None:
+        """US premarket should be considered open when extended sessions enabled."""
+        # Monday 2026-02-02 08:30 EST = 13:30 UTC (premarket window)
+        test_time = datetime(2026, 2, 2, 13, 30, tzinfo=ZoneInfo("UTC"))
+
+        regular = get_open_markets(
+            enabled_markets=["US_NASDAQ", "US_NYSE", "US_AMEX"],
+            now=test_time,
+        )
+        assert regular == []
+
+        extended = get_open_markets(
+            enabled_markets=["US_NASDAQ", "US_NYSE", "US_AMEX"],
+            now=test_time,
+            include_extended_sessions=True,
+        )
+        assert {m.code for m in extended} == {"US_NASDAQ", "US_NYSE", "US_AMEX"}
+
 
 class TestGetNextMarketOpen:
     """Test get_next_market_open function."""
@@ -201,6 +219,20 @@ class TestGetNextMarketOpen:
         )
         assert market.code == "KR"
 
+    def test_get_next_market_open_prefers_extended_session(self) -> None:
+        """Extended lookup should return premarket open time before regular open."""
+        # Monday 2026-02-02 07:00 EST = 12:00 UTC
+        # By v3 KST session rules, US is OFF only in KST 07:00-10:00 (UTC 22:00-01:00).
+        # At 12:00 UTC market is active, so next OFF->ON transition is 01:00 UTC next day.
+        test_time = datetime(2026, 2, 2, 12, 0, tzinfo=ZoneInfo("UTC"))
+        market, next_open = get_next_market_open(
+            enabled_markets=["US_NASDAQ"],
+            now=test_time,
+            include_extended_sessions=True,
+        )
+        assert market.code == "US_NASDAQ"
+        assert next_open == datetime(2026, 2, 3, 1, 0, tzinfo=ZoneInfo("UTC"))
+
 
 class TestExpandMarketCodes:
     """Test shorthand market expansion."""

workflow/session-handover.md

@@ -0,0 +1,43 @@
+# Session Handover Log
+
+목적: 세션 시작 시 인수인계 확인을 기록하고, 구현/검증 작업 시작 전에 공통 컨텍스트를 강제한다.
+
+작성 규칙:
+- 세션 시작마다 최신 엔트리를 맨 아래에 추가한다.
+- `docs/workflow.md`, `docs/commands.md`, `docs/agent-constraints.md`를 먼저 확인한 뒤 기록한다.
+- 각 엔트리는 현재 작업 브랜치 기준으로 작성한다.
+
+템플릿:
+
+```md
+### YYYY-MM-DD | session=<id or short label>
+- branch: <current-branch>
+- docs_checked: docs/workflow.md, docs/commands.md, docs/agent-constraints.md
+- open_issues_reviewed: #...
+- next_ticket: #...
+- process_gate_checked: process_ticket=#..., merged_to_feature_branch=yes|no|n/a
+- risks_or_notes: ...
+```
+
+### 2026-02-27 | session=handover-gate-bootstrap
+- branch: feature/v3-session-policy-stream
+- docs_checked: docs/workflow.md, docs/commands.md, docs/agent-constraints.md
+- open_issues_reviewed: #304, #305, #306
+- next_ticket: #304
+- risks_or_notes: 세션 시작 게이트를 문서/스크립트/CI로 강제 적용
+
+### 2026-02-27 | session=codex-handover-start
+- branch: feature/v3-session-policy-stream
+- docs_checked: docs/workflow.md, docs/commands.md, docs/agent-constraints.md
+- open_issues_reviewed: #306, #308, #309
+- next_ticket: #304
+- process_gate_checked: process_ticket=#306,#308 merged_to_feature_branch=yes
+- risks_or_notes: 미추적 로컬 파일 존재(문서/DB/lock)로 커밋 범위 분리 필요
+
+### 2026-02-27 | session=codex-process-gate-hardening
+- branch: feature/issue-304-runtime-staged-exit-semantics
+- docs_checked: docs/workflow.md, docs/commands.md, docs/agent-constraints.md
+- open_issues_reviewed: #304, #305
+- next_ticket: #304
+- process_gate_checked: process_ticket=#306,#308 merged_to_feature_branch=yes
+- risks_or_notes: process-change-first 실행 게이트를 문서+스크립트로 강화