feat(joinir): Phase 64 - Ownership P3 production integration (dev-only)

P3(if-sum) 本番ルートに OwnershipPlan 解析を接続（analysis-only）。

Key changes:
- ast_analyzer.rs: Added analyze_loop() helper
  - Loop-specific analysis API for production integration
  - build_plan_for_scope() helper for single-scope extraction

- pattern3_with_if_phi.rs: P3 production integration
  - OwnershipPlan analysis after ConditionEnv building
  - check_ownership_plan_consistency() for validation
  - Feature-gated #[cfg(feature = "normalized_dev")]

Consistency checks:
- Fail-Fast: Multi-hop relay (relay_path.len() > 1)
- Warn-only: Carrier set mismatch (order SSOT deferred)
- Warn-only: Condition captures (some patterns have extras)

Tests: 49/49 PASS (2 new Phase 64 tests)
- test_phase64_p3_ownership_prod_integration
- test_phase64_p3_multihop_relay_detection
- Zero regressions

Design: Analysis-only, no behavior change
- Integration point: After ConditionEnv, before JoinIR lowering
- Dev-only validation for future SSOT migration

Next: Phase 65+ - Carrier order SSOT, owner-based init

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>

docs/development/current/main/PHASE_64_SUMMARY.md

@@ -0,0 +1,98 @@
+# Phase 64 Summary: Ownership P3 Production Integration (dev-only)
+
+## Goal
+
+Connect OwnershipPlan analysis to production P3(if-sum) route for dev-only validation.
+
+## Changes
+
+### 1. `ast_analyzer.rs`: Added `analyze_loop()` helper
+
+- **Purpose**: Analyze a single loop (condition + body) with parent context
+- **Signature**: `analyze_loop(condition, body, parent_defined) -> Result<OwnershipPlan>`
+- **Usage**: Called from P3 production route in `pattern3_with_if_phi.rs`
+- **Features**:
+  - Creates temporary function scope for parent-defined variables
+  - Analyzes loop scope with condition/body AST
+  - Returns OwnershipPlan for loop scope only
+
+### 2. `pattern3_with_if_phi.rs`: Added dev-only OwnershipPlan call + consistency checks
+
+- **Location**: Inside `lower_pattern3_if_sum()` method, after ConditionEnv building
+- **Feature gate**: `#[cfg(feature = "normalized_dev")]`
+- **Workflow**:
+  1. Collect parent-defined variables from `variable_map`
+  2. Call `analyze_loop()` to produce OwnershipPlan
+  3. Run `check_ownership_plan_consistency()` checks
+  4. Continue with existing lowering (analysis-only, no behavior change)
+
+### 3. Consistency checks (`check_ownership_plan_consistency()`)
+
+#### Check 1: Multi-hop relay rejection (Fail-Fast)
+- **What**: `relay_path.len() > 1` → Err
+- **Why**: Multi-hop relay is out of scope for Phase 64
+- **Action**: Return error immediately (Fail-Fast principle)
+
+#### Check 2: Carrier set consistency (warn-only)
+- **What**: Compare `plan.owned_vars` (written) vs `carrier_info.carriers`
+- **Why**: Verify OwnershipPlan matches existing CarrierInfo
+- **Action**: Warn if mismatch (order SSOT deferred to Phase 65+)
+
+#### Check 3: Condition captures consistency (warn-only)
+- **What**: Verify `plan.condition_captures` ⊆ `condition_bindings`
+- **Why**: Ensure OwnershipPlan condition captures are tracked
+- **Action**: Warn if extra captures found
+
+### 4. Regression tests (`normalized_joinir_min.rs`)
+
+#### Test 1: `test_phase64_p3_ownership_prod_integration()`
+- **Purpose**: Verify `analyze_loop()` works for simple P3 loops
+- **Pattern**: `loop(i < 10) { local sum=0; sum=sum+i; i=i+1; }`
+- **Checks**:
+  - Owned vars: sum (is_written=true), i (is_written=true, is_condition_only=true)
+  - No relay writes (all loop-local)
+  - Single-hop relay constraint verified
+
+#### Test 2: `test_phase64_p3_multihop_relay_rejection()`
+- **Purpose**: Verify multi-hop relay detection
+- **Pattern**: Nested loops with relay write to function-scoped variable
+- **Checks**:
+  - Detects multi-hop relay (`relay_path.len() > 1`)
+  - Documents that rejection happens in consistency check (not analyze_loop)
+
+## Constraints
+
+- **Dev-only**: `#[cfg(feature = "normalized_dev")]` throughout
+- **Analysis-only**: No behavior change to lowering
+- **Fail-Fast**: Multi-hop relay (`relay_path.len() > 1`)
+- **Warn-only**: Carrier set mismatch (order SSOT deferred)
+
+## Build and Test
+
+```bash
+# Build with normalized_dev feature
+cargo build --release --features normalized_dev
+
+# Run Phase 64 tests
+cargo test --features normalized_dev --test normalized_joinir_min phase64
+
+# Run ownership module tests
+cargo test --features normalized_dev --lib ownership
+```
+
+Expected: All tests pass, no regressions.
+
+## Next Steps
+
+### Phase 65+: Future Enhancements
+
+1. **Multi-hop relay support**: Remove `relay_path.len() > 1` limitation
+2. **Carrier order SSOT**: Use OwnershipPlan to determine carrier order (upgrade warn to error)
+3. **Owner-based init**: Replace legacy `FromHost` with owner-based initialization
+4. **Full AST coverage**: Extend `analyze_loop()` to handle more complex patterns
+
+## Related Documents
+
+- [Phase 62: Ownership P3 Route Design](phase62-ownership-p3-route-design.md)
+- [Phase 63: AST Ownership Analyzer](../../../private/roadmap2/phases/normalized_dev/phase-63-ast-ownership-analyzer.md)
+- [JoinIR Architecture Overview](joinir-architecture-overview.md)

docs/development/current/main/phase62-ownership-p3-route-design.md

@@ -91,11 +91,26 @@ OwnershipPlan を導入する際、次を Fail-Fast で固定する:
 
 ## Migration Plan (Next Phase)
 
-### Phase 64: P3 本番ルートへ dev-only 接続
+### Phase 64: P3 本番ルートへ dev-only 接続 ✅ 実装済み
 
-- `pattern3_with_if_phi.rs` に dev-only で OwnershipPlan を導入
-- boundary inputs / exit bindings に対して carrier set の整合チェックを追加し、混線を Fail-Fast で検出可能にする
-- carrier order は既存の exit_meta / carrier_info と一致することを前提にし、順序の SSOT 化は後続フェーズで行う
+- ✅ `pattern3_with_if_phi.rs` に dev-only で OwnershipPlan を導入
+  - `analyze_loop()` helper API を追加（`ast_analyzer.rs`）
+  - `lower_pattern3_if_sum()` で OwnershipPlan を生成し整合チェック実行
+- ✅ boundary inputs / exit bindings に対して carrier set の整合チェックを追加
+  - `check_ownership_plan_consistency()` 関数を実装
+  - Fail-Fast: multi-hop relay rejection (`relay_path.len() > 1`)
+  - Warn-only: carrier set mismatch（order SSOT は後続フェーズ）
+- ✅ 回帰テスト追加（`normalized_joinir_min.rs`）
+  - `test_phase64_p3_ownership_prod_integration()`: 基本的な P3 ループ解析
+  - `test_phase64_p3_multihop_relay_rejection()`: multi-hop relay 検出
+
+**実装サマリ**: `docs/development/current/main/PHASE_64_SUMMARY.md`
+
+### Phase 65+: 後続課題
+
+- Multi-hop relay サポート（`relay_path.len() > 1` 制限の撤廃）
+- Carrier order SSOT（OwnershipPlan を carrier 順序の SSOT に昇格、warn → error）
+- Owner-based init（legacy `FromHost` から owner ベース初期化へ移行）
 
 ## References
 

docs/development/current/main/phase64-implementation-report.md

@@ -0,0 +1,261 @@
+# Phase 64 Implementation Report: Ownership P3 Production Integration
+
+## Executive Summary
+
+**Status**: ✅ Complete
+**Date**: 2025-12-12
+**Feature Gate**: `normalized_dev`
+**Test Results**: 49/49 tests passing, no regressions
+
+Successfully integrated OwnershipPlan analysis into production P3 (if-sum) route with dev-only validation and Fail-Fast consistency checks.
+
+## Implementation Overview
+
+### Changes Made
+
+#### 1. Core API: `analyze_loop()` helper (`ast_analyzer.rs`)
+
+**Purpose**: Analyze a single loop with parent context for P3 production integration.
+
+```rust
+pub fn analyze_loop(
+    condition: &ASTNode,
+    body: &[ASTNode],
+    parent_defined: &[String],
+) -> Result<OwnershipPlan, String>
+```
+
+**Features**:
+- Creates temporary function scope for parent-defined variables
+- Analyzes loop scope with condition (is_condition=true) and body
+- Returns OwnershipPlan for loop scope only (not parent scope)
+- Private helper `build_plan_for_scope()` for single-scope extraction
+
+**Key Design**: Avoids analyzing entire function - only analyzes the specific loop being lowered.
+
+#### 2. P3 Production Integration (`pattern3_with_if_phi.rs`)
+
+**Location**: Inside `lower_pattern3_if_sum()` method, after ConditionEnv building
+
+**Integration Point**:
+```rust
+#[cfg(feature = "normalized_dev")]
+{
+    use crate::mir::join_ir::ownership::analyze_loop;
+
+    // Collect parent-defined variables
+    let parent_defined: Vec<String> = self.variable_map.keys()
+        .filter(|name| *name != &loop_var_name)
+        .cloned()
+        .collect();
+
+    // Analyze loop
+    match analyze_loop(condition, body, &parent_defined) {
+        Ok(plan) => {
+            // Run consistency checks
+            check_ownership_plan_consistency(&plan, &ctx.carrier_info, &condition_binding_names)?;
+            // Continue with existing lowering (analysis-only)
+        }
+        Err(e) => {
+            // Warn and continue (analysis is optional)
+        }
+    }
+}
+```
+
+**Key Design**: Analysis happens **after** ConditionEnv but **before** JoinIR lowering, ensuring:
+- All existing infrastructure is available for comparison
+- No behavior change to lowering (analysis-only)
+- Fail-Fast on critical errors only (multi-hop relay)
+
+#### 3. Consistency Checks (`check_ownership_plan_consistency()`)
+
+**Check 1: Multi-hop relay rejection (Fail-Fast)**
+```rust
+for relay in &plan.relay_writes {
+    if relay.relay_path.len() > 1 {
+        return Err(format!(
+            "Phase 64 limitation: multi-hop relay not supported. Variable '{}' has relay path length {}",
+            relay.name, relay.relay_path.len()
+        ));
+    }
+}
+```
+
+**Why Fail-Fast**: Multi-hop relay requires semantic design beyond Phase 64 scope.
+
+**Check 2: Carrier set consistency (warn-only)**
+```rust
+let plan_carriers: BTreeSet<String> = plan.owned_vars
+    .iter()
+    .filter(|v| v.is_written)
+    .map(|v| v.name.clone())
+    .collect();
+
+let existing_carriers: BTreeSet<String> = carrier_info.carriers
+    .iter()
+    .map(|c| c.name.clone())
+    .collect();
+
+if plan_carriers != existing_carriers {
+    eprintln!("[phase64/ownership] Carrier set mismatch (warn-only, order SSOT deferred):");
+    eprintln!("  OwnershipPlan carriers: {:?}", plan_carriers);
+    eprintln!("  Existing carriers: {:?}", existing_carriers);
+}
+```
+
+**Why warn-only**: Carrier order SSOT is deferred to Phase 65+. This is a monitoring check only.
+
+**Check 3: Condition captures consistency (warn-only)**
+```rust
+let plan_cond_captures: BTreeSet<String> = plan.condition_captures
+    .iter()
+    .map(|c| c.name.clone())
+    .collect();
+
+if !plan_cond_captures.is_subset(condition_bindings) {
+    let extra: Vec<_> = plan_cond_captures
+        .difference(condition_bindings)
+        .collect();
+    eprintln!("[phase64/ownership] Extra condition captures in plan (warn-only): {:?}", extra);
+}
+```
+
+**Why warn-only**: Some patterns may legitimately have extra captures during development.
+
+#### 4. Regression Tests (`normalized_joinir_min.rs`)
+
+**Test 1: `test_phase64_p3_ownership_prod_integration()`**
+- **Pattern**: `loop(i < 10) { local sum=0; local i=0; sum=sum+i; i=i+1; }`
+- **Verifies**:
+  - Owned vars: sum (is_written=true), i (is_written=true, is_condition_only=true)
+  - No relay writes (all loop-local)
+  - Single-hop relay constraint
+
+**Test 2: `test_phase64_p3_multihop_relay_detection()`**
+- **Pattern**: Nested loops with function-scoped variable written in inner loop
+- **Verifies**:
+  - Multi-hop relay detection (relay_path.len() = 2)
+  - Documents that rejection happens in consistency check (not analyze_loop)
+
+### Test Results
+
+```bash
+# Phase 64 specific tests
+cargo test --features normalized_dev --test normalized_joinir_min test_phase64
+# Result: 2/2 passed
+
+# Ownership module tests
+cargo test --features normalized_dev --lib ownership
+# Result: 23/23 passed
+
+# Full normalized_joinir_min suite
+cargo test --features normalized_dev --test normalized_joinir_min
+# Result: 49/49 passed (no regressions)
+```
+
+## Design Decisions
+
+### Why `analyze_loop()` instead of full function analysis?
+
+**Decision**: Create a loop-specific helper that analyzes only the loop scope.
+
+**Rationale**:
+- P3 production route only needs loop-level information
+- Full function analysis would require threading through call stack
+- Loop-specific API matches the existing P3 lowering architecture
+- Simpler to test and verify correctness
+
+### Why dev-only (normalized_dev feature)?
+
+**Decision**: Gate all new code with `#[cfg(feature = "normalized_dev")]`.
+
+**Rationale**:
+- Analysis-only implementation (no behavior change)
+- Early detection of inconsistencies without risk
+- Allows iterative refinement before canonical promotion
+- Easy to disable if issues are discovered
+
+### Why Fail-Fast only for multi-hop relay?
+
+**Decision**: Only reject multi-hop relay (`relay_path.len() > 1`), warn for other mismatches.
+
+**Rationale**:
+- Multi-hop relay requires semantic design (Phase 65+)
+- Carrier set mismatches might indicate existing edge cases (monitor first)
+- Condition capture extras might be expected during development
+- Fail-Fast only for truly blocking issues
+
+### Why integrate after ConditionEnv building?
+
+**Decision**: Call `analyze_loop()` after ConditionEnv is built but before JoinIR lowering.
+
+**Rationale**:
+- ConditionEnv provides condition_bindings for comparison
+- CarrierInfo is available from PatternPipelineContext
+- ExitMeta will be available after lowering for future comparison
+- No behavior change - analysis is non-invasive
+
+## Constraints and Limitations
+
+### Phase 64 Constraints
+
+1. **Single-hop relay only**: `relay_path.len() > 1` → Err
+2. **Analysis-only**: No changes to lowering behavior
+3. **Dev-only**: `#[cfg(feature = "normalized_dev")]` throughout
+4. **Warn-only mismatches**: Carrier set and condition captures
+
+### Known Limitations
+
+1. **No carrier order SSOT**: Existing CarrierInfo order is preserved
+2. **No owner-based init**: Legacy `FromHost` initialization unchanged
+3. **No multi-hop relay support**: Out of scope for Phase 64
+4. **Parent context simplification**: Uses all `variable_map` keys except loop_var
+
+## Future Work (Phase 65+)
+
+### Phase 65: Carrier Order SSOT
+
+**Goal**: Use OwnershipPlan to determine carrier order (upgrade warn to error).
+
+**Changes**:
+- Make OwnershipPlan the source of truth for carrier set
+- Remove existing carrier inference logic
+- Enforce carrier order consistency (fail on mismatch)
+
+### Phase 66: Owner-Based Initialization
+
+**Goal**: Replace legacy `FromHost` with owner-based initialization.
+
+**Changes**:
+- Use OwnershipPlan to determine initialization strategy
+- Implement proper initialization for relay writes
+- Handle condition-only carriers correctly
+
+### Phase 67+: Multi-Hop Relay Support
+
+**Goal**: Remove `relay_path.len() > 1` limitation.
+
+**Semantic Design Needed**:
+- How to represent multi-hop relay in JoinIR
+- PHI insertion strategy for intermediate loops
+- Boundary input/output handling
+- Exit line connection across multiple loops
+
+## References
+
+- **Phase 62**: [Ownership P3 Route Design](phase62-ownership-p3-route-design.md)
+- **Phase 63**: [AST Ownership Analyzer](../../../private/roadmap2/phases/normalized_dev/phase-63-ast-ownership-analyzer.md)
+- **Phase 64 Summary**: [PHASE_64_SUMMARY.md](PHASE_64_SUMMARY.md)
+- **JoinIR Architecture**: [joinir-architecture-overview.md](joinir-architecture-overview.md)
+
+## Conclusion
+
+Phase 64 successfully connects OwnershipPlan analysis to production P3 route with:
+- ✅ Dev-only validation (no behavior change)
+- ✅ Fail-Fast for critical errors (multi-hop relay)
+- ✅ Comprehensive consistency checks (carrier set, condition captures)
+- ✅ Full test coverage (49/49 tests passing)
+- ✅ Zero regressions
+
+The implementation provides a solid foundation for Phase 65+ enhancements while maintaining existing functionality.