dot:kg REAL_RUN Ladder Playbook

2026-06-04. How to take dot:kg from DRY_RUN to a first safe REAL_RUN.

Where we are

2 correlated DRY_RUN + 4 SIMULATED; REAL_RUN 0. Producer DOT_KG_EXPLAIN is endpoint-bound, DRY_RUN mode, no_mutation_assertion=true, fail_closed_no_mutation. Runtime gate triple-locked (real_run_enabled=false, execute_enabled=false, dry_run_only=true).

The preflight (run before anything)

SELECT * FROM v_dotkg_realrun_preflight; — must read OVERALL_VERDICT = ALL_GATES_GO before a REAL_RUN. Today: REALRUN_BLOCKED_MULTI_GATE (5 BLOCK gates, 4 GO preconditions).

Ladder (owner/president authority)

1. PROC-OWN-04 → assign dot:kg family governance owner.
2. Decide controlled-mutation boundary — keep no_mutation_assertion=true for the first REAL_RUN.
3. Promote DOT_KG_EXPLAIN contract DRY_RUN → REAL_RUN (governed).
4. Flip dot_config in order: dry_run_only=false → execute_enabled=true → real_run_enabled=true.
5. Confirm executor health (loopback, read_only, cap_drop ALL; selfcheck 7/7; 403 on unauthorized).
6. One correlated producer+verifier REAL_RUN. Success = verifier PASS + zero out-of-namespace writes.
7. Killswitch: real_run_enabled=false reverts instantly.

After first REAL_RUN

Promote dot:kg evidence to real_run_observed. The 10-process split is the next, owner-gated step — each split process gets its own definition + owner + axis_assignment. Do not split before a passing REAL_RUN.

Never

No fake REAL_RUN, no mutating agent_api, no flip without owner authorization.