Macro-4 Non-Write Runtime Check Ledger — R2-B2 (2026-06-19)
Macro-4 Non-Write Runtime Check Ledger — R2-B2 (2026-06-19)
Date: 2026-06-19 · Workstream: R2-B2-MACRO-4-STAGING-WORKBENCH-IO-CONTRACT-TD-ENTRY-GATE-2026-06-19 (Deliverable 81 of 90) · Editorial revision: rev1
Class: non-write runtime check ledger · READ-ONLY · NON-ENACTING · NON-AUTHORIZING · read-only checks only · NO write performed.
Metadata convention. Editorial revision (rev1) only. Storage revision/
content_lengthauthoritative at read time.
0. Status and non-authorization
STATUS: PASS — engineering / design-only. The exact read-only checks run this macro + proof of no mutation. Engineering PASS ≠ authority PASS. Default: HOLD.
1. Purpose
Record every runtime touch so reviewers can verify it was read-only.
2. Sources / evidence read
query_pg (READ ONLY, AST-validated, read-only role, statement_timeout 5s, LIMIT 500) + list_docker (read-only). Main process, no reader-agents.
3. Accepted baseline (carried)
Only KB consolidation docs were written; the runtime was read-only.
4. Evidence / analysis — FRESH read-only checks (2026-06-19, this session)
| Check | Query/tool | Result |
|---|---|---|
| ownership rows | count(*) governance_object_ownership |
0 |
| birth totals | birth_registry counts |
total 1,213,202 / certified 1,402 / uncertified 1,211,800 |
| uncert with any inspect | filtered count | 0 |
| certified window | min/max/certified_at distinct-days |
all 2026-03-21 06:00:38→08:00:36; distinct cert-days=1 |
| KG provenance | universal_edges |
2,199 / 0 prov / 0 valid_time / 0 quarantined / 2,199 conf |
| outbox | count(*) event_outbox |
215,609 |
| pg_cron | pg_extension |
absent (0 rows) |
| agent-api contracts | dot_agent_api_contract |
2 (DOT_KG_EXPLAIN DRY_RUN endpoint_bound + DOT_KG_EXPLAIN_VERIFY VERIFY_ONLY; no_mutation_assertion=true); 0 birth-bound |
| host crontab | count(*) wf_host_crontab_snapshot |
54 (0 birth) |
| dot switches | dot_config |
119; process_dot_runtime.execute_enabled/real_run_enabled=false; queue.worker.enabled/job_substrate.enabled=false; iu_create.gateway.mode=enforced/block_after_guard |
| birth triggers | pg_trigger on birth_registry |
3 total / 2 enabled |
| staging-like tables | information_schema.tables |
iu_core.iu_staging_payload(~4), iu_core.iu_staging_record(~3), 2 views, public.unit_edit_draft — production IU surfaces |
| containers | list_docker |
11; agent-api-executor Up 2 weeks healthy :8090; postgres Up 2 months healthy |
app.birth_gate_mode GUC |
current_setting() |
DENIED (not in query_pg safe-param allowlist) → inherited: warn-mode, no persisted bypass (CAV-5) |
5. Contract / requirement / matrix / result
Mutating calls: 0. No INSERT/UPDATE/DELETE/DDL; no restart/reload; no switch flip; no DOT/KG/birth/certify/promote trigger. Read-only role + READ ONLY transaction enforced by the tool. KB writes = the 90 Macro-4 docs only.
6. Owner-gated future work
Any write is Owner-gated; forbidden now.
7. What remains unresolved
Evidence is fresh as of 2026-06-19; the runtime evolves (backlog growing); app.birth_gate_mode transient layer unreadable here.
8. Ready for GPT/Codex review
Yes — this ledger is the no-mutation proof of record.