Macro-5 Staging Build Authority Boundary — R2-B2 (2026-06-19)
Macro-5 Staging Build Authority Boundary — R2-B2 (2026-06-19)
Date: 2026-06-19 · Workstream: R2-B2-MACRO-5-STAGING-BUILD-AUTHORIZATION-PACKAGE-2026-06-19 (Deliverable 8 of 110) · Editorial revision: rev1
Class: staging build authority boundary · READ-ONLY · NON-ENACTING · NON-AUTHORIZING · NO write performed.
Metadata convention. Editorial revision (rev1) only. AgentData storage revision/
content_lengthauthoritative at read time.
0. Status and non-authorization
STATUS: PASS — engineering / design-only. Draws what a staging-build authorization would and would not permit. Engineering PASS ≠ authority PASS. Default: HOLD.
1. Purpose
Bound the blast radius of a future "yes" so it can never be read as more than a build.
2. Sources / evidence read
Staging vs actual-TD separation (Macro-4 D59); staging build gate (D57); B2 production-firewall contract (Macro-4 D35). Main process, no reader-agents.
3. Accepted baseline (carried)
A staging build authorization is the smallest write-enabled act in the chain and is still strictly bounded by the production firewall.
4. Evidence / analysis — boundary
| A staging-build "yes" WOULD permit | It WOULD NOT permit |
|---|---|
| standing up one disposable, isolated workbench surface | any production birth_registry write |
| seeding a bounded disposable sample (shape only) | certify / canonical / identity / KG / owner-row |
exercising a candidate producer to candidate inspect_* |
a channel selection as runtime authority |
| recording staging-tagged evidence | actual B2 TD entry |
| deleting the whole surface as one unit | auto-promotion to production |
5. Candidate / requirement / gate / result
The boundary is one-directional (Macro-4 boundary, D7): staging never reads into production as authority; production never reads staging candidates. A build "yes" authorizes the left column only. Crossing into the right column is FAIL.
6. Owner-gated future work
Granting the "yes" and materializing the boundary are Owner acts; forbidden now.
7. What remains unresolved
The isolation mechanism that enforces the boundary at build time is FUTURE_TECHNICAL_DESIGN_REQUIRED.
8. Ready for GPT/Codex review
Yes — Codex should confirm the boundary keeps a build "yes" strictly left-column.