Incomex AI Portal
KB-1426

Mega Gate — Delete-Fast Proof Obligations

11 min read Revision 1

Mega Gate — Delete-Fast Proof Obligations

Date: 2026-06-18 · Workstream: LEGO-PILOT-SLICE-0-B2-MEGA-GATE-BUNDLE-2026-06-18 (Deliverable 13 of 20) · Editorial revision: rev1 Class: design-only / proof obligations / verification requirement · READ-ONLY · NON-ENACTING · NON-AUTHORIZING · NOT remediation · NOT technical design · NOT implementation · NOT a runtime test · NO blocker resolved · NO runtime touched.

Metadata convention. Editorial revision (rev1) only. AgentData storage revision and content_length are authoritative in AgentData metadata at read time; not pinned in this body.

Delete-fast lock. This packet states what a future pilot must prove about disposing the staging surface fast and total — as obligations, not a disposal performed. It writes no DELETE/DROP/SQL and no delete mechanism. "Nháp nhanh, xóa nhanh" must be provable; the proof shape is here, the disposal is not.

0. Status and non-authorization

STATUS: PASS — engineering / design-only. This is a complete design-only delete-fast proof-obligations packet: the before/after evidence a future pilot must produce to prove the staging surface deletes fast (one move), total (no residue), and isolated (no cascade into production or other blocks), plus the disqualifying residue condition.

Engineering PASS ≠ authority PASS. A PASS means the delete-fast obligations are complete on paper. It is not an Owner authorization to build, dispose, or test. Default disposition: HOLD.

Pipeline position (downstream-only). Deliverable 13 of the Mega Gate Bundle; it deepens the staging IO contract's §9 delete-fast boundary (Deliverable C) and the verification plan's §8 (Deliverable D) into explicit proof obligations. It disposes nothing.

Non-authorization (explicit). As Deliverable 1 §0, and specifically: it writes no DELETE/DROP/SQL; defines no delete mechanism; disposes no surface; builds no pilot. v0.1/FIX7 V3 not overwritten; v0.2 not authority.

Evidence basis — INHERITED_EVIDENCE. No runtime queried. Proof posture bounded by CAV-3/CAV-4. AgentData metadata authoritative at read time.

Reading discipline (Codex caveat, honored). All sources read directly from AgentData KB, bounded/sequential, by the main process — no parallel/background reader-agents, no sub-agents, no local-prose inference. /tmp = decode-scratch only, never SSOT.

1. Purpose

Make the macro's "xóa nhanh" requirement provable. The packet answers:

  1. What must a pilot prove about delete-fast? — §5 obligations.
  2. What before/after evidence does each require? — §5.
  3. What is the disqualifying residue condition? — §5 (BAD-15 / F-OPEN-9).
  4. Why is delete-fast one unit, and isolated? — §3 / §4.

The one rule, above all detail. Delete-fast = the entire staging surface as ONE disposal unit, deleted in one move, leaving production provably untouched and no residue. This packet states the proof obligations; it writes no delete and runs no disposal.

2. Sources read

All 25 required sources read first-hand from AgentData KB, by the main process, sequentially; none SOURCE_NOT_READ (full list in Deliverable 20 §2). Used principally: the staging IO contract §9 (delete-fast boundary) + §10 (rollback boundary); the verification plan §8 (delete-fast evidence) + BAD-15 + F-OPEN-9; the interface packet S8 (rollback unit discipline, no script); operating-rules (AP-CLOSE; no-script discipline).

3. Accepted baseline (carried, not re-derived)

  • Delete-fast boundary (carried, Deliverable C §9): the staging input projection + the candidate inspect_* outputs + the staging evidence form one bounded disposal unit, deleted in one move; fast (no surgical unwind); total (all candidates incl. bad-input candidates removed); isolated (the unit contains no production rows, so disposal cannot cascade into B1/B3/B4); verifiable (production unchanged after disposal).
  • Rollback = deletion in staging (carried, Deliverable C §10): one staging run = one rollback unit; because staging never wrote production, there is no production rollback to perform.
  • BAD-15 / F-OPEN-9 (carried, Deliverable D): delete-fast failing to remove a candidate is a disqualifying defect; the staging design is rejected.
  • No script (carried, S8 / B2-AC-9 / RP-AC-8): the disposal mechanism is FUTURE_TECHNICAL_DESIGN_REQUIRED; no DELETE/DROP/SQL/command sequence is written.
  • Blockers — all OPEN. Tool/packet lock carried.

4. Analysis — fast, total, isolated

"Nháp nhanh, xóa nhanh" reduces to three measurable properties of disposal:

  • Fast — rejecting a B2 design is "delete the staging surface," one move, no per-row repair or production cleanup. Provable by: disposal touches only the staging surface; production is untouched (NT-7, Deliverable 12).
  • Total — all candidate outputs (including the bad-input candidates from Deliverable 14) and all staging evidence are removed; nothing survives outside the unit. Provable by: a post-disposal inventory showing zero residue.
  • Isolated — because the disposal unit contains no production rows, deletion cannot cascade into B1/B3/B4 or any shared surface. Provable by: the unit's contents are entirely staging-tagged; production count/checksum unchanged.

The freedom to iterate comes from disposability + isolation, not from relaxed rules — the fail-closed Đ0-G rules still apply inside staging. This packet states the obligations to prove these three properties; it performs no disposal.

5. Delete-fast proof obligations

Each obligation must be backed by before/after evidence around disposal. Read-only-provable bounded by CAV-3/CAV-4 (catalog/snapshot reads). Nothing is disposed or measured here.

# Delete-fast obligation Required before/after evidence Read-only-provable? Disqualifies the pilot if…
DF-1 Pre-disposal inventory captured the staging surface contents: candidate-row count, candidate inspect_* count, staging-evidence count, + a checksum/identifier of the staging run Yes (staging-surface catalog reads) inventory cannot be taken (surface not bounded/identifiable)
DF-2 Disposal is one move (fast) disposal is a single unit operation on the staging surface (not per-row surgery), bracketed by the inventory and the post-check Yes (operation scope + timing in staging evidence) disposal requires per-row repair or touches production cleanup
DF-3 Disposal is total post-disposal: zero candidate rows, zero candidate inspect_*, zero residual staging evidence belonging to the disposed run; all candidates incl. bad-input candidates removed Yes (post-disposal catalog reads) any candidate/evidence survives (BAD-15 / F-OPEN-9 disposal residue)
DF-4 Disposal is isolated the disposal touched only the staging surface; production birth_registry (incl. inspect_*, certified, canonical) is byte/count-identical before/after (= NT-7) Yes (production snapshot comparison) any production change attributable to disposal (cascade)
DF-5 Rollback-unit correspondence the disposed unit corresponds to exactly one staging run (its run id), not a partial or cross-run set Yes (staging run id in evidence) the unit spans multiple runs or is partial
DF-6 No silent PASS the delete-fast result is reported with DF-1…DF-5 evidence attached (counts/checksums/run id) Yes (AP-CLOSE) a PASS is reported without the evidence (F-OPEN-10)

The disqualifying residue condition (carried, BAD-15 / F-OPEN-9). If delete-fast leaves any candidate output or staging evidence behind, the staging design is rejected — disposal must be total. This is the single most load-bearing delete-fast obligation: a partial disposal means an experiment's candidate could later be mistaken for, or leak into, production.

No-script discipline (carried). The disposal mechanism (how the unit is deleted) is FUTURE_TECHNICAL_DESIGN_REQUIRED. No DELETE/DROP/SQL/command sequence is written here — only the evidence the delete-fast must yield.

Verdict: delete-fast proof is a requirement, fully specified; it is not met (no pilot/surface exists; INHERITED_EVIDENCE). A future pilot must produce DF-1…DF-6; this packet disposes nothing and writes no delete.

6. Owner-gated future work

Future work Gate required Forbidden now?
Define/execute the delete-fast mechanism Điều 32 (part of staging TD) Yes
Take the DF-1/DF-3/DF-4 inventories + snapshots Owner authorizes a read-only pass (against a built pilot) Yes
Build the staging surface the disposal acts on Điều 32 (staging build is future TD) Yes
Generate the DF-1…DF-6 evidence Điều 32 (within the governed pilot) Yes

7. What remains unresolved

  • No disposal is performed; delete-fast proof is a requirement, not a result.
  • The disposal mechanism is FUTURE_TD — no DELETE/DROP/SQL/command sequence written.
  • DF-4 ties to NT-7 (Deliverable 12) — disposal isolation is the same production-untouched proof.
  • DF-3 is the disqualifying obligation — any residue rejects the staging design (BAD-15 / F-OPEN-9).
  • Blockers — all OPEN, none resolved: CONS-002, CONS-003, CELL-003/004/007, HOLD-1, HOLD-2, RISK-BYPASS, GOV-016/017, GOV-REUSE-001, Điều 39 runtime-EMPTY, Điều 35 production-readiness FAIL.
  • FUTURE_TECHNICAL_DESIGN_REQUIRED (NOT written here): the disposal mechanism, the inventory/snapshot queries, the staging surface, any command sequence.

8. Ready for GPT/Codex review

Yes — as a design-only delete-fast proof-obligations packet, not a disposal.

Core rule, kept above all detail: delete-fast must be proven fast (one move), total (zero residue — DF-3 disqualifying), and isolated (no production cascade — DF-4 = NT-7), reported with evidence (no silent PASS). Nothing is disposed; no delete/SQL is written; the proof is a requirement on a future pilot.

Default disposition: HOLD. Engineering PASS = a complete proof-obligations set on paper; it is not an Owner authorization to build, dispose, or test. No PASS authorizes writes. All blockers remain OPEN.

Back to Knowledge Hub knowledge/dev/laws-new/newlaws/consolidation/mega-gate-delete-fast-proof-obligations-2026-06-18.md