Mega Gate — Staging No-Production-Touch Proof Matrix
Mega Gate — Staging No-Production-Touch Proof Matrix
Date: 2026-06-18 · Workstream: LEGO-PILOT-SLICE-0-B2-MEGA-GATE-BUNDLE-2026-06-18 (Deliverable 12 of 20) · Editorial revision: rev1
Class: design-only / proof matrix / verification requirement · READ-ONLY · NON-ENACTING · NON-AUTHORIZING · NOT remediation · NOT technical design · NOT implementation · NOT a runtime test · NO blocker resolved · NO runtime touched.
Metadata convention. Editorial revision (rev1) only. AgentData storage revision and
content_lengthare authoritative in AgentData metadata at read time; not pinned in this body.
Proof-requirement lock. This packet states what a future pilot must prove to show staging never touched production/canonical — as a required evidence shape, not a proof performed. It runs no snapshot, no comparison, no test; it writes no SQL/query. Every entry is an obligation on a future pilot; nothing is verified here.
0. Status and non-authorization
STATUS: PASS — engineering / design-only. This is a complete design-only proof matrix: the before/after evidence a future B2 pilot must produce to prove zero production/canonical touch, the per-claim proof requirement, the read-only-provability of each (bounded by the tool caveats), and the fail-conditions that would disqualify a pilot.
Engineering PASS ≠ authority PASS. A PASS means the proof matrix is complete on paper. It is not an Owner authorization to build a pilot, run a snapshot, or test. Default disposition: HOLD.
Pipeline position (downstream-only). Deliverable 12 of the Mega Gate Bundle; it deepens the staging IO contract's §11 no-production-touch requirement (Deliverable C) and the verification plan's §10 (Deliverable D) into an explicit proof matrix. It proves nothing.
Non-authorization (explicit). As Deliverable 1 §0, and specifically: it runs no snapshot/comparison/test; writes no SQL; builds no pilot; promotes nothing. v0.1/FIX7 V3 not overwritten; v0.2 not authority.
Evidence basis — INHERITED_EVIDENCE. No runtime queried. The proof posture is bounded by CAV-3/CAV-4 (state provable via catalog reads + DB-captured snapshots). AgentData metadata authoritative at read time.
Reading discipline (Codex caveat, honored). All sources read directly from AgentData KB, bounded/sequential, by the main process — no parallel/background reader-agents, no sub-agents, no local-prose inference. /tmp = decode-scratch only, never SSOT.
1. Purpose
Make the macro's "không chạm production" requirement provable. The packet answers:
- What must a pilot prove to show zero production touch? — §5 proof matrix.
- What before/after evidence does each claim require? — §5.
- Which proofs are read-only-provable, and under what tool limits? — §5 column.
- What fails the pilot? — §5 fail-conditions.
The one rule, above all detail. "Never touched production/canonical" must be proven, not asserted — a before/after snapshot of production counts/checksums plus the staging evidence. This packet states the required proof shape; it runs none of it.
2. Sources read
All 25 required sources read first-hand from AgentData KB, by the main process, sequentially; none SOURCE_NOT_READ (full list in Deliverable 20 §2). Used principally: the staging IO contract §11 (no-production-touch requirement); the verification plan §10 (no-touch evidence) + §6 (fail-open conditions); the R2 readiness scope (production birth_registry counts/columns); the interface packet (S7 records-not-decides); operating-rules (AP-CLOSE; "PASS/FAIL không có số liệu" anti-pattern).
3. Accepted baseline (carried, not re-derived)
- The central staging safety claim (carried, Deliverable C §11): staging must be provably — not assertedly — incapable of touching production/canonical. Required to show, per staging run: zero production writes; zero identity mint; zero KG write; zero certify trigger; containment after delete-fast.
- Proof posture (carried, CAV-3/CAV-4): state is provable via DB-captured snapshots + catalog reads; the no-touch proof must be expressible as a before/after comparison of production counts/checksums plus the staging evidence.
- The load-bearing separation (carried, Deliverable C §7): candidate
inspect_*live only on the disposable surface; B4 reads production only; staging triggers no production certify by construction. - Blockers — all OPEN. Tool/packet lock carried.
4. Analysis — why a proof matrix, not an assertion
The whole value of staging is that an operator can iterate freely because nothing they do touches production. That safety is only real if it is demonstrable: a pilot that says "I didn't touch production" without a before/after diff is itself fail-open (the "PASS/FAIL không có số liệu" anti-pattern). So the no-touch claim decomposes into a small set of measurable sub-claims (production inspect_* count unchanged; certified count unchanged; canonical fields unchanged; identity unchanged; KG unchanged; containment after disposal), each with a before/after evidence requirement. The proof is bounded by the tool caveats (catalog + snapshot reads, not live process introspection), so it is expressed as count/checksum comparisons. This packet states those requirements; a future pilot meets them.
5. No-production-touch proof matrix
Each claim must be backed by before/after evidence bracketing the entire pilot (run + disposal). "Read-only-provable?" is bounded by CAV-3/CAV-4. Nothing is measured here.
| # | No-touch claim | Required before/after evidence | Read-only-provable? | Fails the pilot if… |
|---|---|---|---|---|
| NT-1 | Production inspect_* unchanged |
count of production birth_registry rows with any inspect_* set is identical before/after, and the specific production rows are unchanged |
Yes (catalog count/checksum) | any production inspect_* changed (F-OPEN-1 phantom stamp / F-OPEN-8 production leak) |
| NT-2 | Production certified unchanged |
certified count (+ certified_at set) identical before/after; no production certify attributable to the pilot |
Yes (catalog count) | any production certified=true attributable to the pilot (F-OPEN-2 unearned certify) |
| NT-3 | Canonical fields unchanged | canonical_address/owner/jsonb_profile/status unchanged on all production rows |
Yes (catalog checksum) | any canonical field changed (F-OPEN-3 canonical leak) |
| NT-4 | Zero identity mint | no new production entity_code/S3 identity created by the pilot |
Yes (catalog count of birth_registry rows) |
any new production identity attributable to the pilot |
| NT-5 | Zero KG write | no provenance/edge/quarantine write attributable to the pilot |
Yes (catalog count on universal_edges/provenance) |
any KG write attributable to the pilot (cross-check Deliverable 18) |
| NT-6 | Zero certify trigger from staging | B4 never fired off a staging candidate (no production certify during the staging run) | Yes (NT-2 + the separation invariant: B4 reads production only) | a staging candidate reached B4 (F-OPEN-8 production leak) |
| NT-7 | Containment after delete-fast | after disposal, the staging surface is empty/absent and the production snapshot is byte/count-identical to the pre-pilot snapshot | Yes (snapshot comparison) | any production change after disposal, or any staging residue (F-OPEN-9; cross Deliverable 13) |
| NT-8 | No silent PASS | the no-touch result is reported with the NT-1…NT-7 evidence attached (counts/checksums/ids) | Yes (AP-CLOSE) | a PASS is reported without the evidence (F-OPEN-10 silent PASS) |
Proof construction (carried, CAV-3/CAV-4). The proof is a before/after comparison of production counts/checksums plus the staging evidence, taken at catalog level (no live process introspection; no crontab -l/docker exec). The staging evidence (Deliverable C §8; tagged STAGING) supplies the per-run candidate counts so the production diff can be attributed. No snapshot or comparison is run here — this is the required shape, not a result.
Fail-conditions summary (carried from the verification plan §6). A pilot fails the no-touch proof on any of: F-OPEN-1 (phantom stamp), F-OPEN-2 (unearned certify), F-OPEN-3 (canonical leak), F-OPEN-8 (production leak), F-OPEN-9 (disposal residue), F-OPEN-10 (silent PASS). Any one is disqualifying.
Verdict: the no-production-touch proof is a requirement, fully specified; it is not met (no pilot exists; INHERITED_EVIDENCE). A future pilot must produce NT-1…NT-8 evidence; this packet runs none of it.
6. Owner-gated future work
| Future work | Gate required | Forbidden now? |
|---|---|---|
| Take the before/after production snapshots (NT-1…NT-7) | Owner authorizes a read-only pass (against a built pilot) | Yes |
| Build the pilot + staging that the proof brackets | Điều 32 + S2 + channel + staging | Yes |
| Generate the NT-1…NT-8 evidence | Điều 32 (within the governed pilot) | Yes |
| Cross-check NT-5 against the R1-KG invariant (Deliverable 18) | Owner-gated read-only | Yes (not done here) |
7. What remains unresolved
- No proof is produced; the no-touch claim is a requirement, not a result. A future pilot must meet NT-1…NT-8.
- Proof is catalog-level (CAV-3/CAV-4) — count/checksum comparisons, not live process introspection.
- NT-6 depends on the separation invariant (B4 reads production only) — which Deliverable 9/12 require and Deliverable 14 (BAD-14) tests.
- NT-7 depends on delete-fast totality (Deliverable 13).
- Blockers — all OPEN, none resolved: CONS-002, CONS-003, CELL-003/004/007, HOLD-1, HOLD-2, RISK-BYPASS, GOV-016/017, GOV-REUSE-001, Điều 39 runtime-EMPTY, Điều 35 production-readiness FAIL.
- FUTURE_TECHNICAL_DESIGN_REQUIRED (NOT written here): the snapshot/comparison queries, the pilot, the staging surface, any command sequence.
8. Ready for GPT/Codex review
Yes — as a design-only proof matrix, not a proof.
Core rule, kept above all detail: "never touched production/canonical" must be proven by before/after production count/checksum snapshots plus the staging evidence (NT-1…NT-8), with no silent PASS; any F-OPEN condition disqualifies the pilot. Nothing is measured here; the proof is a requirement on a future pilot.
Default disposition: HOLD. Engineering PASS = a complete proof matrix on paper; it is not an Owner authorization to build, snapshot, or test. No PASS authorizes writes. All blockers remain OPEN.