Read-Only Do-Not-Implement Register — R2-B2 (2026-06-18)
Read-Only Do-Not-Implement Register — R2-B2
Date: 2026-06-18 · Workstream: LEGO-PILOT-SLICE-0-R2-B2-READONLY-EVIDENCE-OWNER-PATH-MACRO-2026-06-18 (Deliverable 28 of 30) · Editorial revision: rev1
Class: forbidden-action register · READ-ONLY · NON-ENACTING · NON-AUTHORIZING · NO write performed.
Metadata convention. Editorial revision (rev1) only. AgentData storage revision/
content_lengthauthoritative at read time; not pinned here.
Register lock. This packet is the explicit do-not-implement register for the path after this macro: the actions that stay forbidden despite the fresh read-only evidence. Read-only evidence reduces uncertainty; it authorizes nothing.
0. Status and non-authorization
STATUS: PASS — engineering / design-only. A complete forbidden-action register. Engineering PASS ≠ authority PASS. Default disposition: HOLD. No DB write/DDL/DML; no TD; no blocker resolved.
Evidence basis — design synthesis. Reading discipline: main process, no reader-agents.
1. Purpose
State, in one place, what remains forbidden after the fresh evidence — so no reader mistakes "read-only verified" for "authorized." §5 is the register.
The one rule: every action below is forbidden now (OWNER_GATE_REQUIRED or out of scope). Fresh read-only evidence changes none of them.
2. Sources / evidence read
Deliverables 1–27 (the non-authorization sections); the macro §4 forbidden list. Read directly, main process.
3. Accepted baseline (carried)
All prior packets carry identical non-authorization; this register consolidates it for the evidence macro.
4. Why a register even after fresh evidence
Read-only evidence can tempt a reader to act ("B3/B4 are fine, the substrate is known — let's wire a channel / run a producer"). The register exists to make explicit that confirming a fact read-only does not authorize the corresponding write. Every move below stays gated.
5. Do-not-implement register (all FORBIDDEN now)
| # | Forbidden action | Why forbidden | Gate to lift later |
|---|---|---|---|
| 1 | DB write / DDL / DML | read-only macro | Điều 32 |
| 2 | restart/reload container/service | — | Điều 32 |
| 3 | run worker / cron / job / trigger | substrate fail-closed | Điều 32 + channel + S2 |
| 4 | trigger DOT / KG / birth / certify / promote / repair | — | Điều 32 |
| 5 | set inspect_pen / inspect_stamp / inspect_gate |
B2 producer not built | Điều 32 + S2 + channel + staging |
| 6 | set certified=true |
B2 never certifies (B4's job) | — (never B2) |
| 7 | flip app.birth_gate_mode / dot_config gate |
B7 not opened | separate B7 package |
| 8 | assign governance owner (S2) | Owner decision | Điều 37 → Điều 32 |
| 9 | select channel as authority | recommendation-only | Owner decision |
| 10 | promote agent-api contract DRY_RUN→REAL_RUN |
— | Điều 32 + contract promotion |
| 11 | install pg_cron / enable queue worker | risky/future-gated | Điều 32 + infra/master-switch |
| 12 | write env / config; patch source / law / draft / note / prior report | read-only | Owner-gated documentary step |
| 13 | create current / staging corpus or schema | IO-contract only | Điều 32 (staging build) |
| 14 | write SQL mutate plan / command sequence / rollback script | no actual TD | Điều 32 (TD) |
| 15 | write actual technical design | aggregate NO-GO | Owner decision after entry gate Go |
| 16 | implement / build the producer | — | full gated chain |
| 17 | resolve any blocker | read-only verify ≠ closure | each blocker's separate workstream |
| 18 | open B5 (backlog) / B7 (GUC) as design | scope creep | separate future packages |
| 19 | open R1/KG as a workstream | cross-check only | separate R1 macro |
| 20 | recover/adopt Đ0-G silently | source-authority gap | external S6 / Owner acceptance with caveat |
| 21 | overwrite v0.1-stable / FIX7 V3 baseline | tool lock | — (never) |
| 22 | promote / use v0.2-hardening as authority | tool lock | regression + Owner/User promotion |
6. Owner-gated future work
Every row above is Owner-gated or out of scope; lifting any is a separate Owner decision.
7. What remains unresolved
- All 22 actions remain forbidden after the fresh evidence.
- Blockers — all OPEN.
8. Ready for GPT/Codex review
Yes — as the do-not-implement register.
Core rule: fresh read-only evidence authorizes none of the 22 forbidden actions; read-only verify ≠ authorization.
Default disposition: HOLD. Engineering PASS ≠ authority PASS. All blockers remain OPEN.