02 — Live Runtime Write-Channel and Sandbox Authority Survey — 2026-06-22
02 — LIVE RUNTIME WRITE-CHANNEL + SANDBOX AUTHORITY SURVEY — 2026-06-22
This is the decisive file. The prior dry-run macro stopped at "query_pg read-only / MCP CRUD 403". This macro probed every write route with an actual call.
1. Write-channel questions (macro §3.2)
| Question | Answer | Evidence |
|---|---|---|
| Is there a governed test/sandbox write channel? | NO governed channel reaches C1 or the DOT contract registry; no isolated sandbox at all | E7, E8 |
| What can it write? | Only docs (write_file) + governed item writes to allowlisted collections (C1 not among them) |
E7, E9 |
| What can it not write? | DDL (tables/functions), C1 collection items, DOT contract rows | E7, E10 |
| Is it C1-scoped? | No C1 write target exists | E7 |
| Is it production-isolated? | NO — only directus DB; schemas public+iu_core; no sandbox |
E8 |
| Can it create DOT/Directus contracts? | NO | E7, E10 |
| Can it create harness/preflight/evidence artifacts? | Only as non-executable docs; not as runtime objects | E9, E10 |
| What blocks it? | Read-only role; write allowlist; no DDL tool; no sandbox; owner-only gate flips | E5–E10 |
| Can the block be safely removed inside test/sandbox? | NO — removal is an owner/governed capability, not available to this session | E5, E6 |
2. Every write route, probed (macro §3.2 survey list)
| Route | Tool | Probe | Result | Proves |
|---|---|---|---|---|
| Read-only SQL | query_pg |
tool contract | read-only role, AST-validated, no writes/DDL | cannot CREATE TABLE/FUNCTION |
| Directus API (governed) — C1 collection | Incomex_VPS.directus_create |
create into governance_canonical_operation_vocab |
[DENIED] … not in the write allowlist; refusing to execute |
cannot create C1 collection items |
| Directus API (governed) — contract registry | Incomex_VPS.directus_create |
create into dot_agent_api_contract |
[DENIED] … not in the write allowlist; refusing to execute |
cannot register a DOT contract |
| Directus item API (other MCP) | mcp__directus__directus_create_item |
tool surface | item CRUD + read + flow-trigger only; no collection/field/function/DDL creation tool | cannot do DDL or create collections; (not write-tested — a real write would be a production mutation, and is insufficient regardless) |
| DOT gateway / dispatcher | fn_process_agent_api_dispatch |
function def (read) | raises on REAL_RUN; cannot execute a DOT; never writes | not a creation/execution channel |
| Executor / migration runner | n/a | tool inventory | no command-execution tool for the VPS | cannot run migrations/scripts |
| Admin/test lane | schema search | information_schema.schemata |
schemas = public, iu_core only |
no test lane |
| Repo-based migration plan | read_file | allowlist /opt/incomex/{docs,dot/specs}, /var/log/nginx |
read-only doc paths; cannot apply | cannot register via repo |
| Container scripts | list_docker / docker_logs | read-only | Docker socket read-only; no exec | cannot run container scripts |
| Existing gated write endpoint | dot_config | E6 | all execution gates closed (owner-only flips) | no open write endpoint |
| Filesystem authoring | write_file |
wrote 486-byte probe to /opt/incomex/docs/mcp-writes/… |
SUCCESS — docs only | the only working write channel cannot DDL/register |
| Temporary test-only contract registration | n/a | — | requires write to dot_agent_api_contract (denied) + target functions (DDL) |
impossible |
3. Sandbox-lane search (macro §0.5 item 6)
information_schema.schemata → only public and iu_core. Objects whose names contain "test" are QT001 negative-test VIEWS (e.g. v_qt001_*_negative_tests) plus block_testimonials — none is an isolated sandbox lane. There is no sandbox database, schema, or write lane. Consequently, "C1 test/sandbox writes" have no isolated home; any write would be a write into the single production directus DB — which the macro forbids (no production mutation) and which the governed channel denies anyway.
4. Conclusion
All known governed write/test/sandbox routes were surveyed and exercised. The only write that succeeds is docs authoring, which cannot create runtime objects, register contracts, or perform DDL. The remaining blocker is an external capability (a governed DDL/registration write path and/or an isolated sandbox lane) that is not present in this environment. This satisfies macro §5 / §6 conditions for an irreducible HOLD: verdict C1_DRYRUN_HOLD_NO_GOVERNED_WRITE_CHANNEL.