01 — CONTEXT READBACK

Direct main-process reads

No background agent/sub-agent was used. Direct semantic searches: operating rules SSOT; constitution v4; C1 R1-fix/R2 terms.

• operating-rules.md v7.58, revision 51
• VPS operating rules v1.0, revision 2
• VPS architecture v2.0, revision 4
• constitution.md v4.6.3 BAN HÀNH
• law-01-foundation-principles.md v3.3, revision 12
• anti-patterns.md revision 9
• WF-draft 06 staging policy revision 1
• C1 DOT-manage lessons addendum revision 1
• all 7 Codex R1 report files
• all 14 Claude R1-fix package files
• all 9 prior readiness package files

Three declarations

1. Vĩnh viễn: accept only if partial creation, cleanup failure, and evidence integrity are fail-closed by construction. A happy-path-only plan is not sufficient.
2. Nhầm được không: official DBs remain structurally excluded and sandbox IDs are regex guarded; the remaining blind force-drop path must also require provenance/active registration.
3. 100% tự động: P5/P6 gates are automated, but cleanup can be hidden as success and advisory TTL has no safety scanner. The package honestly labels TTL manual, but dry-run cleanup still must be machine-fatal.

Four-step checkpoint

Goal: authorize or block one fast staging dry-run. Method: KB reconstruction + VPS source inspection + safe static attacks + fresh read-only official snapshot. Preconditions: code exists, hashes match, official state is clean; cleanup/evidence preconditions remain incomplete. Roadmap: patch only listed defects, revalidate no-write, then request R3 review.