Incomex AI Portal
KB-1595

Final Decision — C1 Staging Primitives Staged

4 min read Revision 1

08 — FINAL DECISION

VERDICT

C1_STAGING_DOT_PRIMITIVES_STAGED_READY_FOR_FAST_DRY_RUN

What was achieved

  • DOT-100 addendum applied: manual-SQL path stopped (rejected command never ran).
  • Reuse-first proof: no DOT-approved staging/sandbox primitive exists; existing schema/collection runners are official-runtime (out of bounds). → option 3.
  • 6 staging primitives authored with full 8-facet lifecycle, ready to admit + run:
    1. dot-staging-sandbox-create (DOT-STG-SANDBOX-CREATE)
    2. dot-staging-sandbox-drop (DOT-STG-SANDBOX-DROP)
    3. dot-c1-staging-vocab-build (DOT-C1-STG-VOCAB-BUILD)
    4. dot-c1-staging-verify (DOT-C1-STG-VERIFY)
    5. dot-c1-staging-bad-input-harness (DOT-C1-STG-BAD-HARNESS)
    6. dot-c1-staging-evidence-readback (DOT-C1-STG-EVIDENCE-READBACK)
  • Official runtime unchanged, zero writes (doc 07).

Scope of the claim (no overclaim)

STAGED = authored + lifecycle-complete + admission-ready (KB artifacts). The primitives are not deployed to /opt/incomex/dot/bin, not registered in any live registry, not executed. No sandbox database exists yet.

The single residual dependency (the lawful next step)

The first staging primitive (dot-staging-sandbox-create) cannot self-bootstrap: there is no pre-existing governed staging channel to admit it through, and the addendum forbids birthing it via ungoverned manual SQL or via official-runtime tools. The addendum does permit "simplified/auto approval" for temporary staging — so the lawful unblock is a one-time owner admission of these 6 staging-lite primitives under policy DOT-100-staging-lite. That admission is what I cannot self-grant (self-blessing my own freshly-authored scripts would re-launder manual SQL, exactly what the addendum prohibits).

Owner options

  • A (recommended): grant DOT-100-staging-lite admission for the 6 primitives (one authorization). Then run P1→P3→P4→P5→P6→P2. Sandbox = disposable DB c1_staging_<ts>; TTL 24h; cleanup = dot-staging-sandbox-drop. Produces the full PASS evidence run.
  • B: have the operator deploy the 6 runners to a staging path (e.g. /opt/incomex/staging/c1/bin/) and register them in a staging registry, then admit. Heavier; still no official-runtime touch.
  • C: revise the primitive set / lifecycle before any admission (tighten design).

Why NOT the bare HOLD verdict

C1_STAGING_FAST_DRY_RUN_HOLD_STAGING_DOT_PRIMITIVE_MISSING would be correct only if I could not even safely stage the primitives. I could and did. The residual admission step is named openly, not hidden — so the honest state is STAGED_READY, not HOLD.

Readiness flags (unchanged from macro — all NO)

  • ready for promotion: NO
  • ready for Codex: NO
  • ready for official dry-run: NO
  • ready for production: NO
  • this is a disposable staging lane only; nothing here is production-ready.

Next (after a PASS dry run, later — not now)

tighten C1 staging design → repeat if needed → only then design the promote-from-staging-to-official path (which is the separate APR-0415 / quorum lane, deliberately untouched here).