KB-1154
03 — Primitive deploy readback (sha256, parse, source)
4 min read Revision 1
c1staging-litedeploysha256readback2026-06-23
03 — PRIMITIVE DEPLOY READBACK
Deployed to the staging path /opt/incomex/staging/c1/ (NOT /opt/incomex/dot/bin).
Deployed tree (read back from VPS)
/opt/incomex/staging/c1/README.md
/opt/incomex/staging/c1/ROLLBACK.md
/opt/incomex/staging/c1/admission/DOT-100-staging-lite-admission.md
/opt/incomex/staging/c1/bin/_common.sh
/opt/incomex/staging/c1/bin/dot-staging-sandbox-create (0755)
/opt/incomex/staging/c1/bin/dot-staging-sandbox-drop (0755)
/opt/incomex/staging/c1/bin/dot-c1-staging-vocab-build (0755)
/opt/incomex/staging/c1/bin/dot-c1-staging-verify (0755)
/opt/incomex/staging/c1/bin/dot-c1-staging-bad-input-harness (0755)
/opt/incomex/staging/c1/bin/dot-c1-staging-evidence-readback (0755)
/opt/incomex/staging/c1/ledger/dot_manage.jsonl (5 rows)
/opt/incomex/staging/c1/registry/primitives.jsonl (6 rows)
/opt/incomex/staging/c1/sql/p1a-create-db.sql
/opt/incomex/staging/c1/sql/p1b-meta.sql
/opt/incomex/staging/c1/sql/p3-vocab-build.sql
/opt/incomex/staging/c1/sql/p4-verify.sql
/opt/incomex/staging/c1/sql/p5-bad-input-harness.sql
/opt/incomex/staging/c1/sql/p6-evidence-readback.sql
sha256 of deployed artifacts (authoritative)
4ece4bc1d9bf5afad2d051b665b1e26132d8667c3c0d273da3040edcaed95e1e bin/_common.sh
4eaee7df267963d55a446e758b043f82e14f57aa7a54b88fdd669044ddae403b bin/dot-staging-sandbox-create
0e310289d96450a62de67c41e9f5ce0373391a213417b404e60f87a8e4a91280 bin/dot-staging-sandbox-drop
075ce66c67a7ad13b99436faf92b62c85fe725143d810006c14cacf1da40146f bin/dot-c1-staging-vocab-build
a4f3b30656cabd6f21583d3d84b8737f9c2f549f0dd8499f4d4f70c245e7e5ad bin/dot-c1-staging-verify
86029710b0fd6696fa44cec9b808c80a25e75ec10f65706dd1d6e79cbf4da76b bin/dot-c1-staging-bad-input-harness
f34f118e865315b54c0bdcd5ac840246114c799ebfc6e75e3a632019a1e6a12f bin/dot-c1-staging-evidence-readback
a09d497edea9b606d544452a766926c03800ccf243ce72ca3326333b1b310dbe sql/p1a-create-db.sql
6cd9e2ad09d4013422030a71adef540a00fe500508d35cf71ab33a885a288198 sql/p1b-meta.sql
a0a12ac5ac1045e6dc6a59456b0035a755093dff16058df3f2cf2fd36d985624 sql/p3-vocab-build.sql
d433f3abd5cfe632967db9872a260728c0bdb66b57056b4a77c9b0662e562159 sql/p4-verify.sql
540a96bbbba46c931c3b22ad3a25dec1b50300beecaa1168fd8872a38028527e sql/p5-bad-input-harness.sql
5e3e33a974fb73cdd4b166ef84471142beb6d241e0b4544a4765841d611f1455 sql/p6-evidence-readback.sql
Executable readback
bash -n : PARSE_OK for _common.sh + all 6 runners (on deployed copies)
source : SOURCE_OK — _common.sh loads; helpers defined:
stg_assert_sandbox_name stg_run_sql_file stg_scalar stg_drop_db stg_ledger
STG_LANE_VERSION=1.0.0
OFFLIMITS=directus incomex_metadata workflow postgres template0 template1 directus_gov_test_20260602
Engineering note (deviation from staged KB — flagged for Codex)
The prior staged P1 runner fed SQL via docker exec postgres sh -lc '... psql -f -' <<HEREDOC.
docker exec without -i does not attach stdin, so psql -f - would receive no input (the known
docker exec/heredoc stdin gotcha). The deployed runners therefore use a file-based execution
helper (stg_run_sql_file: docker cp the SQL file in, run psql -f /tmp/... with </dev/null),
and inject sandbox-specific values via psql -v variables (:'sbx', :"sbx") instead of bash
heredoc expansion (safe with the $f$/$$ dollar-quoted function bodies). Behaviour is faithful to
the staged design; only the execution plumbing was hardened. SQL payloads are otherwise verbatim.