KB-1C7F
C1 W7 apply — 05 no-bypass proof 2026-06-23
3 min read Revision 1
c1-legow7no-bypassno-rejectanti-violation
05 — No-bypass proof (macro §3.4)
Every forbidden substitution was checked and not performed. This macro executed RO probes + this evidence package only — 0 production writes to any governed surface.
forbidden action (macro forbidden-operator / §3.4) |
performed? | evidence |
|---|---|---|
psql UPDATE apr_action_types SET handler_ref=… |
NO | query_pg is read-only (AST-validated READ ONLY txn); no UPDATE possible/attempted |
psql INSERT INTO governance_build_authorization … |
NO | same; no write tool to PG |
manual INSERT/UPDATE dot_tools |
NO | no write path to PG; not attempted |
manual INSERT/UPDATE dot_agent_api_contract |
NO | not attempted |
| manual Directus POST to create registry rows | NO | directus_create/update available but deliberately unused for governance rows |
| manual Directus schema edit | NO | not attempted |
directus_trigger_flow to mint/bind |
NO | considered and rejected — no flow runs the propose+approve(quorum)+execute sequence; triggering would be a bypass |
| manual file patch without DOT/APR/approved deploy path | NO | cannot even read /dot/bin (DENIED); no scp/shell; not attempted |
| hardcoded grant row | NO | none written |
| hardcoded handler_ref without live readback | NO | binding not performed at all |
bare/unfiltered dot-dot-register real-run |
NO | registrar not invoked (and would be forbidden) |
| bypass of high-risk quorum / owner approval | NO | no APR proposed/approved/executed |
| touch C2–C7 | NO | not referenced |
| touch production / current corpus | NO | RO only; before==after (file 06) |
| run W1→W9 / final dry-run / send Codex | NO | out of scope; not run |
Reject-verdict adjudication
GOVERNED_C1_DRYRUN_REJECT_MANUAL_BINDING_SQL— does NOT fire (no binding SQL attempted; file 03).GOVERNED_C1_DRYRUN_REJECT_GRANT_BYPASS— does NOT fire (no grant write / gba POST; file 04).GOVERNED_C1_DRYRUN_REJECT_GENERIC_AUTH_SYSTEM_DRIFT— does NOT fire (no generic auth surface created; scope held to the single W7 prerequisite).GOVERNED_C1_DRYRUN_REJECT_ORPHAN_DOT— does NOT fire as an action (no orphan DOT was registered; the staged issuer remains unregistered design, disclosed in file 04, not introduced as a live orphan).GOVERNED_C1_DRYRUN_REJECT_MANUAL_REGISTRY_WRITE— does NOT fire (no manual registry write).
⇒ No REJECT verdict applies. The outcome is an honest capability HOLD, not a violation.