C1 W7 pre-apply — 02 dirty SSOT audit (NOT safely classifiable) 2026-06-23
02 — A2 · Dirty VPS SSOT Audit Before Any Patch
Result: NOT SAFELY CLASSIFIABLE by the agent → A2 does not pass.
Maps to C1_W7_PREAPPLY_HOLD_DIRTY_SSOT_UNCLASSIFIED (documented co-blocker).
VPS git state (read-only SSH root@vmi3080463)
- toplevel:
/opt/incomex - branch:
feat/s177-sprint1-round-a - HEAD:
bbf9c436ce1468cc3cddb231a88216ea8ad8ec88 - working tree: DIRTY — 80
git status --shortlines → 63 untracked (??) + 17 modified (M)
Is the W7 target file dirty?
git status --short -- dot/bin/dot-apr-execute → (empty) = CLEAN. The W7 handler host file (dot/bin/dot-apr-execute, where execute_authorize_build_step would be added) is itself NOT modified. Good, but does not by itself make the tree safe.
Dirty-file distribution (top dirs)
| Count | Area | Class |
|---|---|---|
| 9 | dot/bin (incl. dot-birth-backfill −220, dot-birth-trigger-setup −284) |
governance binaries mid-edit — unrelated to W7, but governance-adjacent |
| 8 | lark-client/tests |
tests — unrelated to W7 |
| 7 | docs/lark |
docs — unrelated |
| 6 | docker/nginx |
infra/proxy — unrelated |
| 5 | lark-client/lark_client (incl. backup_gate.py +339, approval.py +51, mcp_adapter/*) |
app code — unrelated |
| ~20 | scripts/* (+ many *.pre-* backups) |
scripts/backups — unrelated |
| rest | docker/docker-compose.yml +32, docker/nginx/conf.d/default.conf +57, data/, tmp/, lark-backups/, claude-kb, claude-mcp |
infra/runtime/untracked backups — unrelated |
17 modified files total span: 2 dot/bin governance binaries, docker-compose.yml, nginx conf, 6 lark-client modules, 7 lark-client tests, 2 scripts (+764 / −603 lines).
Classification verdict
Every dirty entry is unrelated to the W7 prerequisite (none is dot-apr-execute, none is apr_action_types schema, none is the grant-issuer). BUT the macro rule is: "Do not apply the W7 patch on a dirty tree unless every dirty line is classified and safe." The tree contains mid-edit governance binaries (dot-birth-*) and live infra (docker-compose.yml, nginx) with hundreds of uncommitted lines. Certifying those 80 entries as "safe to patch over" is an owner decision (stash / commit / review), not something the agent may assert unilaterally. patch_ops_code takes its own .bak-{session} of the single target file, but that does not clean or protect the surrounding dirty tree.
A2 gate: FAIL (owner must clean/stash/commit/triage the tree before any W7 STEP1).