KB-D633
04 — Live BEFORE Snapshot (C1 W7 Real Exec Channel Preflight)
3 min read Revision 1
c1w7preflightbefore-snapshotlaws-new
04 — Live BEFORE Snapshot
Governed read method: MCP query_pg — AST-validated, READ ONLY transaction, read-only role, statement_timeout 5s, hard LIMIT 500. No writes/DDL possible through this channel.
Database: directus (the live governance DB).
Purpose: Capture pre-apply state so any future operator apply can prove before vs after. This preflight performs zero writes → before == after.
Snapshot (2026-06-23)
| Metric | Value |
|---|---|
apr_action_types total |
14 |
apr_action_types unimplemented (handler_ref='unimplemented') |
10 |
authorize_build_step.handler_ref |
unimplemented |
authorize_build_step.risk_level |
high |
governance_build_authorization count |
0 |
approval_requests total |
230 |
└ proposed_action_code='authorize_build_step' |
0 |
└ status='approved' |
2 |
└ applied_at IS NOT NULL |
177 |
dot_tools total |
309 |
└ code LIKE 'dot-c1-%' |
0 |
└ file_path LIKE '%dot-c1-%' |
0 |
dot_agent_api_contract count |
2 |
table_registry count |
21 |
directus_collections count |
164 |
Interpretation
- Exact match to the established baseline from prior macros (2026-06-23): apr_action_types=14 (10 unimpl), authorize_build_step=unimplemented/high, gba=0, appr=230 (abs=0), dot_tools=309 (dot-c1-*=0), contracts=2, table_registry=21, collections=164. No drift; no state was changed.
- The W7 linchpin is unchanged:
authorize_build_stephas no implemented handler and zero approval requests → the grant cannot be issued/executed until the handler is implemented + bound (the W7 prerequisite).
Schema notes (for accurate future queries)
apr_action_typescolumns: action_code, description, handler_ref, risk_level, status, _dot_origin, created_at, retired_at (origin column is_dot_origin, valuePG:sb1-gov-vocab); risk column isrisk_level.approval_requestsaction-type column isproposed_action_code(notaction_code).- Approval-request table name is
approval_requests(sibling tables:apr_action_types,apr_approvals,apr_request_types). apr_approvalscolumns: id, apr_id, approver, approver_type, decision, rationale, created_at (approver_type ∈ {human, ai_council}).
Criteria status (this file)
- safe DB readback: YES (governed RO
query_pg; baseline captured)