Incomex AI Portal
KB-1954

05 — Final Decision (C1 W7 Real Exec Channel Preflight)

4 min read Revision 1
c1w7preflightverdictlaws-new

05 — Final Decision

Macro: T2 SHELL MACRO — C1 W7 REAL EXEC CHANNEL PREFLIGHT Date: 2026-06-23 Production writes: 0 · APR proposed/executed/registered: 0 · Dry-run: none · before == after

VERDICT

C1_W7_REAL_EXEC_CHANNEL_CONFIRMED_READY_FOR_OPERATOR_APPLY

Why CONFIRMED (5/5 criteria)

# Criterion Status Evidence
1 SSH to VPS YES root@vmi3080463, exit 0 (file 01)
2 read /opt/incomex/dot/bin YES 4 binaries listed + header read (files 01, 02)
3 invoke DOT scripts YES all 4 respond to --help; executable bits set (file 03)
4 safe DB readback YES governed RO query_pg; full baseline captured (file 04)
5 owner/quorum/approval path (or documented) YES (documented) see below

Criterion 5 detail — owner authority + execute gate

  • Owner: operator nmhuyen@gmail.com is the GCP project owner of github-chatgpt-ggcloud and holds root SSH to the SSOT VPS. The human-president vote of the high-risk quorum is the operator themself.
  • Cấp B execute secret: SYNC_SECRET is present in /opt/incomex/docker/.env (line 41; value masked, never read) → operator-accessible via root SSH. It is NOT a separately-named Secret Manager entry.
  • Directus/PG admin creds: present in operator-controlled Secret Manager (DIRECTUS_ADMIN_TOKEN, DIRECTUS_TAC_ADMIN_TOKEN, PG_PASSWORD, POSTGRES_PASSWORD, … 32 secrets total) and in /opt/incomex/docker/.env → dot tools can authenticate in --cloud mode.

Correction of prior HOLDs

Prior 2026-06-23 macros returned …HOLD_NO_GOVERNED_EXEC_CHANNEL / "no shell/exec channel in agent env." That conclusion was scoped to the MCP-only sub-context (where read_file is allowlisted to docs/specs/nginx and denied /opt/incomex/dot/bin). This preflight, running the real Bash tool on the operator's laptop, demonstrates the governed exec channel DOES exist (SSH + dot/bin + DOT tools + governed RO DB). The "NO_GOVERNED_EXEC_CHANNEL" premise is therefore false for this real operator terminal.

Residual gates the OPERATOR must close at apply time (NOT this preflight)

These do not negate the channel; they are conditions of the apply itself and are out of scope here (hard-locked):

  1. High-risk quorum for authorize_build_step (risk=high): 1 human president (operator) + 2 ai_council approvals — a multi-party governance process the operator coordinates.
  2. SYNC_SECRET supply at dot-apr-execute invocation (present on VPS; operator supplies it explicitly — it is not pre-exported in a non-interactive shell).
  3. Dirty SSOT working tree (80 uncommitted lines on feat/s177-sprint1-round-a) should be reviewed before any patch_ops_code STEP1.

Readiness flags (authoritative)

  • ready for W7 operator apply: YES
  • ready for W1→W9: NO
  • ready for Codex: NO
  • ready for dry-run: NO
  • ready for production: NO

Hard-lock compliance

  • No production write. No handler patch applied. No handler_ref bound. dot-c1-grant-issue not registered. W1→W9 not run. No dry-run.
  • Every command was read-only: whoami/hostname/pwd/uname/ls/head/grep/git rev-parse|branch|status/--help, governed query_pg SELECTs, gcloud secrets list/config get-value (names/identity only). No secret value was accessed or printed (SYNC_SECRET masked).
  • before == after for all 11 governed metrics (file 04).

Next step

Hand off to operator (human president) to: marshal quorum → propose patch_ops_code APR deploying execute_authorize_build_step → execute (Cấp B, SYNC_SECRET) → bind handler_ref migration → register dot-c1-grant-issue → then re-gate W1→W9. None of these are authorized or performed by this preflight.