Codex Review Packet — Governed DOT C1 Dry-Run P0–P6 — 2026-06-22
Codex Review Packet — Governed DOT C1 Dry-Run P0→P6 — 2026-06-22
For Codex confirmation. Verdict: C1_DRYRUN_CAPABILITY_LOCKED_OPERATOR_ACTION_REQUIRED. Governed C1 dry-run executed: NO · C1 contract registered: NO · Ready for prod: NO · REGISTRATION_HOLD ACTIVE · CAN_PROCEED=NO · P2/named lane CLOSED · 0 governed mutations · 0 subagents · DO NOT IMPLEMENT.
The new question this macro answered
Prior holds left open: "is C1 blocked only because credentials were absent?" — Now resolved: NO. Secret Manager works and DIRECTUS_ADMIN_TOKEN/PG_PASSWORD/etc. are present and retrievable. The blocker is not credentials — it is the absence of a governed execution channel for the registrar, which is operator/deploy-only. Manual use of the credentials is forbidden (macro) and guard-blocked (runtime).
Live evidence (this session, read-only, db directus, VPS contabo)
| ID | Probe | Proves |
|---|---|---|
| E1 | gcloud secrets list → SUCCESS; DIRECTUS_ADMIN_TOKEN/PG_PASSWORD present (values not accessed) |
creds NOT absent |
| E2 | dot_tools registrar rows: DOT-REGISTER→bin/dot/dot-dot-register.ts on-deploy; DOT_* ensure/register→/opt/incomex/dot/bin/*; last_executed=NULL |
registrar = on-deploy CLI |
| E3 | no MCP exec/runner; query_pg RO; write_file docs-only; list_docker/docker_logs RO |
no execution channel |
| E4 | fn_process_agent_api_dispatch source: "dispatcher cannot execute a DOT and never writes"; REAL_RUN always refused |
DB dispatcher cannot register/execute |
| E5 | function scan INSERT INTO dot_agent_api_contract = 0; contracts came from operator migration |
no governed registrar function |
| E6 | 100 Directus flows: [DOT-REG] -> AD = CDC syncs only; no creator/registrar flow |
no creds-triggerable registrar |
| E7 | gates execute_enabled=false,real_run_enabled=false,dry_run_only=true |
route in dry-run-only posture |
| E8 | dispatch DOT_KG_EXPLAIN PLAN_ONLY → validated:true, endpoint_present:true, true_dry_run_possible:true |
governed route LIVE |
| E9 | dispatch DOT_C1_VOCAB_BUILD → refused "no agent_api contract" |
C1 not dispatchable (fail-closed) |
| E10 | bad inputs (REAL_RUN / invalid mode / empty corr_id / unknown code) all refused; no PASS/digest/seal | route fail-closed |
| E11 | directus_create on governance_canonical_operation_vocab → [DENIED] not in write allowlist |
no governed write route |
| E12 | DB guards: block_after_guard, canonical-writer marker, fn_assert_safe_for_dot_action, fn_birth_gate |
manual writes blocked by design |
| E13 | before==after: dot_tools=309, contracts=2, table_registry=21, C1=0 |
0 mutations |
| E14 | incomex-agent-api-executor:8090 Up healthy, serves DOT_KG_EXPLAIN only |
C1 endpoint absent |
Gap map
14 prereqs to a governed C1 dry-run; 0 closable from this environment (all require the operator/deploy registrar + a C1 executor endpoint). Items already in place: dry-run-only gates, live fail-closed dispatcher route, reuse-first plan, bad-input fail-closed proof.
What Codex is asked to confirm
- The blocker is correctly characterized as operator/deploy execution channel + C1 executor endpoint, not credentials.
- The HOLD (not READY, not REJECT) is correct: no fail-open, no manual mutation, no overclaim; READY withheld because items 6–11 are false.
- The exact operator action (file 14) is the right next gate.
Next gate
Operator runs the governed registrar pipeline (or grants a governed exec capability), deploys the C1 no-mutation endpoint, registers DOT_C1_*, mints the C1 grant → re-run ⇒ genuine governed C1 dry-run. Residual ⇒ GOVERNED-DOT-C1-DRYRUN-P0-P6-PATCH1.
Standing principles reaffirmed
authorization ≠ capability · credential-present ≠ lawful-path-present · governed-registration ≠ manual-write · on-deploy-CLI ≠ runnable-from-here · engineering-route-PASS ≠ authority-PASS · sandbox-logic ≠ governed-runtime · absence-of-surface ≠ demonstrated-fail-closed.