Macro Rollup — DOT Manage → LEGO Transition for C1 Dry-Run (2026-06-22)
Macro Rollup — DOT Manage → LEGO Transition for C1 Dry-Run
Macro: DOT_MANAGE_LEGO_TRANSITION_SURVEY_FOR_C1_DRYRUN · Date: 2026-06-22 · rev1
Verdict
DOT_MANAGE_LEGO_TRANSITION_SURVEY_COMPLETE_FOR_C1_DRYRUN — the transition survey + planning macro is COMPLETE. This is not a claim that C1 is dry-run-ready. C1 is not ready; the survey establishes exactly why and gives the complete plan to cross the one remaining gate.
Posture
REGISTRATION_HOLD ACTIVE · REGISTRATION_CAN_PROCEED=NO · P2/named-lane CLOSED · 0 governed-runtime mutations · 4 read-only subagents · KB writes = the package + this rollup + 1 DOT-manage addendum + 1 README pointer (all additive).
Package
knowledge/dev/laws-new/reports/dot-manage-lego-transition-for-c1-dryrun/ — index + 01–11 + codex-review-packet (13 docs).
DOT-manage update: …/newlaws/dot-manage/dot-manage-lego-transition-status-c1-2026-06-22.md (rev1) + …/newlaws/dot-manage/README.md (rev2 pointer).
What was found (survey)
- DOT manage exists and is intact:
dot_tools=309 (CAT-006 active, record 309 vs actual 163 drift), dispatcherfn_process_agent_api_dispatchpresent (raises on REAL_RUN by design), schema-ensure family (75) and birth/register/rollback family (28) all active. Only 2 dispatch contracts bound (DOT_KG_EXPLAIN/_VERIFY).table_registry=21. Directus collections=352. Execution gates CLOSED; OSPA=0; ownership=0. - C1 is wholly absent on governed runtime: no
governance_canonical_operation_vocabcollection/table, noDOT_C1_*contract, no C1table_registryrow. C1 is design-complete + sandbox-LOGIC-proven only. - The lawful registrar exists (
dot-dot-register/DOT-REGISTER) but its admin creds are absent;dot-birth-admitis author-mode spec only. The birth/registration path is blocked ONLY at register (A4) + gate/Owner (A9) — both operator-only. No new path needed. - Macro-9 staging-schema DOT (
DOT_R2_B2_STAGING_SCHEMA_SHELL+ 4 guards) is authored/engineering-admitted under REGISTRATION_HOLD, a pure validator (no DB I/O), R2-B2-name-scoped → a REAL_RUN sandbox template, not a dry-run prerequisite. - Integrity gap surfaced: handbook §13 marks 3 birth DOTs frozen/monitored, but the live
dot_toolsrows arestatus=activewith no enforced freeze flag → recorded as REPAIR + operator action; not reused.
What was decided (plan)
The dry-run critical path = create the C1 collection (reuse DOT_COLLECTION_REGISTER + DOT_SCHEMA_TABLE_REGISTRY_ENSURE) → author + register ~5 new C1 DOTs via the lawful registrar (each with an admission record) + extend DOT-062 → bind the producer/verifier contracts (KG precedent) → mint 1 scoped grant + a C1 ownership row → dispatch DRY_RUN → Codex confirm. Execute-gate flips + hardening GAPs 2/3/4 + REAL_RUN sandbox are deferred (REAL_RUN, not dry-run). Full plan: 09.
The single blocker
A separately-authorized governed Gate-B build-prep capability (write/DDL/registration channel + lawful-registrar creds + sovereign-grant authority), executed by the human operator/owner on the VPS governed stack. Every connected tool is read-only / item-CRUD-only / allowlist-denied / docs-only; Claude cannot perform it.
Self-review
Internal Codex negative review (10): 0 of 11 attacks succeed; bounded residuals disclosed (composite-PK/write-once primitive choice; executor liveness; apr_action_types row count) as in-phase verifications.
Next step
EXECUTION macro beginning at 09 P0 (operator grants Gate-B), then P1–P7 to a governed DRY_RUN and Codex confirmation of C1_GOVERNED_DRYRUN_READY. Not further survey. Residual issues → DOT-MANAGE-LEGO-TRANSITION-FOR-C1-DRYRUN-PATCH1.
Lineage
Builds on the C1 dry-run packages (execution / true-readiness / capability-and-execution) and the Macro-9 staging-schema path. Carries all prior blockers unchanged; adds no new runtime blocker/reject-code; surfaces one new integrity finding (frozen-flag not live-enforced).