READY-TO-ASSEMBLE-LEGO1-PATCH1 02 — [P0-1] DOT/Directus Execution Contract — 2026-06-22

Closes Codex P0-1. Gate: REGISTRATION_HOLD · CAN_PROCEED = NO · 0 runtime mutations. All commands below are WRITE_PLANNED_NOT_RUN / DRY_RUN_PLANNED_NOT_RUN and execute only later under Gate B + Chairman authority through the governed channels.

---

1. The controlling rule (why raw SQL is rejected)

Directus Operating Rules SSOT v1.2 (knowledge/dev/ssot/directus/directus-operating-rules.md):

• "Schema changes (tạo collection, thêm field) → CHỈ DOT tools (dot-schema-*). MCP CRUD tools sẽ BỊ 403."
• "Tạo collection MỚI → PHẢI tạo table_registry record (Registry Wiring Rule)."
• DOT Manage README: "Directus/Postgres/schema is DOT-only. No manual SQL, no psql, no Directus generic collection creation for schema/table work."
• Live dot_config: iu_create.gateway.direct_insert_policy = block_after_guard (direct INSERT blocked); process_dot_runtime.dry_run_only = true.

Therefore the prior file-06 raw CREATE TABLE / INSERT / audit-insert / UPDATE plan is SUPERSEDED. Raw DDL/DML is invalid even as a future plan. The compliant path below replaces it entirely.

2. Compliant execution primitives (live, governed)

Concern	Governed primitive (live)	Evidence
Create collection + fields	dot_iu_create_collection (catalog: mutating, reversible, category=collection) via dot-schema-* DOT tools, writing directus_collections/directus_fields metadata	dot_iu_command_catalog; SSOT v1.2
Registry wiring	create table_registry record for the new collection	SSOT Registry Wiring Rule
Data admission	staging gateway dot_iu_staging_create → dot_iu_staging_approve → dot_iu_staging_consume and/or governed create_item APR action — never direct INSERT	catalog; dot_config.block_after_guard; apr_action_types.create_item
Dispatch	fn_process_agent_api_dispatch(p_dot_code, p_correlation_id, p_actor, p_mode, p_write_observation, p_idempotency_root) → jsonb (fail-closed; cannot itself execute a DOT)	DOT Usage Handbook
Dual-trigger (plan/apply)	producer DOT mode=DRY_RUN paired with verifier DOT mode=VERIFY_ONLY (dot_agent_api_contract.paired_dot); apply = mode=REAL_RUN (governed promotion)	dot_agent_api_contract (e.g. DOT_KG_EXPLAIN↔DOT_KG_EXPLAIN_VERIFY)
Idempotency	p_idempotency_root on every dispatch	dispatcher signature
Authorization	authorize_build_step APR → governance_build_authorization (L3 grant)	apr_action_types.authorize_build_step

3. C1 build expressed as a paired DOT contract (design-only)

Register (at build time, governed) a paired contract in dot_agent_api_contract:

Field	Producer DOT	Verifier DOT
dot_code	DOT_C1_VOCAB_BUILD	DOT_C1_VOCAB_BUILD_VERIFY
operation	create+admit	verify
role	producer	verifier
paired_dot	DOT_C1_VOCAB_BUILD_VERIFY	DOT_C1_VOCAB_BUILD
mode (sequence)	DRY_RUN → (governed) REAL_RUN	VERIFY_ONLY
no_mutation_assertion	true while DRY_RUN	true
endpoint_ref	executor:8090/dispatch	same
expected_output_schema / verifier_schema	C1 schema + manifest digests	readback assertions (file 08)

4. Metadata-first, dual-trigger build sequence (replaces raw S2–S8)

Step	Action via governed channel	Mode	Class
G0	Live preflight (file 07) incl. v_dotkg_realrun_preflight	read-only	READ_ONLY
G1	Acquire dot_iu_runtime_lease(lease_name='lego1-c1-build'); reserve governance_build_authorization (file 05)	atomic	WRITE_PLANNED_NOT_RUN
G2	DOT_C1_VOCAB_BUILD DRY_RUN via dispatcher (plan): collection+fields plan + table_registry plan + manifest plan; writes only observation	DRY_RUN	DRY_RUN_PLANNED_NOT_RUN
G3	DOT_C1_VOCAB_BUILD_VERIFY VERIFY_ONLY: assert plan matches contract + manifest digest (file 09)	VERIFY_ONLY	DRY_RUN_PLANNED_NOT_RUN
G4	Governed promotion DRY_RUN→REAL_RUN (requires gate_contract_realrun_mode GO + owner + config flips — all currently BLOCK)	governed	WRITE_PLANNED_NOT_RUN
G5	DOT_C1_VOCAB_BUILD REAL_RUN: dot_iu_create_collection (metadata-first: directus_collections/directus_fields) + table_registry wiring	REAL_RUN	WRITE_PLANNED_NOT_RUN
G6	Admit values via staging gateway (staging_create→approve→consume) — each value one governed entry (file 04 manifest)	REAL_RUN	WRITE_PLANNED_NOT_RUN
G7	Governed audit (handler-written, not raw insert) + evidence (file 09)	REAL_RUN	WRITE_PLANNED_NOT_RUN
G8	Atomic-consume the authorization + release lease (file 05)	atomic	WRITE_PLANNED_NOT_RUN

No raw SQL appears anywhere. Schema = dot-schema-*/dot_iu_create_collection; data = staging gateway; audit = governed handler; all dispatched with p_mode + p_idempotency_root; the empty-table direct-write fence (block_after_guard, MCP 403) is honored.

5. Production-verification evidence (what REAL_RUN must emit)

Two correlated DRY_RUN observations (cf. precond_dry_run_evidence GO=2), VERIFY_ONLY pass, then post-REAL_RUN readback via v_birth_register_readiness (register_readiness), v_birth_register_dryrun_matrix (dryrun_result), v_birth_register_idempotency_guard (pass=true), and invariant_real_run_count_zero transitioning under governance. (File 08 makes these executable; file 09 binds them to canonical digests.)

6. Authorized-DOT dependency (honest)

A governed schema-creation DOT (dot_iu_create_collection / dot-schema-*) exists and is reversible, but its authorization for this specific new governed collection is itself gated (owner present, execute_enabled, real_run_enabled, Chairman). This is captured as preflight gate PF-SCHEMA-DOT (file 07) — a Gate-B authorization check, not a missing design path. The path is fully specified; running it is the execution residual.

7. Boundary attestation

Design-only execution contract; no DOT executed, no dispatch run, no schema/data/audit written, no lease acquired, no authorization consumed. REGISTRATION_HOLD retained; CAN_PROCEED = NO; 0 runtime mutations. Supersedes the prior file-06 raw-SQL plan.