READY-TO-ASSEMBLE-LEGO1 09 — C1 Dry-Run & Read-Only Preflight Plan — 2026-06-22
READY-TO-ASSEMBLE-LEGO1 09 — C1 Dry-Run & Read-Only Preflight Plan — 2026-06-22
Gate: REGISTRATION_HOLD · REGISTRATION_CAN_PROCEED = NO · 0 runtime mutations.
Purpose: define the read-only preflight that must be re-run live immediately before the C1 build, and which checks were already run now (file 02). Discharges caveat C4 (live re-verification).
1. Preflight checks (all READ_ONLY_SAFE)
| # | Check | Command (read-only) | Now (2026-06-22) | Build-time expectation |
|---|---|---|---|---|
| PF1 | C1 table absence | information_schema.tables for governance_canonical_operation_vocab |
absent | absent (else table already exists ⇒ reconcile) |
| PF2 | canonical_operation vocab absent | column/table search (file 02 §4) | REQUIRED_NOT_PRESENT |
unchanged |
| PF3 | ownership untouched baseline | count(governance_object_ownership) |
0 | record baseline (build must not change) |
| PF4 | approval baseline | count(approval_requests) |
230 | record baseline |
| PF5 | Chairman/build authorization present+scoped+unconsumed | governance_build_authorization WHERE scope=plan AND status valid AND consumed_at IS NULL AND (revoked_at IS NULL) AND expires_at>now() |
0 rows ⇒ NOT satisfied | exactly 1 valid row scoped to LEGO1-C1-CANOPVOCAB-PLAN-2026-06-22 |
| PF6 | no register_dot present | apr_action_types/dot_operations for register_dot |
absent | absent (C1 introduces none) |
| PF7 | guard views clean | read v_authority_quorum_regression_guard, v_birth_register_* |
(not tailed; available) | no blocking violation |
| PF8 | DB write-fence intact | confirm query_pg denies non-allowlisted DB / write |
DENIED on postgres; read-only role |
unchanged |
| PF9 | audit sink present | governance_audit_log reachable |
1 row, reachable | reachable |
2. Schema/file existence checks
- Schema: PF1/PF2 confirm the C1 surface does not yet exist (so the build is a clean CREATE, not a reconcile).
- File: allowlisted spec paths exist but the probed
README.mdis absent (file 02 §3 row 14); C1 preparation does not depend on a spec file — the contract is fully specified in files 04/06. - Test command availability: the matrix (file 07) is
DEFINED_NOT_EXECUTED; build-time execution is read-only/dry-run against the new table.
3. Dependency-reference checks
- C1 has no incoming carrier dependency (file 05 §2) ⇒ no upstream existence check needed.
- C1 has one outgoing edge to C2, which is not present (file 02 §5) ⇒ no live consumer to break; the edge becomes live only when C2 is later built.
4. Authority-token absence/presence check
- Now:
governance_build_authorizationhas 0 rows ⇒ no Chairman/build authorization exists (PF5 FAIL today). This is expected: preparation precedes authorization. - Build-time: PF5 must show exactly one valid, exact-scoped, unconsumed token (file 11). Absent/expired/revoked/wrong-scope ⇒ STOP.
5. Write-risk checks
Every preflight command is READ_ONLY_SAFE. No preflight command may write. Any write attempted during preflight ⇒ RUNTIME_MUTATION_REJECTED (RBP-0) and STOP.
6. Preflight PASS / FAIL criteria
- PASS: PF1–PF4, PF6–PF9 hold and PF5 shows a valid scoped unconsumed token. Only then may the build proceed (Gate B + Chairman already satisfied).
- FAIL ⇒ STOP: any of PF1 (table unexpectedly exists), PF5 (no/invalid token), PF7 (guard violation), PF8 (write-fence breached) ⇒ stop before any write.
7. What must be re-run immediately before actual assembly
PF1–PF9 must be re-run live at the start of the build (file 06 S0). Today's results are a baseline snapshot, not a substitute. Because state can drift, the build-time preflight is authoritative (caveat C4).
8. Preflight gap classification
Per instruction §3.9: the items not satisfiable now are PF5 (Chairman/build token) — this is not a preparation gap because the exact later check is fully defined (the SQL predicate against governance_build_authorization) and the only missing item is authority (a token to be granted later). AUTHORITY_MISSING_ONLY / RUNTIME_ACCESS_MISSING_ONLY are the only residuals; no PREPARATION_INPUT_MISSING.
9. Boundary attestation
This file defines preflight checks at design level; the now-run checks were read-only (file 02). It creates no carrier, writes no row, opens no P2/lane, and clears no blocker. REGISTRATION_HOLD retained; REGISTRATION_CAN_PROCEED = NO; 0 runtime mutations.