KB-3559
READY-TO-ASSEMBLE-LEGO1 10 — C1 Evidence/Log/Hash & Readback Plan — 2026-06-22
4 min read Revision 1
ready-to-assemble-lego1evidence-planhashreadbackc1-canonical-operation-vocabularyregistration-hold2026-06-22
READY-TO-ASSEMBLE-LEGO1 10 — C1 Evidence/Log/Hash & Readback Plan — 2026-06-22
Gate: REGISTRATION_HOLD · REGISTRATION_CAN_PROCEED = NO · 0 runtime mutations.
Purpose: define exactly what proof the real C1 assembly must produce later. Built on the live audit conventions (file 02 §6): governance_audit_log, per-row audit_ref/rollback_ref, governance_build_authorization.evidence(jsonb).
1. Required artifacts (produced at build time)
| Artifact | What | Surface |
|---|---|---|
| Before-state snapshot | counts + schema absence (PF1–PF9 results) | KB …/reports/lego1-c1-build/00-before-state-… |
| Input file hashes | SHA-256 of the plan, the DDL, and each governed value-admission record | KB evidence + governance_build_authorization.evidence |
| Planned diff | the exact expected diff shape (file 06 §6) | KB build report |
| Command logs | each S-step command + result (DDL/DML/verify) | KB build log |
| Test logs | matrix (file 07) results, all read-only/dry-run | KB build log |
| Rollback logs (if triggered) | UPDATE diff + rollback_ref + after-state |
KB rollback report |
| After-state snapshot | post-build counts + new table introspection | KB …/01-after-state-… |
| Readback confirmation | re-list KB dir count; re-read each value row; re-introspect table | KB readback section |
| Hash/digest proof | SHA-256 of before/after snapshots + each value record | KB + evidence jsonb |
| AgentData report path | knowledge/dev/laws-new/reports/lego1-c1-build/ |
KB |
| Codex review packet path | …/lego1-c1-build/codex-review-packet-… |
KB |
| Failure artifact path | …/lego1-c1-build/FAILURE-… (only if a step fails) |
KB |
2. Evidence tier distinction (instruction §3.10)
| Tier | What it proves | This package |
|---|---|---|
| Design evidence | the contract is coherent (files 01–13) | produced now |
| Dry-run evidence | the logic passes against an empty/disposable table | planned (file 06 S4/S7) DRY_RUN_PLANNED_NOT_RUN |
| Runtime evidence | the live table + governed values exist with audit | planned (build) WRITE_PLANNED_NOT_RUN |
| Authority evidence | a valid exact-scoped Chairman/build token was present + consumed | planned (file 11); none exists now |
The package asserts only design evidence now. It does not assert dry-run, runtime, or authority evidence exists.
3. Hashing rule
- Each governed value-admission record is hashed (SHA-256 over a canonical serialization of
operation_code|protocol_version|act_type|governing_authority_ref). - Before/after snapshots are hashed; the readback recomputes and compares.
- Hashes are evidence of what was written, not authority — a matching hash never substitutes for the Chairman token (authority evidence is separate).
4. Readback plan
- Re-list
…/reports/lego1-c1-build/and record the dir count (additive proof). - Re-read each created value row via
query_pg(read-only) and compare to the recorded hash. - Re-introspect the table via
pg_schemaand confirm constraints. - Re-confirm regression baselines (ownership=0, approval unchanged, no register_dot).
- Confirm exactly one
governance_build_authorizationrow consumed for the plan.
5. Boundary attestation
This file defines an evidence plan at design level. It creates no carrier, writes no row, produces no runtime/authority evidence, opens no P2/lane, and clears no blocker. REGISTRATION_HOLD retained; REGISTRATION_CAN_PROCEED = NO; 0 runtime mutations.