KB-7FDD
RS-TKT-1-PATCH1C · 02 DOT-Bound Dry-Run Execution Contract
6 min read Revision 1
tool-kiem-thulegolaws-newrs-tkt-1phase1-designpatch1cdot-bound-dryrunexecution-contractnon-authorizing2026-06-22
RS-TKT-1-PATCH1C · 02 — DOT-Bound Dry-Run Execution Contract
NON_EXECUTABLE_DESIGN_DOC
DOT_BOUND_DRYRUN_READINESS_PROOF_ONLY
NOT_IMPLEMENTED
NOT_AUTHORIZED_FOR_RUNTIME
Lane: RS-TKT-1 — Phase 1 TKT Base · PATCH1C
Date: 2026-06-22
Gate: REGISTRATION_HOLD · REGISTRATION_CAN_PROCEED = NO · 0 runtime mutations
Authority: NON_AUTHORITY · may_gate=false · decision_effect=NONE
This is the binding contract that makes the Phase-2 dry-run run 100% through DOT. It fixes WHAT the bound DOT reads/writes; it does not grant execution-time permission (that is the Owner GATE-3 act,
05).
1. Selected DOT binding
selected_dot_code : DOT_TKT_DRYRUN_READ_REPORT_INSPECTOR
selected_dot_name : TKT dry-run read/report inspector (Phase-2 RS-TKT-2)
paired_verify_dot : DOT_TKT_DRYRUN_READ_REPORT_INSPECTOR_VERIFY
selected_bin (planned) : /opt/incomex/dot/bin/dot-tkt-dryrun-read-report-inspector (+ ...-verify)
invocation_channel : governed DOT channel only (host bin under /opt/incomex/dot/bin/, Owner-gated runtime).
NOT a free-standing script. NOT a manual CLI. NOT a notebook. NOT a generic Directus call.
selected_mode : READ_REPORT_INSPECTOR_ONLY (paired verify: VERIFY_ONLY)
category / domain : kiểm_tra_lỗi / monitoring.integrity
operation verb : report (primary) · verify (paired) [both from the 20-verb dot_operations vocabulary]
read_write : Read (no_mutation) for both DOTs
handbook_admission : §19 (KB-admission record only — NOT runtime-registered); see PATCH1C/06
registry_state : dot_tools UNCHANGED at 309; this DOT is MISSING / REGISTRATION_HELD until Owner GATE-3
2. Selected source / output / artifact
selected_source_prefix (read) : knowledge/dev/laws-new/tool-kiem-thu-lego/
allowed subset phase1-design/ · phase1-design/patch1/ · phase1-design/patch1b-dryrun-readiness/ · phase1-design/patch1c-dot-bound-dryrun-readiness/
selected_output_prefix (write) : knowledge/current-state/reports/tool-kiem-thu-lego/phase2-dryrun/
selected_artifact_model : SINGLE_KB_MARKDOWN_REPORT (artifact_count = 1; see PATCH1C/04)
selected_report_filename : rs-tkt-2-dryrun-read-report-inspector-YYYY-MM-DD.md
disposable_workbench (if any) : local + hashed + regenerable; NEVER a vector-KB path; NEVER /tmp alone (carried from patch1b/05 §2)
3. The bound oracle and report body
oracle : the canonical fixture/oracle from PATCH1B 01 (master schema) + 02 (master catalog).
report body : one markdown file containing — metadata block; ONE fenced ```json section (the result schema of Phase-1 13, EMBEDDED);
a human-readable summary section; per-fixture result table; aggregate stop-state table; DOT binding table; non-authority disclaimer.
aggregate rule : FAIL > HOLD > PASS (06 §5); N/A never upgrades; aggregate ∈ {PASS,FAIL,HOLD}; ADVISORY ONLY.
4. Forbidden operations (explicit — fail-closed)
no manual SQL · no psql · no docker exec psql · no hand-written DDL/DML
no generic Directus collection/schema/table create or mutation
no PG / Directus / registry / system_issues mutation
no subject-under-test (SUT) runtime · no Python/shell/CLI runner outside the governed DOT channel
no second artifact · no separate result.json / result.md persisted file
no NVSZ / NON_VECTOR_ROOT designation · no raw-log write into a vector-KB path
no registration movement · no register_dot · no CAN_PROCEED=YES · no gate/seal/cert/authority digest
no semantic Text-as-Code PASS · no IU traceability PASS · no release-bundle PASS · no implementation/runtime/production PASS
no automatic Phase-2 open
5. Stop states (carried + DOT-bound)
HOLD_NO_EXEC_SURFACE — no authorized read/report surface (e.g. DOT not yet registered/opened) ⇒ inspector stops, never PASS.
HOLD_RUNTIME_SURFACE_REQUIRED — reconstruction would need SUT runtime ⇒ Phase 4, never PASS in Base.
HOLD_OUTPUT_SURFACE_UNAVAILABLE — output surface incomplete ⇒ HOLD, never PASS.
HOLD_DOT_GATE_CLOSED — bound DOT registered but runtime gate shut ⇒ fail-closed HOLD (mirrors handbook §2.4 dry-run-gated refusal).
plus the verdict stop-states in patch1b/09 for any nonzero defect count.
6. DOT-bound vs zone — why this is safe AND honours the Owner mandate
Owner mandate : "100% DOT; even dry-run must run through DOT." ⇒ the dry-run is bound to DOT_TKT_DRYRUN_READ_REPORT_INSPECTOR.
zone fact (handbook) : the inspector touches only the KB zone (§12), never the DOT-only Directus/Postgres/schema zone (§3).
reconciliation : binding to a read-only DOT satisfies the Owner mandate WITHOUT entering the schema zone or performing any mutation.
The DOT exists to make the operational surface governed/auditable, not to mutate schema.
authority_effect : NONE
registration_effect : NONE