KB-27A6

20B-P1 — Stop Context-Pack KB Upload Report

7 min read Revision 1

vector-hygiene20b-p1dot-scriptkb-uploadstop-leakreport

20B-P1 — Stop Context-Pack KB Upload Report

Date: 2026-05-05 | Status: PASS — patch applied, build NOT executed Script: /opt/incomex/dot/bin/dot-context-pack-build.sh (rev 12 → patched in place, version string unchanged) Scope: stop KB upload only. No delete, no cron, no build run.

§1. Preflight — PG manifest constraint check

SELECT conname, pg_get_constraintdef(oid)
FROM pg_constraint
WHERE conrelid='context_pack_manifest'::regclass
  AND pg_get_constraintdef(oid) ILIKE '%kb_mirror_status%';

Field	Value
Constraint name	`context_pack_manifest_kb_mirror_status_check`
Allowed values	`pending`, `live`, `failed`
Current distinct values in use	`live` (only)

Decision: skipped/disabled are NOT valid under the CHECK constraint. Per prompt §3 → keep kb_mirror_status semantics UNCHANGED. Patch only skips the upload step; manifest INSERT path (7f) is untouched, so the column will continue to be set to whatever 7f writes (currently live/pending/failed based on KB_MIRROR_OK and existing logic).

TD logged: manifest kb_mirror_status semantics need a separate patch under Đ43/20C to express a real "skipped" state without violating the CHECK constraint.

§2. Backup

Field	Value
BACKUP_PATH	`/opt/incomex/backups/dot-context-pack-build.sh.pre-20b-p1.20260505-131733`
Size	64001 bytes
Diff vs original at backup time	0 (identical)

§3. Patch applied

Method: env flag (preferred path per prompt §6).

Insert 1 — global default (line 65–68, after TRIGGER_SOURCE=""):

# 20B-P1 (2026-05-05): KB mirror upload disabled by default to stop context-pack
# leakage into vector search. Filesystem + PG manifest remain authoritative.
# Set KB_MIRROR_ENABLED=true to re-enable upload (pending Đ43/20C redesign).
KB_MIRROR_ENABLED="${KB_MIRROR_ENABLED:-false}"

Insert 2 — early return guard at top of publish_kb() (line 1045–1054, before local staging_dir=...):

  # 20B-P1 (2026-05-05): KB mirror gated. Default OFF to stop vector pollution.
  # Filesystem (7d) + PG manifest (7f) remain SSOT. Re-enable via KB_MIRROR_ENABLED=true.
  # NOTE: kb_mirror_status semantics unchanged (CHECK constraint allows pending|live|failed
  # only; "skipped"/"disabled" not valid). TD: patch manifest semantics under Đ43/20C.
  if [[ "${KB_MIRROR_ENABLED:-false}" != "true" ]]; then
    log_warn "7e KB mirror SKIPPED (disabled by 20B-P1; filesystem + PG manifest remain authoritative)"
    KB_MIRROR_OK=1
    return 0
  fi

Field	Value
`KB_MIRROR_ENABLED` declaration	line 68
Gated block (early return)	lines 1049–1053 (inside `publish_kb`)
Body of upload (curl POST loop)	lines 1054+ unchanged, now unreachable when flag false
`kb_mirror_status` write semantics	UNCHANGED (TD recorded)
`KB_MIRROR_OK=1` on skip	yes — keeps downstream `publish_db` happy

§4. Verification

Check	Result
`bash -n` syntax check	PASS (exit 0)
`KB_MIRROR_ENABLED` grep	4 matches (1 declaration line 68, 3 in publish_kb comment+guard)
Unconditional upload outside gate	0 — `upload_document`/`createDocument` literal grep: none. The only upload mechanism is the inline `curl … POST … /documents` inside `publish_kb`, which now sits AFTER the early-return guard
Filesystem code (`OUTPUT_ROOT`, `staging`, `publish_fs`)	INTACT (lines 75, 425–443, 632, 778, 910–918, 924, 933+)
PG manifest code (`context_pack_manifest`, `context_pack_sections`)	INTACT (lines 1126, 1194, 1211, 1328, 1367)
Ownership preserved	restored to `root:root 751` matching original
Backup retained at	`/opt/incomex/backups/dot-context-pack-build.sh.pre-20b-p1.20260505-131733`

Diff vs backup (full)

64a65,68
> # 20B-P1 (2026-05-05): KB mirror upload disabled by default to stop context-pack
> # leakage into vector search. Filesystem + PG manifest remain authoritative.
> # Set KB_MIRROR_ENABLED=true to re-enable upload (pending Đ43/20C redesign).
> KB_MIRROR_ENABLED="${KB_MIRROR_ENABLED:-false}"
1040a1045,1054
>   # 20B-P1 (2026-05-05): KB mirror gated. Default OFF to stop vector pollution.
>   # Filesystem (7d) + PG manifest (7f) remain SSOT. Re-enable via KB_MIRROR_ENABLED=true.
>   # NOTE: kb_mirror_status semantics unchanged (CHECK constraint allows pending|live|failed
>   # only; "skipped"/"disabled" not valid). TD: patch manifest semantics under Đ43/20C.
>   if [[ "${KB_MIRROR_ENABLED:-false}" != "true" ]]; then
>     log_warn "7e KB mirror SKIPPED (disabled by 20B-P1; filesystem + PG manifest remain authoritative)"
>     KB_MIRROR_OK=1
>     return 0
>   fi
>

Two surgical inserts only. No deletions, no logic changes elsewhere.

§5. TD (Technical Debt)

manifest kb_mirror_status semantics: CHECK constraint only allows pending|live|failed. With KB upload disabled, publish_db (7f) will continue writing whatever it writes today (likely live if KB_MIRROR_OK=1 post-skip — that's now misleading). A proper "skipped/disabled" state needs a separate constraint+code patch. Defer to Đ43/20C scope.
Behavior consequence: with KB_MIRROR_OK=1 set on skip, downstream publish_db will treat the build as successful and likely set kb_mirror_status='live' even though no upload happened. This preserves end-to-end build success but means the manifest column is no longer truthful about whether KB has the content. Acceptable for P1 (stop the leak); fix manifest truthfulness later.

§6. Restore instructions (if needed)

ssh contabo
sudo cp /opt/incomex/backups/dot-context-pack-build.sh.pre-20b-p1.20260505-131733 \
        /opt/incomex/dot/bin/dot-context-pack-build.sh
sudo chown root:root /opt/incomex/dot/bin/dot-context-pack-build.sh
sudo chmod 751 /opt/incomex/dot/bin/dot-context-pack-build.sh
bash -n /opt/incomex/dot/bin/dot-context-pack-build.sh

Or simply set KB_MIRROR_ENABLED=true in the build environment to re-enable upload without unpatching.

§7. Next

20B-P2 — dry-run delete list of existing context-pack KB documents (separate prompt, separate approval).
Đ43/20C — kb_mirror_status constraint+semantics patch to express "disabled" cleanly.

20B-P1 Report | 2026-05-05 | Patch applied. Build not executed. Awaiting 20B-P2 dispatch.