Checkpoint — Authority Decision Matrix Draft (after baseline)

Date: 2026-06-09 · Verdict: AUTHORITY_MATRIX_READY_FOR_GPT_REVIEW · Production mutation: NO Nature: read-only authoring. Turned the BASELINE_READY_FOR_AUTHORITY_DECISION ledger into a reviewable, approvable authority decision matrix (10 domains A–J). No tool/schema/runner built, no FIX7 resumed, no denominator collapsed, no authority decided by assumption.

1. Why this ran

The fresh baseline (reports/dot-registry-directus-text-as-code-baseline-reconciliation-2026-06-09.{md,json}) resolved the conflicting DOT numbers into distinct dated denominators and ended BASELINE_READY_FOR_AUTHORITY_DECISION. This session converts that ledger into a decision matrix GPT/User/Codex can review — recommended option + confidence + evidence + risks + prohibition + Codex-required + blocks-spec, per domain. It does not decide; it frames decisions.

2. Method / evidence mode

KB-read only: mcp__agent-data__batch_read (full) of the baseline .md/.json, its checkpoint, 00-index.md, README.md. No PG query this session (the live ledger was read last session at 2026-06-09 07:11 UTC and is carried verbatim — no re-read, no collapse). No mutation except the four output documents. No background sub-agents.

3. The matrix (recommended per domain)

• A — registry/catalog/listing: 309 dot_tools = catalog of record; listing = live query, never the literal 309; frozen 2026-04-02 noted. Conf HIGH. Codex light. Blocks spec: No.
• B — runtime executable: /opt/incomex/dot/bin operational (214) = presence authority; proof-of-run = presence + dot_iu_command_run. Registry doesn't prove runnability (classification=0); local checkout(163) ≠ prod. Conf MED. Codex yes. Blocks: Yes (exec claim) + fresh read.
• C — safe-reuse for new checker: computed profile = 186-confirmed ∩ command-catalog-governed (runtime query); reject all-309, raw-214, static whitelist; v0.1 reads not invokes. Conf MED. Codex yes. Blocks: Yes (call portion).
• D — registry↔FS reconciliation contract: allow design + block calls to unmatched + read-only warning; no cleanup-first; reuse deployed reconciler; owner picks canonical diff base (41 vs 4). Conf MED. Codex yes. Blocks: Yes (prereq for C).
• E — Directus mutation: none until 100% DOT-control proven; future writes via [DOT-REG]/[WATCHDOG] only; v0.1 read-only. Conf HIGH. Codex no(now). Blocks: No.
• F — checker/logger: authoritative sink = deployed fn_tac_log_checker_issue→system_issues (Đ23); new logger prohibited; v0.1 file-only (write deferred). Conf HIGH. Codex no. Blocks: No.
• G — graph/duplicate/orphan: reuse Đ19/Đ23/universal_edges/v_kg_edges_all/entity_dependencies + DOT reconciler views; new resolver prohibited until existing engines prove a gap (Đ23 inverse-check F5 not run). Conf MED. Codex yes. Blocks: Partial.
• H — Text-as-Code corpus (IU 219 vs TAC 102): dual-corpus unresolved, tool must NOT choose; allow read-only dual reporting; require bridge view/owner decree before consuming a canonical corpus (no DB compat view exists). Conf HIGH. Codex yes. Blocks: Partial.
• I — evidence storage: v0.1 file-report-only under tool-kiem-thu/; escalate to system_issues via fn_tac_log_checker_issue post-approval; Directus tables = NO. Conf HIGH. Codex no. Blocks: No.
• J — runtime mirror: KB design + /opt/incomex/dot/bin mirror (Đ43 build/verify cron; dryrun.py template); local checkout ≠ runtime; binds only post-spec. Conf MED-HIGH. Codex light. Blocks: No.

4. Closure plan (headline)

• Decide now (safe defaults): A, E, F, I, J.
• Need Codex review: C, D, G, H, B.
• Need fresh read (authorize, read-only): CAT-006 actual_count=163 filter; direct OS listing of /opt/incomex/dot/bin; /opt/incomex/scripts "42"; run Đ23 inverse-check/Đ19 (F5).
• Defer: J runtime-mirror specifics; B proof-of-run deepening.
• Must NOT block spec: A, E, F, I, J + H read-only dual-reporting half.

5. Impact on Implementation Package DOT

• Reuse safely: dot_tools/meta_catalog/pivot; the deployed reconciler views; dot_iu_command_catalog/_run/_runtime_lease/dot_operations; dryrun.py; fn_tac_log_checker_issue→system_issues; universal_edges/v_kg_edges_all/entity_dependencies; Đ19/Đ23; directus_flows watchdog/sync; law_dot_enforcement.
• Must NOT touch: registry edit, Directus mutation, PG mutation, system_issues write in v0.1, new logger, new dup/graph resolver until gap proven, choosing canonical TAC/IU corpus, static DOT-count constant, executing any DOT in v0.1, FIX7 resume, install.
• Spec may begin? PARTIAL — conditionally yes: the read-only reporting skeleton (query named surfaces; report set+timestamp+source+both-direction diff; file-report-only) may be specified under defaults A/E/F/I/J on this matrix's approval. The call/execute (C), reconciliation contract (D), new duplicate/graph work (G), and corpus consumption (H) remain BLOCKED pending Codex review + the authorized fresh reads.

6. Documents

• Created: reports/authority-decision-matrix-draft-after-baseline-2026-06-09.md (main matrix).
• Created: reports/authority-decision-matrix-draft-after-baseline-2026-06-09.json (machine summary).
• Created: this checkpoint.
• Updated: 00-index.md.

7. NOT done (hard constraints honored)

❌ no install · ❌ no tool/schema/runner/spec built · ❌ no registry edit · ❌ no Directus update · ❌ no PG mutation (no PG read this session either — baseline carried) · ❌ no orphan/staged cleanup · ❌ no FIX7 resume · ❌ no denominator collapsed · ❌ no authority decided by assumption.

8. Minimal next step (exactly one)

Route this matrix to GPT/User/Codex to (a) adopt the safe-default decisions (A/E/F/I/J), (b) seal C/D/G/H, and (c) authorize the read-only fresh reads. Only after the C/D/G/H seals + fresh reads may the call/execute/reconcile/consume portions of the Implementation Package DOT spec proceed; the read-only reporting skeleton may begin upon adoption of A/E/F/I/J.