Incomex AI Portal
KB-4398

Authority Contract v0.1 — tool-kiem-thu (after Codex seal B/C/D/G/H, 2026-06-09)

17 min read Revision 1
tool-kiem-thuauthority-contractv0.1bcdgh-sealeddenominatorread-onlyfor-gpt-reviewimplementation-package-dot2026-06-09

Authority Contract v0.1 — tool-kiem-thu

Nature: binding authority contract for the tool-kiem-thu workstream. This is NOT a tool spec, NOT an implementation, NOT a schema, NOT a runner, NOT a law. It records what Codex has sealed (B/C/D/G/H) and what was already adopted (A/E/F/I/J), and fixes the prohibited/unresolved boundary before any Implementation Package DOT v0.1 design begins. Date: 2026-06-09 Production mutation: NO. No install, no PG/Directus/registry/filesystem mutation, no tool/schema/runner created, no FIX7 resumed, no DOT invoked, no detector executed, no logger write, no denominator collapsed, no sealed decision reopened. Authority basis: reviews/codex-seal-authority-matrix-bcdgh-2026-06-09.md (BCDGH_SEALED) + reports/authority-decision-matrix-draft-after-baseline-2026-06-09.md (A/E/F/I/J adopted defaults) over the baseline ledger reports/dot-registry-directus-text-as-code-baseline-reconciliation-2026-06-09.{md,json} (live read 2026-06-09 07:11–07:30 UTC, role context_pack_readonly, READ ONLY).

1. Final contract status

AUTHORITY_CONTRACT_V0_1_READY_FOR_GPT_REVIEW

All ten authority domains (A–J) are now settled as authority contracts (not constants): A/E/F/I/J adopted as safe conservative defaults; B/C/D/G/H sealed by Codex with fail-closed modifications. This contract records them in one binding place and freezes the prohibition envelope ahead of the next phase (Reuse Extraction Map). It decides nothing new and reopens nothing sealed.

2. Scope

  • This contract governs future Implementation Package DOT v0.1 planning for the tool-kiem-thu workstream.
  • It does not create a new law.
  • It does not create a new tool.
  • It does not replace Đ38, Điều 23 (Đ23), Đ43, Đ39, Đ19, or any existing checker/logger authority. Those remain the operative authorities; this contract only constrains how the workstream may consume them.
  • It is a bridge / constraint document for the tool-kiem-thu workstream — a binding record of sealed authority and standing prohibitions, sitting between the Codex seal and the (not-yet-authorized) Implementation Package DOT design.

This contract does not authorize implementation, tool/schema/runner creation, production mutation, Directus mutation, filesystem execution, detector execution, or a FIX7 resume.

3. Denominator contract

Each denominator is a distinct query against a distinct surface at a distinct date. They are NOT alternative measurements of one quantity and MUST NOT be collapsed into a single canonical DOT number — a single collapsed count is treated as a disguised hardcode. A load-bearing set is always a runtime query against a named surface, never a literal constant or a hand-maintained list. Every count cited in any report MUST carry its surface, denominator, query, observation timestamp, match key, population, and confidence; counts are dated evidence, never invariants.

# Denominator Surface Allowed use NOT permitted to mean
1 309 dot_tools / PIV-007 dot_tools (= meta_catalog CAT-006 309 = PIV-007 309 = PIV-104 309); frozen since 2026-04-02 Catalog / listing authority only (system of record for "what DOTs are registered"). Listing is always a live SELECT … FROM dot_tools. Count of runnable or file-backed DOTs; a constant baked into any tool.
2 214 operational files wf_fs_dot_bin_snapshot status=OPERATIONAL (/opt/incomex/dot/bin) Filesystem-presence surface. Proves a live, non-backup file exists. Proof of safe execution; proof a file runs with exit code 0.
3 186 mapped / confirmed wf_fs_dot_bin_snapshot mapped / v_dot_reconciliation_reliability CONFIRMED Reconciliation diagnostic (operational file mapped to a registry code). A safe-call set. (Its 186 ∩ command-catalog formula was WITHDRAWN — join = 0, disjoint spaces; see Domain C.)
4 163 CAT-006 actual_count / local checkout meta_catalog CAT-006 actual_count; and …/web-test/dot/bin local Unsafe / unverified for authority use. actual_count=163 is an external dot-catalog-sync artifact with an undefined filter; the local checkout is NOT production. Any authority denominator; runtime proof; production runtime.
5 54 command catalog dot_iu_command_catalog (IU↔DOT command bridge) IU command catalog surface. A candidate future governed execution set (15 rows mutating=false). A DOT tool count; an authorized v0.1 call set.
6 128 Directus flows / 36 DOT-named directus_flows (128 total / 111 active / 36 DOT-named) Directus flow surface (observe read-only). Proof of 100% DOT control of the Directus estate (control = PARTIAL_EVIDENCE_ONLY).
7 219 information_unit & 102 tac_logical_unit information_unit (219) and tac_logical_unit (102); 0 joining DB views Two separate corpora — dual-report only. A merged corpus; either chosen as canonical; a bridge.

Other carried denominators (not collapsed): registry shape file_path 228 / script_path 119 / classification='real' 0; reg→FS diff v_dot_registry_no_file=41 vs v_dot_reconciliation_reliability.MISSING_FILE=4 (different base/key/population — see Domain D); FS→reg diff 16–28 by date; dot_iu_command_run=55; dot_operations=20; law_dot_enforcement=272 bindings. /opt/incomex/scripts "42" is a separate, non-DOT surface (wf_fs_script_snapshot).

4. v0.1 allowed behavior

Implementation Package DOT v0.1, when later designed and approved, is authorized for the following — and only the following:

  • Read / report only.
  • File-report-only evidence, written under knowledge/dev/laws/tool-kiem-thu/.
  • May query / read named existing surfaces (the registry/catalog, reconciliation views, command catalog, run-ledger, graph/orphan/duplicate surfaces, corpora, Directus flows — all read-only).
  • May produce timestamped reports, diffs, and evidence tables, exposing for every count: source surface, observation timestamp, match key, population, and both-direction diffs.
  • May reference existing authorities (Đ38 / Đ23 / Đ43 / Đ39 / Đ19 / fn_tac_log_checker_issue / reconciliation views) as the operative authorities.
  • May NOT call filesystem DOT.
  • May NOT mutate anything (PG, Directus, registry, filesystem, system_issues).
  • May NOT infer authority from presence or run-history alone — presence, mapping, executable bit, CAT-006 actual_count, and historical run rows never prove "can run."

5. Prohibited behavior

The following are explicitly prohibited under this contract:

  • New runner authority — no new dispatcher/runner of any kind.
  • Filesystem DOT invocation — v0.1 invokes nothing on the filesystem; "can run" is NOT AVAILABLE for filesystem DOT in v0.1.
  • New registry authoritydot_tools catalog authority is not replaced or forked.
  • New logger / sink — no parallel logger; the deployed sink is named but not written in v0.1.
  • New duplicate / graph / orphan resolver — prohibited unless a concrete miss against existing engines is proven under separate read-only authorization.
  • TAC/IU merge, bridge, or corpus choice — the tool must not choose, merge, reconcile, consume either as canonical, or create a bridge.
  • Directus mutation — no direct Directus MCP/API CRUD.
  • Registry cleanup / reconciliation mutation — no rebirth/cleanup of registry-no-file or file-no-registry entries; reconciliation is read-only reporting only.
  • Package / schema / tool build before the Reuse Extraction Map and an approved spec.
  • Prose-only PASS — no claim of success without runtime evidence behind it.
  • Collapsed counts — no single canonical DOT number; every denominator stays separate with provenance.

6. Existing authority reuse

This contract reuses the following deployed authorities; it creates none of them and forks none of them:

  • Registry / catalog: dot_tools / PIV-007 — listing only (Domain A).
  • Registry ↔ filesystem current diff: the latest code-keyed v_dot_reconciliation_reliability result over wf_fs_dot_bin_snapshot is the canonical current diff (Domain D).
  • Name-keyed old view: v_dot_registry_no_file (2026-06-03 _recon, name key, restricted population) is a separately named, dated diagnostic only — it MUST NOT override the canonical current diff.
  • Logger: fn_tac_log_checker_issue → system_issues (under Đ23) is the named authoritative sink — used if/when a reporting/mutation sink is later authorized; not written in read-only v0.1 (Domain F).
  • Graph / orphan / duplicate: Đ19 / Đ23 / Đ39 / universal_edges (2199) / v_kg_edges_all (2259) / entity_dependencies (142) / existing orphan/duplicate/idempotency and reconciliation surfaces are the only permitted authorities (Domain G). Presence of a view/function does not authorize executing a detector or writing findings.
  • Context: Đ43 context pack (read-only consume).
  • Text-as-Code: Đ38 / P3D / IU system — dual-report TAC/IU until a separate bridge contract is owner-authorized and sealed (Domain H).

7. Unresolved / deferred items

The following remain open and are out of scope for v0.1; each requires a separate, owner/Codex-authorized step before it may proceed:

  • Call contract for any future command execution (per-command: identity, permitted mode, inputs, exit-code semantics, timeout, lease/gate, audit ledger, non-mutation boundary). Until it is sealed, nothing is callable.
  • Proof-of-run semantics — what counts as "can run" (presence + run-ledger record vs. an actual dry-run); how dot_iu_command_run history is used.
  • Directus 100%-DOT-control proof — currently PARTIAL_EVIDENCE_ONLY; no mutation path until proven.
  • TAC ↔ IU bridge / resolver contract — corpus authority is unresolved by design.
  • Registry cleanup / reconciliation mutation — any rebirth/cleanup of unmatched entries.
  • system_issues wiring timing — when (if ever) v0.1's successor is approved to write the named sink.
  • Implementation Package DOT actual spec — not yet authorized.
  • MVP implementation — not yet authorized.

Carried fresh-read items (read-only, explicitly authorized when needed): CAT-006 actual_count=163 filter definition (currently UNVERIFIABLE/UNSAFE); direct OS listing of /opt/incomex/dot/bin; the /opt/incomex/scripts "42" surface; running the Đ19/Đ23 inverse-check read-only to prove/disprove a duplicate-authority gap.

8. Gate to next phase

The next permitted phase is: Reuse Extraction Map.

A read-only extraction map of which existing surfaces/engines the workstream will consume, what each provides, and which true gaps (if any) remain after reuse — produced with no mutation and no build.

Not permitted yet (all blocked until the Reuse Extraction Map exists and a spec is approved):

  • Implementation Package DOT scope spec.
  • Verifier code.
  • Schema.
  • Runner.
  • Command invocation.

9. Final wording for future prompts (reusable block)

Implementation Package DOT v0.1 is currently authorized as read/report-only. It must not invoke filesystem DOT, mutate Directus/PG/registry, create runner/logger/graph/corpus authority, or choose between TAC/IU. All denominators must remain separate.

Sealed decision record (verbatim authority wording)

Reproduced from reviews/codex-seal-authority-matrix-bcdgh-2026-06-09.md (BCDGH_SEALED) and reports/authority-decision-matrix-draft-after-baseline-2026-06-09.md (A/E/F/I/J). Not reopened here.

Domain Disposition Contract wording
A adopted default 309 dot_tools = catalog of record (listing = live query; frozen 2026-04-02). Listing-only; not a runnability or file-backing count.
B MODIFY → SEALED (option 5) For v0.1, filesystem-DOT "can run" is NOT AVAILABLE and filesystem DOTs MUST NOT be invoked. Presence, mapping, and proof-of-run history are separate runtime-discovered facts. No item is callable until a separate per-command call contract proves identity, permitted mode, inputs, exit-code semantics, timeout, lease/gate, audit ledger, and non-mutation boundary. Registry presence, local checkout, CAT-006 actual_count, executable bit, and historical run rows alone never prove "can run."
C MODIFY → SEALED (option 5) v0.1 is read/report only and MUST make no calls. Neither filesystem DOTs nor IU commands may be invoked until a separate call contract is sealed. The 15 IU mutating=false commands are a candidate governed set for that future contract, not an authorized v0.1 call set. The filesystem-186 set is not directly callable. No static whitelist and no new dispatcher.
D MODIFY → SEALED (option 1) The canonical current registry→filesystem diff base is the latest available code-keyed v_dot_reconciliation_reliability result over wf_fs_dot_bin_snapshot. v_dot_registry_no_file remains a separately named, dated, name-keyed diagnostic and MUST NOT override the canonical current diff. Every report must expose source, observation timestamp, match key, population, and both-direction diffs. Unmatched entries are NON-CALLABLE. Reuse existing reconciliation surfaces; no reconciliation mutation or new registry authority.
E adopted default No direct Directus mutation until 100% DOT-control is proven. Future writes route only through existing [DOT-REG] sync / [WATCHDOG] flows. v0.1 writes no Directus.
F adopted default Authoritative sink = deployed fn_tac_log_checker_issue → system_issues (Đ23). A new logger is PROHIBITED. v0.1 is file-report-only; the system_issues write is deferred until a successor is approved to mutate.
G SEALED For v0.1 read/report scope, existing Đ19/Đ23/Đ39 graph, duplicate, orphan, dependency, and reconciliation surfaces are the only permitted authorities. A new resolver is prohibited unless a separately authorized, read-only gap proof demonstrates a concrete miss. Presence of a view/function does not authorize executing a detector or writing findings. Doc-level canonical-id coverage remains UNPROVEN, not a true-new gap.
H SEALED No TAC↔IU bridge exists in the sealed fresh-read snapshot. v0.1 MUST discover and dual-report both corpora separately and MUST NOT choose, merge, reconcile, consume either as canonical, or create a bridge. Corpus authority remains unresolved until a separate bridge/resolver contract is owner-authorized and sealed. No counts or "no bridge" result may be hardcoded; all are runtime-read evidence.
I adopted default v0.1 = file-report-only under knowledge/dev/laws/tool-kiem-thu/. Escalation to system_issues via fn_tac_log_checker_issue only once approved to mutate. Directus registry tables = NO.
J adopted default Runtime mirror pattern = KB design (knowledge/dev/…) + runtime mirror /opt/incomex/dot/bin (matches Đ43 paired build/verify). Local checkout (…/web-test/dot/bin, 163) is NOT a runtime. Binds only when executable code is authored (post-spec).

Parallel-authority risk (all NO)

New runner authority — NO · New registry authority — NO · New logger authority — NO · New graph/duplicate authority — NO · New TAC/IU corpus authority — NO. The sealed decisions create no new runner, registry, logger, graph/duplicate, or TAC/IU corpus authority.

Cross-references

  • Codex seal: reviews/codex-seal-authority-matrix-bcdgh-2026-06-09.md (BCDGH_SEALED)
  • Seal checkpoint: checkpoints/checkpoint-codex-seal-authority-matrix-bcdgh-2026-06-09.md
  • Fresh-read closure: reports/authority-matrix-fresh-read-closure-bcdgh-2026-06-09.{md,json} (FRESH_READ_CLOSURE_PARTIAL)
  • Decision matrix draft: reports/authority-decision-matrix-draft-after-baseline-2026-06-09.{md,json} (AUTHORITY_MATRIX_READY_FOR_GPT_REVIEW)
  • Baseline ledger: reports/dot-registry-directus-text-as-code-baseline-reconciliation-2026-06-09.{md,json} (BASELINE_READY_FOR_AUTHORITY_DECISION)
  • Machine summary of this contract: contracts/authority-contract-v0-1-2026-06-09.json
  • This contract's checkpoint: checkpoints/checkpoint-authority-contract-v0-1-2026-06-09.md