{ "doc_kind": "gap_only_scope_spec_machine_mirror", "version": "rev3", "date": "2026-06-09", "status": "GAP_ONLY_SCOPE_SPEC_v0_1_REV3_READY_FOR_CODEX", "supersedes": "designs/implementation-package-dot-v0-1-gap-only-scope-spec-rev2-2026-06-09.json", "production_mutation": false, "note": "Design artifact, NOT a runtime schema. Evidence only, never authority (KB-first/PG-first/local-last). Mirrors the rev3 .md spec.", "operating_rule": { "id": "KB_FIRST_PG_FIRST_NATIVE_DRIVEN_LOCAL_LAST", "authority_sources": ["KB", "PG_backed_AgentData", "governed_native_surfaces"], "local_filesystem": "NOT_AUTHORITY_output_or_workspace_only", "every_claim_must_cite": ["kb_path", "pg_view_table_query", "governed_native_surface"], "unprovable_via_governed_source": "UNVERIFIED_or_BLOCKED", "conflict_rule": "mark CONFLICT, prefer KB/PG/native unless owner-approved exception", "future_impl_input_load": "KB/AgentData read connector or PG-backed read API FIRST, never arbitrary local paths" }, "codex_reseal_blockers_addressed": { "B1_taxonomy_authority_shadow_ssot": "negative/triage-only demotion + Option C provisional non-authority versioned classifier; positive verdict + exit 0 removed", "B2_no_run_no_write_feasibility": "endpoint allowlist (not socket ban) + governed PG read gateway + verified server-side read-only role + no direct DB driver", "B3_fix7_artifact_discoverability": "read-only discovery chain run; Fixture A => UNVERIFIED (not deterministic FAIL); not-adequately-evidenced != does-not-exist-anywhere", "B4_negative_tests_bypass_paths": "expanded: shell/subprocess, dynamic import, off-allowlist network, credential, PG-write-via-read-client, multi-statement, side-effect fn, FS write, local-first, taxonomy-as-authority, FIX7 identity-not-found" }, "decisive_decision": { "model": "NEGATIVE_TRIAGE_ONLY_NON_AUTHORITATIVE_INSPECTOR", "read_level_acceptable": "REMOVED", "exit_0": "RESERVED_UNUSED", "ceiling_outcome": "UNVERIFIED", "rationale": "no approved governed PG-driven taxonomy source exists; a classifier that never emits positive authoritative truth cannot become a shadow SSOT; future positive verdict requires a separate sealed authority contract" }, "verdict_model": { "per_claim": [ "NO_READ_LEVEL_DEFECT_FOUND_NON_AUTHORITATIVE", "EVIDENCE_INSUFFICIENT", "EVIDENCE_CONFLICTING", "BLOCKED_BY_NO_CALL_CONTRACT", "BLOCKED_BY_UNVERIFIED_SOURCE" ], "per_claim_note": "NO_READ_LEVEL_DEFECT_FOUND is NON_AUTHORITATIVE, non-execution-only, never raises a dossier above UNVERIFIED", "flags": ["FLAG_PROSE_ONLY_PASS", "FLAG_HARDCODED_DENOMINATOR", "FLAG_AUTHORITY_VIOLATION", "FLAG_LOCAL_FIRST_AUTHORITY"], "article14_status": ["ARTICLE14_NOT_APPLICABLE_NO_EXECUTABLE_CLAIMS", "ARTICLE14_NOT_PROVEN_EXECUTION_UNVERIFIED"], "final_dossier_verdict": ["READ_LEVEL_FAIL", "BLOCKED", "UNVERIFIED"], "removed": ["READ_LEVEL_ACCEPTABLE", "EVIDENCE_SUFFICIENT_FOR_READ_LEVEL", "exit_0", "READ_REPORT_PASS", "positive_EVIDENCE_PRESENT"], "triage_outcome": ["BLOCKING_FINDINGS", "NO_BLOCKING_FINDING_BUT_UNCERTIFIED"], "precedence": "BLOCKED > READ_LEVEL_FAIL > UNVERIFIED (no terminal state above UNVERIFIED)" }, "article14_chain": { "preserved_from": "rev2 (Codex Gate 2 PASS)", "steps": ["claim", "claim_type", "required_evidence_class[]", "evidence_artifact/reference(governed_surface)", "evidence_capability", "evidence_adequacy_verdict", "dossier_verdict+article14_status"], "iron_law": "a resolving reference on a governed surface yields ARTIFACT_EXISTENCE_EVIDENCE only; execution-class claims can never reach a non-defect outcome and force NOT_PROVEN", "binding_fields": ["claim_id", "claim_type", "required_evidence_class[]", "evidence_ref[]", "evidence_kind", "resolves", "governed_surface", "bound_to_claim", "identity_match", "producer", "observation_ts", "independence", "conflict_set[]", "evidence_adequacy_verdict", "notes"] }, "taxonomy_governance": { "evidence_classes_count": 12, "claim_types_count": 13, "status": "PROVISIONAL_NON_AUTHORITY", "version": "gap-only-spec-rev3-2026-06-09", "source": "this design doc (NON_AUTHORITY_EXPLANATION)", "unknown_type_or_kind": "fail closed to UNVERIFIED/BLOCKED", "may_produce_proof_of_run": false, "may_produce_positive_verdict": false, "promotion_requires": "separate sealed authority contract" }, "capability_model": { "allowed_actions": ["READ_KB_DOC", "READ_ONLY_QUERY", "WRITE_KB_REPORT"], "prohibited_actions": ["EXECUTE_COMMAND", "SPAWN_SUBPROCESS", "DYNAMIC_IMPORT", "NETWORK_EGRESS_OFF_ALLOWLIST", "READ_LOCAL_PATH_AS_AUTHORITY", "INVOKE_DOT", "MUTATE_PG", "MUTATE_DIRECTUS", "MUTATE_REGISTRY", "WRITE_SYSTEM_ISSUES", "CREATE_RESOLVER", "ACCESS_CREDENTIAL_SECRET"], "socket_ban_replaced_by": "endpoint allowlist {KB_read_connector, PG_read_gateway}; all other egress denied", "pg_write_risk_resolution": ["no_direct_db_driver_only_governed_gateway", "role context_pack_readonly server-side de-privileged", "read-only transaction", "AST validated SELECT-only", "fail closed if role not verifiable read-only"], "enforcement_layers": [ "static_action_manifest_per_module", "import_capability_denylist", "runtime_capability_self_check_P1", "pg_read_only_role_requirement_context_pack_readonly", "read_only_transaction_requirement", "sql_statement_classifier_select_only", "network_egress_allowlist_two_endpoints", "shell_subprocess_deny", "filesystem_write_deny_except_kb_report", "negative_tests_for_every_prohibited_path" ], "kb_read_vs_local_read": "READ_KB_DOC uses KB read verbs only (get_document/list_documents/search_knowledge/batch_read); cannot read arbitrary local paths; write verbs used only for the report-triplet path" }, "verified_substrate_2026_06_09": { "method": "read-only SELECT via query_pg gateway; mutates nothing", "connected_role": "context_pack_readonly", "role_attrs": {"rolsuper": false, "rolcreaterole": false, "rolcreatedb": false, "rolbypassrls": false, "rolcanlogin": true}, "gateway_contract": "AST-validated READ ONLY transaction, statement_timeout 5s, hard LIMIT 500, no writes/DDL", "db_allowlist": ["directus", "incomex_metadata", "workflow"], "db_denied_example": "postgres => [DENIED]", "current_setting": "restricted to safe parameter list (arbitrary params DENIED)" }, "denominator_rules": { "no_literal_count_normative": true, "record_fields": ["surface_name", "query_or_view_or_report_path", "observation_timestamp", "denominator_definition", "observed_value", "stale_or_unverified_marker", "confidence", "match_key", "population", "no_collapse_rule"], "no_collapse_rule": "enumerate all relevant denominators; prove none collapsed; prove each provenanced; no numeric minimum/maximum", "historical_examples_only": ["309", "214", "186", "163", "54", "128", "36", "219", "102", "41", "4"], "examples_are": "is_dated_example:true, never acceptance values", "unsafe_sources": ["actual_count external-sync artifact", "local checkout", "/opt/incomex/scripts"] }, "allowed_read_surfaces": { "kb_connector": ["document_id", "path", "revision", "bodies", "reference_resolution"], "pg_gateway_role": "context_pack_readonly", "pg_databases": ["directus", "incomex_metadata", "workflow"], "surfaces": ["dot_tools", "meta_catalog CAT-006", "v_dot_reconciliation_reliability", "wf_fs_dot_bin_snapshot(/opt/incomex/dot/bin)", "v_dot_registry_no_file", "dot_iu_command_catalog/_run/_runtime_lease", "universal_edges", "v_kg_edges_all", "entity_dependencies", "orphan/duplicate views", "v_context_pack_latest/context_pack_manifest/Đ43", "information_unit", "tac_logical_unit(dual-report only)", "directus_flows(observe)", "system_issues(read-only)"], "never_executed": ["fn_dot_wf_orphan_detector(v2)", "fn_tac_log_checker_issue(write sink named not written)"] }, "output_contract": { "surface": "KB write of report triplet under knowledge/dev/laws/tool-kiem-thu/ (md+json+checkpoint)", "new_json_keys_rev3": ["triage_outcome", "claims[].governed_surface", "read_access_provenance{connected_role,txn_read_only,queries[]}", "taxonomy_governance{status,version,source}"], "writes_performed": "exact KB report paths (the only writes)", "production_mutation": false }, "exit_semantics": { "0": "RESERVED_UNUSED (no green terminal verdict in v0.1)", "1": "READ_LEVEL_FAIL or any FLAG*", "2": "BLOCKED or UNVERIFIED", "3": "CONTRACT_VIOLATION / prohibited action attempted", "4": "internal error", "rule": "FLAG/FAIL/BLOCKED/UNVERIFIED never exit 0; nothing maps to 0" }, "fix7_discovery_chain": { "run_2026_06_09": true, "declared_identity_md_resolves": "knowledge/dev/reports/architecture/t1-fix7-existing-system-refactor-execution-blueprint-2026-06-08/canonicalizer-fix7-canon-v1-ssot.md", "executable_py_resolves_on_governed_surface": false, "py_existence_verdict": "BLOCKED_BY_UNVERIFIED_SOURCE", "fs_mirror_scope": "/opt/incomex/dot/bin (disjoint from FIX7 blueprint workspace)", "honest_claim": "proves NOT adequately evidenced via allowed surfaces; does NOT prove does-not-exist-anywhere", "global_absence_is": "deferred Call/run-half (Codex Recheck-8 ran the invocation -> exit 2)", "fixture_A_expected": "UNVERIFIED + ARTICLE14_NOT_PROVEN_EXECUTION_UNVERIFIED (FAIL only if prose-only-PASS/wrong-kind/contradiction flag fires)" }, "self_audit": { "kb_first_local_last": "PASS", "pg_first_native_driven": "PASS (triage-only scope)", "taxonomy_no_shadow_ssot": "PASS", "no_run_no_write_feasibility": "PASS (design/feasibility; build-gated B4)", "pg_read_only_guard": "PASS", "fix7_discoverability_honesty": "PASS", "expanded_negative_tests": "PASS", "no_parallel_authority": "PASS", "article14_remains": "PASS (preserved + strengthened)", "no_hardcode_fake_green": "PASS" }, "sealed_decisions_intact": ["B", "C", "D", "G", "H"], "deferred_contracts": ["Call Contract", "Proof-of-run", "package_manifest schema", "--selftest+module_sha256", "audit_dead_links()+system_issues write", "Directus write", "TAC<->IU bridge", "reconciliation mutation", "OPA/Conftest/Squawk/CI", "governed claim/evidence/verdict taxonomy authority (re-enables positive verdict + exit 0)"] }