KB-4653
Tool-Kiem-Thu Lifecycle & Authority Map (2026-06-10)
5 min read Revision 1
tool-kiem-thugovernancelifecycleauthority-mappromotiondeprecation2026-06-10
Tool-Kiem-Thu — Lifecycle & Authority Map
Date: 2026-06-10. Defines, per authority class and lifecycle state, the promotion and deprecation paths for the object registry (TKT-OBJ-001..041). KB-level governance; not a production authority.
1. Authority classes (ascending)
| Class | Meaning | Examples | Can it gate / be SSOT? |
|---|---|---|---|
| evidence-only | Records what happened; proves nothing beyond its own run | execution reports, run artifacts, harnesses, seccomp profiles, packet sample, CI repo | NO. Never gates, never SSOT. |
| design-authority | Authoritative for a DESIGN/spec only; grants no runtime authority | export-step contract, packet schema, consumption contract, acceptance matrices, Authority Contract v0.1 | NO runtime gate. Authoritative for design review only. |
| provisional-non-authority | A candidate vocabulary/catalog explicitly NOT yet authoritative; fail-closed | named-query catalog + 6 NQ IDs, new species/statuses/authority classes | NO. Cannot be cited as truth; must be sealed first. |
| governed-authority | Sealed, content-addressed, owner/Codex-approved, governed home | NONE in this project yet | Yes (once it exists). |
| deferred | Capability intentionally not built; gated by a blocker | export service, KB writer, gate consumer, Call Contract | n/a until built+sealed |
| prohibited | Must not be built/used in these macros | gate consumer, KB writer, FIX7 live run, production mutation | n/a |
Rule: an object may rise at most one class per properly-sealed promotion. No object self-certifies (embodies feedback_self_audit_before_external_review_mutable_authority).
2. Lifecycle states & transitions
deferred-future ──(authorized+built)──► active-pilot ──(Codex seal)──► [governed]
active-pilot ──(superseded)──► superseded
provisional ──(B7-EXP-1 / owner+Codex seal)──► pending-promotion ──► governed-authority
reference-evidence / retained-evidence ──(retention window / supersession)──► pending-cleanup ──► deleted
ephemeral ──(auto-expire)──► deleted
3. Promotion paths (who/what is required)
| From | To | Object(s) | Required authority | Blocker ID |
|---|---|---|---|---|
| provisional-non-authority | governed-authority | named-query catalog (TKT-OBJ-018/021) | owner + Codex seal + governed home + content-hash/version seal | B7-EXP-1 |
| design-authority | governed (runtime) | export-step contract / packet schema (TKT-OBJ-019/020) | owner + Codex (§12 promotion) | B7-EXP-2/D9 |
| deferred | active | automated export service | owner authorizes read-only venue + Codex network policy | B7-EXP-2/D9 |
| deferred (prohibited here) | active | path-scoped KB report writer | owner + Codex + build (scope knowledge/dev/laws/tool-kiem-thu/…) |
D10 |
| deferred (prohibited here) | active | gate consumer / authority contract | owner + Codex | D11 |
| evidence-only (pilot) | governed tool | ip_dot_inspector |
Phase 4 Call Contract design → Codex → build | Call Contract (keystone) |
| provisional taxonomy | native entity_species rows |
new species/statuses (TKT-OBJ-036/037/038) | owner + governance-owner; production insertion into entity_species/species_collection_map |
TAXONOMY blocker (root-cause packet) |
| KB-level record | production birth row | the whole registry (TKT-OBJ-041) | owner authorizes birth_registry/governance_object_ownership insertion |
Birth-insertion AUTHORITY blocker |
4. Deprecation / cleanup paths
- evidence-only run artifacts: retained for audit; superseded by later runs → mark
superseded, keep for trace (do not delete KB evidence). Local/tmpcopies deletable once KB report records the hash. - ephemeral CI image + 30-day artifacts: auto-expire; no manual action.
- CI repo: deprecation = owner deletes after evidence no longer needed (
gh repo delete Huyen1974/tool-kiem-thu-ci --yes); until then RETAINED inert. seccomp-deny-by-default.json(TKT-OBJ-007): kept as honest-defect evidence; superseded byseccomp-startup-safe.jsonfor attestation; do not delete (documents the runc execve finding).
5. Owner-class responsibilities
- SYSTEM (project/KB owner): design docs, reports, checkpoints, roadmap, this registry. Maintains KB SSOT.
- OPERATOR: runtime/sandbox/CI venue, tool execution, retention of CI repo + artifacts.
- AUTHORITY (owner + Codex): all promotions to governed authority, catalog seal, taxonomy insertion, production-registry insertion, gate/KB-writer build authorization.
Verdict
LIFECYCLE_AUTHORITY_MAP_COMPLETE — every object has an authority class, lifecycle state, promotion path, and deprecation/cleanup rule. No object is promotable without the named authority; nothing self-certifies.