{ "artifact": "phase2-execution-substrate-and-route-decision", "date": "2026-06-10", "final_status": "APPROVED_CI_OR_OPERATOR_PACKET_READY", "production_mutation": false, "codex_consulted": false, "mac_local_evidence_used": false, "source_rule": "KB-FIRST/PG-FIRST/NATIVE-DRIVEN/LOCAL-LAST", "evidence_is_authority": false, "blocker_reclassified": { "from": "missing host docker / no docker-run surface", "to": "missing AUTHORIZED execution substrate + trigger (host docker exists, read-only by design)" }, "kb_readback": { "verdict": "PASS", "docs_read": 14, "index_revision": 82, "contradictions_blocking": 0, "notes": ["index drift 77->78->80->82 sequential not substantive", "B0prime3 WAIVED for offline-MVP scope only, not B4-prime", "mvp_implementation_allowed=false until B4-prime PASS"] }, "fresh_native_evidence": { "vps_list_docker_containers_up": 11, "vps_docker_socket": "read-only by design", "vps_tools": ["list_docker", "docker_logs", "pg_schema", "query_pg", "read_file", "write_file:/opt/incomex/docs/mcp-writes", "directus_*"], "vps_run_create_exec_shell": false, "gh_cli_authenticated": true, "gh_account": "Huyen1974", "gh_scopes_relevant": ["workflow", "repo", "admin:org"], "local_cwd_is_git_repo": false, "project_repo_for_tool_kiem_thu": "none" }, "substrate_inventory": [ {"id": "S1", "surface": "VPS Docker via MCP", "type": "VPS", "approved": "read-only", "can_run_container": false, "decision": "inspect only"}, {"id": "S2", "surface": "VPS shell/SSH", "type": "VPS", "approved": false, "can_run_container": "unknown", "decision": "reject - no approved path / shadow"}, {"id": "S3", "surface": "VPS write_file mcp-writes", "type": "VPS", "approved": true, "can_run_container": false, "decision": "evidence-return channel only"}, {"id": "S4", "surface": "VPS query_pg/pg_schema", "type": "VPS", "approved": "read-only", "can_run_container": false, "decision": "inspect only"}, {"id": "S5", "surface": "Local Bash (Mac)", "type": "local", "approved": "REJECTED for attestation", "can_run_container": "maybe", "decision": "reject for attestation; gh/git inspection only"}, {"id": "S6", "surface": "computer-use -> Terminal", "type": "local", "approved": false, "can_run_container": false, "decision": "reject - click-tier + mac-local"}, {"id": "S7", "surface": "GitHub Actions hosted runner", "type": "CI", "approved": "approved-equivalent pending owner repo authorization", "can_run_container": true, "decision": "PREPARE - Route 2 primary"}, {"id": "S8", "surface": "approved internal CI runner", "type": "CI", "approved": "unknown/none-identified", "can_run_container": "if exists", "decision": "use if owner designates (CI-B)"}, {"id": "S9", "surface": "human operator on VPS w/ docker", "type": "operator", "approved": true, "can_run_container": true, "decision": "PREPARE - Route 3 fallback"}, {"id": "S10", "surface": "incomex-agent-api-executor :8090", "type": "VPS", "approved": false, "can_run_container": false, "decision": "reject - no governed call surface"} ], "inventory_verdict": "no agent-runnable approved substrate; two human/CI-triggerable approved substrates ready (S7 CI, S9 operator)", "route_decision": { "selected_primary": "Route 2 - Approved CI / GitHub Actions", "selected_fallback": "Route 3 - Operator-run VPS", "route1_direct_vps_agent": "rejected - socket read-only, no run/create/exec", "route4_design_repair": "rejected - no design defect found", "route5_true_blocker": "rejected - safe approved path provably exists", "owner_decision_required": "authorize one venue: CI-A (create private repo, publishes harness) | CI-B (designate existing approved repo/runner) | VPS operator route" }, "tracks": { "T1_kb_readback": "PASS", "T2_substrate_inventory": "DONE", "T3_route_decision": "DONE", "T4_direct_vps_run": "NOT_RUN - no agent execution surface", "T5_ci_packet": "DELIVERED", "T6_operator_packet": "DELIVERED", "T7_build_mvp": "NOT_BUILT - gated until B4-prime PASS", "T8_acceptance_tests": "NOT_RUN - need attested sandbox", "T9_fix7_fixture": "NOT_RUN - part of gated MVP", "T11_cleanup": "N/A - nothing disposable created", "T12_article13": "PASS", "T13_article14": "PASS" }, "b4_prime_state": "BLOCKED", "b4_prime_evidence_contract": { "per_probe": ["probe_id", "operation", "expected", "actual_stderr_or_value", "errno_or_exit", "verdict", "artifact_path"], "top_level": ["venue", "image_digest", "seccomp_sha256", "runtime"], "raw": ["mountinfo", "env_keyset", "proc_net_dev"], "probes_total": 12, "probes_run": 0, "matrix_binding": "#24-#37" }, "deliverables_created": [ "reports/phase2-execution-substrate-and-route-decision-2026-06-10.md", "reports/phase2-execution-substrate-and-route-decision-2026-06-10.json", "planning/ci-sandbox-attestation-workflow-draft-2026-06-10.md", "checkpoints/ci-attestation-packet-phase2-sandbox-2026-06-10.md", "checkpoints/operator-execution-packet-phase2-sandbox-final-2026-06-10.md", "checkpoints/action-ready-blocker-after-phase2-execution-substrate-2026-06-10.md", "checkpoints/checkpoint-phase2-execution-substrate-and-offline-mvp-path-2026-06-10.md", "00-index.md (patched)" ], "deliverables_intentionally_absent_no_fake_green": [ "b4-prime-sandbox-attestation-evidence (B4-prime not run)", "phase2-offline-mvp-execution-report (MVP gated, not built)", "phase2-offline-mvp-acceptance-matrix-binding (tests not run)" ], "remaining_blocker": { "id": "B4_PRIME_AUTHORIZATION_AND_EXECUTION_REQUIRED", "class": "OWNER_AUTHORITY + EXECUTION_PERMISSION", "engineering_ambiguity": "none", "blocks_build": true, "blocks_acceptance": true }, "minimal_safe_next_step": "owner authorizes one venue -> CI workflow triggered OR VPS operator packet run -> returns §7 bundle -> follow-up agent verifies read-only vs #24-#37 -> run gated build prompt" }