01 — Input Contract & Execution Mode
01 — Input Contract & Execution Mode
Macro
BIRTH_ORPHAN_DETECTION_AND_DOT_FILESYSTEM_HARDENING_100000X. Open-goal hardening over P0–P7 + P9. Forbidden: continue RP cleanup; execute/register dot-pivot-update; create real new DOT; manual pivot_definitions update; fake birth rows; mutate dot_tools to false-clean; destructive prod tests; global hard-blocking with unknown backlog; disable triggers; bypass gate.
Channels actually available (probed live 2026-06-03)
| Channel | Capability | Result |
|---|---|---|
query_pg(directus) |
read-only SELECT, AST-validated, READ ONLY txn, 5s timeout, LIMIT 500, no DDL/DML | ✅ used for all audit |
read_file |
allowlist /opt/incomex/docs, /opt/incomex/dot/specs, /var/log/nginx |
/opt/incomex/dot/bin/dot-pivot-update → [DENIED] outside allowlist |
pg_schema |
information_schema introspection | ✅ |
KB (upload_document etc.) |
read/write KB docs | ✅ used for this report package |
| DDL / DML on prod | — | NO CHANNEL (query_pg refuses writes) |
| filesystem write / shell on VPS | — | NO CHANNEL |
Execution-mode classification
- Audit / read:
EXECUTION_MODE(live read-only verification done, prod byte-unchanged). - All DDL artifacts (P1,P2,P3,P5,P6 views/tables/functions):
AUTHOR_MODE_ONLY— fully authored with exact apply + rollback; cannot be applied through Agent channels. - Filesystem reconciler (P2):
OPERATOR_HANDOFF_MODE— the/opt/incomex/dot/bindirectory is unreadable from the Agent; an operator must runcollect_dot_bin_inventory.shto load the snapshot. - Governance activation (P5) + gate Stage-2 blocking (P3):
BLOCKED_EXTERNAL_AUTHORITY— require human L2/L4 ratification (ospa≥1) and a classified legacy backlog, respectively. Neither is the Agent's to grant.
Net: AUTHOR_MODE_ONLY + OPERATOR_HANDOFF. Authority to read is present; authority+channel to mutate prod is absent. Per the contract, author-mode packages with exact apply/rollback are the correct deliverable; nothing was faked as "applied".
Safety ledger
0 prod mutations. Every query_pg call ran in a read-only transaction. Entry-state == exit-state for birth_registry, dot_tools, pivot_definitions, governance_object_ownership (no writes issued at all). All authored SQL lives in the local sql/ subdir; none was executed.