12 — Safety / No-Fake Audit (Workstream K)

Forbidden action	Proof it did not occur
Production DOT execution	Pilot usage_count/last_executed still NULL; dispatcher has no execution body
Mutating agent_api call	No agent_api endpoint exists (grep empty); endpoint_ref NULL; no network call in dispatcher
REAL_RUN	process_run_observation: REAL_RUN=0; dispatcher refuses REAL_RUN (T5)
Fake verified	verified_candidates_v3=1 (job:cut only); dot:kg max status = plan_only_tested
DRY_RUN faked	DRY_RUN=0; dispatcher refuses DRY_RUN without endpoint (T2); SIMULATED only
Process birth / canon	No process born; birth gate views unchanged; 0 canon
AX-PROCESS promotion	None
Approval marked approved	No approval_requests row written
Event activation	7 process.* still active=false; event_outbox=0 for pilot correlations
IU / document edit	Only new derived KB reports written; no source IU/knowledge_documents touched
Workflow / routing execution	None
Hardcoded one-off	Contract registry + dispatcher are generic (keyed by dot_code); pilot is data, not code

Idempotency

W3 re-call returned the same run UUID with 0 new rows. Contract upsert is ON CONFLICT DO UPDATE. v5 apply is CREATE … IF NOT EXISTS / OR REPLACE.

Birth-free

birth_registry 1,163,392 before == after across the committed v5 apply and the write test. (Session-start→apply drift 1,158,336→1,163,392 is background activity, excluded from the local guard.) trigger_guard_alerts=129 unchanged.

Rollback / cleanup

/opt/incomex/docs/mcp-writes/dot-agent-api-contract-2026-06-04/v5_rollback.sql — drops 5 v5 views + dispatcher, deletes agent_api_dispatch_planonly observations (prior 2 SIMULATED rows preserved), optional DROP of the contract table. Reversible.

Audit: PASS.