02 — Endpoint Feasibility and Implementation (Workstream A)

Question

Can a real, no-mutation agent_api plan-only endpoint for DOT_KG_EXPLAIN(+_VERIFY) exist now, within this run's authority?

What "agent_api" actually is (live evidence)

execution_engine='agent_api', script_path=NULL, no service container, no config/credential key. agent_api = invocation by an LLM/agent. The DOT has no deterministic code body. The KG EXPLAIN producer must reason over the fixture subgraph to emit a grounded narrative — that is irreducibly an LLM/agent call.

Endpoint-type analysis

candidate type	viable for the producer (EXPLAIN)?	why
DB function	No	plpgsql cannot do LLM reasoning; it could only replay canned text = MOCK
local script / FS harness	No (today)	would need an LLM credential + network egress; none registered
internal API route	No (today)	no agent_api executor route exists in nuxt/directus/mcp
external service	Blocked	Anthropic-style API needs a credential + hosting surface; not present
reuse claude-mcp/claude-kb	No	those are MCP/RAG servers, not a DOT executor; repurposing ≠ a registered endpoint
mock contract	Forbidden	improvising EXPLAIN and labelling it a DOT run = fake verification

Producer verdict: BLOCKED_EXTERNAL. No registered, no-mutation agent_api invocation endpoint exists, and the missing piece is infrastructure (an agent credential + a hosting surface), not DB engineering.

What IS implementable — and was implemented (real, not fake)

The verifier half (DOT_KG_EXPLAIN_VERIFY) is deterministic structural checking, not LLM judgement. It was implemented as real code:

fn_dryrun_fixture_selfcheck(p_fixture jsonb) → jsonb — LIVE, IMMUTABLE, pure (reads only its argument; touches no table; writes nothing). It runs the verifier's 7 structural checks:

1. output namespace is DRYRUN-NS:%
2. target node ∈ subgraph
3. producer must_reference_node = target
4. every citeable node id ∈ subgraph (no hallucinated nodes)
5. narrative_contains non-empty
6. verifier pass_criteria non-empty
7. no production-table reference in cited ids

Proof on the real fixture FIXTURE:dot:kg:explain:v1: pass=true, 7/7. Negative control (inject GHOST node): pass=false, reason "hallucinated citeable node id: GHOST". The check is genuine, not always-true.

Why this is NOT bound as endpoint_ref (deliberate)

This function is a fixture self-check harness, not the agent_api DOT. Binding it as endpoint_ref and then recording a run as DRY_RUN of DOT_KG_EXPLAIN_VERIFY would mislabel a deterministic harness as the agent_api DOT executing — inflation. So endpoint_ref stays NULL (see doc 03). Its value: it (a) de-risks the future endpoint by proving the verify-logic and the fixture are sound, and (b) surfaces a real governance decision — should the verifier be re-classified from agent_api to deterministic? (owner call; see doc 08).

Engineering spec for the missing producer endpoint (next macro)

A small agent_api plan-only executor (new container or a guarded route in an existing service) that:

• accepts {dot_code, fixture_ref}, loads the fixture from the staged JSON only;
• invokes an agent/LLM with a fixed system contract: cite only subgraph node ids, reference the target, no production tables;
• returns {explanation, cited_node_ids, cited_edges} to memory only — no DB write, output tagged DRYRUN-NS:dot:kg:explain;
• fail-closed (refuse if runtime gates off, refuse production namespaces);
• registered as dot_agent_api_contract.endpoint_ref. The deterministic fn_dryrun_fixture_selfcheck (or its app-side twin) is the verifier that checks that output. Required externally: an agent credential and a hosting surface.

Completion

Endpoint feasibility resolved. Verifier logic IMPLEMENTED + proven. Producer endpoint = exact external blocker with a concrete build spec.