DOT Wrapper — 02 Runner / Executor Inventory
02 — DOT Runner / Executor Inventory (Workstream A)
Goal: find the actual execution path, or prove it does not exist. Result: no DOT runner exists. The execution gap is unambiguous.
Candidate execution mechanisms — inventory
| mechanism | exists? | can inject process_run_id? | can dry-run? | avoids prod mutation? | logs observation? | emits events? | verdict |
|---|---|---|---|---|---|---|---|
dot_tools engine agent_api |
declared only | no wiring | no plan mode | unbounded (KG DOTs write graph) | no | no | DECLARED, NEVER INVOKED |
DOT runner script (script_path/file_path) |
NULL for KG; 119/303 have a path | n/a | n/a | n/a | n/a | n/a | NO RUNNER binds these to execution; usage_count 0 everywhere |
dot_iu_command_run + fn_dot_iu_command_log |
LIVE (55 rows) | NO — keyed by command_name, no process_run_id/correlation_id |
YES (run_mode∈plan/verify/apply, run_status incl refused, mutating bool) |
YES (refused rows prove a mutation gate) | YES (own ledger) | no | IU-COMMAND layer, not DOT layer — wrong grain |
job_queue + worker |
table LIVE; worker queue.worker.enabled=false |
partial (run_id, idempotency_key, actor) |
n/a | n/a | n/a | n/a | OFF; only job:cut family uses it (the lone verified candidate) |
| cron / dual triggers | trigger_type metadata only |
no | no | no | no | no | NO scheduler binds DOT triggers to execution |
| API endpoint | none found for DOT execution | — | — | — | — | — | ABSENT |
Why 103+ DOT_* have 0 execution records
usage_count is 0/NULL for every DOT (executed_dots = 0). DOTs are declared capabilities, not invoked jobs. There is no component that (a) picks a DOT, (b) calls its agent_api engine, (c) records the run. The last_executed values seen in v1 discovery were a single-timestamp backfill, not real runs (established prior macro).
Why KG DOTs have no script_path
KG DOTs are execution_engine=agent_api — by design they are meant to be invoked through an external agent API call, not a local script. So script_path/file_path are legitimately NULL. But no code performs that agent_api call for a DOT, mints a run id, or logs it. Hence WRAPPER_NEEDED.
The reusable safe-runtime scaffolding (already proven, wrong layer)
The IU-command layer is the template to port:
fn_dot_iu_operator_runtime_enabled()→ readsdot_config['iu_core.operator_runtime_enabled'](false) = master no-execute toggle.fn_assert_safe_for_dot_action()→ runsfn_preflight_guard(), aborts on anyBLOCK(incl.fs_snapshot_present=0).fn_dot_iu_runtime_lease_acquire/release(...)→ TTL lease viadot_iu_runtime_lease, returns NULL when held by a live different holder (concurrency/idempotency).fn_dot_iu_command_log(...)→ fail-closed catalogued-command logging, returnsrun_id.
Conclusion: the governance/observation half of a safe runtime is solved and battle-tested; only the DOT-invoking half is missing. This macro ports the observation half to the process layer (doc 04); the DOT-invoking half is the next macro (doc 09).