04 — No-Execute Harness: LIVE + Proof (Workstream C)

Status: LIVE. The no-execute half of the harness is applied to production, birth-free, reversible, and proven. The DOT-invoking half remains an apply-packet (doc 09 next macro).

What was applied LIVE (contabo:/tmp/dot_exec_wrapper_apply.sql)

1. 3 config toggles (dot_config, mirror of piece_event_runtime.*):
   • process_dot_runtime.execute_enabled=false
   • process_dot_runtime.dry_run_only=true
   • process_dot_runtime.real_run_enabled=false
2. fn_process_run_observe(...) — header observe. Requires actor/candidate/correlation; validates evidence_type; refuses REAL_RUN unless real_run_enabled=true; idempotent on idempotency_key; pure insert into process_run_observation; tags evidence_ref with {wrapper, no_execute:true, actor}.
3. fn_process_component_observe(...) — component observe. Fail-closed: dot_code must be in dot_tools; refuses REAL_RUN; idempotent; pure insert into process_component_observation.
4. v_process_dot_wrapper_status — RO surface over all 303 DOT_* (doc 08).

Why this is genuinely no-execute

The functions are SQL-only inserts into the two observation tables. They contain no code path that invokes a DOT — no agent_api call, no script exec, no write to universal_edges or any business/IU/process table. They cannot execute a DOT even if asked to.

Proof (rehearsal in BEGIN/ROLLBACK, then committed)

check	result
birth_registry before / mid / after	1,158,306 / 1,158,306 / 1,158,306 (birth-free)
trigger_guard_alerts	129 unchanged
smoke: fn_process_run_observe(...) + fn_process_component_observe(...,'DOT_KG_EXPLAIN','producer',...)	returned uuids, rows written
idempotency: re-call same idempotency_key	INSERT 0 0, returns existing uuid
safety: evidence_type='REAL_RUN'	refused (check_violation: "REAL_RUN refused — no-execute mode")
safety: dot_code='NOT_A_DOT'	refused (check_violation: "not in dot_tools")
rehearsal end	ROLLBACK — all smoke rows gone
commit	INSERT 0 3 config, CREATE FUNCTION ×2, CREATE VIEW
independent MCP read-back (RO query_pg)	config 3/3, functions 2/2, view present, KG pair = SIMULATED_OBSERVED

Observation written this macro: ZERO new

No new observation rows were committed — only the harness objects. The existing single SIMULATED_DRY_RUN run (from prior macro) is untouched. We did not write a new DRY_RUN observation because no true dry-run executed (no runner). Per Workstream E: keep SIMULATED_DRY_RUN; package the true dry-run for the next macro (doc 05).

Rollback (contabo:/tmp/DOT_EXEC_WRAPPER_ROLLBACK.sql)

DROP VIEW v_process_dot_wrapper_status → DROP FUNCTION fn_process_component_observe → DROP FUNCTION fn_process_run_observe → DELETE 3 dot_config keys. No data births to undo.