Incomex AI Portal
KB-47C3

03 — Plan/Verify-Only Runner Implementation

3 min read Revision 1
dot-runnerplan-only-runnerno-execute2026-06-04

03 — Plan/Verify-Only Runner Implementation (Workstream B)

Delivered LIVE: fn_process_dryrun_prepare_pair(...) — a no-execute runner that cannot mutate production and cannot execute a DOT. It only records a fixture-bound observation through the existing fail-closed observe functions.

Signature

fn_process_dryrun_prepare_pair(p_candidate_code, p_producer_dot, p_verifier_dot, p_correlation_id, p_fixture_ref, p_output_ns, p_actor, p_idempotency_root, p_fixture_hash) → uuid

Enforced behavior (fail-closed)

  1. Runtime gate — refuses unless execute_enabled=false AND real_run_enabled=false AND dry_run_only=true (re-reads dot_config each call).
  2. Refuses missing correlation_id.
  3. Refuses missing fixture_ref (no fixture → no run).
  4. Refuses output namespace not prefixed DRYRUN-NS: (cannot target a production namespace).
  5. Refuses unknown producer/verifier DOT code (dot_tools membership check).
  6. Writes only via fn_process_run_observe + fn_process_component_observe (header + producer + verifier components).
  7. Records process_run_id, correlation_id, component_run_id, evidence_type=SIMULATED_DRY_RUN, source_system=dryrun_prepare_runner, input_ref (fixture), output_ref (DRYRUN-NS), idempotency_key, plus evidence_ref = {runner, mode:PLAN_VERIFY_ONLY_NO_EXECUTE, fixture_ref, fixture_hash, output_namespace}.
  8. Idempotent on the idempotency root (re-call returns the same run UUID, inserts 0 rows).
  9. Never writes verified status, never DRY_RUN, never REAL_RUN — it does not execute, so the only honest evidence_type is SIMULATED_DRY_RUN.

Why SIMULATED, not DRY_RUN

A DRY_RUN evidence_type asserts the actual producer/verifier logic ran in no-mutation mode. This runner does not run that logic — it prepares and records the correlated observation. Emitting DRY_RUN here would inflate the ladder. The macro's true-DRY_RUN escalation is therefore explicitly not taken (see doc 06).

Staged CLI shape (reference, not deployed)

/opt/incomex/docs/mcp-writes/dot-runner-dryrun-2026-06-04/plan_only_runner.example.sh — mirrors dot-hc-executor ergonomics (--candidate --producer --verifier --fixture --ns --corr --idem --hash); all guarantees are enforced server-side by the function, so the CLI cannot bypass them. Not placed in any DOT execution path.

Apply / rollback / no-execute test

  • Apply: /opt/incomex/docs/mcp-writes/.../v4_apply.sql (function + 4 views).
  • Rollback: .../v4_rollback.sql (DROP 4 views + function; optional DELETE of dryrun_prepare_runner observations).
  • No-execute test: doc 05. Rehearsed BEGIN/ROLLBACK net-zero, then committed; birth_registry 1,158,319 before == after.

Runner status: LIVE (additive, reversible, birth-free).

Back to Knowledge Hub knowledge/dev/reports/architecture/dot-process-discovery-runner-dryrun-ui-registration-readiness-2026-06-04/03-plan-verify-runner-implementation.md