{ "doc": "fix7-p0-implementation-dryrun-design", "date": "2026-06-11", "authority_of_this_doc": "PLANNING_NON_AUTHORITY; designs a FUTURE dry-run lane; runs NOTHING against production now", "staging_only": true, "production_target": false, "no_vector_raw_evidence_policy": "raw dry-run logs stay local + hashed + regenerable; only summaries + hashes enter the vector KB; NVSZ root still owner/operator-pending (V02-PB-NVSZ-1)", "tkt_base_pack_usage": "use TKT Base Pack L0..L3 checks (shasum -c, RERUN reconstruct, fail-closed harness, governance consistency) as the dry-run evidence base; if a check is unavailable fall back to v0.2-proven base checks; TKT-BASE-GOV-FOLD-1 pending does not block dry-run design", "abort_criteria": [ "seal-vs-bytes recheck (DR-1) mismatch -> ABORT, TRUE_BLOCKER, no mutation", "owner OPT-4 authorization absent -> ABORT before DR-2", "any rollback path not verified before its apply -> ABORT that step", "any production surface touched -> ABORT (out of dry-run scope)" ], "steps": [ { "id": "DR-0", "name": "Precondition readback", "command_stub": "python3 planning_packet_validator.py # re-run planning gates; confirm execution_ready=false until PC gates clear", "expected_output": "all planning gates PASS; execution still blocked", "validation_gate": "validator exit 0", "rollback_ref": "N/A-readonly", "production": false }, { "id": "DR-1", "name": "Seal-vs-bytes recheck (PC-3)", "command_stub": "fetch canonicalizer-fix7-canon-v1-ssot.md@rev3 -> recompute sha256 -> compare to P7 pin 49c386a9..b734d0 and 38756 bytes", "expected_output": "sha256 == 49c386a9..b734d0 AND utf8_bytes == 38756 -> PASS; else ABORT", "validation_gate": "exact hash + byte-count match to P7 pin", "rollback_ref": "N/A-readonly", "production": false }, { "id": "DR-2", "name": "Stage operative blueprint doc (temp)", "command_stub": "author FIX7 P0 operative birth-blueprint in mktemp; reference only sealed digests (P7/N7/N8/N6/canonicalizer/Packet V3)", "expected_output": "doc references only sealed digests; no invented values", "validation_gate": "digest cross-check vs seal-consumption.json PASS", "rollback_ref": "RB-2", "production": false }, { "id": "DR-3", "name": "Stage canonicalizer operative-status marker (temp copy)", "command_stub": "apply DOC_STATUS marker to /tmp copy of canonicalizer rev3; recompute body sha256", "expected_output": "body bytes (38756) unchanged so P7 pin still verifies; diff = marker line only", "validation_gate": "P7 verify_pin PASS on body; diff is marker-only", "rollback_ref": "RB-3", "production": false }, { "id": "DR-4", "name": "Stage governance addendum + collision scan", "command_stub": "collision-scan proposed FIX7 implementation object IDs vs registry JSON rev20 + all standalone addenda; emit patch package APPLY_NOW=NO", "expected_output": "no ID collision; APPLY_NOW=NO; canonical fold deferred", "validation_gate": "collision count == 0", "rollback_ref": "RB-4", "production": false }, { "id": "DR-5", "name": "Reconstruct + fail-closed proof in clean temp", "command_stub": "RERUN.sh in fresh mktemp -> reconstruct packet -> shasum -c -> run validators -> bad_input_probes.py", "expected_output": "RERUN_RESULT: PASS; shasum -c all OK; probes all fail-closed; any_fail_open=false", "validation_gate": "exit 0 + 0 fail-open", "rollback_ref": "N/A-readonly", "production": false } ], "every_command_has_rollback_or_is_readonly": true, "production_mutation_in_dryrun": false }