Incomex AI Portal
KB-2D8A

FIX7 P0 — Operator Real-Data Clone Handoff Spec (if required) (2026-06-12)

3 min read Revision 1
tool-kiem-thufix7p0final-pre-real-dataoperator-handoff2026-06-12
<!-- DOC_STATUS: ACTIVE_NON_AUTHORITY -->

FIX7 P0 - Operator REAL-Data Clone Handoff Spec (only if option 2 is chosen) (2026-06-12)

Status: REQUIRED ONLY IF the owner/GPT selects AUTHORIZE_OPERATOR_REAL_DATA_CLONE_HANDOFF (option 2). Until then: HOLD.

This is the ONLY remaining non-self-resolvable input of the FIX7 P0 pre-real- data phase. Everything else is closed (see final-blocker-map.json). The engineering machinery that will consume this dump is already proven on the generated surrogate, so the handoff drops into a ready, rerunnable harness.

What the operator must deliver

One production-shaped, secret-free, isolated DB dump clone of the birth surface (pg_dump or restored copy), satisfying the governed schema spec (shaped-clone packet schema-compatibility.json Table B):

MUST contain (shape, not necessarily volume):

  1. birth_registry table shape matching production (columns, types, PK);
  2. registry-row expectations (object id, status fields);
  3. approval fields (e.g. os_proposal_approvals) as modeled in production;
  4. Directus-related expected fields IF the birth surface writes Directus rows;
  5. system_issues-related expected fields IF modeled;
  6. required IDs / hashes / timestamps used by the birth surface;
  7. a rollback/snapshot anchor sufficient to prove restore;
  8. enough rows to prove before/apply/rollback state changes.

MUST NOT contain:

  • production secrets / credentials / connection strings to live hosts;
  • any pointer that resolves to a live production host;
  • unsanitized real PII (sanitize or synthesize person-data columns).

Delivery

  • Place the dump at an operator-named LOCAL path (no live mount) and state explicitly: "this is a sanitized, NON-production copy; no live pointers".
  • The consuming lane will: prove isolation (path guard), prove provenance, snapshot -> apply the gated birth -> rollback -> restore, all under the canonical hardened validator e6547e69..956c47 - exactly as already proven on the surrogate (readiness packet tree b476b547..55cd90).

What this handoff does NOT authorize

No production contact, no production mutation, no REAL_RUN/QT001/cutover, no CI wiring. Those remain separately gated (production OPT-4 + distinct grants).

Back to Knowledge Hub knowledge/dev/reports/architecture/fix7-p0-operator-real-data-clone-handoff-if-required-2026-06-12.md