07 — dot:kg REAL_RUN Ladder & 10-Process Split Prep (2026-06-04)
07 — dot:kg REAL_RUN Ladder & 10-Process Split Prep (PHASE G)
Status: COMPLETE to safe frontier. Ladder is execution-ready but not unsafe. Nothing flipped/executed. REAL_RUN=0. Read-only preflight added (birth-free 1,174,032 before==after).
Live state
- Observations (PROC-CAND:dot:kg): 2 DRY_RUN (single
dryrun-kgexplain+ correlateddryrun-pair) + 4 SIMULATED_DRY_RUN; REAL_RUN 0. - Contract:
DOT_KG_EXPLAINproducer — mode DRY_RUN, endpoint_bound (executor:8090/dispatch),no_mutation_assertion=true,fail_closed_no_mutation;DOT_KG_EXPLAIN_VERIFYverifier — VERIFY_ONLY, contract_ready. - Runtime gate:
real_run_enabled=false,execute_enabled=false,dry_run_only=true.
New artifact — v_dotkg_realrun_preflight (read-only; flips/executes nothing)
| gate | value | status |
|---|---|---|
| gate_real_run_enabled | false | BLOCK |
| gate_execute_enabled | false | BLOCK |
| gate_dry_run_only_cleared | true | BLOCK |
| gate_dotkg_owner_present | 0 | BLOCK |
| gate_contract_realrun_mode | DRY_RUN | BLOCK |
| precond_endpoint_bound | 1 | GO |
| boundary_no_mutation_assertion | 1 | GO |
| precond_dry_run_evidence | 2 | GO |
| invariant_real_run_count_zero | 0 | GO |
| OVERALL_VERDICT | REALRUN_BLOCKED_MULTI_GATE | NO_GO |
REAL_RUN enablement ladder (ordered; owner/president authority)
- PROC-OWN-04 — assign dot:kg family governance owner (
process_family:dot:kg). - Controlled-mutation boundary decision — keep
no_mutation_assertion=truefor the first REAL_RUN (read/explain only; verifier compares to DRY_RUN namespaceDRYRUN-NS:dot:kg:explain). - Contract promotion — DOT_KG_EXPLAIN
DRY_RUN → REAL_RUN(governed change; verifier stays VERIFY_ONLY). - dot_config flip —
dry_run_only=false, thenexecute_enabled=true, thenreal_run_enabled=true(owner-authorized; reversible). - External executor health — confirm
incomex-agent-api-executorhealthy + selfcheck 7/7 + 403 on non-authorized real run (already loopback-bound, read_only/cap_drop ALL). - First REAL_RUN — single correlated producer+verifier pair; expected output = same schema as the DRY_RUN fixture; success threshold = verifier PASS + no mutation outside namespace.
- Disable/rollback — flip
real_run_enabled=false(instant kill); contract back to DRY_RUN.
Expected outputs / safety guard / success threshold
- Output: KG-explain JSON in
DRYRUN-NS:dot:kg:explain; verifier deterministic compare. - Guard: fail_closed_no_mutation; loopback-only executor; killswitch via real_run_enabled.
- Threshold: 1 correlated REAL_RUN PASS with verifier match and zero out-of-namespace writes →
promote dot:kg from
correlated_dryrun_observedtoreal_run_observed.
10-process split prep
dot:kg today is a single candidate (PROC-CAND:dot:kg) spanning a mixed engine set (pg-function / agent_api / hybrid). The split to 10 governed processes is a post-REAL_RUN, owner-gated step: each split process gets its own definition + owner + axis_assignment after the family owner (PROC-OWN-04) exists and the first REAL_RUN passes. Not modelled as canon today (no fake split; verified set remains job:cut only).
Event activation sequence (PROC-OWN-05)
7 process.* event types are inactive (active=false). Activation is PROC-OWN-05 (depends on
AX-PROCESS canon, PROC-OWN-02). Sequence: canon axis → confirm process(es) → activate events. Not
executed (no authority).
Blocker
Owner (PROC-OWN-04 + dot_config authorization) + contract promotion + real_run authority. No engineering blocker — every precondition under engineering control is GO.