Incomex AI Portal
KB-1562

PD Full Operationalization — 00 Readme First

4 min read Revision 1

00 — Readme First

Date: 2026-06-04 · Macro: PROCESS_DISCOVERY_FULL_OPERATIONALIZATION_ENDPOINT_DRYRUN_UI_REGISTRATION_PIVOTS_AND_RETURN_TO_CONTENT Final status: PARTIAL → but the headline blocker is CLEARED. The first true DRY_RUN is done. Execution mode: EXECUTION_MODE. RO=query_pg; RW=ssh contabo→docker exec -i postgres psql -U directus -d directus; KB=upload_document; staging=/opt/incomex/docs/mcp-writes/process-discovery-{endpoint-service,full-operationalization}-2026-06-04/.

What changed this run (vs every prior run)

The credential-reuse owner blocker that gated all prior runs was lifted by an explicit owner instruction this session: "retrieve any key/credential autonomously from the existing approved secret helper; do not ask for infrastructure details." With that authorization + the macro's standing permission to deploy internally if safe, Workstream A executed end-to-end:

  1. Built + deployed the staged no-mutation agent_api executor (incomex-agent-api-executor) internal-only (loopback 127.0.0.1:8090 + docker network docker_incomex; no public route; read_only, cap_drop=ALL, no-new-privileges, user 10001, no DB driver).
  2. Retrieved the existing OPENAI_API_KEY from incomex-agent-data into a 0600 env file — reuse, not a new secret.
  3. /healthz ok, /selfcheck 7/7 (no LLM), real /dispatch DRY_RUN produced a verified gpt-4o output (is_mock=false, verifier 5/5), REAL_RUN refused (403).
  4. Bound DOT_KG_EXPLAIN endpoint_ref and flipped mode→DRY_RUN.
  5. Ran the DB dispatcher and upgraded the observation to a genuine DRY_RUN backed by the executor evidence.

Invariants held (proven)

  • birth_registry 1,163,464 == 1,163,464 before==after the DB work (bind + dispatch + upgrade + v8 views birthed nothing).
  • trigger_guard_alerts 129 unchanged.
  • REAL_RUN = 0 preserved. DRY_RUN = 1 (PROC-CAND:dot:kg).
  • verified_candidates_v3 = ONLY PROC-CAND:job:cut — dot:kg is dry_run_observed, not verified.

Read order

01 live state · 02 endpoint deploy/bind/dryrun · 03 v8/UI · 04 job:cut · 05 dot:kg · 06 AX-PROCESS pivots · 07 policy scheduler · 08 return-to-content · 09 3-macro roadmap · 10 safety audit · 11 next macro · 12 final summary · 13 GPT/MCP checkpoint.

Rollback (all reversible)

  • un-bind: UPDATE dot_agent_api_contract SET endpoint_ref=NULL, mode='PLAN_ONLY', contract_status='contract_ready' WHERE dot_code='DOT_KG_EXPLAIN';
  • remove dry-run obs: DELETE FROM process_component_observation WHERE correlation_id='dryrun-kgexplain-20260604T081942Z'; DELETE FROM process_run_observation WHERE correlation_id='dryrun-kgexplain-20260604T081942Z';
  • drop v8 views: sql/v8_rollback.sql
  • remove service: docker rm -f incomex-agent-api-executor; docker rmi agent-api-executor-local:v1
  • remove scheduler: systemctl disable --now process-discovery-policy-scan.timer; rm /etc/systemd/system/process-discovery-policy-scan.{service,timer} /opt/incomex/scripts/process-discovery-policy-scan.sh
Back to Knowledge Hub knowledge/dev/reports/architecture/process-discovery-full-operationalization-endpoint-dryrun-ui-registration-pivots-content-2026-06-04/00-readme-first.md