KB-56D8
T1 FIX7 Adversarial Review - 10 Level-B Pipeline (SUPERTRACK J)
3 min read Revision 1
QT001FIX7T1level-bpipelinerunbooksupertrack-j
10 — Level-B Pipeline / Operator Runbook Review (SUPERTRACK J)
Source: 09-level-b-pipeline-operator-runbook.md.
| # | Requirement | Spec answer | Verdict |
|---|---|---|---|
| J.1 | Level-B pipeline path/object specified | .github/workflows/fix7-level-b.yml → scripts/fix7/level-b/run.sh → sql/fix7/level-b; packets at knowledge/dev/reports/architecture/fix7-level-b-packets/{packet_id}/; ID regex ^FIX7-[ABC]-[0-9]{8}-[0-9]{3}$ |
PASS |
| J.2 | author/test stage | FIX7a additive, authority_cutover_complete=false |
PASS |
| J.3 | operator activation stage | FIX7b owner/ACL cutover; FIX7c activation then writer repoint; post-activation verifier ≤15 min | PASS |
| J.4 | exact command/runbook shape | workflow_dispatch requires packet ID + mode + expected commit; production-owner environment approval; runtime secret-manager credential; exact reviewed commit | PASS (shape; the run.sh/yml files are T1-built artifacts) |
| J.5 | proof artifact | immutable outputs per packet | PASS |
| J.6 | rollback artifact | preflight + rollback-only rehearsal stage; layer-specific rollback (doc 11) | PASS |
| J.7 | no manual privileged SQL rule | no manual psql/SSH SQL/Directus admin fallback; absence → FIX7_BLOCKED_LEVEL_B_PIPELINE_UNAVAILABLE |
PASS |
| J.8 | no-go conditions | any missing/extra/NULL/unknown/stale/hash/epoch/quorum/rollback/drift/pipeline failure stops | PASS |
Adversarial probes
- Does the pipeline actually exist? No — not yet. The yml/run.sh/sql files are artifacts T1 authors in FIX7a; live runs are operator-gated. This is correct per the staged model, but it means feasibility of the channel (GitHub Actions + a
production-ownerenvironment with required-reviewer approval + a runtime secret manager holding owner credentials) cannot be verified from PG and depends on CI/infra that must be confirmed to exist (doc 15, operator-gated). The spec'sFIX7_BLOCKED_LEVEL_B_PIPELINE_UNAVAILABLEcorrectly fail-closes if it does not. - Replaces the old manual
psql -U directuspath? Yes — explicitly forbids it. This is the correct closure of the prior-round "manual SQL is the deploy path" concern, conditional on the CI channel existing.
Verdict: LEVEL_B_SPEC_COMPLETE (specification)
The Level-B specification is complete (paths, packet model, stages, approval, proof, rollback, no-manual-SQL, fail-closed-if-absent). The runnable pipeline artifact does not exist yet (T1 authors it; operator/infra must provide the GHA production-owner environment + secret manager). Flagged as an operator-gated feasibility dependency in doc 15 — not a spec defect.