Incomex AI Portal
KB-704A

D2-supp2 — Endpoint Service Deploy Ladder (dot-kg runbook companion)

3 min read Revision 1

D2-supp2 — dot-kg SOP companion: endpoint service deploy + dry-run ladder

Companion to d2-dot-kg-process-family-sop-runbook-2026-06-04.md and d2-supp-endpoint-dryrun-ladder-2026-06-04.md. Derived doc; no source IU edited.

1. Endpoint service requirements (now concrete)

The dot-kg producer endpoint must be: no-mutation (no DB connection), fixture-driven, DRYRUN-NS-only, fail-closed (refuse REAL_RUN / wrong runtime / missing fixture / missing correlation), idempotent (temperature 0), generic (keyed by dot_code). A reference implementation is staged at /opt/incomex/docs/mcp-writes/process-discovery-endpoint-service-2026-06-04/ and passes its no-LLM wiring self-test on the VPS.

2. The deploy + dry-run ladder (operator)

  1. plan_only_tested (current) — contract + dispatcher validate; no producer.
  2. service deployed — build + start the staged container (internal-only, OpenAI provider).
  3. selfcheck pass — the service selfcheck route returns pass true (7/7), no LLM.
  4. non-mock dispatch — the service dispatch route (mode DRY_RUN) returns verifier pass true, is_mock false, writes_db false.
  5. endpoint bound — apply sql/bind_endpoint.sql (endpoint_ref + mode DRY_RUN).
  6. dry_run_observed — call the DB dispatcher in DRY_RUN with write; upgrade the observation evidence_type SIMULATED_DRY_RUN → DRY_RUN.
  7. correlation + real_run → verified → owner → 10-def split → process.* activation.

3. Policy gates (carried + reinforced)

A discovered auto-workflow must clear, in order: component-graph → correlation → endpoint (for agent_api) → dry-run observation → real-run observation → owner. dot:kg currently fails at correlation (earliest), and also endpoint + dry-run. No rung may be skipped.

4. Warning badges for the runbook

  • The DB dispatcher CANNOT execute a DOT; it validates and records SIMULATED only.
  • DRY_RUN is refused while endpoint_ref is NULL — by design.
  • MOCK_PRODUCER mode is wiring-only; never bind the endpoint while mock — it would record a fake.
  • approval_requests inserts and births are unretirable; action='add' auto-approves — use 'review'.
  • The deterministic verifier's failure path was fixed 2026-06-04; re-test negatives after any change.
  • 0 DOT executed / 0 born / 0 DRY_RUN / 0 REAL_RUN as of this run.

5. Future true dry-run command

After deploy + bind, the family dry-run is a single DB dispatcher call per pair in DRY_RUN with observation write, followed by the evidence_type upgrade once the executor's verifier passed on a non-mock output. Document each pair's correlation id so step 7 (correlation) is satisfiable.