Sensitive Runtime Bridge Authority Checkpoint
The sensitive fallback bridge is now typed, identity-checked, and locally rollbackable.
M1 now has a stricter sensitive fallback bridge and a safer production runtime decision surface. The checkpoint keeps the work local-only: no live Gemini call, no public runtime, no real-user data, no external writes, no production telemetry, and no runtime embedding authority promotion.
What changed
The sensitive runtime bridge now validates itself as a typed bridge, not just a JSONL shape. It emits exactly the 22 sensitive eval-passing rows and excludes the 3 blocked carryover rows by stable identity checks.
Updated code: top_band_runtime_contract_bridge.py, production_runtime_contracts.py, reports.py, and focused tests for bridge/runtime contracts. Updated receipts include the bridge, production runtime contracts, route coverage, route repair queue, and full validation artifacts.
Safety fixes
| Finding | Fix |
|---|---|
| The bridge could append extra non-sensitive legacy intake rows after emitting the 22 sensitive rows. | The full sensitive pack now suppresses that legacy path and validates total bridge identity against the passed eval identities. |
case manager had older deterministic role-resolution decisions plus a later correct abstain decision. | Role-resolution decisions are now deduped by normalized title with repair/blocker precedence. Evidence rows remain preserved, but consumers see one decision. |
Current proof
| Checkpoint | Result |
|---|---|
| Top 500 serve/fallback/abstain | 483 / 13 / 3 |
| Top 1000 serve/fallback/abstain/not found | 944 / 27 / 3 / 22 |
| Route repair queue rows | 25 |
| AIN-510 stale vectors | 0 |
The final case manager runtime decision is a single abstain record with source_authority_status=jd_context_confirmation_blocked.
Boundaries still locked
This checkpoint intentionally keeps public runtime, real-user data, external writes, production telemetry, runtime embedding authority promotion, live Gemini invocation for this slice, batch manifest creation, and bridge approval for blocked sensitive rows turned off.
Verification
uv run pytest tests/test_top_band_runtime_contract_bridge.py tests/test_top_band_runtime_route_coverage.py tests/test_top_band_runtime_route_repair_queue.py tests/test_production_runtime_contracts.py tests/test_role_context_query.py tests/test_runtime_authority_contract.py tests/test_production_runtime_readiness.py -q uv run ruff check src/aina_data_engine/top_band_runtime_contract_bridge.py src/aina_data_engine/production_runtime_contracts.py src/aina_data_engine/reports.py tests/test_top_band_runtime_contract_bridge.py tests/test_production_runtime_contracts.py uv run aina-data-engine --root /srv/aina/aina-data-engine-room top-band-runtime-contract-bridge uv run aina-data-engine --root /srv/aina/aina-data-engine-room production-runtime-contracts uv run aina-data-engine --root /srv/aina/aina-data-engine-room top-band-runtime-route-coverage uv run aina-data-engine --root /srv/aina/aina-data-engine-room top-band-runtime-route-repair-queue uv run aina-data-engine --root /srv/aina/aina-data-engine-room ain-510-runtime-authority-contract --request-local-authority uv run aina-data-engine --root /srv/aina/aina-data-engine-room docs-frontmatter-check uv run aina-data-engine --root /srv/aina/aina-data-engine-room artifact-exposure-scan uv run aina-data-engine --root /srv/aina/aina-data-engine-room ain-506-p0-gate uv run aina-data-engine --root /srv/aina/aina-data-engine-room ain-510-retrieval-promotion-gate uv run aina-data-engine --root /srv/aina/aina-data-engine-room production-runtime-readiness uv run aina-data-engine --root /srv/aina/aina-data-engine-room validate
All passed.
Next work
Continue M2: clean, repair, and embed source families. Start with a refreshed source-family eligibility ledger, use JD/company/industry/seniority/responsibility/workflow/tool context before title-only repair, and only run live Gemini through Vertex ADC on aina-495702 after source-family gates pass.
cd /srv/aina/aina-data-engine-room git status --short --branch git log -3 --oneline uv run aina-data-engine --root /srv/aina/aina-data-engine-room validate uv run aina-data-engine --root /srv/aina/aina-data-engine-room ain-506-p0-gate uv run aina-data-engine --root /srv/aina/aina-data-engine-room ain-510-retrieval-promotion-gate
Start M2 from the eligibility ledger, not from title-only cleanup or fresh LLM generation.