Approved Catalog Staging Local Evidence
Date: 2026-06-20
Timezone: America/St_Johns
Scope
Added a private-lane staging worker after catalog import approval. This did not
read raw device files, reconnect to Zenbook, mount raw survey folders into CT
126, mutate production CT 121, import catalog rows into production, or
authorize public cutover.
Added
tools/stage_approved_catalog.pytests/test_stage_approved_catalog.py- Content-promotion runbook staging instructions.
Boundary
The worker starts after tools/prepare_catalog_import.py has produced
catalog-import-approved.json. It reads only:
- a redacted export directory,
- approved sanitized artifact files under
artifacts/*.md, - an approved catalog import JSON.
It writes:
- staged sanitized artifacts under an operator-provided catalog root,
catalog-import-staged.jsonwith rewritten catalog-root-relativesource_pathvalues.
It refuses:
- blocked stage prefixes such as
raw-survey-zoneorsanitized-exports, - staged paths that escape the catalog root,
- approved imports that are not public-publishable,
- approved entries without operator approval, visibility, or tags,
- artifacts that do not declare the approved sanitized hash,
- unredacted secret-shaped values in staged artifacts.
Verification
Focused local validation passed:
python -m py_compile tools\stage_approved_catalog.py tests\test_stage_approved_catalog.py
python -m unittest tests.test_stage_approved_catalog -v
The focused test coverage proves:
- approved sanitized artifacts are copied into a catalog root,
source_pathvalues are rewritten to staged catalog-root-relative paths,- blocked stage prefixes are rejected,
- sanitized hash declaration mismatches are rejected.
Full validation and sandbox packaging are recorded in
[REDACTED:high-entropy].md.