All runbooks
evidenceuai-explorerredacted view

Staged Catalog Import Local Evidence

Synced UAI Explorer evidence documentation from docs/evidence/staged-catalog-import-local-2026-06-20.md.

Updated 2026-06-21·Freshness: Reference·Sensitive tokens or credentials were hidden before display.

Staged Catalog Import Local Evidence

Date: 2026-06-20
Timezone: America/St_Johns

Scope

Added the final mechanical importer for approved staged catalog packages. This did not select real private content, mutate production CT 121, authorize public cutover, change DNS/TLS/firewall/routing, or import any real operator content into the live sandbox or production catalog.

Added

  • tools/import_staged_catalog.py
  • tests/test_import_staged_catalog.py
  • Content-promotion runbook import instructions.

Boundary

The worker starts after tools/stage_approved_catalog.py has produced catalog-import-staged.json and staged artifacts under a catalog data root.

It validates:

  • staged import kind and public-safe flags,
  • staged artifact paths under the catalog data root,
  • blocked lane names such as raw-survey-zone, sanitized-exports, uploads, private, and data,
  • staged artifact existence,
  • sanitized hash declaration,
  • staged artifact SHA-256,
  • operator approval, review-closed state, visibility, and required tags,
  • Explorer catalog schema presence.

Database writes require --apply. Without --apply, the worker validates the package and writes a dry-run result only.

Verification

Focused local validation passed:

python -m unittest tests.test_import_staged_catalog -v

The focused test coverage proves:

  • dry-run validation does not mutate the catalog database,
  • explicit --apply imports catalog items and tag rows,
  • staged hash mismatches are rejected before database mutation.

Full validation and sandbox packaging are recorded in [REDACTED:high-entropy].md.