{"hash":"fb9ac14ab4cb4da367da454cf37cadb454ec88e9301f1a1e713b58fa2e0b9448","short_code":"2026-05-12T19:50:00+00:00","title":"PERMIT — procedure: interim scp ship of /home/admin/{main.py, config.py, services/*/router.py} on Lightsail (kernel-plane ship discipline, parallel to 332ef4bd for static plane)","kind":"procedure","principal":"doctortheisen","scope_tag":"lightsail_kernel_interim_ship","tier":"architect","issued_at":"2026-05-12T19:50:00+00:00","expires_at":"","surface":"espadvisorygroup.com (Lightsail FastAPI canonical, /home/admin/{main.py, config.py, services/intake/router.py, services/timeline/router.py, services/views/router.py, services/permits/router.py})","chain_hash":"","conditions":[["scope_boundary","Strictly the file paths in GOVERNED_FILES bound to surface_authority c3d67368. Editing files outside this list under this procedure is a violation; new files require a supersede of c3d67368 extending GOVERNED_FILES first."],["pre_mint_required","KERNEL_CODE mint (step 2) MUST precede scp (step 3). Direct scp without prior KERNEL_CODE mint is the failure mode this procedure exists to prevent — exactly the gap that admitted the 2026-05-12 19:14:15Z config.py edit."],["forward_attestation","scp is the agent (or operator) action; KERNEL_CODE pre-mint + SHIP_RECEIPT post-mint are the bracketing attestations. YubiKey on both."],["reload_discipline","systemctl restart espadvisory-kernel.service required after edit; service is the live reader of these files. Hot-reload not configured."],["sunset_clause","When v_kernel SOP lands or register-resident code rendering ships for kernel plane, this permit becomes superseded; scp ceases to be authorized for kernel files. Agents must read this PERMIT before scp."],["governance_invariant","332ef4bd (static-plane interim) explicitly excluded kernel code as 'separate ship discipline.' This permit IS that discipline. Mirrors 332ef4bd shape; differs in: GOVERNED_FILES (kernel paths), pre-mint requirement (KERNEL_CODE before scp, not optional), restart step (kernel files require service reload)."]],"hash_short":"fb9ac14ab4cb","register_source":"espadvisorygroup_sister","register_genesis":"f3363f614347023565e0916ed13eff0c6ca42d830b60f2a56c56612975b2f91c","federation_note":"v_permit row from sister register; mint event sha256 preserved in main FIELD.db; bundler declaration at 110b3009"}