Step 8 · Operations evidence · Operations evidence · Operate, rollback, and capstone PT-BREN
CLIProxyAPI 7.2.70 · kimi-k3 · Visual course

Operate, rollback, and capstone

Operating well means repeating a short sequence: capture, change one unit, prove, then decide whether to retain or restore.

Read first (primary source)
CONFIG-MODEL-POLICY-EVIDENCE.md

A redacted local record for the running gateway and the kimi-k3 example.

Read the simple version or open technical detail in any section.
1

Big idea


Operating well means repeating a short sequence: capture, change one unit, prove, then decide whether to retain or restore.

Think of it as… It is a pre-flight checklist: do not cancel a flight from anxiety and do not take off because a checklist looks pretty. The analogy breaks because rollback swaps artifacts and needs fresh proof..

Under the hood

The backup preserves verifiable binary and configuration. After restart, compare live/mirror hash, listener, exact model set, and K3 sentinels. Residual risk: no long-output proof and no literal acceptance of 1048576 tokens.

2

In one picture


01 · backup manifestbackup manifestgovernsprior binary artifactBackup preserves binary and configuration.
backup manifest — governs — Backup preserves binary and configuration.
3

In the code


This is the real local path and a safe read-only command.

backups/MANIFEST.md
# trecho real, não editado
brew services restart cliproxyapi
# then compare hashes, listener, live models, and the narrow kimi-k3 sentinel harness

Open it yourself

brew services restart cliproxyapi # then compare hashes, listener, live models, and the narrow kimi-k3 sentinel harness

4

Try it


Use the controls to retrieve the evidence before reading the explanation.

02 · prior binary artifactprior binary artifactmatchesconfig mirror artifactAfter restart, compare listener and hashes.
prior binary artifact — matches — After restart, compare listener and hashes.
03 · config mirror artifactconfig mirror artifactroutes tocontrolled restartLong output remains a stated residual risk.
config mirror artifact — routes to — Long output remains a stated residual risk.
04 · controlled restartcontrolled restartexcludesnew service PIDBackup preserves binary and configuration.
controlled restart — excludes — Backup preserves binary and configuration.
05 · new service PIDnew service PIDproveslocalhost listenerAfter restart, compare listener and hashes.
new service PID — proves — After restart, compare listener and hashes.
06 · localhost listenerlocalhost listenerboundslive mirror hashLong output remains a stated residual risk.
localhost listener — bounds — Long output remains a stated residual risk.
07 · live mirror hashlive mirror hashmaps toexact model setBackup preserves binary and configuration.
live mirror hash — maps to — Backup preserves binary and configuration.
08 · exact model setexact model setrestarts askimi-k3 sentinelAfter restart, compare listener and hashes.
exact model set — restarts as — After restart, compare listener and hashes.
09 · kimi-k3 sentinelkimi-k3 sentinelpreservesreversible exclusionLong output remains a stated residual risk.
kimi-k3 sentinel — preserves — Long output remains a stated residual risk.
10 · reversible exclusionreversible exclusioncompares withlong output gapBackup preserves binary and configuration.
reversible exclusion — compares with — Backup preserves binary and configuration.
11 · long output gaplong output gapreturnsliteral cap gapAfter restart, compare listener and hashes.
long output gap — returns — After restart, compare listener and hashes.
12 · literal cap gapliteral cap gapconfirmscapstone decisionLong output remains a stated residual risk.
literal cap gap — confirms — Long output remains a stated residual risk.
13 · capstone decisioncapstone decisionqualifiesbackup manifest verification recordBackup preserves binary and configuration.
capstone decision — qualifies — Backup preserves binary and configuration.
14 · backup manifest verification recordbackup manifest verification recordrecordsbackup manifestAfter restart, compare listener and hashes.
backup manifest verification record — records — After restart, compare listener and hashes.

Three-frame summary

1 Capture state before change
2 Re-prove after restart
3 Name residual risk explicitly
The backup preserves verifiable binary and configuration. After restart, compare live/mirror hash, listener, exact model set, and K3 sentinels. Residual risk: no long-output proof and no literal acceptance of 1048576 tokens.
Record the observation, preserve the exception, and choose the next narrow proof.
retrieveBackup before changeclick to flip
Backup preserves binary and configuration.
retrieveChecks after restartclick to flip
After restart, compare listener and hashes.
retrieveExplicit residual riskclick to flip
Long output remains a stated residual risk.
Predict before revealing

What follows a rollback restore?

Restoring artifacts changes live state, so the same listener, model, and sentinel proofs must run again.

Worked example
1Verify the backup manifest before restoration.
2Restart deliberately and compare live/mirror hashes.
3Re-run model and kimi-k3 sentinel checks; record residual risks.
Retrieval review
What follows a rollback restore?

Restoring artifacts changes live state, so the same listener, model, and sentinel proofs must run again.

Ask which boundary you would prove next; the next lesson narrows a different operational risk.