A redacted local record for the running gateway and the kimi-k3 example.
Read the simple version or open technical detail in any section.
1
Big idea
Operating well means repeating a short sequence: capture, change one unit, prove, then decide whether to retain or restore.
Think of it as… It is a pre-flight checklist: do not cancel a flight from anxiety and do not take off because a checklist looks pretty. The analogy breaks because rollback swaps artifacts and needs fresh proof..
Under the hood
The backup preserves verifiable binary and configuration. After restart, compare live/mirror hash, listener, exact model set, and K3 sentinels. Residual risk: no long-output proof and no literal acceptance of 1048576 tokens.
2
In one picture
backup manifest — governs — Backup preserves binary and configuration.
3
In the code
This is the real local path and a safe read-only command.
backups/MANIFEST.md
# trecho real, não editado
brew services restart cliproxyapi
# then compare hashes, listener, live models, and the narrow kimi-k3 sentinel harness
Open it yourself
brew services restart cliproxyapi
# then compare hashes, listener, live models, and the narrow kimi-k3 sentinel harness
4
Try it
Use the controls to retrieve the evidence before reading the explanation.
prior binary artifact — matches — After restart, compare listener and hashes.config mirror artifact — routes to — Long output remains a stated residual risk.controlled restart — excludes — Backup preserves binary and configuration.new service PID — proves — After restart, compare listener and hashes.localhost listener — bounds — Long output remains a stated residual risk.live mirror hash — maps to — Backup preserves binary and configuration.exact model set — restarts as — After restart, compare listener and hashes.kimi-k3 sentinel — preserves — Long output remains a stated residual risk.reversible exclusion — compares with — Backup preserves binary and configuration.long output gap — returns — After restart, compare listener and hashes.literal cap gap — confirms — Long output remains a stated residual risk.capstone decision — qualifies — Backup preserves binary and configuration.backup manifest verification record — records — After restart, compare listener and hashes.
Three-frame summary
1 Capture state before change2 Re-prove after restart3 Name residual risk explicitly
The backup preserves verifiable binary and configuration. After restart, compare live/mirror hash, listener, exact model set, and K3 sentinels. Residual risk: no long-output proof and no literal acceptance of 1048576 tokens.
Record the observation, preserve the exception, and choose the next narrow proof.
retrieveBackup before changeclick to flip
Backup preserves binary and configuration.
retrieveChecks after restartclick to flip
After restart, compare listener and hashes.
retrieveExplicit residual riskclick to flip
Long output remains a stated residual risk.
Predict before revealing
What follows a rollback restore?
Restoring artifacts changes live state, so the same listener, model, and sentinel proofs must run again.
Worked example
1Verify the backup manifest before restoration.
2Restart deliberately and compare live/mirror hashes.
3Re-run model and kimi-k3 sentinel checks; record residual risks.
Retrieval review
What follows a rollback restore?
Restoring artifacts changes live state, so the same listener, model, and sentinel proofs must run again.
Ask which boundary you would prove next; the next lesson narrows a different operational risk.