05 — DOT / no-hardcode / five-layer / observability / rollback

1. DOT — 84 → 104 → 106

class	240x	480x apply	500x (017)
table	14	14	14
view	12	14	14
function	34	36	38
trigger	3	3	3
config	6	6	6
event_type	7	15	15
route	8	16	16
total	84	104	106

Migration 017 adds fn_iu_piece_soft_delete + fn_iu_piece_restore. runtime/110's _iu_core_expect SSOT + the D9 verdict VALUES list + the D3 echo were all bumped (36 → 38, total → 106) in the SAME commit. Live production runtime/110: 106/106, every D9 class ok=true, D8 drift guard 0 rows.

2. No-hardcode — PASS

• 016 / 017 / rollback/017 / runtime/260 (corrected) / sandbox/110 (corrected) / sandbox/120 — 0 secret / IP / DSN / uuid literal.
• fn_iu_piece_soft_delete / _restore source the IU Gateway marker key from dot_config (iu_create.gateway.marker_key) — never the literal 'app.canonical_writer'. The 'fn_iu_structure_op' marker value is an allow-listed canonical-writer token (classified domain vocabulary — same status as fn_iu_structure_op_apply using it).
• runtime/260's 'delayed' lane and the composer event-type / route-code strings are registry-backed domain vocabulary.
• dot_commands.py — contract constants only; sql_literal is a SQL-text generator (the operator runs the output), with quote-doubling tested. 0 DSN / host / secret.

3. Five-layer sync

Layer	Impact
PG	Real, applied: migration 016 (2 fn / 2 views / 4 CREATE-OR-REPLACE), runtime/260 (8 event types / 8 routes, delayed lane), runtime/270 (+2 IU / +1 collection / +2 membership / +4 events), migration 017 (2 fn). All additive / reversible. information_unit 158 → 160.
Directus	No collection/field DDL — IU-core objects are sidecar tables, not Directus collections. No Directus-managed data touched.
Nuxt	Render-only — v_iu_composer_event_backlog / v_iu_collection_export_status are read surfaces for a future composition-observability / file-builder UI. No component contract change.
AgentData / KB	This macro's 7 reports under v0.6-iu-core-500x-dot-one-command-composer-production-closeout-open-goal/, uploaded + list/read/search-verified.
Qdrant / vector	No impact. The iu-tree/ manifests remain natural deterministic vector-index units (carried forward).

4. Observability

Surface	Source
composer event backlog + delivery state	v_iu_composer_event_backlog (016)
collection text-as-code export status	v_iu_collection_export_status (016)
collection health	v_iu_collection_health (015)
route attempt summary	v_iu_route_attempt_summary (009)
dead-letter	v_iu_route_dead_letter_open (009)

Live: 4 composer events in v_iu_composer_event_backlog, each 1 dry-run attempt; v_iu_collection_export_status shows scratch-file-001 digest_present=t composer_event_count=4; dead-letter open 0.

5. Rollback / disable readiness

Every mutation path is reversible:

• migration 016 → rollback/016; runtime/260 → runtime/rollback/260; runtime/270 → runtime/rollback/270 (soft-deletes the 2 minted IUs); migration 017 → rollback/017.
• Disable path: close iu_core.routes_master_enabled (emission stops bus-wide) OR iu_core.composer_enabled (every composer + operator-surface mutator refuses) OR runtime/rollback/260 (event types deactivated → emit returns NULL).
• Soft-delete is reversible by one command — dot_iu_restore_piece.

6. End-state gates

iu_core.composer_enabled=false (inert), iu_core.delivery_enabled=false (external delivery blocked), iu_core.routes_master_enabled=true (emission live, controlled), iu_core.route_worker_enabled=true. Every composer route dry_run=true. External delivery structurally impossible. No production CUT. No execution_enabled flip.