IU Core MVP — 10 Production Execution Readiness Package

Date: 2026-05-21 · COMMAND-REVIEW ONLY. NOT EXECUTED. Requires a separate sovereign-approved gate. This document does not constitute approval.

Scope of a future execution macro

Apply sql/iu-core/001..005 (greenfield, additive) to the target database. Recommended first target: the restore-test sandbox container pg-restore-test-* on vmi3080463, not the live directus DB.

Preconditions (all must hold)

1. Sovereign approval recorded for IU-core DDL execution (absent today ⇒ STOP).
2. NEEDS_RULING R1–R7 (report 03) resolved.
3. Fresh pg_dump backup of the target DB, sha-verified.
4. Read-only re-survey confirms the 7 iu-core table names are still absent (no drift since 2026-05-21).
5. evt_trigger_guard_ddl event trigger reviewed — this package creates no trigger, so no guard exception is needed for 001–005.

Exact DDL order (forward)

psql -1 -f sql/iu-core/001_iu_sql_link.sql
psql -1 -f sql/iu-core/002_iu_event_routes.sql
psql -1 -f sql/iu-core/003_parent_child_constraints.sql
psql -1 -f sql/iu-core/004_structure_ops_lineage.sql
psql -1 -f sql/iu-core/005_trigger_contracts_and_guards.sql

Each file is self-transacted (BEGIN; ... COMMIT;). -1 adds an outer single-transaction wrapper per invocation.

Exact rollback order (reverse)

psql -1 -f sql/iu-core/rollback/005_trigger_contracts_and_guards.rollback.sql
psql -1 -f sql/iu-core/rollback/004_structure_ops_lineage.rollback.sql
psql -1 -f sql/iu-core/rollback/003_parent_child_constraints.rollback.sql
psql -1 -f sql/iu-core/rollback/002_iu_event_routes.rollback.sql
psql -1 -f sql/iu-core/rollback/001_iu_sql_link.rollback.sql

Each table rollback REFUSES to drop a non-empty table — disable/retire/ archive rows first.

Verification queries (read-only, post-apply)

-- 7 tables present
SELECT tablename FROM pg_tables WHERE schemaname='public'
  AND tablename IN ('iu_sql_link','iu_sql_event_route','iu_outbound_route',
  'iu_route_attempt','iu_tree_path','iu_relation','iu_structure_operation');
-- 2 views present
SELECT viewname FROM pg_views WHERE schemaname='public'
  AND viewname IN ('v_iu_tree','v_iu_sql_link_resolved');
-- 7 functions present
SELECT proname FROM pg_proc WHERE proname LIKE 'fn_iu_%routes%'
  OR proname IN ('fn_iu_sql_link_validate','fn_iu_tree_is_descendant',
  'fn_iu_tree_assert_acyclic','fn_iu_emit_event',
  'fn_iu_sql_link_inbound_capture','fn_iu_outbound_on_version');
-- no trigger attached by this package
SELECT count(*) FROM pg_trigger WHERE tgname LIKE 'trg_iu_sql_in%'
  OR tgname='trg_iu_out_version';   -- expect 0

Expected counts

Object	Before	After
iu-core tables	0	7
iu-core views	0	2
iu-core functions	0	7
rows in any iu-core table	0	0 (DDL only, no DML)
triggers attached	0	0
information_unit / unit_version / event_* rows	158 / 165 / unchanged	identical

STOP conditions

• Sovereign approval absent ⇒ STOP.
• Re-survey shows any iu-core table already present ⇒ STOP (investigate drift).
• Backup missing or sha unverified ⇒ STOP.
• Any forward file errors mid-apply ⇒ STOP, run the matching rollback.

Operator checklist

• Approval id recorded.
• Target DB confirmed (sandbox first).
• Backup taken + sha logged.
• Read-only re-survey clean.
• Apply 001→005 in order.
• Run all verification queries; counts match table above.
• Evidence report uploaded to KB.

Post-execution verification

Run the verification queries; confirm 7 tables / 2 views / 7 functions / 0 triggers / 0 rows; confirm information_unit and unit_version row counts unchanged.

Rollback decision tree

• Apply failed at file N ⇒ rollback N..001 (only the applied files); tables are empty so guards pass.
• Apply succeeded but a defect found before any DML ⇒ rollback 005..001 cleanly.
• Apply succeeded and rows exist ⇒ rollback REFUSES; archive/retire rows, then rollback. Never force-drop.

Forbidden in this readiness package

No execution, no DML, no trigger attachment, no route enabling, no execution_enabled flip. Trigger attachment + route enabling are separate sandbox macros after R1–R7 are ruled.