IU Core Production DDL — 02 Survey, gates, backup
IU Core Production DDL — 02 Survey, gates, backup
Date: 2026-05-21 · Read-only survey + 6-gate evaluation + backup.
Target identity (Gate 2)
- Production database =
directusin containerpostgres(id22540b78de8f7e59ee6f83f5cf169652b6151f1f2c01ae3d81cac6d3c08da5e6, imagepostgres:16, PostgreSQL 16.13) onvmi3080463. - Positively identified: the
incomex-directusapp (directus 11.5) connects withDB_HOST=postgres DB_DATABASE=directus DB_USER=directus. - Sandbox container
pg-restore-test-20260520T031054Zis a distinct, separate container — not touched by the apply.
Drift / collision survey (Gate 4) — greenfield confirmed
| Object class | Found | Expected |
|---|---|---|
| iu-core tables (7 exact names) | 0 | 0 |
iu-core views (v_iu_tree, v_iu_sql_link_resolved) |
0 | 0 |
iu-core functions (7 exact fn_iu_* names) |
0 | 0 |
| iu-core index-name collisions | 0 | 0 |
information_unit rows |
158 | (unchanged) |
unit_version rows |
165 | (unchanged) |
Note: the DB has 25 pre-existing fn_iu_% functions and 4 trg_iu_%
triggers — all v0.5 lifecycle objects. Surveying the exact iu-core
names (not the LIKE pattern) confirmed 0 collisions.
Dependency columns — all present
information_unit: id, parent_or_container_ref, sort_order, canonical_address, deleted_at — all present.unit_version: id, unit_id, version_seq, content_hash, created_by — all present.dot_config: key, value (text) — present.event_outbox: 13 referenced columns present.event_type_registry: event_domain, event_type present.
Apply-role privileges
directus role: NOT superuser, NOT createdb, but
has_schema_privilege('public','CREATE')=t, REFERENCES on
information_unit + unit_version = t, USAGE on plpgsql = t. Owns
information_unit, dot_config, public.unit_version. Sufficient to
apply 001..005 — objects created owned by directus (consistent with the
existing iu objects).
Master gate state
dot_config 'iu_core.routes_master_enabled' = absent ⇒ off.
event_type_registry has 0 iu-domain rows. Post-apply the iu-core
event/route functions are therefore fully inert (fail-closed).
Backup (Gate 3)
docker exec postgres pg_dump -U directus -Fc -d directus- File:
/root/backups/iu-core-prod-ddl/directus-pre-iucore-20260521T103010Z.dump - Size 74,400,952 bytes · sha256
4c18e317c46007991a39be10769f28dbdd599ea497010b52d15f84a71022289d— identical between in-container copy and the host copy. pg_restore -lTOC = 2873 objects — dump structurally valid.
6-gate evaluation
| Gate | Result |
|---|---|
| 1 Correct host | PASS — MacBook, clean repo at 4ce2667 |
| 2 Target identity | PASS — directus@postgres positively identified |
| 3 Fresh backup | PASS — sha-verified, restorable TOC |
| 4 Fresh drift check | PASS — 0/7/0 greenfield, deps present |
| 5 Package integrity | PASS — 001..005 + rollbacks read, additive/idempotent |
| 6 Stop/rollback boundary | PASS — reverse-order, row-loss-guarded, drill-proven |
All 6 gates PASS → the prompt's narrow production-DDL approval is in force.