10 — Safety Audit

Method

Rehearsed the full transaction twice with BEGIN..ROLLBACK before committing. The first rehearsal caught a CHECK constraint (remediation_status enum) and the second caught a view creation-order cycle (regclass cast); both were fixed and re-rehearsed clean. Applied once (ssh contabo -> docker exec -i postgres psql -U directus -d directus -v ON_ERROR_STOP=1) inside one explicit BEGIN..COMMIT with statement_timeout=120s.

Before == after (read-back via MCP query_pg, post-commit)

birth_registry 1,210,989 == 1,210,989 (birth-neutral; all DML is on qt001 governance tables which carry no birth trigger; the 74-row plan rebuild created 0 births). qt001-apply-origin 0. trigger_guard_alerts 129 == 129 (no CREATE TRIGGER, no ALTER TABLE — uniqueness via CREATE UNIQUE INDEX, integrity via inline CHECK and guard views). apr_approvals 42 == 42. gateway contract all_ok=true. open execute permits 0. done ledgers 0. Stage 0 freeze enforced (dangerous DOTs frozen). No REALRUN/event/UI/permission/owner/vote mutation.

Apply posture

No QT-001 apply. No permit opened. p_execute path of the writer is now stricter (governance lockdown) and provably fails closed (writer_cannot_execute=true). must_not_proceed.pass=true. readiness v5 overall_ready=false.

Reversibility

99_rollback.sql staged: drops the 20 additive views, 9 additive functions, the registry_v2 table, reverts the 8 new inventory rows + HC-05, and restores the 3 replaced functions (machine_tier, build_plan_registry, writer) from their v1 bodies (preserved in this report set and the prior 2.6A-FIX SQL dir). Not executed.

What was NOT changed

fn_birth_registry_auto (gateway body), any trigger, the two frozen Stage-0 DOTs, birth_registry rows, permits, ledgers, owner/vote/RP/event/UI.