Checkpoint — Pre-Birth Pilot dot_tools Permit + Composite Rollback Rehearsal (2026-06-03)
Checkpoint — Pre-Birth Pilot (dot_tools) Permit + Composite Rollback Rehearsal
Date: 2026-06-03 Macro: PRE_BIRTH_PILOT_DOT_TOOLS_PERMIT_AND_COMPOSITE_UNIQUE_ROLLBACK_REHEARSAL Final status: PASS Execution mode: EXECUTION_MODE (root ssh → docker postgres → psql workflow_admin, superuser, read-write capable)
1. Live mutation
NONE. Every rehearsal ran inside BEGIN…ROLLBACK — temp objects (ON COMMIT DROP / pg_temp) plus one OID-stable CREATE OR REPLACE that was rolled back. No DDL/DML committed.
2. Entry hash == exit hash
YES. fn_birth_registry_auto md5 1f729b35… (entry==exit), fn_birth_gate b6700aa8…, fn_birth_registry_auto_id 3f3515de…, birth_registry constraints, dot_tools trigger-set — all identical. birth_admission_permit ABSENT after rollback. dot_tools unborn 0→0.
3. Recommended decision
APPLY — OWNER-GATED. The dot_tools pilot is feasible. Nothing blocks the engineering; every blocker is authority (owner DDL, registrar creds, scheduler, OSPA).
4. dot_tools pilot feasibility
FEASIBLE. Permit-consuming BEFORE gate + DEFERRABLE finalize proven on an exact temp clone, without modifying the global fn_birth_gate and without locking production dot_tools.
5. Composite-unique decision
COMPOSITE_READY. (entity_code, collection_name) already unique across all 1,126,728 rows (0 violations, 0 null collections, 0 FK deps). Only 2 functions reference the old conflict target; both OID-stable patchable. ONE-WAY DOOR: dropping UNIQUE(entity_code) is irreversible once any 2nd-collection code (the 5 pivots) is born → sequence pivot births as a separate reversible step AFTER the constraint swap.
6. Permit-table decision
PROVEN / APPROVE. Additive, reversible, self-contained. 7-state model (REQUESTED/RESERVED/CONSUMED/FINALIZED/FAILED/EXPIRED/CANCELLED), CHECK + idempotency-unique + single-active partial-unique. No secrets stored.
7. Finalize-trigger decision
PROVEN / APPROVE (dot_tools-only or policy-flagged). DEFERRABLE constraint trigger reusing the live trg_iu_birth_gate_layer2 pattern; CONSUMED→FINALIZED at the commit boundary; vanished row fails finalize. Should mark the existing birth row finalized, not insert a new birth.
8. Designs delivered
Sequential DOT dot-birth-admit (state machine + idempotency + retry + break-glass + stop-conditions). Governance handoff = decoupled cursor-tail/CDC over BORN tail + registry_changelog (70,434), 0 new tables, capture-only until OSPA ≥ 1, never blocks birth. Drift monitor = DETECT_ONLY + fail-closed via a new gate_drift BLOCK dim; a DDL-guard event trigger already fires in prod.
9. Exact blockers (authority, not engineering)
- Owner DDL approval (apply packet).
- dot-dot-register registrar credentials — ABSENT.
- External scheduler — pg_cron absent.
- Human OSPA ≥ 1 — governance ACTIVATION only (not birth).
- Owner identity decision: dot_iu_command_catalog (54) + 6 REAL_MISSING phantoms (needs a retire mechanism — none exists; all rows status='born', no CHECK, no retire fn).
10. Live BLOCK dims (unchanged)
orphan_critical 59 · phantom_real 6 · fs_no_registry 16 · dot_pivot_update 1. RP cleanup NO-GO, enforced by fn_assert_safe_for_dot_action.
11. Next macro
PRE_BIRTH_PILOT_DOT_TOOLS_APPLY_PERMIT_AND_COMPOSITE_OWNER_GATED — apply doc-10 packet in order; STOP before dropping the single-col unique; birth the 5 pivots separately (orphan 59→54); then pilot gate + finalize + registry-driven code rule (replace hardcoded ^[A-Z]+-[0-9]+$).
12. Reports
Full set: knowledge/dev/reports/architecture/pre-birth-pilot-dot-tools-permit-composite-rehearsal-2026-06-03/ (docs 00–14). This checkpoint is the MCP-readable short proof and may be used as SSOT.