08 — IU Pilot Day-1 Adoption Package (executable)

Verdict: IU pilot Day 1 is EXECUTABLE today. IU Core is LIMITED-PRODUCTION-PILOT READY; all mutating runtime gates are closed and lifecycle/DLQ/gate protocols are proven. This is an operator runbook, not a design.

1. Scope (Day 1)

ALLOWED: read IU tree (fn_iu_subtree), axis filters (dot_iu_filter_axis_b/_subtree), sql-link validate/resolve (read), bounded governed compose/split/merge only inside the gate protocol with a real review_decision, KG read via v_kg_edges_all. FORBIDDEN Day 1: flipping any never-flip gate; delivery_enabled/emit_enabled outside the protocol whitelist; vector sync; any 4 Mothers runtime; Directus writes.

2. Channels

• Read: MCP query_pg (role context_pack_readonly, READ ONLY, AST-validated, 5s timeout, LIMIT 500).
• Write/gate: ssh contabo → docker exec -i postgres psql -U workflow_admin -d directus. Method: dress-rehearse in BEGIN..ROLLBACK → COMMIT small → verify in a fresh connection.

3. Day-1 operator commands

1. Open: SELECT * FROM fn_iu_gate_verify_closed(); → confirm all_safe=true, never_flip_intact=true.
2. Baseline counts: iu / iu_relation / dot_iu_command_run / gate_transition / dlq.
3. Read work: fn_iu_subtree(<root>), axis filters, fn_iu_sql_link_validate_all().
4. Governed mutation (if needed): open gate via fn_iu_gate_open(<key>,<approval_id>,<ttl≤3600>) → operate on cloned/test scope → fn_iu_gate_close → fn_iu_gate_verify_closed().
5. Never flip iu_enact.allow_no_review_decision or iu_core.vector_sync_enabled.

4. Health checks (run hourly / on change)

• fn_iu_gate_verify_closed().all_safe = true (PRIMARY).
• dot_iu_command_run growth matches actions; audit actor present.
• gate_transition has no stuck-open rows past TTL (watchdog should force-close).
• DLQ depth = 0 (or known/triaged); iu_relation provenance non-NULL (Điều 39).

5. Stop conditions (halt + escalate)

• Any is_safe=false in gate verify, or a never-flip gate non-false.
• A gate left open past TTL the watchdog didn't close.
• Unexpected row-count drift in information_unit / iu_relation.
• Any Directus/vector/queue activity (should be impossible — indicates breach).

6. Incident procedure

1. Stop all writes. 2. fn_iu_gate_verify_closed() + snapshot counts. 3. If a gate is open: fn_iu_gate_close (or watchdog). 4. Roll back the offending tx via its documented rollback. 5. Record evidence (§7). 6. Escalate to council if a never-flip gate moved or certification was bypassed.

7. Evidence path

KB: knowledge/dev/reports/operations/iu-pilot/<date>/ — per-action: SQL, before/after counts, gate-verify output, operator id, outcome.

8. Daily closeout

• Re-run gate verify (all_safe=true), confirm counts reconcile, DLQ triaged, all opened gates closed, evidence filed. Tag day PASS / PARTIAL / BLOCKED.

9. PASS/PARTIAL/BLOCKED criteria

• PASS: all planned reads/governed-mutations done, gates closed, zero never-flip movement, evidence filed.
• PARTIAL: some work deferred but invariants intact.
• BLOCKED: a stop condition fired; pilot paused pending council.

10. Live pilot control rows — note

Pilot control rows were not created live (they'd require a governed pilot-control collection birth — same meta_catalog cascade/guard concern as G1). Run Day 1 from this runbook + the evidence KB path; create a control collection only in a human birth window if persistent tracking is desired.