{ "doc": "fix7-p0-implementation-rollback-recovery-design", "date": "2026-06-11", "authority_of_this_doc": "PLANNING_NON_AUTHORITY; rollback DESIGN only; no rollback has been executed or proven", "rollback_proof_status": "NOT_YET_PROVEN", "rollback_proof_reason": "no implementation or dry-run has executed; rollback proof can only exist after a future dry-run/execution actually runs", "snapshot_requirements": [ "KB doc revisions captured (canonicalizer rev3 @ pinned revision; operative blueprint pre-state = absent)", "registry JSON rev + 00-index rev captured before any fold", "for any future production surface: full PG/Directus snapshot before any apply (separate authorization required)" ], "backup_artifacts": [ "pre-mutation sha256 of every target file", "P7 pin (9ddb27c3..34550) as the immutable identity to restore the canonicalizer body to", "packet_tree of this planning packet" ], "rollbacks": [ { "id": "RB-2", "surface": "operative blueprint doc (new)", "restore_path": "do not publish, or supersede the doc (additive; no production state)", "verification_after_rollback": "doc absent or marked superseded; no other doc references it", "who_approves": "owner/operator", "rollback_failure_handling": "if supersede fails, escalate; doc is non-production so no production risk" }, { "id": "RB-3", "surface": "canonicalizer operative-status marker", "restore_path": "revert the marker edit (single line); body must return to 38756 bytes / sha256 49c386a9..b734d0", "verification_after_rollback": "P7 verify_pin PASS on restored body", "who_approves": "owner/operator", "rollback_failure_handling": "if body hash != 49c386a9..b734d0 after revert -> TRUE_BLOCKER, halt, restore from snapshot revision" }, { "id": "RB-4", "surface": "governance addendum / registry fold", "restore_path": "addendum additive (delete addendum doc); canonical fold rollback = restore prior registry JSON/MD revision", "verification_after_rollback": "registry revision == pre-fold revision; no orphan", "who_approves": "owner/GPT", "rollback_failure_handling": "if fold partially applied, restore both registry JSON and MD to captured revisions atomically" }, { "id": "RB-PROD", "surface": "any production surface (PG/Directus/registry-row/system_issues/birth pipeline)", "restore_path": "snapshot/restore; TBD by owner/operator scoping (FIX7-P0-PLAN-SURFACE-1)", "verification_after_rollback": "production state byte/row-identical to snapshot", "who_approves": "owner/operator + separate production authorization", "rollback_failure_handling": "halt; no further apply until restore verified" } ], "rule": "no mutation may apply until its rollback path is VERIFIED (operating-skill 2-khoa); rollback proof is produced by a future dry-run/execution, never claimed in advance", "who_approves_rollback": "owner/operator (production: + separate authorization)" }