FIX7 P0 - Production-Shaped Clone Rehearsal + CI Seal-vs-Bytes Gate Design Packet (2026-06-12)

Macro: FIX7_P0_PRODUCTION_SHAPED_CLONE_REHEARSAL_AND_CI_GATE_DESIGN_MACRO_2026_06_12 Delegated decision consumed: AUTHORIZE_PRODUCTION_SHAPED_CLONE_REHEARSAL_ONLY Final status: FIX7_P0_PRODUCTION_SHAPED_CLONE_REHEARSAL_READY_NOT_APPLIED

Production mutation: NO . REAL_RUN/QT001/cutover: NO . CI/deploy trigger: NO . secrets change: NO . live production contact: NO.

Why READY_NOT_APPLIED

All prior evidence is ready (rehearsal-only rollback READY, scoping READY, no-production execution APPLIED, hardened validator e6547e69..956c47 available). The one thing this macro needs to run the production-SHAPED clone rehearsal - an operator-provided production-shaped DB dump clone - does not exist. Disk and KB were searched; only unrelated local databases and the prior macro's already-disposed local toy clone were found. The macro's own rule applies: if no safe clone exists, stop at READY_NOT_APPLIED and specify the exact operator input. See clone-provenance.json.

What WAS done (clone-independent, all allowed)

• CI seal-vs-bytes gate DESIGNED off-production (ci-seal-vs-bytes-gate-design.md
  • reference checker ci_seal_vs_bytes_gate.py). --selftest proves the gate fails closed on sha mismatch, byte-length mismatch, em-dash/unicode drift, ensure_ascii JSON re-encode drift, BOM, CRLF, and missing file (7/7). No CI triggered. Result in ci-seal-vs-bytes-gate-selftest-result.json.
• Schema-compatibility spec (schema-compatibility.json): the production surface expectations a future clone MUST satisfy (birth_registry, registry row, approval fields, Directus/system_issues fields, IDs/hashes/timestamps, rollback anchor). Read-only from the governed inventory; no live schema read.
• Hardened validator proven ready (run_hardened_validator.py -> hardened-validator-result.json): local copy byte-exact to canonical e6547e69..956c47; --selftest PASS; fabricated no-mutation rollback fails closed. Rehearsal leg = NOT_APPLIED (no clone).
• Bad-input probes 10/10 fail closed (bad_input_probes.py -> bad-input-probes.json): clone-not-isolated, clone-points-to-production, clone-has-secrets, schema-mismatch-ignored, apply==before, rollback-not-restored, CI-seal-mismatch, unicode-byte-drift, production-PASS-from-clone, REAL_RUN/QT001/cutover-token; control allowed; no forbidden token leaked.
• Clone provenance & isolation (clone-provenance.json): verdict NO_SAFE_PRODUCTION_SHAPED_CLONE_AVAILABLE; exact operator input specified.
• Rehearsal/rollback evidence (clone-rehearsal-execution-evidence.json, clone-rollback-evidence.json): NOT_APPLIED (no clone); pattern already proven on the prior toy clone, production-shaped leg pending.
• Blocker map updated (updated-production-blocker-map.json): 7 OPEN; CI-SCOPE marked design-delivered (stays OPEN); rollback production-shaped leg still OPEN; OPERATOR-INPUT-1 narrowed to "production-shaped DB dump clone".

Reproduce

• commands.sh - runs validator selftest + probes + CI-gate selftest fresh and aggregates OVERALL PASS.
• RERUN.sh - re-runs the harnesses, regenerates the dynamic JSONs, recomputes HASH_MANIFEST.txt, and compares its sha256 to packet_tree.sha256.

Hard boundary

A clone rehearsal is not production execution; a CI gate design is not a wired CI gate. This packet authorizes nothing in production. Default remains HOLD_PRODUCTION. The 7 production blockers remain OPEN.