{ "doc": "fix7-p0-shaped-clone-provenance", "date": "2026-06-12", "macro": "FIX7_P0_PRODUCTION_SHAPED_CLONE_REHEARSAL_AND_CI_GATE_DESIGN_MACRO_2026_06_12", "delegated_decision_consumed": "AUTHORIZE_PRODUCTION_SHAPED_CLONE_REHEARSAL_ONLY", "method": "Searched local disk (/Users/nmhuyen, /tmp, /private/tmp) and the governed KB for any safe, operator-provided production-shaped clone/dump. No live production system was contacted.", "live_production_contact": false, "table_A_clone_provenance": [ { "candidate_clone": "operator-provided production-shaped DB dump clone", "source": "operator (would be a pg_dump / restored copy of the production-shaped schema)", "production_shaped": "REQUIRED", "isolated": "REQUIRED", "contains_secrets": "MUST_BE_NO", "allowed": "WOULD_BE_ALLOWED", "present": false, "note": "NOT PROVIDED in this session. This is the missing input that gates the rehearsal." }, { "candidate_clone": "prior-macro ephemeral local sqlite toy (birth_registry 3-row + executor model)", "source": "fix7-p0-production-rehearsal-only-rollback macro (2026-06-12); mktemp under /private/tmp, created and disposed inside that macro", "production_shaped": false, "isolated": true, "contains_secrets": false, "allowed": "ALLOWED_BUT_INSUFFICIENT", "present": false, "note": "Proved the rollback PATTERN with zero production risk, but it is a hand-built toy, NOT production-shaped, and it was disposed. It does not satisfy the production-shaped requirement of this macro." }, { "candidate_clone": "unrelated local databases found on disk (.codex/*.sqlite, .gemini conversations, gcloud *.db, playwright first_party_sets.db, Documents/Manual Deploy/mpc_local.db)", "source": "local application state, unrelated to FIX7 / birth_registry / Directus", "production_shaped": false, "isolated": "n/a", "contains_secrets": "some are credential stores (gcloud) - MUST NOT be used", "allowed": false, "present": true, "note": "None is a FIX7 production-shaped clone. Some are credential stores and are explicitly NOT used." }, { "candidate_clone": "live production PG / Directus / VPS", "source": "production", "production_shaped": true, "isolated": false, "contains_secrets": true, "allowed": false, "present": "n/a", "note": "FORBIDDEN by this macro. Not contacted." } ], "verdict": "NO_SAFE_PRODUCTION_SHAPED_CLONE_AVAILABLE", "isolation_proven": "N/A_NO_CLONE_TO_PROVE", "secrets_exposed_or_used": false, "exact_operator_input_needed": { "blocker": "FIX7-P0-OPERATOR-INPUT-1 / FIX7-P0-DRYRUN-PROD-ROLLBACK-1 (production leg)", "item": "an operator-provided production-shaped, secret-free, isolated DB dump clone of the birth surface", "must_contain": [ "birth_registry table shape matching production (columns, types, PK)", "registry-row expectations (object id, status fields)", "approval fields (e.g. os_proposal_approvals) as modeled in production", "Directus-related expected fields IF the birth surface writes Directus rows", "system_issues-related expected fields IF modeled", "required IDs / hashes / timestamps used by the birth surface", "rollback fields / snapshot anchor needed to prove restore" ], "must_not_contain": [ "production secrets / credentials / connection strings to live hosts", "any pointer that resolves to a live production host" ], "delivery": "place the dump at an operator-named path and confirm it is a sanitized, non-production copy; this macro then proves snapshot -> apply -> rollback -> restore on it under the hardened validator, still with no production contact", "actor": "operator (+ this is rehearsal-only; production still needs OPT-4 + distinct prod-rollback grant separately)" }, "production_mutation": false, "real_run": false, "qt001": false, "cutover": false, "ci_triggered": false }