FIX7 P0 — Production-Shaped Clone Rehearsal & CI Seal-vs-Bytes Gate Design — Report (2026-06-12)
FIX7 P0 - Production-Shaped Clone Rehearsal & CI Seal-vs-Bytes Gate Design - Report (2026-06-12)
Macro: FIX7_P0_PRODUCTION_SHAPED_CLONE_REHEARSAL_AND_CI_GATE_DESIGN_MACRO_2026_06_12
Authorization: GPT-delegated AUTHORIZE_PRODUCTION_SHAPED_CLONE_REHEARSAL_ONLY.
Final status: FIX7_P0_PRODUCTION_SHAPED_CLONE_REHEARSAL_READY_NOT_APPLIED
| check | verdict |
|---|---|
| Production mutation | NO |
| REAL_RUN / QT001 / cutover | NO |
| CI / deploy trigger | NO |
| Secrets / credentials changed | NO |
| Live production contact (PG/Directus/VPS) | NONE |
| Safe production-shaped clone available | NO (operator input missing) |
| Clone rehearsal performed | NO (no clone) |
| Schema compatibility | SPECIFIED as the clone requirement (no clone to check) |
| Hardened validator | byte-exact e6547e69..956c47, selftest PASS, neg-control fail-closed |
| CI seal-vs-bytes gate | DESIGNED off-production (7/7 drift classes fail closed) |
| Bad-input probes | 10/10 fail closed, control allowed, no token leak |
| Production blockers | 7 OPEN |
| Decision | default HOLD_PRODUCTION, nothing selected |
1. Why READY_NOT_APPLIED (the honest outcome)
This macro's central act - proving the birth/rollback flow on a production-shaped (but isolated) clone - requires an input that does not exist: an operator-provided production-shaped DB dump clone. Per the macro's own rule ("If no safe clone exists: stop at READY_NOT_APPLIED; specify exact operator input needed"), the rehearsal legs are NOT_APPLIED.
I verified the input is genuinely absent. Local disk (/Users/nmhuyen, /tmp,
/private/tmp) and the governed KB were searched. What exists is only: (a) unrelated
local databases (codex, gemini, gcloud credential stores, playwright) - none FIX7,
some are secret stores and were not used; and (b) the prior macro's local sqlite
toy clone, which was a hand-built 3-row birth_registry, not production-shaped,
and was already disposed. No production-shaped clone, dump, restored copy, staging
clone, or sanitized fixture is present. See clone-provenance.json.
Everything else the macro permits without a clone was completed.
2. Workstream A - clone isolation & provenance (Table A)
Verdict NO_SAFE_PRODUCTION_SHAPED_CLONE_AVAILABLE. No live production was
contacted; no secrets were exposed or used. The exact operator input is specified:
a production-shaped, secret-free, isolated DB dump clone of the birth surface,
whose schema satisfies the spec in schema-compatibility.json, delivered at an
operator-named path with confirmation it is a sanitized non-production copy.
3. Workstream B - schema & surface compatibility (Table B)
With no clone, schema-compatibility.json is produced as the requirement spec a
future clone must satisfy, taken read-only from the governed production-surface
inventory (no pg_schema/query_pg/directus call): birth_registry shape,
registry-row expectations, approval fields (os_proposal_approvals, the Tier-0 gate
db=directus AND os_proposal_approvals>=1), Directus fields (if the birth surface
writes Directus), system_issues fields (if modeled), required IDs/hashes/timestamps,
and a rollback/snapshot anchor. Each "clone has?" is N/A_NO_CLONE; classification is
BLOCKER_INPUT_MISSING, not a design defect.
4. Workstream C - rehearsal & rollback (NOT_APPLIED) + hardened validator (PASS)
No rehearsal mutation was performed (no isolated clone). before / after_apply /
after_rollback are N/A_NO_CLONE (clone-rehearsal-execution-evidence.json,
clone-rollback-evidence.json). The snapshot->apply->rollback->restore pattern
was already proven byte/row-exact on the prior toy clone; the production-shaped leg is
what remains.
What I could prove without a clone, and did: the mandatory hardened validator
(hardened_dryrun_validator.py) is byte-exact to canonical
e6547e69..956c47; its --selftest PASSes; and a fabricated no-mutation rollback
(after_apply == before) fails closed with ROLLBACK_APPLY_DID_NOT_MUTATE
(hardened-validator-result.json, overall PASS_VALIDATOR_READY_REHEARSAL_NOT_APPLIED).
5. Workstream D - CI seal-vs-bytes gate design (delivered, off-production)
ci-seal-vs-bytes-gate-design.md (Table C) plus a runnable reference checker
ci_seal_vs_bytes_gate.py close the design portion of FIX7-P0-PROD-CI-SCOPE-1.
The gate seals the P7-pinned canonicalizer body (49c386a9..b734d0, 38756 bytes), the
hardened validator (e6547e69..), and the operative blueprint; stores expected
sha256 + byte length in a committed seal-manifest.sha256; and verifies by hashing
raw on-disk bytes with no decode/re-encode/re-serialize step. The selftest proves
fail-closed on edited content, em-dash / Unicode drift, ensure_ascii JSON
re-encode drift (the earlier byte issue), BOM, CRLF, and missing file - 7/7 - while
passing only on byte-identical content (ci-seal-vs-bytes-gate-selftest-result.json).
No CI was triggered and no production was wired. The blocker stays OPEN pending the
owner's decision to adopt and the operator's off-production wiring + review.
6. Workstream E - bad-input probes (10/10 fail closed)
bad_input_probes.py -> bad-input-probes.json: clone-not-isolated,
clone-points-to-production, clone-contains-secrets, schema-mismatch-ignored,
apply==before, rollback-not-restored, CI-seal-mismatch, Unicode-byte-drift,
production-PASS-from-clone, REAL_RUN/QT001/cutover-token - all reject (fail closed);
the valid isolated-clone control is allowed; any_fail_open=false; no
PRODUCTION_PASS/REAL_RUN/CUTOVER/seal token leaked.
7. Workstream F - updated decision packet (default HOLD)
fix7-p0-owner-gpt-production-decision-packet-after-shaped-clone-rehearsal-2026-06-12.md
re-states the four options (HOLD / DRYRUN_ONLY / REALRUN_PRECHECK_ONLY / EXECUTION),
default HOLD_PRODUCTION, nothing selected. The single highest-leverage next step is
not a production option - it is the operator providing the production-shaped clone
so the rollback production-shaped leg can be proven off-production.
8. Evidence
Packet fix7-p0-production-shaped-clone-rehearsal-ci-gate-packet-2026-06-12/,
packet_tree 2fa3d54e9d8335518c7974e1e6b99616344bcb743d3dc794d7858322b53c46da,
21 files, commands.sh OVERALL PASS, RERUN.sh PASS (PACKET_TREE MATCH), exit codes
all zero. Objects TKT-OBJ-495..507 registered via standalone addendum
(APPLY_NOW=NO, above ceiling 494, NOT folded).
9. Remaining blockers & minimal next macro
7 OPEN: FIX7-P0-PROD-BIRTH-SURFACE-1, FIX7-P0-PROD-CI-SCOPE-1 (design delivered,
stays open), FIX7-P0-DRYRUN-PROD-ROLLBACK-1 (production-shaped leg open),
FIX7-P0-PLAN-REALRUN-1, FIX7-P0-PLAN-SEPARATE-AUTH-1, FIX7-P0-PROD-OPT4-1,
FIX7-P0-OPERATOR-INPUT-1 (narrowed to "production-shaped DB dump clone").
Minimal next macro: owner/operator production decision (default HOLD). If not HOLD, operator provides the production-shaped, secret-free, isolated DB dump clone; a separately-authorized lane proves snapshot/restore on it under the hardened validator (still no production contact) before any production OPT-4 / REAL_RUN / QT001 / cutover. CI gate adoption is a separate owner decision.