01 — IU Limited-Production-Pilot Adoption Package

Turns the pilot operating protocol into an adoption package an operator can use today. IU Core is LIMITED-PRODUCTION-PILOT READY (tests a–f passed; bounded gate protocol live; durable governed run proven; DLQ replay proven). This package assumes gates remain closed by default and opened only inside the bounded gate protocol.

1. Scope & authority

• In scope: governed IU lifecycle on TEST/pilot-scoped units — create (draft), piece_split, piece_merge, retire, supersede, structure-op compose/reorder, link validate/resolve, DLQ replay drill, governed event emit.
• Out of scope (pilot): any 4 Mothers runtime, any Nuxt/UI, any Directus mutation, any vector write, any production publication hard-block, any production (non-test) review_decision mint.
• Authority to operate the pilot: an operator with SSH workflow_admin may run pilot ops on pilot-scoped units only under the gate protocol. Live adoption beyond drills (operating on real production IU) requires a separate adoption approval — see §11.

2. Operator pre-flight checklist (run every session)

1. SELECT fn_iu_gate_verify_closed(); → require all_safe=true, never_flip_intact=true, all_governed_closed=true.
2. Snapshot counts: information_unit, iu_relation, dot_iu_command_run, iu_gate_transition, dead_letter/route_attempt.
3. Confirm read channel role = context_pack_readonly; confirm apply identity = workflow_admin|directus.
4. Confirm no gate is currently open (SELECT count(*) FROM iu_gate_transition WHERE closed_at IS NULL; = 0).
5. Confirm iu_enact.allow_no_review_decision=false and iu_core.vector_sync_enabled=false (NEVER flip).

3. Allowed use cases (pilot GREEN)

• Read/inspect IU subtree, axes, links (fn_iu_subtree, axis filters, fn_iu_sql_link_validate).
• Compose/structure ops on pilot-scoped units behind iu_core.structure_ops_enabled opened via gate protocol.
• piece_split / piece_merge with a valid review_decision_id (test builder in pilot; FK-probed).
• retire / supersede (lifecycle) — both now in the gateway allowlist.
• DLQ replay drill on a dedicated test route (dry_run honored).
• Governed event emit behind piece_event_runtime.emit_enabled opened via gate protocol.

4. No-go cases (pilot RED — refuse and escalate)

• Flipping allow_no_review_decision or vector_sync_enabled — never, under any pressure.
• Opening a gate without an approval_id, or leaving any gate open at session end.
• Operating on real production publications without adoption approval (§11).
• Direct INSERT/UPDATE into information_unit bypassing fn_iu_create (gateway is enforced, block_after_guard).
• Minting a production (non-test) review_decision — that is a human/council/sovereign act (doc 06).
• Any Directus mutation, any Qdrant write, any law enactment.

5. Bounded gate protocol (the only way a gate opens)

1. Author an approval_id (test review_decision in pilot; real Đ32 approval in production).
2. SELECT fn_iu_gate_open(p_gate_key, p_approval_id, p_actor, p_reason, p_ttl_seconds); — ttl ≤ 3600.
3. Do the single scoped operation.
4. SELECT fn_iu_gate_close(p_gate_key, p_actor, p_reason); immediately.
5. SELECT fn_iu_gate_verify_closed(); → confirm closed.

• A watchdog force-closes expired gates, but never rely on it — close explicitly.
• Refused by design: 2 never-flip keys, non-governable keys, null approval_id, ttl > 3600.

6. Health checks

• Per-op: verify_closed before & after; row-count deltas match intent; audit row in dot_iu_command_run for each DOT call.
• Daily: gate_transition has 0 open rows; DLQ depth = 0 (or known/triaged); event_pending not growing unboundedly; never-flip intact.
• Weekly: review §9 evidence log; reconcile catalog/run growth; confirm no orphan/phantom/nhầm-chuồng IU introduced (anti-orphan structural checks pass).

7. Stop conditions (halt the pilot immediately)

• verify_closed returns all_safe=false or never_flip_intact=false.
• Any gate found open with no owning operation/approval.
• DLQ depth rising without a known cause; replay drill fails.
• Any unexpected mutation of information_unit row count outside a logged op.
• Any sign of a second/hidden KG SoT, or vector flag flipped.

8. Escalation path

1. Operator → freeze: close all gates, take a fresh verify_closed, snapshot counts.
2. Capture evidence (§9) and the exact failing statement.
3. Escalate to governance owner (council) with: gate state, deltas, DLQ depth, last 10 dot_iu_command_run rows.
4. No remediation that mutates production data without an approval; prefer fn_iu_retire over deletion (lifecycle, not destruction).

9. Audit / evidence requirements

• Every DOT op leaves a dot_iu_command_run row (actor, verified). Keep the run-id.
• Every gate open/close leaves an iu_gate_transition row (approval_id, ttl, actor, reason).
• Every lifecycle change leaves an iu_lifecycle_log row.
• Weekly evidence bundle = {verify_closed snapshots, gate_transition diff, run diff, DLQ depth series}.

10. Incident / DLQ handling

• Forced DLQ is reachable only via a dedicated test worker cursor + test route (dry_run=false); real routes stay enabled+dry_run=true.
• Replay via fn_iu_route_dead_letter_replay (gated by master routes gate, not by queue.dlq.replay_enabled for the drill path). Always drill with dry_run first.
• Resolve = replayed AND delivered AND verified. Never mark resolved on replay alone.

11. Live-adoption macro (separate approval required)

Operating the pilot on real production IU (not test/pilot-scoped units) is a distinct authorization. Adoption macro: IU_PILOT_LIVE_ADOPTION_RUN_300000X — preconditions: (a) Đ32 adoption approval row exists and is referenced; (b) operator named; (c) scope list of production canonical_addresses enumerated; (d) per-op gate protocol; (e) rollback = fn_iu_retire/supersede, never delete; (f) daily health report. Until that approval exists, the pilot runs on drills only.

12. Pilot success / fail criteria

Success (promote to broader production): 2 consecutive weeks with — zero stop-condition triggers; every gate opened was closed same-session; DLQ depth returns to 0 after each drill; 100% of ops have audit rows; no orphan/phantom IU; never-flip intact throughout. Fail (roll back to authority-pack mode): any never-flip violation; any gate left open across sessions; any unaudited mutation; any hidden-SoT detection.