KB-3DA3
48 — GCOS Author-Mode Rehearsal Prompt Pack (7 paste-ready BEGIN..ROLLBACK prompts, no build execution, entry==exit, COMMIT forbidden w/o human approval, design-only, 2026-06-01)
28 min read Revision 1
one-roof-governanceimplementation-indexgcosrehearsal-prompt-packauthor-modebegin-rollbackentry-equals-exitcommit-forbiddensb-10sb-11sb-12sb-13register-before-emitt6-t7-patchrollback-verificationoperator-handoffread-only-preflightno-mutationbuild-no-godesign-only2026-06-01
48 — GCOS Author-Mode Rehearsal Prompt Pack
Path:
knowledge/dev/reports/architecture/one-roof-governance-technical-addendum-and-implementation-index-2026-06-01/Doc: 48. Role: Seven paste-ready prompts for FUTURE author-mode rehearsals of the GCOS substrate. These prompts are not executed by this mission. They are prepared so a future operator/agent can rehearseBEGIN..ROLLBACKsafely, proveentry==exit, and never commit without separate human approval. Status: PROMPT PACK ONLY. Zero mutation by this doc. Each prompt, when run, is author-mode rehearsal ending inROLLBACK— it must leave the database byte-identical to entry. No prompt authorizes COMMIT. Date: 2026-06-01.
48.0 How to use this pack (read before running any prompt)
- Read channels. Read-only pre-flight and post-checks use the
query_pgMCP tool (AST-validated, READ ONLY, 5 s timeout, 500-row LIMIT — it cannot run DDL/DML). TheBEGIN..ROLLBACKrehearsal of DDL/DML requires the author-mode operator channel:ssh contabo→docker exec -it postgres psql -U workflow_admin -d directus(per doc 19 operator handoff). The read-only role (context_pack_readonly) cannot rehearse DDL; the operator role can, but every rehearsal ends inROLLBACK. - Build is NO-GO. A rehearsal proves the DDL is reversible and additive; it is not a build.
os_proposal_approvals = 0 ⇒ COMMIT_FORBIDDEN. No prompt may be turned into a build by replacingROLLBACKwithCOMMITunless all of doc 49's gates pass AND a named human sovereign approval is recorded (os_proposal_approvals > 0). - Entry==Exit. Every rehearsal captures a pre-state snapshot (table existence + key counts) and a post-state snapshot after
ROLLBACK, and asserts they are identical. A rehearsal that cannot proveentry==exithas FAILED and must be reported, not retried blindly. - Live wins. Each prompt re-verifies live PG first (the doc 45 §3 corrections, especially
birth_registrysize, table absence,os_proposal_approvals, and the int-vs-uuid watermark types). Use the current live numbers, not the printed ones. - DDL is representative. Finalize exact column lists from the cited detailed-design doc at run time (SB-12→doc 38, SB-13→doc 39, SB-10→doc 40, SB-11→doc 41). The prompts pin the shape, keys, and reversibility, not every column.
48.1 Prompt 1 — SB-12 (snapshot + ruleset registry) BEGIN..ROLLBACK rehearsal
MISSION: SB-12 AUTHOR-MODE REHEARSAL (BEGIN..ROLLBACK, NO COMMIT)
Effort: high. Execution class: author-mode reversibility rehearsal. Host: contabo. DB: docker `postgres`, database `directus`.
0. STATE RECOVERY (read first, in order):
- knowledge/dev/laws/prompt-muc-tieu-mo-for-claude-code.md
- .../one-roof-governance-technical-addendum-and-implementation-index-2026-06-01/45-gcos-consolidated-build-index-and-crossrefs.md
- .../42-gcos-substrate-integration-and-build-readiness.md
- .../38-sb12-source-snapshot-ruleset-version-detailed-design.md
- .../46-c7-input-trust-ruleset-owner-backfill-deadline-decision-packet.md (C-7.2/C-7.3)
State: controlling package, what is complete, what is NO-GO. Do not ask for prior chat.
1. HARD GATE 0: no COMMIT; no Directus/Qdrant/Nuxt mutation; no DOT/event registration; no emit; no approval/self-approval; no law/version/status change. Rehearsal ends in ROLLBACK.
2. LIVE RE-VERIFY (read-only, query_pg, database=directus):
a. SELECT to_regclass('public.governance_ruleset') ; -- expect NULL (absent)
b. SELECT count(*) FROM evolution_snapshots ; -- expect ~1 (reuse target, zero schema change)
c. SELECT count(*) total, count(*) FILTER (WHERE enabled) enabled FROM measurement_registry ; -- expect 142/140; this drives ruleset_version hash
d. SELECT count(*) FROM os_proposal_approvals ; -- expect 0 => COMMIT_FORBIDDEN
Record actual values. If governance_ruleset already exists, STOP and report (not greenfield).
3. PRE-STATE SNAPSHOT (read-only): record { to_regclass('governance_ruleset'), count(evolution_snapshots), count(measurement_registry) }.
4. AUTHOR-MODE REHEARSAL (operator channel: ssh contabo -> docker exec -it postgres psql -U workflow_admin -d directus). Run as ONE transaction, end with ROLLBACK:
BEGIN;
-- (Option B default per doc 38 §38.3; finalize columns from doc 38)
CREATE TABLE governance_ruleset (
ruleset_version text PRIMARY KEY, -- 'gov-rs-' || left(sha256(canonical_json(...)),12)
content_hash text NOT NULL,
status text NOT NULL DEFAULT 'draft', -- draft|active|superseded
owner_gov_code text, -- owner = GOV-COUNCIL per C-7.2 (nullable until ruled)
activated_at timestamptz,
activated_by text,
components jsonb NOT NULL DEFAULT '{}'::jsonb, -- {measurement_ids, profile, axis, scope} provenance
created_at timestamptz NOT NULL DEFAULT now()
);
-- reuse evolution_snapshots for the source snapshot (NO new table): rehearse one governance snapshot row
INSERT INTO evolution_snapshots (snapshot_at, scope, metrics, delta_previous, notes)
VALUES (now(), 'governance.backfill', '{}'::jsonb, '{}'::jsonb, 'SB-12 rehearsal — ROLLBACK');
-- prove no-law-write: assert these are untouched (read inside txn)
-- SELECT count(*) FROM normative_registry; SELECT count(*) FROM law_catalog; (unchanged)
ROLLBACK;
5. POST-STATE SNAPSHOT (read-only) and ENTRY==EXIT assertion: re-run step 3; assert
to_regclass('governance_ruleset') IS NULL (table gone after ROLLBACK) AND count(evolution_snapshots) unchanged AND count(measurement_registry) unchanged.
6. SUCCESS CRITERIA (all must hold):
- governance_ruleset created then fully removed by ROLLBACK (DROP-equivalent reversibility proven).
- No row persisted in evolution_snapshots / normative_registry / law_catalog / governance_docs (byte-identical; doc 38 §38.10 #4).
- ruleset_version hash recipe (doc 38 §38.5: 140 enabled measurement rows ⊕ profile ⊕ axis ⊕ scope, canonical ordering, absent-component marker) documented; NOT activated (status='draft').
- os_proposal_approvals still 0 => no COMMIT performed.
- Entry==Exit proven. Report: live values, pre/post snapshots, ROLLBACK transcript, gate status. COMMIT remains NO-GO (needs C-7.2/C-7.3 + sovereign + os_proposal_approvals>0).
48.2 Prompt 2 — SB-13 (worker-cursor family) BEGIN..ROLLBACK rehearsal
MISSION: SB-13 AUTHOR-MODE REHEARSAL (BEGIN..ROLLBACK, NO COMMIT)
Effort: high. Host: contabo. DB: docker `postgres`, database `directus`.
0. STATE RECOVERY: muc-tieu-mo law; docs 45, 42, 39 (SB-13). State controlling/complete/NO-GO. No prior-chat questions.
1. HARD GATE 0: no COMMIT; no worker start; no cron; no emit; no approval; no law/version change. Ends in ROLLBACK.
2. LIVE RE-VERIFY (read-only):
a. SELECT to_regclass('public.gov_worker_cursor'); -- expect NULL
b. SELECT count(*) FROM iu_route_worker_cursor; -- expect 1 (shape anchor)
c. SELECT count(*) FROM queue_heartbeat; -- expect 3 (reuse lease/heartbeat)
d. SELECT count(*) FROM event_pending; -- expect 0 (reuse retry/DLQ lane)
e. -- CRITICAL watermark-type check (the SB-13 correction):
SELECT table_name, column_name, data_type FROM information_schema.columns
WHERE table_schema='public' AND
((table_name='birth_registry' AND column_name='id') OR
(table_name='registry_changelog' AND column_name='id') OR
(table_name='iu_route_worker_cursor' AND column_name='last_event_id') OR
(table_name='event_outbox' AND column_name='id'));
-- expect birth_registry.id=integer, registry_changelog.id=integer, iu_route_worker_cursor.last_event_id=uuid, event_outbox.id=uuid
f. SELECT count(*) FROM os_proposal_approvals; -- expect 0
Record values. If gov_worker_cursor exists, STOP (not greenfield).
3. PRE-STATE SNAPSHOT: { to_regclass('gov_worker_cursor'), count(queue_heartbeat), count(event_pending), count(iu_route_worker_cursor) }.
4. AUTHOR-MODE REHEARSAL (operator psql -U workflow_admin), ONE transaction, ROLLBACK:
BEGIN;
CREATE TABLE gov_worker_cursor (
worker_name text NOT NULL,
source text NOT NULL, -- 'birth_registry' | 'registry_changelog' | 'event_outbox' | ...
event_domain text NOT NULL DEFAULT 'governance',
last_watermark_ts timestamptz, -- born_at / changelog.timestamp / occurred_at
last_watermark_id text, -- TYPE-GENERALIZED: int->text, uuid->text (doc 39 §39.4 correction)
events_seen bigint NOT NULL DEFAULT 0,
attempts_written bigint NOT NULL DEFAULT 0,
dead_lettered bigint NOT NULL DEFAULT 0,
phase text, -- seeding|reconciling|incremental (backfill worker)
updated_at timestamptz NOT NULL DEFAULT now(),
PRIMARY KEY (worker_name, source)
);
-- reuse queue_heartbeat for the 5 governance workers' lease/heartbeat (rehearse insert)
INSERT INTO queue_heartbeat (worker_name, worker_kind, lease_owner, current_job_id, last_tick_at, last_tick_status)
VALUES ('gov_backfill_sweep','PG_worker', NULL, NULL, now(), 'ok');
-- prove the keyset predicate works for BOTH int and uuid sources (read inside txn, no write):
-- int source: SELECT id FROM birth_registry WHERE (born_at,id) > (NULL, 0) ORDER BY born_at, id LIMIT 5;
-- uuid source: SELECT id FROM event_outbox ORDER BY occurred_at, id LIMIT 5;
ROLLBACK;
5. POST-STATE + ENTRY==EXIT: re-run step 3; assert gov_worker_cursor gone, queue_heartbeat count unchanged, event_pending=0, iu_route_worker_cursor=1.
6. SUCCESS CRITERIA:
- gov_worker_cursor created then removed by ROLLBACK; queue_heartbeat governance rows removed by ROLLBACK.
- last_watermark_id is text (type-generalized); keyset predicate verified against an int source (birth/changelog) AND a uuid source (outbox) — both return rows without type error.
- 5 worker rows (gov_backfill_sweep, gov_handoff_intake, gov_input_gate, gov_candidate_scan, gov_periodic_full_audit) modeled; no worker started.
- os_proposal_approvals still 0; no COMMIT. Entry==Exit proven. Report as in Prompt 1 §6.
48.3 Prompt 3 — SB-10 (candidate-state store) BEGIN..ROLLBACK rehearsal
MISSION: SB-10 AUTHOR-MODE REHEARSAL (BEGIN..ROLLBACK, NO COMMIT) — GCOS KEYSTONE
Effort: high. Host: contabo. DB: docker `postgres`, database `directus`.
0. STATE RECOVERY: muc-tieu-mo law; docs 45, 42, 40 (SB-10), 34 (Branch D), 38 (SB-12 dep), 39 (SB-13 dep). State controlling/complete/NO-GO.
NOTE dependency: SB-10 consumes SB-12 (snapshot/ruleset) + SB-13 (cursors). Rehearse SB-12 + SB-13 FIRST (Prompts 1,2) or in the combined Prompt 5.
1. HARD GATE 0: no COMMIT; no emit; no approval; no law/version change; no checked-forever boolean. Ends in ROLLBACK.
2. LIVE RE-VERIFY (read-only):
a. SELECT to_regclass('public.governance_candidate_state'),
to_regclass('public.governance_candidate_object'),
to_regclass('public.candidate_scan_run'); -- expect all NULL
b. SELECT count(*) total, count(canonical_address) non_null_canon FROM birth_registry;
-- expect ~1.04M total, non_null_canon = 0 => candidate_key = collection_name||':'||entity_code (doc 40 §40.5)
c. SELECT refresh_strategy, count(*) FROM derived_objects_registry GROUP BY refresh_strategy; -- model precedent (3 modes)
d. SELECT count(*) FROM os_proposal_approvals; -- expect 0
Record. If any candidate table exists, STOP (not greenfield).
3. PRE-STATE SNAPSHOT: { to_regclass of the 3 candidate tables, count(birth_registry) }.
4. AUTHOR-MODE REHEARSAL (operator psql -U workflow_admin), ONE transaction, ROLLBACK:
BEGIN;
CREATE TABLE governance_candidate_state ( -- GROUP grain (modeled on derived_objects_registry)
group_key text NOT NULL,
ruleset_version text NOT NULL, -- FK-semantics -> governance_ruleset (SB-12)
source_snapshot_ref bigint, -- FK-semantics -> evolution_snapshots (SB-12)
candidate_verdict text NOT NULL, -- relevant|not_relevant|class_0|deferred_birth|retired|needs_input|unknown
input_quality_state text, -- doc 33 §4 (10 states)
recompute_status text NOT NULL DEFAULT 'ok', -- ok|stale|failed
dirty boolean NOT NULL DEFAULT false,
dirty_reason text,
dirtied_at timestamptz,
scan_time timestamptz NOT NULL DEFAULT now(),
stale_after timestamptz, -- = scan_time + ttl(risk_class)
evidence_fingerprint text,
last_run_id text,
audit_ref text,
PRIMARY KEY (group_key, ruleset_version)
-- DELIBERATELY NO is_governed / checked boolean (doc 40: clean = recompute_status='ok' AND NOT dirty AND now()<stale_after AND ruleset_version=current)
);
CREATE TABLE governance_candidate_object ( -- OPTIONAL; materialize only for the 4 criteria (doc 40 §40.6)
candidate_key text NOT NULL, -- COALESCE(canonical_address, collection_name||':'||entity_code)
ruleset_version text NOT NULL,
group_key text NOT NULL,
materialization_reason text NOT NULL, -- indep_authoritative|open_finding|exception|high_risk_write
issue_ref bigint,
lifecycle_status text NOT NULL DEFAULT 'active',
scan_time timestamptz NOT NULL DEFAULT now(),
PRIMARY KEY (candidate_key, ruleset_version)
);
CREATE TABLE candidate_scan_run ( run_id text PRIMARY KEY, started_at timestamptz, finished_at timestamptz, scope text, counts jsonb );
-- prove Δrows=0 inheritance: a group row represents 10^6 inherited children with no per-child rows (read-only reasoning).
ROLLBACK;
5. POST-STATE + ENTRY==EXIT: re-run step 3; assert all 3 candidate tables NULL again; birth_registry count unchanged.
6. SUCCESS CRITERIA:
- 3 tables created then removed by ROLLBACK (reversible, greenfield).
- NO is_governed/checked boolean column exists (grep the CREATE; doc 40). Verdict is the decaying triple (snapshot, ruleset, scan_time).
- candidate_key uses COALESCE(canonical_address, collection_name||':'||entity_code) (canonical_address NULL-correction proven by step 2b).
- object table materializes only for the 4 criteria; group-grain default proven (Δrows=0).
- os_proposal_approvals still 0; no COMMIT. Entry==Exit proven. Report as Prompt 1 §6.
48.4 Prompt 4 — SB-11 register-before-emit rehearsal (0 new tables; active=false; ZERO emit)
MISSION: SB-11 REGISTER-BEFORE-EMIT REHEARSAL (BEGIN..ROLLBACK, NO COMMIT, NO EMIT)
Effort: high. Host: contabo. DB: docker `postgres`, database `directus`.
0. STATE RECOVERY: muc-tieu-mo law (incl. Điều 45 Queue Law); docs 45, 42, 41 (SB-11), 24 (T7 taxonomy). State controlling/complete/NO-GO.
1. HARD GATE 0: no COMMIT; NO EMIT to event_outbox; no DOT registration; no approval; no law change. Register rows go in active=false ONLY, then ROLLBACK. Điều 45: register-before-emit, queue carries signal not data, event≠job, MOT-not-executor, silent-gap heartbeat.
2. LIVE RE-VERIFY (read-only):
a. SELECT event_domain, count(*) total, count(*) FILTER (WHERE active) active FROM event_type_registry GROUP BY event_domain ORDER BY event_domain;
-- expect NO 'governance' domain; mother 9/0-active is the register-but-inactive precedent
b. SELECT count(*) FROM event_outbox; -- record baseline; MUST be unchanged at exit (zero emit)
c. SELECT count(*) FROM event_pending, event_read, event_subscription; -- 0 / ~182k / 3
d. SELECT count(*) FROM os_proposal_approvals; -- expect 0
Record. SB-11 = 0 NEW TABLES (doc 41): pure reuse.
3. PRE-STATE SNAPSHOT: { count(event_type_registry) overall and WHERE event_domain='governance', count(event_outbox) }.
4. AUTHOR-MODE REHEARSAL (operator psql -U workflow_admin), ONE transaction, ROLLBACK. NO CREATE TABLE (0 new tables). Rehearse registering the governance domain rows ACTIVE=FALSE:
BEGIN;
INSERT INTO event_type_registry (event_domain, event_type, event_stream, delivery_lane, default_severity, description, active)
VALUES
('governance','handoff.object_born','governance','deferred','info','GCOS handoff', false),
('governance','backfill.sweep_completed','governance','deferred','info','GCOS backfill heartbeat', false),
('governance','input.untrusted_source','governance','deferred','medium','GCOS input gate', false),
('governance','candidate.scan_completed','governance','deferred','info','GCOS candidate heartbeat', false),
('governance','coverage.scan_completed','governance','deferred','info','T6 coverage heartbeat', false);
-- (full set: handoff.* / backfill.* / input.* / candidate.* / coverage.* — finalize from docs 24/31/32/33/34)
-- ASSERT ZERO EMIT: event_outbox count inside txn must equal baseline (no INSERT into event_outbox).
-- SELECT count(*) FROM event_outbox; -- == step 2b baseline
ROLLBACK;
5. POST-STATE + ENTRY==EXIT: re-run step 3; assert event_type_registry has 0 governance rows again, event_outbox count == baseline (proves ZERO emit), no new tables.
6. SUCCESS CRITERIA:
- governance domain rows registered active=false then removed by ROLLBACK; ZERO rows ever active=true; ZERO event_outbox emit.
- 0 new tables created (pure reuse; no second bus/store — no-island, doc 41/42 §42.8).
- Register-before-emit proven: rows exist (inactive) before any emit is even possible.
- os_proposal_approvals still 0; no COMMIT. Entry==Exit proven. Report as Prompt 1 §6.
48.5 Prompt 5 — Combined GCOS substrate rehearsal (SB-12 → SB-13 → SB-10 → SB-11, one ROLLBACK)
MISSION: COMBINED GCOS SUBSTRATE AUTHOR-MODE REHEARSAL (BEGIN..ROLLBACK, NO COMMIT)
Effort: xhigh. Host: contabo. DB: docker `postgres`, database `directus`.
0. STATE RECOVERY: muc-tieu-mo law; docs 45, 42 (build order/dependency/gate/rollback), 38, 39, 40, 41, 46 (C-7). State controlling/complete/NO-GO. Build order = SB-12 → SB-13 → SB-10 → SB-11 (doc 42).
1. HARD GATE 0: no COMMIT; no emit; no worker start; no cron; no approval/self-approval; no law/version change. ONE transaction across all four blockers, end ROLLBACK.
2. LIVE RE-VERIFY (read-only) — full doc 45 §3 block:
- to_regclass for all of: governance_ruleset, gov_worker_cursor, governance_candidate_state, governance_candidate_object, candidate_scan_run (expect all NULL — 4 additive tables, 1 optional).
- birth_registry: count(*) , count(canonical_address)=0 .
- event_type_registry: no 'governance' domain. event_outbox baseline count.
- measurement_registry 142/140. evolution_snapshots ~1. os_proposal_approvals = 0.
If ANY target table exists, STOP (not greenfield).
3. PRE-STATE SNAPSHOT: existence of the 5 target tables + counts of event_type_registry(governance)=0, event_outbox baseline, evolution_snapshots, queue_heartbeat, measurement_registry, birth_registry.
4. AUTHOR-MODE REHEARSAL (operator psql -U workflow_admin), ONE transaction, ROLLBACK, in dependency order:
BEGIN;
-- 1) SB-12: governance_ruleset (Option B) + reuse evolution_snapshots (insert one governance snapshot row)
-- (DDL/insert from Prompt 1 §4)
-- 2) SB-13: gov_worker_cursor (type-generalized text watermark) + reuse queue_heartbeat rows
-- (DDL/insert from Prompt 2 §4)
-- 3) SB-10: governance_candidate_state (+ optional object table + scan_run), NO checked-forever boolean
-- (DDL from Prompt 3 §4; FK-semantics to SB-12 ruleset_version + snapshot_ref)
-- 4) SB-11: register governance event_type_registry rows ACTIVE=FALSE; ZERO event_outbox emit
-- (insert from Prompt 4 §4)
-- Cross-checks inside txn: candidate_state.ruleset_version resolvable to governance_ruleset; ZERO emit; no law tables touched.
ROLLBACK;
5. POST-STATE + ENTRY==EXIT: re-run step 3; assert ALL 5 target tables NULL again, 0 governance event rows, event_outbox == baseline, all reuse-table counts unchanged. Footprint proven ≤ 4 additive tables (1 optional), 0 new buses/stores (doc 42 footprint claim).
6. SUCCESS CRITERIA:
- All four blockers rehearsed in dependency order in one reversible transaction; full ROLLBACK leaves entry==exit.
- No-island proven (one bus/issue-store/audit/cursor-family/candidate-store); no-hardcode proven (classes/axes/scopes/rules sourced from registries).
- ZERO emit, ZERO COMMIT, os_proposal_approvals still 0. Report: live block, pre/post snapshots, full ROLLBACK transcript, gate table (doc 42 §42.5) marked, C-7 status. Build remains NO-GO.
48.6 Prompt 6 — T6/T7 patch rehearsal (the 10 build addenda; additive rows; doc patches)
MISSION: T6/T7 PATCH REHEARSAL (the 10 GCOS build addenda; doc 45 §45.4) — NO COMMIT, NO REGISTRATION
Effort: high. Host: contabo. DB: docker `postgres`, database `directus`.
0. STATE RECOVERY: muc-tieu-mo law; docs 45 (§45.4 the 10 addenda, count PINNED at 10), 42, 35 §3.2, 24 (T7), 25 (T6). State controlling/complete/NO-GO. PREREQUISITE: SB-10/11/12/13 rehearsals (Prompts 1-5) green; this patch is gated on them.
1. HARD GATE 0: no COMMIT; no DOT registration (no dot_tools insert committed); no event activation (active stays false); no emit; no approval; no law change. Two parts: (A) PG additive-row rehearsal (BEGIN..ROLLBACK); (B) KB doc-patch rehearsal (diff only, do not write).
2. LIVE RE-VERIFY (read-only):
a. SELECT count(*) FROM dot_coverage_required; -- baseline (was 11)
b. SELECT count(*) FROM dot_tools; -- baseline (was 309)
c. SELECT event_domain,count(*) FILTER (WHERE active) FROM event_type_registry GROUP BY event_domain; -- governance must be absent/inactive
d. SELECT count(*) FROM os_proposal_approvals; -- 0
Record.
3. PART A — PG additive-row rehearsal (operator psql -U workflow_admin), ONE transaction, ROLLBACK:
BEGIN;
-- addendum #5: dot_coverage_required rows for governance.candidate/backfill/handoff/input (A-tier read/propose)
INSERT INTO dot_coverage_required (...) VALUES (...); -- finalize columns from doc 25 §9
-- addendum #4: 4 GCOS DOTs in dot_tools (rehearse only; NOT a real registration)
INSERT INTO dot_tools (...) VALUES (...); -- dot_governance_backfill_sweep/_handoff_intake/_input_gate/_candidate_scan
-- addendum #9: governance event types (active=false) — same as Prompt 4
ROLLBACK;
4. PART B — KB doc-patch rehearsal (DIFF ONLY, do NOT write): for each of the 10 addenda (doc 45 §45.4), produce the exact patch text against docs 24/25/concept §11. Confirm:
- #1 L1 reads dirty+stale candidate set; #2 L2 pre-enforced by input gate; #3 lifecycle pre-stages; #6 +19 finding types; #7 group_key coalesce + storm ceiling; #8 auto-close re-key by (coalesce_key, ruleset_version); #10 production-gate fail-closed for high-risk stale/unknown.
- Count == 10 (doc 45 §45.4; doc 35 §7's "eleven" is documentation drift — OI-45-1).
5. POST-STATE + ENTRY==EXIT: re-run step 2; dot_coverage_required, dot_tools, event_type_registry all unchanged; no governance event active; no DOT registered.
6. SUCCESS CRITERIA:
- All 10 addenda enumerated; PG additive rows rehearsed then rolled back; doc-patch diffs produced but NOT written.
- No DOT registered, no event activated, no emit, no COMMIT. Entry==Exit proven. T6/T7 build remains NO-GO (gated on SB-10/11/12/13 build + C-7 + gate table).
48.7 Prompt 7 — Rollback / entry==exit verification protocol (run after ANY rehearsal)
MISSION: ROLLBACK & ENTRY==EXIT VERIFICATION (read-only; proves a prior rehearsal left zero footprint)
Effort: medium. Host: contabo. DB: docker `postgres`, database `directus`. Channel: query_pg (read-only) only.
0. STATE RECOVERY: muc-tieu-mo law; doc 45 §3 (live correction block); doc 42 §42.7 (rollback model). Identify which rehearsal (Prompt 1-6) just ran and its target objects.
1. HARD GATE 0: read-only verification only; no mutation of any kind.
2. VERIFY NO TABLE PERSISTED (greenfield restored):
SELECT to_regclass(t) FROM unnest(ARRAY['public.governance_ruleset','public.gov_worker_cursor',
'public.governance_candidate_state','public.governance_candidate_object','public.candidate_scan_run']) AS t;
-- EVERY result must be NULL (all target tables absent again).
3. VERIFY NO ROW PERSISTED in reuse tables:
- SELECT count(*) FROM evolution_snapshots WHERE scope LIKE 'governance.%'; -- expect 0
- SELECT count(*) FROM event_type_registry WHERE event_domain='governance'; -- expect 0
- SELECT count(*) FROM queue_heartbeat WHERE worker_name LIKE 'gov_%'; -- expect 0
- SELECT count(*) FROM event_pending; -- expect 0 (unchanged)
- SELECT count(*) FROM dot_tools WHERE dot_name LIKE 'dot_governance_%'; -- expect 0 new
- SELECT count(*) FROM dot_coverage_required WHERE coverage_key LIKE 'governance.%'; -- expect baseline only
4. VERIFY ZERO EMIT / ZERO APPROVAL / ZERO LAW CHANGE:
- SELECT count(*) FROM event_outbox WHERE event_domain='governance'; -- expect 0 (never emitted)
- SELECT count(*) FROM os_proposal_approvals; -- expect 0
- SELECT count(*) FROM normative_registry; -- compare to pre-rehearsal baseline; must be identical (no law change)
5. ENTRY==EXIT ASSERTION: compare every count to the rehearsal's PRE-STATE snapshot. ALL must be identical. ANY difference => the rehearsal did NOT cleanly roll back => REPORT AS FAILURE (do not attempt to "clean up" by mutating; escalate to operator).
6. SUCCESS CRITERIA:
- All target tables absent; all reuse tables at baseline; zero governance emit; zero approval; zero law change.
- Entry==Exit proven numerically. Report a table of {object, pre, post, equal?}. If all equal => rehearsal was non-destructive and reversible (PASS). If not => FAILURE + escalate. COMMIT remains NO-GO.
48.8 Pack-level invariants (true of every prompt)
- Starts from this package (muc-tieu-mo law + doc 45 + doc 42 + the relevant detailed design) — never from a stale doc.
- Re-verifies live PG first (doc 45 §3), uses current numbers, STOPs if a target table already exists (not greenfield) or if
os_proposal_approvals ≠ 0is being relied on without a recorded sovereign approval. - Ends in
ROLLBACK(DDL/DML rehearsals) and proves entry==exit numerically. - Forbids COMMIT unless ALL doc 49 gates pass AND a named human sovereign approval is recorded (
os_proposal_approvals > 0). No prompt may be silently converted to a build. - Includes success criteria that assert reversibility, no-island, no-hardcode, register-before-emit, and zero emit/approval/law-change.
- Read-only pre-flight/post-checks via
query_pg; DDL/DML rehearsal via the operator author-mode channel (ssh contabo → docker exec postgres psql -U workflow_admin -d directus), becausequery_pgcannot run DDL.
This doc executed none of the above. It is a prepared pack; build remains NO-GO.