57 — Author-Mode Rehearsal Entry Baseline

Path: knowledge/dev/reports/architecture/one-roof-governance-technical-addendum-and-implementation-index-2026-06-01/ Doc: 57. Role: Entry baseline (R1) for the GCOS author-mode BEGIN..ROLLBACK rehearsal run executed under the GPT delegated ruling (gpt-delegated-ruling-…-c1-c2-c7-authorize-rehearsal-no-commit-2026-06-01.md). This is the first doc of a rehearsal-RESULTS bundle (57–66) that actually executed the doc-48 prompts as orchestrated by doc 53. Status: REHEARSAL RESULTS. Author-mode BEGIN..ROLLBACK only. ZERO COMMIT. ZERO persistent mutation. Entry==exit proven in doc 64. Build remains NO-GO (os_proposal_approvals = 0 ⇒ COMMIT_FORBIDDEN). Date: 2026-06-01. Channel: read-only via query_pg MCP (context_pack_readonly); DDL/DML rehearsal via operator author-mode ssh contabo → docker exec -i postgres psql -U workflow_admin -d directus.

---

57.0 Delegated ruling scope honored (state-recovery verdict)

Read in order before any execution: muc-tieu-mo house law; docs 00, 45, 48, 49, 53, 55; and the GPT delegated ruling.

• Authorized (ruling): author-mode BEGIN..ROLLBACK rehearsal for SB-12, SB-13, SB-10, SB-11, combined GCOS substrate, and T6/T7 patch, provided every run proves entry==exit, no COMMIT, no persistent mutation, no idle-transaction residue. C-1 (SB-2 ownership pattern) and C-2 (SB-1 action-types) APPROVED for rehearsal; C-7.1–7.5 default positions APPROVED for rehearsal.
• Forbidden (ruling + mission §7): COMMIT; production build; event emit; DOT registration as live; approval-row creation; law enactment/version/status change; Directus/Qdrant/Nuxt mutation; persistent PG mutation; Phase-B handler activation.
• Exact rehearsal order (doc 53): R-1 SB-12 → R-2 SB-13 → R-3 SB-10 → R-4 SB-11 → R-5 combined → R-6 T6/T7 patch → R-7 rollback/entry==exit verification after each.
• Rollback proof method: every rehearsal is one transaction ending in ROLLBACK; proof is (a) same-session post-ROLLBACK to_regclass/count check and (b) an independent query_pg (separate session) re-read; numeric pre == post for every touched object.

57.1 HARD GATE 0 — execution channel verified (the decisive check)

The muc-tieu-mo law (§3.5 Execution Channel Pack, §4E Live Apply Hard Gate 0) requires proving a real exec channel before deep work, and records the IU-Core-8000x lesson that query_pg read-only + no SSH-exec = OPERATOR_HANDOFF_MODE. This run verified the channel live:

Probe	Result
ssh contabo (38.242.240.89, key contabo_vps)	SSH_OK, host vmi3080463
postgres container	Up 6 weeks (healthy)
docker exec postgres psql -U workflow_admin -d directus	workflow_admin | directus | PostgreSQL 16.13
DDL BEGIN..ROLLBACK probe (throwaway _gcos_probe_zzz)	created (visible in-tx=1) → ROLLBACK → after=0 (zero residue)

Classification: EXECUTION_MODE for rollback-only rehearsal. Authority (ruling) + execution channel (SSH→docker→psql, DDL-capable, reversible) both pass. COMMIT remains out of scope by ruling/mission, so the channel is exercised strictly as BEGIN..ROLLBACK. Transaction discipline on every rehearsal: SET LOCAL statement_timeout='5s', lock_timeout='3s', idle_in_transaction_session_timeout='15s', ending in ROLLBACK.

57.2 Entry baseline — live values (read-only via query_pg, 2026-06-01)

Target objects (all ABSENT ⇒ greenfield):

Object	to_regclass	Blocker
governance_ruleset	NULL	SB-12
gov_worker_cursor	NULL	SB-13
governance_candidate_state	NULL	SB-10
governance_candidate_object	NULL	SB-10 (optional)
candidate_scan_run	NULL	SB-10
governance_object_ownership	NULL	SB-2
governance_responsibility_scope	NULL	SB-2

Spine & reuse-table counts (entry):

Object	Entry value	Note
birth_registry total / canonical_address non-null / status='born' / born_at null	1,042,945 / 0 / 1,042,945 / 0	grew +7 vs doc 53.9 (1,042,938); still growing daily (organic). canonical NULL ⇒ key = collection_name:entity_code
watermark types: birth.id / registry_changelog.id / iu_route_worker_cursor.last_event_id / event_outbox.id	integer / integer / uuid / uuid	confirms text-generalized watermark needed (SB-13)
event_type_registry (by domain)	40 total; iu 16/16, mother 9/0, piece 6/6, staging 5/5, system 4/3; no governance domain	mother 9/0 = register-but-inactive precedent
event_outbox / event_outbox governance / event_pending / event_read / event_subscription / queue_heartbeat	182,731 / 0 / 0 / 182,370 / 3 / 3	outbox governance=0 = zero-emit baseline; pending free
evolution_snapshots / governance-scope	1 / 0	SB-12 reuse target
measurement_registry total / enabled	142 / 140	SB-12 ruleset hash input
derived_objects_registry / refresh_strategy	7; on_demand 3 / realtime_trigger 2 / null 2	3 modes back SB-10 refresh modes
os_proposal_approvals	0 ⇒ COMMIT_FORBIDDEN	master gate red
approval_requests / apr_approvals / apr_action_types	211 / 42 / 6	no governance action-types (SB-1 gap)
dot_tools / dot_coverage_required / dot_domains	309 / 11 / 46	T6/T7 patch targets
system_issues / registry_changelog	191,307 / 68,444	issue store / audit
normative_registry / law_catalog / governance_docs	47 / 5 / 12	law tables — must stay identical (no law change)
governance_registry / governance_relations	9 / 8	governance spine
idle in transaction (pg_stat_activity, db=directus)	0	clean
existing queue_heartbeat names	cut_pipeline_operator, dieu45_phase3_pilot, iu_outbound_default	no gov_* collision

All facts re-verified live; live wins over any printed doc value (muc-tieu-mo §1; doc 45 §45.2). Differences vs doc 45/53 are organic growth (birth_registry, event_outbox, system_issues) — not residue.

57.3 Schema-drift findings discovered at baseline (the value of a live rehearsal)

The doc-48 representative DDL used (...) placeholders / illustrative columns. Live discovery surfaced five real drifts that would have failed a verbatim build. All are muc-tieu-mo §4G surgical drift (column-name / enum-vocab mapping; contract & business-meaning unchanged; rollback-safe; documented), applied in the rehearsals and recorded here.

ID	Object	Representative (doc 48)	Live reality	Mapping applied
F-57-1	queue_heartbeat	worker_name, worker_kind	executor_name, executor_kind; PK = executor_name; executor_kind ∈ {DOT,Agent,Hermes,Codex,PG_worker,external_worker,future_Kestra_adapter}; last_tick_status ∈ {ok,warn,error}; metadata safe-check forbids body/content/raw/vector/embedding/secret/token/password/ssn/personal_data keys (Điều 45 signal-not-data)	use executor_name/executor_kind; kind=PG_worker; metadata {}
F-57-2	event_type_registry.delivery_lane	'deferred'	CHECK ∈ {immediate, delayed}	deferred → delayed
F-57-3	event_type_registry.event_stream	'governance'	CHECK ∈ {comment,review,update,birth,task,alert,health}	findings → alert; heartbeats → health
F-57-4	event_type_registry.default_severity	'medium'	CHECK ∈ {info,warning,critical} (or NULL)	medium → warning
F-57-5 (Part A)	dot_coverage_required.domain	free text	FK → dot_domains(code); dot_tools has a Birth-Gate trigger warning codes not matching PREFIX-NNN (warning, non-blocking)	register governance.{backfill,handoff,input,candidate} in dot_domains first; DOT codes accepted with warning

event_type_registry PK is (event_domain, event_type); dot_coverage_required UNIQUE is (domain, operation, tier) — both honored in the rehearsals.

57.4 R1 verdict

PASS. Channel = EXECUTION_MODE (rollback-only). Greenfield confirmed (7 target tables absent). Master gate os_proposal_approvals=0 ⇒ COMMIT_FORBIDDEN. Idle-in-transaction = 0. No gov_* heartbeat collision. Five surgical drifts catalogued for the rehearsals. Proceed to R-2..R-7. Per-rehearsal results: docs 58–63; entry==exit certification: doc 64; readiness verdict: doc 65; self-review: doc 66.