90 — Final Build Prompts (paste-ready)

Branch H (mission §11). Ten paste-ready prompts for future build steps. Every prompt starts from doc 89 and carries the same guardrail: no COMMIT unless an explicit sovereign authorization (an os_proposal_approvals row for THIS step) + the required council record exists and is quoted in the prompt. Absent that text, the prompt runs BEGIN..ROLLBACK rehearsal only. Each forbids out-of-scope mutation and requires entry==exit proof (doc 91 template). Common preamble (prepend to each): "Read docs 00, 88, 86, 89 first. Confirm live os_proposal_approvals and the required council record. Channel: ssh contabo → docker exec -i postgres psql -U workflow_admin -d directus. Set statement_timeout='5s', lock_timeout='3s', idle_in_transaction_session_timeout='15s'. If M-1 not met or the step's council record absent → STOP and report."

---

Prompt 1 — SB-1 / SB-2 owner & APR build

GOAL: Build SB-1 (4 apr_action_types rows) and SB-2 (governance_responsibility_scope +
governance_object_ownership + 2 resolution views) per docs 16/17, with the doc-86 fold-ins.
PRECONDITION (quote evidence): os_proposal_approvals row for this step (M-1) + council C-2 (SB-1)
and C-1 (SB-2) build records. If absent → REHEARSAL ONLY (BEGIN..ROLLBACK), no COMMIT.
MANDATORY FOLD-IN: F-83-1 — before the 4 INSERTs, re-wire the birth trigger:
  DROP TRIGGER trg_birth_apr_action_types ON apr_action_types;
  CREATE TRIGGER trg_birth_apr_action_types AFTER INSERT ON apr_action_types
    FOR EACH ROW EXECUTE FUNCTION fn_birth_registry_auto('action_code');
SB-1 rows: assign_governance_owner / grant_governance_exception / delegate_authority / assign_axis_owner,
  all handler_ref='unimplemented', risk_level='high', status='active', _dot_origin set.
SB-2: additive tables ONLY (never ALTER governance_relations); partial UNIQUE one-accountable-per-scope;
  delegated requires effective_to; tables trigger-less; 6 seed scopes.
PROVE: entry==exit in rehearsal (apr_action_types 6→6 on rollback; targets ABSENT→ABSENT);
  negative tests (PK collision, bad risk, bad status, dup-accountable, phantom FK, bad scope, bad kind, delegated-no-TTL).
FORBIDDEN: flip any handler_ref; create approval_requests row; emit; touch Directus/Qdrant/Nuxt.
REPORT: doc 89 §89.8 fields. pg_dump apr_action_types + governance_relations + governance_registry before any COMMIT.

Prompt 2 — GCOS substrate build (SB-12 → SB-13 → SB-10 → SB-11)

GOAL: Build the 4 GCOS blockers in dependency order per docs 38/39/40/41 + fold-ins.
PRECONDITION: os_proposal_approvals for this step (M-1). SB-12 ruleset created status='draft'
  (activation needs C-7.2, NOT now).
ORDER: SB-12 (governance_ruleset) → SB-13 (gov_worker_cursor) → SB-10 (governance_candidate_state
  + optional object + candidate_scan_run, FK→governance_ruleset) → SB-11 (register 5 event types).
FOLD-IN: F-57-1 (queue_heartbeat reuse cols executor_name/executor_kind='PG_worker', metadata '{}');
  L-WATERMARK (gov_worker_cursor.last_watermark_id = text); L-CANON-NULL (candidate_key =
  COALESCE(canonical_address, collection_name||':'||entity_code)); NO checked-forever boolean;
  F-57-2/3/4 for SB-11 (delivery_lane='delayed', event_stream='alert'/'health', default_severity
  in {info,warning,critical}, event_domain='governance', active=false).
PROVE: 5 tables ABSENT→ABSENT on rollback; real FK enforced; event_outbox governance=0; entry==exit.
FORBIDDEN: activate ruleset; set active=true; emit; create buses/stores beyond the 5 tables.

Prompt 3 — T6/T7 addenda build

GOAL: Apply the 10 T6/T7 addenda (Part A rows) per docs 24/25/45 + doc 69 landing table.
PRECONDITION: SB-10/11/12/13 already built + C-7 records + M-1. Else REHEARSAL ONLY.
FOLD-IN ORDER (F-R7-1): INSERT dot_domains (governance.backfill/handoff/input/candidate) FIRST,
  THEN dot_tools (4 tier-A read/propose DOTs), THEN dot_coverage_required (4).
F-R7-2 decision: name DOTs GOVDOT-001..004 (recommended) or accept Birth-Gate warning — record choice.
DO NOT create dot_governance_assignment_apply (G-APPLY = NO-GO).
Surgically patch frozen docs 24/25 per doc 69 §69.3; pin addenda count = 10 (OI-45-1).
PROVE: dot_domains/dot_tools/dot_coverage_required return to entry on rollback; no FK error; no mutating DOT.
FORBIDDEN: apply/assignment DOT; emit; law change.

Prompt 4 — Backfill seed DRY-RUN

GOAL: Dry-run the GCOS backfill seed per doc 31 (compute candidate set, NO onboarding rows committed).
PRECONDITION: C-7.3 (backfill-ruleset) + M-1. Without C-7.3 → compute-only, never COMMIT rows.
Birth NOT modified (Option A cursor-tail). Output candidate counts + coverage_status projection ONLY.
PROVE: birth_registry unchanged; no governance_candidate_state rows committed; entry==exit.
FORBIDDEN: writing onboarding rows; modifying Birth; mass APR creation.

Prompt 5 — Event registration build

GOAL: Register the governance event domain (5 types) in event_type_registry, active=false, per doc 41.
PRECONDITION: M-1 (this may be folded into Prompt 2 STEP SB-11). 
FOLD-IN: F-57-2/3/4 enum values. Register-before-emit: active=false, ZERO event_outbox emit.
A-3 (C-7.1 input-trust) required before the input-gate event is trusted/activated — NOT at registration.
PROVE: event_type_registry governance = 5 (active=false); event_outbox governance = 0; entry==exit.
FORBIDDEN: active=true; emit.

Prompt 6 — DOT registration build

GOAL: Register the 4 GCOS tier-A DOTs + 4 dot_coverage_required rows per doc 25 (read/propose only).
PRECONDITION: dot_domains GCOS rows exist (F-R7-1) + M-1.
F-R7-2: chosen DOT codes. All DOTs tier-A (scan/propose); SIV proposes, COUNCIL approves, GOV-DOT executes.
PROVE: dot_tools +4, dot_coverage_required +4 on a rehearsal then rollback to entry; entry==exit.
FORBIDDEN: registering a mutating/apply DOT; binding a real handler.

Prompt 7 — Production gate build (G-PROD)

GOAL: Implement the production fail-closed rule (addendum #10): a stale/missing candidate verdict
  blocks any high-risk production write. Per docs 35 §3 / 40 / 49.
PRECONDITION: SB-10 built + M-1. Rule is enforcement logic, not a new bus.
PROVE: fail-closed path blocks write when recompute_status<>'ok' OR dirty OR now()>=stale_after.
FORBIDDEN: fail-open default; bypassing the candidate-state verdict.

Prompt 8 — Post-build verification

GOAL: After any build step COMMIT, verify per doc 89 §89.4 + record delta.
RUN: the §89.4 query block; compare to pre-counts; confirm only the authorized rows changed;
  confirm event_outbox governance=0 (unless the step's emit is authorized); confirm no law/version change;
  confirm idle_in_transaction=0 and no sessions left open.
REPORT: doc 89 §89.8 fields + the delta table. If any unauthorized delta → raise incident, prepare rollback.

Prompt 9 — Rollback prompt

GOAL: Roll back a build step (committed or in-flight).
IN-FLIGHT: ROLLBACK the open transaction; confirm entry==exit (doc 91).
COMMITTED: action-types → retire (status='retired', retired_at=now()), NEVER delete (FK RESTRICT);
  greenfield tables → DROP TABLE/VIEW; reuse-table rows → DELETE by _dot_origin / event_domain='governance'
  / executor_name LIKE 'gov\_%' / domain LIKE 'governance.%'; restore birth trigger to original no-arg def
  if the F-83-1 fix must be reverted. Restore from pg_dump if needed.
PROVE: post-rollback counts == pre-build baseline; event_outbox governance=0; idle_in_transaction=0.
FORBIDDEN: deleting an in-use action-type; leaving an emitted event; partial rollback that strands an FK child.

Prompt 10 — "STOP if gates not green" guard prompt

GOAL: Gate-check before ANY COMMIT. 
CHECK: os_proposal_approvals has a row for THIS exact step (M-1); the step's council record (C-1/C-2/C-7.x)
  exists; all mandatory fold-ins for the step are in the script; the pre-COMMIT rehearsal proved entry==exit;
  idle_in_transaction=0.
IF ANY CHECK FAILS → STOP. Do not COMMIT. Write a finding citing the missing gate. A GPT/agent statement
  is NEVER a substitute for the sovereign os_proposal_approvals row.
ONLY IF ALL GREEN → proceed to the single reviewed COMMIT transaction, then Prompt 8.

---

All ten prompts inherit doc 89's stop conditions and the no-COMMIT-without-sovereign-authorization rule. None may be run as a COMMIT on the strength of this document, a GPT direction, or an agent decision — only on a live os_proposal_approvals row plus the required council record.