Governance→RP Handoff — 04 Registries-Pivot Forbidden Assumptions (2026-06-03)
04 — Interfaces Registries-Pivot MUST NOT Rely On Yet
Date: 2026-06-03. These are NOT production truth while ospa < 1. Treating any of them as live is the primary failure mode of this handoff.
Forbidden assumptions (do NOT depend on as production-live)
| # | Assumption RP must NOT make | Reality (verified 2026-06-03) | Where it actually exists |
|---|---|---|---|
| 1 | Production owner coverage is 100% (gap 0) | Production gap = 210, ownership = 0 | gap→0 is CLONE-PROVEN + gated rollout only |
| 2 | Production has an axis substrate | Axis tables ABSENT in production | Clone only (6 tables, 3 axes) |
| 3 | Production has a topic substrate | Topic tables ABSENT in production | Clone only (topic_taxonomy_map etc.) |
| 4 | Production scanner/candidate is populated | candidate/ruleset/scan_run/cursor = 0 | Clone only (~38 findings) |
| 5 | Production governance events/issues are active | governance event_outbox = 0, types inactive | Fail-closed by design; activation is a future gated tier |
| 6 | Production has UI/API governance views (v_ui_*) |
Not in production | Clone only (7 v_ui_* views) |
| 7 | Any directus_gov_* clone object is reachable |
Clones dropped; only /tmp/clone_finalized_2026-06-03.dump snapshot exists |
Clone-only, offline |
| 8 | The production rollout has been executed | NOT executed; ospa=0 → gate CLOSED | Packaged-but-gated |
| 9 | gap=210 is a bug RP should "fix" | It is the deliberate unseeded gate state | n/a |
Why this matters (the canonical confusion to avoid)
The clone rehearsals deliberately reproduce the post-rollout world (gap 0, axes live, scanner populated) to prove the rollout is safe. That proof lives on a clone and in a snapshot — it never touched production. Clone-proven ≠ production-live. A future RP macro that reads "gap 0 / 3 axes / 38 findings" from a report and assumes production has them will build on sand.
The single discriminator
Before relying on ANY governance interface, RP must run a live query_pg(database=directus) check. If os_proposal_approvals = 0, then: ownership=0, gap=210, no axis, no topic, empty scanner, no governance events — full stop. Only ospa ≥ 1 plus a confirmed executed rollout (verifiable via the Tier-8 invariants) changes this.
Clone channel (for reference only — not an RP dependency)
Clone work historically used ssh contabo -> docker exec -i postgres psql -d <clone_db>; query_pg allowlist is ['directus','incomex_metadata','workflow'] and cannot read clones. RP should not need the clone at all; if clone evidence is wanted for a design decision, restore from the snapshot in a throwaway DB — never in production, never claimed as production.