05 — Post-Gate Production Rollout Pointers (exact)

Date: 2026-06-03. These are the exact artifacts to use after a human sets os_proposal_approvals ≥ 1. Until then, do not run any of them beyond the read-only gate monitor.

Channels

• Production read (always allowed): query_pg(database=directus).
• Production write/exec (post-gate only): ssh contabo -> docker exec -i postgres psql -U workflow_admin -d directus.
• Clone: N/A for rollout. query_pg cannot read clones.

Canonical engineering package

knowledge/dev/reports/architecture/one-roof-production-release-engineering-ultra-macro-2026-06-03/

• Executor: sql/prod/99_run_all.sql — Tiers 0–6 + Tier-8 verify; self-guarding (00_preflight aborts unless db=directus + ospa≥1 + clean greenfield baseline gap210/own0/conflict0/emit0 + prereq seam views); ON_ERROR_STOP=1; takes -v ratified_apr=<REAL_CODE> as ownership approval_ref provenance.
• Rollback: sql/prod_rollback/99_rollback_full.sql — returns to greenfield (ownership=0, gap=210, axis absent).
• Verification: sql/prod_verify/ (Tier 8) — asserts post-rollout invariants.
• Clone revalidation: sql/clone_revalidation/ — rollback-only harness used to prove the executor.

Release-management finalization package

knowledge/dev/reports/architecture/one-roof-release-management-finalization-gate-monitoring-2026-06-03/

• Gate monitor (read-only, run anytime): sql/gate_monitor/gate_check.sql (+ .sh). Returns gate_status = READY only when ospa≥1 + clean baseline + db=directus; else BLOCKED with reason. Live result 2026-06-03 = BLOCKED | ospa<1.
• Final copies (byte-identical to canonical): sql/final_executor_copy/, sql/final_rollback_copy/, sql/final_verify_copy/, sql/clone_rehearsal/.
• Post-gate prompt: 07-post-gate-execution-prompt.md.

The exact post-gate prompt (paste verbatim into a fresh Agent session AFTER ratification)

MISSION: ONE_ROOF_PRODUCTION_ROLLOUT_EXECUTE_ON_RATIFICATION

Context:
- Canonical, hash-verified, clone-rehearsed production rollout is ready.
- Package: knowledge/dev/reports/architecture/one-roof-production-release-engineering-ultra-macro-2026-06-03/
- Executor: sql/prod/99_run_all.sql (Tiers 0-6 + verify, self-guarding, ON_ERROR_STOP).
- Rollback: sql/prod_rollback/99_rollback_full.sql
- Only blocker was os_proposal_approvals >= 1 (human L2/L4 ratification).
- Prod write/exec: ssh contabo -> docker exec -i postgres psql -U workflow_admin -d directus
- Prod read: query_pg(database=directus).

HARD STOP (check FIRST):
1. Run gate monitor (read-only): sql/gate_monitor/gate_check.sql against directus.
2. If gate_status <> 'READY' -> STOP. Do NOT mutate production. Report "Gate still closed (<blockers>). No action taken." END.
3. Confirm the ratified APR code that produced ospa>=1 (becomes approval_ref provenance). If unknown -> STOP. Do not invent one.

EXECUTE (only if READY and APR known):
4. cd .../sql/prod
5. ssh contabo "docker exec -i postgres psql -U workflow_admin -d directus -v ON_ERROR_STOP=1 -v ratified_apr=<REAL_CODE> -f -" < 99_run_all.sql 2>&1 | tee rollout_<UTC>.log

VERIFY:
6. Log ends with "TIER 8 VERIFY PASS" and "ROLLOUT COMPLETE — ALL TIERS PASSED".
7. Re-read via query_pg: resp gap=0, conflict=0, containment_gap=0, active_axes=3, divergent=0, projection_gap=0, label_orphans=0, critical_drift=0, emittable_events=0, gov_outbox=0, kg-domain-x=active, governance_object_ownership=30. (open_drift small non-zero is fine; critical_drift must be 0.)

ROLLBACK IF FAIL:
8. ssh contabo "... -f -" < sql/final_rollback_copy/99_rollback_full.sql ; confirm "FULL ROLLBACK OK: ownership=0 gap=210 axis=absent". Re-baseline. Report failure.

PUBLISH:
9. Write rollout report to KB (before/after invariants, APR code, log path, PASS/FAIL, rollback?). Update memory index.

FORBIDDEN: don't proceed if gate <> READY; don't fabricate APR; don't activate governance event types; no DOT/UI/Directus/Qdrant/Nuxt/approval/e-sign/law/version; don't run clone-variant SQL vs directus; no external dispatch.

COMPLETION: PASS=all tiers committed + verified + report published. ABORT=gate closed/APR unknown -> no mutation. FAIL=tier failed -> rollback executed, baseline restored, reported.

Double-gate safety (why this is safe to leave standing)

1. Prompt step-2 hard-stop requires gate_status=READY.
2. Executor 00_preflight.sql independently aborts unless ospa≥1 + clean baseline.
3. Step-3 refuses without a real ratified APR code (no fabricated authority).
4. Rollback returns to exact baseline; proven idempotent on a fresh clone.
5. Bounded ~1-minute single job; no daemon; no external effect.