One-Roof Clone Axis/Topic — 01 Production & Clone Safety Gates (PASS)
01 — Production & Clone Safety Gates (Hard Gate 0)
Verdict: PASS. Production proven read-only-safe and byte-unchanged across the run; clone proven isolated, seeded, bounded, and reversible.
Channels (and the isolation that makes this safe)
| DB | Channel | Mutability |
|---|---|---|
production directus |
query_pg MCP (read-only role, READ ONLY txn, 5s timeout, LIMIT 500) |
read-only by construction — cannot DDL/DML |
clone directus_gov_test_20260602 |
ssh contabo docker exec -i postgres psql -U workflow_admin -d directus_gov_test_20260602 -f - |
read+write; every mutating script self-guards current_database() LIKE 'directus_gov_test_%' |
The query_pg allowlist is ['directus','incomex_metadata','workflow'] — it cannot even see the clone. So the two channels are physically incapable of crossing: production proof is read-only-only; clone mutation rides a separate ssh channel that refuses to run anywhere but a clone DB. There is no single channel that can both read production and write it.
Production read-only check (entry, 2026-06-03)
| # | check | required | actual |
|---|---|---|---|
| 1 | production DB = directus |
directus | directus ✓ |
| 2 | ownership rows = 0 | 0 | 0 ✓ |
| 3 | gap = 210 | 210 | 210 ✓ |
| 4 | os_proposal_approvals = 0 |
0 | 0 ✓ |
| 5 | governance event emit = 0 | 0 | 0 ✓ |
| 6 | axis tables absent | 0 | 0 ✓ |
| 7 | candidate/ruleset/worker state | 0/0/0 | 0/0/0 ✓ |
| 8 | idle-in-transaction = 0 | 0 | 0 ✓ |
| 9 | no production write channel opened | — | none (query_pg read-only) ✓ |
Clone safety check (entry)
| # | check | required | actual |
|---|---|---|---|
| 1 | clone DB = directus_gov_test_20260602 |
yes | yes ✓ |
| 2 | clone isolated from app traffic | yes | separate DB in same instance; no app retargeting ✓ |
| 3 | ownership seed + 100% collection coverage from prior run | own≥1, gap 0 | own 30, gap 0 ✓ |
| 4 | scanner candidate state bounded/idempotent | bounded | candidate_state 5 / candidate_object 35, cursor 1 ✓ |
| 5 | event dispatch inert | 0 gov emit | 0 ✓ |
| 6 | rollback/drop plan exists | yes | sql/Z_axis_substrate_drop_clone.sql (written before first commit) ✓ |
| 7 | axis tables absent/known | absent | 0 (clean slate) ✓ |
| 8 | no uncontrolled worker loop | none | no daemon; scans are single deterministic passes ✓ |
Production re-verification (exit)
db=directus · ownership 0 · gap 210 · ospa 0 · gov_emit 0 · axis_tables 0 · candidate_state 0 · idle 0 — identical to entry. The clone build did not, and structurally could not, touch production.
Why persistent clone commits were authorized here (vs prototype's withhold)
The prototype withheld commit to avoid a misleading "island" schema implying an un-ratified ownership-model change. This run removes that objection two ways: (1) the mission explicitly authorizes persistent clone commits when isolated, reversible, and TEST_CLONE-marked; (2) the build uses a parallel axis_object_ownership table instead of ALTERing governance_object_ownership, so no pre-existing structure is changed and the existing pipeline is provably byte-intact. The "island" is therefore a clearly-labelled, self-contained, droppable test artifact on a non-production DB — not a silent schema mutation.