00 — Overview & State Recovery

Mission: ONE_ROOF_NONPROD_CLONE_FULL_COVERAGE_PIPELINE_ADVANCEMENT Date: 2026-06-02 Execution class: Non-production clone creation + full coverage pipeline advancement (A→G) Final status: PASS (all pipeline stages A–G executed and verified on an isolated clone; production byte-unchanged)

The production governance coverage path is technically ready but human-gated (os_proposal_approvals=0 ⇒ no L2/L4 sovereign ratification). Rather than force production ratification, this run: (1) verified production read-only and captured an integrity fingerprint; (2) created a clearly-named, isolated, disposable non-production clone directus_gov_test_20260602 of directus; (3) advanced the full coverage pipeline ON THE CLONE ONLY — A: committed 30 group-level ownership anchors → gap 210→0 persistently; B: scanner read → 100.00% coverage; C: scanner write-half (ruleset/scan_run/candidate_state/candidate_object) idempotent+bounded; D: issue/event boundary DB-enforced fail-closed; E: worker/cursor monotonic+idempotent; F: full rollback rehearsed; G: production rollout packet; (4) re-verified production identical to entry baseline (zero mutation).

Production state: DB directus (host 172.19.0.3, postgres:16); all governance write-tables EMPTY; gap=210 (35×6); seams inventory=35/containment=35/scopes=6; ospa=0 ⇒ commit BLOCKED; approval_requests=211/apr_approvals=42/apr_action_types=14; dot_tools=309; gov_schema_md5=6800392375898de4a37de1667da094da.

Production commit is blocked because the self-guarding production seed aborts unless ospa>=1 (sovereign L2/L4 human ratification of APR-BOOT-AUTHMODEL-1, not yet enacted). Human/process blocker, not technical.

Clone strategy: new database in the SAME postgres instance via pg_dump directus | psql restore (roles already exist in-instance; full DB isolation; Directus binds only to directus; MCP query_pg is allowlist-locked out of the clone). Clone allowed: persistent test commits. Forbidden everywhere: production writes/schema/seed/emit/worker, Directus/Qdrant/Nuxt mutation, os_proposal_approvals write, approval/e-sign, external notification, outbound dispatch, claiming clone==production authorization. Production-unchanged proven via the production-only MCP channel fingerprint (before==after).

Doc map: 01 preflight, 02 clone strategy, 03 clone baseline, 04 seed (A), 05 read (B), 06 write-half (C), 07 issue/event (D), 08 worker/cursor (E), 09 rollback/drop (F), 10 production impact, 11 rollout (G), 12 GO/NO-GO, 13 self-review. SQL + sha256 in sql/.