01 — Production & Clone Safety Gates (Hard Gate 0)

Channels

• Production (read-only): query_pg(database='directus') — AST-validated, READ ONLY txn, read-only role, 5s timeout, LIMIT 500. No write channel to production was ever opened.
• Clone (read/write): ssh contabo docker exec -i postgres psql -U workflow_admin -d directus_gov_test_20260602 (stdin). The production-only query_pg allowlist (directus, incomex_metadata, workflow) cannot reach the clone — structural isolation.

Production Hard Gate 0 — entry == exit (read-only)

db=directus✅ | ownership 0→0✅ | owner_gap 210→210✅ | ospa 0→0✅ (blocker intact) | axis_* tables 0→0✅ | gov emit 0→0✅ | candidate/ruleset/worker 0/0/0✅ | system_issues 203,537 (organic)✅ | idle-in-txn 0→0✅ | no write channel opened✅ | apr_approvals 42→42✅. Production verdict: SAFE — byte-unchanged. No mutation.

Clone safety gate

db=directus_gov_test_20260602✅ | isolated (prod MCP cannot read it)✅ | ownership 100% (gap 0)✅ | substrate exists (3 axes, 6 tables, 16+ views)✅ | scanner idempotent✅ | event dispatch inert (gov types active=false, 0 emittable, no dispatcher)✅ | rollback/drop plan exists✅ | no uncontrolled worker loop (explicit SELECT fn_governance_scan calls)✅ | drift captured 41→38 (0 critical)✅. Clone verdict: SAFE — isolated, reversible, instrumented.

Mutation discipline

• Every persistent clone change tagged TEST_CLONE_finalization_2026-06-03; reversible via Z_rollback_finalization.sql.
• Every commit file self-guards: terminal DO $$ … RAISE EXCEPTION …$$ asserts the invariant so the txn cannot COMMIT on a bad result (ON_ERROR_STOP=1 aborts before COMMIT).
• Fail-closed negatives run inside one BEGIN…ROLLBACK with caught exceptions; zero residue.