01 — Production & Clone Safety Gates (Hard Gate 0)

Production read-only check — PASS (10/10)

Channel: query_pg(database='directus') — AST-validated, READ ONLY txn, read-only role. No write channel opened. 1 db=directus PASS; 2 ownership=0 PASS; 3 gap=210 PASS; 4 ospa=0 PASS; 5 axis tables absent PASS; 6 gov emit=0 PASS; 7 candidate/ruleset/worker state unchanged PASS (substrate absent); 8 system_issues=202,518 captured; 9 idle-in-txn=0 PASS; 10 no production write channel opened PASS. Entry == Exit re-checked at macro end (db=directus, ownership=0, gap=210, ospa=0, axis_tables=0, macro_tables=0, gov_emit=0, idle=0). Production byte-unchanged.

Clone safety check — PASS (8/8)

Channel: ssh contabo docker exec -i postgres psql -U workflow_admin -d directus_gov_test_20260602. Separate DB in same Postgres-16 instance; not an app-traffic target. 1 clone DB correct; 2 isolated (not in query_pg allowlist; no app DSN); 3 ownership 30 / gap 0; 4 substrate 6 tables/16 views/3 axes; 5 event dispatch inert (gov types active=false; no dispatcher); 6 rollback/drop plan; 7 no worker loop (scanner is on-demand function); 8 no outbound notification path.

Isolation note

query_pg allowlist = ['directus','incomex_metadata','workflow'] and cannot read the clone. Production proof and clone work travel on physically distinct channels — structurally prevents cross-write.

Conclusion

Both gates pass. TEST_CLONE commits authorized; production read-only throughout.