KB-5506

F-3 Consolidation Rollback-Only Coverage Dry-Run — 08 F-4 Seam-Commit Readiness Packet

8 min read Revision 1

one-roofphase-1f3f4readiness-packetseam-commitddlratification-gate

08 — F-4 Seam-Commit Readiness Packet

The concrete, fill-in-the-blanks plan for F-4 (the first COMMIT that wires the two governance seams onto their real sources). F-4 is NOT authorized by F-3 — this packet specifies exactly what a ratified F-4 would do, what must stay forbidden, the row ceilings, stop conditions, and rollback plan. The only thing standing between this packet and execution is L2+L4 ratification (the os_proposal_approvals=0 gate).

8.1 What F-4 would commit (and only this)

Two additive CREATE OR REPLACE VIEW statements — no new tables, no migration, no data backfill, instantly reversible to the inert WHERE false form. Both rehearsed live under ROLLBACK in F-3 and compiled cleanly.

Seam A — `v_governance_object_inventory` (collection grain, full-35)

CREATE OR REPLACE VIEW v_governance_object_inventory AS
  SELECT 'collection'::text       AS object_type,
         cr.collection_name::text AS object_ref,          -- F2-1 cast (load-bearing)
         (cr.governance_role IN ('governed','locked')) AS requires_owner,
         (cr.coverage_status = 'BIRTH_REQUIRED')        AS born
  FROM collection_registry cr
  WHERE cr.governance_role='governed' AND cr.coverage_status='BIRTH_REQUIRED';

Yields 35 rows today (doc 04 §4.1). Bounded, auditable, sub-second.

Seam B — `v_governance_object_containment` (from real folder-groups)

CREATE OR REPLACE VIEW v_governance_object_containment AS
  SELECT 'collection'::text       AS object_type,
         cr.collection_name::text AS object_ref,
         'group'::text            AS parent_type,
         cr."group"::text         AS parent_ref          -- F2-1 cast
  FROM collection_registry cr
  WHERE cr.governance_role='governed' AND cr.coverage_status='BIRTH_REQUIRED'
    AND cr."group" IS NOT NULL AND cr."group" <> '';

Yields ~35 acyclic depth-1 edges into 5 groups (GRP-AI / GRP-BUSINESS / GRP-GOVERNANCE / GRP-REGISTRY / GRP-WORKFLOW). F-3 proved the 10-edge / 3-group subset is acyclic (max_depth=1, cycle guard untripped). F-4 pre-commit MUST re-run the B5 acyclicity walk over all 35 and assert max_depth < 64 / hit_cycle_guard=false before committing.

Both casts are mandatory: without ::text, CREATE OR REPLACE VIEW errors "cannot change data type of view column" (live cols are text; collection_name/group are varchar). This is the single load-bearing DDL correction (F2-1), now used in both seams.

8.2 Expected row ceilings (gate F-4 on these)

Quantity	Value	Basis
Inventory rows (full)	35	governed BIRTH_REQUIRED collections (proven live, A2)
Active scopes	6	{approval,audit,execution,health,policy,render}
Gap ceiling, full Phase-1	210	35 × 6 — proven live (A3), supersedes the wrong "38"
Containment edges (full)	~35	one per governed collection with a non-empty `group`
Containment depth	1	collection → group (groups are parent-only)
Owner-resolution rows	≤ (35 + #groups) × 6 = ≤ 240	nodes × scopes; non-empty only on owned scopes
F-4 abort gate	`gap_before > 210` ⇒ ABORT	any excess means an unexpected source row

8.3 What can be committed later (the green list)

Seam A at collection grain (35 rows) — the inventory the whole coverage path reads.
Seam B from collection_registry."group" (acyclic, depth-1) — enables inherited ownership.
Both are read-only views over existing catalogs — they add visibility, not data; reversible in one statement.

After F-4 commits these, the coverage path becomes live but still inert in effect: with governance_object_ownership empty, every governed object is an honest gap (210 rows) and nothing is emitted, persisted, or routed — exactly the F-3 in-transaction behavior, now standing. Issue/event/scanner/worker remain OFF.

8.4 What must remain forbidden at F-4 (the red list)

Forbidden	Why
The COMMIT without L2+L4 ratification	Wiring the inventory makes the substrate see governed objects = crosses inert→active for coverage; this is a governance decision, not an engineering default. `os_proposal_approvals=0` ⇒ no commit key exists yet.
Object-grain inventory (`birth_registry` ~1.08M)	Must be cursor-tailed (SB-13); never full-swept. Collection grain only at F-4.
Axis / assignment / topic / UI-exposed coverage	`axis_registry`/`axis_assignment`/`coverage_rule` ABSENT ⇒ fake/test-only. NO-GO until that substrate is ratified+built.
Persisting `system_issues` from gap findings	F-5/T7 territory; gaps stay as view output only.
Activating governance event types / emitting events	the 5 gov `event_type_registry` rows stay `active=false`; `event_outbox` gov stays 0.
Starting scanner / worker / backfill / DOT / handler / UI	F-5..F-7; ratification-gated.
Seeding real ownership rows as part of F-4	F-4 is seam wiring only; ownership seeding is a separate ratified step.

8.5 Stop conditions (F-4 must ROLLBACK and halt if any trip)

gap_before after Seam A wiring > 210 (unexpected governed rows).
Seam B acyclicity walk hits the 64-depth cycle guard, or max_depth ≥ 64.
Any write to event_outbox / system_issues / registry_changelog / worker cursor observed.
Any DOT/event/handler/UI activation, or any out-of-scope table delta.
os_proposal_approvals still 0 at commit time (no ratification) — do not COMMIT.
Idle-in-transaction session un-closable, or failed-transaction state unrecoverable.

8.6 Rollback plan for F-4

Pre-commit: identical to F-3 — run inside BEGIN, verify A/B ceilings, then either COMMIT (only if §8.7 gate satisfied) or ROLLBACK.
Post-commit reversal (if ever needed): a single CREATE OR REPLACE VIEW … WHERE false per seam restores the inert form (canonical inert DDL in one-roof-phase1-test-mode-deferred-substrate-completion-2026-06-02/sql/sb2_views_ddl.sql). No data is touched, so reversal is instantaneous and lossless.
Backup: take a schema-only pg_dump of the two view definitions before COMMIT (belt-and-braces; the inert DDL above already suffices).

8.7 The one gate that unblocks F-4

F-4's COMMIT requires a sovereign L2+L4 ratification recorded as an approved governance build-authorization — the same gate that has blocked every build step:

L2 quorum: ≥1 president-human + ≥2 ai_council, 0 rejects, proposer excluded.
L4: President e-signature.
Observable GO signal: os_proposal_approvals moves 0 → ≥1 (and/or the ratified governance_build_authorization row exists and v_build_auth_valid recomputes true).

Until that row exists, F-4 stays NO-GO and the seams remain inert. F-3 has made F-4 a fill-in-the-blanks execution: the DDL, ceilings, stop conditions, and rollback are all specified and rehearsed.

8.8 Readiness verdict

F-4 IS ENGINEERING-READY, RATIFICATION-BLOCKED. Both seam DDLs are exact, cast-corrected, and rehearsed live; ceilings (210/35/depth-1) are empirically confirmed; the forbidden set, stop conditions, and rollback are concrete. The sole remaining input is human L2+L4 ratification — no engineering work remains before the COMMIT.