KB-EE7A

F-5 Ownership-Seed Rollback-Only — 00 Overview & State Recovery

3 min read Revision 1

one-roofphase1coverage-dry-runf5ownership-seedrollback-only2026-06-02

00 — Overview & State Recovery (F-5 Ownership-Seed, ROLLBACK-ONLY)

Date: 2026-06-02 Execution class: ownership-seeding rollback-only rehearsal. Mode: single BEGIN..ROLLBACK. NO COMMIT. NO PERSISTENT MUTATION. Verdict: PASS (10/10 objectives). Direct + inherited owner coverage proven live, gap math verified (210→207, 3 covered), 6 negative/conflict tests fail closed, entry==exit proven on both channels. Activation remains NO-GO; L2+L4 ratification remains DEFERRED, not solved (os_proposal_approvals stayed 0).

What is now live after F-4 (recovered state)

F-4 persistently committed the two coverage seam views over real collection_registry:

v_governance_object_inventory — 35 governed BIRTH_REQUIRED collection objects (requires_owner=true, born=true).
v_governance_object_containment — 35 acyclic depth-1 edges, every edge collection → group, into 5 groups (GRP-AI/GRP-BUSINESS/GRP-GOVERNANCE/GRP-REGISTRY/GRP-WORKFLOW).
Active scopes = 6 (approval, audit, execution, health, policy, render).
Full gap ceiling = 35 × 6 = 210.
governance_object_ownership empty; candidate/ruleset/worker/event/issue/DOT surfaces inactive/empty.

Exact F-5 objective

Inside one BEGIN..ROLLBACK: seed a small transient ownership set, prove (1) direct owner coverage, (2) group-inherited owner coverage, (3) missing owner remains gap, (4) gap reduction = covered object×scope rows, (5) conflict/invalid owner cases fail closed, (6) ROLLBACK with entry==exit.

Expected gap math

Baseline 210. Seed = 1 direct (agents/audit) + 1 group anchor (GRP-WORKFLOW/policy, is_inherited_anchor=true, fans to 2 children). Covered = 1 + 2 = 3. Post-seed gap = 210 − 3 = 207.

Channels

Write/transaction: ssh contabo → docker exec -i postgres psql -U workflow_admin -d directus -f - (single session, default ROLLBACK).
Independent read verify: query_pg MCP (read-only role, separate connection).
DB confirmed: directus (role workflow_admin; collection_registry=168).

Forbidden set fully held (no COMMIT/persist/candidate/ruleset/worker/scanner/emit/system_issues/DOT/handler/UI/Directus/Qdrant/ospa/approval/law/activation/hardcode/island).