-- ============================================================================ -- COMMIT-READY (NOT EXECUTED THIS RUN) — F-6 30-ANCHOR OWNERSHIP SEED -- Status: STAGED. Execution is BLOCKED until the sovereign gate opens. -- GATE: os_proposal_approvals >= 1 (live at authoring time = 0 => DO NOT RUN) -- Channel when authorized: -- ssh contabo -> docker exec -i postgres psql -U workflow_admin -d directus -f - -- Database directus IS PRODUCTION. There is no separate test DB. -- This script is self-guarding: it ABORTS inside the transaction unless -- (a) ospa >= 1 AND (b) pre-insert gap = 210 / ownership = 0 / conflict = 0 -- AND (c) post-insert exactly 30 rows / gap = 0 / conflict = 0. -- Set :ratified_apr to the ratified approval code before running, e.g. -- psql -v ratified_apr=APR-BOOT-AUTHMODEL-1 ... -- ============================================================================ \set ON_ERROR_STOP on \pset pager off

\echo ====================ENTRY_BASELINE==================== SELECT count() AS own_entry FROM governance_object_ownership; SELECT count() AS gap_entry FROM v_object_owner_gap; SELECT count() AS ospa_entry FROM os_proposal_approvals; SELECT count() AS conflict_entry FROM v_object_owner_conflict;

BEGIN;

-- ---- HARD AUTHORIZATION GATE (fail-closed; aborts the whole txn) ---------- DO $$ DECLARE v_ospa int; v_gap int; v_own int; v_conf int; BEGIN SELECT count() INTO v_ospa FROM os_proposal_approvals; SELECT count() INTO v_gap FROM v_object_owner_gap; SELECT count() INTO v_own FROM governance_object_ownership; SELECT count() INTO v_conf FROM v_object_owner_conflict; IF v_ospa < 1 THEN RAISE EXCEPTION 'GATE CLOSED: os_proposal_approvals=% (<1). L2/L4 ratification absent. ABORT.', v_ospa; END IF; IF v_gap <> 210 THEN RAISE EXCEPTION 'PREFLIGHT DRIFT: gap=% (expected 210). ABORT.', v_gap; END IF; IF v_own <> 0 THEN RAISE EXCEPTION 'NOT A CLEAN SEED: ownership=% (expected 0). ABORT.', v_own; END IF; IF v_conf <> 0 THEN RAISE EXCEPTION 'PRE-EXISTING CONFLICT: conflict=% (expected 0). ABORT.', v_conf; END IF; RAISE NOTICE 'GATE OPEN: ospa=% gap=% own=% conflict=% — proceeding.', v_ospa, v_gap, v_own, v_conf; END $$;

-- ---- THE 30 ANCHORS: 5 groups x 6 active scopes (proven by F-5/F-6) ------- -- Per-group accountable owner mapping is the FK-valid, rehearsal-proven set. INSERT INTO governance_object_ownership (object_type, object_ref, scope, owner_kind, owner_gov_code, is_inherited_anchor, lifecycle_status, approval_ref, source_design_ref, created_by) SELECT 'group', g.code, s.scope_code, 'accountable', g.owner, true, 'active', :'ratified_apr', 'F6-anchor-ratified', 'F6_OWNERSHIP_SEED_COMMIT' FROM (VALUES ('GRP-GOVERNANCE','GOV-COUNCIL'), ('GRP-REGISTRY','GOV-KG-SYS'), ('GRP-AI','GOV-DOT'), ('GRP-BUSINESS','GOV-MOIT'), ('GRP-WORKFLOW','GOV-DOT') ) g(code, owner) CROSS JOIN governance_responsibility_scope s WHERE s.status='active';

-- ---- PRE-COMMIT ASSERTS (abort if not exactly 30 rows / gap 0 / conflict 0) DO $$ DECLARE v_new int; v_gap int; v_conf int; BEGIN SELECT count() INTO v_new FROM governance_object_ownership WHERE created_by='F6_OWNERSHIP_SEED_COMMIT'; SELECT count() INTO v_gap FROM v_object_owner_gap; SELECT count(*) INTO v_conf FROM v_object_owner_conflict; IF v_new <> 30 THEN RAISE EXCEPTION 'EXPECTED 30 anchors, got %. ABORT.', v_new; END IF; IF v_gap <> 0 THEN RAISE EXCEPTION 'EXPECTED gap 0, got %. ABORT.', v_gap; END IF; IF v_conf <> 0 THEN RAISE EXCEPTION 'EXPECTED conflict 0, got %. ABORT.', v_conf; END IF; RAISE NOTICE 'PRE-COMMIT OK: new=30 gap=0 conflict=0 — committing.'; END $$;

COMMIT;

\echo ====================POST_COMMIT_VERIFY==================== SELECT count() AS own_after FROM governance_object_ownership; -- expect 30 SELECT count() AS gap_after FROM v_object_owner_gap; -- expect 0 SELECT count() AS conflict_after FROM v_object_owner_conflict; -- expect 0 SELECT count() AS govemit_after FROM event_outbox WHERE event_domain='governance'; -- expect 0 \echo ====================DONE====================