-- F-6 LARGE OWNERSHIP-SEED ROLLBACK-ONLY REHEARSAL (full-scale, multi-group x multi-scope) -- One BEGIN..ROLLBACK transaction. NO COMMIT. NO PERSISTENT MUTATION. -- Channel: ssh contabo -> docker exec -i postgres psql -U workflow_admin -d directus -f - (stdin) -- Goal: prove MAXIMUM achievable gap reduction 210 -> 0 via 30 group-level accountable anchors -- (5 groups x 6 scopes), with incremental savepoint math, a direct-override precedence -- proof, a scaled conflict test, and 6 fail-closed negatives. ROLLBACK with entry==exit. -- Group child distribution (live): GRP-AI=1 GRP-BUSINESS=2 GRP-GOVERNANCE=16 GRP-REGISTRY=14 GRP-WORKFLOW=2 = 35. -- Incremental: GOVERNANCE 16x6=96 (gap 114) -> +REGISTRY 14x6=84 (gap 30) -> +AI/BUS/WF 5x6=30 (gap 0). -- EXECUTED 2026-06-02: PASS. gap 210->114->30->0; override agents/audit direct GOV-SIV depth0; -- conflict UNIQUE-violation; N1-N6 all rejected; own_in_txn=31; entry==exit on both channels.

\set ON_ERROR_STOP off \pset pager off \timing off

\echo ====================ENTRY_BASELINE==================== SELECT count() AS own_entry FROM governance_object_ownership; SELECT count() AS gap_entry FROM v_object_owner_gap; SELECT count() AS eo_entry FROM v_object_effective_owner; SELECT count() AS conflict_entry FROM v_object_owner_conflict; SELECT count() AS sysissues_entry FROM system_issues; SELECT count() AS govemit_entry FROM event_outbox WHERE event_domain='governance';

BEGIN;

-- STAGE 1: anchor GRP-GOVERNANCE across all 6 active scopes (16 children) \echo ====================STAGE1_SEED_GRP_GOVERNANCE_ALL_SCOPES==================== SAVEPOINT s1; INSERT INTO governance_object_ownership (object_type,object_ref,scope,owner_kind,owner_gov_code,is_inherited_anchor,lifecycle_status,created_by,source_design_ref) SELECT 'group','GRP-GOVERNANCE',s.scope_code,'accountable','GOV-COUNCIL',true,'active','F6_ROLLBACK_ONLY_REHEARSAL','F6-anchor-governance' FROM governance_responsibility_scope s WHERE s.status='active'; SELECT count() AS gap_stage1 FROM v_object_owner_gap; -- expect 114 SELECT (210 - count()) AS covered_stage1 FROM v_object_owner_gap; -- expect 96

-- STAGE 2: + anchor GRP-REGISTRY across all 6 scopes (14 children) \echo ====================STAGE2_SEED_GRP_REGISTRY_ALL_SCOPES==================== INSERT INTO governance_object_ownership (object_type,object_ref,scope,owner_kind,owner_gov_code,is_inherited_anchor,lifecycle_status,created_by,source_design_ref) SELECT 'group','GRP-REGISTRY',s.scope_code,'accountable','GOV-KG-SYS',true,'active','F6_ROLLBACK_ONLY_REHEARSAL','F6-anchor-registry' FROM governance_responsibility_scope s WHERE s.status='active'; SELECT count() AS gap_stage2 FROM v_object_owner_gap; -- expect 30 SELECT (210 - count()) AS covered_stage2 FROM v_object_owner_gap; -- expect 180

-- STAGE 3: + anchor GRP-AI, GRP-BUSINESS, GRP-WORKFLOW across all 6 scopes (5 children) \echo ====================STAGE3_SEED_REMAINING_GROUPS_ALL_SCOPES==================== INSERT INTO governance_object_ownership (object_type,object_ref,scope,owner_kind,owner_gov_code,is_inherited_anchor,lifecycle_status,created_by,source_design_ref) SELECT 'group',g.code,s.scope_code,'accountable',g.owner,true,'active','F6_ROLLBACK_ONLY_REHEARSAL','F6-anchor-remaining' FROM (VALUES ('GRP-AI','GOV-DOT'),('GRP-BUSINESS','GOV-MOIT'),('GRP-WORKFLOW','GOV-DOT')) g(code,owner) CROSS JOIN governance_responsibility_scope s WHERE s.status='active'; SELECT count() AS gap_stage3 FROM v_object_owner_gap; -- expect 0 FULL COVERAGE SELECT (210 - count()) AS covered_stage3 FROM v_object_owner_gap; -- expect 210 SELECT count() AS anchor_rows FROM governance_object_ownership; -- expect 30 SELECT count() AS eo_inventory_accountable FROM v_object_effective_owner eo JOIN v_governance_object_inventory inv ON inv.object_type=eo.object_type AND inv.object_ref=eo.object_ref WHERE eo.owner_kind='accountable'; -- expect 210 SELECT eo.resolution, count(*) FROM v_object_effective_owner eo JOIN v_governance_object_inventory inv ON inv.object_type=eo.object_type AND inv.object_ref=eo.object_ref WHERE eo.owner_kind='accountable' GROUP BY eo.resolution ORDER BY eo.resolution; -- expect inherited 210

-- STAGE 4: direct-override precedence proof (depth 0 beats inherited depth 1) \echo ====================STAGE4_DIRECT_OVERRIDE_PRECEDENCE==================== SELECT inv.object_ref AS target, ct.parent_ref AS its_group FROM v_governance_object_inventory inv JOIN v_governance_object_containment ct ON ct.object_type=inv.object_type AND ct.object_ref=inv.object_ref ORDER BY inv.object_ref LIMIT 1; SELECT eo.object_ref,eo.scope,eo.owner_gov_code,eo.resolution,eo.depth,eo.source_anchor_ref FROM v_object_effective_owner eo WHERE eo.scope='audit' AND eo.object_ref=(SELECT object_ref FROM v_governance_object_inventory ORDER BY object_ref LIMIT 1); INSERT INTO governance_object_ownership (object_type,object_ref,scope,owner_kind,owner_gov_code,is_inherited_anchor,lifecycle_status,created_by,source_design_ref) SELECT 'collection',object_ref,'audit','accountable','GOV-SIV',false,'active','F6_ROLLBACK_ONLY_REHEARSAL','F6-direct-override' FROM v_governance_object_inventory ORDER BY object_ref LIMIT 1; SELECT eo.object_ref,eo.scope,eo.owner_gov_code,eo.resolution,eo.depth,eo.source_anchor_ref FROM v_object_effective_owner eo WHERE eo.scope='audit' AND eo.object_ref=(SELECT object_ref FROM v_governance_object_inventory ORDER BY object_ref LIMIT 1); SELECT eo.object_ref,eo.scope,eo.owner_gov_code,eo.resolution,eo.depth FROM v_object_effective_owner eo WHERE eo.scope='audit' AND eo.object_ref=(SELECT object_ref FROM v_governance_object_inventory ORDER BY object_ref OFFSET 1 LIMIT 1); SELECT count(*) AS gap_after_override FROM v_object_owner_gap; -- expect 0

-- STAGE 5: scaled conflict test -- duplicate accountable anchor must be rejected \echo ====================STAGE5_CONFLICT_dup_accountable_anchor_expect_UNIQUE_VIOLATION==================== SAVEPOINT c0; INSERT INTO governance_object_ownership (object_type,object_ref,scope,owner_kind,owner_gov_code,is_inherited_anchor,lifecycle_status,created_by) VALUES ('group','GRP-GOVERNANCE','policy','accountable','GOV-MOW',true,'active','F6'); ROLLBACK TO c0; SELECT count(*) AS conflict_in_txn FROM v_object_owner_conflict; -- expect 0

-- STAGE 6: 6 fail-closed negatives (each in its own savepoint) SAVEPOINT n1; -- FK owner INSERT INTO governance_object_ownership (object_type,object_ref,scope,owner_kind,owner_gov_code,lifecycle_status,created_by) VALUES ('collection','modules','audit','accountable','GOV-NOPE','active','F6'); ROLLBACK TO n1; SAVEPOINT n2; -- FK scope INSERT INTO governance_object_ownership (object_type,object_ref,scope,owner_kind,owner_gov_code,lifecycle_status,created_by) VALUES ('collection','modules','not_a_scope','accountable','GOV-MOT','active','F6'); ROLLBACK TO n2; SAVEPOINT n3; -- CHECK owner_kind INSERT INTO governance_object_ownership (object_type,object_ref,scope,owner_kind,owner_gov_code,lifecycle_status,created_by) VALUES ('collection','modules','audit','overlord','GOV-MOT','active','F6'); ROLLBACK TO n3; SAVEPOINT n4; -- CHECK chk_delegated_ttl INSERT INTO governance_object_ownership (object_type,object_ref,scope,owner_kind,owner_gov_code,effective_to,lifecycle_status,created_by) VALUES ('collection','modules','audit','delegated','GOV-MOT',NULL,'active','F6'); ROLLBACK TO n4; SAVEPOINT n5; -- CHECK lifecycle INSERT INTO governance_object_ownership (object_type,object_ref,scope,owner_kind,owner_gov_code,lifecycle_status,created_by) VALUES ('collection','modules','audit','accountable','GOV-MOT','pending','F6'); ROLLBACK TO n5; SAVEPOINT n6; -- NOT NULL owner INSERT INTO governance_object_ownership (object_type,object_ref,scope,owner_kind,owner_gov_code,lifecycle_status,created_by) VALUES ('collection','modules','audit','accountable',NULL,'active','F6'); ROLLBACK TO n6;

-- STAGE 7: in-transaction side-effect guard (must be unchanged from entry) SELECT count() AS govemit_in_txn FROM event_outbox WHERE event_domain='governance'; -- expect 0 SELECT count() AS sysissues_in_txn FROM system_issues; -- expect == entry SELECT count() AS own_in_txn FROM governance_object_ownership; -- expect 31 SELECT count() AS gap_final FROM v_object_owner_gap; -- expect 0

\echo ====================ROLLBACK==================== ROLLBACK;

\echo ====================EXIT_BASELINE==================== SELECT count() AS own_exit FROM governance_object_ownership; SELECT count() AS gap_exit FROM v_object_owner_gap; SELECT count() AS eo_exit FROM v_object_effective_owner; SELECT count() AS conflict_exit FROM v_object_owner_conflict; SELECT count() AS govemit_exit FROM event_outbox WHERE event_domain='governance'; SELECT count() AS sysissues_exit FROM system_issues; \echo ====================DONE====================