01 — Live Preflight (Hard Gate 0) & Rollback Plan

All values via read-only query_pg unless noted. Write channel probed read-only first.

1.1 Host / DB / channel (confirmed)

• Host vmi3080463 (contabo 38.242.240.89); container postgres PG 16.13; DB directus.
• Write channel confirmed live: ssh contabo → docker exec -i postgres psql -U workflow_admin -d directus → channel-ok | directus | PostgreSQL 16.13.
• Read-only verify channel confirmed: query_pg (context_pack_readonly), AST-validated READ ONLY (mutation impossible on this channel).

1.2 Backup / rollback strategy

• Backups referenced by the accepted build (doc 00/01/10 of the build package) remain valid: schema-only directus-pre-phase1-testmode-20260602T062711Z.schema.sql; full VPS vps-backup-20260601_203701.tar.gz. (On VPS, outside read_file allowlist → not independently confirmable via this channel; the build was additive so per-item DROP is the primary revert.)
• This mission's build is additive only ⇒ primary rollback = per-item sql/*_rollback.sql (doc 05). No destructive change to any existing object except a strictly-additive CREATE OR REPLACE of v_object_effective_owner (whose exact prior definition is captured for restore).

1.3 Accepted objects confirmed PRESENT (must-exist)

governance_build_authorization, governance_ruleset, gov_worker_cursor, governance_candidate_state, governance_responsibility_scope, governance_object_ownership, v_object_effective_owner → all present; apr_action_types=14 (8 governance action-types present). ✔

1.4 Deferred objects confirmed ABSENT (pre-build, must-not-exist-yet)

candidate_scan_run, governance_candidate_object, v_object_owner_gap, v_governance_object_containment, v_governance_object_inventory, v_object_owner_conflict → all NULL/absent. ✔

1.5 Counts (R0 baseline, pre-build)

surface	value
apr_action_types	14
approval_requests	211
apr_approvals	42
os_proposal_approvals	0
dot_tools	309
governance_relations	8
event_outbox (governance domain)	0
event_type_registry governance active=true	0
trigger_guard_alerts	129
governance_candidate_state rows	0
governance_object_ownership rows	0
governance_responsibility_scope rows	6
idle-in-transaction	0

This is exactly the ACCEPTED_BUILD_STATE (phase1-test-mode-build-artifact-and-live-verification-2026-06-02.md §4).

1.6 FK-target types verified (no improvise of types)

• evolution_snapshots.id = integer ⇒ candidate_scan_run.source_snapshot_ref int, governance_candidate_object.source_snapshot_ref int. ✔
• governance_ruleset.ruleset_version = text ⇒ both aux tables' ruleset_version text. ✔
• governance_candidate_state PK (group_key, ruleset_version) (text,text) ⇒ governance_candidate_object composite back-FK. ✔
• governance_registry(code) contains GOV-COUNCIL/GOV-SIV/GOV-DOT/GOV-MOUT (rehearsal seed targets). ✔
• 6 scopes present {approval,audit,execution,health,policy,render}. ✔
• Current v_object_effective_owner definition captured verbatim (pg_get_viewdef) for exact restore.

1.7 No worker/scanner/backfill active

SB-13 gov_worker_cursor=0 rows (no worker). SB-11 governance events active=false (0 emit). No scanner runs (mission forbids). The new aux tables are trigger-less; governance_candidate_state.last_run_id is a soft text ref (no FK) ⇒ adding candidate_scan_run retro-couples nothing.

1.8 Rollback scripts staged (pre-build)

sql/sb10_aux_rollback.sql, sql/sb2_views_rollback.sql written and reviewed before any COMMIT (doc 05 §hashes).

1.9 Preflight verdict

Baseline == ACCEPTED_BUILD_STATE; deferred objects absent; FK targets/types verified; no worker active; rollback staged. Cleared to build under test-mode authorization. No stop condition triggered.