Incomex AI Portal
KB-2391

One-Roof Release Mgmt Finalization — 05 Operator Runbook (Technical) (2026-06-03)

4 min read Revision 1
one-roof-governancerelease-managementrunbooktechnicalexecutorrollback2026-06-03

05 — Operator Runbook (Technical)

Date: 2026-06-03. Audience: engineer with shell access to contabo. Canonical: …/one-roof-production-release-engineering-ultra-macro-2026-06-03/sql/. Verified copies in this package: sql/final_*_copy/.

Channels

  • Prod write/exec (gated): ssh contabo → docker exec -i postgres psql -U workflow_admin -d directus
  • Prod read: same, or query_pg(database=directus). The rollout writes to production directus (no separate prod DB); the gate is the only thing between executor and production truth.

1. PRE-CHECK — gate open?

ssh contabo "docker exec postgres psql -U workflow_admin -d directus -P pager=off -f -" < sql/gate_monitor/gate_check.sql

Run only if verdict gate_status = READY (ospa≥1, gap=210, ownership=0, conflict=0, gov_emit=0, axis absent, prereq views present, db=directus). Today: BLOCKED — ospa<1 → STOP.

2. EXECUTE — only when READY

cd <pkg>/one-roof-production-release-engineering-ultra-macro-2026-06-03/sql/prod
ssh contabo "docker exec -i postgres psql -U workflow_admin -d directus -v ON_ERROR_STOP=1 -v ratified_apr=<REAL_RATIFIED_APR_CODE> -f -" < 99_run_all.sql 2>&1 | tee rollout_$(date +%Y%m%dT%H%M%SZ).log

ratified_apr MUST be the real ratified APR code (written as approval_ref provenance on the 30 ownership rows). Runs Tier 0→1→2→3→4→5→6→8; ON_ERROR_STOP=1 aborts on first failure. If stdin relative \i is inconvenient, run final_executor_copy/{00,10,20,30,40,50,60,90}*.sql in order.

3. PASS looks like

TIER 8 VERIFY PASS + ROLLOUT COMPLETE — ALL TIERS PASSED. Tier-8 table: resp_ownership_gap=0, resp_conflict=0, containment_gap=0, active_axes=3, divergent=0, projection_gap=0, label_orphans=0, critical_drift=0, emittable_events=0, gov_outbox=0, kg_domain_x=active. (open_drift non-zero info/warning is expected; only critical_drift=0 asserted.)

4. FAIL

Any tier RAISE EXCEPTION → run aborts; that tier's txn auto-rolled back (each tier is one BEGIN…COMMIT); already-committed tiers remain. Reconcile, then roll back (§5) and re-baseline. Do not hand-patch. Pre-empted failures (gate-caught, production unchanged): wrong DB, ospa<1, gap≠210, ownership≠0, axis present.

5. ROLLBACK

ssh contabo "docker exec -i postgres psql -U workflow_admin -d directus -v ON_ERROR_STOP=1 -f -" < sql/final_rollback_copy/99_rollback_full.sql

Expected FULL ROLLBACK OK: ownership=0 gap=210 axis=absent. Idempotent (proven on clone, doc 03). Surgical reversal: final_rollback_copy/per_tier_rollback.sql.

6. POST — verify & publish

Run final_verify_copy/baseline_probe.sql + ui_read_contract.sql; publish a rollout report to KB.

7. STOP / abort

Pre-run: don't invoke 99_run_all. No background daemon. Mid-run: ~1 min; Ctrl-C psql; per-tier BEGIN…COMMIT means no partial tier.

8. DO NOT

Run any tier with ospa=0 (gate aborts; don't bypass). Edit the ospa≥1 / db=directus guards. Pre-deploy Tier 1 "shadow" to prod (makes canonical preflight abort — doc 08). Enable governance event_type_registry.active. Run the clone-variant rehearsal SQL against directus.

Back to Knowledge Hub knowledge/dev/reports/architecture/one-roof-release-management-finalization-gate-monitoring-2026-06-03/05-operator-runbook-technical.md