Incomex AI Portal
KB-540C

One-Roof Release Mgmt Finalization — 07 Post-Gate Execution Prompt (hard-stops if ospa<1) (2026-06-03)

3 min read Revision 1
one-roof-governancerelease-managementpost-gate-promptexecute-on-ratificationhard-gate2026-06-03

07 — Post-Gate Execution Prompt

Date: 2026-06-03. Objective E. Exact Agent prompt to run after human ratification sets os_proposal_approvals ≥ 1. Hard-stops if the gate is still closed. Paste verbatim into a fresh Agent session.

MISSION: ONE_ROOF_PRODUCTION_ROLLOUT_EXECUTE_ON_RATIFICATION

Context:
- Canonical, hash-verified, clone-rehearsed production rollout is ready.
- Package: knowledge/dev/reports/architecture/one-roof-production-release-engineering-ultra-macro-2026-06-03/
- Executor: sql/prod/99_run_all.sql (Tiers 0-6 + verify, self-guarding, ON_ERROR_STOP).
- Rollback: sql/prod_rollback/99_rollback_full.sql
- Only blocker was os_proposal_approvals >= 1 (human L2/L4 ratification).
- Prod write/exec: ssh contabo -> docker exec -i postgres psql -U workflow_admin -d directus
- Prod read: query_pg(database=directus).

HARD STOP (check FIRST):
1. Run gate monitor (read-only): sql/gate_monitor/gate_check.sql against directus.
2. If gate_status <> 'READY' -> STOP. Do NOT mutate production. Report "Gate still closed (<blockers>). No action taken." END.
3. Confirm the ratified APR code that produced ospa>=1 (becomes approval_ref provenance). If unknown -> STOP. Do not invent one.

EXECUTE (only if READY and APR known):
4. cd .../sql/prod
5. ssh contabo "docker exec -i postgres psql -U workflow_admin -d directus -v ON_ERROR_STOP=1 -v ratified_apr=<REAL_CODE> -f -" < 99_run_all.sql 2>&1 | tee rollout_<UTC>.log

VERIFY:
6. Log ends with "TIER 8 VERIFY PASS" and "ROLLOUT COMPLETE — ALL TIERS PASSED".
7. Re-read via query_pg: resp gap=0, conflict=0, containment_gap=0, active_axes=3, divergent=0, projection_gap=0, label_orphans=0, critical_drift=0, emittable_events=0, gov_outbox=0, kg-domain-x=active, governance_object_ownership=30. (open_drift small non-zero is fine; critical_drift must be 0.)

ROLLBACK IF FAIL:
8. ssh contabo "... -f -" < sql/final_rollback_copy/99_rollback_full.sql ; confirm "FULL ROLLBACK OK: ownership=0 gap=210 axis=absent". Re-baseline. Report failure.

PUBLISH:
9. Write rollout report to KB (before/after invariants, APR code, log path, PASS/FAIL, rollback?). Update memory index.

FORBIDDEN: don't proceed if gate <> READY; don't fabricate APR; don't activate governance event types; no DOT/UI/Directus/Qdrant/Nuxt/approval/e-sign/law/version; don't run clone-variant SQL vs directus; no external dispatch.

COMPLETION: PASS=all tiers committed + verified + report published. ABORT=gate closed/APR unknown -> no mutation. FAIL=tier failed -> rollback executed, baseline restored, reported.

Why safe to leave standing

  • Double gate: the prompt's step-2 hard-stop AND 00_preflight.sql both require ospa≥1 + clean baseline.
  • No fabricated authority: step 3 refuses without a real ratified APR code.
  • Reversible: step 8 returns to exact baseline; proven idempotent on the fresh clone (doc 03).
  • Bounded: ~1-minute single job, no daemon, no external effect.

Verdict: Objective E PASS.

Back to Knowledge Hub knowledge/dev/reports/architecture/one-roof-release-management-finalization-gate-monitoring-2026-06-03/07-post-gate-execution-prompt.md