02 — G1 Candidate Registry Final Human Activation Packet (Branch B, executable)

Authority status: NOT_FOUND (doc 01) → agent does NOT execute. This is the one-shot human/sovereign packet. It consolidates the closure-campaign doc06 + human-activation doc01 against the live baseline verified this session. No further technical discovery is required.

0. Channel & Hard Gate 0 (operator must re-confirm)

• Apply channel: ssh contabo → docker exec -i postgres psql -U workflow_admin -d directus -v ON_ERROR_STOP=1.
• Pre-confirm: SELECT * FROM fn_iu_gate_verify_closed(); → all_safe=true. pg_stat_activity → 0 idle-in-transaction.
• Snapshot baseline counts (expect meta169/coll168/tbl21/gov9/evt40/cat53/run55/iurel60).
• Use server-side statement_timeout/idle_in_transaction_session_timeout. Never client-timeout-kill an open transaction (prior incident: 8 orphaned backends).

1. What ONLY a human/sovereign can do (B-5)

1. Enact the law clause authorizing the Candidate Registry family (field_registry, input_form_registry, tier_registry) under Đ0-G / Đ36 / Đ37. Agent must NOT enact.
2. Mint the Đ32 review_decision(s) in cutter_governance certifying the 3 births, cross-signed ≥2 (proposer ∉ signers; signer1 ≠ signer2; signers ∈ human/council/sovereign), each bound to its birth manifest.
3. Accept the +60 birth cascade (characterized below) and the tier owner = GOV-COUNCIL decision.
4. Approve the registry codes (recommended: FREG-901 / IFREG-901 / TREG-901; meta codes FIELD-001 / FORM-001 / TIER-001; categories CAT-1011 / CAT-1012 / CAT-1013).

2. Preflight (run inside the human window, before COMMIT)

-- guards bypass for managed-meta birth (REQUIRED, set per-session, never left on)
SET app.allow_meta_update = 'true';
-- pre-birth contract MUST pass 5/5 for each registry
SELECT * FROM fn_pre_birth_check('field_registry', 'FIELD-001', 'managed');
SELECT * FROM fn_pre_birth_check('input_form_registry', 'FORM-001', 'managed');
SELECT * FROM fn_pre_birth_check('tier_registry', 'TIER-001', 'managed');

Checks (proven this campaign series): C1 identity_class='managed'; C2 code matches PREFIX-NNN; C3 regex/format; FK validity = birth_registry(id) / design_templates(code) / entity_species(code). collection_registry.code is NOT unique and governance_role is a MODE enum {observed,excluded,governed,locked,law_artifact} — do not use it as the owner key; ownership = governance_registry.capability.can_create.

3. Birth commit (executed by human session, inside one BEGIN…COMMIT)

BEGIN;
SET LOCAL app.allow_meta_update = 'true';
-- 1) field_registry  (owner: GOV-MOIT.capability.can_create ∋ field_registry — already true)
-- 2) input_form_registry (owner: GOV-MOIT.capability.can_create ∋ input_form_registry — already true)
-- 3) tier_registry  (owner: GOV-COUNCIL — Đ37 decision; tier_registry is the ONLY orphan, MOIT must NOT own it)
--    use the production birth procedure fn_birth_registry_auto / birth-contract insert path
--    (idempotent: re-running does not double-count via fn_birth_registry_auto)
-- verify pre-commit:
SELECT * FROM v_registry_counts;     -- expect +60 vs baseline after all 3 births
COMMIT;

Tier ownership decision (B-4): GOV-MOIT already owns field_registry + input_form_registry via capability.can_create. tier_registry is the only orphan; recommended owner = GOV-COUNCIL (Đ37), since no Mother's charter includes tiers and double-ownership is forbidden (Đ7).

4. +60 cascade characterization (B accepts this, P-1 decomposed)

Each registry birth fans out to 20 rows = meta_catalog 1 + entity_species 1 + species_map 1 + collection_registry 1 + measurement 1 + entity_labels 14 + system_issues 1. Three registries ⇒ +60. The earlier "+52" undercount missed the entity_labels bulk (14/registry). fn_birth_registry_auto is idempotent (dup triggers no double-count); v_registry_counts has no birth trigger.

5. Post-verify (fresh connection)

SELECT to_regclass('public.field_registry'), to_regclass('public.input_form_registry'), to_regclass('public.tier_registry'); -- all non-null
SELECT * FROM fn_phase0_cockpit();  -- candidate_registry.*_born = true; managed_meta +3
SELECT * FROM fn_iu_gate_verify_closed(); -- all_safe still true

No-orphan / no-phantom / no-nhầm-chuồng: confirm each registry has exactly one owning capability, no row references a missing parent, and tier_registry is owned by GOV-COUNCIL only.

6. Reversal

• PREFERRED — soft-retire (Đ30/31): mark the three registries retired via the lawful lifecycle (no DELETE); leaves the birth trail intact. This is the recommended reversal.
• Hard rollback (last resort): requires SET app.allow_meta_update='true' to bypass trg_guard_meta_catalog_delete/_update; fn_auto_cleanup_on_meta_delete cascades. Hard delete of circular version-anchor FKs needs SET CONSTRAINTS ALL DEFERRED.

7. Incident handling

• If a backend hangs mid-BEGIN: do NOT client-kill. Use server idle_in_transaction_session_timeout (set before opening) or pg_terminate_backend(pid) from a separate admin session, then verify clean with pg_stat_activity.
• If fn_pre_birth_check fails any of 5: ABORT, do not COMMIT, capture the failing check.

8. Operator checklist

• Law clause enacted (human/sovereign) · [ ] Đ32 ×N cross-signed ≥2 · [ ] Codes approved · [ ] Tier owner = GOV-COUNCIL confirmed · [ ] Preflight 5/5 ×3 · [ ] Birth committed · [ ] +60 verified · [ ] Cockpit *_born=true · [ ] Gate all_safe · [ ] app.allow_meta_update reset to default.