12 — Mega Prompt Pack (44 paste-ready prompts, Branch L)
12 — Mega Prompt Pack (Branch L) — 44 paste-ready prompts
STANDARD PREAMBLE (paste atop EVERY prompt below)
Host: contabo VPS. DB: Docker container
postgres, databasedirectus, PG 16.13. Read channel: MCP query_pg ascontext_pack_readonly. Apply channel (only if safe+authorized):ssh contabo→docker exec -i postgres psql -U workflow_admin -d directus -v ON_ERROR_STOP=1. Hard Gate 0 first: confirm host/container/db/identity;SELECT * FROM fn_iu_gate_verify_closed()all_safe=true;pg_stat_activity0 idle-in-tx; runfn_phase0_cockpit()baseline (expect meta169/coll168/tbl21/gov9/evt40/cat53/run55/iurel60). Use server-side timeouts; never client-timeout-kill an open tx; prepare rollback before any apply. Forbidden: no self-minted approval; no law enactment by Agent; no CR commit without valid Đ32 cross-sign≥2; no G4 active flip without deps+authority; no 4-Mothers runtime; no real workflows/tasks/forms/reports; no Nuxt/UI; no Directus mutation; no Qdrant/vector write; noallow_no_review_decision=true; novector_sync_enabled=true; no gate left open; no hidden 2nd SoT; no open idle tx; no event delivery; no job execution. Do not ask the user — use safe defaults; if authority absent, produce a packet, do not execute.
Group 1 — Human activation execution (4)
P1.1 — G1 birth execution (human window). [PREAMBLE] You are running inside an authorized human/sovereign window with a minted Đ32 cross-sign≥2 + enacted CR law clause. Verify the Đ32 artifacts exist in cutter_governance (proposer∉signers, signer1≠signer2). Then SET app.allow_meta_update='true'; run fn_pre_birth_check 5/5 for field_registry/input_form_registry/tier_registry; birth all three (tier owner=GOV-COUNCIL); verify +60 in v_registry_counts; post-verify cockpit *_born=true and gate all_safe; reset app.allow_meta_update. If any pre-check fails, ABORT and report. Reversal: soft-retire (Đ30/31).
P1.2 — G2 Đ37-H enactment registration. [PREAMBLE] Given a sovereign-enacted Đ37-H law file revision + approval record, register the human-org role substrate (option a: separate human_org_role+human_role_grant; follow G1 birth procedure). Verify no conflict with Đ37 agency rows. Produce Directus policy mapping (document-only). Do NOT enact the law yourself.
P1.3 — G3 proposal-only builder deployment. [PREAMBLE] Inside cutter_governance as a privileged role authorized by council, deploy fn_review_decision_propose (verdict='proposed' only; CHECK automated_agent⇒not approve/reject) + pending queue view. Prove the approve path is human-only and manifest-bound. Do NOT create any approve-capable agent path.
P1.4 — G4 factory flip execution. [PREAMBLE] Given G1 born + G2 enacted + flip-authority decision, UPDATE governance_registry SET status='active' for GOV-MOW/MOT/MOIT/MOUT one at a time inside one tx; after each, assert can_create partition (no double ownership). Post-verify cockpit factories='active'. Do NOT open any runtime gate. Reversal: set status back to 'draft'.
Group 2 — Phase 0 config-only implementation (4)
P2.1 — Config-only owner-law confirmation. [PREAMBLE] Determine exactly which registry column/law holds the GOV-MO* owner ref for config-only draft records (workflows/tasks/input_form_registry/design_templates). Read schema + governance_registry.capability. Produce the precise INSERT contract per Mother. No inserts.
P2.2 — MOIT first input-form draft commit (post-G1). [PREAMBLE] Only if field_registry/input_form_registry are born. Dry-run in BEGIN..ROLLBACK an input_form_registry draft owned by GOV-MOIT referencing ≥1 field_registry entry; prove no-double-ownership; verify cockpit delta is exactly the intended draft; then COMMIT in a fresh tx; verify in a fresh connection. Reversal ready (soft-retire/delete draft).
P2.3 — Config-only draft batch verifier. [PREAMBLE] For all committed config-only drafts, verify each: exactly one owning Mother, valid CR/IU/KG/event refs, permission placeholder present, status='draft', zero runtime effect. Output a pass/fail table. Read-only.
P2.4 — Config-only rollback rehearsal. [PREAMBLE] In BEGIN..ROLLBACK, rehearse soft-retire of one config-only draft per Mother; prove the trail is preserved and counts revert; document the exact reversal commands. Persist nothing.
Group 3 — MOW/MOT/MOIT/MOUT individual config prototypes (4)
P3.1 — MOW workflow-shell config prototype. [PREAMBLE] Produce (dry-run) a single GOV-MOW-owned workflows draft shell: IU anchor, KG BELONGS_TO mother:GOV-MOW + proposed USES task:*, mother.workflow.* event refs (active=false), permission placeholder. No real workflow logic, no execution. BEGIN..ROLLBACK only unless G1/G4 satisfied.
P3.2 — MOT task-shell config prototype. [PREAMBLE] GOV-MOT-owned tasks draft referencing field/form (post-G1), IU anchor, KG BELONGS_TO mother:GOV-MOT / USED_BY workflow. No execution. Dry-run.
P3.3 — MOIT input-template config prototype. [PREAMBLE] GOV-MOIT-owned input_form_registry draft with field_registry refs (post-G1), KG CONTAINS field. No render. Dry-run.
P3.4 — MOUT output-template config prototype. [PREAMBLE] GOV-MOUT-owned design_templates draft with tier_registry refs (post-G1), KG BELONGS_TO mother:GOV-MOUT. No Nuxt render. Dry-run.
Group 4 — IU Pilot Day 1 / Week 1 operations (4)
P4.1 — IU Pilot Day 1 read-only run. [PREAMBLE] Run the doc-07 checklist: axis_b (expect iu_count=16 consistent), axis_c (node_count=8, 0 orphan/cycle), sql_link_resolve_all (3/3 view_eq_direct), kg_edge_audit (2259, 60/60 enriched), routes (15 dry_run), DLQ (0/0), gates closed. Archive output as the Day-1 evidence. No mutation.
P4.2 — IU Pilot Week 1 daily health cadence. [PREAMBLE] Run P4.1 daily for 5 days; diff each day vs baseline; flag any drift in counts, gate state, DLQ, or idle-in-tx. Produce a weekly health summary. Read-only.
P4.3 — IU Pilot stop-condition watchdog. [PREAMBLE] Define + check stop conditions: any gate is_safe=false, never_flip flipped, DLQ>0 unexplained, idle-in-tx>0, cockpit count drift without authorized cause. If any trip, STOP and produce an incident note. Read-only.
P4.4 — IU Pilot evidence-row pack (optional, owner-clear only). [PREAMBLE] Only if a pilot_evidence/control table with a clear owner + reversal exists: BEGIN..ROLLBACK-prove a single evidence draft row, then optionally COMMIT one row, verify fresh-connection. Otherwise document-only.
Group 5 — Governance Cockpit data build (3)
P5.1 — Commit cockpit read-only views. [PREAMBLE] As privileged session: BEGIN; create v_phase0_dlq_health + v_phase0_pilot_board (doc 08 §2–3, SECURITY-INVOKER, STABLE-backed); prove resolve + gate all_safe; ROLLBACK dry-run then clean COMMIT; verify fresh connection. Reversal: DROP VIEW. Optionally catalog as dot_* read entries.
P5.2 — review_decision pending view (privileged). [PREAMBLE] Inside a role that can see cutter_governance, author v_review_decision_pending exposing only proposed/pending ids+counts (no payload), SECURITY-INVOKER. Verify it never elevates the reader. Reversal: DROP.
P5.3 — Cockpit completeness audit. [PREAMBLE] Compare fn_phase0_cockpit output vs the full gate/G-state/factory/CR/RD/DLQ/pilot/KG/blocker surface; list any field not yet exposed read-only; propose minimal additions. Read-only.
Group 6 — KG / DOT relation enrichment (4)
P6.1 — KG edge audit + quarantine check. [PREAMBLE] Run fn_iu_kg_edge_audit; confirm 2259 edges, iu_relation 60/60 provenance+assertion, universal_edges deliberately unbackfilled; flag any Đ39 provenance-or-quarantine violation. Read-only.
P6.2 — KG vocab expansion design (6→8). [PREAMBLE] Design (atom-law, no apply) the iu_relation vocab expansion from 6-value CHECK to 8 (IDENTITY/BELONGS_TO/CONTAINS/DEPENDS_ON/USED_BY/TRANSITIVE/PEERS/SIMILAR): exact DROP+ADD CHECK, migration safety, rollback. No CHECK change executed.
P6.3 — IU relation provenance completeness. [PREAMBLE] Verify all 60 iu_relation rows have provenance+confidence+assertion_mode; identify the 0 evidence_filled as deliberate; propose (no apply) an evidence backfill plan if/when authorized. Read-only.
P6.4 — DOT command catalog ↔ KG cross-ref audit. [PREAMBLE] Cross-check dot_iu_command_catalog (53) read/mutating flags vs KG edges + run log (55); confirm no mutating command ran unexpectedly; produce a coherence report. Read-only.
Group 7 — Runtime readiness review (4)
P7.1 — MOW/MOT runtime gate-open protocol design. [PREAMBLE] Design (no apply) the bounded governed gate-open protocol for composer_enabled + operator_runtime_enabled: approval, ttl≤3600, watchdog force-close, fail-closed on null approval. No gate opened.
P7.2 — Đ45 job-substrate readiness design. [PREAMBLE] Decompose what queue.job_substrate.enabled requires: work_state_machine substrate, executor_class/retry_policy/idempotency_key/dlq_replay_request. Design config-only prototype. No gate opened, no worker run.
P7.3 — Runtime blocker graph refresh. [PREAMBLE] Re-derive the runtime blocker graph (doc 10) against current live state; mark which blockers cleared since 2026-05-29; update owner-law/missing-artifact/next-macro per surface. Read-only.
P7.4 — Delivery route readiness audit. [PREAMBLE] Audit iu_outbound_route (15, all dry_run) + iu_sql_event_route; confirm delivery_enabled gate closed; design (no apply) the route-enable protocol with allowlist. No route enabled.
Group 8 — Directus / Nuxt document-only readiness (3)
P8.1 — Directus policy mapping (post-G2, document-only). [PREAMBLE] Map Đ37-H roles (staff/dept_lead/super_admin/agent) → Directus policies + collection scopes. Document-only; no Directus mutation, no UI.
P8.2 — Nuxt Mother-UI readiness brief (document-only). [PREAMBLE] Brief the Nuxt SSR exposure path for Mother config (post-G2 + runtime + design_templates); enumerate blockers; reaffirm UI NO-GO in Phase 0. Document-only.
P8.3 — Directus collection-registry coherence. [PREAMBLE] Verify collection_registry (168) vs Directus-visible collections; flag drift; no mutation. Read-only.
Group 9 — Event / Queue worker readiness (4)
P9.1 — Mother event-type activation design (Đ45). [PREAMBLE] For the 9 mother.* event types (active=false), design the lawful activation step (Đ45); confirm it is separate from G4; no activation executed. Read-only + design.
P9.2 — Emit-gate readiness. [PREAMBLE] Decompose piece_event_runtime.emit_enabled prerequisites; design bounded emit protocol; verify gate closed. No emit.
P9.3 — DLQ replay readiness. [PREAMBLE] Verify queue.dlq.replay_enabled closed; route_dlq_open=0, job_dlq=0; design fn_iu_route_dead_letter_replay invocation protocol (dry_run). No replay executed.
P9.4 — Worker silent-gap monitor design. [PREAMBLE] Design the worker silent-gap / red-zone monitor per Đ45 §15.5 (system/queue_worker_silent); no worker run. Read-only + design.
Group 10 — P-pub staged promotion (3)
P10.1 — P-pub authority coverage audit. [PREAMBLE] Re-measure IU lacking publication authority_ref (prior 133/219); confirm fn_iu_create still lacks authority_ref param + enforcement_mode key absent; produce staged plan (warn→block_new→backfill-via-supersede→block_all). No apply.
P10.2 — P-pub block_new safe-enable rehearsal. [PREAMBLE] Rehearse (BEGIN..ROLLBACK) the warn→block_new transition for P-pub; prove it blocks unauthorized new pubs without breaking existing; persist nothing. No block_all (needs council+sovereign).
P10.3 — P-pub backfill plan. [PREAMBLE] Design the supersede-based authority backfill for the 133 unauthorized IU; no mutation. Read-only + design.
Group 11 — Production review_decision operations (3)
P11.1 — Production review_decision proposal flow test. [PREAMBLE] Once G3 builder deployed: as agent, propose (verdict='proposed') a decision bound to a real manifest; verify the CHECK blocks any approve verdict from automated_agent. No approve.
P11.2 — Approval queue operator runbook. [PREAMBLE] Produce the human-operator runbook for the pending-decision queue: cross-sign≥2 (proposer∉signers), manifest binding, audit evidence, reject reasons. Document-only.
P11.3 — Đ32 minting verifier. [PREAMBLE] For any minted production Đ32, verify cross_signed=true, ≥2 distinct signers, manifest_ref→real manifest_envelope, no self-sign. Read-only.
Group 12 — No-double-ownership / factory verifier (4)
P12.1 — Factory can_create partition proof. [PREAMBLE] Assert the union of GOV-MOW/MOT/MOIT/MOUT capability.can_create is a partition (no output target in two mothers) and each must_not_own is consistent. Output proof table. Read-only.
P12.2 — Owned-collection orphan scan. [PREAMBLE] For every owned collection (workflows/tasks/input_form_registry/field_registry/design_templates/tier_registry), assert exactly one owning governance row; flag orphans (tier_registry until GOV-COUNCIL assigned) + double-owners. Read-only.
P12.3 — Post-G1 ownership re-verification. [PREAMBLE] After G1 birth, re-run P12.1+P12.2 including the 3 new registries; confirm MOIT owns field/input_form, GOV-COUNCIL owns tier, no double ownership. Read-only.
P12.4 — Continuous no-double-ownership cockpit check. [PREAMBLE] Add a read-only check (view or cockpit field) that fails loud if any output target gains a second owner; rehearse in BEGIN..ROLLBACK; reversal=DROP. Optional commit by privileged session.
Total: 44 prompts. Each is self-contained (preamble + task), avoids user questions, forbids fake work, and either executes only-if-authorized or produces a packet/read-only result.