00 — Read Me First

Macro: PRE_BIRTH_PILOT_DOT_TOOLS_PERMIT_AND_COMPOSITE_UNIQUE_ROLLBACK_REHEARSAL Date: 2026-06-03 Final status: PASS (rollback-only rehearsal completed; 0 live mutation; entry hash == exit hash) Execution mode: EXECUTION_MODE (ssh contabo root → docker exec postgres → psql -U workflow_admin -d directus; superuser, read-write capable; transaction_read_only=off) Live mutation: NONE. Every rehearsal ran inside BEGIN … ROLLBACK on temp objects (or CREATE OR REPLACE … ROLLBACK for the one real-function patch test). No DDL/DML was committed.

What this macro is

A rollback-only engineering rehearsal. Its only purpose is to prove — against the live production database, not against old reports — whether the recommended pre-birth admission model can be implemented safely for the dot_tools pilot, and to produce a precise, owner-approval apply packet for a future macro. It applies nothing.

The target rule being de-risked is:

"No valid birth/admission permit → no dot_tools row insert."

What it proved (one line each)

1. Permit table (birth_admission_permit) — additive, reversible model PROVEN. All 7 status values, CHECK enforcement, idempotency uniqueness, single-active-permit partial-unique, expiry visibility, consumed-reuse semantics tested and passing.
2. Composite unique (entity_code, collection_name) — COMPOSITE_READY. Already unique across all 1,126,728 live rows (0 violations, 0 null collections, 0 FK dependents). The 5-pivot collision is reproduced under the single-column constraint and resolved under composite.
3. fn_birth_registry_auto conflict-target patch — PROVEN. CREATE OR REPLACE keeps OID 39232 stable; all 166 dependent triggers stay bound; in-txn patch verified; post-rollback md5 == entry md5.
4. dot_tools permit-consuming BEFORE gate — PROVEN on an exact temp clone of dot_tools. No-permit → blocked; expired permit → blocked; valid permit → success + permit CONSUMED.
5. DEFERRABLE finalize-at-commit — PROVEN using the live trg_iu_birth_gate_layer2 constraint-trigger pattern. Commit-boundary finalize sets CONSUMED→FINALIZED and links the birth id; a row that vanishes before the boundary fails finalize.

What it did NOT do (forbidden / out of scope)

• Did not commit any DDL or DML; did not touch birth_registry, dot_tools, or any function live.
• Did not add the composite unique live; did not flip fn_birth_gate to blocking; did not create the permit table live.
• Did not register a production DOT; did not execute dot-pivot-update; did not continue RP cleanup (still NO-GO).
• Did not fake OSPA (still 0). Did not claim birth-first is achieved — this is rehearsal only.

Reading order

• 01 — live verification + entry state (the ground truth all rehearsals run against)
• 02–06 — the five rehearsals (permit table, composite unique, conflict-target patch, pilot gate, finalize)
• 07–09 — design specs (sequential DOT entrypoint, governance handoff, drift/bypass monitor)
• 10 — apply packet + owner-approval checklist
• 11 — entry/exit hash proof
• 12 — next macro / approval handoff
• 13 — final summary
• 14 — GPT/MCP-readable checkpoint (mirror of the short checkpoint)

Operative truth for the next macro

The model is technically ready to apply for the dot_tools pilot. Nothing blocks the engineering except governance/authority gates: owner DDL approval, registrar credentials (dot-dot-register), and human OSPA ≥ 1 for governed activation (not for birth itself). RP cleanup stays NO-GO until the four BLOCK dims (59 / 6 / 16 / 1) reach 0.