08 — Safety & Rollback Package (Workstream G)

Objects created this macro (the full blast radius)

object	type	rollback
process_run_observation	table (16 cols, 6 idx)	DROP TABLE
process_component_observation	table (19 cols, 6 idx, FK→run)	DROP TABLE
v_process_discovery_runtime_observed	view	DROP VIEW
v_process_discovery_candidate_status_v3	view	DROP VIEW
v_process_discovery_verified_candidates_v3	view	DROP VIEW
v_process_discovery_birth_readiness_v3	view	DROP VIEW
1 run + 2 component rows	data (source_system='dry_run_harness')	DELETE by source_system

Consolidated rollback (contabo:/tmp/PD_RUNTIME_OBS_FULL_ROLLBACK.sql, also copied into container)

Order: v3 views → simulated rows → (optional) substrate tables.

DROP VIEW IF EXISTS v_process_discovery_birth_readiness_v3;
DROP VIEW IF EXISTS v_process_discovery_verified_candidates_v3;
DROP VIEW IF EXISTS v_process_discovery_candidate_status_v3;
DROP VIEW IF EXISTS v_process_discovery_runtime_observed;
DELETE FROM process_component_observation WHERE source_system='dry_run_harness';
DELETE FROM process_run_observation        WHERE source_system='dry_run_harness';
-- DROP TABLE IF EXISTS process_component_observation;   -- only if abandoning ledger
-- DROP TABLE IF EXISTS process_run_observation;

Table DROPs are commented because the substrate is intended to persist; uncomment only to fully reverse.

Rollback rehearsal (BEGIN..ROLLBACK, proven)

• BEFORE: runs 1 / comps 2 / v3 views 3 (+runtime_observed).
• INSIDE TXN after rollback statements: runs 0 / comps 0 / v3 views 0 (all cleared).
• AFTER ROLLBACK: runs 1 / comps 2 / v3 views restored / births 1,158,162. Live state intact; rollback proven reversible.

Idempotency cleanup

All test rows carry idempotency_key (SIM:dot:kg:explain:*) and source_system='dry_run_harness'. Re-running inserts is a no-op; cleanup is a single keyed DELETE. No orphan risk (FK run→component covered by deleting components first).

DDL-guard safety

evt_trigger_guard_ddl / evt_trigger_guard_drop act only on object_type='trigger'. Empirically trigger_guard_alerts stayed at 129 across all CREATE/DROP. Table/view/index DDL is side-effect-free.

Post-rollback verify query

SELECT count(*) FROM process_run_observation; SELECT count(*) FROM pg_views WHERE viewname LIKE 'v_process_discovery%v3'; → expect 0/0 after a real rollback.

Document-provenance warning

This macro's KB uploads (12 docs + checkpoint) create document-provenance births in birth_registry (the KB ingest pipeline, not the PG work). All PG steps were birth-free (1,158,162 unchanged). The PG-side births figure quoted throughout is the pre-upload PG baseline; KB-driven births are disclosed and are not process/canon births.