KB-2550

14 — One-Shot Next Macro Chain (M1–M12, self-contained, gated)

5 min read Revision 1

registries-pivotnext-macrochainM1-M12gatedno-ask-backno-self-approval2026-05-31

title: 14 — One-Shot Next Macro Chain (Branch L) date: 2026-05-31 standing_header: "Apply = ssh contabo → docker exec -i postgres psql -U workflow_admin -d directus. BEGIN..ROLLBACK ONLY until the named gate passes. Read = query_pg (context_pack_readonly)/KB/ssh. Always: check live before acting; honour the named gate; rollback ready; no hardcode; pivot-only or PIVOT_MISSING. Forbidden (all): COMMIT before the gate; self-approval; frontend/API count math; production Nuxt change outside the named macro; Directus/Qdrant mutation outside gate; route cutover before parity; notification/event emit before register-before-emit."

14 — One-Shot Next Macro Chain (M1–M12)

Ordering: M1 → M2 → (M3 ∥ M5) → M4 → M8 → M7(council) → M9 → M6 → M10 → M11 → M12(continuous) → … M-acceptance.

M1 — `REGISTRIES_PIVOT_HUMAN_RATIFICATION_SESSION` (opens RG1+RG2)

Run doc 03 with a human/council. Show live state (net_gap ≈ +148, FAILED-but-explainable, 3 drift + 5 unmeasured, coverage 21/160). Capture signed APPROVE/DEFER per the exact wording. Persist outcome to knowledge/dev/laws/.../registries-pivot-rg1-rg2-ratification-outcome-<date>.md. Agent records only; no self-approval.

M2 — `REGISTRIES_PIVOT_VIEW_COMMIT_AFTER_RATIFY` (gate: RG1+RG2 signed)

Off-peak COMMIT of the 6 read-only objects (doc 04). Re-run BEGIN..ROLLBACK first; confirm V1=160, drift-closure, tree 37/37/0; then COMMIT; post-verify; stage 999_rollback. Do not commit pivots/parent_code/threshold/pin.

M3 — `REGISTRIES_PIVOT_MISSING_PIVOT_BUNDLE` (gate: M2; RG3)

Insert PIV-500/301/303/311 (view-backed where DSL can't express; doc 05) in ONE statement, is_active=false, then a single controlled refresh, verify, activate. Evidence: the 5 disagreeing totals collapse to PIV-500. (PIV-302 phantom waits M7; PIV-321 pin waits M6.) Mind the full-refresh trigger (off-peak).

M4 — `REGISTRIES_PIVOT_DRILLDOWN_WIRING` (gate: M2; P-DRILL)

fn_propose_pivot_parents(); council-review the 13-edge list; ADD meta_catalog.pivot_code; UPDATE parent_code (one statement, off-peak — fires refresh) + backfill pivot_code. Confirm tree → 24 roots/6 parents. No frontend hierarchy.

M5 — `REGISTRIES_PIVOT_THRESHOLD_REGISTRY` (gate: RG5)

Birth display_policy (50=MAX, CHECK ≤50) + rows; replace any literal 50 with PG lookup. Evidence: the 28 over-ceiling leaves resolve from PG; 0 literal thresholds.

M6 — `REGISTRIES_PIVOT_PIN_REGISTRY_BIRTH` (gate: RG5 + Đ32)

Birth registry_pin (doc 08 shape), register in meta_catalog, add PIV-321, register pin.created/removed in event_type_registry before emit; global pins need Đ32. Soft-retire only.

M7 — `REGISTRIES_PIVOT_PHANTOM_LAW_PATCH` (gate: council / RG4)

Take doc 09 to council: source_model-aware phantom; reject blind record−actual (CAT-023 live-race proof); register count_integrity_phantom + phantom_detected/cleared. Author packet only; no enactment.

M8 — `REGISTRIES_PIVOT_DIRECTUS_API_EXPOSURE` (gate: M2; P2)

Expose the views/fns read-only (doc 10) modelled on pivot-query.get.ts; map every field → view/pivot source; read-only role; GRANT EXECUTE on fns; shaper does no counting. Rehearse perms before enabling.

M9 — `REGISTRIES_PIVOT_UI_PREVIEW_LIVE_WIRING` (gate: M8)

Repoint the deployed /ui-preview/registries-pivot/v1/ mock to live /api/registries-pivot/* responses (still preview, not production). Keep the draft banner. Zero DB/Nuxt-prod change.

M10 — `REGISTRIES_PIVOT_NUXT_RENDER_SHELL` (gate: ALL RG1–RG8 + M2/M8 live; P4)

Implement converged /knowledge/registries-pivot render-shell over /api/registries-pivot/* (Đ28). Only registered templates. Run doc-13 Truth-Check (100% Nuxt==PG) + coverage 100% + 0 hardcode_violation. Production change.

M11 — `REGISTRIES_PIVOT_LEGACY_RETIREMENT` (gate: M10 parity; P4)

Execute doc 12: remove health.get.ts gap-math (:123), point counts at PIV-500, drop index.vue:312 CAT-017 row + :271 orphan=totalGap + reduce-counts, stop record_count-as-truth, alias+deprecate the old route. Reviewed web PRs.

M12 — `REGISTRIES_PIVOT_NO_HARDCODE_CI` (gate: M8 onward; continuous)

Implement doc 13 scan (web repo, not bundle) + SQL checks; write hardcode_violation; block merge on the 9 known violations + regressions.

M13 — `REGISTRIES_PIVOT_NOTIFICATION_CLEANUP` (gate: M10 + M7 ratified; P9)

fn_count_integrity_check() → idempotent system_issues (coalesce_key) + signal-only event_outbox (Đ45 register-before-emit); register as Đ31 self-verification contract + watchdog. No emit before registration.

M14 — `REGISTRIES_PIVOT_PRODUCTION_ACCEPTANCE` (gate: M10+M11 live)

End-to-end: Truth-Check 100%, coverage 100%, 0 hardcode, net_gap explained, drill→leaf substrate works, drift/phantom/orphan surfaced correctly, pins/labels/thresholds PG-backed, legacy retired, one converged surface. Sign-off report.

DEFER: ghost/Qdrant cross-store; IU/KG dedicated pivots.

14 — One-Shot Next Macro Chain (M1–M12)

M1 — REGISTRIES_PIVOT_HUMAN_RATIFICATION_SESSION (opens RG1+RG2)

M2 — REGISTRIES_PIVOT_VIEW_COMMIT_AFTER_RATIFY (gate: RG1+RG2 signed)

M3 — REGISTRIES_PIVOT_MISSING_PIVOT_BUNDLE (gate: M2; RG3)

M4 — REGISTRIES_PIVOT_DRILLDOWN_WIRING (gate: M2; P-DRILL)

M5 — REGISTRIES_PIVOT_THRESHOLD_REGISTRY (gate: RG5)

M6 — REGISTRIES_PIVOT_PIN_REGISTRY_BIRTH (gate: RG5 + Đ32)

M7 — REGISTRIES_PIVOT_PHANTOM_LAW_PATCH (gate: council / RG4)

M8 — REGISTRIES_PIVOT_DIRECTUS_API_EXPOSURE (gate: M2; P2)

M9 — REGISTRIES_PIVOT_UI_PREVIEW_LIVE_WIRING (gate: M8)

M10 — REGISTRIES_PIVOT_NUXT_RENDER_SHELL (gate: ALL RG1–RG8 + M2/M8 live; P4)

M11 — REGISTRIES_PIVOT_LEGACY_RETIREMENT (gate: M10 parity; P4)

M12 — REGISTRIES_PIVOT_NO_HARDCODE_CI (gate: M8 onward; continuous)

M13 — REGISTRIES_PIVOT_NOTIFICATION_CLEANUP (gate: M10 + M7 ratified; P9)

M14 — REGISTRIES_PIVOT_PRODUCTION_ACCEPTANCE (gate: M10+M11 live)