02 — Crash-safe Guard Audit + OOM Landmine Detector

Root cause (confirmed)

The smoke probe v_rp_ui_current_smoke_probe references the deep decorated contract stack ~15×. A single statement combining the smoke probe with ANY other deep RP stack makes the planner expand the stack dozens of times → OOM during PLANNING (EXPLAIN alone crashes). Standalone single-stack reads, and plpgsql functions that run each gate as a SEPARATE statement, are safe (clean cancel/complete).

Landmine inventory (dependency-graph detector)

Exactly ONE live smoke-combo landmine: v_rp_ui_current_production_acceptance_dashboard (CROSS JOIN of smoke + contract_guard + anti_false_green + validation_summary). 0 dependents.

Fixes applied (additive, birth-free)

1. Neutralized the landmine: v_rp_ui_current_production_acceptance_dashboard → SELECT * FROM fn_rp_ui_current_production_acceptance() (each gate a SEPARATE single-stack statement; generator fields = cardinality proxy, no heavy validation cross-join). Now safely queryable: PASS · 15/15 · 6/6 · UI_CURRENT_READY_FOR_OPERATOR_DEPLOY.
2. Hardened fn_rp_ui_deploy_final_readiness_guard gate 5: removed the heavy v_rp_autoscale_generator_readiness_dashboard_v2/validation_summary_v2 cross-join from the hot path; generator verdict now cardinality-derived. Same signature → wrapping view unaffected.
3. v_rp_oom_landmine_detector — pure dependency-graph (pg_depend/pg_rewrite), immune to string-literal false positives (an earlier text-matching version flagged itself). Classifies: CRASH_LANDMINE / SLOW_BOUNDED_NO_SMOKE / SAFE_FUNCTION_BACKED / SAFE.
4. v_rp_guard_safety_status — verdict + the OOM rule.

Result

detector: 0 CRASH_LANDMINE, 3 SAFE_FUNCTION_BACKED, 9 SLOW_BOUNDED_NO_SMOKE, 15 SAFE. v_rp_guard_safety_status = OOM_SAFE__NO_LIVE_SMOKE_COMBO_LANDMINE. No crash since the fix.