Why Rollback Cannot Undo History

Control requirement

The control must live outside the candidate’s ordinary write boundary. It should be versioned, auditable, recoverable, and testable under failure. A policy expressed only as a prompt is not a hard control.

Failure mode

The governance layer becomes part of the attack surface when it controls identity, success definitions, release permissions, hidden evidence, memory retention, aliases, and rollback.

Practical review

Ask who owns the control, who can change it, which evidence would reveal failure, how it is rolled back, and what organizational pressure could bypass it.

<!-- expanded-release-content -->

Restoring state is not reversing effects

This does not make rollback useless. It means rollback must be paired with containment, notification, data hygiene, downstream invalidation, and post-incident review. A rollback that changes weights but leaves memory, aliases, or external side effects untouched can create a false sense of recovery.

Ecological rollback

Ecological rollback restores the whole relevant state: model artifacts, adapter stack, prompt packages, memory snapshot, router version, evaluator version, permission profile, tool inventory, indexes, aliases, and dependency versions. It also records what cannot be restored: external side effects and decisions already made.

Review standard

Before release, teams should test rollback in staging. The test should ask whether the restored system reproduces the prior safe behavior, whether evidence remains linked to the restored composition, whether memory and retrieval state match the rollback packet, and whether operators understand what remains outside rollback.