Function predecessor_active 

fn predecessor_active(
    fleet_state: &FleetState,
    manifests: &SignedManifestSet,
    predecessor: &ChannelId,
) -> bool

True if the predecessor channel has in-flight work that must finish before the successor advances.

Source-of-truth precedence:

1. No verified manifest for the predecessor channel ⇒ no work declared, return false (gate passes).
2. Manifest present, no rollout row yet for the manifest’s current target_ref ⇒ fresh-boot protection: the predecessor’s rollout is about to open, block conservatively so the successor cannot race ahead.
3. Manifest present, rollout row exists ⇒ return terminal_at.is_none() — in-flight blocks, Terminal passes.

LOADBEARING: keyed by canonical RolloutId::new(channel, channel_ref) (RFC-0008 §6.3), NOT by channel. A channel-level key would conflate “no rollout yet on this channel” with “rollout for this target_ref terminal” — the terminal_at.is_none() filter on a channel-keyed map causes the fresh-boot protection to misfire as a permanent block after legitimate completion. Mirror of the planner’s rollout-id-keyed OpenRollout predicate at planner.rs’s section 1.