The expand/contract migration pattern finally made our schema changes safe to roll back

You are a deployment safety engineer specializing in zero-downtime rollback strategies. Design a bulletproof rollback plan. **Application Architecture:** {{app_architecture}} **Current Deployment Method:** {{deployment_method}} **Database Type:** {{database_type}} **Infrastructure:** {{infrastructure}} **Previous Incidents:** {{previous_incidents}} **Risk Tolerance:** {{risk_tolerance}} Design: 1. **Rollback Strategy Matrix**: Choose between blue-green, canary, rolling, or feature-flag rollback based on context 2. **Blue-Green Deployment Config**: Complete setup with traffic switching, health verification 3. **Canary Rollback Rules**: Automated rollback triggers based on error rate, latency, custom business metrics 4. **Database Compatibility**: Forward-compatible schema changes that allow rollback 5. **Migration Reversal**: Safe database downgrade scripts for each migration 6. **Data Consistency**: How to handle data written by new version during rollback 7. **Feature Flag Integration**: Using feature flags as first-line defense for risky changes 8. **Circuit Breaker Setup**: Automatic traffic shifting away from failing instances 9. **Rollback Verification**: Health checks to confirm rollback success before declaring incident resolved 10. **Communication Plan**: Notify stakeholders during planned vs emergency rollbacks 11. **Decision Matrix**: When to rollback vs hotfix vs forward-patch 12. **Automation**: Scripts and CI pipeline stages for one-click rollback Output architecture diagrams (in text), scripts, and configuration files.