KB-9D36

Điều 37 Bootstrap P0 — Investigation Report

7 min read Revision 1

Báo cáo Điều tra Điều 37 Bootstrap P0

Date: 2026-04-01 | Agent: Claude Code | OR v7.33 Mục tiêu: Điều tra 7 điểm đầu vào cho P1 (Schema). KHÔNG tạo gì.

ĐT-1: dot_domains

PK: code (TEXT, UNIQUE, NOT NULL)
Fields: 3 total

Column Type Constraint

code text PK, UNIQUE, NOT NULL

name text NOT NULL

parent_domain text nullable, FK → self
FK target cho law_jurisdiction.domain: dot_domains.code (TEXT)
Data: 25 domains. Hierarchy: parent_domain → code. Ví dụ: governance → governance.approval, governance.audit
Lưu ý: PK là TEXT (không phải INT). FK từ bảng mới phải trỏ tới code TEXT.

Column	Type	Constraint
code	text	PK, UNIQUE, NOT NULL
name	text	NOT NULL
parent_domain	text	nullable, FK → self

ĐT-2: collection_registry

PK: id (INTEGER, auto-increment)
Fields: 24 total
Column chứa tên collection: collection_name (STRING, NOT NULL)
FK target cho governance_registry.primary_collection: collection_registry.collection_name (STRING NOT NULL)

Key columns cho INSERT:

Column	Required	Note
code	NOT NULL	COL-NNN pattern
name	NOT NULL	Tên hiển thị
collection_name	NOT NULL	Tên PG table
group	nullable	GRP-REGISTRY etc.
governance_role	nullable	governed/observed/excluded
storage_role	nullable	primary/derived
source_kind	nullable	policy/aggregation
_dot_origin	DEFAULT DIRECTUS
migration_state	DEFAULT unclassified

Next code: COL-148 (latest = COL-147)

ĐT-3: dot_tools

PK: id (INTEGER, auto-increment)
Code field: code (STRING, NOT NULL, no UNIQUE constraint visible at Directus level)
Status: STRING field (no CHECK constraint visible — dropdown values in Directus meta)
Active DOTs: 155 active + 12 published = 167 total

Key columns:

Column	Note
code	DOT-NNN
domain	TEXT NOT NULL DEFAULT unclassified, FK → dot_domains.code
tier	TEXT (A/B)
operation	TEXT
paired_dot	TEXT (dual-trigger pair)
trigger_type	TEXT
cron_schedule	TEXT

ĐT-4: Birth trigger pattern

Birth Gate (BEFORE INSERT)

Function: fn_birth_gate()
Trigger naming: trg_before_birth_gate_{collection}
Fires: BEFORE INSERT, FOR EACH ROW
Purpose: 5-check validation trước khi tạo entity (WARNING mode)
Registered: TRG-BIRTH-001 → TRG-BIRTH-010 (10 collections)

Birth Auto (AFTER INSERT) — đây là pattern cần copy

Function: fn_birth_registry_auto() — SHARED across 133 collections
Trigger naming: trg_birth_{collection}
Fires: AFTER INSERT, FOR EACH ROW
Argument: code field name (default code, special: table_id for table_registry, process_code for workflows)
Logic:
1. Read entity code from NEW row via TG_ARGV[0]
2. Skip if code is NULL/empty
3. Skip if birth record already exists (idempotent)
4. Read _dot_origin from entity (fallback: PG:trg_birth_{table})
5. Lookup species from species_collection_map
6. Lookup governance_role from collection_registry
7. INSERT INTO birth_registry (entity_code, collection_name, species_code, composition_level, dot_origin, born_at, governance_role, certified) ON CONFLICT DO NOTHING
Deploy script: dot/bin/dot-birth-trigger-setup (v1.0.0)
Pattern cho 6 collections mới: Chạy dot-birth-trigger-setup SAU khi tạo collections + INSERT vào collection_registry. Script tự detect governed collections.

birth_registry schema (19 fields)

Column	Type	Note
id	integer	PK auto-increment
entity_code	string	NOT NULL
collection_name	string	NOT NULL
species_code	string	nullable
composition_level	string	nullable
dot_origin	string	nullable
born_at	timestamp	DEFAULT CURRENT_TIMESTAMP
governance_role	string	nullable
certified	boolean	NOT NULL DEFAULT False
status	string	DEFAULT born

ĐT-5: Roles & Policies

Roles (7)

Role	ID (prefix)
Public	060544bb...
Antigravity Public	41762869...
Public	8b84ce38...
Administrator	a40a1070...
AI Agent	a7df11f1...
Editor	c60f9c5e...
Agent	e7c71c3d...

Policies (6)

Policy	Admin	ID (prefix)
Editor Policy	No	4ea86fab...
Agent Policy	No	74d6c90f...
Administrator	Yes	8a613123...
Public Access	No	a513bc9d...
$t:public_label	No	abf8a154...
AI Agent Policy	No	e81a70bc...

Permissions cần set cho collections mới

Theo pattern S150-P2 (design_templates):

Read: Public ($t:public_label: abf8a154), Public Access (a513bc9d), AI Agent Policy (e81a70bc)
Create/Update: AI Agent Policy (e81a70bc) — cho DOT tools
Admin: Administrator policy (8a613123) — auto via admin_access=true
Directus 11 dùng policy thay vì role trong permissions API

ĐT-6: Khai sinh collection template

INSERT vào collection_registry

{
  "code": "COL-{NNN}",
  "name": "{collection_display_name}",
  "collection_name": "{pg_table_name}",
  "group": "GRP-GOVERNANCE",
  "governance_role": "governed",
  "storage_role": "primary",
  "source_kind": "policy"
}

Sequence

Create collection via Directus Collections API (AP-15: KHÔNG ALTER TABLE)
Set permissions via Directus Permissions API (policy-based)
INSERT vào collection_registry (khai sinh — Điều 36)
Run dot-birth-trigger-setup (auto-deploy birth triggers cho governed collections)

Directus collection creation requirements (Directus 11.5)

Meta fields BẮT BUỘC:

hidden, singleton, archive_app_filter, collapse, versioning Field meta BẮT BUỘC:
hidden, readonly, searchable

ĐT-7: Trùng tên

Collection	Status
law_registry	FREE
law_jurisdiction	FREE
governance_registry	FREE
governance_relations	FREE
law_dot_enforcement	FREE
governance_audit_log	FREE

Conflicts: 0 — Tất cả 6 tên sạch, sẵn sàng tạo.

KẾT LUẬN

Sẵn sàng P1: CÓ
Blocker: KHÔNG CÓ
Lưu ý quan trọng cho P1:
1. dot_domains.code là TEXT PK — FK phải dùng TEXT, KHÔNG INT
2. collection_registry.collection_name là target FK — KHÔNG phải id
3. fn_birth_registry_auto() đã tồn tại — chỉ cần chạy dot-birth-trigger-setup sau khi tạo collections
4. Directus 11.5 yêu cầu searchable, hidden, readonly trên MỌI field meta + archive_app_filter, collapse, versioning trên collection meta
5. Permissions dùng policy ID (KHÔNG phải role ID)
6. Next collection_registry code: COL-148
7. 6 collections mới governance_role=governed → birth trigger tự deploy