KB-AA72 rev 2

Dieu 37 P1 Complete — Auto Onboarding Report

3 min read Revision 2

Dieu 37 P1 Complete — Auto Onboarding Report

Date: 2026-04-02 | OR v7.35->v7.36 | PR #660 (schema) + #661 (DOT upgrade)

Summary

6 collections + 10 triggers + 2 DOT upgrades + self-healing proof.

DOT Upgrades

  • dot-collection-create v2.0.0: +Step 15 (FK), +Step 16 (permissions), +Step 17 (species), +Step 18 (birth)
  • dot-collection-health v2.0.0: +H14 (FK self-heal), +H15 (permissions self-heal), +H16 (species self-heal), +H17 (no DELETE)
  • CHECKS auto-counted via ((++)), no hardcode (§0-AU)

V11 Self-Healing Evidence

Component Before Delete After Delete After Self-Heal Match
FK constraints 6 0 6 YES
Permissions 52 0 52 YES
Species mappings 5 0 5 YES
DELETE perms 0 0 0 YES

Products NOW = created by SYSTEM, not by agent manually.

Prerequisites Created

  • species_code field added to collection_registry
  • 5 species types: law, jurisdiction, governance_agency, governance_relation, law_enforcement
  • species_code backfilled on 6 governance collections

Verify Results

  • V1-V3: 6 tables, 6 Directus collections, 10 triggers = PASS
  • V4-V13: All 10 trigger tests = PASS
  • V14: 0 DELETE permissions = PASS
  • V15: 6 collection_registry records (COL-148-153) = PASS
  • V16: 5 birth triggers = PASS
  • V17: Field meta complete = PASS
  • V11: SELF-HEALING complete = PASS

PG CHECK vs Directus Dropdown

  • PG CHECK: status (3 collections), coverage_type, source_type, target_type, discovery_source
  • Directus dropdown: category, gov_type, gov_group, output_target, relation_type (TAM), enforcement_role, result

Notes

  • relation_type dropdown TAM (KB timeout). Needs Desktop confirm.
  • E2E flaky test on first CI run, passed on rebase retry.
  • Permission pattern inconsistency: existing governed (collection_registry) HAS delete. New governance = NO delete by design.
  • H14-H17 in health script iterate all governed collections via Directus API — slow for large numbers. TD: optimize with PG-only FK check.

TD

  • TD: Optimize H14 FK check to use PG catalog only (avoid Directus API per collection)
  • TD: relation_type enum confirm from Desktop
  • TD: DOT-GOV-VERIFY (P4) — Engine 2 for governance system
  • TD: Standardize permission patterns across all governed collections

TD Resolved (2026-04-02)

  • TD H14 FK optimization: DONE. v2.1.1 uses PG-only (directus_fields + information_schema). 0 API calls. 18.9s total.
  • TD H17 retroactive: DONE. Luật Bảo toàn applied to ALL governed. 22 DELETE permissions removed on first run.
  • AP-16→20 added to anti-patterns registry.
  • Điều 36 §12 added with H14-H17 health checks + onboarding checklist.