KB-6B88 rev 17

Master Design Rev2 — 07 Macro Report (rev3 MP-D11..MP-D15)

46 min read Revision 17

Master Design Rev2 — Macro Report

Path: knowledge/dev/design/v0.6-iu-4mothers-event-foundation-rev2/07-master-design-rev2-report.md Macro: IU_4MOTHERS_EVENT_FOUNDATION_MASTER_DESIGN_REV2_DOCUMENT_ONLY_2000X Status: PASS (document only) — Revision 5 (MP-D23..MP-D30 industrial-birth / cross-law / object-factory final pre-approval hardening applied 2026-05-28; see §16 patch log + NEW 10-…. Overall PARTIAL on one MP only: MP-D26 jurisdiction is PARTIAL by law reality — Điều 37 does not define human org roles; one future law flagged. Revision 4 applied MP-D16..MP-D22 §15 + 09-…; Revision 3 applied MP-D11..MP-D15 §14; Revision 2 applied MP-D1..MP-D10 §13). Date: 2026-05-27 (rev2) · 2026-05-28 (rev3 MP-D11..MP-D15) · 2026-05-28 (rev4 MP-D16..MP-D22) · 2026-05-28 (rev5 MP-D23..MP-D30) Trigger: User message 2026-05-27 — "duyệt Requirement Rev2 MP1–MP6" + full macro prompt body — explicit approval of Requirement Rev2 (Rev2 brief §21 MP6 final approval gate) AND launch of Master Design Rev2 macro.


§1. Final status

MASTER_DESIGN_REV2_DOCUMENT_ONLY_PASS_2026_05_28 — revision 5 (DOC-ONLY industrial-birth / cross-law / object-factory final pre-approval hardening pass; see §16 patch log MP-D23..MP-D30 + NEW 10-…). Overall PARTIAL on one MP (MP-D26 jurisdiction PARTIAL by law reality — see §16 + 10-… §10); all other MP-D23..D30 PASS; one future law flagged (human-org-role/permission). Revision 4 covered MP-D16..MP-D22 (§15 + 09-…); Revision 3 covered MP-D11..MP-D15 (§14); Revision 2 (2026-05-27) covered MP-D1..MP-D10 (§13).

All 8 workstreams from the macro prompt are landed in the 7 design documents listed below (+ 2 rev3/rev4 addenda). Every Rev2 brief section (§0..§21 + MP1–MP6) has a design landing site verified by the traceability matrix. No production mutation occurred. Open Decisions OD1..OD15 are each resolved (kept / refined / deferred). Phase 0..7 sequencing is paper-only.

Revision 2 (2026-05-27, document-only): GPT reviewer verdict was ACCEPT_WITH_MINOR_PATCHES_BEFORE_DESIGN_APPROVAL. Ten minor patches MP-D1..MP-D10 were applied to clarify wording without changing design intent. No design re-architecture, no PG mutation, no Directus mutation, no Qdrant/vector write, no migration, no DOT command run, no law enactment, no implementation, no final OSS tool selection. See §13 below for patch log.

Caveats (these are not failures; they are expected gates carried by Rev2 brief itself):

  • OD1 (Điều 34 promote/merge/keep-draft) is deferred to Council — design proceeds independently and does not treat Điều 34 as authority.
  • G7 candidate registry survey (field_registry, input_form_registry, output_table_registry, dot_function_registry) is required before Phase 1 — a separate document-only survey macro is the next step (06-open-decisions-and-readiness.md §S16).
  • Raw-source audit of 4 mẹ mở rộng.txt + Bắt sự kiện của PG(3).docx is optional per Council demand (06-… §S17).

§2. Document paths + revisions

Location: /Users/nmhuyen/knowledge/dev/design/v0.6-iu-4mothers-event-foundation-rev2/. Revision 1 = initial PASS macro. Revision 2 = MP-D1..MP-D10 document-only patches (this report §13). Files touched at revision 2: 00, 02, 03, 04, 06, 07; files unchanged (still rev 1): 01, 05.

# Path Lines Bytes Workstream
0 00-master-design-rev2.md 377 31 591 Master integration
1 01-requirement-traceability-matrix.md 357 41 159 WS1 — Requirement Traceability
2 02-step-state-machine-and-workflow-ui-design.md 566 34 595 WS4 — State machine + Workflow UI
3 03-event-5layer-realtime-dlq-design.md 569 32 130 WS5 — Event 5-layer + Realtime + DLQ
4 04-iu-centered-4mothers-binding-design.md 472 26 897 WS2 + WS3 — IU master + 4 Mothers binding
5 05-oss-candidate-strategy-rev2.md 342 20 996 WS7 — OSS strategy
6 06-open-decisions-and-readiness.md 534 29 386 WS8 — Open decisions + readiness
7 07-master-design-rev2-report.md (this file) Macro report
8 08-bidirectional-input-kaizen-governance-addendum.md Rev3 addendum: MP-D11..MP-D15 (bidirectional flow + staging + unified MOW T6→T1 + inline Kaizen + MOT/JFT matrix + governance-at-scale cockpit + AI/agent ops)
9 09-governance-operability-observability-addendum.md Rev4 addendum: MP-D16..MP-D22 (Điều 5 ↔ T6→T1 mapping + governance problem queue taxonomy/lifecycle + Kaizen anti-noise/duplicate lifecycle + direct-canonicalization guardrails + Minimum Observability Profile + raw PG-event OSS reconciliation + Governance Ops Survey)
10 10-industrial-birth-cross-law-addendum.md Rev5 addendum: MP-D23..MP-D30 (cross-law constitutional review + Điều 28 template binding for all 4 Mothers UI surfaces + Điều 36/0-G/29 collection-object birth protocol + 4 Mothers as Điều 37 factory agencies + Điều 37 jurisdiction matrix + NT14 traceability matrix + assembly-first reuse decision tree + no-"đẻ rơi" safety gates + agent self-review)

Total ~3 217 lines (rev2) + rev3 addendum ~700 lines + rev4 addendum ~520 lines + rev5 addendum ~330 lines.

Files touched at revision 4: 00, 02, 03, 04, 05, 06, 07, 08 (cross-link), NEW 09. Files unchanged at revision 4: 01.

Files touched at revision 5: 00, 02, 04, 05 (cross-law note), 06, 07, 08 (cross-link §15), 09 (cross-link §4.8), NEW 10. Files unchanged at revision 5: 01, 03.


§3. Workstream landing summary

WS Topic Landed in
WS1 Requirement Traceability (every Rev2 § → design + law + PG artifact + reuse + gap + sentinel) 01-… §§1-19
WS2 IU-Centered Master Architecture (IU brick, bundle, version pinning, doctrine) 04-… §§1-5
WS3 4 Mothers Binding (MOW/MOT/MOIT/MOUT around IU, reuse existing tables) 04-… §4
WS4 Step/Task State Machine + Workflow UI (9-state floor, waiting facets, transitions, roll-up, a11y, long-workflow, governance UI) 02-… §§2-8
WS5 Event 5-Layer + Realtime + DLQ (producers, broker/queue split, executor class, idempotency, heartbeat, realtime gateway, DLQ replay, schema compat, usage evidence) 03-… §§3-9
WS6 PG Maximization + Existing Infrastructure Reuse (covered transversally) 01-… §11 + §13 + 00-… §10
WS7 OSS Candidate Strategy Rev2 (7 labels + Gate A/B + 14 tool verdicts) 05-… §§1-5
WS8 Open Decisions + Implementation Readiness (OD1..OD15 + extension registries + Phase 0..7 sequencing) 06-… §§S1-S20

§4. Requirement traceability summary

  • Rev2 brief sections covered (01-…):
    • §2 IU doctrine (6 fields) → 01-… §1.
    • §3 IU brick (11 fields + boundary) → 01-… §2.
    • §4 IU bundle (R4.1-R4.4) → 01-… §3.
    • §5 4 Mothers (MOW/MOT/MOIT/MOUT) → 01-… §4.
    • §6 Event 5-layer (6 sub-sections + reconcile checklist) → 01-… §5.
    • §7 UI (Standard/Runtime/9-state/waiting facets MP3/a11y MP4/governance UI/roll-up MP5) → 01-… §6.
    • §8 IU Event Contract (5 sub-rules) → 01-… §7.
    • §9 KG Feedback (propose-only) → 01-… §8.
    • §10 Usage Evidence (8 signals) → 01-… §9.
    • §11 No-Double-Ownership (14 rows) → 01-… §10.
    • §12 Old Infrastructure Coverage (31 rows + 5-level taxonomy) → 01-… §11.
    • §13 Constitution / Law Matrix → 01-… §12.
    • §14 PG Maximization Map (≥20 artifacts) → 01-… §13.
    • §15 OSS Strategy (7 labels) → 01-… §14 + 05-… §§3-4.
    • §16 Điều 34 decision path → 01-… §15 + 06-… §S1.
    • §17 Acceptance Criteria (19 PASS items incl. MP1..MP6) → 01-… §16 + 00-… §11.
    • §18 Completeness Checklist (36 rows) → 01-… §16 (inherited).
    • §19 Open Decisions Register (OD1..OD15) → 01-… §17 + 06-… §§S1-S15.
    • §20 Forbidden block → 01-… §18 + 00-… §12.
    • §21 MP6 final approval gate → triggered this macro; honored.

Every Rev2 brief PASS item (19) and PARTIAL condition (raw-source audit + candidate registry survey) is captured with a corresponding design row / gate.


§5. Law / no-double-ownership summary

Boundary preservation matrix (mirrors Rev2 §11):

Concern Owner Design relation
Queue / event core / executor boundary / state machine ≥9 / heartbeat caller Điều 45 v1.0 consume / call only; never redefine
IU axis / compose / split / merge / SQL link / structure ops Điều 38 + Điều 39 reference / bind only
Approval quorum Điều 32 call API only; MOT/MOW do not own approval
DOT lifecycle Điều 35 v5.2 DOT-pair for every mutation
UI render shell Điều 28 / S178 implement only as render
4-DB / 3-layer Điều 33 v2.1 route Nuxt → backend gateway → PG/Directus
Birth registry Điều 0-G register event_type / executor_class / state / IU
Governance org Điều 37 v3.3 same UI / backend filter
Reversibility Điều 30 every extension has rollback
Integrity / audit Điều 31 v1.2 every binding has audit row
Assembly First Điều 7 OSS as adapter only
4 Mothers application layer Future Điều XX only NEW concern owned by this design (and referenced as "future framework law" — not enacted in this macro)
Workflow law decision path Điều 34 DRAFT decision-path only (06-… §S1)

Sentinel: no design WS redefines a law-owned concern; Điều 34 cited zero times as authority.


§6. Existing infrastructure reuse summary

Reuse-first pattern: where Rev2 §12 has verified_live rows, design extends with columns / runtime envelope rather than creating new tables. New extensions are paper-only.

Old infra (verified_live) Rev2 §12 row Design treatment
information_unit + axes + iu_three_axis_envelope 1, 27 IU brick fields anchor (04-… §3.1)
iu_version 1 Version pin substrate (04-… §5)
IU compose ops 2 MOW step assembly (04-… §4.1)
iu_metadata_tag + registry 7 Domain governance (04-… §6)
iu_lifecycle_log 8 Audit ledger (04-… §6)
event_outbox (~140k+ rows) 9 Canonical ledger (03-… §3)
event_type_registry 10 Register-before-emit substrate (03-… §3.1)
event_pending / event_read / event_subscription 11 Event bus (03-… §4)
job_queue / job_dead_letter / queue_heartbeat 12 Job queue + DLQ + heartbeat (03-… §§4-5)
cut_request + transition 13 Cut pipeline producer (03-… §3.2)
dot_iu_command_catalog + dot_iu_command_run (col mutating) 14, 20 DOT executor class (03-… §5)
dot_config runtime gates 15 Gate respect (00-… §10)
workflows / workflow_steps / workflow_step_relations 16 MOW substrate (04-… §4.1)
workflow_change_requests 17 Proposal mode (02-… §8); NO new sibling table for workflow proposals
workflow_categories 18 Classification (04-… §4.1)
tasks / task_checkpoints / task_comments 19 MOT substrate (04-… §4.2)
iu_route_* + iu_qdrant_collection_registry + iu_vector_sync_point 21 Vector projection only — no cross-IU pollution (03-… §3.4 + 04-… §3.6); iu_vector_sync_enabled=false respected
iu_notification_event 22 Notification executor (03-… §5.7)
Directus collections + legacy flows 23 Boundary: API/admin/staging only (04-… §4.5)
pg_cron legacy 24 Scheduled trigger producer, not queue (03-… §3.5)
iu_piece_collection / iu_piece_membership / iu_collection_template_* 26 Bundle substrate (04-… §3.7)
iu_sql_link 5 MOUT output binding (04-… §4.4)
fn_iu_post_cut_axis_materialize (exists, not autowired) 6 Phase 0 closes autowire (G2; 06-… §S19)

candidate_requires_survey rows (28-31) gated by 06-… §S16. Phase-1 design depends on no CRS row until survey returns VL.

legacy_trace rows (23, 24, 25) bounded — not extended into MOW/MOT runtime.


§7. Open gaps

Tracked in 06-open-decisions-and-readiness.md §S19:

Gap Closes at Acceptance
G1 review_decision_id for IU split/merge Phase 0 All IU split/merge ops carry review_decision_id
G2 fn_iu_post_cut_axis_materialize autowire into fn_cut_complete Phase 0 Autowired per memory roadmap
G3 executor_class_registry ownership boundary Phase 1 Table exists with executor_kind + mutating + heartbeat_caller_fn
G4 dlq_replay_request ledger Phase 1 Schema + Điều 32 approval ID FK
G5 idempotency_registry schema Phase 1 Per-namespace keys
G6 Step state machine registry placement Phase 1 state_machine_registry tables exist
G7 Candidate registry survey (4 registries) Survey macro before Phase 1 All 4 either VL or shape-adapted
Rev2 §10 usage-evidence schema Phase 2 iu_usage_evidence populated by 8-signal functions

Per 06-… §S20.1 sequencing (rev4 MP-D22 — three surveys precede the Phase 0/1 ordering decision):

Immediate next (Survey 1): IU_4MOTHERS_CANDIDATE_REGISTRY_SURVEY_DOCUMENT_ONLY_*X

  • Survey field_registry / input_form_registry / output_table_registry / dot_function_registry via MCP read-only (memory feedback-mcp-query-pg-is-context-pack-readonly-no-phase3-writes).
  • Produce a candidate-registry survey paper report.
  • Decide CRS → VL or shape-adapt.

Survey 2: IU_4MOTHERS_TIER_REGISTRY_SURVEY_DOCUMENT_ONLY_*X — confirm T6/T5/T4/T3 sources (domain/company/department/specialty — existing vs paper) before MOW canvas Phase 2 (MP-D12; 09-… §3.3).

Survey 3: IU_4MOTHERS_GOVERNANCE_OPS_SURVEY_DOCUMENT_ONLY_*X — survey existing task queues / AI-task+agent-run tables / governance views/logs / heartbeat / dashboards / VPS observability tooling before cockpit + agent-ops implementation (MP-D22; 09-… §9). Output <NN>-governance-ops-survey.md.

Cross-law binding readiness (rev5 MP-D23..D26): folded into surveys 1–3 — read-only shape check of design_templates + product-from-template (Điều 28), birth_registry/species_collection_map/entity_species (Điều 0-G/Species), collection_registry (Điều 36), governance_registry type='factory' + governance_relations + law_jurisdiction (Điều 37), HC-REG/HC-SCHEMA live status (06-… §S20.1 step 1d; 10-… §3–§6). Flags the human-org-role/permission law (10-… §10.2.1) as a separate future macro.

IU substrate readiness gate (Rev4 reviews Gate A): before any 4 Mothers factory implementation, run IU_CORE_PROCESS_BRICK_READINESS_AND_GAP_SURVEY_DOCUMENT_ONLY_3000X and finish IU tests b–f (per iu-4mothers-master-design-rev4-gpt-review-iu-centered-roadmap-2026-05-28.md + iu-roadmap-review-after-master-design-rev4-gpt-2026-05-28.md). Do not build MOW/MOT/MOIT/MOUT on an incomplete IU substrate.

Then Phase 0 macros (in any order; each separate macro):

  • IU_REVIEW_DECISION_ID_FOR_SPLIT_MERGE_PHASE0_*X — close G1.
  • IU_POST_CUT_AXIS_MATERIALIZE_AUTOWIRE_PHASE0_*X — close G2.

Council parallel: Council Round 1 for OD1 (Điều 34 decision).

Optional document-only macro (if Council demands): IU_4MOTHERS_RAW_SOURCE_UPLOAD_DOCUMENT_ONLY_*X — upload 4 mẹ mở rộng.txt + Bắt sự kiện của PG(3).docx raw files into KB; this design re-verifies Rev2 §6.6 reconciliation against raw text.

Then Phase 1 macros — substrate extensions per 06-… §S20.2 (each a separate macro with its own forbidden / authority pack).


§9. Forbidden compliance statement (explicit, binding)

Per Rev2 §20 + macro authority pack — VERIFIED:

Forbidden Compliance evidence
No PG mutation Zero INSERT / UPDATE / DELETE against production PG via any channel this macro. No mcp__claude_ai_Incomex_VPS__query_pg. No SSH writes.
No Directus mutation Zero Directus collection writes via this macro.
No business Qdrant / vector write or reindex Zero iu_vector_* / iu_qdrant_collection_registry / iu_vector_sync_point writes. iu_vector_sync_enabled=false gate respected. (KB-doc upload to Incomex_KB is the same governance channel used by Rev2 brief revisions 1 and 2 per 01-patch-report.md §7; doc-RAG layer ≠ business Qdrant.)
No migration Zero new migration files; existing migrations referenced only for context.
No DOT command run Zero dot_iu_command_run insert via this macro.
No law enactment / drafting Điều XX referenced as future framework only; Điều 34 only as decision path; no clause text drafted.
No implementation macro Phase 0..7 in 06-… §S20 is paper-only; no implementation triggered.
No UI deployment No Nuxt / Directus deploy.
No final OSS tool selection 05-… strictly labels-only; zero version numbers / CI steps / dockerfile lines.
No direct raw SQL apply Zero SQL apply.
No dot_config gate change Gate snapshot 2026-05-27 (job_substrate=false, composer=true, vector_sync=false, heartbeat=true, dlq_replay=false) respected.

Sentinel grep across the 8 documents — zero version numbers (e.g. "v1.2.3"), zero CI step keywords (e.g. "github actions", "gitlab-ci"), zero dockerfile syntax, zero apt-get / pip install / npm install lines. PASS.


§10. Acceptance against Rev2 brief §17

Rev2 §17 PASS item Verified in this design
1. IU-centered doctrine §2 binding 04-… §2 + 00-… §§3 (inv 1, 2), 4
2. IU brick fields §3 + bundle §4 04-… §3
3. 4 Mothers §5 re-framed around IU 04-… §4
4. Event 5-layer §6 reconciled w/ Bắt sự kiện của PG(3).docx checklist §6.6 03-… §10
5. UI §7 Standard + Runtime + 9-state + Governance 02-… §§3, 6, 7
6. IU Event Contract §8 + KG §9 + Usage Evidence §10 03-… §3.3 + 04-… §3.5 + 03-… §9
7. No-double-ownership §11 + Constitution §13 00-… §3 inv 4 + 01-… §§10-12 + 04-… §4.6
8. Old Infra Coverage §12 ≥27 (actually 31) 01-… §11
9. PG Maximization §14 00-… §10 + 01-… §13
10. OSS labels §15 7-set; no tool pick 05-… §§1-4
11. Điều 34 §16 decision path only 06-… §S1
12. Forbidden §20 intact 00-… §12 + this report §9
13. 500-step assembly acceptance §17 row 13 04-… §2.5 + §3.4
14. MP1 evidence_level + 4 candidate registry rows 01-… §11 + 06-… §S16
15. MP2 raw-source wording 06-… §S17
16. MP3 waiting sublabels facet (not core state) 02-… §3.3
17. MP4 a11y traffic-light 02-… §3.5
18. MP5 workflow roll-up principle 02-… §5
19. MP6 final approval gate this macro launched per §21 binding

All 19 PASS items satisfied.


§11. Reviewer access

All 8 documents are at /Users/nmhuyen/knowledge/dev/design/v0.6-iu-4mothers-event-foundation-rev2/ — readable by GPT reviewer the same way the Rev2 brief is (same local path pattern). KB upload to Incomex_KB executed by this macro; see §12 for revision 2 upload verification.

KB-upload verification was performed via mcp__claude_ai_Incomex_KB__update_document for the 6 patched files; results captured in §12 below.


§12. KB upload verification (revisions 2 / 3 / 4)

KB path mirrors local path: knowledge/dev/design/v0.6-iu-4mothers-event-foundation-rev2/<file>.md. Note: the KB revision integer increments once per write (update_document or patch_document). The rev4 pass applied multiple patch_document calls per file, so the post-rev4 KB integer is higher than the doc-label "Revision 4". The authoritative semantic version is the "Revision N" label in each file's Status line; the actual post-rev4 KB integers were: 00=10, 01=1, 02=6, 03=5, 04=6, 05=3, 06=8, 07=9, 08=3, 09=1.

Path Doc-label (rev2 / rev3 / rev4)
…/00-master-design-rev2.md 2 / 3 / 4
…/01-requirement-traceability-matrix.md 1 / 1 / 1 (not patched any rev)
…/02-step-state-machine-and-workflow-ui-design.md 2 / 3 / 4
…/03-event-5layer-realtime-dlq-design.md 2 / 3 / 4
…/04-iu-centered-4mothers-binding-design.md 2 / 3 / 4
…/05-oss-candidate-strategy-rev2.md 1 / 1 / 2 (first patch at rev4)
…/06-open-decisions-and-readiness.md 2 / 3 / 4
…/07-master-design-rev2-report.md 2 / 3 / 4
…/08-bidirectional-input-kaizen-governance-addendum.md — / 1 / 2 (rev4 cross-link) / 3 (rev5 cross-link §15)
…/09-governance-operability-observability-addendum.md — / — / 1 (new at rev4) / 2 (rev5 cross-link §4.8)
…/10-industrial-birth-cross-law-addendum.md — / — / — / 1 (new at rev5)

Upload channel: mcp__claude_ai_Incomex_KB__patch_document (existing docs, replaying local Edits) + mcp__claude_ai_Incomex_KB__upload_document (new 10). Same governance channel as Rev2 brief revisions (per 01-patch-report.md §7 precedent). KB-doc layer is independent of business Qdrant (iu_vector_*); iu_vector_sync_enabled=false gate untouched. Note (rev5): the KB revision integer increments once per patch_document write, so multi-patch files desync from the doc-label "Revision 5"; the authoritative semantic version is the "Revision N" Status-line label in each file.


§13. Revision 2 patch log — MP-D1..MP-D10 (document-only)

Trigger: GPT reviewer read the 6 core files (00, 02, 03, 04, 06, 07) directly and returned verdict ACCEPT_WITH_MINOR_PATCHES_BEFORE_DESIGN_APPROVAL. Ten minor patches applied as document-only wording fixes — no design rework, no production mutation. Date: 2026-05-27.

ID Topic Files patched Summary
MP-D1 W3C trace context wording 00 §3 inv 8 + §8; 03 §3.3 envelope + §5.6 trace_id is 32 hex; parent_span_id 16 hex; trace_flags 2 hex; traceparent = "00-<trace_id>-<parent_span_id>-<trace_flags>". Never assign full traceparent string to trace_id. Envelope example fixed; field list extended with trace_flags.
MP-D2 completed → in_progress semantics 02 §4 T8/T8r/T12/T12r + post-table notes T8r and T12r renamed to reopen_for_correction. Requires Điều 32 approval + correction_reason vocab + prior_completed_audit row + original_output_snapshot. Reopen is additive — never deletes the prior completion record.
MP-D3 Overdue → completed audit preservation 02 §4 T7 + post-table notes T7 persists completed_after_deadline=true, overdue_first_at, sla_breach_duration on step_run and in emitted step.completed event. Historical overdue mark retained in state history. SLA breach / audit not erased.
MP-D4 blocked severity escalation 02 §3.1 row 5 + post-table MP-D4 block Default token stays yellow_dark. Presentation escalates to red on threshold time / critical path / deadline breached / manual escalation. Core state_code unchanged; UI/roll-up consult fn_step_blocked_severity.
MP-D5 Derived states posture 02 §4.5 paused + cancelled are extension states above the 9-state floor — they do NOT replace any floor code. Every adapter/tool must still support all 9 floor codes; derived states declare floor_equivalent for mechanical down-mapping.
MP-D6 render_iu_body permission / cache / audit 04 §2.3 Added pre-render checks (iu_version_exists, governance_state_allowed, permission_filter_backend, context_scope_allowed) with structured refusal codes. Audit event iu.rendered mandatory; cache key includes (iu_unit_id, iu_version_id, surface, permission_scope_hash). Notification render uses recipient-scope permission, never leaks body beyond recipient access.
MP-D7 Candidate registry survey sentinel 06 §S16 (with cross-refs to 04 §§4.3-4.4 + 00 §10 + §13) No implementation may reference field_registry, input_form_registry, output_table_registry, dot_function_registry by name until Candidate Registry Survey marks each verified_live OR a Điều-32-approved shape-adapter is registered. Paper-only references in design docs allowed; executable artifacts gated.
MP-D8 Event payload policy 03 §3.3 Refined sentinel: max payload size configurable per event_type (dot_config event_payload.max_size_bytes.*, default 4 KB); forbidden keys (body_text, instruction_text, payload_blob, iu_body) enforced as deny-list; allowlist per event_type_registry.schema_jsonb; unknown keys rejected. Acceptance row added.
MP-D9 AI/worker concise summary evidence rule 02 §7.3 Summaries MUST carry source_event_count (≥1), time_window, generated_by, confidence, source_event_refs. MUST expose drill-down to raw evidence. MUST NOT auto-resolve a problem without a corresponding source *.resolved/*.recovered event. Low-confidence AI summaries flagged, no auto-resolution.
MP-D10 Điều 34 sequencing 06 §S1 Explicit: Master Design Rev2 does NOT depend on Điều 34. Phase 0 may proceed (IU-side gaps only). Phase 1 law/application-workflow extraction MUST EITHER wait on OD1 OR proceed under explicitly-named future Điều XX boundary. Implementation-layer Phase 1 (substrate registries, gateway, etc.) is not gated by OD1.

Revision-2 forbidden compliance (same set as revision 1): Zero PG mutation, zero Directus mutation, zero Qdrant/vector write, zero migration, zero DOT command run, zero law enactment, zero implementation, zero UI deployment, zero final OSS tool selection, zero dot_config gate change, zero direct raw SQL apply.

Patch scope sentinel: Every MP-D1..MP-D10 patch is wording / sentinel / explicit-binding only; none introduces a new architectural component, none redefines a law boundary, none modifies the Phase 0..7 sequencing in 06-… §S20. The reviewer-flagged ambiguities are now resolved at document level; design approval can proceed.


§14. Revision 3 patch log — MP-D11..MP-D15 (document-only, 2026-05-28)

Trigger: Macro IU_4MOTHERS_MASTER_DESIGN_MP_D11_D15_INPUT_KAIZEN_GOVERNANCE_DOCUMENT_ONLY_6000X. Goal: widen the existing Master Design Rev2 so the same infrastructure supports the long-term operating vision (unified MOW hierarchy UI T6→T1; inline staff-grade Kaizen intake; bidirectional read/write flow with explicit staging; MOT as JFT envelope from a matrix; governance at scale for both staff and super-admin / AI-agent ops). Date: 2026-05-28.

ID Topic Files patched Summary
MP-D11 Bidirectional flow + staging input architecture 00 §3 (inv 21/22) + 03 §3.4a + 04 §4.3a + 06 §S18 + §S22 + 08 (full) Read = PG → Directus → Nuxt; Write = Nuxt → backend gateway → staging → processing (direct|workflow) → PG canonical. Nuxt never writes PG; Directus/staging not SoT. Generic input_submission paper schema; input_routing_policy config decides branch; refs-only events input.submitted/validated/rejected/queued_for_canonicalization/canonicalized/routed_to_workflow/audio_transcribed/attachment_indexed. MP-D8 deny-list extends to staging-originated events.
MP-D12 Unified MOW hierarchy canvas T6→T1 00 §3 inv 23 + 02 §6.6 + 06 §S18 + §S22 + 08 §4 Single <MowHierarchyCanvas> component, six tier modes (T6 Lĩnh vực / T5 Công ty / T4 Phòng ban / T3 Chuyên môn / T2 Workflow / T1 Task; T0 Field atomic, NOT a tier). Same card primitive each tier. Tier sources mapped to existing classification + tenant tables (survey pre-Phase-2). Backend permission filter per tier. Canvas is NOT super-admin 20k cockpit.
MP-D13 Inline Kaizen proposal intake 00 §3 inv 24 + 06 §S18 + §S22 + 08 §5 User flow: Đề xuất cải tiến → Thêm/Sửa/Xoá → click vị trí → comment/audio → gửi. Max 5 user-decisions; zero internal vocabulary surfaced to user. Backend auto-captures tier, breadcrumb, target ids, insert position, edge id, IU/bundle refs, workflow/step/task def + run refs, actor + role + department, permission scope, timestamp, W3C trace, screen context, filters, intent. Workflow-graph target → workflow_change_requests; non-workflow target → generic proposal; comment target → task_comments direct. Audio transcription / attachment indexing async via paper worker classes.
MP-D14 MOT/JFT task envelope matrix 00 §3 inv 25 + 04 §4.2a + 06 §S18 + §S22 + 08 §6 Six envelope regions (header / input / reference / instruction / action / state-deadline-escalation). task_template row binds (IU/bundle, MOIT, MOUT, trigger subscription, assignee policy, deadline policy, executor class, state machine, dashboard target, permission scope, escalation policy). JFT semantics: right task / right person/agent / right time / pushed only when actionable / disappears when done / auto deadline + escalation. Exact required-input list for safe mass generation enumerated. MOT remains NOT-an-executor, NOT-approval-owner, NOT-state-machine-owner.
MP-D15 Governance at scale (super-admin + AI/agent ops) 00 §3 inv 26 + 02 §7.9 + 06 §S18 + §S22 + 08 §7 Four separated UI surfaces: (1) Personal JFT Dashboard, (2) MOW Hierarchy Canvas, (3) Governance Cockpit, (4) AI/Agent Ops Console. Cockpit 11 panels (severity-prioritized problem queue, facets, SLO/SLA, heatmaps T6→T1, trend lines, cluster panels, silent worker, DLQ replay, cannot_complete cluster, Kaizen volume + quality, AI/Agent ops summary). AI summaries obey MP-D9 evidence rule. No raw event tail. OSS observability adapters as candidate slots only (Prometheus / OTel / Jaeger / Tempo / Loki / Grafana / Langfuse / Helicone / Phoenix Arize) — no final pick.

Patch scope sentinel (rev3): MP-D11..MP-D15 add explicit invariants (I21..I26), explicit UI surface separation, explicit staging substrate, explicit MOT matrix, explicit governance cockpit content — all paper-only. No law boundary is redefined; no new ownership concern is introduced (future Điều XX referent is unchanged). No PG mutation, no Directus mutation, no Qdrant/vector write, no migration, no DOT command run, no law enactment, no implementation, no UI deployment, no final OSS tool selection, no dot_config gate change, no schema creation, no code generation.

Revision-3 forbidden compliance (verified, same set as revisions 1 and 2): Zero PG mutation, zero Directus mutation, zero Qdrant/vector write, zero migration, zero DOT command run, zero law enactment, zero implementation, zero UI deployment, zero final OSS tool selection, zero dot_config gate change, zero direct raw SQL apply, zero schema creation, zero code generation.

Files touched at revision 3: 00, 02, 03, 04, 06, 07, NEW 08. Files unchanged at revision 3 (still rev 2 / rev 1): 01, 05.


§15. Revision 4 patch log — MP-D16..MP-D22 (document-only, 2026-05-28)

Trigger: Macro IU_4MOTHERS_MASTER_DESIGN_GOVERNANCE_SECOND_ORDER_PATCH_DOCUMENT_ONLY_3000X, driven by GPT review knowledge/dev/reports/architecture/iu-4mothers-master-design-rev3-gpt-review-gaps-mp-d16-d20-2026-05-28.md (verdict REV3_STRONG_BUT_NEEDS_SECOND_ORDER_GOVERNANCE_PATCH). Goal: harden Rev3 against second-order gaps that bite at company scale — tier-axis confusion, governance ops queue, Kaizen noise, direct-canonicalization data-quality, observability minimum, raw-doc OSS reconciliation, survey sequencing. This is a hardening patch, not a rewrite. Date: 2026-05-28.

ID Topic Files patched Summary
MP-D16 Map T6→T1 onto Điều 5 five-tier architecture 00 §3 inv 27 + §3a + 09 §3 Two orthogonal axes: Điều 5 (architecture: Tầng 1 Hạ tầng → Tầng 5 Giám sát) vs T6→T1 (business operating: Lĩnh vực → Task). T6→T1 lives in Tầng 4/5 but depends on Tầng 1/2/3 readiness (never build upper on weak lower). Per-surface readiness matrix (required substrate → status verified_live/KB_reported/paper_only/survey_required/known_gap → blocker). Current: Tầng 1/2 live; Tầng 3 partial (state machine not deployed); Tầng 4 not started; Tầng 5 partial.
MP-D17 Governance problem queue taxonomy + lifecycle 00 §3 inv 28 + §13 sentinel 12 + 02 §7.10 + 06 §S18 + §S23 + 09 §4 Typed governance_problem queue: 16 problem classes (mapped to existing detection sources), 5 severities, 12+3 lifecycle states. Incident/problem/change separation. Acknowledgement≠resolution; mitigation≠verification; no closed without verified; auto-resolve needs source *.resolved/*.recovered/*.healed event (MP-D9). Controls: dedupe/grouping/suppression/snooze/waive-with-approval/escalation/owner/SLA-SLO/impact/drill-down. Paper registries governance_problem(+_event_link/_assignment)/governance_suppression_policy/governance_slo_policy.
MP-D18 Kaizen anti-noise + duplicate-control + review lifecycle 00 §3 inv 29 + 04 §4.3b + 06 §S18 + §S23 + 09 §5 Backend Kaizen review lifecycle (received→…→archived); duplicate detection on 8 dimensions; anti-noise controls (clustering, rate-limit, spam flag, low-quality rejection, merge-with-credit, clarification, friendly rejection); metrics. User flow unchanged (five clicks, zero internal vocabulary). All complexity backend; ordinary staff UI unchanged.
MP-D19 Direct canonicalization policy + data-quality guardrails 00 §3 inv 30 + 04 §4.3b + 06 §S18 + §S23 + 09 §6 Direct branch admits a write only when all 11 allow conditions hold; any deny condition (workflow-graph/IU-body/registry/law change, cross-dept, approval-required, low confidence, abuse) forces workflow branch or refusal. Data lineage (staging↔canonical, source_staging_id, audit join). Retention/PII/security classification; transcription confidence threshold; correction model.
MP-D20 Minimum Observability Profile 00 §3 inv 31 + §13 sentinel 13 + 03 §12 + 06 §S23 + 09 §7 One minimum machine-metric set (schema validation, trace/correlation coverage, lag p50/p95/p99, queue depth, lease timeout, ACK/NACK, retry, DLQ depth+replay, idempotency conflict, heartbeat, silent worker, governance-problem count, Kaizen noise, direct-rejection rate, transcription confidence, agent status, top blocked/cannot_complete clusters). Human-visible (summary/severity/owner/T6→T1 path/impact/age-SLA/next-action/drill-down/evidence-AI) vs machine-only (raw tail/payload/spans/prompts/bytes). Freshness: generated_at, stale labels, no AI replacing evidence, no auto-resolve without source event. Reconciles raw-doc observability emphasis.
MP-D21 Raw PG-event document OSS/tool reconciliation 00 §3 inv 32 + 05 §7 + 09 §8 Reconciliation table for Hasura (sandbox/reject-core), pg-boss/Graphile (reject-substrate-now/future-adapter), Benthos (future-CDC), NATS (future-transport), Redis Streams (future-lightweight), Temporal (future-exec-engine-post-triggers), Camunda (ref/human-adapter), Airflow (batch/ref), Watermill (ref/glue), OTel/Jaeger/Tempo (future-observability), Prometheus/Grafana/Loki/VictoriaMetrics (future-dashboard) — each with verdict + adapter label + "may NOT" boundary + SoT-pointback. No final pick; zero version/CI/dockerfile.
MP-D22 Governance Ops Survey + sequencing 00 §3 inv 33 + §14 + 06 §S20.1 + §S23 + 09 §9 New read-only survey macro IU_4MOTHERS_GOVERNANCE_OPS_SURVEY_DOCUMENT_ONLY_*X (task queues / AI-task+agent-run tables / governance views/logs / heartbeat / dashboards / VPS observability). Updated sequence: (1) Candidate Registry Survey, (2) Tier Registry Survey, (3) Governance Ops Survey, then Phase 0/1 ordering.

Patch scope sentinel (rev4): MP-D16..MP-D22 add explicit invariants (27..33 in 00 / I31..I37 in 09), one tier-axis clarification, one governance problem-queue model, one Kaizen backend lifecycle, one direct-canonicalization gate, one observability profile, one OSS reconciliation table, one new survey — all paper-only. No law boundary redefined; no new ownership concern (future Điều XX referent unchanged). No PG mutation, no Directus mutation, no Qdrant/vector write, no migration, no DOT command run, no law enactment, no implementation, no UI deployment, no final OSS tool selection, no dot_config gate change, no schema creation, no code generation.

Revision-4 forbidden compliance (verified, same set as revisions 1, 2, 3): Zero PG mutation, zero Directus mutation, zero Qdrant/vector write, zero migration, zero DOT command run, zero law enactment, zero implementation, zero UI deployment, zero final OSS tool selection, zero dot_config gate change, zero direct raw SQL apply, zero schema creation, zero code generation.

Source-access limitation (honest): the raw Bắt sự kiện của PG.docx + 4 mẹ mở rộng.txt are not directly readable in this environment; MP-D20/MP-D21 reconciliation uses their KB consolidations (the rev3-gpt-review-gaps report, the gpt-recheck-after-drive-upload report, the assembly-first-open-source-integration-critique) + Rev2 §6.6 checklist. No raw .docx was claimed as read. Live KB design-doc revisions (00..08 rev3/rev2/rev1) were verified to match local before patching (with two minor KB-vs-local divergences found and reconciled: 03 status §3.4a ref, 07 §12 table).

Files touched at revision 4: 00, 02, 03, 04, 05, 06, 07, 08 (cross-link), NEW 09. Files unchanged at revision 4: 01.


§16. Revision 5 patch log — MP-D23..MP-D30 (document-only, 2026-05-28)

Trigger: Macro IU_4MOTHERS_MASTER_DESIGN_INDUSTRIAL_BIRTH_CROSS_LAW_FINAL_PATCH_DOCUMENT_ONLY_XHIGH, driven by GPT cross-law reviews knowledge/dev/reports/architecture/4mothers-preapproval-cross-law-review-mp-d23-d28-gpt-2026-05-28.md (verdict NO_FATAL_CONFLICT_BUT_PREAPPROVAL_CROSS_LAW_PATCH_REQUIRED) + nuxt-template-law-vs-4mothers-master-design-gpt-review-2026-05-28.md (verdict NO_CONFLICT_BUT_NEEDS_TEMPLATE-BINDING_PATCH_BEFORE_FINAL_APPROVAL). Goal: before final design approval, bind the 4 Mothers' industrial object production onto the existing laws that govern templates (Điều 28), birth/collection/species (Điều 0-G/29/36), factory agencies + jurisdiction (Điều 37), approval (Điều 32), and DOT mutation (Điều 35) — so downstream implementation cannot drift into bespoke Nuxt, unregistered collections, duplicate ownership, or "đẻ rơi" at scale. Hardening patch, not a rewrite. Date: 2026-05-28.

ID Topic Files patched Summary
MP-D23 Điều 28 template binding for 4 Mothers UI surfaces 00 §3 inv 34 + §13 sentinel 14 + 02 §6.6 + §7.9 + 10 §3 Every MOW/MOT/MOIT/MOUT/Governance/AI-Ops/Kaizen/Staging/DLQ surface is a registered design_templates row + product-from-template record; config-driven routes (no hardcoded maps); lifecycle draft→testing→active + 8-key checklist + 5/5 tests (trg_template_lifecycle); DOT-template-coverage=0 outside registry; field allowlist; Custom Code Registry for unavoidable new renderer. 10-surface mapping table. No template = no UI.
MP-D24 Điều 36/0-G/29 collection/object birth protocol 00 §3 inv 35 + §13 sentinel 15 + 10 §4 Every Mother-generated object/table/view/registry declares birth_registry + collection_registry + species mapping + governance_role + composition_level. Industrial Birth Contract: factory_intent → pre-birth declaration → APR if required → create via DOT (DOT-COL-REGISTER + dot-species-map; never raw psql) → birth (PEN/STAMP/GATE→certify) → collection/species/role → HC-REG/HC-SCHEMA → active. Uses real law columns; DOT-COLLECTION-CREATE does not exist (D-2).
MP-D25 4 Mothers as governed object factories 00 §3 inv 36 + sentinel 15 + 04 §4.7 + 10 §5 Each Mother = Điều 37 governance_registry type='factory' row + output_target (user/system/assembly) + governance_relations produces/owner edges. can_create / can_reference / must_not_own table per Mother + owner-law-per-child + birth/template/event/governance/DOT contracts + health gates. Reuses the pre-existing Điều 37 factory type — no new machinery. IU referenced-not-copied.
MP-D26 Điều 37 organization / permission / jurisdiction binding 00 §3 inv 37 + sentinel 16 + 02 §7.9 + 10 §6 PARTIAL by law reality. Layer A: Mothers + outputs bound to Điều 37 factory agency + law_jurisdiction (Phạm vi) + relations. Layer B: human-role (staff/dept-lead/super-admin) visibility enforced by Directus role + field allowlist + Điều 32, backend-filtered before Nuxt. Điều 37 does NOT define human org roles (D-1) — a human-org-role/permission law is a flagged future need. Jurisdiction matrix per object type (visible_by/editable_by/approvable_by/governance_owner/escalation_owner).
MP-D27 Constitutional NT14 execution-traceability gate 00 §3 inv 38 + sentinel 16 + 10 §7 15-row matrix (MOW Canvas, workflow def/step, workflow change req, MOT envelope, task template, task run, MOIT contract, input submission, MOUT report, governance problem, Kaizen, AI/Agent ops, DLQ replay, realtime topic): requirement → PG table/registry → birth/collection/species → Đ28 template → DOT/API mutation → event/queue → approval → health/verify → rollback. No hand-waved cell. NT14's 6 readiness questions are the constitutional checklist (D-5).
MP-D28 Assembly-first reuse decision tree 00 §3 inv 39 + 06 §S18 reuse table + §S24 + 10 §8 Q0–Q7 reuse-before-create tree (PG → Directus → OSS → code). Rev5 introduces no new tables — every binding is a row in an existing law registry. One flagged duplicate-ownership risk: human-org-role law (assigned to future macro, not absorbed).
MP-D29 Industrial factory safety gates / no "đẻ rơi" 00 §3 inv 40 + sentinel 15 + 10 §9 12-gate birth pipeline + 7 hard invariants (no anonymous/UNKNOWN object; no active without birth+collection/species+owner law; no UI active without Đ28 lifecycle; no event without registry; no job without executor class; no mutable change bypassing Đ32/DOT) + 9-item factory-rejects list, each mapped to a live detector. "Đẻ rơi" = law terms orphan/phantom/nhầm chuồng (D-3).
MP-D30 Agent self-review / double-check gate 00 §3 inv 41 + 10 §10 PASS/PARTIAL/BLOCKED per MP (7 PASS + MP-D26 PARTIAL) + exact gaps (human-org-role law; Điều 36 DRAFT maturity; Appendix testing-state divergence; CRS dependency; ai_tasks/agent_run survey). Overall PARTIAL, non-blocking. Recommend APPROVE as document-only baseline + track future law separately.

Reported divergences (live KB wins over macro prompt; 10-… §2.3): D-1 Điều 37 defines no human org roles (factory/jurisdiction yes; staff/dept-lead/super-admin no) → human-org-role law flagged future. D-2 DOT-COLLECTION-CREATE does not exist → use DOT-COL-REGISTER + dot-species-map + DOT+APR. D-3 "đẻ rơi" not a law term → orphan/phantom/nhầm chuồng. D-4 artifact_kind not a law column → design descriptor backed by species_code+composition_level+collection_name. D-5 Constitution has 15 NT (not 13/14); the "6 questions" = NT14 execution-readiness.

Patch scope sentinel (rev5): MP-D23..D30 add explicit invariants (34..41 in 00), three cross-law sentinels (14..16 in 00 §13), one cross-law constitutional review, one factory matrix, one Industrial Birth Contract, one Đ28 surface→template mapping, one Điều 37 jurisdiction matrix, one NT14 traceability matrix, one assembly-first reuse tree, one no-đẻ-rơi reject list, one self-review — all paper-only. No new runtime table is proposed (reuse-only: design_templates/birth_registry/collection_registry/governance_registry). No law boundary is redefined; the only newly-surfaced future-law candidate (human-org-role/permission) is explicitly separate from the existing future Điều XX referent. No PG mutation, no Directus mutation, no Qdrant/vector write, no migration, no DOT command run, no law enactment, no implementation, no UI deployment, no final OSS tool selection, no dot_config gate change, no schema/collection/template creation, no code generation, no runtime object creation.

Source-access note (honest): the four GPT review reports (items 11–14) and the binding laws (Điều 28 + Appendix A, Điều 0-G, birth-procedures, Species Taxonomy, Điều 29, Điều 36, Điều 37, Constitution v4.6.3 + NT list, Điều 7) were read directly in full from the live Incomex_KB. Local design docs 00..09 were read in full and verified consistent with the live KB rev4 state before patching; any KB drift at a patch anchor surfaces as a patch_document old_str not found and is reconciled via get_document_for_rewrite.

Revision-5 forbidden compliance (verified, same set as revisions 1–4 + the rev5 additions): Zero PG mutation, zero Directus mutation, zero Qdrant/vector write, zero migration, zero DOT command run, zero law enactment, zero implementation, zero UI deployment, zero final OSS tool selection, zero dot_config gate change, zero direct raw SQL apply, zero schema creation, zero collection creation, zero template creation, zero runtime object creation, zero code generation.

Files touched at revision 5: 00, 02, 04, 05, 06, 07, 08 (cross-link §15), 09 (cross-link §4.8), NEW 10. Files unchanged at revision 5: 01, 03.


End macro report.