Incomex AI Portal
KB-3EB5

New IU 1 — Read-only PG / Cell Carrier & Reuse Map (current-pass verified)

24 min read Revision 1
laws-newnew-iusurveycarrier-mapreuse-matrixread-onlycurrent-passpg-firstthin-contractanti-islandone-roofnon-authorizing2026-06-21

New IU — Macro 1: Read-only PG / Collection / Cell Carrier & Reuse Map

Path: knowledge/dev/laws-new/new-iu/survey/01-new-iu-readonly-pg-cell-carrier-and-reuse-map.md Date: 2026-06-21 Macro: NEW_IU_1_2 — Phase 1 (read-only carrier mapping + old-IU reuse verification). Authority class of THIS document: DOCUMENTARY-EVIDENCE + DESIGN-INFERENCE. Engineering survey only. This document authorizes nothing. KB admission ≠ runtime registration. Engineering PASS ≠ Owner-authority PASS. Mutations performed: 0 (read-only query_pg against DB directus + read-only KB reads only). No DDL/DML, no Directus/Qdrant/DOT/approval/owner/law/runtime change. Survey verdict: READY_FOR_LOGICAL_DESIGN with exact named gaps (§9). The logical-architecture deliverable (design/01-new-iu-logical-architecture.md) may proceed; every gap below remains Owner-gated / HOLD for later (non-runtime) phases.

1. Source recovery summary

1.1 New-IU baseline (governed, KB)

Doc KB rev Body rev Authority Role
new-iu/dat-van-de-sua-iu.md 2 DRAFT / non-authorizing Problem statement: old IU drifts into a "vương quốc riêng" (own kingdom); New IU = thin Subject Contract on PG/Matrix/Lego/One-Roof.
new-iu/de-bai-mieng-thong-tin-moi-lego.md 15 (store) rev3 (body label) DRAFT / non-authorizing Solution brief. Options A/B/C; C = thin Smart-Brick contract recommended. 3-layer split, anti-island (§9), reuse matrix (§7), Phase 0–5, 10 Owner questions, 5 next macros.
new-iu/approval-note-...md 1 APPROVED_FOR_NEXT_PHASE / NON-AUTHORIZING_FOR_RUNTIME Approves the direction & brief; forbids runtime/build/migration/owner-assignment/promote. Next allowed = decision ballot OR NEW-IU-1 read-only mapping (this macro).
new-iu/delegated-approval-rule-gpt-codex-consensus.md 1 NON-AUTHORIZING (process rule) GPT+Codex consensus may approve documentary/design/read-only steps without a human-Owner turn; cannot fill owner-of-record, change governance state, or authorize runtime.

Reconciliation note (documentary vs current): the brief's KB store-revision counter reads 15, but the body self-identifies as rev3 (patched per Codex re-review RR2-01/02/03; closed 8 IU-REV issues). The store counter counts patch operations; the content version is rev3. No conflict — both refer to the same latest content. (Mission prompt's "rev15" = the store counter.)

1.2 /laws-new/ controlling materials (governed, KB) — all read

README (rev4), de-bai-cai-tien (rev33), matrix-refactor-implementation-plan (rev5), matrix-refactor-quick-rules (rev8), matrix-stamp-governance-addendum (rev14); F-packets F1/F2/F3/F4/F5/FX; newlaws/LAW_READING_INDEX (rev2); amendment drafts Đ33/Đ36/Đ38-v3/L4; collections-usage-handbook (Macro-9A1, DOCUMENTARY-EVIDENCE). All 17 located and read in full; none ABSENT.

Authority roll-up: ENACTED-LAW = Điều 39 KG v2.3, Đ33 v2.1, Đ0-G v1.0 (in architecture/, referenced not edited). DRAFT-NON-ENACTING = README, de-bai-cai-tien, implementation-plan, quick-rules, stamp-addendum, F4, F5, all 4 amendment drafts. NON-AUTHORIZING-COMPAT = F1, F2, F3, FX, LAW_READING_INDEX. DOCUMENTARY-EVIDENCE = collections-usage-handbook.

1.3 Old-IU evidence (governed, KB) — recovered

Primary LIVE-AUDIT: reports/architecture/iu-text-as-code-smart-brick-foundation-live-audit-master-roadmap-2026-06-01.md. Supporting: One-Roof governance IU coverage (.../03-information-unit-governance-coverage.md, .../05-iu-open-axis-final-hardening.md, .../12-...-iu-integration-scaffold.md, .../26-op-b-iu-owner-decision-packet.md); F2 execution report (laws-new/reports/f2/...-2026-06-16.md); Text-as-Code design (laws/dieu44-trien-khai/design/23-p1-..., requirements/p3d-...); IU-DOT completeness (...iu-dot-operational-completeness.md, 2026-05-29); fn_iu_create survey (2026-05-20); vector-sync foundation docs. All counts in those docs are DOCUMENTARY (snapshot 2026-05-06 → 2026-06-16); re-verified live below.

2. Current-pass verification method

All "current-pass" facts below were produced in this macro on 2026-06-21 by the read-only PG channel:

  • Tool: mcp__claude_ai_Incomex_VPS__query_pg, database directus.
  • Guardrails (tool-enforced): single SELECT, AST-validated, executed in a READ ONLY transaction as a read-only role, statement_timeout 5s, hard LIMIT 500. No writes/DDL possible.
  • BEGIN…ROLLBACK was not required (no mutation tested); no idle-transaction risk.
  • Estimator vs exact: a first pass used pg_class.reltuples (gave stale 47/288/3/4 for catalog/dot_tools/staging); a second pass used exact COUNT(*). Exact counts are authoritative and are what is reported here.
  • Negative/fail-open test: the write gateway was probed only by reading config (dot_config), not by attempting an insert. The gateway posture (enforced, block_after_guard, enact requires review) is read-evidence, not a live injection test; a true bad-input injection test is deferred to a later, explicitly-safe phase (it is NOT needed for this read-only mapping and would require touching the write path).

Distinction discipline used throughout: ENACTED-AUTHORITY · DRAFT-NON-ENACTING · NON-AUTHORIZING-COMPAT · DOCUMENTARY-EVIDENCE · CURRENT-PASS-LIVE-PROOF · DESIGN-INFERENCE.

3. Live / read-only evidence used (current-pass, 2026-06-21, DB directus)

3.1 Exact row counts (COUNT(*))

Object Count Note
public.information_unit 219 the IU subject carrier
public.unit_version 226 version/commit (INSERT-only)
iu_core.iu_staging_record 15 LIVE — HOLD-1 resolved (see §3.4)
iu_core.iu_staging_payload 32 LIVE
public.dot_tools 309 Đ35 registry SSOT
public.dot_iu_command_catalog 54 parallel IU DOT registry (island)
public.governance_object_ownership 0 deciding blocker — confirmed today
public.iu_relation 60 IU-native edges
public.universal_edges 2199 shared KG edge table
fn_iu* functions 117 112 in public + 5 in iu_core (was 96 documentary → grew)

birth_registry ≈ 1,194,939 (reltuples); meta_catalog 169; collection_registry 166 (reltuples).

3.2 information_unit shape & distributions (219 rows)

  • Columns (PK id uuid): canonical_address text, unit_kind text, lifecycle_status text, content_anchor_ref text, version_anchor_ref uuid, owner_ref text, parent_or_container_ref uuid, conformance_status text, identity_profile jsonb, audit cols (created_*,updated_*,deleted_at), sort_order int, doc_code, section_type, section_code. No content-hash column.
  • unit_kind: law_unit 187, design_doc_section 32 (only 2 of 9 designed kinds live).
  • lifecycle_status: enacted 146, draft 58, deprecated 12, retired 3 → lifecycle is actively exercised; supersession/retire path is real (not stuck).
  • conformance_status: open for all 219 → the conformance gate never closes (REPAIR target).
  • owner_ref: 21 distinct, 0 NULL → fully populated free-text, 0 governed (island).
  • version_anchor_ref: 0 NULL → HEAD pointer always set (current/head works live).
  • canonical_address: 0 NULL → stable address always set.

3.3 Relations (current-pass) — decisive for the KG decision

  • iu_relation (60): relation_type = contains for all 60; all 60 carry non-null provenance, assertion_mode, confidence (plus evidence jsonb, bitemporal valid_time tstzrange, uuid source_unit_id/target_unit_id). → IU-native edges are provenance-bearing and uuid-keyed, but only 1 of ~6 edge types is populated.
  • universal_edges (2199): provenance non-null = 0 (Đ39 provenance gap, confirmed); edges touching information_unit = 0; edge_type distinct = 3; keyed on source_collection/source_id integer/source_code (+target). → Identity-type impedance mismatch: universal_edges.source_id is integer, but information_unit.id is uuid. universal_edges currently carries no IU content and no provenance.

3.4 Staging (HOLD-1) — current-pass resolution

iu_core.iu_staging_record (15 cols, 15 rows) and iu_core.iu_staging_payload (32 cols, 32 rows) exist and are populated today. The F2 HOLD-1 ("staging UNKNOWN → likely-LIVE, needs Phase-1 verify") is RESOLVED: staging IS live. However the operator runtime is gated OFF (§3.5), so "live table" ≠ "live write path."

3.5 Gate posture (current-pass, dot_config, 2026-06-21) — substrate is in safe HOLD

  • Write path fail-closed: iu_create.gateway.mode=enforced, direct_insert_policy=block_after_guard, canonical_function=fn_iu_create(...), marker_key=app.canonical_writer (allowed markers: fn_iu_create,fn_iu_apply_edit_draft,fn_iu_enact,fn_iu_structure_op,fn_iu_retire,fn_iu_supersede).
  • iu_enact.mode=enforced, iu_enact.allow_no_review_decision=false (enact requires a review decision — fail-closed); iu_edit.policy.default_mode=require_review.
  • Runtime surfaces OFF: iu_core.operator_runtime_enabled=false, vector_sync_enabled=false, structure_ops_enabled=false, composer_enabled=false, delivery_enabled=false, retention_enabled=false, auto_instantiate_enabled=false, three_axis_auto_refresh_enabled=false.
  • DOT/queue OFF: process_dot_runtime.{dry_run_only=true, execute_enabled=false, real_run_enabled=false}; piece_event_runtime.emit_enabled=false; queue.worker.enabled=false, queue.dlq.replay_enabled=false.
  • A few non-mutating helpers ON: iu_core.routes_master_enabled=true, route_worker_enabled=true, hc_auto_close_enabled=true, queue.heartbeat.enabled=true.

Interpretation (current-pass): the IU substrate is presently in a fail-closed, runtime-OFF posture consistent with /laws-new/ "Default = HOLD." This is a safety confirmation, not a green light.

4. PG / Collection / Cell carrier candidate map

Question answered: what can carry New IU without rebuilding storage? For each candidate: can carry / cannot carry / partial, and why.

Role in New IU Carrier candidate (live object) Verdict Why
Stable logical subject public.information_unit (uuid PK) CAN CARRY (after repair) 219 live rows, stable uuid identity, canonical_address 0-null. Repairs: conformance_status stuck open; owner_ref is a free-text island (§5).
Version / commit (immutable history) public.unit_version (INSERT-only) CAN CARRY (verify) 226 rows; HEAD pointer version_anchor_ref 0-null. Missing base_version_ref + UV-level lifecycle_status for full diff/merge (design-only today).
Current / head / supersession information_unit.version_anchor_ref + content_anchor_ref + lifecycle_status CAN CARRY HEAD always set; lifecycle_status exercises enacted/draft/deprecated/retired live. No separate resolver service yet (projection/view to add at design time).
Semantic payload boundary / metadata information_unit.identity_profile jsonb (+ unit_version body) CAN CARRY jsonb gives thin-contract metadata room without new columns/tables.
Carrier reference to non-PG payload canonical_address text (kb path / qdrant ref) + iu_qdrant_collection_registry CAN CARRY (gated) Address discipline live; vector projection isolated but vector_sync_enabled=false.
Candidate / pre-promote staging iu_core.iu_staging_record + iu_staging_payload CAN CARRY (reference-only, gated) LIVE (15/32) — HOLD-1 resolved. But operator_runtime_enabled=false; candidate-packet should be a view/projection (candidate_id+packet_hash), not a new store.
Cell / matrix placement attribute on meta_catalog / collection_registry (per implementation-plan) PARTIAL — DO NOT MATERIALIZE cell_id/dot_role/Species-Matrix must not be materialized while CONS-003 + CELL-003/004/007 open (Đ33/Đ36 amendments).
Relations / KG iu_relation (uuid, provenance-bearing) vs universal_edges (integer, 0-prov, 0 IU edges) PARTIAL — KG TARGET UNDECIDED See §3.3: universal_edges has a uuid/integer mismatch, no provenance, no IU edges. iu_relation is the better-fit native edge but single-type. Do not preselect universal_edges. Keep IU-native edge UUID + governed read-only projection as a live option.
Birth / identity root public.birth_registry (FROZEN) + inspect_pen/stamp/gatecertified CAN CARRY (shared, output-at-promote) INSERT = uncertified TEMP; canonical birth + BIRTH_STAMP = OUTPUT at promote (F4). No second birth system.
Owner of record public.governance_object_ownership CANNOT CARRY YET (0 rows) The cure for owner_ref, but 0 rows + Owner-gated (OP-B). Target-reference-blocked.
Registry (DOT) public.dot_tools (309, Đ35) CAN CARRY Migrate dot_iu_command_catalog (54) → dot_tools Tier-A paired_dot; only a read-only compatibility view allowed.
Approval / review approval_requests / APR (Điều 32) CAN CARRY (route through) 0 approval_requests reference IU today; route IU review through Đ32 rather than an IU-local approval.
Audit / event / changelog event_outbox, registry_changelog, system_issues, governance_audit_log CAN CARRY (log/provenance only) Shared sinks; not stamp stores, not packet stores.

Bottom line: PG/collection/cell can carry every storage role New IU needs. The only roles that cannot be carried today are owner-of-record (governance_object_ownership=0) and a decided KG edge target — both are governance/decision gaps, not storage gaps. No new storage island is required.

5. Old-IU asset reuse matrix (current-pass annotated)

Reuse classes: REUSE_AS_IS · REUSE_WITH_WRAPPER · REUSE_AFTER_VERIFY · REUSE_AFTER_REPAIR · REFERENCE_ONLY · MIGRATE_THEN_DEPRECATE · DEPRECATE_OR_AVOID · DEFER. Hard rule (from brief §7): an asset is REUSE_AS_IS only with current-pass evidence + no semantic/governance/schema repair + no island risk. Result: 0 assets qualify as REUSE_AS_IS — even current-pass-live assets carry governance or semantic debt.

Asset Current-pass status (2026-06-21) Reuse class Repair / island note
information_unit LIVE 219; conformance all-open; owner_ref island REUSE_AFTER_REPAIR repair conformance gate + replace owner_ref binding
unit_version LIVE 226; HEAD 0-null REUSE_AFTER_VERIFY add base_version_ref / UV lifecycle_status for diff/merge (later)
canonical_address / version_anchor_ref / content_anchor_ref LIVE, 0-null REUSE_WITH_WRAPPER HEAD/current resolver = add read-only view
lifecycle_status LIVE, 4 states exercised REUSE_AFTER_VERIFY confirm transition authority lives in shared promote, not IU-local
conformance_status open for all 219 REUSE_AFTER_REPAIR gate never closes; bind close to checker verdict
owner_ref 21 distinct, 0 governed DEPRECATE_OR_AVOID island #1 → governance_object_ownership (OP-B)
fn_iu_create / fn_iu_enact / fn_iu_apply_edit_draft LIVE, gateway enforced REUSE_AFTER_REPAIR (wrapper) strong atomic birth; wrap, don't fork
fn_iu_supersede / fn_iu_retire LIVE (wrappers exist) REUSE_WITH_WRAPPER current-resolver leg
fn_iu_compose / fn_iu_collection_render / fn_iu_reconstruct_source LIVE, 0-drift reconstruct (documentary) REUSE_WITH_WRAPPER render = build artifact, not subject
iu_relation LIVE 60, all contains, all provenance-bearing REUSE_WITH_WRAPPER (projection) best-fit IU-native edge; single edge type
universal_edges LIVE 2199, 0 prov, 0 IU edges, integer-keyed REUSE_AFTER_REPAIR / VERIFY_AS_SHARED_TARGET not yet fit as IU KG target; uuid mismatch
iu_three_axis_envelope LIVE 216, hardcoded 3 axes MIGRATE_THEN_DEPRECATE island #3 (SB-3); generalize to Axis Registry first
dot_iu_command_catalog / dot_iu_command_run LIVE 54 / 55 MIGRATE_THEN_DEPRECATE island #2 → dot_tools; read-only compat view only
iu_staging_record / iu_staging_payload LIVE 15 / 32 (HOLD-1 resolved) REFERENCE_ONLY (gated) reuse as shared kho-tạm; runtime gated OFF
iu_piece_collection / iu_piece_membership LIVE 44 / 227 REUSE_WITH_WRAPPER piece/bundle substrate
iu_vector_sync_point / iu_qdrant_collection_registry LIVE 152 / 1; vector_sync_enabled=false REUSE_WITH_WRAPPER (gated boundary) per-IU vector boundary is a strength
IU-family events (registry) registered; emit_enabled=false REUSE_AFTER_REPAIR registered ≠ emitting; wire via Đ45
governance_object_ownership (target for owner) 0 rows, gated TARGET_REFERENCE_BLOCKED OP-B Owner decision
fn_iu_diff / blame / revert / patch / 3-way merge / lint / impact; unit_proposal DESIGN-ONLY / MISSING DEFER Text-as-Code engine = Phase 5
SB-1/SB-2 + APR action-type / Registries-Pivot scaffold DESIGN-ONLY REFERENCE_ONLY reuse the pattern, not a build
Directus / Nuxt IU packages not surveyed live DEFER out of this read-only scope

6. Boundary classification

Every New-IU concern assigned to exactly one layer (no concern owned twice):

  • Carrier (PG owns): information_unit, unit_version, anchors, identity_profile, iu_piece_*, staging tables, vector registry. Storage + identity + relation rows + audit + classification.
  • Subject Contract (New IU OWNS — Layer A): stable logical id, carrier reference, current/head/supersession semantics, semantic payload boundary, minimal Text-as-Code/KG/context/release metadata, references (verdict/foreign) to shared artifacts.
  • Shared IO envelope (Layer B — REFERENCE only): io_contract.v0.1 (5-field: nhận·trả·schema_min·fail·rollback), formula/assembly interface, cell/matrix placement, checker integration shape.
  • Shared checker/promote envelope (Layer C — REFERENCE only): verdict-only checker, stamp ledger (birth_registry inspect_*), Atomic Promote Contract, rollback.
  • Governance (shared): governance_object_ownership, governance_role, governance_audit_log, Điều 32 APR. No IU-local governance.
  • KG (shared, undecided target): iu_relation (native) and/or universal_edges / Điều 39; projection-only, owner+provenance+liveness verified first.
  • DOT / event (shared): dot_tools (Đ35), event_outbox/Đ45. No second writable IU DOT catalog.
  • Render / vector (projection): fn_iu_compose/collection_render, iu_vector_sync_point + Qdrant. Output = projection of the unit, never the subject.

7. Gaps between old IU and /laws-new/

  1. Owner model. Old IU = owner_ref free-text (21 ungoverned). /laws-new/ One-Roof = governance_object_ownership (0 rows). Gap = owner-of-record unassigned (OP-B). Governance decision.
  2. DOT registry. Old IU = dot_iu_command_catalog (54, parallel). /laws-new/ Đ35 = single dot_tools (309). Gap = migration + read-only compat view. Decision + later migration.
  3. Axis model. Old IU = iu_three_axis_envelope hardcodes 3 axes. /laws-new/ = open Axis Registry, no cell_id materialization while CONS-003/CELL open (SB-3). Decision + design.
  4. KG target. Old IU = iu_relation (uuid, provenance) island, excluded from universal_edges. /laws-new/ Điều 39 = shared KG but runtime-empty + universal_edges 0-prov/0-IU/integer-keyed. Gap = substrate not verified, target not chosen. Verify-first.
  5. IO Contract source (CONS-002). Thin 5-field IO vs Module-Contract-First (MT0A/MT0B) — unresolved which source wins. Must close before Layer-A spec build.
  6. Conformance gate. conformance_status open for all 219 — never closes. /laws-new/ checker is verdict-bound. Gap = bind close to checker. Technical readiness.
  7. Atomic promote (HOLD-2). No real atomic promote transaction exists; canonical birth + BIRTH_STAMP are supposed to be promote outputs. Technical readiness (cannot be waived).
  8. Approval routing. 0 approval_requests reference IU; review must route through Đ32 (or be a recorded adapter exception). Decision.
  9. Text-as-Code engine. diff/blame/revert/patch/merge/lint/impact + unit_proposal are DESIGN-ONLY / MISSING → deferred to Phase 5. Scope deferral.

8. Risk list

  • Island risk (HIGH): owner_ref, dot_iu_command_catalog, iu_three_axis_envelope, IU-local approval/audit/event are existing kingdoms. Mitigation = anti-island §9 of brief is a hard gate; dissolve into shared substrate (NEW-IU-2).
  • Hardcode risk (HIGH): materializing cell_id/dot_role/Species-Matrix or pinning the 3-axis model before CONS-003/CELL close. Mitigation = no materialization; open Axis Registry.
  • Fail-open risk (currently LOW, must stay): write gateway is enforced/block_after_guard, enact requires review, runtime flags OFF (current-pass). RISK-BYPASS (fn_auto_approve_add, fn_birth_gate warn-mode) remains a documented residue to handle before any real promote. No live injection test was run this pass (would touch write path) — fail-open is not disproven by test, only not observed in config.
  • Authority risk (HIGH): governance_object_ownership=0 → no owner can authorize promote; everything stays HOLD. Delegated GPT+Codex rule cannot fill this.
  • Stale-snapshot risk (mitigated this pass): documentary counts (2026-06-01) re-verified current-pass; reltuples estimates were stale and were overridden by exact counts. HOLD-1 re-checked live.
  • KG-preselection risk (HIGH if ignored): picking universal_edges as IU KG target would inherit a uuid/integer mismatch + 0 provenance. Mitigation = verify-first, keep IU-native edge option.

9. Verdict

READY_FOR_LOGICAL_DESIGN — exact gaps named (§7), all Owner-gated or technical-readiness, none blocking a read-only / design-only logical architecture.

Exact gaps carried forward (none blocks logical design; all block runtime/build):

  • Governance decisions (Owner can decide): OP-B owner model; DOT migration confirm; SB-3 axis generalization; CONS-002 IO source; CONS-003 + CELL-003/004/007 tiers/cells; Đ32 approval routing; KG-target choice after verify.
  • Technical-readiness obligations (cannot be waived): HOLD-2 atomic promote; checker fail-closed + conformance-close binding; RISK-BYPASS; Điều 39 substrate verification; TTL/cleanup/rollback; no-new-store proof.

Posture: Default HOLD. This survey authorizes nothing beyond producing the companion logical-architecture document. KB admission ≠ runtime registration.