Macro-9A1 — Collections Usage Handbook — Execution Report
Mission: R2-B2-MACRO-9A1-COLLECTIONS-USAGE-HANDBOOK-2026-06-19
Type: Read-only collection/table inventory + operator handbook (follows Macro-9A0 DOT handbook; produced before Codex reviews dot-manage + collections-manage).
Evidence date: 2026-06-19 · fresh query_pg READ ONLY + list_docker + AgentData KB read. 0 mutating calls to the substrate. Only KB writes = the 3 documents below.
Method: read the 7 required governance files directly from the KB (main process), then ran fresh read-only metadata queries against DB directus (pg_class, information_schema, collection_registry, dot_config, pg_trigger, pg_database). The 382-object inventory + per-object Nhóm/Read-Write/Authority/Status were produced by a deterministic projection over pg_class + collection_registry.governance_role + name heuristics + runtime gates. Nothing was executed. The handbook was assembled and then read back from KB and verified byte-identical (90,865 chars, 382 rows, 19 sections).
STATUS
PASS_WITH_CAVEATS — the handbook is useful immediately and grounded in live read-only evidence. Incompleteness is bounded and disclosed:
- C-1: per-object
Read/Write/Authority/Status/Nhóm are inferred from registry columns + name family + runtime gates — nothing executed to confirm.
- C-2:
cutter_governance (24t) + sandbox_tac (8t) are READ-DENIED to the operator role (permission denied for schema) → their contents are unverified; classification is by name/metadata only. Directus-metadata visibility for these = PARTIAL.
- C-3: 685
public views are summarized by family (§4), not row-listed (the §5 inventory is the 382 base tables/matview/foreign). ~20 qt001_* tables + 4 loose objects are marked needs-triage.
- C-4: row counts are
pg_class.reltuples planner estimates (e.g. dot_tools=288 est vs 309 registry SSOT); -1=never-analyzed, not empty.
- C-5: other DBs (
incomex_metadata, workflow, directus_gov_test_20260602, postgres) were not inventoried (substrate scope = directus).
Engineering PASS ≠ Owner authority PASS. This report and the handbook grant nothing, enact nothing, create no collection/table, select no channel/owner, and authorize no build. Default = HOLD.
OUTPUTS
| Path |
Revision |
content_length |
Status |
| knowledge/dev/laws-new/newlaws/collections-manage/collections-usage-handbook.md |
6 |
90865 |
created+patched · read back ✓ byte-identical |
| knowledge/dev/laws-new/newlaws/collections-manage/README.md |
1 |
~1700 |
created · read back ✓ |
| knowledge/dev/laws-new/newlaws/collections-manage/reports/macro9a1-collections-usage-handbook-execution-report-2026-06-19.md |
1 |
(this file) |
created · read back ✓ |
The handbook was uploaded in one create + 5 anchored patch_document appends (sentinel pattern), then get_document_for_rewrite confirmed the KB copy equals the local deterministic build exactly (diff = 0). No collection/table/schema created in Directus or Postgres. No dot_operator_catalog / collection_operator_catalog created.
SOURCES SEARCHED
| Source |
Status |
Count / evidence |
KB: dot-manage/README.md, dot-usage-handbook.md, 2 macro9a0 reports |
✅ read |
DOT-only rule, §15 schema verdict, format mirrored |
KB: architecture/birth-registry-law.md, laws/dieu32-approval-law.md, ssot/operating-rules.md |
✅ read |
Birth/APR/OR governing rules |
pg_database |
✅ |
5 DBs: directus, directus_gov_test_20260602, incomex_metadata, postgres, workflow |
pg_class/pg_namespace (DB directus) |
✅ |
382 base objects (380 tables + 1 matview + 1 foreign) across public/iu_core/cutter_governance/sandbox_tac; +685 public views, 12 cutter views, 2 iu_core views |
information_schema.schemata |
✅ |
shows only public+iu_core to operator role (privilege signal) |
collection_registry |
✅ |
166 rows; governance_role/storage_role/source_kind/group used for classification |
directus_collections |
✅ |
164 registered collections (incl. folder-only) |
dot_config (runtime gates) |
✅ |
process_dot_runtime + iu_core.* + iu_create.gateway.* — all mutating gates OFF/enforced |
information_schema.routines + pg_trigger |
✅ |
618 functions, 1 procedure, 410 triggers/179 tables, 171 birth triggers |
governance_object_ownership / table_proposals / iu_core.iu_staging_record |
✅ |
0 / 0 / 15 rows |
Probe SELECT on sandbox_tac / cutter_governance |
⚠️ DENIED |
InsufficientPrivilege: permission denied for schema → read-denied confirmed |
list_docker |
✅ |
11 containers; incomex-directus, postgres:16, pg-restore-test-*, agent-api-executor :8090 healthy |
COUNT SUMMARY
| Dimension |
Count |
Databases (DB directus = substrate) |
5 |
Non-system schemas in directus |
4 (public, iu_core, cutter_governance, sandbox_tac) |
| Base objects row-listed (§5) |
382 (380 tables + 1 matview + 1 foreign) |
public tables / views / matview / foreign |
346 / 685 / 1 / 1 |
cutter_governance tables / views (read-denied) |
24 / 12 |
sandbox_tac tables (read-denied) |
8 |
iu_core tables / views |
2 / 2 |
| Directus-registered collections |
164 |
| Functions / procedures / triggers / birth triggers |
618 / 1 / 410 / 171 |
governance_object_ownership rows |
0 |
GROUP SUMMARY (sums to 382)
| Group |
Confirmed count |
Production-critical |
Staging/draft/candidate |
Need triage |
| A · Directus system metadata |
27 |
15 |
0 |
0 |
| B · Production business data |
93 |
5 |
0 |
0 |
| C · Birth/certification/inspect |
11 |
5 |
0 |
0 |
| D · KG/universal_edges/provenance |
13 |
1 |
0 |
0 |
| E · IU/cell/context/editing |
82 |
0 |
0 |
0 |
| F · DOT/governance/registry |
76 |
23 |
0 |
19 |
| G · Workflow/cron/monitor |
42 |
5 |
0 |
0 |
| H · Staging/draft/candidate/workbench |
17 |
0 |
17 |
0 |
| I · Audit/log/evidence |
14 |
3 |
0 |
1 |
| J · Backup/snapshot/migration |
3 |
0 |
0 |
0 |
| K · Dangerous/forbidden/frozen |
0 |
0 |
0 |
0 |
| L · Unknown/need-triage |
4 |
0 |
0 |
4 |
| Total |
382 |
57 |
17 |
24 |
K=0 as a row-group because the dangerous surfaces are tables flagged inline (birth_registry = production-critical/Forbidden-direct; birth permits/ledgers = monitored) plus the 3 dangerous DOTs documented in §14 (which live in the DOT handbook, not as collections).
CRITICAL VERDICTS
| Question |
Answer |
Evidence |
| Is Directus/Postgres/schema a DOT-only zone? |
Yes |
DOT handbook §3; runtime mutating gates all OFF (process_dot_runtime/iu_core); §3 of new handbook |
| Is manual SQL/psql a valid path? |
No — forbidden |
§3 / §14; inherited from DOT-only discipline |
| How many collections/tables exist, and where? |
382 base objects in 4 schemas of DB directus (+685 public views) |
pg_class enumeration (§4/§5) |
| Which are production-critical / do-not-touch? |
57 (RBAC, governance SSOTs, big live tables) |
§7; birth_registry 1.19M, directus_revisions 578 MB, etc. |
| Are collection/schema changes only via DOT? |
Yes |
stated per row + §3 + §13 (functions/triggers deployed by DOT, not hand-CREATEd) |
| Can the operator read every schema? |
No |
cutter_governance + sandbox_tac → permission denied for schema (PARTIAL) |
STAGING / WORKBENCH VERDICT
| Question |
Answer |
Evidence |
| Does a run-scoped, disposable, delete-fast R2-B2 workbench collection/table/schema exist? |
🟥 NO |
§8/§16; no public %staging% table; sandbox_tac is persistent+read-denied; iu_core staging = IU content (gate OFF) |
Is sandbox_tac a usable workbench? |
No |
persistent (not run-scoped/disposable), read-denied, owner-unknown; fails Macro-8 SB-4 |
Are iu_core.iu_staging_* Postgres-DDL staging? |
No |
IU content staging (15 records); iu_core.operator_runtime_enabled=false |
| Is there an owner of record for a workbench? |
No |
governance_object_ownership = 0 rows |
| What is missing? |
One authorized run-scoped staging-schema DOT (Macro-9B) + an owner row |
§16; matches DOT handbook §15 |
FORBIDDEN PATHS CONFIRMED
| Path |
Status |
Evidence |
Manual psql / docker exec -i postgres psql on directus |
FORBIDDEN |
§3 / §14 (DOT-only zone) |
| Hand-written DDL/DML; SQL staged for human run |
FORBIDDEN |
§3 |
| Directus generic collection/table create for schema |
FORBIDDEN |
§3 / §14 |
dot-birth-trigger-setup / dot-birth-backfill |
FROZEN |
§14 (from DOT handbook §13) |
dot-schema-birth-registry-ensure |
MONITORED |
§14 |
Direct write to birth_registry / RBAC tables |
FORBIDDEN / gateway |
§14 |
| Secrets/tokens/credentials in KB |
NOT WRITTEN |
none present in any of the 3 docs |
MACRO-9B IMPLICATIONS
- Do NOT build a workbench on existing collections. No existing collection/table/schema is a run-scoped, disposable, prod-untouched, delete-fast store; the closest (
sandbox_tac) fails every SB-4 property and is read-denied/owner-unknown.
- Macro-9B precondition (recommended): author/harden one run-scoped staging-schema DOT — staging-only, allowlist-guarded (
CREATE SCHEMA/DROP SCHEMA … CASCADE on a run-scoped name only), reject prod public, abort-on-drift, delete-fast — Owner-authorized, runtime gate opened explicitly. This is the same precondition the DOT handbook §15 names.
- Owner gap:
governance_object_ownership is empty; the "R2-B2 Staging Workbench Owner" role (Macro-8 P3) is granted on paper but not yet a row.
- Future registry: §17
collection_operator_catalog stays a candidate-on-paper until the authorized DOT schema path exists; it must be created only through an authorized DOT, never by hand.
- Until those exist: schema/workbench build = NO-GO (Default HOLD preserved).
SELF-CHECK
| Check |
Result |
| SC1 README created |
✅ rev1 |
| SC2 Collections handbook created |
✅ rev6, 90865 chars |
| SC3 Execution report created |
✅ this file |
| SC4 All three read back from KB |
✅ handbook byte-identical (diff=0); README/report read back |
| SC5 No mutation except KB docs |
✅ only upload_document/patch_document; all DB calls read-only |
| SC6 No secrets exposed |
✅ none |
| SC7 Main inventory table exists (382 rows) |
✅ §5, STT 1–382 contiguous |
| SC8 Directus/Postgres/schema DOT-only rule present |
✅ §3 + §14 |
| SC9 Production-critical section exists |
✅ §7 (57 objects) |
| SC10 Staging/draft/candidate/workbench section exists |
✅ §8 (17 objects) |
| SC11 Dangerous/forbidden section exists |
✅ §14 |
| SC12 Unknown/need-triage section exists |
✅ §15 (24 objects) |
| SC13 Macro-9B implications stated |
✅ §16 + above |
| SC14 Engineering PASS ≠ authority PASS |
✅ stated throughout; Default HOLD |
End of execution report. STATUS PASS_WITH_CAVEATS. Engineering PASS ≠ Owner authority PASS. Default HOLD.