R2-B2 Inspect Producer TD-Prep — LEGO Design-Only

Date: 2026-06-18 · Workstream: R2-B2-INSPECT-PRODUCER-TD-PREP-LEGO-2026-06-18 (first per-block TD-prep package, opened by Owner after the Registries/Pivot LEGO Interface was accepted by Codex) · Editorial revision: rev1 Class: design-only / single-block (B2) TD-prep · READ-ONLY · NON-ENACTING · NON-AUTHORIZING · NOT remediation · NOT technical design · NOT implementation · NO blocker resolved · NO runtime touched.

Metadata convention. This body uses editorial revision (rev1) only. AgentData storage revision and content_length are authoritative in AgentData metadata at read time; they are deliberately not pinned in this body.

Single-block lock. This is the B2 Inspect Producer TD-prep only. It is one of exactly two files (this packet + its execution report). It does not redesign B1/B3/B4/B5/B6/B7, does not redesign any shared surface (S1–S8), and creates no combined package and no registry/schema file.

TD-prep, not TD. This packet prepares for a future technical design by fixing B2's contract boundaries, bad-input expectations, evidence/rollback requirements, channel-option risk (conceptual), and Owner-gated future work. It writes no schema/DDL, table definition, migration, function body, SQL-mutate plan, producer/runner/scheduler implementation, command sequence, rollback script, or backlog-execution plan.

0. Status and non-authorization

STATUS: PASS — engineering / design-only. This is a complete design-only contract boundary for the B2 Inspect Producer block: its boundary, input contract, output contract, fail-closed bad-input rejection matrix, S7 evidence contract, S8 rollback/delete-rebuild unit, a conceptual channel-option matrix, the explicit rejection of the 2026-03-21 fused INSERT shortcut, B2 anti-coupling rules, the Owner-gated future-write list, and the pre-implementation proof obligations. It builds nothing, mutates nothing, authorizes nothing.

Engineering PASS ≠ authority PASS. A PASS here means B2's contract is complete and fail-closed on paper. It is not an Owner authorization to design-in-detail, to write technical design, to build the producer, to choose a channel, or to remediate. Default disposition: HOLD.

Pipeline position (downstream-only).

Accepted R1a/R2a root-cause baseline (Codex PASS_WITH_CAVEATS) → Owner Decision Packet (Option D, accepted) → R1/R2 Modular LEGO Architecture Scoping (accepted) → R1-K ∥ R2-B block-contract packets (accepted, PASS_WITH_CAVEATS) → Registries/Pivot LEGO Interface TD-prep (accepted, PASS_WITH_CAVEATS) → this R2-B2 per-block design-only TD-prep package → (only if separately authorized) actual B2 technical design → (only if separately authorized again) write-enabled remediation / producer build.

This is the first per-block TD-prep package, the exact next step the accepted interface review left to the Owner ("Owner chooses the exact first per-block TD-prep block/scope after this interface is accepted"). It deepens B2 only. It opens no further package.

Non-authorization (explicit). This document does not, and cannot: run any DB write / DDL / DML; restart or reload any container or service; run any worker / cron / job; trigger DOT / KG / birth / certify / promote / repair execution; set inspect_pen / inspect_stamp / inspect_gate; set certified=true; flip app.birth_gate_mode or any dot_config gate; assign a governance owner; promote any agent-api contract DRY_RUN→REAL_RUN; install pg_cron or any extension; enable any queue worker / master switch; write env / config files; patch source code; patch any source law / draft / note / prior report; create a current corpus; write technical design; implement; resolve any blocker; materialize stamps / cell_id / dot_role / canonical_fields / canonical_address; change authority order; overwrite the v0.1-stable / FIX7 V3 baseline; promote or use Tool-Kiem-Thu v0.2-hardening as authority.

Evidence basis — INHERITED_EVIDENCE. No runtime was queried in this run. Every runtime fact cited is inherited from the accepted read-only reports (Phase-1, Phase-1B, R2 readiness scope, R2a root-cause) and the accepted design packets (Modular LEGO Scoping, R2-B block-contract packet, Registries/Pivot Interface). AgentData metadata is authoritative at read time. The six inherited caveats (§3, CAV-1…CAV-6) constrain all wording below; CAV-3/CAV-4/CAV-5 bind B2 directly.

Reading discipline (new Codex operational caveat, honored). All sources were read directly from AgentData KB, in bounded, sequential, single-document reads, by the main process — no parallel reader-agents, no background reader-agents, no sub-agent outsourcing, no inference from local prose. The Codex review of the prior interface packet flagged that packet's use of parallel reader-agents as a process caveat; this packet does not repeat that pattern.

1. Purpose

Prepare B2 — and only B2 — for a future technical design, without doing any technical design, by answering ten questions:

B2 exact boundary — §5.
B2 input contract — §6.
B2 output contract — §7.
B2 rejection contract for bad input — §8.
B2 evidence contract into S7 — §9.
B2 rollback / delete-rebuild unit through S8 — §10.
B2 channel options (conceptual choices only) — §11.
B2 Owner-gated future write list — §14.
What remains unresolved before real TD — §15.
What must be proven before B2 can be implemented later — §15 (proof obligations PO-1…PO-9).

The one job of B2 (above all detail). B2 is an inspect producer only: it reads uncertified birth_registry rows and produces the PEN / STAMP / GATE inspection results, writing inspect_pen / inspect_stamp / inspect_gate only. It must never certify, never canonicalize, never mint identity, never write KG provenance, never fake inspection, and never use the 2026-03-21 fused INSERT shortcut. If B2's design is wrong, B2 must be removable and rebuildable without breaking B1, B3, B4, or any shared surface.

2. Sources read

All sources read first-hand, directly from AgentData KB, via batch_read (single path, full: true), one document per call, sequentially, by the main process — no parallel reader-agents, no background agents, no sub-agents, no local-prose inference. None SOURCE_NOT_READ. Cited by path + content-version label where the document states one; AgentData storage revision/content_length are authoritative in metadata at read time.

#	Cluster	Source (KB path prefix `knowledge/dev/` omitted)	Status	Used for
1	Interface baseline	`laws-new/newlaws/consolidation/registries-pivot-lego-interface-td-prep-2026-06-18.md`	READ (full)	S3/S4/S7/S8 boundary; 13-field template; B2's interface access line (its §10); the close-neighbor split
2	Interface baseline	`laws-new/reports/codex/codex-review-registries-pivot-lego-interface-td-prep-2026-06-18.md`	READ (full)	Acceptance (`PASS_WITH_CAVEATS`); the no-parallel-reader-agents process caveat; "Owner chooses first per-block TD-prep"
3	Block contract	`laws-new/newlaws/consolidation/r2-b-block-contract-packet-lego-2026-06-18.md`	READ (full)	B2 accepted contract (§6/§7/§8/§9); AC-1/2/3/7/9/12; integration studs; channel-is-internal
4	Block contract	`laws-new/reports/codex/codex-review-r1-k-r2-b-block-contract-packets-lego-2026-06-18.md`	READ (full)	B2 = `PASS_WITH_CAVEAT` ("channel remains later TD-prep decision, correctly kept inside block"); B1/S3, B6/S4, K3/S6 split
5	R2 root cause	`laws-new/newlaws/reports/r2a-birth-inspection-runner-cron-log-root-cause-2026-06-18.md`	READ (full)	Why B2 is MISSING; manual CLIs (`dot-inspect-pen` PEN-only / `dot-birth-backfill` fused); channel candidates; tool-boundary gaps
6	R2 root cause	`laws-new/reports/codex/codex-review-r1a-r2a-runner-cron-log-root-cause-2026-06-18.md`	READ (full)	6 caveats verbatim; 3 wording constraints; "net-new governed build/design, not restart"
7	R2 readiness	`laws-new/newlaws/reports/r2-birth-certify-canonical-stamp-readiness-scope-2026-06-17.md`	READ (full)	`birth_registry` schema; only `fn_birth_auto_certify` names `inspect_` and only reads* them; no live PG setter
8	Blocker bundle	`laws-new/newlaws/consolidation/phase1b-runtime-truth-blocker-decision-packet-2026-06-17.md`	READ (full)	HOLD-2 PARTIAL; all OPEN blockers; C-2 severity split; R2 macro framing
9	Governance anchor	`architecture/birth-registry-law.md` (Điều 0-G v1.0)	READ (full)	The PEN/STAMP/GATE inspection rule-set; per-inspector queries; "each DOT updates only its own column"; audit-queue on fail
10	Governance anchor	`laws-new/newlaws/notes/dieu4-birth-process-compatibility-note.md` (rev1)	READ (full)	birth≠canonical; inspection = documentary ancestor of F4 promote checker; canonical/kernel needs promote-checker + Owner gate
11	Governance anchor	`laws-new/newlaws/notes/dieu32-approval-owner-gate-compatibility-note.md` (rev1)	READ (full)	Owner gate / Mức-3 / ESCALATE_L3; "no Matrix/Stamp to bypass production/kernel gate"
12	Governance anchor	`laws/dieu32-approval-law.md` (v1.1 BAN HÀNH)	READ (full)	§2.4 scope includes new/fix DOT; §2.1 "DOT 100% — no manual SQL / no curl bypass"; quorum-by-risk; unimplemented-handler gate
13	Governance anchor	`laws-new/newlaws/notes/dieu35-dot-governance-compatibility-note.md` (rev1)	READ (full)	paired-DOT (A=check/B=execute); `fix_repair_dot` reuse-pattern-not-turnkey; scanner=list-only; carry PRODUCTION-READINESS-FAIL + RISK-BYPASS
14	Operating rules	`ssot/operating-rules.md` (v7.58)	READ (full)	Assembly First; fail-closed default ("không chắc đúng = sai"); AP-CLOSE evidence; out-of-scope-blocker STOP

3. Tool/packet lock

Carried exactly, no change:

Item	Status
Tool/packet currently built by T1 = v0.1-stable / FIX7 V3 baseline	Carried. May continue to be used for FIX7 Recheck-9 / current Codex packet. Must not be overwritten. Use only as reproducibility / comparison / regression fixture.
Tool-Kiem-Thu v0.2-hardening	Carried. Separate development track on a separate dev surface. May inherit lessons from V3 (black-box oracle, fail-open regression, manifest-laundering prevention). Not authority for FIX7 until it passes regression and Owner/User promotes it.

This packet does not build, run, promote, overwrite, or rely on either tool. The lock is mirrored as an anti-coupling rule (B2-AC-11) and a bad-input rejection (BI-10): a v0.2-hardening result offered as authority for FIX7 is rejected until Owner/User promotion.

Six caveats carried (resolved: none).

Caveat	Carried statement (substance)	Binds B2?
CAV-1	R1a has no executor process-log proof (`docker_logs` for the executor was DENIED); proven at the DB-contract / preflight layer only.	R1-lane (carried for completeness)
CAV-2	"No provenance source-of-truth" = none in the inspected substrate, not "never recoverable."	R1-lane (carried for completeness)
CAV-3	R2a "manual one-shot bootstrap" is supported by DB `dot_origin` buckets plus synced script content; the 2026-03-21 container logs are unavailable.	Yes — B2
CAV-4	R2a producer scripts were read from the synced local mirror, not live `/opt/incomex/dot/bin`. No byte-for-byte live-file claim.	Yes — B2
CAV-5	The GUC conclusion is limited to no persisted bypass/default; the transient session state remains unreadable. Must not claim a transient bypass certainly does not exist.	Yes — B7 (referenced by B2's channel/gate context)
CAV-6	The combined R1a/R2a execution report has a non-material metadata typo (AgentData metadata wins). A cosmetic patch is a separate Owner decision, not done here.	Documentary only

Three wording constraints (Codex, carried): no claim of direct executor process-log proof; no claim of a direct live /opt/incomex/dot/bin byte read; no claim that transient bypass GUCs certainly do not exist.

4. Accepted B2 baseline (carried, not re-derived)

Carried verbatim in substance from the accepted R2-B Block Contract Packet (its §6/§7/§8/§9) and the accepted Registries/Pivot Interface (its §10). This packet deepens the contract for TD-prep; it does not change it.

B2 in one line (R2-B §6): Inspect producer — build-state [MISSING — core R2 gap] — one narrow responsibility: produce PEN/STAMP/GATE inspection results for uncertified births.

The accepted 13-field B2 contract (R2-B §7A/7B + §9), carried:

Field	Accepted value (carried)
1. Responsibility	Produce PEN/STAMP/GATE results for uncertified births
2. Input contract	Uncertified rows + Điều 0-G inspection rule-set
3. Output contract	`inspect_pen` / `inspect_stamp` / `inspect_gate` only
4. Authority / Owner gate	S1 / Điều 32 to go standing; external S2 owner
5. Mutate runtime?	Future-gated
6. Evidence required	Rows inspected / passed / failed, runner id, timestamps
7. Depends on	B1 rows, B3 contract, external S2 owner, external S6 (if rules need recovery)
8. Must NOT depend on	B4 internals; the channel must not leak into the contract
9. Replacement boundary	Producer channel is internal & swappable; contract = write `inspect_*` only
10. Safe failure mode	no-op (no stamps written)
11. Rollback boundary	One producer run (swap channel, keep contract)
12. Bad input / invalid state	Missing identity fields, or inspection rule cannot pass cleanly
13. Expected rejection (fail-closed)	Reject / mark inspection failed; do not certify; set only the column that genuinely passed; never fake `inspect_=now()`; never* set `certified`; the 2026-03-21 stamp-in-INSERT shortcut is the explicit anti-pattern

Interface access line (Registries/Pivot Interface §10), carried: B2 — Allowed: WRITE inspect_* only (via the B3 contract surface); append S7; follow S8 (one producer run). Forbidden: set certified; fake inspect_*=now(); write S3 identity; write S4 canonical; the 2026-03-21 stamp-in-INSERT shortcut.

Codex acceptance of B2, carried: B2 = PASS_WITH_CAVEAT — "Producer not built; channel remains later TD-prep decision, correctly kept inside block." The split to preserve (Codex): B1/S3, B6/S4, K3/S6 are close conceptual neighbors; future TD must keep them separate. B2 sits in the birth lane and touches none of S3/S4 and none of the KG lane.

The Điều 0-G inspection rule-set (carried from architecture/birth-registry-law.md §2.4), the substance of B2's input rule-set:

Inspector	Scope (the rows it considers)	Pass criteria (what "inspected" means)	On pass	On fail
PEN (`inspect_pen`)	uncertified rows where `inspect_pen` is unset and `governance_role='governed'`	birth-completeness: `entity_code` present, `dot_origin` present, `species_code` present	set `inspect_pen` only	append failure to the audit queue; leave `inspect_pen` unset
STAMP (`inspect_stamp`)	rows where `inspect_stamp` is unset and `inspect_pen` is already present	metadata-completeness: `name` present, `description` present, `status` present	set `inspect_stamp` only	append failure to the audit queue; leave `inspect_stamp` unset
GATE (`inspect_gate`)	rows where `inspect_gate` is unset and `inspect_stamp` is already present	validity: correct species mapping ("đúng chuồng") + business rules pass	set `inspect_gate` only	append failure to the audit queue; leave `inspect_gate` unset
(consumer — NOT B2)	—	when all three `inspect_*` are present	`fn_birth_auto_certify` (B4) sets `certified=true`, `certified_at` atomically	—

Two load-bearing Điều 0-G invariants for B2: (a) the three inspectors run in a strict PEN → STAMP → GATE order (each stage's scope requires the prior stage's stamp present); (b) "mỗi DOT chỉ UPDATE cột của mình" — each inspector writes only its own column. Both are carried into B2's contract and anti-coupling rules.

Runtime grounding (carried, INHERITED_EVIDENCE): exactly one live function names inspect_* — fn_birth_auto_certify — and it only reads them (R2 readiness §5). No live PostgreSQL function or trigger writes inspect_pen/stamp/gate (inspect-named triggers = 0). The only producers ever to set them were the manual CLIs dot-inspect-pen (PEN only; STAMP/GATE explicitly deferred to "Phase B" and never built) and dot-birth-backfill (the fused INSERT). The consumer (B4) is healthy but starved. That gap is B2.

5. B2 boundary

What B2 is. The standing producer that turns uncertified birth_registry rows into inspected rows by running the three Điều 0-G inspections (PEN, STAMP, GATE) and writing the three inspect_* timestamp columns — and nothing else. Build-state: MISSING (the core R2 gap; there is no live PG setter and no standing runner).

What B2 is bounded by (its studs).

Upstream read: the uncertified rows minted by B1 into the S3 identity pivot (B2 reads these rows; it does not write S3, does not mint identity).
Downstream write: the B3 inspect_* data-contract surface — the load-bearing stud. B2 writes the three timestamp columns into B3's shape; B4 (the auto-certify consumer) reads them independently. B2 never calls B4; B4 never calls B2. This is the existing decoupling that already lets B4 be "healthy but starved."
Evidence: append-only into S7 (audit queue / governance_audit_log / event_outbox).
Rollback: one producer run, following the S8 discipline.

What is INSIDE B2 (replaceable internals, NOT the block boundary).

The invocation channel (host cron / pg_cron / agent-api executor / job_queue worker / a bounded one-shot) — deliberately internal; the contract (read uncertified → write inspect_*) is channel-independent (B2-AC-7). See §11.
The internal decomposition into three inspectors (PEN/STAMP/GATE) — per Điều 0-G these are themselves isolated sub-units, each writing only its own column, sequenced PEN→STAMP→GATE. Whether they are three DOT tools or one producer with three stages is an internal design choice, not the block boundary, and is FUTURE_TECHNICAL_DESIGN_REQUIRED.

What B2 is NOT (the hard edges). B2 is not B4 (it never certifies), not B1/S3 (it never mints identity), not B6/S4 (it never writes canonical fields), not any K-block (it never writes KG provenance), not B5 (the one-time historical backlog pass is a separate block), and not B7 (the GUC/gate policy is a separate block). The boundary is fail-closed: if B2 cannot cleanly inspect a row, it writes nothing for that row and records the reason (no-op + audit).

BOUNDARY_UNCLEAR — none for B2's data contract. B2's input/output boundary is fully determinable from the accepted baseline (the inspect_* columns + the Điều 0-G rule-set). The single deliberate openness is the channel (R2-D2), which is intended to be unresolved and internal; it is marked FUTURE_TECHNICAL_DESIGN_REQUIRED, not BOUNDARY_UNCLEAR.

6. B2 input contract

Inputs B2 consumes:

Uncertified birth_registry rows — rows with certified=false. PEN's scope is further narrowed to governance_role='governed' (per Điều 0-G §2.4). (observed vs excluded handling for inspection scope is an existing-policy question carried to PO/§15, not invented here.)
The Điều 0-G inspection rule-set — the PEN/STAMP/GATE pass criteria carried in §4. This rule-set is the meaning of "inspected"; B2 does not invent it.
The B3 contract surface — the shape/semantics of the three inspect_* columns (what each column means and the order in which they may be set).
The stage-ordering precondition — STAMP may be attempted only where PEN is present; GATE only where STAMP is present.

Depends on (external, referenced not redesigned): B1 rows; the B3 contract; external S2 (the producer's governance owner — who runs B2, decided via Điều 37 → Điều 32, not here); external S6 (Điều 0-G source recovery, if the rule-set must be authoritatively re-established — see §15).

Must NOT depend on (fail-closed):

B4 internals — B2 must not know or call the auto-certify consumer; it only writes the columns B4 happens to read.
The channel — the contract must not change with the channel (B2-AC-7). A B2 designed around "the cron does X" or "the executor does Y" has leaked the channel into the contract and must be rejected.
KG reasoning — inspection is structural completeness/validity, never a graph-inference output (the birth lane is independent of the KG lane).
Canonical / S4 and identity-mint / S3 — B2 reads identity; it never derives or writes it, and never reads/writes canonical fields.
A certified=true precondition — B2 inspects uncertified rows; it must not require or assume prior certification.

7. B2 output contract

The only outputs B2 may produce: the three timestamp columns inspect_pen, inspect_stamp, inspect_gate, each:

Set only when its inspection genuinely passes (a real per-stage check, never a blanket =now()).
Written to its own column only (each inspector touches one column — Điều 0-G "mỗi DOT chỉ UPDATE cột của mình"; B2-AC-14).
In PEN → STAMP → GATE order — a later column is never set while an earlier one is unset (B2-AC-13).
Idempotently — only an unset (NULL) column is set; an already-stamped column is left untouched (no re-stamp, no overwrite).

On inspection failure: B2 writes no stamp for that row/stage and appends a failure record to S7 (the audit queue). Failure is a no-op on the row plus an evidence append — never a fabricated pass.

Strictly forbidden outputs (fail-closed):

certified / certified_at — never (that is B4's atomic per-row consumer; B2-AC-1).
canonical_address / owner / jsonb_profile / status — never (canonical is output-at-promote, S4/B6; B2-AC-2).
entity_code or any identity field — never (identity is B1/S3; B2-AC-3).
KG provenance / edge writes — never (K-lane; B2-AC-4).
All three inspect_* set at once without genuine per-stage checks — never (the fused-shortcut anti-pattern; B2-AC-5/B2-AC-6; §12).
Net-new stamp columns — never (Assembly First / Điều 39 NT11; B2-AC-12). B2 maps onto the existing three columns only.

What B2's output feeds (without B2 acting on it). When a row legitimately receives all three inspect_*, the independent consumer B4 (fn_birth_auto_certify) certifies it. This is the intended pipeline coupling through the B3 stud, not a call from B2. Note (carried from §4 / Điều 4 note): B4's certified=true is a TEMP-stage / completeness signal — not canonical status. Canonical/kernel entities require the fail-closed promote checker + Owner gate (Mức 3 / Điều 32) at promote (F4); B2's stamps must never be construed as canonicalization or as a bypass of the Điều 32 gate ("không dùng Matrix/Stamp để né production/kernel gate").

8. B2 bad-input / invalid-state rejection matrix

Conceptual contract check only — NOT run against runtime. B2 is MISSING, so every rejection below is the expected fail-closed behavior its future implementation must guarantee; no runtime test is claimed (INHERITED_EVIDENCE). Where built behavior cannot be determined from the accepted baseline, the case is marked BAD_INPUT_BEHAVIOR_UNCLEAR. The fail-closed test: if invalid input would still stamp, certify, canonicalize, or produce a PASS, the contract is fail-open and must be rejected.

ID	Bad input / invalid state	Expected rejection behavior (fail-closed)	Grounding
BI-1	Uncertified row missing `entity_code`	Reject / no inspect stamp. PEN's completeness check fails (`entity_code` required) → do not set `inspect_pen`; append failure to S7. No downstream stamp possible (ordering).	Đ0-G §2.4 PEN; R2-B §9; B2-AC-5
BI-2	Uncertified row missing `collection_name`	Reject / no inspect stamp. Birth-completeness incomplete → no `inspect_pen`; append failure to S7.	Đ0-G §2.1/§2.4; R2-B §9
BI-3	Row already `certified=true`	Skip / no producer write. B2 only considers uncertified rows; certified rows are out of scope → no-op, no re-inspection, no overwrite.	Đ0-G inspect scope; idempotency (§7)
BI-4	Row has partial `inspect_*` from an unknown origin	Mark ambiguous / require Owner-gated review; no certify. B2 must not blindly continue a chain it cannot attribute; append an ambiguity record to S7 and hold for Owner-gated review; never set `certified`. `BAD_INPUT_BEHAVIOR_UNCLEAR` (B2 MISSING) — conceptual only.	CAV-3/CAV-4 (provenance of stamps); B2-AC-8
BI-5	Inspection rule unavailable because the Điều 0-G source is unresolved	`SOURCE_RECOVERY_REQUIRED`. B2 must not invent a rule-set; with no authoritative Đ0-G rule-set it fails closed → no stamp, escalate source recovery (S6).	§15 SOURCE_RECOVERY_REQUIRED; OR §0.1 "không chắc đúng = sai"
BI-6	Producer asked to set `certified=true`	Reject. B2 never certifies; certification is B4's atomic per-row consumer.	B2-AC-1; R2-B AC-2/AC-3
BI-7	Producer asked to set `canonical_address`	Reject. Canonical is output-at-promote (S4/B6), gated on S5+S6; B2 writes `inspect_*` only.	B2-AC-2; Đ4 note (birth≠canonical)
BI-8	Producer asked to stamp all `inspect_*=now()` without actual checks	Reject as the fused-shortcut pattern. Each stamp requires a genuine per-stage pass; a blanket `now()` is the 2026-03-21 anti-pattern.	B2-AC-5/B2-AC-6; §12
BI-9	Producer channel not approved / S2 owner missing	No-op / pending Owner. With no Điều 32 authorization and no assigned producer owner, B2 does not run; no stamps written.	R2-B §13; Đ32 §2.1 (DOT 100%)
BI-10	v0.2-hardening result offered as authority for FIX7	Reject until Owner/User promotes it (after regression). v0.1-stable / FIX7 V3 stays the baseline.	§3 tool lock; B2-AC-11
BI-11	Producer asked to set `inspect_gate` (or `inspect_stamp`) while the prior stage's column is unset	Reject — out-of-order. A later stamp may not be set while an earlier one is NULL (PEN→STAMP→GATE). No stamp written; the row simply waits at its current stage.	Đ0-G §2.4 ordering; B2-AC-13
BI-12	Row with `governance_role` not in inspection scope (e.g. `excluded`) presented for stamping	Skip / out of scope. PEN's scope is `governed`; out-of-scope rows are not inspected (no stamp, no failure record beyond scope accounting). `BAD_INPUT_BEHAVIOR_UNCLEAR` for `observed` (existing policy, carried to §15).	Đ0-G §2.4/§2.6; §6

No bad-input test was executed; nothing was scanned, stamped, certified, or mutated. The matrix is a design obligation, not a runtime result.

9. B2 evidence contract into S7

What B2 must append to S7 (append-only, AP-CLOSE evidence):

Per-run counts: rows scanned; rows passed at PEN / STAMP / GATE; rows failed at each stage; rows skipped (already certified / out of scope).
Run identity: producer/runner id, channel id, the inspection rule-set version/hash, run start/end timestamps.
Per-failure records: for each failed row/stage — which row (entity_code), which stage, which check failed — appended to the audit queue (Điều 0-G "Fail → INSERT audit queue"; entity_audit_queue / governance_audit_log / event_outbox).
Paths / hashes sufficient for reproducibility (OR §5 AP-CLOSE).

Hard constraints on B2's evidence (fail-closed, from the S7 contract):

S7 records; it does not decide. A B2 evidence append must never act as an approval, a certify signal, or a gate-pass (B2-AC-8). Certification is B4's, derived from the inspect_* columns; approvals live only in S1 / Điều 32 (approval_requests + quorum).
B2 must not read S7 to make a decision. S7 is downstream of B2, never an input that authorizes B2.
No "logging" write may mutate entity state. An evidence append that also changes certified/inspect_*/canonical under the guise of logging is a category violation and must be rejected.

The S7 writers (audit-queue / quality-log emitters) are themselves future-gated to build; this packet defines the contract B2 must honor, not the writer implementation.

10. B2 rollback / delete-rebuild unit through S8

B2's rollback unit = one producer run — a single bounded scan-and-stamp pass. This is the unit that can be undone, and the unit at which B2 can be deleted and rebuilt.

Delete-and-rebuild discipline (S8, design-only):

Replace by swapping the channel, keeping the B3 contract. Because the channel is an internal (§5, B2-AC-7), B2 can be deleted and rebuilt on a different channel without touching B1, B3, B4, or any shared surface. The contract (read uncertified → write inspect_*) is invariant across the swap.
Reuse candidates (patterns, not turnkey): the Điều 39 mandatory pre-batch snapshot before an ABox-style write pass, and the fn_iu_enact atomic + fail-closed + post-write-verify pattern (IU lineage). Both are candidates to evaluate, never scripts to copy (carry the Điều 35 "reuse the pattern, not the running system" caveat).
The downstream-certify subtlety (surfaced honestly, not resolved). Because completing all three inspect_* on a row legitimately triggers B4's independent auto-certify, the rollback of "one producer run" has a downstream effect (a triggered certified=true) that lies outside B2. This does not break LEGO isolation (B2 still writes only inspect_*; B4 acts on its own contract through the B3 stud), but the S8 rollback-unit definition must account for it: whether to also unwind a triggered certify, and how, is FUTURE_TECHNICAL_DESIGN_REQUIRED and Owner-gated. No mechanism is decided here.

Fail-closed S8 rule: if a clean per-run rollback unit cannot be defined for a candidate B2 design (including the downstream-certify interaction), that design is not authorized for write — fail closed, not fail open.

Forbidden here (B2-AC-9 / RP-AC-8): no concrete rollback script, no DELETE/UPDATE sequence, no migration plan, no command sequence. S8 is a per-block rollback unit discipline only. HOLD-2 is OPEN: there is no atomic end-to-end birth-certify promote transaction today; the IU-lineage fn_iu_enact is distinct from birth-certify and must not be assumed to cover it.

11. Channel option matrix — conceptual only

Conceptual comparison only. The channel is an internal of B2 (B2-AC-7); the contract does not depend on it. No channel is selected, specified, scheduled, installed, enabled, or built here. Each entry is FUTURE_TECHNICAL_DESIGN_REQUIRED for any build. Runtime facts are INHERITED_EVIDENCE (R2a); tool-boundary caveats (CAV-3/CAV-4; no crontab -l/systemctl/docker exec tool; /opt/incomex/dot/bin unreadable) bound what is provable about each.

Channel	Possible role	LEGO boundary risk	Evidence requirement	Rollback boundary	Owner gate needed	TD required later	Preliminary disposition
host cron	Scheduled trigger that invokes the inspector pass (the channel the sibling scanner DOTs already use — `dot-orphan-scanner`, `dot-misclass-scanner`, `dot-nrm-*`, `dot-hc-executor`).	Low if kept internal: a cron entry is outside the block and swappable. Opaque to in-DB observability (visible only via the DB-captured `wf_host_crontab_snapshot`); not transactional with PG.	Cron entry in the host-crontab snapshot + per-run S7 append (counts/ids/timestamps).	Remove the one cron entry; one producer run.	Điều 32 + S2 owner.	Yes — the actual wiring spec.	candidate (proven channel for sibling DOTs; lowest blast radius)
pg_cron	In-database scheduler running the inspector pass.	In-DB and transactional with the `inspect_` writes (clean for atomicity), but* requires installing a new extension — `pg_cron` is NOT installed today (only btree_gist, pgcrypto, plpgsql, postgres_fdw) → infra dependency / higher blast radius.	pg_cron job catalog + S7 append.	Unschedule the job; (extension removal = infra).	Điều 32 + infra/extension-install approval.	Yes.	risky / future-gated (net-new extension install; infra blast radius)
agent-api executor (`:8090`)	Dispatch the inspector via an agent-api contract, as the KG EXPLAIN pilot does (`DOT_KG_EXPLAIN` binds `:8090/dispatch`). The executor exists, healthy, Up 13 days, but is not bound to any birth DOT.	Contract-bound and observable (governance-aligned), but shared infra (also serves the KG lane) and currently fail-closed: master switches OFF (`execute_enabled`/`real_run_enabled=false`, `dry_run_only=true`); a contract promotion `DRY_RUN→REAL_RUN` is itself Owner-gated.	agent-api contract + dispatch records + S7 append.	Unbind / disable the contract (return to DRY_RUN).	Điều 32 + S2 + contract promotion `DRY_RUN→REAL_RUN`.	Yes.	candidate (existing healthy runner; contract pattern proven) — but gated by master-switch + contract promotion
job_queue worker	Enqueue inspection jobs drained by a worker.	The queue substrate exists but is disabled/idle (`queue.worker.enabled=false`, `queue.job_substrate.enabled=false`; no heartbeat since 2026-05-26); `event_outbox` already grows undrained (215k rows) — the "queue that nobody drains" failure mode is already observed here.	`job_queue` rows + worker heartbeat + S7 append.	Disable the worker; drain/purge the queue.	Điều 32 + enable worker / master-switch flip.	Yes.	risky / future-gated (substrate idle/disabled; undrained-queue failure mode present)
manual one-shot	Operator-run bring-up (the 2026-03-21 SSH + `docker exec` pattern).	Not a standing producer. Cannot be tested/replaced/rolled-back as a block; violates Điều 32 §2.1 (no manual SQL / no curl bypass); is the vehicle of the fused INSERT shortcut.	Ad hoc only.	None clean.	Would still require Điều 32, but is structurally unfit as a standing channel.	n/a (anti-pattern).	reject as a standing channel (the only legitimate residual one-shot is B5, a separate, bounded, Owner-approved backlog pass through the same fail-closed contract — never the fused shortcut)

RECOMMENDATION_ONLY — NOT AUTHORITY — OWNER_GATE_REQUIRED — FUTURE_TECHNICAL_DESIGN_REQUIRED. If the Owner later opens B2's technical design, the two viable standing candidates are host cron (lowest blast radius; the proven channel for the sibling scanner DOTs; matches the inspector's periodic-scan nature) and the agent-api executor (more governance-aligned: contract-bound, observable, Điều-32-promotable). pg_cron and job_queue worker are risky/future-gated (extension install; idle/undrained substrate). manual one-shot is rejected as a standing channel. This is a comparison for a later Owner decision; no channel is selected here, and whichever is chosen must remain inside B2 so the contract is unaffected (B2-AC-7).

12. 2026-03-21 fused shortcut — explicit rejection

What the shortcut was (carried, R2a §7). The 2026-03-21 06:00–08:00 certification was a manual, one-shot S157-A bootstrap: dot-birth-backfill (and an s157b seed), run via SSH + docker exec → psql, which stamped all three inspect_* and certified=true directly in the INSERT (… 'backfill:dot-birth-backfill', true, now(), now(), now(), now() … ON CONFLICT (entity_code) DO NOTHING). It collapsed blocks B1 + B2 + B3 + B4 into one mega-statement.

Why B2 explicitly rejects it (and must never be built as it):

It certified without genuine inspection — the inspect_* were faked as now(), not produced by real per-stage checks (violates B2-AC-5).
It fused register + inspect + certify — a single statement is the prohibited mega-birth-pipeline (B2-AC-6, B2-AC-12); it cannot be tested, replaced, or rolled back block-by-block.
It bypassed DOT / Điều 32 — manual SQL via SSH + docker exec violates Điều 32 §2.1 ("mọi approval request phải được tạo qua DOT hợp pháp; không insert SQL tay, không curl bypass") and §2.4 (birth / new-or-fix DOT changes are in approval scope).
It is unrepeatable by construction — it was never a standing process and cannot be re-run at the 1.21M-row backlog scale without re-committing every fault above.

B2's contrast (the correct shape): B2 produces genuine per-stage PEN/STAMP/GATE results, writes only inspect_*, never certified, lets the independent B4 consumer certify off the B3 stud, and runs on a replaceable internal channel under Điều 32. The historical backlog is not B2's job — it is B5, a separate, bounded, Owner-approved one-time pass through the same fail-closed contract (never the fused shortcut).

13. B2 anti-coupling rules

All are MUST-NOT. Grounded in the carried evidence and caveats.

Rule	Statement	Grounded in
B2-AC-1	B2 must not certify (`certified`/`certified_at` is B4's atomic per-row consumer).	R2-B AC-1/AC-2; Đ0-G auto-certify is the consumer
B2-AC-2	B2 must not write canonical fields (`canonical_address`/`owner`/`jsonb_profile`/`status`).	Đ4 note (birth≠canonical); Interface S4
B2-AC-3	B2 must not mint identity (`entity_code`/S3 is B1's).	Interface S3; R2-B §10
B2-AC-4	B2 must not write KG provenance (the birth lane is independent of the KG lane).	R2-B AC-7; Interface §11
B2-AC-5	B2 must *not fake `inspect_`** (no blanket `=now()`; each stamp = a genuine per-stage pass).	R2a §7; R2-B §9
B2-AC-6	B2 must not use the 2026-03-21 fused INSERT shortcut.	R2a §7; R2-B §5; §12
B2-AC-7	B2's channel must remain a replaceable internal, not part of the block boundary; the contract must not depend on it.	R2-B §7B/§8; Codex "channel kept inside block"
B2-AC-8	B2's evidence must append to S7 but must not act as approval (S7 records; it does not decide).	Interface S7; Đ32 (approvals only in S1)
B2-AC-9	B2's rollback unit must not become a rollback script here (S8 is discipline/contract only).	Interface S8; RP-AC-8
B2-AC-10	No report PASS becomes Owner authorization (engineering PASS ≠ authority PASS; default HOLD).	RP-AC-10; all upstream `PASS_WITH_CAVEATS`
B2-AC-11	Tool v0.2-hardening must not become authority for FIX7 until regression + Owner/User promotion.	§3 tool lock; BI-10
B2-AC-12	No mega-birth pipeline / no second SSOT (extend the existing `inspect_*` columns — Assembly First / Đ39 NT11).	R2-B AC-12; OR §0.2
B2-AC-13	B2 must respect the PEN → STAMP → GATE order — never write a later stamp while an earlier one is unset.	Đ0-G §2.4 ordering
B2-AC-14	Each inspector writes only its own column ("mỗi DOT chỉ UPDATE cột của mình"); no cross-stage or multi-column write.	Đ0-G §2.4

No hidden shared write surface. B2 adds no new convergence point. It writes only the B3 inspect_* columns, appends to S7, and routes every write-enabled move through S1 (Điều 32). It touches none of S3/S4 and none of the KG lane. The Codex split to preserve (B1/S3, B6/S4, K3/S6) is unaffected: B2 is squarely in the birth lane and references S3 only as the rows it reads, never as a surface it writes.

14. Owner-gated future writes

Every action below is forbidden now (OWNER_GATE_REQUIRED). Listing is scoping, not authorization.

Future write	Gate required	Forbidden now?
Build / wire the standing B2 inspect producer	Điều 32 + external S2 owner + channel decision (R2-D2)	Yes
Set any `inspect_pen` / `inspect_stamp` / `inspect_gate` (within a built, governed producer)	Điều 32	Yes
Run the producer against live rows	Điều 32 + standing B2	Yes
Choose/install the channel — pg_cron extension install	Điều 32 + infra/extension approval	Yes
Choose the channel — promote agent-api contract `DRY_RUN→REAL_RUN`	Điều 32 + contract promotion	Yes
Choose the channel — enable the `job_queue` worker / master switch	Điều 32 + master-switch flip	Yes
Assign the birth-producer governance owner	external S2 → Điều 37 → Điều 32	Yes
Recover the Điều 0-G inspection rule-set source	external S6 — Owner out-of-band	Yes
Run the one-time historical backlog pass (this is B5, not B2)	Điều 32 + S5 + S6 + standing B2	Yes
Build the S7 evidence/audit writers (audit queue, quality log)	Điều 32	Yes
Define/execute the per-run rollback mechanism (incl. the downstream-certify interaction)	Điều 32 + S8 within B2's package	Yes
Confirm the transient `app.birth_gate_mode` / `app.bypass_birth_gate` (B7 context)	Owner out-of-band (CAV-5) — read-only, not a runtime write	Yes (not done here)

15. What remains unresolved

BOUNDARY-internal — B2 producer channel (R2-D2). Deliberately undecided and inside the block; the S3/B3/S7/S8 contracts are channel-independent. FUTURE_TECHNICAL_DESIGN_REQUIRED for any build (no scheduler/runner spec written here).
SOURCE_RECOVERY_REQUIRED — the Điều 0-G inspection rule-set. Điều 0-G lives in architecture/ as a temporary working source; its Constitution reference law-00g-birth.md is broken (external S6). The PEN/STAMP/GATE check definitions used in §4 are read from that working source; their authoritative re-establishment is Owner-controlled and out-of-band. Per CAV-2-style discipline, this asserts only that the source is unreconciled in the inspected substrate, not that it is unrecoverable.
BAD_INPUT_BEHAVIOR_UNCLEAR — B2 is MISSING. The §8 matrix is the expected fail-closed contract; no runtime test is claimed. Cases BI-4 (ambiguous partial stamps) and BI-12 (observed-role scope) are explicitly BAD_INPUT_BEHAVIOR_UNCLEAR.
The PEN-only precedent gap. Even the historical CLI producer (dot-inspect-pen) implemented PEN only; STAMP and GATE were "Phase B" and never built. So STAMP/GATE inspection logic is the least-precedented part of B2 and the most design-open.
The downstream-certify rollback interaction. Completing all three inspect_* triggers B4's auto-certify; the per-run rollback unit must account for this (§10). FUTURE_TECHNICAL_DESIGN_REQUIRED.
Channel substrate is currently fail-closed. Master switches OFF, queue idle, no birth cron, pg_cron absent — any channel that uses the runner/queue substrate is presently disabled and would require an Owner-gated enable.
CAV-3 / CAV-4 / CAV-5 carried. The 2026-03-21 evidence is from dot_origin + synced mirror (not container logs, not a live byte-for-byte /opt/incomex/dot/bin read); the transient GUC layer is unreadable. No overclaim is made on any of these.
Blockers — all OPEN, none resolved: CONS-002, CONS-003, CELL-003/004/007, HOLD-1, HOLD-2, RISK-BYPASS, GOV-016/017, GOV-REUSE-001, Điều 39 runtime-EMPTY (2199 edges / 0 provenance), Điều 35 production-readiness FAIL.
FUTURE_TECHNICAL_DESIGN_REQUIRED (explicitly NOT written here): any schema/DDL, table/column definition, migration plan, function body, SQL-mutate plan, producer/runner/scheduler/cron implementation, exact command sequence, rollback script, and backlog-execution plan.

Pre-implementation proof obligations (must be proven before B2 is built later — PURPOSE item 10):

#	Proof obligation (Owner-gated; none satisfied here)
PO-1	The Điều 0-G inspection rule-set is recovered to an authoritative source (S6) and the PEN/STAMP/GATE check definitions are pinned (currently only in the `architecture/` working source).
PO-2	The producer channel (R2-D2) is chosen and its liveness/observability proven (host-cron wiring, or agent-api contract bound + master-switch state, or pg_cron installed, or queue worker enabled). Today: switches OFF, queue idle, no birth cron, pg_cron absent.
PO-3	The birth-producer governance owner (external S2) is assigned via Điều 37 → Điều 32.
PO-4	A per-run rollback unit + Điều 39 pre-batch-snapshot discipline is defined, including the downstream B4 auto-certify interaction (§10).
PO-5	The *B3 `inspect_` contract** is confirmed stable (the load-bearing stud) and B4's auto-certify consumer re-verified (fires only when all three present).
PO-6	Fail-closed behavior (the §8 matrix) is runtime-verified once built: bad input does not stamp, does not certify, and appends to the audit queue.
PO-7	B7 holds warn-mode until B2 stands up (no warn→block flip before a producer exists); transient GUC confirmed out-of-band (CAV-5).
PO-8	CONS-002/003 + CELL-003/004/007 + Điều 0-G source recovery confirmed as prerequisites to any canonical materialization that B2's outputs ultimately feed (B2 itself never canonicalizes).
PO-9	B2 is tested in isolation (feed sample rows, read `inspect_*`) on a controlled fixture before any live run (tested-alone requirement).

16. Recommended next package

This packet opens no next package. Sequence:

NP-1 — GPT reviews the two files.
NP-2 — If accepted, Codex performs an adversarial control review.
NP-3 — Owner chooses whether to proceed to actual B2 technical design (a separate, design-build authorization with a chosen channel), or instead a sibling design-only TD-prep (the B3 inspect contract surface; the B4 consumer; the B5 backlog two-track; the B7 GUC policy), or the channel decision (R2-D2) as a standalone design-only step. The Codex-noted resource fallback (open R2 first because the backlog grows live) must not be read as backlog write-priority over the Điều 39 provenance invariant in the R1-K lane.
NP-4 — Write-enabled remediation / producer build remains forbidden until, in order: a per-block design-only TD-prep (this) → Codex review → Owner approval → a rollback plan → a runtime-verification plan. No automatic TD. No automatic write-enabled remediation.

17. Ready for GPT/Codex review

Yes.

Core rule, kept above all detail: B2 is an inspect producer only. It must not certify, must not canonicalize, must not mint identity, must not write KG provenance, must not fake inspection, and must not become a mega-birth pipeline. Its channel is a replaceable internal, not the block boundary. If B2's design is wrong, it must be removable and rebuildable without breaking B1, B3, B4, or any shared surface.

Default disposition: HOLD. Engineering PASS = a complete design-only B2 contract boundary; it is not an Owner authorization to design-in-detail, to choose a channel, to build, or to remediate. No PASS authorizes writes. All blockers remain OPEN.