Registries-Pivot LEGO Interface TD-Prep

Date: 2026-06-18 · Workstream: Registries/Pivot LEGO Interface TD-Prep (REGISTRIES-PIVOT-LEGO-INTERFACE-TD-PREP-2026-06-18) · Editorial revision: rev1 Class: design-only / shared-interface contract boundary / TD-prep · READ-ONLY · NON-ENACTING · NON-AUTHORIZING · NOT remediation · NOT technical design · NOT implementation · NO blocker resolved.

Metadata convention. This body uses editorial revision only. AgentData storage revision and content_length are authoritative in AgentData metadata at read time; they are deliberately not pinned in this body.

Interface-not-brain lock. Registry/Pivot is a shared LEGO interface, not a mega-registry and not a hidden shared brain. It must not absorb birth, certify, KG reasoning, provenance, quarantine, audit-decisioning, rollback-execution, or tool-authority logic. This packet defines that boundary; it builds nothing, mutates nothing, authorizes nothing.

Separation note. This is one packet of exactly two files (this TD-prep packet + its execution report). There is no third registry-schema file and no fifth hidden packet.

0. Status and non-authorization

STATUS: PASS — engineering / design-only. This is a complete design-only contract boundary for the shared Registries/Pivot LEGO interface (surfaces S3 Registry/Pivot Identity, S4 Canonical Address, S7 Evidence/Audit Log, S8 Rollback/Delete-Rebuild). It defines what the interface is allowed to do, what it is forbidden from doing, how B-blocks and K-blocks may touch it, what evidence every block must emit, and which future writes stay Owner-gated. It builds nothing and authorizes nothing.

Engineering PASS ≠ authority PASS. A PASS here means the interface contracts are complete and fail-closed on paper. It is not an Owner authorization to design-in-detail, to write technical design, or to remediate. Default disposition: HOLD.

Pipeline position (downstream-only).

Accepted R1a/R2a root-cause baseline (+ Codex PASS_WITH_CAVEATS) → Owner Decision Packet matrices (Option D recommended, accepted) → R1/R2 Modular LEGO Architecture Scoping (accepted by Codex PASS_WITH_CAVEATS) → R1-K ∥ R2-B block-contract packets (accepted by Codex PASS_WITH_CAVEATS) → this Registries/Pivot LEGO Interface TD-prep packet (the shared-surface contract boundary) → (only if separately authorized) a narrower per-block design-only TD-prep package → (only if separately authorized again) write-enabled remediation.

This packet sits between the accepted block-contract packets and any future per-block TD-prep. It hardens the shared studs the K-lane and B-lane already reference; it does not open any next package.

Non-authorization (explicit). This document does not, and cannot: run any DB write / DDL / DML; restart or reload any container or service; run any worker / cron / job; trigger DOT / KG / birth / certify / promote / repair execution; backfill provenance; quarantine edges; set inspect_pen / inspect_stamp / inspect_gate; set certified=true; flip any dot_config / GUC gate; assign a governance owner; promote any agent-api contract DRY_RUN→REAL_RUN; write env / config files; patch source code; patch any source law / draft / note / prior report; create a current corpus; write technical design; implement; resolve any blocker; materialize KG / provenance / stamps / cell_id / dot_role / canonical_fields / canonical_address; change authority order; change the v0.1-stable / FIX7 V3 baseline; promote Tool-Kiem-Thu v0.2-hardening.

Evidence basis — INHERITED_EVIDENCE. No runtime was queried in this run. Every runtime fact cited is inherited from the accepted read-only reports (Phase-1, Phase-1B, R1/R2 read-only scoping, R1a/R2a root-cause) and the accepted design packets. AgentData metadata is authoritative at read time. The six inherited caveats (§4, CAV-1…CAV-6) constrain all wording below.

1. Purpose

Define the contract boundary for the shared Registries/Pivot LEGO interface so that future technical design cannot accidentally turn a set of isolated blocks into a single interlocked machine. The interface comprises four shared surfaces already named in the accepted LEGO scoping:

S3 — Registry / Pivot Identity — the birth_registry PREFIX-NNN identity-root pivot.
S4 — Canonical Address — the canonical_address scheme (output at promote, currently unused column).
S7 — Evidence / Audit Log — the append-only evidence trail every block emits into.
S8 — Rollback / Delete-Rebuild boundary — the per-block snapshot/rollback discipline.

This packet answers the ten interface questions:

What is registry/pivot allowed to do? — Grant structural identity (S3), define a canonical-address scheme (S4, design only), accept append-only evidence (S7), and define per-block rollback units (S8). See §5–§8.
What is registry/pivot forbidden from doing? — Certify, inspect, produce KG provenance, quarantine edges, decide/act in the audit log, become a rollback script, mint identity from inference, or assign canonical at INSERT. See §12 (RP-AC-1…12).
Difference between birth identity and canonical status? — Birth identity = PREFIX-NNN at INSERT, certified=false, TEMP/workspace stage (F1); canonical status/address = output at promote (F4), Owner-gated for canonical/kernel. See §9.
What can B-blocks read/write? — Only B1 writes S3 (identity at INSERT); only B6 maps onto S4 (at promote, design only); B2/B4/B5 touch certify/inspect contracts (not S3/S4); all append to S7; B1/B5/B6 follow S8. See §10.
What can K-blocks read/write? — No K-block touches S3 or S4. K-blocks append to S7 (K6 dedicated) and follow S8 (K4/K5). See §11.
What must never depend on KG reasoning? — Registry/pivot identity (S3) and canonical address (S4). Identity is structural and precedes inference (AC-7). See §5, §11, §12.
What evidence must every block emit into S7? — Per-run counts, ids, timestamps, hashes, paths (AP-CLOSE); append-only; never a decision. See §7.
Rollback/delete-rebuild boundary per block? — A unit of change that can be undone without touching other blocks; a discipline, never a script here. See §8.
What future TD packages must respect this interface? — All R1/R2 per-block TD-prep, plus any stamp/canonical materialization, provenance backfill, quarantine-lane build, and producer build. See §14.
What bad-input / invalid-state cases must be rejected? — Ten conceptual fail-closed rejections (BI-1…BI-10). See §13.

LEGO invariant this packet protects. Registry/Pivot is a shared interface, not a mega-registry. It must not become a hidden shared brain. It must not absorb birth, certify, KG reasoning, provenance, or automation logic. The Codex-flagged "close conceptual neighbors" that future TD must keep split are exactly the ones this packet governs: B1/S3, B6/S4, K3/S6.

2. Sources read

All sources were read first-hand from AgentData KB (batch_read, full content). To stay within context limits, reading was fanned out to parallel read-only reader-agents, each instructed to read the documents directly from the KB and return verbatim-quoted extractions; no fact below is inferred from memory or local prose. All 20 required sources read in full; none truncated.

Cluster	Sources	Status	Used for
0.1 LEGO + block-contract chain	`newlaws/consolidation/r1-r2-modular-lego-architecture-scoping-2026-06-18.md`; `reports/codex/codex-review-r1-r2-modular-lego-architecture-scoping-2026-06-18.md`; `newlaws/consolidation/r1-k-block-contract-packet-lego-2026-06-18.md`; `newlaws/consolidation/r2-b-block-contract-packet-lego-2026-06-18.md`; `reports/codex/codex-review-r1-k-r2-b-block-contract-packets-lego-2026-06-18.md`	READ (full)	LEGO invariant; 13-field contract template; S1–S8 surface map; K1–K7 / B1–B7 surface access; anti-coupling rules; Codex caveats (close-neighbor split)
0.2 Root-cause + decision	`newlaws/consolidation/owner-decision-packet-r1a-r2a-root-cause-2026-06-18.md`; `reports/codex/codex-review-owner-decision-packet-r1a-r2a-root-cause-2026-06-18.md`; `newlaws/reports/r1a-kg-runner-log-provenance-source-root-cause-2026-06-18.md`; `newlaws/reports/r2a-birth-inspection-runner-cron-log-root-cause-2026-06-18.md`; `reports/codex/codex-review-r1a-r2a-runner-cron-log-root-cause-2026-06-18.md`	READ (full)	R1/R2 root cause; 6 caveats CAV-1…6; Option D; decision matrices for identity/canonical/provenance/evidence/rollback; wording constraints
0.3 Registry / birth / governance anchors	`architecture/birth-registry-law.md` (Đ0-G); `newlaws/notes/dieu4-birth-process-compatibility-note.md`; `newlaws/notes/dieu32-approval-owner-gate-compatibility-note.md`; `laws/dieu32-approval-law.md`; `laws/dieu39-knowledge-graph-law.md`; `ssot/operating-rules.md`	READ (full)	Birth identity vs canonical timing; `birth_registry` structure/state; Owner gate (Đ32); KG law (Đ39 golden rule / provenance / quarantine); read-only discipline (OR)
0.4 R1/R2 scoping	`newlaws/reports/r1-d39-kg-provenance-quarantine-execution-readiness-scope-2026-06-17.md`; `newlaws/reports/r2-birth-certify-canonical-stamp-readiness-scope-2026-06-17.md`; `newlaws/reports/r1-r2-parallel-readonly-scoping-execution-report-2026-06-17.md`; `newlaws/consolidation/phase1b-runtime-truth-blocker-decision-packet-2026-06-17.md`	READ (full)	Live facts (2199 edges / 0 provenance; 1,402 certified vs 1,211,557 uncertified; canonical_address present-but-unused); 5 surface verdicts; blocker list (all OPEN)

(KB-path prefix knowledge/dev/ omitted in the table for width; full paths used at read time.)

3. Tool/packet lock

Carried exactly, no change:

Item	Status
Tool/packet currently built by T1 = v0.1-stable / FIX7 V3 baseline	Carried. May continue to be used for FIX7 Recheck-9 / current Codex packet. Must not be overwritten. Use only as reproducibility / comparison / regression fixture.
Tool-Kiem-Thu v0.2-hardening	Carried. Separate development track, built on a separate dev surface. May inherit lessons from V3 (black-box oracle, fail-open regression, manifest-laundering prevention). Not authority for FIX7 until it passes regression and Owner/User promotes it.

This packet does not build, run, promote, overwrite, or rely on either tool. The lock is mirrored as an anti-coupling rule (RP-AC-9) and a bad-input rejection (BI-10): a v0.2-hardening result offered as authority for FIX7 is rejected until Owner/User promotion.

4. Accepted LEGO baseline (carried, not re-derived)

The invariant (above all other details), verbatim from the accepted scoping:

Build the system like LEGO. Each block is isolated; has a clear contract; can be tested alone; can be replaced or deleted without breaking the whole. Integration happens through explicit contracts, not hidden coupling. If a design is wrong, remove that block and rebuild it without cascading damage.

The "stud" rule (how blocks connect). The studs are data contracts — inspect_* columns, the certified/certified_at pair, the provenance JSONB shape, the status='quarantine' lane, the kg_quality_log record, the Điều 32 approval_requests record. Integration = reading/writing these named surfaces, fail-closed, each block blind to the others' internals. No block calls another block's body; no block shares mutable internal state.

The thirteen-field contract template (used by every block; this packet applies it to each shared surface in §5–§8):

Responsibility · 2. Input contract · 3. Output contract · 4. Authority / Owner gate · 5. Mutate runtime? · 6. Evidence required · 7. Depends on · 8. Must NOT depend on · 9. Replacement boundary · 10. Safe failure mode · 11. Rollback boundary · 12. Bad input / invalid state · 13. Expected rejection behavior (fail-closed).

The eight shared surfaces (S1–S8) — this packet covers S3, S4, S7, S8; the other four are referenced, not redesigned:

Surface	Build-state	Role (verbatim from scoping)	This packet
S1 Owner / Điều 32 approval	EXISTS	"The quorum + Owner gate every write routes through"	referenced (the write convergence)
S2 `dot:kg` / producer owner assignment	MISSING	"Assign governance owner for KG family and birth producer"	referenced
S3 Registry / pivot identity	EXISTS	"Identity-root pivot (`birth_registry` PREFIX-NNN)"	§5 — defined
S4 Canonical address	PARTIAL	"Canonical addressing scheme (output at promote)"	§6 — defined
S5 CONS/CELL dependency	BLOCKER	"The materialization-prerequisite gate"	referenced (the materialization gate)
S6 Source-recovery	MISSING	"Out-of-band, Owner-controlled source recovery (Đ0-G + S167H)"	referenced (gates S4 canonical)
S7 Evidence / audit log	PARTIAL	"The evidence/audit trail every block emits"	§7 — defined
S8 Rollback / delete-and-rebuild boundary	PATTERN	"The per-block snapshot/rollback discipline"	§8 — defined

Zero shared write surface. Per the accepted scoping and Owner decision packet: R1 (K-blocks) and R2 (B-blocks) share zero write surface at the design tier. They converge only at S1 (Điều 32/37 Owner authorization) for any write-enabled clear/build and S5 + S6 (CONS/CELL + source-recovery) for any materialization. Neither convergence is reached by a design-only package. This interface packet does not create a new convergence point; S3/S4/S7/S8 are contracts, not a shared brain.

Codex acceptance carried. All four upstream reviews returned PASS_WITH_CAVEATS (not clean PASS). The single forward-looking isolation requirement that lands on this packet, verbatim:

"K3/S6, B6/S4, and B1/S3 are close conceptual neighbors; packets keep them separate. Future TD must preserve that split."

The six caveats (CAV-1…CAV-6), carried in substance, resolved: none.

Caveat	Carried statement (substance)
CAV-1	R1a has no executor process-log proof (`docker_logs` for the executor was DENIED). R1 is proven at the DB-contract / preflight / config layer, not the process-log layer. No process-log overclaim.
CAV-2	"No provenance source-of-truth" = no SoT in the inspected substrate — it does not mean provenance can never be recovered via a future S167H / Directus effort.
CAV-3	R2a "manual one-shot bootstrap" is supported by DB `dot_origin` buckets plus synced script content; the 2026-03-21 container logs are unavailable.
CAV-4	R2a producer scripts were read from the synced local mirror, not live `/opt/incomex/dot/bin`. No byte-for-byte live-file claim.
CAV-5	The GUC conclusion is limited to no persisted bypass/default; the transient session state remains unreadable. Must not claim a transient bypass certainly does not exist.
CAV-6	The combined R1a/R2a execution report has a non-material metadata typo (AgentData metadata wins). A cosmetic patch is a separate Owner decision, not done here.

Three wording constraints (Codex, carried): no claim of direct executor process-log proof; no claim of direct live /opt/incomex/dot/bin read; no claim that transient bypass GUCs certainly do not exist.

5. S3 — Registry / Pivot Identity boundary

What S3 is. The birth_registry PREFIX-NNN identity-root pivot. At INSERT, a governed entity gets its permanent entity_code (PREFIX-NNN) and an uncertified birth_registry row (certified=false). S3 is the registry identity facet of the same table B1 writes; B1 is the write-at-INSERT behavior, S3 is the identity-pivot contract. It grants identity, not canonical status (birth ≠ canonical). Build-state: EXISTS.

Thirteen-field contract:

Responsibility. Provide a stable structural identity-root (PREFIX-NNN) for every governed entity at INSERT. One narrow job: identity, nothing else.
Input contract. A governed-collection INSERT carrying the minimum identity inputs (entity_code, collection_name); the identity scheme itself (existing, structural).
Output contract. A birth_registry identity row with certified=false. Idempotent: ON CONFLICT (entity_code) DO NOTHING. No certify field, no inspect_*, no canonical_address written here.
Authority / Owner gate. Existing/structural — identity minting is the live birth fabric (fn_birth_registry_auto family). Any change to the identity scheme routes to S1 (Điều 32). No new gate introduced.
Mutate runtime? EXISTS today (live INSERT fabric). This packet mutates nothing; it only contracts the surface.
Evidence required (→ S7). Identity-assignment record: which entity_code, which collection, born_at, dot_origin. Append-only.
Depends on. The structural identity scheme; the governed-collection INSERT event. Nothing else.
Must NOT depend on. KG reasoning output (AC-7 / RP-AC-5). Identity is structural and precedes any graph inference; KG is REGISTERED_NOT_EXECUTED. Must not depend on certify (B4), inspection (B2/B3), or canonical (S4/B6).
Replacement boundary. The identity pivot is stable and structural; it can be re-asserted/rebuilt without touching certify, inspection, canonical, or KG. Identity scheme re-definable only via S1.
Safe failure mode. Fail closed: no identity → no birth. An entity that cannot be assigned a clean identity is not registered; it is never given a fabricated identity.
Rollback boundary (→ S8). One identity assignment (one INSERT-trigger set). Undoable without touching certify/canonical/KG. Not a script here.
Bad input / invalid state. Ungoverned/ missing governance_role; missing entity_code/collection; an attempt to set certified=true or canonical_address at INSERT; an attempt to derive identity from KG inference. (Conceptual; see BI-1, BI-6.)
Expected rejection behavior (fail-closed). Mint certified=false only, never certified=true, never any inspect_* stamp, never canonical_address. Ungoverned role → observed/excluded handling, no false certify. Invalid identity → fail-closed, no birth row fabricated. Identity-from-KG → reject (AC-7). BAD_INPUT_BEHAVIOR_UNCLEAR is not flagged for S3 — B1 is EXISTS and the rejection contract is determinable from the live fabric; but no runtime test is claimed (INHERITED_EVIDENCE).

Who touches S3. Only B1 (R2-B) writes S3. No K-block touches S3 (cross-package isolation guard AC-7). Identity scheme is referenced, not redesigned here.

6. S4 — Canonical Address boundary

What S4 is. The canonical_address scheme (and the unused owner / jsonb_profile companions) on birth_registry. Canonical address is an output at promote (F4), not an INSERT-time fact. The canonical_address column exists in the live catalog but is currently unused by the certification path. Build-state: PARTIAL (column present, unused).

Thirteen-field contract:

Responsibility. Define the canonical addressing format/scheme (design only) onto which a promote-time stamp eventually lands. One narrow job: the addressing scheme, not the act of stamping.
Input contract. A promote event + the to-be-defined mapping (B6) of BIRTH/PROMOTE stamps onto existing fields. The scheme reads certified/certified_at (the certify result) — never INSERT.
Output contract. A canonical_address value written at promote only (future, gated). Today: a mapping design, not a value.
Authority / Owner gate. Materialization gated on S5 (CONS-002/003 + CELL-003/004/007) + S6 (Đ0-G source recovery) + S1 (Điều 32). For canonical/kernel/enacted entities, the promote must pass a fail-closed promote checker + Owner gate (Mức 3 / Đ32) — not async auto-certify alone.
Mutate runtime? No (future-gated). Design-only; materialization is forbidden now.
Evidence required (→ S7). The canonical-address value and the promote decision that produced it (when materialized, later). Today: the mapping design artifact.
Depends on. S5 (composition model resolved), S6 (Đ0-G source recovered), the promote event, and B4's certified/certified_at result.
Must NOT depend on. An INSERT-time canonical claim (birth ≠ canonical). Must not depend on KG reasoning. Must not depend on net-new stamp columns.
Replacement boundary. The address scheme is re-definable at promote; B6's mapping is a design artifact that can be re-mapped. Re-definition routes via S1 + S5/S6.
Safe failure mode. Pending-Owner (no canonical). With S5/S6 open, no canonical address is materialized; the entity stays certified-or-uncertified but non-canonical.
Rollback boundary (→ S8). A scheme/mapping definition (a design artifact), re-mappable. When materialized later, the rollback unit is the per-promote canonical-address write — defined then, in a separately-authorized package, never scripted here.
Bad input / invalid state. A request to set canonical_address at INSERT; a request to define net-new stamp columns; a request to materialize while S5/S6 are open; a non-promote actor writing the canonical fields. (Conceptual; see BI-1, BI-2.)
Expected rejection behavior (fail-closed). Canonical-at-INSERT → reject / mark future-gated. Net-new stamp columns → reject as a parallel SSOT (Điều 39 NT11 / Assembly First); map only onto existing fields (certified/certified_at, unused canonical_address/owner/jsonb_profile). Materialize-while-S5/S6-open → reject (pending-Owner). Direct canonical write by a non-promote block → reject (BI-2).

Who touches S4. Only B6 (R2-B) maps onto S4, and only at promote (design only). No K-block touches S4 (the KG lane is provenance, not canonical-address). The addressing scheme is referenced, not redesigned here.

7. S7 — Evidence / Audit Log boundary

What S7 is. The append-only evidence trail every block emits into. KG side: kg_quality_log, governance_audit_log, event_outbox. Birth side: the inspect-failure audit queue, governance_audit_log, event_outbox. The only existing function touching edges + provenance is fn_iu_kg_edge_audit — an audit/read function, not a writer. kg_quality_log is currently 0 rows. Build-state: PARTIAL.

Thirteen-field contract:

Responsibility. Record, append-only, the run-evidence every other block produces. One narrow job: evidence. It records; it does not decide or act.
Input contract. Each block's "evidence required" field: per-run counts, ids, timestamps, hashes, paths (operating-rules AP-CLOSE), inspection-failure records, quality/explanation records.
Output contract. Append-only evidence/audit records. No state mutation, no decision, no approval.
Authority / Owner gate. Append-only writers are future-gated (S1) where they need building; reading evidence requires no gate. The log itself authorizes nothing.
Mutate runtime? Future-gated for the writers; the contract here is design-only.
Evidence required. S7 is the evidence sink — its own records are the evidence. (Self-referential: it stores, others supply.)
Depends on. All blocks (each appends its run-evidence). Depends on no block's internal state.
Must NOT depend on. Any decision logic. S7 must never read another surface to decide anything; it is downstream of every block, never upstream.
Replacement boundary. The log sink is swappable as long as the append-only contract holds. One block's evidence record is independent of another's.
Safe failure mode. Append-only (no-op on read). If a write cannot be appended, the evidence is missing — but no decision is ever taken from the log, so a gap degrades observability, never safety.
Rollback boundary (→ S8). Append-only; there is no state to roll back. Compaction/retention of the log is a separate, future, Owner-gated concern — not scripted here.
Bad input / invalid state. An S7 audit event presented as an approval or a gate-pass; a writer that mutates entity/edge state under the guise of "logging"; a decision block reading S7 to authorize itself. (Conceptual; see BI-8.)
Expected rejection behavior (fail-closed). An audit event acting as approval → reject (S7 records, it does not approve; approvals live only in S1/Điều 32 approval_requests + quorum). A "logging" write that mutates state → reject as a category violation ("log that mutates state" is the invalid-design smell). No block may read S7 to make a decision.

Who touches S7. Every K-block and every B-block appends its "evidence required" field here. K6 is the dedicated KG evidence/explanation emitter (kg_quality_log, report-only, no auto-fix). No block reads S7 to make a decision. S7 schema is referenced, not redesigned here.

8. S8 — Rollback / Delete-Rebuild boundary

What S8 is. The per-block snapshot/rollback discipline that makes "delete and rebuild without cascading damage" real. The reusable patterns named in the substrate: fn_iu_enact (atomic + fail-closed + post-write-verify, IU lineage) and Điều 39's mandatory pre-batch snapshot for ABox self-learning. Build-state: PATTERN. HOLD-2 is OPEN: there is no atomic end-to-end birth-certify promote transaction today (the IU-lineage fn_iu_enact is distinct from birth-certify).

Thirteen-field contract:

Responsibility. Define, per block touching registry/pivot, the rollback unit — what one block's change can be undone without touching others. One narrow job: the rollback contract, not the rollback mechanism.
Input contract. A per-block change description (e.g. one identity assignment, one tag batch, one mapping artifact).
Output contract. A rollback-unit definition (a contract). Not an executable script. Not a command sequence.
Authority / Owner gate. Any execution of rollback is future-gated (S1 + the owning block's package). The discipline here is design-only.
Mutate runtime? No (discipline / contract; design-only).
Evidence required (→ S7). The per-block rollback-unit definition and, when later executed, the rollback evidence (what was undone, when, by whom).
Depends on. The fn_iu_enact atomic/post-verify pattern (reuse candidate) and Điều 39's mandatory pre-batch snapshot for ABox writes.
Must NOT depend on. Becoming a live script in this packet. Must not depend on a global "undo everything" mechanism that crosses block boundaries.
Replacement boundary. Each block's rollback unit is re-definable independently. One block's rollback never cascades into another's.
Safe failure mode. Design-only: if a rollback unit cannot be cleanly defined for a block, that block's change is not authorized for write — fail closed, not fail open.
Rollback boundary. (Self.) Per-block units: B1 = one INSERT-trigger set; B5 = one bounded backlog pass (deletable after run); B6 = a design artifact (re-map); K4 = one idempotent OCC-keyed tag batch (Điều 39 pre-batch snapshot); K5 = one status decision (no edge mutation while design-only).
Bad input / invalid state. An S8 "rollback boundary" that includes an executable rollback script, a DELETE/UPDATE sequence, or a migration plan. (Conceptual; see BI-9.)
Expected rejection behavior (fail-closed). A concrete rollback script / command sequence / migration plan in the rollback boundary → reject as TD drift ("no concrete rollback script is written here"). Reuse of fn_iu_enact is a candidate to evaluate, never a script to copy turnkey.

Who touches S8. B1, B5, B6 (birth lane) and K4, K5 (KG lane) follow the S8 discipline. The rollback scripts are referenced as a pattern, not written here.

9. Birth identity vs canonical status

This is the load-bearing separation the interface must protect. The lifecycle, stated five-plus times across the accepted sources:

Birth identity (S3 / B1) — at INSERT. An entity gets its permanent PREFIX-NNN id and an uncertified birth_registry row (certified=false). Per the Đ4 compatibility note, verbatim: "Birth grants an identity-root, not canonical status. … It does not become canonical/certified at INSERT." Mapping: {PREFIX-NNN + certified=false at INSERT} ⇒ TEMP_ID / workspace stage (F1). Identity is structural and precedes any inference.

Certify (B4) — async, per row. trg_birth_auto_certify → fn_birth_auto_certify flips certified=true + certified_at once all three inspect_* timestamps are present (atomic per row). This consumer is live and healthy but starved — its inspection input never arrives (the producer was never operationalized; the 2026-03-21 batch was a one-shot bootstrap). Live state: 1,402 certified (all 2026-03-21) vs 1,211,557 uncertified and growing. Certify is the documentary ancestor of the F4 promote checker, not the canonical promote itself.

Canonical status / address (S4 / B6) — output at promote (F4). Mapping: {certified=true / certified_at} + {BIRTH_STAMP / PROMOTE_STAMP} ⇒ canonical birth = output at promote (F4). For canonical / kernel / enacted entities, certification must additionally pass a fail-closed promote checker + Owner gate (Mức 3 / Đ32), not async auto-certify alone. BIRTH_STAMP / PROMOTE_STAMP / OWNER_STAMP / GOV_STAMP are conceptual F4 targets, not DB artifacts — the live mechanism is certified / certified_at / inspect_* plus the unused canonical_address / owner / jsonb_profile columns.

The Đ0-G inspection chain. Entity INSERT → trigger → birth_registry (certified=false) → [Inspector PEN] → [Inspector STAMP] → [Inspector GATE] → [Auto Certify: when all inspect_* IS NOT NULL → certified=true]. The consumer half (GATE→auto-certify) is built and enabled; the producer half (PEN→STAMP→GATE inspector) is unwired stubs (DOT-TAC-BIRTH-VERIFY/-GATE registered, never executed). Đ0-G itself lives in architecture/ as a temporary working source (its Constitution reference law-00g-birth.md is broken) — a SOURCE_RECOVERY_REQUIRED item.

One-sentence rule for the interface: identity is minted at INSERT (S3, certified=false); canonical address is materialized only at promote (S4), gated; the two must never be collapsed into one INSERT-time fact.

10. B-block access contract

Birth-lane (R2-B) blocks and their permitted access to the registry/pivot interface. "Allowed" = the named studs a block may read/write; "Forbidden" = what would violate isolation or a caveat.

B-block	Allowed access	Forbidden access
B1 Birth registration	WRITE S3 (mint PREFIX-NNN identity row, `certified=false`, at INSERT, `ON CONFLICT (entity_code) DO NOTHING`); READ S3 identity scheme; append S7; follow S8 (one INSERT-trigger set)	Write `certified=true`; write any `inspect_`; write S4 `canonical_address` at INSERT; certify (AC-1); depend on KG reasoning (AC-7)*
B2 Inspect producer (MISSING)	WRITE `inspect_*` only (via the B3 contract surface); append S7; follow S8 (one producer run)	Set `certified`; fake `inspect_*=now()`; write S3 identity; write S4 canonical; the 2026-03-21 stamp-in-INSERT shortcut
B3 Inspect result (contract surface)	Carry the `inspect_*` data contract between producer and consumer (no behavior)	Any write; any S3/S4 access; presenting a "complete" signal on a partial set
B4 Certify consumer	READ `inspect_` (B3); WRITE own `certified`/`certified_at`* once all three present (atomic per row); append S7; follow S8 (one AFTER-UPDATE trigger)	Produce inspect evidence (AC-3); write S3 identity; write S4 canonical address; certify canonical/kernel without promote-checker + Đ32
B5 Backlog handling (MISSING)	One-time governed pass: WRITE `inspect_*` (same rules as B2) only when Owner-approved + bounded; append S7; follow S8 (one bounded, deletable pass)	Mass stamp-in-INSERT at 1.21M scale; write S3/S4; run without an Owner-approved bound
B6 Stamp mapping (CONCEPT)	Map onto S4 `canonical_address` at promote only (design); READ `certified`/`certified_at` (B4); follow S8 (a re-mappable design artifact)	Define net-new stamp columns (parallel SSOT, NT11); write canonical at INSERT; materialize while S5/S6 open
B7 GUC / gate policy	No registry/pivot write; decide warn-vs-block birth-gate mode (design); append S7	Flip `app.birth_gate_mode` warn→`block` without a standing B2 producer (AC-9); claim the transient GUC layer is fail-closed (CAV-5)

Summary: Only B1 writes S3; only B6 maps onto S4 (at promote, design only). B2/B4/B5 operate on the certify/inspect contracts (not the registry-identity or canonical-address surfaces). Every B-block appends to S7 and follows S8.

11. K-block access contract

KG-lane (R1-K) blocks. The central fact: no K-block touches S3 or S4. The accepted scoping states it verbatim — "R1-K touches none of S3 (registry/pivot identity) or S4 (canonical address) — those are R2-lane / structural surfaces, referenced by R2-B, not by the KG lane."

K-block	Allowed access	Forbidden access
K1 KG runner gate	Emit the 5-gate fail-closed preflight verdict; append S7	Read/write S3/S4; auto-clear any gate
K2 KG DOT contract	Bind/mode a KG DOT (`DRY_RUN`/`REAL_RUN`); append S7	Read/write S3/S4; promote a contract without S1/Đ32
K3 Provenance source recovery (MISSING)	Establish the provenance source-of-truth for edges; append S7; consume S6 (S167H, out-of-band)	Read/write S3/S4; invent a SoT (CAV-2); backfill edges (that is K4)
K4 Edge provenance tagging (MISSING)	Write `provenance` onto edges from K3's SoT (idempotent, OCC-keyed); append S7; follow S8 (one tag batch + Điều 39 snapshot)	Read/write S3/S4; create the SoT (AC-4); blind-update `universal_edges`; backfill from nothing
K5 Quarantine decision (MISSING)	Decide "no provenance ⇒ quarantine" (`status='quarantine'`, `trust_score=0`); append S7; follow S8 (one status decision)	Read/write S3/S4; mutate edges without an Owner-gated write package (AC-6)
K6 KG quality / explainability log	WRITE S7 evidence (`kg_quality_log`, report-only); the dedicated KG evidence emitter	Read/write S3/S4; auto-fix anything (AC-10) — "không giải thích = không thực thi", list-only
K7 Qdrant / vector separation	Hold the boundary: vector search is never a provenance source; append S7	Read/write S3/S4; treat embeddings as provenance (AC-8) or as registry identity

Summary: No K-block reads or writes S3 or S4. K-blocks append evidence to S7 (K6 dedicated) and follow S8 (K4/K5). The reason the KG lane and the registry-identity surface stay apart is AC-7 / RP-AC-5: registry/pivot identity must not depend on KG reasoning — identity is structural and precedes inference; KG is REGISTERED_NOT_EXECUTED with 2199 edges / 0 provenance.

12. Registry/Pivot anti-coupling rules

All are MUST-NOT. Each is grounded in the accepted root-cause evidence and the carried caveats.

Rule	Statement	Grounded in
RP-AC-1	Registry/pivot must not certify. Identity (S3) and certify (B4) are separate blocks; the pivot mints `certified=false` only.	AC-1; the 2026-03-21 fused `INSERT … certified=true` anti-pattern
RP-AC-2	Registry/pivot must not inspect. It never writes or fakes `inspect_pen`/`inspect_stamp`/`inspect_gate`.	AC-2/AC-3; B2/B3 own inspection
RP-AC-3	Registry/pivot must not produce KG provenance. Provenance is the K3/K4 lane, from a source-of-truth, never from the registry.	AC-4; 2199 edges / 0 provenance; CAV-2
RP-AC-4	Registry/pivot must not quarantine edges. Quarantine is the K5 decision lane and requires an Owner-gated write package.	AC-6; quarantine mechanism ABSENT today
RP-AC-5	Registry/pivot identity must not depend on KG reasoning. Identity is structural and precedes inference.	AC-7; "khai sinh→feed" is one-directional into the KG
RP-AC-6	Canonical address must not be assigned at birth INSERT. It is an output at promote (F4), gated on S5 + S6.	Đ4 note "birth ≠ canonical"; `canonical_address` present-but-unused
RP-AC-7	Evidence log must not decide or mutate. S7 records; approvals live only in S1/Điều 32.	S7 contract; "log that mutates state" is the invalid smell
RP-AC-8	Rollback boundary must not become a rollback script here. S8 is a per-block discipline/contract only.	S8 contract; "no concrete rollback script is written here"
RP-AC-9	Tool v0.2-hardening must not become authority for FIX7 until it passes regression and Owner/User promotes it.	Tool/packet lock (§3)
RP-AC-10	No report PASS becomes Owner authorization. Engineering PASS ≠ authority PASS; default HOLD.	AC-11; all four upstream reviews `PASS_WITH_CAVEATS`
RP-AC-11	No current corpus. This packet creates no current corpus and no registry-schema file.	Task forbidden list; OR §8 out-of-scope
RP-AC-12	No mega-registry / mega-pivot. Extend `birth_registry` / existing ledgers (Assembly First); no second SSOT, no central registry, no hidden shared brain.	AC-12; Điều 39 NT1/NT11; "extend, don't duplicate"

No hidden shared write surface. The interface adds no new convergence point. R1-K and R2-B still converge only at S1 (Điều 32/37) for writes and S5 + S6 for materialization — neither reached by a design-only package. Codex split to preserve: B1/S3, B6/S4, K3/S6 are close neighbors kept separate by contract and gate; future TD must not merge them into a hidden shared pipeline.

13. Bad-input / invalid-state rejection matrix

Conceptual contract check only — NOT run against runtime. No bad-input test was executed; nothing was minted, certified, stamped, tagged, quarantined, flipped, or mutated. Where a block is MISSING (B2/B5, K3/K4/K5), the rejection behavior is necessarily conceptual and is marked BAD_INPUT_BEHAVIOR_UNCLEAR; no tested runtime result is claimed (INHERITED_EVIDENCE). The fail-closed test: if invalid input would still produce identity / certify / canonical / provenance / approval / a PASS, the contract is fail-open and must be rejected.

Case	Expected rejection (fail-closed)	Grounding
BI-1 B1 tries to set `canonical_address` at birth INSERT	Reject / mark future-gated. Mint `certified=false` identity only; canonical is output-at-promote (S4), gated on S5+S6.	RP-AC-6; Đ4 note; §6
BI-2 B2 (or any non-promote block) tries to write directly to canonical fields	Reject. Only B6 maps onto S4, only at promote, design-only; B2 writes `inspect_*` only.	RP-AC-6; §10
BI-3 B4 certify consumer tries to create evidence instead of consuming `inspect_*`	Reject. B4 reads `inspect_*` (B3) and flips `certified` only; it never produces inspect evidence (AC-3).	RP-AC-2; §10
BI-4 K4 provenance tagger tries to create registry identity	Reject. No K-block touches S3; identity is structural, precedes inference, and is the B1/S3 lane.	RP-AC-5 (AC-7); §11
BI-5 K5 quarantine decision tries to mutate registry/pivot	Reject. K5 decides quarantine on edges only, and only via an Owner-gated write package; it never touches S3/S4.	RP-AC-4 (AC-6); §11
BI-6 KG reasoning output tries to mint identity	Reject. Identity must not depend on KG reasoning; KG is `REGISTERED_NOT_EXECUTED`. `BAD_INPUT_BEHAVIOR_UNCLEAR` (KG never executes) — conceptual reject only.	RP-AC-5 (AC-7); §5
BI-7 Qdrant / vector result offered as registry provenance	Reject as category error. Embeddings are vector/search, never governance provenance or registry identity.	RP-AC-3 (AC-8); §11 K7
BI-8 S7 audit event tries to act as an approval	Reject. S7 records; it never approves. Approvals live only in S1/Điều 32 `approval_requests` + quorum.	RP-AC-7; §7
BI-9 S8 rollback boundary includes an executable rollback script	Reject as TD drift. S8 is a per-block rollback unit discipline; no script / command sequence / migration plan is written here.	RP-AC-8; §8
BI-10 v0.2-hardening result offered as authority for FIX7	Reject until Owner/User promotes it (after it passes regression). v0.1-stable / FIX7 V3 stays the baseline.	RP-AC-9; §3

14. Owner-gated future writes

Every action below is forbidden now. Each becomes possible only after a separate Owner gate (and, where noted, CONS/CELL resolution + source recovery). Listing them is scoping, not authorization. OWNER_GATE_REQUIRED on all.

Future write (touching the interface)	Surface	Gate required	Forbidden now?
Materialize `canonical_address` / canonical fields	S4	S5 (CONS-002/003 + CELL-003/004/007) + S6 (Đ0-G recovery) + Đ32	Yes
Define the BIRTH/PROMOTE stamp ↔ existing-field mapping as built artifact	S4 / B6	HOLD-2 + S5 + Đ32	Yes
Build/wire the standing inspect producer (writes `inspect_*`)	B2 (→ S7)	Đ32 + S2 owner + channel decision (R2-D2)	Yes
Run the one-time backlog inspection pass	B5 (→ S7)	Đ32 + S5 + S6 + standing B2	Yes
Build the S7 evidence/audit writers (KG quality, inspect-failure queue)	S7 / K6 / B2	Đ32	Yes
Define and execute per-block rollback mechanisms	S8	Đ32 + the owning block's package	Yes
Recover the Đ0-G source (and the `LEGACY\|S167H` manifest for K3)	S6	Owner out-of-band (CAV-2 / CAV-3 / CAV-4)	Yes
Assign the birth-producer / `dot:kg` governance owner	S2	Điều 37 → Điều 32	Yes
Flip `app.birth_gate_mode` warn→block	B7	Điều 35 §10 criteria + standing B2 + Đ32 (CAV-5)	Yes
Backfill edge `provenance` / build the quarantine lane	K4 / K5	Đ32 + S5 + K3 SoT	Yes
Disposition the RISK-BYPASS residue (170 unvoted-applied rows)	S1	Đ32 (audit/annotate/quarantine — never auto-revert)	Yes

15. What remains unresolved

SOURCE_RECOVERY_REQUIRED — Đ0-G (S4/S6) and LEGACY|S167H (K3/S6). Đ0-G lives in architecture/ as a temporary working source; its Constitution reference law-00g-birth.md is broken. The S167H seed manifest is absent from the inspected substrate. Per CAV-2, neither recoverability nor unrecoverability is asserted — only that they are absent from the inspected substrate; recovery is out-of-band and Owner-controlled. Canonical-address materialization (S4) is gated on Đ0-G recovery.
BOUNDARY_UNCLEAR — B2/B5 producer channel. The standing producer channel (host cron / pg_cron / agent-api executor / job_queue worker, R2-D2) is not decided. It is deliberately inside the producer block (a replaceable internal), not part of the interface boundary; the S3/S4/S7/S8 contracts are channel-independent. Channel build is FUTURE_TECHNICAL_DESIGN_REQUIRED.
BAD_INPUT_BEHAVIOR_UNCLEAR — MISSING blocks (B2, B5, K3, K4, K5). Their rejection behavior is defined conceptually only; no runtime test is claimed. The interface contracts (S3/S4/S7/S8) hold regardless, because they fail closed by default.
Blockers — all OPEN, none resolved: CONS-002, CONS-003, CELL-003/004/007, HOLD-1, HOLD-2, RISK-BYPASS, GOV-016/017, GOV-REUSE-001, Điều 39 runtime-EMPTY (2199 edges / 0 provenance), Điều 35 production-readiness FAIL.
Six caveats CAV-1…CAV-6 — carried, not resolved. The three wording constraints (no executor process-log proof; no live /opt/incomex/dot/bin byte read; no claim that transient bypass GUCs certainly do not exist) constrain all wording above.
CAV-6 documentary typo — carried, not patched. Patching a prior report is forbidden; a cosmetic fix is a separate Owner decision.
FUTURE_TECHNICAL_DESIGN_REQUIRED (moved out of this packet, not written): any schema/DDL, table definition, migration plan, function body, SQL-mutate plan, registry-rebuild plan, pivot-table implementation, rollback script, command sequence, producer/runner implementation, KG backfill/quarantine mechanics, and the canonical-address materialization mechanics. These are explicitly NOT written here — they belong to a later, separately-authorized package.
NOT_LEGO_COMPATIBLE: none. S3/S4/S7/S8 each split cleanly into an isolated, contract-bounded surface. The Codex-flagged soft neighbors (B1/S3, B6/S4, K3/S6) are resolved by keeping them separate, not by merging — consistent with the LEGO filter. MEGA_REGISTRY_RISK: not triggered — no responsibility was absorbed into the interface; every block's logic stays in its owning block.

16. Recommended next package

This packet opens no next package. It hardens the shared interface the K-lane and B-lane already reference. Sequence:

NP-1 — GPT reviews the two files.
NP-2 — If accepted, Codex performs an adversarial control review.
NP-3 — Owner chooses the exact first per-block design-only TD-prep block/scope after this interface is accepted (e.g. a single K-block, a single B-block, or a strictly bounded parallel pair). The fallback noted upstream (open R2 first because the backlog grows live) must not be read as backlog write-priority over the Điều 39 provenance invariant.
NP-4 — Write-enabled remediation remains forbidden until, in order: a per-block design-only TD-prep package → Codex review → Owner approval → a rollback plan → a runtime-verification plan. No automatic TD. No automatic write-enabled remediation.

17. Ready for GPT/Codex review

Yes.

Core rule, kept above all details: Registry/Pivot is a LEGO interface, not a hidden brain. It must not absorb birth, certify, KG, provenance, quarantine, audit, rollback, or tool-authority logic. If one surface's contract is wrong, it must be removable and rebuildable without breaking the rest.

Default disposition: HOLD. Engineering PASS = a complete design-only interface contract boundary; it is not an Owner authorization to design-in-detail, to write TD, or to remediate. No PASS authorizes writes. All blockers remain OPEN.