R1 — Đ39 KG Provenance / Quarantine / Execution Readiness Scope (2026-06-17)
R1 — Đ39 KG Provenance / Quarantine / Execution Readiness Scope
Date: 2026-06-17 · Workstream: R1 (first remediation-scoping macro after Phase-1B) · Revision: rev1 Class: read-only scoping / runtime-evidence / Owner-decision-prep READ-ONLY · NON-ENACTING · NON-AUTHORIZING · NOT remediation · NOT technical design · NOT implementation · NO blocker resolved.
0. Status and non-authorization
STATUS: PARTIAL (R1 read-only scoping complete on the PostgreSQL substrate; PARTIAL because the why-it-stopped runner/log layer and the provenance source-of-truth for any future backfill are outside the read-only query_pg PG-catalog surface and were not inspected; Qdrant entity_embeddings was not queried — PG-only run).
This report is the read-only evidence packet for R1 — Điều 39 KG Provenance / Quarantine / Execution Readiness, the first of the five Phase-1B remediation macro packages. The Phase-1B packet expressly held that even the R1 "allowed first move" (read-only Phase-1-style scoping) required a separate explicit Owner gate. This run is that Owner-gated act: the read-only opening of R1∥R2 parallel scoping (the OD-3 parallel option). It collects fresh read-only runtime truth; it does not resolve any blocker and does not authorize write-enabled remediation.
Non-authorization (explicit). This report does not, and cannot: run any write query / DDL / DML; patch runtime; patch any source law, amendment, rewrite, note, or any prior report; create a current corpus; adopt or enact any draft; resolve any blocker; write full technical design; create schema/table/registry/index; materialize KG / provenance / cell_id / dot_role / canonical_fields / Species Matrix / BIRTH_STAMP / PROMOTE_STAMP; trigger DOT / KG / promote / birth / repair; backfill provenance; quarantine edges; change authority order (CONS-004); change the v0.1 baseline; promote v0.2-hardening. Engineering verification ≠ Authority approval. A GPT/Codex PASS on this report is not an Owner authorization to remediate. Every blocker remains OPEN.
1. Sources read
KB sources (read first-hand via read-only batch_read/get_document through parallel read-only reader-agents):
| # | Source | Status |
|---|---|---|
| 1 | consolidation/phase1b-runtime-truth-blocker-decision-packet-2026-06-17.md (rev1) |
READ |
| 2 | reports/phase1b-runtime-truth-blocker-decision-execution-report-2026-06-17.md (rev1) |
READ |
| 3 | reports/phase1-readonly-runtime-blocker-verification-2026-06-17.md (rev1) |
READ |
| 4 | LAW_READING_INDEX.md (rev2) + consolidation/current-understanding-pointer-layer-2026-06-17.md (rev1) |
READ |
| 5 | notes/dieu39-knowledge-graph-compatibility-note.md (rev1) |
READ |
| 6 | laws/dieu39-knowledge-graph-law.md (Đ39 v2.3, BAN HÀNH) |
READ |
| 7 | rewrites/dieu37-governance-organization-law-rewrite-draft.md (rev1, DRAFT) |
READ |
| 8 | notes/dieu32-approval-owner-gate-compatibility-note.md, notes/dieu35-dot-governance-compatibility-note.md, laws/dieu32-approval-law.md, laws/dieu35-dot-governance-law.md, ssot/operating-rules.md |
READ |
No required R1 source was unreadable. (Local repo is substrate-free/stale — PH1-F10; the VPS PostgreSQL directus DB is SoT for these runtime blockers.)
Baseline expectation carried in (Phase-1B), for R1: KG registered = yes; executed = no; edges provenance-compliant = no; quarantine = not proven; backfill = not authorized; execution = not authorized. Control caveat C-1: the universal_edges 0-provenance finding (PH1-F1) is the Đ39 / KG provenance-or-quarantine invariant, not an authority bypass; severity stays HIGH, surface corrected to Đ39 / KG provenance.
2. Runtime command ledger
All commands executed against database directus via the query_pg MCP tool. Read-only proof: query_pg is AST-validated, runs inside a READ ONLY transaction as role context_pack_readonly, statement_timeout 5s, hard LIMIT 500, no writes/DDL. Confirmed live: SELECT current_user → context_pack_readonly; session anchor 2026-06-17 14:03:41 UTC. The pg_schema helper tool failed (AmbiguousParameter on its $1 schema param) — a tool-side introspection bug, not a write attempt; schema was obtained via read-only information_schema SELECTs instead.
| ID | Query (abbrev.) | Read-only? | Exit | Used for |
|---|---|---|---|---|
| L1 | SELECT now(), current_user, current_database() |
yes | success | read-only role proof / session anchor |
| L2 | information_schema.columns for universal_edges, birth_registry, kg_auto_approve_rules, kg_quality_log, governance_registry, kg_source_authority |
yes | success (85 rows) | §3 schema inventory |
| L3 | information_schema.tables WHERE table_name LIKE 'kg\_%' |
yes | success (11 rows) | §3 KG table/view inventory |
| L4 | universal_edges aggregate (total / provenance / valid_time / confidence / status / edge_types / date range) |
yes | success (1 row) | §4 |
| L5 | kg_auto_approve_rules full content |
yes | success (6 rows) | §8 |
| L6 | kg_quality_log count + max(run_at) |
yes | success (1 row) | §6 |
| L7 | kg_source_authority full content |
yes | success (5 rows) | §8 |
| L8 | governance_registry WHERE KG |
yes | success (1 row) | §7 |
| L9 | dot_tools column inventory |
yes | success (28 rows) | §5 |
| L10 | dot_tools domain breakdown (n / executed / max last_executed) |
yes | success (35 rows) | §5 |
| L11 | dot_tools WHERE domain LIKE 'kg.%' enumeration |
yes | success (36 rows) | §5 |
| L12 | pg_proc WHERE prosrc ILIKE '%quarantine%' |
yes | success (1 row) | §9 |
| L13 | pg_proc WHERE prosrc ILIKE '%universal_edges%' AND '%provenance%' |
yes | success (1 row) | §9, §10 |
| (pg_schema ×3) | introspection helper | n/a | tool-error (AmbiguousParameter) | superseded by L2 |
No write, DDL, DML, or execution call was made or prepared.
3. KG substrate inventory
Config / log tables (8 base tables, kg_*): kg_acl_config, kg_auto_approve_rules, kg_constraint_config, kg_priority_templates, kg_quality_log, kg_signal_config, kg_source_authority, kg_thresholds.
Views (3): kg_evolution_latest, kg_quality_issues, kg_quality_latest. (Edge views v_kg_edges_all, v_dotkg_realrun_preflight exist under the v_ prefix per Phase-1; not re-listed by the kg_% filter.)
Absent (not yet built): the C9 self-learning tables kg_weight_snapshots, kg_model_versions, kg_evolution_snapshots, and scaffold_dependency_map (per Phase-1; consistent with 0 KG execution).
Edge store — universal_edges carries the Đ39-extension columns: provenance jsonb, valid_time tstzrange, confidence numeric, plus valid_from/valid_to, weight, status, is_auto_managed, edge_type/edge_subtype, metadata jsonb, _dot_origin, date_created/date_updated. Correction to the carried digest: there is no version column on universal_edges; bitemporality is expressed via valid_from/valid_to plus the (unused) valid_time range. Severity LOW (documentary detail; blocks nothing).
Verdict: KG is registered & scaffolded at the schema/config level — the substrate exists. It is not runtime-backed (see §4–§6).
4. universal_edges provenance state
universal_edges aggregate (L4):
| Metric | Value |
|---|---|
| total edges | 2199 |
provenance IS NOT NULL |
0 |
| provenance non-empty | 0 |
valid_time set |
0 |
confidence set |
2199 (100%) |
status='active' |
2199 (all) |
is_auto_managed |
2199 (all) |
distinct edge_type |
3 |
first / last date_created |
2026-03-19 07:02 → 2026-04-21 02:45 |
Reading. Đ39 §0 / A8 mandate: "Mọi edge + decision PHẢI có confidence + freshness + provenance + source_authority" and "Không provenance = quarantine." Live: every one of the 2199 active edges has confidence but zero provenance and zero valid_time. The provenance-or-quarantine invariant is therefore unenforced and unmet on the entire live edge store. (This is PH1-F1, surface = Đ39/KG provenance per caveat C-1, severity HIGH.) Edge creation stopped on 2026-04-21; no edge has been quarantined (all 2199 are status=active), confirming no quarantine pass has ever run.
5. KG DOT registration / execution state
The 36 KG DOTs are registered under ten kg.* sub-domains (L10, L11). Every KG DOT has executed=0, last_executed=NULL, and operation=NULL:
| kg.* sub-domain | DOTs | executed |
|---|---|---|
| kg.business | 6 | 0 |
| kg.formation | 6 | 0 |
| kg.governance | 6 | 0 |
| kg.priority | 4 | 0 |
| kg.quality | 4 | 0 |
| kg.explain | 2 | 0 |
| kg.learning | 2 | 0 |
| kg.scaffold | 2 | 0 |
| kg.eviction | 2 | 0 |
| kg.conversational | 2 | 0 |
| Total | 36 | 0 |
Directly R1-relevant registered-but-unexecuted DOTs: DOT_KG_PROVENANCE_TAG (kg.governance, B) and DOT_KG_PROVENANCE_AUDIT (kg.governance, A) — the provenance machinery is designed and registered but has never run; DOT_KG_EXPLAIN/DOT_KG_EXPLAIN_VERIFY (explanation_path / Đ39 C7); DOT_KG_HEALTH/DOT_KG_ORPHAN/DOT_KG_CORRECT (would write kg_quality_log); DOT_KG_SCAFFOLD_BUILD/VALIDATE (TBox); DOT_KG_SELF_LEARN/SELF_SCORE (ABox self-learn); DOT_KG_CONSTRAINT_CHECK, DOT_KG_OVERRIDE_AUDIT/LOG, DOT_KG_DISCOVER_PROPOSE (governance); DOT_KG_EVICT_SCAN/VERIFY (stale-retire). The A/B tiering reflects the Đ39 "18-pair" structure.
Note on last_executed (PH1-F9): non-KG DOTs that show "executed" share a single uniform timestamp 2026-03-31 08:08:57 — a backfill stamp, not live telemetry. KG DOTs do not even carry that stamp (NULL). Liveness must be judged by heartbeats/quality logs, not last_executed; both signals say KG = inert.
6. kg_quality_log / quality telemetry state
kg_quality_log: 0 rows, max(run_at)=NULL (L6). No KG quality, explanation, orphan, consistency, or self-learning run has ever been logged. Đ39 C7: "Decision kèm explanation_path. Lưu kg_quality_log. Không giải thích = không thực thi." With an empty quality log, the explainability precondition for KG execution is unsatisfied. The kg_quality_latest / kg_evolution_latest / kg_quality_issues views exist but have no underlying rows to surface.
7. GOV-KG-SYS registration state
governance_registry (L8): exactly one KG row —
| field | value |
|---|---|
| code | GOV-KG-SYS |
| name | Hệ thống Knowledge Graph |
| gov_type | system |
| domain | kg |
| primary_collection | NULL |
| created_by_law | NRM-LAW-39 |
| health_dot | NULL |
| status | active |
Reading. The owner is registered and active — this contradicts the stale documentary claim "owner unregistered" (documentary-lag finding PH1-C2; refreshing the docs is a separate Owner-gated step, not done here). But primary_collection and health_dot are NULL → registered but inert / unmonitored (no health DOT bound, no primary collection). Registration ≠ execution. Đ39 §7B "Chưa đăng ký = chưa triển khai" is satisfied at the registration layer only.
8. kg_auto_approve_rules and TBox/ABox posture
kg_auto_approve_rules (6 rows, all is_active=true) — L5:
| change_type | auto_approve | confidence_threshold | requires_human |
|---|---|---|---|
scaffold_modify (TBox) |
false | 0.0 | always |
species_create (TBox) |
false | 0.0 | always ("Nguyên tắc vàng Đ39 §0") |
edge_delete |
false | 0.0 | always |
edge_create |
false | 0.8 | above_threshold |
link_merge |
false | 0.7 | above_threshold |
edge_weight_update (ABox weight) |
true | 0.9 | above_threshold |
kg_source_authority (5 rows, all active) — L7: regulation=1.0 > report=0.7 > api=0.6 > manual=0.5 > chat=0.3. This matches Đ39's ordering "quy định (Đ38) > báo cáo > chat."
Reading. The config posture is Đ39-aligned and fail-closed: only ABox edge_weight_update is auto-approvable; all TBox changes (scaffold_modify, species_create) and deletes require a human, honoring "AI ĐƯỢC ĐỀ XUẤT, KHÔNG ĐƯỢC TỰ BAN HÀNH TRI THỨC CHUẨN." Because KG never executes, these rules have never fired — the guardrail is correct but untested at runtime. This is a readiness asset, not a blocker.
9. Quarantine readiness gap
R1 must answer whether a quarantine mechanism exists in live runtime. Evidence:
- No KG-edge quarantine function.
pg_procsource search for'quarantine'(L12) returns exactly one function —fn_preflight_guard— a generic preflight guard, not auniversal_edgesquarantine implementation. There is nofn_kg_quarantine, no quarantine trigger, and no edge carries a non-activestatus (all 2199 = active). - No live provenance writer/backfiller. Source search for functions touching both
universal_edgesandprovenance(L13) returns exactly one —fn_iu_kg_edge_audit— an audit (read/inspect) function, not a provenance-tagging or backfill writer. The intended writerDOT_KG_PROVENANCE_TAGis registered but never executed (§5).
Gap. "Quarantine" as required by Đ39 (orphan→auto-link/quarantine; contradiction→quarantine; no-provenance→quarantine) is not present as a built, wired runtime mechanism. What "quarantine" must mean in live runtime — e.g. an edge status='quarantine' lane plus a fail-closed gate that refuses promotion of no-provenance edges, honoring TBox-human/ABox-AI — is a design-direction question that remains gated (see §13). No quarantine design is written here.
10. Execution readiness gap
Before any KG execution or provenance backfill could be safe, the following are unmet: (a) provenance source-of-truth — there is no mapping from the 2199 existing edges back to source documents/sections; the only provenance toucher is an audit function; backfill would require deciding where provenance comes from, which does not exist in the substrate; (b) explainability telemetry — kg_quality_log=0, so the C7 "no explanation = no execution" gate has nothing to satisfy it; (c) execution model — 0/36 DOTs have ever run; whether/how KG DOTs may execute (runner, preflight v_dotkg_realrun_preflight, heartbeats) is unverified from the catalog and was not inspected at the runner/log layer (read-only-but-out-of-scope here); (d) CONS-002/003 + CELL-003/004/007 remain unresolved Owner prerequisites to any materialization. Backfill, quarantine enforcement, and KG DOT execution are each a separate write-enabled workstream — NOT authorized.
11. Findings
| ID | Severity | Summary | Blocks TD? | Blocks impl? |
|---|---|---|---|---|
| R1-F1 | HIGH | universal_edges 2199/2199 active, 0 provenance, 0 valid_time → Đ39 provenance-or-quarantine invariant unenforced/unmet (= PH1-F1, surface Đ39/KG per C-1) |
Yes (Đ39) | Yes |
| R1-F2 | HIGH | 36 KG DOTs registered, 0 executed (incl. DOT_KG_PROVENANCE_TAG/AUDIT); KG runtime has zero productive execution |
Yes | Yes |
| R1-F3 | HIGH | kg_quality_log=0 → Đ39 C7 "không giải thích = không thực thi" precondition unsatisfied; no quality/explanation telemetry ever |
Yes | Yes |
| R1-F4 | MEDIUM | No built KG-edge quarantine mechanism (only fn_preflight_guard refs quarantine; only fn_iu_kg_edge_audit touches edges+provenance; no writer/backfiller) |
Yes (design gap) | Yes |
| R1-F5 | LOW/INFO (asset) | Config layer is Đ39-aligned & fail-closed — kg_auto_approve_rules (TBox human-only) + kg_source_authority 5-tier; GOV-KG-SYS active. Untested because KG never executes |
No | No |
| R1-F6 | INFO/correction | universal_edges has no version column (carried digest erred); confidence is 100% populated; GOV-KG-SYS.primary_collection/health_dot=NULL (registered-but-inert) |
No | No |
No CRITICAL finding. No active mutation or authority bypass observed (consistent with C-1: KG provenance is its own surface, distinct from RISK-BYPASS). No finding is marked resolved.
Explicit R1 answers (baseline vs live):
- Is KG registered? Yes —
GOV-KG-SYSactive; 36 DOTs + 8 config tables + 3 views + edge provenance/valid_time columns present. - Is KG executed? No — 0/36 DOTs executed;
kg_quality_log=0; 0 provenance/valid_time written; edge creation stopped 2026-04-21. - Are edges provenance-compliant? No — 0/2199.
- Is quarantine mechanism present? No — no built KG-edge quarantine function/trigger; no edge quarantined.
- Is provenance backfill safe now? No — forbidden; and unsafe in principle (no provenance source-of-truth; writer DOT never run; CONS-002/003+CELL prerequisites open).
- Is KG execution safe now? No — not authorized; explainability/quality telemetry empty; execution model unverified.
(All six match the Phase-1B baseline.)
12. What remains blocked
Every blocker stays OPEN: Đ39 surface REGISTERED_NOT_EXECUTED; PH1-F1 HIGH (Đ39/KG provenance). Technical design for any KG build/rollout is GATED — no KG build/rollout TD until a provenance backfill + quarantine gate are designed (Phase-1B §6), and that design itself awaits Owner package authorization. Forbidden until the Owner opens a write-enabled R1 workstream: edge writes; provenance materialization; KG DOT execution; kg_* schema change; TBox mutation; quarantine of edges; materialization of KG / provenance / cell_id / dot_role / canonical_fields / Species Matrix. CONS-002/003 + CELL-003/004/007 must be resolved (Owner-gated) before any R1 materialization.
13. Owner decisions required
- OD-3 (carried): This run executed the read-only R1∥R2 parallel scoping (the supported parallel option). The Owner now decides whether to open R1 as a write-enabled remediation workstream, keep it read-only, or sequence it behind R2.
- R1-OD-a (new, read-only/design-gated): authorize — or not — a follow-on read-only provenance source-of-truth study (where would provenance for the 2199 edges originate?
DOT_KG_PROVENANCE_TAGdesign intent vs. source docs/sections) and a read-only KG-runner/preflight inspection (docker logs /dot/specs/v_dotkg_realrun_preflight) to establish why 0/36 DOTs ever ran. Still read-only; separately gated; no backfill, no execution. - R1-OD-b (new, design-direction-gated): decide the target quarantine semantics for
universal_edges(e.g. astatus='quarantine'lane + fail-closed no-provenance gate honoring TBox-human/ABox-AI) — to be designed (not built) only after the package is opened. - OD-8 (carried): confirm CONS-002/003 + CELL-003/004/007 resolution remains a prerequisite to any R1 materialization.
Backfill / quarantine enforcement / KG DOT execution = a later, separate, write-enabled workstream. Engineering/Codex PASS ≠ Owner authorization.
14. Next recommended action
- GPT reviews this R1 scoping report (alongside R2 and the combined execution report).
- If accepted, Codex adversarial control review.
- Owner chooses whether to open write-enabled remediation for R1, keep R1 read-only (and, if so, authorize R1-OD-a's read-only runner/provenance study), and decides OD-3 / OD-8 plus R1-OD-a/b.
Default disposition: HOLD. PARTIAL ≠ Owner authorization; no blocker resolved; no KG/provenance materialization; TD remains gated.