Codex Follow-up Audit - Question Catalog HOLD Fixes

Date: 2026-06-15
Scope: Read-only verification of the previous Codex HOLD fixes in AgentData KB document knowledge/dev/laws-new/cau-hoi-khi-tai-cau-truc.md.
Catalog evidence: AgentData revision 69, content length 142680.
Status: PASS_WITH_MINOR_FIXES
Mutation boundary: No catalog patch, implementation, DB/production mutation, checker, pilot, registry, table, index, worker, DOT, or source manifest was created.

EXECUTIVE SUMMARY

• Revision 69 substantively fixes the previous HOLD: it adds Pilot Slice First, narrows L0, adds source/revision/delivery gates, Owner checkpoints, operational risks R6-R9, earliest-layer mapping, and CONS-001..005.
• The catalog is now suitable for Owner review.
• It is not yet safe to open the scoped read-only pilot-slice survey because several older lines still imply full-catalog completion or global blockers. These are wording conflicts, not architectural gaps, and should be corrected with a small patch.
• No new system or structural layer is needed. The remaining work is limited to reconciling old wording with the new pilot-slice rule.

HOLD-FIX VERIFICATION

Previous HOLD issue	Fixed?	Evidence from rev69	Remaining issue	Minimal patch if needed
Catalog could become a checklist monster	partial	§2e says catalog is a whole-system risk map, not a checklist that must be answered in full; §19 scopes blockers to slice + direct dependencies	§2 still requires updating “từng câu hỏi (không bỏ trống)”; old-survey note says later work must answer “từng dòng”	Scope these statements to the pilot slice + direct dependencies; outside-slice items remain TODO/DEFER
L0 was a global blocker	partial	L0 now blocks design/new creation only inside pilot slice + direct dependencies and does not block read-only work outside the slice	L1 says it blocks all L2-L8 without repeating slice scope	Add “trong pilot slice + direct dependencies” to L1 blocker wording
Source/revision authority was undefined	yes	Group S covers KB vs checkout vs runtime authority, revision/hash pinning, same-version reading, config delivery, and stale-config fail-closed behavior	Avoid interpreting source map/manifest as a mandatory new system artifact	State that an inline evidence record is sufficient unless Owner approves a new artifact
Owner authorization was missing	yes	Owner checkpoints state evidence is not authorization and gate survey/gap report, exceptions, checker, rehearsal, and pilot	APPROVED by Codex can still be misread as transition authority	Clarify Codex approval is answer-quality approval only; phase authorization remains Owner-only
Operational readiness was under-covered	yes	R6-R9 add runtime/config, bypass/write permission, crash/retry/outbox, retention/backpressure/cardinality, and time/TTL risks	Dependency Map L7 still says scanner is not a hard blocker	Make minimal scoped scanner/heartbeat evidence a pilot blocker; broader scanner coverage may defer
Risks appeared first at L5b	partial	Earliest-layer note maps RISK-GC/CELL/STL/IDX/AP/CRASH/RUN/SRC correctly and says L5b is final roll-up	L5b summary row omits Group S and new R6-R9 families	Update row summary to include Group S and R6-R9
Cross-draft contradictions were not gated	yes	CONS-001..005 cover all five requested contradiction classes and require Owner freeze	None found in follow-up scope	None

PILOT SLICE / L0 AUDIT

• Verdict: Correct direction, but wording cleanup is required before survey.
• §2e and §19 clearly establish the catalog as a risk map and require a narrow pilot slice before the next survey.
• L0 is no longer structurally global. It applies to design/new creation within the selected slice and direct dependencies.
• Remaining global-blocker wording:
  • §2 requires updating status/satisfaction for “từng câu hỏi (không bỏ trống)”.
  • §2 prevents progression until “mọi câu BLOCKER” is answered without explicitly limiting scope.
  • §19 still refers to comparing questions “từng dòng” and starting Group 0 then A-N.
  • Dependency Map L1 says it blocks all L2-L8 without repeating slice scope.
• Minimal patch: Replace these statements with “questions/blockers applicable to the selected pilot slice + direct dependencies, plus cross-cutting SRC/CONS/RUN gates”; outside-slice questions stay TODO/DEFER and do not block the slice.

SOURCE / REVISION / DELIVERY AUDIT

• Verdict: PASS.
• Group S covers source authority across KB/checkout/runtime, revision or hash pinning, source-map/manifest questions, same-version consumption, config delivery, and stale-config fail-closed behavior.
• Missing gates: No material gate is missing before a read-only survey.
• Minimal patch: Clarify that source evidence may be recorded inline; do not require creation of a new manifest subsystem or artifact by default.

OWNER CHECKPOINT AUDIT

• Verdict: PASS.
• Sizing: Right-sized for transitions and dangerous actions. It does not require Owner approval for every catalog answer.
• The checkpoints correctly separate evidence quality from authorization and cover slice selection/blocker set, gap-report transition, new-artifact exceptions, checker design/selftest, atomic-promote rehearsal, and pilot.
• Minimal patch: Clarify that Codex APPROVED means answer-quality approval only, not authorization to cross a phase gate. One Owner decision may approve a bounded slice/batch to prevent approval ceremony from becoming an operational bottleneck.

OPERATIONAL RISK AUDIT

• Verdict: PASS_WITH_MINOR_FIXES.
• RISK-RUN, RISK-BYPASS, RISK-CRASH, RISK-CAP, and RISK-TIME cover the requested runtime, bypass, crash/retry/outbox, retention/cardinality/backpressure, and clock/TTL risks.
• Earliest-layer mapping is correct and L5b is explicitly a final roll-up.
• Remaining risk before a pilot slice:
  • L7 says scanner is not a hard blocker, conflicting with the need for minimal scoped liveness/heartbeat evidence.
  • A pilot slice can be selected because it is easy rather than representative, producing a false confidence result.
  • “Direct dependencies” can be under-scoped unless its closure rule and exclusions are recorded.
• Minimal patch: Make minimal scoped scanner/heartbeat evidence a blocker before pilot; add a slice statement recording dependency closure, what the slice proves, what it does not prove, and excluded risk classes. Do not require a broad scanner or new system.

CROSS-DRAFT CONSISTENCY AUDIT

• Verdict: PASS.
• CONS-001..005 cover pre-promote stamp storage, IO Contract fields versus DOT/evidence/owner, six-versus-seven composition levels, authority order among drafts/Constitution, and Owner freeze.
• Missing contradictions: None found in the requested follow-up scope.
• Minimal patch: None.

§18 AND §19 CONSISTENCY

• §18 totals are internally consistent with the added questions: approximately 365 total, approximately 138 TODO, and approximately 77 blockers.
• §18 identifies the newly added areas not covered by the old survey.
• §19 preserves pilot-slice usage, source/revision gates, Owner checkpoints, operational evidence, and cross-draft freeze.
• §19 items that still imply “từng dòng” and Group 0 then A-N should be explicitly scoped to the selected slice and direct dependencies.

FINAL RECOMMENDATION

• Ready for Owner review? yes.
• Ready for scoped read-only pilot-slice survey? conditional: only after the wording conflicts above are patched and Owner approves/freezes the selected slice and blocker set.
• Need further Claude patch before Owner review? no.
• Top remaining fixes:
  1. Scope all old “từng câu hỏi/từng dòng/mọi BLOCKER/A-N” wording to pilot slice + direct dependencies and cross-cutting gates.
  2. Align Dependency Map L1/L5b/L7 with slice scope, new R6-R9/Group S, and minimal scoped liveness evidence.
  3. Record direct-dependency closure and what the selected slice does and does not prove.
  4. Clarify Codex answer approval versus Owner phase authorization.

DO NOT IMPLEMENT

• Confirmed: no implementation or production/DB mutation was performed.
• Confirmed: no Question Catalog answer, catalog patch, checker, pilot, registry/table/index/worker/DOT/source manifest, or gap report was created.