Incomex AI Portal
KB-7DD4 rev 6

F3 — IO Contract + Formula + Assembly Machine / DOT — Read-only Execution Report

39 min read Revision 6
laws-newf3io-contractformulaassembly-machinedotexecution-reportread-only2026-06-16

F3 — IO Contract + Formula + Assembly Machine / DOT — Read-only Execution Report

Ngày: 2026-06-16 · Soạn: Claude Code CLI (read-only AgentData KB) · Track: knowledge/dev/laws-new/ Packet basis: f3-io-formula-assembly-dot-reuse-survey-packet.md rev1 (this run; internal gate §10 passed — see §1). Control basis: technical-slice-framework.md rev56 (§6c F3 = D6 + D7; §6.2/§6.3; §6b rows 1/2/4/7; §4; §5; §18 ca 14/15/17/18/21; §19; S3 pin a2ab3582…889, len 117459). Concept basis: de-bai-cai-tien.md rev33 (§II.1, §III.6/§III.7, §IV.3, §V.5/§V.10/§V.13, §VI Lego Protocol; S4 pin 6e921f0a…704, len 29088). Catalog basis: cau-hoi-khi-tai-cau-truc.md rev82 (Nhóm G Formula, Nhóm H IO Contract, Nhóm J + §12b DOT, Nhóm 0 REUSE-, Nhóm R RISK-, CONS-002/003; S5 pin 2da1a82…342, len 145449). Evidence/gate basis: F2 owner decision record rev1 (F2 gate CLOSED) + F2 execution report rev1 (PARTIAL) + F2 packet rev1 + F1 decision rev1 + F0 decision rev1. Run authorization: GPT/Owner authorized the F3 Program Macro; this read-only execution ran only because the packet §10 internal gate passed (all 8 items GREEN). No Phase-1, no live DB/runtime, no implementation, no schema/registry/DOT/checker/scanner creation, no DOT registration/run, no formula run, no assembly build, no canonical birth write, no CONS-003 / CELL-* / CONS-002 resolution, no cell_id / dot_role materialization. Layer: F3 = one layer above F2 in the §6c build order; sits below F4 (Stamp Lifecycle + Checker / Promote / Rollback, where canonical birth is the output at promote).

0. STATUS (one line at top)

STATUS: PARTIAL — F3 read-only execution is complete and honest. All F3 candidate assets are classified into Q1/Q2/Q3 from F3-critical current-pass KB evidence plus carried-pinned F0/F1/F2 authority and decision lineage, the 3 Owner questions are answered, the F3 boundary (IO Contract thin / not Module Contract First; Formula / Assembly Machine / DOT = documentary only; dot_tools wrapper-only; cell_id pending; canonical birth = F4) is held, and every forbidden action remained blocked. PARTIAL (not PASS) because every F3 asset is DOCUMENTARY_ONLY or GAP (framework §6c D6/D7: IO = DOCUMENTARY_ONLY with examples a declared GAP; formula = GAP/DOCUMENTARY_ONLY with no registry/engine and 0 DOT assemble; assembly machine = "chưa designed"; dot_tools ~309 documentary, no dot_role/cell_id), and the gating conflicts/risks (CONS-003, CELL-003/004/007, CONS-002, HOLD-1, HOLD-2, STG-012, STG-015, STG-REUSE-001/003, RISK-GC/CAP/BYPASS, DOT-CAP-001/004/006/010) remain Owner-/Phase-1-gated and are carried, not resolved. No forbidden action performed. Documentary ≠ live proof · Prior-session ≠ current proof · Engineering PASS ≠ Authority PASS · Reuse-now ≠ live-proven.

1. Status / boundary confirmation (incl. internal gate result)

Internal gate (packet §10) — result: ALL GREEN → execution authorized in-macro.

# Gate item Result Evidence
G1 Mandatory sources readable ✅ GREEN F3-critical sources read/confirmed this pass: F2 report/packet/decision, framework rev56 (§6c D6/D7 + §6b + §4 + §18 + §19), de-bai rev33, catalog rev82 (Nhóm G/H/J/0/R). F1/F0 records, constitution rev44 (Đ0-B/Đ29), and operating-rules (OR) rev51 are carried-pinned from prior closed gates unless explicitly marked otherwise
G2 F2 gate closed first ✅ GREEN reports/f2/f2-owner-decision-record-2026-06-16.md rev1 accepts F2
G3 Every F3 asset classifiable honestly ✅ GREEN each Q1/Q2/Q3 row pinned to a KB source; no live proof invented
G4 No live DB/runtime/Phase-1 needed ✅ GREEN classification is documentary-only; iu_staging_* / dot_tools untouched
G5 No conflict resolution needed ✅ GREEN CONS-003 / CELL-003/004/007 / CONS-002 carried, not resolved
G6 No schema/design/implementation needed ✅ GREEN no cell_id/dot_role materialization; no DOT/checker/scanner/formula registry; no formula/DOT/assembly execution
G7 Boundary held ✅ GREEN IO thin (not Module Contract First); formula/assembly/DOT documentary; dot_tools wrapper-only; no canonical birth
G8 3 Owner questions preserved ✅ GREEN Q1/Q2/Q3 answered in §2

Boundary confirmation:

  • read-only only (KB read; no live DB/runtime): yes
  • no live DB / Postgres / Directus / runtime / production touched: yes (iu_staging_* / dot_tools untouched — HOLD-1 / documentary)
  • F3 scope kept to IO Contract + Formula + Assembly Machine / DOT (= D6 + D7): yes
  • IO Contract kept thin (5-field) — not Module Contract First: yes
  • Formula / Assembly Machine / DOT kept documentary — no registry/engine/machine, no execution: yes
  • dot_tools kept documentary / wrapper-only; no dot_role/cell_id materialization: yes
  • TEMP_ID / candidate_id inherited from F1/F2 (no canonical birth / BIRTH_STAMP written): yes (F4 deferred)
  • cell_id / cell context kept pending; CONS-003 / CELL-003/004/007 NOT resolved (carried): yes
  • no DOT registered or run; no formula run; no assembly machine built; no checker/scanner created: yes
  • exactly one F3 execution report document created (this file): yes

In-scope performed: pinned the documentary state of each F3 candidate from KB sources (framework §6c D6/D7, §6b, §5, §4, §18, §19; de-bai §II/§III/§IV/§V/§VI; catalog Nhóm G/H/J/0/R), classified each into Q1/Q2/Q3 with an evidence pin and a documentary-vs-live label, restated the F3 boundary, and surfaced the gating conflicts/risks as carried obligations.

2. Owner View — 3 câu hỏi reuse-first (control surface, simple)

Đọc riêng mục này là đủ để Owner/GPT biết F3 đã phân loại gì để dùng lạikhông làm gì chạm hệ thống. Chi tiết kỹ thuật ở §3 trở xuống. Mục này KHÔNG ủy quyền bất cứ điều gì.

Owner question Answered? Summary (from current-pass KB evidence)
Q1 — Cái gì đang có và (giả thuyết) dùng lại được? (reuse-now — documentary) ✅ Yes IO Contract 5-field (nhận·trả·schema_min·fail·rollback; de-bai §III.6/§VI.3; framework §6b r1/D6; catalog REUSE-015) = boundary concept reuse-now, không Module Contract First. Smart Brick shape inherited from F2 (de-bai §VI.1/§VI.2; framework D4). Candidate packet = view/projection (candidate_id+packet_hash; de-bai §V.13) — documentary only. Formula concept as documentary pattern (de-bai §II.1/§III.7/§VI.5) — NOT an implemented formula. Assembly Machine concept as documentary pattern (de-bai §II.1; framework D7) — NOT a runtime machine. DOT/wrapper concept + dot_tools as documentary candidate, wrapper-only (de-bai §IV.3; framework D7/§4; catalog REUSE-013/DOT-REUSE-001/002). fn_iu_cut_from_manifest ~70% reusable via wrapper (REUSE-004; maybe formula.v0.1 per FORMULA-REUSE-001). Rollback/delete-fast boundary (de-bai §VI.4). F0/F1/F2 accepted source/evidence baseline + decisions. Trung thực: "reuse-now" = ứng viên tài liệu mang sang F4 — KHÔNG = đã chứng minh live.
Q2 — Cái gì cần sửa/kiểm chứng mới dùng lại được? (repair / verify-before-reuse) ✅ Yes IO examples/templates = GAP/documentary (framework D6 "examples chưa biết", §18 ca 14; catalog IO-001 web-test UNKNOWN; CONS-002 IO-source BLOCKER). Formula per layer = GAP/documentary (D6, §18 ca 15; FORMULA-001/003/006 = no registry/engine/0 assemble; formula.v0.1 deferred). Assembly Machine not implemented (D7 "chưa designed", §18 ca 17; DOT_FORMULA_ASSEMBLE deferred). DOT coverage matrix = GAP (D7 "matrix later", §18 ca 18; only provisional Bảng 14). dot_tools lacks dot_role/cell_id; no schema patch (DOT-Q06, REG-REUSE-004; framework §19/§6.3). Checker/verdict-only not executable live (D9; spec rev11 not written = F4). Candidate packet binding depends on STG-015 packet_hash. Temp-store live substrate depends on HOLD-1. Cell context depends on CONS-003/CELL-*. Rollback/delete-fast depends on STG-012 cleanup scheduler. Runtime/checkout sync not proven (CONS-005 caveat). No Module Contract First; keep IO thin.
Q3 — Cái gì thật sự phải làm thêm (chỉ khi reuse không đủ)? (add-later — future Owner-gated) ✅ Yes Chỉ future Owner-gated, NO by default: F3 report (this doc, gate passed); IO example/template library only after reuse-insufficiency proof (never Module Contract First); formula wrapper only after source proof (no engine/registry); assembly wrapper only after proof (no machine-per-layer); DOT wrapper/mapping only after proof (no full DOT registry / DOT-CAP system); checker/scanner integration later (F4/F5, not F3); schema/materialization (dot_role/cell_id) only after proof + Owner gate; no runtime DOT registration/build by default; no canonical birth/promote (F4). Mỗi "add-new" phải chứng minh đủ 5 điều kiện no-new (catalog §2c).

3. F3 asset classification table (consolidated — required format)

Mọi dòng dưới là ứng viên documentary (framework §6c D6/D7 = DOCUMENTARY_ONLY / GAP). Reuse verdict = mang sang F4 như giả thuyết tài liệu, không = live-proven.

Asset Currency Classification Reason
IO Contract 5-field (nhận·trả·schema_min·fail·rollback) DOCUMENTARY_ONLY (de-bai §III.6/§VI.3; framework §6b r1 / D6; catalog REUSE-015) Q1 (boundary concept) → Q2 (examples GAP) brick-to-brick contract; không Module Contract First; slice examples "chưa biết" (D6); CONS-002 (which source wins) BLOCKER.
Formula concept GAP / DOCUMENTARY_ONLY (de-bai §II.1/§III.7/§VI.5; framework D6; catalog FORMULA-001/003/006 ANSWERED) Q1 (documentary pattern) / Q2 (per-layer GAP) / Q3 (wrapper only after proof) "công thức/khuôn"; no registry/engine/0 DOT assemble; formula.v0.1 deferred (FORMULA-007); cut-as-formula = FORMULA-017 TODO.
Assembly Machine concept DOCUMENTARY_ONLY / GAP (de-bai §II.1; framework D7) Q1 (documentary pattern) / Q2 (not implemented) / Q3 (wrapper only after proof) "máy lắp/khung chạy"; "machine per layer chưa designed"; DOT_FORMULA_ASSEMBLE deferred.
DOT / wrapper concept DOCUMENTARY_ONLY (de-bai §IV.3/§V.5; framework D7) Q1 (wrapper concept) → Q2/Q3 (no registration/run) DOT = narrow info-completion machine (PEN/STAMP/GATE); reuse via wrapper; no DOT-per-layer / DOT-capability system.
DOT coverage matrix / dot_tools candidate DOCUMENTARY_ONLY (framework D7 / §4; catalog Bảng 14, DOT-Q06) Q2 (needs dot_role/cell_id; no schema patch) dot_tools ~309 rows (Đ35 paired-DOT), reported no dot_role/cell_id; "DOT Coverage Matrix later"; DOT-CAP-001/004/006/010 BLOCKER.
fn_iu_cut_from_manifest documentary (~70% reusable; framework D4; catalog REUSE-004) Q1 doc-candidate (wrapper) → Q2 (formula label) reuse via wrapper; may be relabeled formula.v0.1 (FORMULA-REUSE-001); FORMULA-017 undefined.
fn_iu_staging_create / fn_iu_staging_cleanup documentary (STG-010/011 old survey) Q2 (documentary support) create binds content_hash; cleanup 3-pass + dry-run; scheduler unproven (STG-012). Support for rollback/delete-fast, not primary F3 asset.
Candidate packet (view/projection) documentary (de-bai §V.13; catalog STG-REUSE-002) Q1 (view logic) / Q3 (NO new store) packet = view/binding on existing metadata (candidate_id+packet_hash), verdict-only checker; new store = BLOCKER-if-proposed (STG-REUSE-003); binding depends STG-015.
Smart Brick shape (inherited F2) DOCUMENTARY_ONLY (framework D4; de-bai §VI.1/§VI.2) Q1 (inherited shape hypothesis) minimal brick = input·output·IO·DOT·rollback·promote; cell pending; not implemented.
TEMP_ID / candidate_id (inherited F1/F2) documentary (concept; in-scope root) Q1 (inherited) → Q2 (live home HOLD-1) identity the brick stands on; live home = iu_staging_* = HOLD-1; no canonical birth.
cell_id pending context (inherited F1/F2) DOCUMENTARY_ONLY (concept; CONS-003 unresolved) Q2 (dimensions) / Q3 (materialize) tầng×loài×kho×miền; CONS-003 + CELL-003/004/007 unresolved; materialization = Owner-gated schema.
Stamp path (IO_STAMP/VALIDATION_STAMP/ROLLBACK_STAMP; BIRTH/PROMOTE) DOCUMENTARY_ONLY (framework D8; de-bai §V.3/§V.5) Not F3 deep (documentary boundary) → F4 pre-promote stamps relevant to IO/validation/rollback; post-promote = F4; carried as boundary, not implemented.
Checker / verdict-only boundary (DOT-006) DOCUMENTARY_ONLY (framework D9/§6.4; promote-checker-v0.1-spec rev11) Not F3 (F4 owns it) — documentary boundary verdict-only; spec read, chưa viết/selftest; L5 BLOCKER; Atomic Promote = HOLD-2.
Rollback / fail / delete-fast path DOCUMENTARY (de-bai §VI.4/§V.7; framework §6.2) Q1 (boundary) → Q2 (depends STG-012) ROLLBACK_STAMP; "sai thì xóa"; TTL; cleanup scheduler unproven (STG-012); RISK-GC.
F0/F1/F2 baseline + decisions current-pass for F2/F3 bundle where read; carried-pinned for F0/F1/constitution/OR lineage Q1 (accepted reuse-now) authority/evidence basis; CONS-004 precedence; CONS-005 KB-only; F1 birth + F2 Smart Brick boundaries. Covers KB, not runtime.
Carried blockers (CONS-003, CELL-003/004/007, CONS-002, HOLD-1/2, STG-012/015, STG-REUSE-001/003, RISK-GC/CAP/BYPASS, DOT-CAP) current-pass for F2/F3 bundle where read; carried-pinned for F0/F1/constitution/OR lineage (CONFLICT/BLOCKER/PARTIAL) Carried gating obligations (Q2-gating) block IO-source / formula / cell placement / DOT trust / packet binding / temp-store / canonical birth; Owner-/Phase-1-only; not resolved here.

4. IO Contract 5-field analysis

  • What it is (read-only): the IO Contract is the minimal in/out contract between assembly cells/bricks — exactly 5 fields: nhận (inputs) · trả (returns/outputs) · schema_min (minimal schema) · fail (how failure is returned) · rollback (how to undo/delete) (de-bai §III.6, §VI.3; framework §6b row 1 / §6c D6; catalog REUSE-015, IO-REUSE-002). It is the contract the Lego Protocol requires for 100% of inter-brick communication (de-bai §VI.3: "các ô/miếng không giao tiếp bằng hiểu ngầm").
  • Thin — NOT Module Contract First (boundary held): DOT-check and evidence/stamp are the execution/verification layer that travels with the IO Contract, not stuffed inside it if that makes it bloat (de-bai §III.6; framework §6b r1 Forbidden: "Biến IO Contract thành Module Contract First / registry system"; catalog IO-REUSE-003). Module Contract First / Federated Registry is reference-only for canonical/high-risk (de-bai §V.16).
  • Documentary status: DOCUMENTARY_ONLY (framework §6b row 1; D6). The reuse substrate is the dot_agent_api_contract pattern + tests/contracts/* (Đ30/31) + a single io_contract.v0.1 record concept (framework §5) — none implemented for a selected slice.
  • GAP — examples "chưa biết": real IO examples/templates for a selected slice are not yet identified (framework §6c D6 "selected-slice examples chưa biết" + Known-GAP table; §18 ca 14 REJECT "IO Contract đã đủ rõ để implement"). Catalog: IO-004/005 proved there is no contract for KB objects or candidate/staging today (ANSWERED = KHÔNG); IO-001 inventory is UNKNOWN (web-test file, not DB-queried).
  • Carried conflict: CONS-002 — whether IO Contract v0.1 stays 5 field or includes DOT/evidence/owner, and which source wins — is a BLOCKER (catalog CONS-002). F3 keeps it at 5 field and carries the conflict.
  • F3 action taken: recorded the 5-field boundary as a documentary brick-to-brick contract for F4, with examples flagged GAP and CONS-002 carried. No IO library, no module contract, no implementation, no slice selection.

5. Formula analysis

  • What it is (read-only): a formula / khuôn / quy trình describes how to assemble one object from the direct inputs of its layer (de-bai §II.1: "công thức / khuôn / quy trình"; §III.7 DOT công thức; §VI.5 "scale bằng công thức, không bằng macro" — a layer's formula uses only that layer's direct materials, no jumping layers, no implicit coupling). It is the "công thức" cell of the matrix overlay Công thức + DOT + Governance state + IO Contract (de-bai §II.2).
  • Documentary status: GAP / DOCUMENTARY_ONLY (framework §6c D6: "formula = GAP/DOCUMENTARY_ONLY"; §6b: formula mapped only as a concern/reuse path around existing DOT, no per-layer formula design; §18 ca 15 REJECT "existing formula per layer đã biết"). Catalog confirms the live state: no formula registry, no formula engine, 0 DOT assemble (FORMULA-001/003/006 ANSWERED Mức 3 = "KHÔNG").
  • formula.v0.1 deferred, not implemented: FORMULA-007 (whether v0.1 needs a formula registry) = DEFER ("KHÔNG bắt buộc; cut pipeline"); DOT_FORMULA_ASSEMBLE = deferred (Bảng 14). FORMULA-REUSE-002 ("need a formula registry at v0.1?") is BLOCKER-if-proposed; default NO.
  • Reuse candidate (documentary): fn_iu_cut_from_manifest (~70% reusable, framework D4) may be relabeled as formula.v0.1 (the cut-pipeline as a minimal formula) per FORMULA-REUSE-001 / FORMULA-017 — but whether it must be labeled a formula is TODO ("cut hiện không gắn nhãn formula"). F3 records this as a hypothesis only.
  • Forbidden held (framework D6): F3 does not create a formula registry, not design any per-layer formula, not run a formula. Status recorded exactly: GAP / DOCUMENTARY_ONLY.
  • F3 action taken: recorded the formula concept as a documentary pattern + the cut-as-formula reuse hypothesis + the per-layer GAP as carried obligations for a future selected-slice survey. No registry, no engine, no design, no execution.

6. Assembly Machine / DOT analysis

  • Assembly Machine (read-only): the máy lắp / khung chạy is the tool that executes a formula, checks, and promotes or rolls back a brick (de-bai §II.1). Framework position: DOCUMENTARY_ONLY / GAP — "Machine per layer chưa designed"; the framework places DOT/checker/scanner as future machines, not a per-layer assembly machine (framework §6c D7; §6b row 4; §18 ca 17 REJECT "mỗi layer đã có assembly machine sẵn"). Catalog: FORMULA-006 = "0 DOT assemble"; Nhóm J is titled "DOT / Máy lắp ráp" but contains no implemented machine.
  • DOT / wrapper (read-only): a DOT is a narrow machine/agent that adds or verifies one piece of governance information (de-bai §IV.3 examples: DOT_CELL_MAP, DOT_IO_CHECK, DOT_VALIDATE, DOT_ROLLBACK_PROOF, DOT_RELATION_MAP, DOT_PROMOTE_CHECKER; §V.5 "DOT đóng dấu từng phần"). Each DOT declares minimally: what info it adds/verifies · input · output/stamp · mutate? · fail block-or-report? (de-bai §IV.3). Framework D7: DOT is only a possible machine/check/wrapper; reuse via generic DOT + config + wrapper around existing DOT (framework §5; catalog REUSE-013, DOT-REUSE-001/002).
  • dot_tools candidate (documentary, wrapper-only): dot_tools ~309 rows (Đ35 v5.2 paired-DOT) is DOCUMENTARY_ONLY and reportedly lacks dot_role and cell_id columns (framework §4 / D7; catalog DOT-Q06 ANSWERED Mức 3, REG-REUSE-004 "thiếu dot_role + cell_id", REG-006/009). Attaching them is a read-only feasibility hypothesis, Owner-gated detailed design, out of scope (framework §6.3 / §19 schema-change STOP). The One-Roof scanner dot_governance_coverage_scan… does not exist (framework §4 addendum).
  • DOT coverage matrix = GAP: there is no complete DOT coverage matrix — only a provisional "Bảng 14 DOT (reference)" + DOT-Q01..Q12 (PARTIAL) (framework D7 "DOT Coverage Matrix later"; §18 ca 18 REJECT "dot_tools list đã đủ"). DOT capability is gated: DOT-CAP-001 (capability contract), DOT-CAP-004 (no-mutation flag), DOT-CAP-006 (≥8 bad-input tests, any_fail_open=false), DOT-CAP-010 (read-vs-mutate classification) are all BLOCKER.
  • Forbidden held (framework D7): F3 does not design a per-layer assembly machine, not build a DOT-per-layer / machine-per-layer / DOT-capability system, not create a full DOT registry, not register or run any DOT, not add dot_role/cell_id to dot_tools.
  • F3 action taken: recorded the assembly-machine and DOT/wrapper concepts as documentary patterns, dot_tools as a documentary wrapper-only registration candidate, and the DOT coverage matrix + DOT-CAP BLOCKERs as carried obligations. No machine, no DOT registration/run, no schema patch, no live proof claimed.

7. Candidate packet / TEMP_ID / cell context handling

  • Candidate packet = view, not a store: the candidate packet is view/binding logic on existing staging metadata/payload (candidate_id + packet_hash), read by a verdict-only checker — it does not generate birth or write canonical (de-bai §V.13; catalog STG-REUSE-002). Creating a packet store/registry is BLOCKER-if-proposed (STG-REUSE-003) and forbidden by default. Its tamper-binding depends on STG-015 (packet_hash coverage — whether it covers cell_id + stamps) which is a BLOCKER.
  • TEMP_ID / candidate_id inherited (held): the brick's operating identity is the minimal identity root confirmed at F1 and carried at F2 (TEMP_ID_STAMP / candidate_id / workspace_id; de-bai §V.10). F3 reuses it as the identity the IO Contract / formula / DOT operate on. Its live home is iu_staging_* = HOLD-1 (unproven). No canonical birth, no BIRTH_STAMP (de-bai §V.10; framework D10 = F4).
  • cell_id pending (carried, not solved): the brick's minimal shape lists cell_id hoặc pending cell_id (de-bai §VI.2). F3 keeps it pendingCELL_STAMP cannot be closed while CONS-003 (6-vs-7 tầng) — CONFLICT/BLOCKER and CELL-003 (layer source) / CELL-004 (species source, CONFLICT) / CELL-007 (6-tầng catalog) — BLOCKER are unresolved (catalog; constitution rev44 Đ0-B/Đ29). dot_role/cell_id on dot_tools and any cell_id materialization on the brick are schema changes (framework §19 STOP), not done.
  • F3 action taken: recorded the candidate-packet-as-view binding (with STG-015 carried), the inherited identity, and the pending cell context. No new store, no cell_id materialization, no CONS-003/CELL- resolution.*

8. Rollback / fail / delete-fast handling

  • What it is (documentary): every brick must be rollback/delete-ablerollback is one of the 5 IO Contract fields (de-bai §III.6/§VI.3), ROLLBACK_STAMP is a core pre-promote stamp (de-bai §V.3), and the kho-tạm principle is "sai thì xóa" / delete-fast with a TTL or clear cleanup condition (de-bai §VI.4: "Candidate/kho tạm phải có TTL hoặc điều kiện cleanup rõ"; framework §6.2).
  • fail field: the IO Contract specifies how a brick returns failure (fail), and the checker is fail-closed — a missing precondition → PROMOTE_BLOCKED (de-bai §V.7; framework D9). F3 records this as a documentary boundary; the checker is not built (F4).
  • Documentary support functions: fn_iu_staging_cleanup (3-pass + dry-run) is the documentary delete-fast/cleanup candidate, but who calls it is unknownSTG-012 (cleanup scheduler) — TODO/BLOCKER (no pg_cron); and blob_ref orphan/cleanup is RISK-GC (OPEN). So the delete-fast fail-safe is unproven until Phase-1.
  • Forbidden held: F3 does not run a rollback, not create a cleanup scheduler, not query staging. Delete-fast is recorded as a documentary boundary the brick must satisfy, with STG-012 + RISK-GC carried.
  • F3 action taken: recorded the rollback/fail/delete-fast path as a documentary IO/stamp boundary, with STG-012 cleanup scheduler and RISK-GC/RISK-CAP as carried Phase-1 obligations. No execution, no scheduler, no live proof claimed.

9. Evidence currency table — sources · evidence · authority · conflict · runtime · provenance · safety lock

Obligation F3 discharge (current-pass) Status
Sources Each F3 asset pinned to KB source (framework §6c D6/D7 / §6b r1,4 / §5 / §4 / §18 ca 14/15/17/18 / §19; de-bai §II.1/§III.6-7/§IV.3/§V.5,10,13/§VI; catalog Nhóm G FORMULA-, Nhóm H IO-/REUSE-015, Nhóm J DOT-/§12b DOT-CAP-, Nhóm 0 REUSE-004/012, Nhóm R RISK-*, CONS-002/003). Framework rev56 (S3 a2ab3582…889, len 117459), de-bai rev33 (S4 6e921f0a…704, len 29088), catalog rev82 (S5 2da1a82…342, len 145449) read/confirmed this run. PROVEN (KB-rev currency only)
Evidence Per-asset documentary-vs-live label applied; IO = DOCUMENTARY_ONLY (examples GAP); formula = GAP/DOCUMENTARY_ONLY (no registry/engine/0 assemble); assembly = DOCUMENTARY_ONLY/GAP ("chưa designed"); dot_tools ~309 = [GR] documentary (no dot_role/cell_id); "ANSWERED" catalog rows kept documentary; reported-LIVE not promoted. Discharged
Authority Applied F0-decided CONS-004 working precedence: KB = practical authority for laws-new/* docs; enacted constitution/OR higher (constitution rev44 Đ0-B/Đ29; OR rev51 VPS=SSOT, PG/Directus=truth); cross-class overlap = Owner gate. Constitution rev44 and operating-rules (OR) rev51 are carried-pinned authority evidence from prior closed gates, not fresh full-read evidence in the F3 macro unless otherwise stated — authority meaning unchanged: Constitution/OR remain higher authority for enacted principles, VPS remains SSOT runtime, PG/Directus remains truth for machine-enforced data. CONS-002 (IO-source) noted unresolved. No cross-class conflict newly triggered by F3. Carried (CONS-004 decided at F0)
Conflict CONS-003, CELL-003/004/007, CONS-002, HOLD-1, HOLD-2, STG-012, STG-015, STG-REUSE-001/003, RISK-GC, RISK-CAP, RISK-BYPASS, DOT-CAP-001/004/006/010 carried as unresolved obligations (see §10). Carried, not resolved
Runtime Recorded what is NOT proven without Phase-1: live dot_tools columns (dot_role/cell_id); live formula/assembly behavior; staging schema/lifecycle/cleanup; checkout/runtime sync (CONS-005 caveat). No runtime inferred from documentary. Discharged (recorded as gap)
Provenance current-pass (this run KB reads) vs prior-session ("old survey" STG-010/011, IO-004/005 ANSWERED rows kept documentary) distinguished; F0/F1/F2 decision lineage carried (CONS-004/005 decided at F0; F1 birth boundary; F2 Smart Brick boundary). Discharged
Safety lock F3 boundary restated (IO thin / not Module Contract First; formula/assembly/DOT documentary; dot_tools wrapper-only; no cell_id/dot_role materialization; no DOT/formula/assembly execution; no canonical birth); stop points named (packet §8). Discharged

10. Conflict / HOLD log (carried forward)

Item Status Blocks what Carried to
CONS-003 (6 tầng vs 7 composition levels) CONFLICT / BLOCKER (TODO) — constitution rev44 Đ0-B "7 Lớp Cấu tạo (33 species)" / Đ29 "33 species, 7 dimensions" vs drafts cell placement; cell_id dimension resolution; CELL_STAMP Owner decision — NOT resolved at F3
CELL-003 (layer source) PARTIAL / BLOCKER cell_id "Tầng" dimension Owner + Phase-1 verify
CELL-004 (species source) CONFLICT / BLOCKER cell_id "Loài" dimension (2 namespaces) Owner + Phase-1 verify
CELL-007 (chuẩn 6-tầng) PARTIAL / BLOCKER cell_id tier catalog (composition_level chưa enacted) Owner (tied to CONS-003)
CONS-002 (IO Contract 5-field vs DOT/evidence/owner) TODO / BLOCKER which source wins for IO Contract v0.1 fields Owner decision — keep 5 field meanwhile
DOT-CAP-001 / 004 / 006 / 010 BLOCKER (PARTIAL/TODO) DOT capability contract; no-mutation flag; ≥8 bad-input tests; read-vs-mutate classification Owner/spec decision + Phase-1 (before any DOT trusted)
HOLD-1 (iu_staging_record/iu_staging_payload) UNKNOWN→likely-LIVE / CONFLICT ("HOLD FOR SYSTEM CHECK") live home for brick/packet/IO/DOT output; TEMP_ID live home Phase-1 read-only survey (separate Owner gate)
HOLD-2 (atomic promote) BLOCKED (no real transaction) canonical birth / promote write F4
STG-012 (cleanup scheduler) TODO / BLOCKER trusting TTL/delete-fast; who calls fn_iu_staging_cleanup Phase-1 verify
STG-015 (packet_hash coverage) PARTIAL / BLOCKER candidate-packet tamper-binding (cell_id+stamps?) Owner/spec decision + Phase-1
STG-REUSE-001 (shared-store sufficiency) TODO / BLOCKER iu_staging_* as shared kho tạm for all tiers v0.1 Phase-1 verify
STG-REUSE-003 (no new packet store) BLOCKER-if-proposed any new packet store/registry default NO (de-bai §V.13)
RISK-GC (blob_ref orphan/cleanup) OPEN (TODO/REQUIRED) trusting payload blob lifecycle + delete-fast Phase-1 verify
RISK-CAP (CASCADE / 10 MiB cap) OPEN (TODO/REQUIRED) trusting payload under load Phase-1 verify
RISK-BYPASS (fn_birth_gate warning + kill-switch) OPEN (inherited F1) trusting the gate at promote Phase-1 + pilot gate (controlled+audited)
CONS-004 (authority order) DECIDED at F0 — applied, not re-opened reused as authority basis
CONS-005 (freeze baseline) DECIDED at F0 (accepted, KB-only) — reused — (caveat: no runtime/checkout sync proof) carried caveat

11. Adversarial check result (packet §9 — fail-closed)

# Bad assumption Rejected? Basis in this run
1 "The IO Contract is fully specified, so implement it." ✅ Rejected framework §18 ca 14 → DOCUMENTARY_ONLY; only 5-field boundary documentary; examples GAP; §4
2 "IO Contract should become Module Contract First / a contract registry." ✅ Rejected framework §6b r1 Forbidden; de-bai §III.6/§VI.3; catalog IO-REUSE-002/003 (keep 5 field)
3 "Formula per layer is already known/implemented." ✅ Rejected framework §18 ca 15 → GAP; FORMULA-001/003/006 = no registry/engine/0 assemble; §5
4 "Build a formula registry / formula engine at v0.1." ✅ Rejected FORMULA-REUSE-002 BLOCKER-if-propose; framework D6 Forbidden; §5
5 "Each layer already has an assembly machine ready." ✅ Rejected framework §18 ca 17 → DOCUMENTARY_ONLY/GAP; "machine per layer chưa designed"; §6
6 "dot_tools already proves DOT registration/stamp/scan coverage." ✅ Rejected framework §18 ca 18 → DOCUMENTARY_ONLY/GAP; DOT Coverage Matrix later; §6
7 "Add dot_role / cell_id to dot_tools now." ✅ Rejected framework §19 schema-change STOP; §6.3; Owner-gated detailed design; §6
8 "Register a DOT / run a DOT / run the formula / build the machine." ✅ Rejected no DOT registration/run, no formula run, no assembly build at F3; §5/§6
9 "Write the promote checker / verdict here." ✅ Rejected D9 = F4; promote-checker-v0.1-spec not written/selftested; verdict-only boundary documentary; §7
10 "cell_id is solved, place the brick and stamp CELL_STAMP." ✅ Rejected CONS-003 + CELL-003/004/007 BLOCKER; cell pending only; §7
11 "Documentary row counts / 'ANSWERED' catalog rows prove live." ✅ Rejected documentary ≠ live; framework §4; §18 ca 13; §3/§9
12 "The candidate packet needs a new store/ledger." ✅ Rejected STG-REUSE-002/003; de-bai §V.13 (packet = view); §7
13 "Reading dot_tools / iu_staging_* schema live is fine because it's read-only." ✅ Rejected Phase-1 separately Owner-gated; no DB/runtime touched; §1
14 "Write canonical birth / BIRTH_STAMP once the brick assembles." ✅ Rejected canonical birth = F4 output at promote; de-bai §V.10; §7

Conclusion: no bad assumption led to a PASS-to-act or a forbidden action → F3 execution is not fail-open.

12. Non-authorization confirmation + self-check

Non-authorization confirmation:

  • F3 read-only execution only: yes — this run executed the read-only F3 survey and nothing more.
  • no Phase-1: yes — no substrate survey; iu_staging_* / dot_tools untouched.
  • no DB/runtime: yes — no live DB / Postgres / Directus / runtime / production read or write.
  • no formula execution / DOT execution / DOT registration: yes — concept/documentary only.
  • no assembly machine implementation: yes — "machine per layer chưa designed" recorded; nothing built.
  • no checker / scanner: yes — D9 checker (DOT-006) = F4; scanner = F5; neither created.
  • no cell_id / dot_role materialization: yes — pending-coordinate / wrapper-only hypothesis; no column/metadata.
  • no schema / table / registry / store / source-manifest: yes — nothing created or altered; no formula registry, no DOT registry, no contract registry, no packet store.
  • no IO library / Module Contract First: yes — IO Contract kept thin (5 field).
  • no canonical birth: yes — not written; remains F4 output at promote (D10).
  • no BIRTH_STAMP / TEMP_ID_STAMP write: yes — concept only.
  • no implementation: yes — no code / migration / DDL / DML / DOT / checker / scanner / formula / pilot.
  • no CONS-003 / CELL-003/004/007 / CONS-002 resolution: yes — carried as BLOCKERs; CONS-004/005 only reused as F0-decided.
  • Documentary ≠ live proof · Prior-session ≠ current proof · Reuse-now ≠ live-proven · Engineering PASS ≠ Authority PASS.

Self-check:

  1. Answered the 3 Owner questions at the control surface: yes (§2).
  2. Kept F3 to IO Contract + Formula + Assembly Machine / DOT (D6 + D7): yes (§4, §5, §6).
  3. Avoided Phase-1 / DB / runtime: yes (§1).
  4. Avoided formula execution / DOT execution / assembly implementation: yes (§5, §6).
  5. Kept IO Contract thin; avoided Module Contract First: yes (§4).
  6. Kept dot_tools documentary / wrapper-only: yes (§6).
  7. Avoided cell_id / dot_role materialization: yes (§6, §7).
  8. Carried CONS-003 / CELL-* / CONS-002 blockers honestly: yes (§7, §10).
  9. Avoided new checker / scanner / DOT registration: yes (§6, §12).
  10. Avoided canonical birth / BIRTH_STAMP: yes (§7; F4 deferred).
  11. Distinguished documentary vs live proof: yes (§3, §9).
  12. Kept Owner/GPT as the only phase authority; Codex = control verdict only: yes.

Engineering PASS (report self-verifying complete & honest): achieved, with the explicitly-flagged PARTIAL condition (all candidates documentary-only/GAP; conflicts/risks carried). Authority PASS (permission to move to F4 / Phase-1 / detailed design): NOT granted — Owner-only.

13. F4 handoff / next-gate recommendation

  1. This F3 execution report → GPT/Owner, alongside the F2 decision record and the F3 packet. Owner reviews the Q1/Q2/Q3 classification (§2/§3), the IO Contract analysis (§4), the Formula analysis (§5), the Assembly Machine / DOT analysis (§6), the candidate packet / TEMP_ID / cell handling (§7), the rollback/delete-fast handling (§8), and the carried conflict/HOLD log (§10).
  2. Codex checkpoint (recommended). Owner may route the F2 decision + F3 packet + F3 report together to Codex for an independent control review (same 3-question Owner structure; deep layer = sources / evidence / authority / conflict / runtime / provenance / safety-lock).
  3. Owner decisions that F3 surfaces but does not make: resolve CONS-003 (6-vs-7 tầng), CELL-003/004/007, and CONS-002 (IO Contract field source); authorize (or not) a scoped read-only Phase-1 substrate survey for HOLD-1 (iu_staging_*) and for dot_tools (dot_role/cell_id presence) + STG-012 cleanup scheduler + STG-015 packet_hash + STG-REUSE-001 shared-store sufficiency + RISK-GC/RISK-CAP + DOT-CAP-001/004/006/010.
  4. F4 handoff. F4 (§6c) = Stamp Lifecycle + Checker / Promote / Rollback (= D8 + D9 + the canonical-output of D10; canonical birth + BIRTH_STAMP close at promote). F3 hands F4: the IO Contract 5-field boundary as the brick-to-brick contract the checker/stamp lifecycle reads — without Module Contract First; the Formula and Assembly Machine / DOT documentary patterns (none implemented, all DOCUMENTARY_ONLY/GAP; dot_tools wrapper-only); the candidate-packet-as-view binding (candidate_id + packet_hash) the verdict-only checker (DOT-006) will read, with STG-015 pinned as an open obligation; the stamp path (pre-promote IO_STAMP/VALIDATION_STAMP/ROLLBACK_STAMP; post-promote BIRTH_STAMP/PROMOTE_STAMP) and the checker / verdict-only / Atomic Promote Contract boundary as the F4 subject (HOLD-2); and the carried conflicts (CONS-003, CELL-003/004/007, CONS-002) + risks (HOLD-1, STG-012/015, STG-REUSE-001/003, RISK-GC/CAP/BYPASS, DOT-CAP) as obligations F4 must respect, not inherit as solved. F4 preparation must again preserve the 3 reuse-first Owner questions and remain non-authorizing until its own GPT → Codex → Owner gate.
  5. Nothing downstream is authorized by F3. Default HOLD for everything touching canonical / production / runtime / schema / cell_id-dot_role materialization / DOT registration / formula execution / assembly build / new store. A clean F3 (or a Codex PASS on it) confirms classification quality only — it does not open F4, Phase-1, or any design/implementation. Only Owner opens phases.

F3 — IO Contract + Formula + Assembly Machine / DOT — Read-only Execution Report | 2026-06-16 | STATUS: PARTIAL (honest; all candidates documentary-only/GAP; CONS-003 / CELL-003/004/007 / CONS-002 / HOLD-1 / HOLD-2 / STG-012 / STG-015 / STG-REUSE-001/003 / RISK-GC/CAP/BYPASS / DOT-CAP carried). READ-ONLY, NON-AUTHORIZING. F3 = D6 + D7. IO Contract thin (5 field, not Module Contract First). Formula / Assembly Machine / DOT = documentary only (no registry/engine/machine; no execution). dot_tools wrapper-only (no dot_role/cell_id patch). cell_id pending. Canonical birth = F4. Documentary ≠ live proof. Engineering PASS ≠ Authority PASS.