F0→F5 / FX Cross-F Evidence & Readiness Matrix (read-only, non-authorizing) — 2026-06-16
F0→F5 / FX Cross-F Evidence & Readiness Matrix (read-only, non-authorizing) — 2026-06-16
Ngày: 2026-06-16 · Soạn: Claude Code CLI (read-only AgentData KB) · Track: knowledge/dev/laws-new/
Purpose: summarize the F0→F5 / FX evidence & readiness state on one surface — non-authorizing, not technical design. It restates what the per-layer execution reports and decision records already established; it resolves nothing and designs nothing.
Basis: F0/F1/F2/F3/F4 owner decision records (rev1) + F0/F1/F2/F3/F4/F5 read-only execution reports + technical-slice-framework.md rev56 (§6c D1–D12 + §19 STOP) + de-bai-cai-tien.md rev33 + cau-hoi-khi-tai-cau-truc.md rev82 + addendum rev14 / required-stamps rev6 / checker-spec rev11 + constitution v4.6.3 + OR v7.58 (CONS-004/005 decided at F0).
STATUS: CROSS-F MATRIX — NON-AUTHORIZING. Read-only. No Phase-1, no live DB/runtime/production, no schema/registry, no scanner/checker/promote build or run, no canonical birth, no conflict resolution, no technical design, no implementation prompt. Documentary ≠ live proof · Engineering PASS ≠ Authority PASS · Codex PASS ≠ Owner phase-authorization.
1. Owner View — one page, 3 câu hỏi
Q1 — Cái gì đang có và dùng lại được? A complete documentary spine for the Matrix-Assembly / Stamp-Governance refactor exists and is internally consistent across F0→F5: the authority/evidence order (F0), the birth/identity + registry/cell concept (F1), the Information-Unit / Smart-Brick + temp-store concept (F2), the thin 5-field IO Contract + Formula/Assembly/DOT documentary map (F3), the stamp lifecycle vocabulary + verdict-only checker + Atomic-Promote-Contract + canonical-at-promote boundary (F4), and the list-only scanner / observability / runtime-safety survey (F5). All of it is reusable as a paper contract and as a reuse-first map onto existing substrate — none of it is a built or running system.
Q2 — Cái gì đang có nhưng cần sửa/kiểm chứng mới dùng lại được?
The substrate the spine maps onto is documentary, not live-proven: birth_registry / fn_birth_*, dot_tools, iu_staging_*, system_issues, event_outbox. The load-bearing mechanisms are not built or are HOLD: the checker (DRAFT, "No checker, no lane"), the atomic promote (HOLD-2/BLOCKED), the pre-promote staging home (HOLD-1), the required-stamps KB→runtime delivery (UNKNOWN), and the scanner/heartbeat (DOCUMENTARY_ONLY). Several conflicts block identity itself: CONS-002 (IO source), CONS-003 (6-vs-7 tầng), CELL-003/004/007 (cell_id dimensions). And the operational-risk surface (Nhóm R: RISK-AP/IDX/STL/GC/CELL/RUN/BYPASS/CRASH/CAP/TIME, plus STG-012/015, DOT-CAP) is all open survey/design gates.
Q3 — Cái gì thật sự phải làm thêm? After Owner decisions on the conflicts and a Phase-1 read-only substrate/runtime survey, the genuine build work is: the promote checker, the atomic-promote transaction + rehearsal, KB→runtime stamp delivery, and (only if needed) a list-only scanner / minimal heartbeat. All are future, Owner-gated, default-NO, and none is designed here. Before any technical design, a dedicated FX / Governance One Roof survey remains pending: the Cross-F Matrix only flags FX readiness (the FX row in §2) — it does not complete or replace the dedicated FX Program Macro, which must be separately authorized by Owner/GPT.
2. F0→F5 / FX status table
| Layer | Domains (§6c) | Decision gate | Execution report | Net state |
|---|---|---|---|---|
| F0 | D1 Source / Authority / Evidence | CLOSED (rev1) — CONS-004 + CONS-005 + OBL-R2 decided | PARTIAL (rev1) | Authority order + 12-source freeze baseline pinned (KB-only); no runtime/checkout sync proof |
| F1 | D3 Registries / Matrix Cell + D10 Birth/Identity (root) | CLOSED (rev1) | PARTIAL (rev1) | TEMP_ID only; BIRTH_STAMP/canonical = F4; gov-in-P0 rejected; cell_id blocked by CONS-003/CELL-* |
| F2 | D4 Information Unit / Smart Brick + D5 Temp Store / Candidate | CLOSED (rev1) | PARTIAL (rev1) | brick=subject / temp-store=place; candidate packet = view; no new store; iu_staging_* documentary HOLD-1 |
| F3 | D6 IO Contract / Formula + D7 Assembly / DOT | CLOSED (rev1) | PARTIAL (rev6) | IO Contract thin 5-field (NOT Module-Contract-First); Formula/Assembly/DOT documentary GAP; CONS-002 elevated; DOT-CAP open |
| F4 | D8 Stamp Lifecycle + D9 Checker/Promote/Rollback + D10 canonical-output | CLOSED (rev1, this macro) | PARTIAL (rev1) | stamp vocab documentary; checker DRAFT verdict-only; atomic promote HOLD-2; canonical birth output-at-promote; runtime delivery UNKNOWN |
| F5 | D11 Scanner/Observability/Heartbeat + D12 Runtime/Config/Operational Safety | (open — Codex/Owner review pending) | PARTIAL (rev1, this macro) | scanner list-only & not implemented; runtime/config delivery UNKNOWN; observes F4 lanes as documentary/HOLD-2; Nhóm R all open |
| FX | D2 Governance One Roof / Owner / Authority Gates | (cross-cutting; not a sequential gate / not F6) | — (dedicated FX macro pending) | governance = info/state/relationship under one roof, NOT a monster system (no registry / scanner auto-fix / second birth system); Owner/authority/Mức-3/production locks; PASS ≠ Owner authorization. FX is cross-cutting, not F6; dedicated FX / Governance One Roof Program Macro remains pending before technical design. The Cross-F Matrix does not complete or replace it; the dedicated FX survey must use the same 3 Owner questions and the same deep evidence layer. |
Invariants holding across all layers: canonical birth + BIRTH_STAMP are always the output at the promote boundary (F4), never earlier; HOLD-2 is always the reason canonical birth stays at F4; every gate is read-only / non-authorizing and unlocks only the next survey macro — nothing operational.
3. Reuse-now candidates across all F (Q1 — documentary, NOT live-proven)
| From | Reuse-now candidate | Pin |
|---|---|---|
| F0 | Authority order: KB practical-authority for laws-new/*; constitution/OR higher for enacted; VPS=SSOT; PG/Directus=truth; cross-class = Owner gate |
CONS-004 (decided) |
| F0 | 12-source freeze-candidate baseline (rev/len/sha256 pinned, KB-only) | CONS-005 (decided) |
| F1 | TEMP_ID / candidate identity concept; cell_id as read-only attribute hypothesis |
F1 report |
| F2 | Information Unit / Smart Brick (subject) + Temp Store / Candidate (place); candidate packet = view (candidate_id+packet_hash) |
F2 report; de-bai §VI Lego |
| F3 | Thin 5-field IO Contract (nhận·trả·schema_min·fail·rollback); Formula/Assembly/DOT documentary map; dot_tools wrapper inventory |
F3 report |
| F4 | Stamp lifecycle vocabulary (7 core + 2 high-risk; pre/post-promote; precondition ≠ output); verdict-only checker spec; Atomic-Promote-Contract shape; PROMOTE_BLOCKED = verdict/state |
F4 report §4–§6 |
| F5 | Scanner "chỉ liệt kê" concept; missing-stamp/orphan/candidate scan; minimal heartbeat/freshness; observability via system_issues/event_outbox; assemble-existing (Đ23, idx_birth_uncertified) |
F5 report §4–§5 |
| All | F0→F4 accepted lineage as authority/observability evidence | decision records |
4. Repair / verify blockers across all F (Q2)
| Blocker | First seen | Status | Blocks | Owner of resolution |
|---|---|---|---|---|
| CONS-002 (IO source wins) | F3 | TODO / BLOCKER | IO_STAMP; IO observability |
Owner decision |
| CONS-003 (6 vs 7 tầng) | F0/F1 | CONFLICT / BLOCKER | cell placement, cell_id, CELL_STAMP |
Owner decision |
| CELL-003 / 004 / 007 (cell_id dims) | F1 | PARTIAL/CONFLICT / BLOCKER | cell_id materialization, CELL_STAMP |
Owner + Phase-1 |
HOLD-1 (iu_staging_* live home) |
F1 | UNKNOWN→likely-LIVE | pre-promote store; staging observability | Phase-1 (separate Owner gate) |
| HOLD-2 (atomic promote) | F1 | BLOCKED | canonical birth / promote lane | F4 implementation (Owner lifts) |
| STG-012 (cleanup scheduler / SCAN-007) | F2 | TODO / BLOCKER | delete-fast, scanner scheduling | Phase-1 |
STG-015 (packet_hash coverage) |
F2 | PARTIAL / BLOCKER | candidate-packet tamper binding | Owner/spec + Phase-1 |
| STG-REUSE-001 / 003 | F2 | TODO / BLOCKER-if-proposed | shared kho tạm sufficiency / no new store | Phase-1 / default-NO |
| DOT-CAP-001/004/006/010 | F3 | BLOCKER | trusting DOT validation/observability | Owner/spec + Phase-1 |
required-stamps runtime delivery |
F4 | UNKNOWN | trusting stamps delivered/enforced | Phase-1 (D12) |
| Checker implementation | F4 | DOCUMENTARY_ONLY (DRAFT) | declaring a promote lane exists | F4 impl (design + Owner gate) |
| RISK-GC / RISK-CAP | F2 | OPEN | orphan / blob_ref / payload / retention |
Phase-1 |
| RISK-BYPASS (R7) | F1 | OPEN / BLOCKER | birth gate + role/write-permission | Phase-1 + controlled+audited pilot |
| RISK-RUN (R6) | F5 surface | BLOCKER/REQUIRED | runtime liveness; config-load fail-closed | Phase-1 |
| RISK-STL (R3) | F5 surface | BLOCKER/REQUIRED | stale verdict / config drift | Phase-1 / spec |
| RISK-IDX (R2) | F5 surface | BLOCKER | full-scan / JSONB index risk | Phase-1 (EXPLAIN) |
| RISK-AP (R1) | F5 surface | BLOCKER | atomic-promote lock/transaction (HOLD-2) | F4 implementation |
| RISK-CRASH (R8) | F5 surface | BLOCKER | crash/retry/double-promote/partial state | Phase-1 / spec |
| RISK-TIME (R9) | F5 surface | BLOCKER | TTL/clock source/skew → freshness | Phase-1 / spec |
| Runtime / checkout sync | F0 | NOT PROVEN (CONS-005 caveat) | trusting baseline reflects runtime | Phase-1 |
(The Nhóm R RISK-* families are catalogued at F5 as the operational-safety surface; several were inherited earlier — RISK-BYPASS from F1, RISK-GC/CAP from F2.)
5. Add-later-only-if-needed items across all F (Q3 — default-NO)
| Item | Condition to add |
|---|---|
| Promote checker (built, fail-closed, selftested) | design + Owner gate; "No checker, no lane" |
| Atomic-promote transaction + rehearsal (lift HOLD-2) | Owner evidence decision; FIX7-style rehearsal first |
KB→runtime required-stamps delivery mechanism |
Phase-1 + Owner gate |
cell_id / dot_role / stamp columns / new store |
reuse-insufficiency proof + Owner-gated detailed design (new mandatory stamp = Mức 3) |
| List-only scanner / missing-stamp / orphan scanner (built) | Owner gate; assemble-existing insufficient; no auto-fix |
| Live heartbeat / runtime monitor | Owner gate; Phase-1 first |
| Dashboard / reporting UI | Owner gate |
Canonical birth write / BIRTH_STAMP / PROMOTE_STAMP (live) |
future implementation only, at promote |
| Any DOT registration / formula run / assembly machine | Owner gate; default-NO |
Forbidden regardless (across all layers): auto-fix scanner; full-system backfill; full-table-scan of large tables; new config-delivery subsystem/manifest; uncontrolled bypass; any schema change made outside an Owner-gated detailed design.
6. Phase-1 candidate list (read-only substrate/runtime survey — separate Owner gate, NOT opened)
- HOLD-1 — verify the live home / schema / lifecycle / TTL /
candidate_id/blob_refofiu_staging_record/iu_staging_payload. birth_registry/fn_birth_register/fn_birth_gate— verify live existence, row state, the birth-gate warning+bypass surface (RISK-BYPASS).dot_tools— verify wrapper inventory; confirm absence/feasibility ofdot_role/cell_id(read-only; no ALTER), DOT-CAP capability.system_issues/event_outbox— verify observability substrate (severity, register-before-emit, crash/outbox consistency — RISK-CRASH).- STG-012 cleanup scheduler (no
pg_cron?) · STG-015packet_hashcoverage · STG-REUSE-001 shared-store sufficiency. - Runtime/config preflight (D12 / RISK-RUN / SRC) — liveness of Agent Data MCP / Postgres / Qdrant / Directus;
required-stampsload/parse/version-pin/fail-closed; freshness/clock source (RISK-TIME). - OP-1..12 operational gates + RISK-IDX EXPLAIN/index coverage (no full-scan on large tables).
All read-only; gated behind a separate Owner authorization; not part of this macro.
7. Owner decision list (conflicts to adjudicate — default HOLD)
- CONS-002 — which source wins for the IO Contract fields (keep thin 5-field meanwhile?).
- CONS-003 — 6 tầng vs 7 Lớp/dimensions (constitution Đ0-B/Đ29 vs drafts NT6/Đ5) — adjudicate before
cell_id/CELL_STAMP. - CELL-003 / 004 / 007 —
cell_iddimensions (layersource;species2 namespaces; tier catalog /composition_level). - HOLD-1 — authorize (or not) the Phase-1 read-only staging survey.
- HOLD-2 — when/whether to authorize atomic-promote transaction + rehearsal design.
- STG-REUSE-003 / new-store — confirm default-NO on any new packet store / registry / index.
- Sequencing — F5 + Cross-F evidence review → dedicated FX / Governance One Roof survey → then Owner decides A (Phase-1) vs B (blocker decision notes) vs C (technical design prep) vs D (implementation planning) — and whether blocker-clearing precedes any F5 observability build. Technical design is not authorized before FX.
8. Technical-design candidate list (NOT designed here — Owner-gated, after the gates above)
Sequence rule: F5 + Cross-F evidence review → dedicated FX / Governance One Roof survey → then Owner decides Phase-1 / blocker decision notes / technical-design preparation. Technical design is not authorized before FX; the FX survey remains a separately-authorized, read-only, non-authorizing dedicated Program Macro (same 3 Owner questions, same deep evidence layer).
These are named as candidates only; this matrix designs none of them:
- Promote checker (verdict-only, fail-closed, selftest) — after CONS/CELL decisions + Phase-1.
- Atomic-promote transaction (all-or-nothing: canonical birth + close
BIRTH_STAMP/PROMOTE_STAMP+ consume staging) + rehearsal — after HOLD-2 lifted. - KB→runtime
required-stampsdelivery (load/parse/version-pin/fail-closed) — after RISK-RUN/STL survey. - List-only scanner / missing-stamp / orphan scan / minimal heartbeat — after the lanes it observes are proven.
cell_idresolution + any stamp/dot_rolematerialization — after CONS-003 + CELL-* decided.
Each requires its own Owner gate and a proof that assembling existing substrate is insufficient (catalog §2c 5 no-new conditions).
9. Explicit non-authorization
This matrix is a summary, not a decision and not a design. It authorizes nothing. It did not: run Phase-1; query any live DB / runtime / production; touch iu_staging_* / dot_tools / birth_registry / system_issues live; call any birth/checker/promote/scanner function; create any source manifest / schema / table / registry / index; materialize cell_id / dot_role / stamp columns; create or run any DOT / formula / assembly / checker / scanner / heartbeat / promote; write any canonical birth / BIRTH_STAMP / PROMOTE_STAMP / PROMOTE_BLOCKED state; create any dashboard; resolve CONS-002 / CONS-003 / CELL-003/004/007; or produce any technical design or implementation prompt. This matrix authorizes neither FX nor technical design: FX (Governance One Roof) remains a pending dedicated survey that must be separately authorized by Owner/GPT, and the Cross-F Matrix does not replace a dedicated FX Program Macro. GPT/Owner is the only phase authority; Codex is a control verdict only. Default = HOLD.
F0→F5 / FX Cross-F Evidence & Readiness Matrix | 2026-06-16 | STATUS: NON-AUTHORIZING SUMMARY. F0–F4 decision gates CLOSED; F0–F5 execution reports PARTIAL; FX (Governance One Roof) cross-cutting, not F6 — a dedicated FX survey remains pending before any technical design. The whole F0→F5 spine is a consistent documentary contract; every operational candidate is DOCUMENTARY_ONLY / GAP / UNKNOWN / HOLD. Conflicts (CONS-002/003, CELL-003/004/007), HOLD-1 (Phase-1), HOLD-2 (atomic promote), STG-012/015, STG-REUSE, DOT-CAP, and Nhóm R RISK- remain open. Next: GPT → Codex (all four together) → Owner sequences Phase-1 / blocker decisions / technical-design prep / implementation later. Documentary ≠ live proof. Engineering PASS ≠ Authority PASS. Codex PASS ≠ Owner phase-authorization.*