P9 Tier 2 — Remediation Design v0.2
P9 Tier 2 — Remediation Design v0.2
Loại: Remediation design — 4 blockers từ Tier 1 Phase: P9 Entry Gate, Tier 2 Trạng thái: DRAFT v0.2 — Patched 5 điểm GPT. Chờ GPT final + User. Ngày: 2026-04-27 | Phiên: S182 GPT review: v0.1 PASS CĐK (5) → v0.2
0. Mục tiêu
Thiết kế giải pháp cho 4 Tier 1 blockers. DESIGN ONLY. Không DDL/DML, không seed facets, không sửa schema, không P9. Mỗi execution cần prompt riêng sau GPT/User review.
R1 — Đ24 Facet Reconciliation (A1: MEDIUM)
1.1 Phương án: Option A — FAC-07/08/09
Tạo 3 facets mới theo pattern hiện có. doc/topic/layer = alias chỉ trong design docs.
FAC-07 "Thuộc tài liệu nào?" (alias: doc)
FAC-08 "Chủ đề nội dung?" (alias: topic)
FAC-09 "Tầng kiến trúc?" (alias: layer)
1.2 Governed taxonomy addition — flow bắt buộc
Đây là governed taxonomy addition. Không seed trực tiếp. Flow:
DOT-TAC-LABEL-FACET-VERIFY phát hiện thiếu facet
→ tạo system_issues (kind='missing_facet')
→ tạo APR request_type='create_facet'
→ User/Council approve APR
→ DOT-TAC-LABEL-SYNC tạo facet via Directus API
→ DOT-TAC-LABEL-FACET-VERIFY re-verify
No APR = no facet creation. Không bypass, không direct INSERT.
1.3 P8 amendment
P8 §5 ghi rõ: doc/topic/layer là alias. Production dùng facet_id FK to taxonomy_facets (FAC-07/08/09). Không cần amend P5.
R2 — D38 Entity Code Contract (A2: MEDIUM)
2.1 Scope
D38-domain contract only. Không phải global Đ24 standard. Mỗi domain có thể có convention riêng cho entity_code.
2.2 Contract
D38 Text as Code entity_code convention:
- entity_code = tac_logical_unit.canonical_address (verbatim)
- D38-domain contract, NOT global Đ24 standard
- Format regex: ^D38-[A-Z0-9]+-((ROOT)|(S[0-9]+(-P[0-9]+(-[0-9]+)*)?))$
- Covers:
D38-HOWTO-ROOT (root node)
D38-HOWTO-S1 (section)
D38-C1A-S4-P1 (paragraph)
D38-C1A-S4-P1-1 (deep nesting, future)
- Character set: uppercase alphanumeric + hyphen
- Length: 10–30 characters
- UNIQUE: enforced by tac_logical_unit.canonical_address
- Prefix: D38- for Đ38 domain
2.3 Validation against 76 existing units
Regex phải cover tất cả 76 units từ P7A segmentation. Nếu bất kỳ unit nào không match → gate FAIL, cần amend regex hoặc segmentation.
DOT-TAC-LABEL-FORMAT-VERIFY kiểm: mọi canonical_address match regex. Chạy trước P9 seed.
2.4 Amendment
Ghi contract vào P8 §5 hoặc P9 spec. Đ24 không cần amend — entity_code format là per-domain.
R3 — system_issues Adapter (A3: LOW)
3.1 Prerequisite: read-only verification TRƯỚC design
Chưa thiết kế wrapper DDL. Cần bước read-only kiểm chính xác:
fn_log_issuesignature (parameters)fn_log_issuebody — ghi vàocoalesce_keyhayissue_signature?- Mapping chính xác giữa fn_log_issue params → system_issues columns
Nếu không xác minh được → BLOCKED, không tạo adapter.
3.2 Adapter design (chỉ sau khi 3.1 verified)
| Contract field | Mapping target | Verify |
|---|---|---|
| source | source | ✅ Direct |
| severity | severity | ✅ Direct |
| category | issue_class HOẶC sub_class | ⚠️ Cần verify |
| entity_code | entity_code | ✅ Direct |
| summary | title HOẶC description | ⚠️ Cần verify |
| status | status | ✅ Direct |
| issue_signature | coalesce_key HOẶC issue_signature | ⚠️ Cần verify fn_log_issue body |
3.3 Execution prerequisite
E1 (read-only verify fn_log_issue) PHẢI PASS trước khi thiết kế adapter function. Không shortcut.
R4 — dot-dot-register v2 (A4: MEDIUM)
4.1 Design principles
11-field payload (Đ35 §5.1). Config override JSON. tac_* domain rule. Self-bootstrap. Infer fail = CẤM POST.
4.2 Tách execution: design → dry-run → verify → register
Không nhảy thẳng "register 19 DOTs." Tách:
| Phase | Scope | Output | Mutate? |
|---|---|---|---|
| D1 | Design v2 script + config override JSON | Code design | ❌ |
| D2 | Dry-run: generate 19 DOT payloads, verify 11 fields + paired mapping | JSON payloads + verify report | ❌ |
| D3 | Verify: paired_dot correct? domain correct? infer-fail blocks POST? | Verify report | ❌ |
| D4 | Register: ghi 19 DOTs vào dot_tools | dot_tools INSERT | ✅ Needs approval riêng |
D4 (dot_tools write) = production mutation → cần GPT/User approval prompt riêng. D1–D3 = design + read-only.
4.3 Config override format
{
"DOT-TAC-SCHEMA-ENSURE": {
"domain": "infrastructure.schema",
"operation": "ensure",
"trigger_type": "on-deploy",
"paired_dot": "DOT-TAC-SCHEMA-VERIFY",
"cron_schedule": "",
"coverage_status": "partial",
"_dot_origin": "dot-dot-register"
}
}
19 entries cho 19 tac_* DOTs.
4.4 Self-bootstrap
dot-dot-register self-inserts at startup if not in dot_tools. Own config override entry = source of truth.
5. Execution Split (reordered, NOT TO RUN)
| Phase | Scope | Mutate? | Prerequisite |
|---|---|---|---|
| E0 | Patch/approve Tier 2 v0.2 | ❌ | GPT + User review |
| E1 | Read-only verify fn_log_issue / system_issues mapping | ❌ | E0 |
| E2 | Amend P8/P9: Đ24 alias contract + entity_code D38-domain contract | ❌ (doc only) | E0 |
| E3 | dot-dot-register v2: design + dry-run (D1–D3 only) | ❌ | E0 |
| E4 | APR request for FAC-07/08/09 (governed flow) | ✅ (APR creation) | E2 approved |
| E5 | If APR approved → DOT/API create 3 facets | ✅ (taxonomy write) | E4 APR approved |
| E6 | Re-run Tier 1 A1–A4 (expect improvements) | ❌ | E1–E5 |
| E7 | dot-dot-register v2 D4: register 19 DOTs (if E3 dry-run PASS) | ✅ (dot_tools write) | E3 D3 PASS + approval |
Read-only first (E1–E3), mutate later (E4–E5, E7). Mỗi mutate step = prompt riêng + GPT review.
6. P9 Gate Status
| Gate | Tier 1 | Tier 2 remediation | Next |
|---|---|---|---|
| G2 Đ24 facets | FAIL | R1: FAC-07/08/09 via APR | E4→E5 |
| G3 entity_code | BLOCKED | R2: D38-domain contract | E2 |
| G4 DOT registration | NEEDS DESIGN | R4: v2 design + dry-run | E3→E7 |
| G5 register adapter | FAIL | R4: v2 design | E3 |
| G6 Migration dry-run | NEEDS DESIGN | Deferred to Tier 3 | After E1–E7 |
| G7 system_issues | FAIL | R3: verify first, adapter after | E1 |
| G8 Directus roles | NEEDS DESIGN | Deferred to Tier 3 | After E1–E7 |
7. Not Authorized
Production DDL/DML ❌. Facet seed direct ❌. Schema ALTER ❌. DOT registration ❌. P9 ❌. Execution prompts ❌ (chờ v0.2 review).
Patch log v0.1 → v0.2
| # | GPT điểm | Sửa |
|---|---|---|
| 1 | R1 facets: no direct seed | ✅ Governed flow: DOT detect → issue → APR → approve → DOT create. No APR = no facet. |
| 2 | R2 entity_code: D38-domain only | ✅ Ghi rõ D38-domain contract, not global Đ24. Regex covers ROOT + deep nesting. |
| 3 | R3: verify fn_log_issue first | ✅ Prerequisite E1 read-only verify. No wrapper until verified. BLOCKED if unverified. |
| 4 | R4: tách design/dry-run/register | ✅ D1–D3 (no mutate) → D4 (approval riêng). Không nhảy thẳng register. |
| 5 | Execution reorder | ✅ E0–E3 read-only first → E4–E5 mutate (APR) → E6 re-verify → E7 register (approval). |
P9 Tier 2 v0.2 DRAFT | S182 | 2026-04-27 | Opus 4.6 GPT: v0.1 PASS CĐK (5) → v0.2 patched Chờ GPT final + User