05 — Birth Protocol Plan for iu_staging_record + iu_staging_payload

Purpose. Describe — at the design level — exactly how the two new staging collections must be born under the current Điều 0-G + Điều 36 + Species Law + birth-procedures regime. No shortcuts. Same protocol as any other governed collection. Status: DESIGN ONLY. No registry write, no DOT run, no migration in this macro.

This plan is the executable shape of "same governance as everything else" (Compatibility Matrix §1).

---

1. Required artefacts before birth

Artefact	Status today	Required state
Species SPE-NVS (no_vector_staging)	not present	created via dot-species-create (or equivalent)
Species metadata: vector_eligible = false	n/a	set at species creation
Two collection_registry codes (e.g. COL-IUS-001 + COL-IUS-002)	not present	reserved via dot-collection-register
Migration NNN (substrate DDL)	not authored	authored under sql/iu-core/migrations/NNN_…_staging_substrate.sql
Migration NNN+1 (rollback)	not authored	authored under same dir, paired
5 DOTs registered	0 of 5	dot_iu_staging_create / approve / consume / reject / cleanup
Healthcheck function	not present	fn_iu_staging_healthcheck() returning 8 invariants
Retention policy rows	0	one row per staging collection in iu_core_retention_policy
D9 SSOT inventory bump	not bumped	bump in runtime/110_iu_core_dot_conformance_scan.sql
Pinning tests	not bumped	counts (tables, views, fns, configs) bumped same commit

---

2. Birth-step plan (mirrors birth-procedures.md v3.1 §QT-003)

BƯỚC 1 — Governance role decision

governance_role: governed   # only allowed value for No-Vector Staging Zone
rationale:
  - temporary != ungoverned
  - universal counter requires every entity to be born
  - rejected: observed (would skip counter)
  - rejected: excluded (would skip law entirely)

BƯỚC 2 — Species

species:
  code: SPE-NVS
  label_en: no_vector_staging
  label_vi: vùng dữ liệu tạm không vector
  kind: atom                 # not meta — staging holds payloads, not other taxonomies
  governance_role: governed
  parent: null               # top-level atom species; sibling of SPE-IU, SPE-BLK, …
  metadata:
    vector_eligible: false   # CONSUMED BY CONNECTOR
    retention_required: true
    dot_first: true
  composition_level: 1
  notes: |
    Created under Phụ lục Điều 36 — No-Vector Staging Zone.
    Any collection mapped under this species is on the vector connector's
    permanent exclusion list (Rule N1).

BƯỚC 3 — Registry entries (one per collection)

collection_registry_rows:
  - code: COL-IUS-001
    collection_name: iu_staging_record
    schema: iu_core
    purpose: |
      Metadata row for No-Vector Staging Zone items (Phụ lục Điều 36).
      Lifecycle, owner, hash, expiry, approval signature.
    group: iu-core-staging
    governance_role: governed
    vector_eligible: false
    species_map: SPE-NVS

  - code: COL-IUS-002
    collection_name: iu_staging_payload
    schema: iu_core
    purpose: |
      Payload parts for No-Vector Staging Zone items (Phụ lục Điều 36).
      JSON / text / blob_ref multi-part bodies, sha256-hashed.
    group: iu-core-staging
    governance_role: governed
    vector_eligible: false
    species_map: SPE-NVS

species_collection_map_rows:
  - { species: SPE-NVS, collection_code: COL-IUS-001 }
  - { species: SPE-NVS, collection_code: COL-IUS-002 }

DOT commands used: dot-species-create (or analog), dot-species-map, dot-collection-register. All three are write-capable governance gateways (per birth-procedures.md and iu0-pack2a-legal-tooling-preflight-report.md).

BƯỚC 4 — Birth registry triggers

Each insert into iu_staging_record and iu_staging_payload must auto-write a birth_registry row. This requires:

• The existing dot-trigger-guard discipline (Điều 36 trigger governance).
• A PG trigger trg_iu_staging_record_birth / trg_iu_staging_payload_birth on INSERT that calls the standard birth function (re-using whatever fn birth-registry-law.md v1.0 currently uses elsewhere).
• TRIGGER privilege check (50000x feedback: feedback-trigger-grant-on-foreign-owned-tables) — these tables are workflow_admin-owned, so the migration must apply as owner via pg_hba local trust (70000x feedback: feedback-pg-hba-local-trust-unblocks-role-channel).

---

3. Directus registration (if exposed in Nuxt)

Two options:

Option	When	Effect
A — Substrate-only (recommended)	If staging is consumed only by DOT tools	One row each in tbl_registry_collections so the staging tables appear on /knowledge/registries/staging; no Directus UI added.
B — Directus collection	Only if operators want a Directus list view	Plus a Directus collection mirroring iu_staging_record (read-only).

Default proposal: Option A. Option B is a follow-up that doesn't change the law.

---

4. DOT registration

dot_iu_command_catalog:
  - command_name: dot_iu_staging_create
    description: Create a No-Vector Staging Zone record + parts atomically.
    write_capable: true
    governs: SPE-NVS
  - command_name: dot_iu_staging_approve
    description: Approve a pending staging record (review gate).
    write_capable: true
  - command_name: dot_iu_staging_consume
    description: Mark a staging record consumed by a downstream run.
    write_capable: true
  - command_name: dot_iu_staging_reject
    description: Reject a pending staging record with reason.
    write_capable: true
  - command_name: dot_iu_staging_cleanup
    description: Transition expired/consumed/rejected staging rows to cleaned, respecting retention policy and the no-orphan-vector contract.
    write_capable: true
  - command_name: dot_iu_staging_unregister
    description: REFUSED-guarded rollback — delete a staging record + parts atomically; used only in migration rollback.
    write_capable: true

dot_iu_command_run:
  # each DOT call writes one row (audit), keyed on command_name + run_id

R280-style governance probe (proven 40000x): after registration, expected_count = current_count + 6, all_resolvable = t.

---

5. D9 / DOT conformance bumps

Same commit as the migration, bump sql/iu-core/runtime/110_iu_core_dot_conformance_scan.sql:

+    ('table',    'iu_staging_record'),
+    ('table',    'iu_staging_payload'),
+    ('view',     'v_iu_staging_record'),
+    ('view',     'v_iu_staging_payload_observability'),
+    ('function', 'fn_iu_staging_create'),
+    ('function', 'fn_iu_staging_approve'),
+    ('function', 'fn_iu_staging_consume'),
+    ('function', 'fn_iu_staging_reject'),
+    ('function', 'fn_iu_staging_cleanup'),
+    ('function', 'fn_iu_staging_emit_event'),
+    ('function', 'fn_iu_staging_healthcheck'),
+    ('function', 'fn_iu_staging_unregister'),
+    ('trigger',  'trg_iu_staging_record_birth'),
+    ('trigger',  'trg_iu_staging_payload_birth'),
+    ('config',   'iu_core.staging_writes_enabled'),
+    ('config',   'iu_core.staging_cleanup_enabled'),
+    ('config',   'iu_core.no_vector_staging_excluded'),
+    ('event_type', 'staging.record_created'),
+    ('event_type', 'staging.record_approved'),
+    ('event_type', 'staging.record_consumed'),
+    ('event_type', 'staging.record_rejected'),
+    ('event_type', 'staging.record_cleaned'),

Approximate delta: +2 tables, +2 views, +8 functions, +2 triggers, +3 configs, +5 event types. Pinning tests must bump same commit (15000x lesson).

---

6. Rollback

Per 15000x sidecar precedent + 18000x sidecar-versioning precedent:

rollback_plan:
  unit: migration_NNN_+_paired_NNN_rollback.sql
  ddl:
    - DROP all triggers
    - DROP all functions
    - DROP all views
    - DROP iu_staging_payload (children)
    - DROP iu_staging_record
    - DELETE FROM iu_core_retention_policy WHERE collection_name LIKE 'iu_staging_%'
    - DELETE FROM event_type_registry WHERE event_domain = 'staging'
    - DELETE FROM dot_iu_command_catalog WHERE command_name LIKE 'dot_iu_staging_%'
    - DELETE FROM species_collection_map WHERE collection_code IN ('COL-IUS-001','COL-IUS-002')
    - DELETE FROM collection_registry WHERE code IN ('COL-IUS-001','COL-IUS-002')
    - DELETE FROM species WHERE code = 'SPE-NVS' (only if no other collection references it)
  guard:
    - REFUSED if iu_staging_record has any non-cleaned rows
    - REFUSED if dot_iu_command_run has any uncompensated calls
  pinning_tests:
    - bump back to baseline counts

The REFUSED-guarded design prevents accidental data loss (50000x lesson: "Honest channel-block beats partial trigger").

---

7. Healthcheck wiring

fn_iu_staging_healthcheck() is added to the existing healthcheck runner (fn_iu_core_healthcheck or its equivalent), bringing the existing 8/8 GREEN status to 9/9 GREEN. No other healthcheck contracts change.

---

8. Order of operations (proposed implementation macro outline)

1. Author migration NNN (substrate DDL) + paired NNN rollback
2. Author DOT modules dot_iu_staging_* + Python entrypoints
3. Author healthcheck fn + integrate into runner
4. Author regression tests (no-vector contract §5)
5. Bump SSOT inventory + pinning tests same commit
6. Register species SPE-NVS via dot-species-create
7. Register collections COL-IUS-001 + COL-IUS-002 via dot-collection-register
8. Register species ↔ collection rows via dot-species-map
9. Apply migration NNN as workflow_admin (pg_hba local trust)
10. Set iu_core.no_vector_staging_excluded = true (default); verify gates
11. Healthcheck → 9/9 GREEN
12. Confirm Qdrant probe — 0 staging points
13. Author retention policy rows; cleanup_enabled stays false until first
    cleanup rehearsal

This is an outline, not an instruction — it lives in 07-implementation-backlog.md.