Agent READ-ONLY Investigation — IU/Text-as-Code Current Position Before Next Design — 2026-05-14

Mode: READ-ONLY ONLY — no DB writes, no DDL/DML, no function execution that mutates, no migration, no UI/code change, no Qdrant mutation. Author: Claude Opus 4.7 (1M, xhigh) Controlling prompt: knowledge/dev/laws/dieu44-trien-khai/prompts/agent-readonly-investigation-iu-current-position-before-next-design-2026-05-14.md rev 2 Verdict: PASS — Opus position confirmed against live PG + live code + KB. Next design task identified. One conflict to flag.

0. Scope honored

Boundary	Honored	Evidence
No DB write / DDL / DML	✅	only `SELECT`, `pg_get_`, `count() FILTER`
No mutating fn execution (e.g. `fn_birth_onboarding_full_scan_hc`, `fn_iu_create`)	✅	not invoked
No Nuxt/Directus/code edits	✅	no `Edit/Write` outside this KB report
No Qdrant mutation / reindex	✅	only `GET /collections`, `GET /health`
No sub-dispatch / no old-prompt execution	✅	one Explore subagent for KB summarization only (read-only)
No bulk migration / TAC→IU migration / UI cutover	✅	none performed

no_mutation_performed = true.

1. KB-evidence summary

Reviewed verbatim (full text):

handoffs/handoff-p3d-pack1-return-to-phase5c2-after-birth-complete-2026-05-14.md
reviews/gpt-final-review-birth-system-complete-authorize-phase5c2-resume-2026-05-14.md
reviews/opus-final-review-birth-complete-5c2-readiness-2026-05-14.md
design/p3d-birth-system-b2-contract-design-rev3.md
reports/p3d-birth-post-eld-b3f-delta-verification-report.md
reports/iu-birth-trigger-install-18c-report.md
design/19-iu0-pack2b-pilot-crud-and-birth-fire-execution-pack.md
reports/19-p2b-p1-iu-pilot-insert-and-birth-fire-report.md
reviews/opus-review-p2b-p1-pilot-insert-and-birth-fire-report-2026-05-05.md
reviews/gpt-review-file16-rev2-f6-birth-path-decision-2026-05-04.md
reviews/gpt-analysis-need-qt003r-retroactive-collection-registration-2026-05-04.md
reports/description-policy-option1-runtime-execution-report.md
reports/p3d-vector-search-reliability-hardening-implementation-report.md
TAC→IU rev3/rev4/addendum + Pack 5 migration design + TAC-UI baseline review
10-doc IU SSOT/handoff/requirements/Pack-22/Pack-23 P3B/P3C1/P3C2/P3C3/P3C4 set (summarized via subagent; punchlist preserved)

2. Live PG / live code spot-check (read-only)

Connection: ssh contabo → docker exec -i postgres psql -U directus -d directus.

A. Birth completion — ALL GREEN

Probe	Result
`birth_registry.canonical_address text NULL`	present (text/YES/no default)
`birth_registry.owner text NULL`	present (text/YES/no default)
`birth_registry.jsonb_profile jsonb NOT NULL DEFAULT '{}'`	present (jsonb/NO/`'{}'::jsonb`)
`identity_profile` on `birth_registry`	ABSENT (Rev3 §1.1 invariant)
`count(*)` `birth_registry`	285,965 (was 285,955 in Opus 2026-05-14 review; +10 natural growth)
`jsonb_profile IS NULL`	0 rows
`jsonb_profile = '{}'`	285,965 rows
`jsonb_profile <> '{}'`	0 rows
`fn_birth_onboarding_full_scan_hc`	`boolean` / VOLATILE (matches §B3-F1c-H install)
`system_health_checks.code='DOT-BIRTH-ONBOARD-FULLSCAN-HC'`	`is_active=true`, `severity=critical`, `executor_ref=fn_birth_onboarding_full_scan_hc`
triggers on `birth_registry`	exactly `trg_birth_auto_certify`, `trg_birth_change_flag_matrix`, `trg_count_birth_registry` (Rev3 I-6)
`fn_birth_registry_auto` md5	`1f729b3571a74963089bb3ef388217f3` — unchanged vs 18c baseline

Verdict A: Birth System COMPLETE confirmed live. All Rev3 invariants I-1..I-7 hold. → birth_system_complete_live_confirmed = true.

B. IU core — ALL GREEN

Probe	Result
`information_unit` table / columns / rows	19 cols / 12 rows
`unit_version` table / cols / rows	16 cols / 19 rows
`unit_edit_draft` / cols / rows	18 cols / 13 rows
`unit_edit_comment` / cols / rows	13 cols / 14 rows
`fn_iu_create(text,text,text,text,text,text,text,text,uuid)`	present (9-arg signature matches Pack 22 README)
`fn_iu_create_plan(...same 9 args...)`	present
`fn_iu_verify_invariants(p_addr text)`	present
`fn_iu_gateway_write_guard()`	present (trigger function)
`fn_iu_edit_plan(p_address,p_body,p_actor,p_title)`	present
`fn_iu_create_edit_draft(p_address,p_body,p_actor,p_reason,p_title)`	present
`fn_iu_comment_edit_draft(p_draft_id,p_author,p_body,p_kind,p_author_type)`	present
`fn_iu_comment(p_address,p_author,p_body,p_kind,p_author_type,p_context)`	present
`fn_iu_apply_edit_draft(p_draft_id uuid, p_actor text, p_review_note text)`	present
`fn_iu_edit(p_address,p_body,p_actor,p_reason,p_title,p_review_note)`	present
`fn_iu_save(p_address,p_body,p_actor,p_title,p_reason,p_mode)`	present
Triggers on `information_unit`	`trg_aa_iu_gateway_write_guard` → `fn_iu_gateway_write_guard`; `trg_birth_information_unit` → `fn_birth_registry_auto('__birth_synthetic_id__')`; `trg_iu_birth_gate_layer1` → `fn_iu_birth_gate_layer1`; `trg_iu_birth_gate_layer2` → `fn_iu_birth_gate_layer2`; `trg_iu_updated_at`
Triggers on `unit_version`	`trg_aa_iu_notif_version`; `trg_aa_uv_gateway_write_guard` → `fn_iu_gateway_write_guard`; `trg_sbx_uv_before_insert` — no independent birth trigger
`dot_config.iu_create.gateway.mode`	`enforced`
`dot_config.iu_edit.policy.default_mode`	`require_review` (Pack 23 P3C4 flip confirmed live)

Verdict B: IU core tables, 11 Pack-22/23 functions, gateway BEFORE-INSERT/UPDATE triggers on both information_unit and unit_version, Pack-23 edit/save chain — all live. → iu_core_tables_live=true, iu_core_functions_live=true, iu_gateway_enforced=true, pack23_edit_save_functions_live=true.

C. Birth trigger / F6 / Pack 2B precondition

Probe	Result
Trigger `trg_birth_information_unit` def	`CREATE TRIGGER trg_birth_information_unit AFTER INSERT ON public.information_unit FOR EACH ROW EXECUTE FUNCTION fn_birth_registry_auto('__birth_synthetic_id__')` — exact 18c install
Independent `unit_version` birth trigger	none (subordinate per Rev3, P2B-P1 §4.4, gpt-review-file16-rev2 §3)
`birth_registry` where `collection_name='information_unit'`	12 rows (matches `count(information_unit)`)
`birth_registry` where `collection_name='unit_version'`	0 rows
`collection_registry.description_policy IS NULL`	0
distribution	`required_detailed=12`, `structured_exempt=7`, `unclassified=147`
DOT-119 script path / md5 / size	`/opt/incomex/dot/bin/dot-birth-trigger-setup` / `5883bce405b86ab436e885cf16fd22de` / 14417 bytes — exact 18c historical md5 match
DOT-119 `CREATE OR REPLACE FUNCTION fn_birth_registry_auto` count inside script	0 (cannot clobber v2 of `fn_birth_registry_auto`)
DOT-119 `--help`	`dot-birth-trigger-setup v2.0.0 — Metadata-Driven Birth Trigger Setup`
`identity_profile` on `information_unit`	YES (per-entity-kind placement, Rev3 §3)
`identity_profile` on `birth_registry`	NO (Rev3 §1.1 NOT_CENTRAL_BIRTH_REGISTRY)
Live IU canonical addresses (all 12)	1× `pilot.iu0.test-001` (Pack 2B-P1, 2026-05-05) · 4× `pilot.p2.`/`pilot.p3.` (Pack 22 pilots) · 7× `test/p3a

Pack 2B execution status — fact:

Pack 2B P0 (schema inspection) executed.
Pack 2B P1 (1 IU + 1 UV pilot) executed 2026-05-05; PASS report at reports/19-p2b-p1-iu-pilot-insert-and-birth-fire-report.md; Opus review PASS; birth fire verified; entity_code information_unit::3ffbbaa5-… confirmed; fn_hash and trigger_count invariants held.
Pack 2B P2 was folded into P1 (Opus: "P2B-P2 không cần prompt riêng — birth fire đã verify inline").
Pack 2B P3 (cleanup-or-keep decision): GPT directed to keep the pilot row; cleanup SQL drafted but never executed (still 1× pilot.iu0.test-001 live).
Formal Pack 2B closure document as a single uploaded "Pack 2B closure" report was not found in KB search; Opus review §closure said Pack 2B PASS — confirm closure? and the workstream moved on to Pack 22 (native IU create + gateway). Treat closure as de-facto (executed + reviewed PASS) rather than a separately-named closure doc.

→ f6_dot119_iu_birth_trigger_done_confirmed=true, pack2b_design_exists=true, pack2b_execution_done=true (P1+P2 PASS; P3 decided to keep). description_policy column live, 0 NULL (147 unclassified rows are non-blocking deferred classification per its execution report §10).

D. TAC tables / DIEU-35 / fn_iu_create canonical writer

Probe	Result
`tac_publication` rows	3 (`DIEU-28 v2.0/proposed`, `DIEU-32 v1.1/proposed`, `DIEU-35 v5.2/proposed`)
`tac_publication.doc_code='DIEU-35'` members	36 (matches handoff baseline `36 members / 12 section types / render_order 0..35`)
`tac_logical_unit` rows	86
`tac_unit_version` rows	86
`tac_publication_member` rows	86
IU rows from prior TAC migration (canonical_address LIKE `dieu35.%` or law_unit kind)	0 — all 12 IU rows are pilot/test addresses, none from a TAC mapping yet
`fn_iu_create` signature	matches Pack 22 README exactly (9 params)

Verdict D: TAC tables and DIEU-35 baseline live-verified. No prior partial TAC→IU migration on disk. fn_iu_create is canonical writer and matches gateway allow-list. → tac_dieu35_live_verified=true.

E. Vector / search

Probe	Result
Qdrant `/collections`	`[{name: production_documents}]` — single collection, IU vector NOT yet
`production_documents.points_count`	6,084 (was 5,015 at hardening 2026-05-11; +1,069 natural growth)
Qdrant status	`green`
Agent-data `/health`	`status=healthy`; qdrant/postgres/openai all `ok`; `data_integrity.sync_status="warning"` driven by `ratio=2.05 > 2.0` chunked-doc ratio threshold — exactly the known-informational condition called out in hardening §12.1
Last ALERT-level vector report	none after hardening 2026-05-11 (canary 8/8 PASS, audit-sync `status=clean`)
`_apply_path_title_boost(collection_name=...)` unified contract	present in code; ready for future IU vector collection
recency tiebreak	code path present, SKIPPED until payload writes timestamps (legacy KB lacks them; IU vector not yet exist)

Verdict E: vector_efficiency_alert = NONE. The /health warning is the known-informational ratio threshold, not a new alert. No user notification required for vector.

3. Required analysis — answers

Q1. Is Opus correct that old IU/TAC handoff is stale and Birth System is complete?

Yes. Live evidence corroborates GPT final review + Opus final review + Rev3 contract: ELD columns present, jsonb_profile NOT NULL holds across 285,965 rows, wrapper + HC row active, scheduler patched, fn hash unchanged. Birth System COMPLETE.

Q2. Is Opus correct that F6 / DOT-119 / IU birth trigger work is already done?

Yes. Live: trg_birth_information_unit exists with exact 18c definition; fn_birth_registry_auto md5 unchanged; DOT-119 v2 script md5 matches historical baseline; script cannot clobber v2 of fn_birth_registry_auto; F6 (birth-path decision) was ratified by GPT (Option B persisted-pilot exception); IU birth proven by 12 IU births in birth_registry.

Q3. Is Opus correct that Pack 2B design exists but execution has not run?

Partially incorrect. Pack 2B design exists (file 19) and Pack 2B P1 execution did run on 2026-05-05 with PASS (1 IU + 1 UV pilot row created, birth fire verified, Opus review PASS, GPT directed keep). What is missing is only a single-named "Pack 2B closure" doc — Opus may have meant the broader Pack 2B (= Option B persisted pilot scope incl. read/update/version tests beyond P1) was not finished as a multi-phase suite. The narrower P1 birth-fire scope was executed; subsequent work moved on to Pack 22 (canonical IU create + gateway) and Pack 23 (edit/save/comment/notification).

This is the one conflict flagged: Opus's pack2b_execution_not_run=true reads stricter than live evidence. Set pack2b_execution_done=true for P1 (birth-fire), but acknowledge that Pack 2B as a closure document was not separately written.

Q4. Is Opus correct that next recommended work is Phase 5C2 resume plan from live PG?

Yes, but with sequencing nuance. Birth gate is cleared, TAC→UI baseline PASS, rev4 prompt exists but must be revalidated (it predates Birth Rev3 contract, predates Pack 22/23 minimum-edit-workflow, predates description_policy live state). The next safe design task is a Phase 5C2 Resume Plan v1 (design-only) drafted from live PG evidence per the handoff §6.2 directive.

Q5. Should Pack 2B revalidation run in parallel as design-only?

No (or: defer until 5C2 resume plan is in review). Reasons:

The single live "Pack 2B" deliverable — 1 IU + 1 UV with birth fire — is already proven by pilot.iu0.test-001 PASS report. There is no additional "Pack 2B" execution gate left to clear before 5C2.
The broader Option-B persisted-pilot scope (read/update/version-bump tests beyond P1) has been functionally superseded by Pack 22 native-create + Pack 23 edit/save coverage that already exercises read/update/version on 12 IU / 19 UV rows.
Parallel design tracks now would dilute review focus; the binding next gate is the 5C2 Resume Plan because that is what GPT explicitly authorized to resume.

→ parallel_design_tracks_allowed = no (recommended).

Q6. Safest one next design task

Draft Phase 5C2 Resume Plan v1 — TAC→IU migration (design-only, no execution). Required content:

Recover Phase 5C2 context (rev3+rev4 + addendum + Pack-5 migration design + TAC-UI baseline PASS).
Verify live: TAC (3 publications / 86 members on DIEU-35), IU/UV schema, birth coverage for information_unit, identity_profile placement, description_policy for information_unit/unit_version=structured_exempt (already seeded).
Revalidate rev4 prompt against (a) Rev3 birth contract, (b) Pack 22 fn_iu_create canonical writer, (c) Pack 23 edit/save policy require_review, (d) the 12-row pilot namespace already on disk.
Define migration options: A) read-only mapping/dry-run only; B) staged pilot under DIEU-35 with shadow + rollback; C) controlled batch after pilot. Recommend A as Phase 5C2-R0.
Boundaries: NO bulk migration, NO TAC UI cutover, NO schema mutation, NO trigger changes, NO birth-system changes.

Deliverables: design/p3d-phase5c2-resume-tac-to-information-unit-migration-plan.md + companion report.

Q7. Is there a vector/search ALERT requiring immediate user notification?

No. vector_efficiency_alert = NONE. /health.sync_status=warning is the known-informational chunked-doc-ratio condition documented in hardening §12.1; canary T1–T8 PASS at last run; audit-sync was status=clean; Qdrant green; only 1 (legacy) collection live; IU vector collection deliberately not yet provisioned. → must_notify_user_now = false.

4. Conflicts / stale assumptions

pack2b_execution_done disagreement with Opus framing: Opus said "Pack 2B design exists but execution has not run." Live evidence: Pack 2B P1 PASS (reports/19-p2b-p1-iu-pilot-insert-and-birth-fire-report.md + Opus review PASS). Interpret Opus's claim as referring to Pack 2B as a single-closure document, not P1 execution. Resolution recorded above.
rev4 prompt predates Birth Rev3 (canonical_address/owner placeholder, jsonb_profile required container) and Pack 23 require_review policy flip. Treat rev4 as reference only; not executable as-is.
Phase 5C2 rev3 parallel-pilot patch (2026-05-12) is the most up-to-date design surface but still references Birth state pre-Rev3 ELD landing; it predates B3-F1c-H wrapper.
unclassified=147 rows in collection_registry.description_policy are non-blocking deferred classification (description-policy report §10 + TD §2). They do not gate Phase 5C2 because information_unit and unit_version are explicitly seeded structured_exempt.
Vector data_integrity.sync_status=warning is the known-informational ratio threshold issue (hardening §12.1). Not a new ALERT; not user-notify-now.
IU event emission to event_outbox with event_domain='information_unit' is still DEFERRED (SSOT 2026-05-10 §remaining + Pack 23 P3C4 §notification = PG_NATIVE_EVENT_OUTBOX_WITH_PER_ACTOR_READ_STATE DEFERRED_P3D). Not on the 5C2 critical path but a known gap for "Thông tin" filter on IU events.

5. Final response fields

readonly_investigation_status=PASS
no_mutation_performed=true
birth_system_complete_live_confirmed=true
phase5c2_resume_allowed_confirmed=true
phase5c2_execution_allowed=false
bulk_migration_allowed=false
ui_cutover_allowed=false
f6_dot119_iu_birth_trigger_done_confirmed=true
pack2b_design_exists=true
pack2b_execution_done=true
iu_core_tables_live=true
iu_core_functions_live=true
iu_gateway_enforced=true
pack23_edit_save_functions_live=true
tac_dieu35_live_verified=true
rev4_revalidation_required=true
vector_efficiency_alert=NONE
must_notify_user_now=false
recommended_next_design_task=Draft Phase 5C2 Resume Plan v1 (TAC→IU migration, design-only, no execution) from live PG evidence: read-only mapping/dry-run scope (Phase 5C2-R0), with rev4 revalidation against Birth Rev3 + Pack 22 fn_iu_create + Pack 23 require_review policy + live 12-row pilot namespace.
parallel_design_tracks_allowed=no
conflicts_or_stale_assumptions=["Opus 'pack2b_execution_not_run' is stricter than live evidence: Pack 2B P1 PASS (pilot.iu0.test-001 + 1 UV) on 2026-05-05; no separate Pack-2B-closure doc was written but P1 + Opus review PASS de-facto closed the birth-fire scope.","rev4 prompt predates Birth Rev3 ELD contract + Pack 23 require_review flip — reference only.","Phase 5C2 rev3 parallel-pilot patch predates B3-F1c-H wrapper.","147 unclassified description_policy rows are non-blocking deferred classification; information_unit and unit_version are structured_exempt, do not gate 5C2.","Vector /health sync_status=warning is the known-informational chunked-doc ratio (hardening §12.1), not a new ALERT.","IU event emission to event_outbox with event_domain='information_unit' is DEFERRED — not on 5C2 critical path but a known gap for IU notification filter."]
report_path=knowledge/dev/laws/dieu44-trien-khai/reports/agent-readonly-investigation-iu-current-position-before-next-design-2026-05-14.md
next_recommended_action=GPT_REVIEW_READONLY_INVESTIGATION_THEN_DISPATCH_DESIGN

Read-only investigation report | 2026-05-14 | Claude Opus 4.7 xhigh | No mutation. Evidence-led.