KB-7843 rev 2
P3D Birth — B2 Contract Rev3 + B3-F1c-H Wrapper / system_health_checks Integration Design Report (Rev2 — Dual-Trigger Patched)
15 min read Revision 2
p3dbirth-systemb2-rev3b3f1c-hdesign-reportwrappersystem_health_checksdual-triggernt7patched2026-05-14
P3D Birth — B2 Contract Rev3 + B3-F1c-H Wrapper / system_health_checks Integration Design Report
Doc rev: 2 (dual-trigger patch) Date: 2026-05-14 Mode: DESIGN ONLY — no execution Author: Claude (Opus 4.7, 1M context) Design doc:
knowledge/dev/laws/dieu44-trien-khai/design/p3d-birth-b2-contract-rev3-and-b3f1c-h-wrapper-integration-design.md(rev 2) Patch motivation (this rev):knowledge/dev/laws/dieu44-trien-khai/reviews/gpt-review-b2-rev3-b3f1c-h-design-dual-trigger-patch-required-2026-05-14.md
1. Executive summary
| Stream | Status |
|---|---|
| B2 Contract Rev3 design | PASS (unchanged from rev 1) |
| B3-F1c-H wrapper design | PASS (unchanged from rev 1) |
| system_health_checks row design | PASS (one row; unchanged from rev 1) |
| Dual-trigger model (NEW in rev 2) | PASS — Trigger A scheduled + Trigger B on-demand defined |
| Trigger B1 — pre-wrapper scheduler-health validation | DEFINED (gated on static-proof artifact for --dry-run/--only-check) |
| Trigger B2 — post-wrapper birth full-scan trigger | DEFINED (PG SELECT path; CLI --only-check future) |
| Cron observation | DIAGNOSTIC only — no longer a gate |
Jurisdiction hardcode NRM-LAW-35-V5P2 |
Accepted as temporary debt (B3-F1c-jurisdiction-decoupling-debt) |
| NT7 / NT2 / NT5 / NT12 compliance | Satisfied (§9 of design doc) |
| Execution authorized | NO |
| Phase 5C2 resume | NO |
2. What changed in rev 2 (this patch)
| Section | Change |
|---|---|
| §5 of design | NEW — Dual-trigger model. Defines Trigger A (scheduled cron) and Trigger B (controlled on-demand). |
| §6 of design | NEW — Trigger B1 (pre-wrapper scheduler-health validation). Candidate flags --dry-run / --only-check are treated as flags to be discovered, not existing truth. Static-proof prerequisite formalized. |
| §7 of design | NEW — Trigger B2 (post-wrapper on-demand birth full-scan). Current path is PG SELECT (fn_birth_onboarding_full_scan_hc('{}'::jsonb)). Classification: INTENTIONAL_WRITE. CLI --only-check=DOT-BIRTH-ONBOARD-FULLSCAN-HC listed as future enhancement, not current path. |
| §8 of design | Cron observation reframed as diagnostic-only. wait_for_cron_required = false. |
| §9 of design | NEW — Constitutional compliance (NT7 / NT2 / NT5 / NT12). |
| §10 of design | Sequence updated — cron observation no longer blocks earlier steps; Trigger B2 invocation can precede or follow cron observation. |
| §13 of design | Final fields expanded with dual-trigger / mutation-mode / discovery-state fields. |
B2 Rev3 contract content (§2 of design), wrapper sketch (§3), and system_health_checks row design (§4) are unchanged from rev 1 — accepted by GPT review.
3. Inputs
| Input | Purpose | Reference |
|---|---|---|
| B3-ELD-EXEC report (PASS) | Schema delta source | …/reports/p3d-birth-b3-eld-exec-ddl-execution-report.md |
| B3-F1c-g report (PASS) | parse_args + source guard; cron unchanged | …/reports/p3d-birth-b3f1c-g-vps-scheduler-repair-execution-report.md |
| GPT review 2026-05-14 next-steps | Authorized this design's parent | …/reviews/gpt-review-b3-eld-exec-and-b3f1c-g-execution-pass-next-steps-2026-05-14.md |
| GPT review 2026-05-14 dual-trigger patch (motivates this rev) | Patches design to satisfy NT7 dual-trigger | …/reviews/gpt-review-b2-rev3-b3f1c-h-design-dual-trigger-patch-required-2026-05-14.md |
| B2 Rev2 design | Baseline | …/design/p3d-birth-system-b2-contract-design.md |
| B3-F1c-e probe report | Executor contract + jurisdiction analysis | …/reports/p3d-birth-system-b3f1c-e-dot-dot-health-reuse-viability-probe-report.md |
| Full-scan SQL Rev3 | Confirms critical_count is canonical |
…/artifacts/p3d-birth-system-b3f1c-full-scan-function.sql.md |
4. B2 Contract Rev3 (unchanged from rev 1)
4.1 Column delta absorbed
| Column | Pre-Rev3 | Rev3 |
|---|---|---|
canonical_address |
not modeled | text NULL — PLACEHOLDER_AT_BIRTH |
owner |
ABSENT | text NULL — PLACEHOLDER_AT_BIRTH |
jsonb_profile |
not modeled | jsonb NOT NULL DEFAULT '{}' — REQUIRED_AT_BIRTH container, keys ENRICHED_LATER |
identity_profile |
per-entity-kind | UNCHANGED — NOT_CENTRAL_BIRTH_REGISTRY |
4.2 Birth-gate invariants
canonical_address IS NULLat birth is OK.owner IS NULLat birth is OK.jsonb_profile = '{}'::jsonbat birth is OK.- Birth gate MUST NOT auto-populate
canonical_address/ownerfrom heuristics. identity_profileMUST NOT be added tobirth_registry.
5. Wrapper design (unchanged from rev 1)
- Name:
public.fn_birth_onboarding_full_scan_hc - Signature:
(cfg jsonb DEFAULT '{}'::jsonb) RETURNS boolean - Body: delegate to
fn_birth_onboarding_full_scan(); readcritical_count; compare withcfg.critical_threshold(default 0); return boolean. - NULL handling: NULL output →
false. Missing keys → 0. - Error visibility: no
EXCEPTION WHEN OTHERS. - Compile/INSERT: NOT performed in this session.
wrapper_recommended = true
6. system_health_checks row (unchanged from rev 1)
code = DOT-BIRTH-ONBOARD-FULLSCAN-HCjurisdiction = NRM-LAW-35-V5P2(debt accepted)executor_type = functionexecutor_ref = fn_birth_onboarding_full_scan_hcthreshold_config = {"critical_threshold": 0}severity_on_fail = criticalis_active = true_dot_origin = dot-dot-healthcheck_kind,order_index— TBD pre-INSERT (read-only preflight).
system_health_checks_row_recommended = true
7. Dual-trigger model (NEW in rev 2)
7.1 Principle (NT7)
A critical health check MUST be reachable via two independent triggers:
- Trigger A — scheduled cron (background assurance).
- Trigger B — controlled on-demand (Council-invoked).
The system must never depend on cron alone. wait_for_cron_required = false.
7.2 Trigger A — Scheduled
0 3 * * * ... /opt/incomex/dot/bin/dot-dot-health --local ... >> /var/log/incomex/dot-health.log 2>&1
- Path: cron → dot-dot-health → dispatch_function → wrapper → scanner.
- Mutation mode: INTENTIONAL_WRITE (scanner emits
system_issues). - Unchanged by B3-F1c-g.
scheduled_trigger_defined = true
7.3 Trigger B — Controlled on-demand
Two variants:
7.3.1 B1 — Pre-wrapper scheduler-health validation
| Aspect | Value |
|---|---|
| Purpose | Prove dot-dot-health parser + precheck + generic-executor reach without waiting for 03:00 UTC. |
| Candidates | dot-dot-health --local --dry-run --verbose OR narrower --only-check=<SAFE_EXISTING_CHECK>. |
| Status of candidate flags | flags-to-be-discovered — source-time presence does NOT imply mutation-safety. |
| Static-proof prerequisite | Required: prove DRY_RUN=1 short-circuits fn_log_issue / system_issues writes; verify chosen --only-check target's branch under DRY_RUN; verify against patched file sha256. |
| If proof passes | Classification = READ_ONLY. Plan unblocked. |
| If proof fails / pending | B1 BLOCKED-pending-discovery. Do NOT invent flags. |
| PG analog | NONE — B1 validates the SCRIPT path; no PG SELECT covers parser/precheck. |
on_demand_pre_wrapper_validation_defined = true (plan defined; execution gated on static-proof artifact)
pre_wrapper_nonmutating_validation_defined = true
7.3.2 B2 — Post-wrapper birth full-scan invocation
| Aspect | Value |
|---|---|
| Purpose | Invoke the birth full-scan immediately after wrapper + row exist, without waiting for 03:00 UTC. |
| Current path | PG SELECT — SELECT public.fn_birth_onboarding_full_scan_hc('{}'::jsonb); (or scanner directly). |
| Future path | dot-dot-health --local --only-check=DOT-BIRTH-ONBOARD-FULLSCAN-HC --verbose — DOT enhancement, after --only-check safety proof. Not current. |
| Classification | INTENTIONAL_WRITE — scanner writes system_issues by design. |
| Authorization | Explicit GPT + user authorization per invocation, until standing authorization. |
| KB report | Required per invocation (timestamp, statement, rollup JSONB, system_issues delta). |
| Rollback | None. Scanner writes are append-only audit trail. |
on_demand_post_wrapper_validation_defined = true
post_wrapper_on_demand_trigger_defined = true
on_demand_trigger_defined = true
on_demand_pg_trigger_considered = true
on_demand_pg_trigger_classification = INTENTIONAL_WRITE
current_on_demand_trigger_path = PG_SELECT
manual_trigger_mutation_mode = INTENTIONAL_WRITE
7.4 Flags' discovery state
| Flag | Source-time presence | Runtime mutation-safety | Field |
|---|---|---|---|
--dry-run |
seen in pre-patch probe; presence in current file unconfirmed | NOT PROVEN | dot_dot_health_dry_run_supported = unknown |
--only-check |
seen in pre-patch probe; presence in current file unconfirmed | NOT PROVEN | dot_dot_health_only_check_supported = unknown |
--local / --cloud |
confirmed by B3-F1c-g V2/V6 | confirmed no-op | (not in candidates list) |
Static-proof artifact is a separate session deliverable.
7.5 No API endpoint introduced
Trigger B uses the existing PG path (Trigger B2) and existing DOT CLI (Trigger B1). No new Agent Data endpoint, no new Directus Flow, no API surface. Stays inside the existing law/domain.
8. Cron observation — diagnostic, not gate (rev 2 change)
- Retained as a diagnostic for Trigger A integrity.
- 7-step read-only sequence in design §8.2.
- PASS criteria in design §8.3.
- Does NOT prove
dispatch_functionend-to-end — that needs Trigger B2. - Does NOT block wrapper compile / row INSERT / Trigger B2 invocation.
cron_observation_still_supported = true
wait_for_cron_required = false
9. Jurisdiction debt — unchanged from rev 1
| Question | Answer |
|---|---|
Hardcode jurisdiction = NRM-LAW-35-V5P2 acceptable? |
YES, as temporary debt. |
| Why | dot-dot-health precheck hard-fails otherwise; script edit is wider blast radius than this row. |
| Debt symbol | B3-F1c-jurisdiction-decoupling-debt |
jurisdiction_debt_accepted = true
10. Constitutional compliance (NEW in rev 2)
| Tenet | Satisfied | Mechanism |
|---|---|---|
| NT7 — Dual-Trigger | YES | Trigger A (cron) + Trigger B (B1/B2 on-demand). §7. |
| NT2 — Self-Automation | YES | Trigger A fully automated; Trigger B's PG path runs through approved runner with mandatory KB report. Human grep is diagnostic, not the final mechanism. |
| NT5 — Self-Detection | YES | Scanner writes system_issues; health-check row + executor surface them. Manual observation only confirms. |
| NT12 — DOT Pair | YES | Primary scheduled engine (cron) + secondary on-demand engine (PG SELECT now; CLI --only-check future). |
nt7_dual_trigger_satisfied = true
nt2_self_automation_satisfied = true
nt5_self_detection_satisfied = true
nt12_dot_pair_satisfied = true
11. Updated sequence to declare B3-F complete
- GPT review of this dual-trigger-patched design (this rev).
- Static-proof artifact for B1 (
--dry-run/--only-checkmutation-safety) — separate session. - Wrapper SQL compile artifact + GPT review.
- Wrapper DDL execution.
system_health_checksINSERT (post §4 preflight in design).- Trigger B2 invocation #1 — PG SELECT, with KB execution report. INTENTIONAL_WRITE acknowledged.
- Cron observation #1 — diagnostic confirmation of Trigger A.
- B3-F1c-H complete.
Steps 6 and 7 are reorderable; cron observation no longer blocks.
Birth complete additionally requires post-ELD live verification or B3-MAINLINE-RESUME rerun.
12. What is explicitly NOT authorized by this design (rev 2)
- No PG mutation.
- No DDL (no
CREATE FUNCTION). - No DML (no
INSERT INTO system_health_checks). - No file change.
- No cron change.
- No wrapper creation.
- No manual
dot-dot-healthtrigger. - No
fn_birth_onboarding_full_scan()invocation. - No Trigger B1 invocation (gated on static-proof artifact).
- No Trigger B2 invocation (gated on wrapper + row + authorization + KB report plan).
- No Phase 5C2 resume.
- No UI cutover.
- No backfill of 280,854 rows.
- No
jsonb_profileindex creation. - No
dot_toolscleanup. - No DROP COLUMN / rollback.
13. Deliverables
| # | Path |
|---|---|
| 1 | knowledge/dev/laws/dieu44-trien-khai/design/p3d-birth-b2-contract-rev3-and-b3f1c-h-wrapper-integration-design.md (rev 2) |
| 2 | knowledge/dev/laws/dieu44-trien-khai/reports/p3d-birth-b2-contract-rev3-and-b3f1c-h-wrapper-integration-design-report.md (rev 2, this file) |
14. Hard-boundary attestation
| Boundary | Held |
|---|---|
| No PG mutation | YES |
| No DDL | YES |
| No DML | YES |
| No file change (other than these two deliverables) | YES |
| No cron change | YES |
| No wrapper creation | YES |
No system_health_checks INSERT |
YES |
No dot_tools mutation |
YES |
No manual dot-dot-health trigger |
YES |
No fn_birth_onboarding_full_scan invocation |
YES |
| No Phase 5C2 work | YES |
| No UI cutover | YES |
| Secrets disclosed | NONE |
15. Final fields
b2_contract_rev3_design_status=PASS
b3f1c_h_wrapper_design_status=PASS
wrapper_recommended=true
system_health_checks_row_recommended=true
jurisdiction_debt_accepted=true
b2_b3f1c_h_dual_trigger_patch_status=PASS
dual_trigger_required=true
scheduled_trigger_defined=true
on_demand_trigger_defined=true
on_demand_pre_wrapper_validation_defined=true
on_demand_post_wrapper_validation_defined=true
wait_for_cron_required=false
cron_observation_still_supported=true
pre_wrapper_nonmutating_validation_defined=true
post_wrapper_on_demand_trigger_defined=true
manual_trigger_mutation_mode=INTENTIONAL_WRITE
dot_dot_health_dry_run_supported=unknown
dot_dot_health_only_check_supported=unknown
on_demand_pg_trigger_considered=true
on_demand_pg_trigger_classification=INTENTIONAL_WRITE
current_on_demand_trigger_path=PG_SELECT
nt7_dual_trigger_satisfied=true
nt2_self_automation_satisfied=true
nt5_self_detection_satisfied=true
nt12_dot_pair_satisfied=true
execution_allowed=false
phase5c2_resume_allowed=false
ui_cutover_allowed=false
next_recommended_action=GPT_REVIEW_DUAL_TRIGGER_PATCH
P3D Birth — B2 Contract Rev3 + B3-F1c-H Wrapper / system_health_checks Integration Design Report (Rev2 — Dual-Trigger Patched) | 2026-05-14 | DESIGN ONLY