P3D — Birth Mainline Resume — Completeness Verification Report

Date: 2026-05-14 Author: Opus (Claude Code, READ-ONLY) Mode: READ-ONLY VERIFICATION + DESIGN REPORT Hard boundaries observed: no PG mutation, no DDL, no DML, no cron/script/wrapper change, no sourcing of dot-dot-health, no full_scan invocation. Secrets redacted from all evidence.

1. Executive summary

Birth system completion is substantially advanced but not complete. The trigger layer, species mapping, soft gate, and full-scan function are all LIVE in PG. The Entity Living DB / enrichment-metadata layer remains essentially CONCEPT_ONLY at the birth_registry table — none of the 6 design-named enrichment columns (canonical_address, owner, jsonb_profile, identity_profile, description_policy) are present on birth_registry. Relationship support tables exist but population/usage is not verified here. The scheduler blocker for dot-dot-health --local is confirmed live and remains the single immediate execution-path blocker for B3-F automation closure.

birth_complete_allowed=false. phase5c2_resume_allowed=false. Next recommended action: B3-F1c-g scheduler repair design (not execution), in parallel with Entity Living DB metadata column scoping.

2. Evidence sources used

Source tag	Description
LIVE_PG	`ssh root@38.242.240.89` + `docker exec postgres psql -U directus -d directus -At -c "<SELECT>"`. PG access via container env (POSTGRES_USER=directus, POSTGRES_DB=directus).
LIVE_FILE_READ	SSH static read of `/opt/incomex/dot/bin/dot-dot-health` and `crontab -l`
KB_REPORT	Agent Data MCP `batch_read` / `search_knowledge`
DESIGN_DOC	Agent Data KB docs under `knowledge/dev/laws/dieu44-trien-khai/design/`
INFERENCE	Reasoning combining the above

KB documents successfully read (with .md suffix required — original paths in prompt failed without it):

design: p3d-birth-system-completion-architecture-design.md (v3), p3d-birth-system-completion-roadmap.md (v2), p3d-birth-system-b2-contract-design.md (rev2)
reports: p3d-birth-system-b3p-policy-population-execution-report.md, p3d-birth-system-b3f1b-soft-gate-execution-report.md, p3d-birth-system-b3f1c-f-dot-dot-health-hardcode-autoscale-audit-report.md
reviews: gpt-status-p3d-birth-system-return-to-mainline-2026-05-14.md, gpt-review-b3f1c-f-audit-results-partial-scheduler-repair-first-2026-05-14.md

KB documents requested but NOT found by direct ID (resolved by list_documents + suffix .md):

p3d-birth-system-completion-readonly-inventory-report — exists with .md; partial content read; full content available
p3d-birth-coverage-classification-report — exists with .md
p3d-birth-system-b3a4-post-install-health-check-report — exists with .md
p3d-birth-system-b3f0-onboarding-gate-dryrun-rerun-after-b3f0a-report — exists with .md
p3d-birth-system-b3f1c-b-full-scan-function-execution-report — not located by either form within search-knowledge top-5; marked UNKNOWN for B3-F1c-b dedicated report, but B3-F1c-b live state was verified directly via pg_proc.

3. Live PG verification results

All queries SELECT-only against directus.public.

3.1 birth_registry schema (LIVE_PG)

19 columns total:

id, sort, user_created, date_created, user_updated, date_updated,
entity_code, collection_name, species_code, composition_level, dot_origin, born_at,
governance_role, inspect_pen, inspect_stamp, inspect_gate, certified, certified_at, status

3.2 Entity Living DB columns on birth_registry (LIVE_PG)

Query for 6 columns (canonical_address, owner, jsonb_profile, identity_profile, governance_role, description_policy) — only governance_role present. All others ABSENT on birth_registry.

description_policy lives on collection_registry (not birth_registry); it is fully populated there (NULL/empty count = 0). canonical_address, owner, jsonb_profile, identity_profile are absent on both tables (not introduced anywhere in current schema).

3.3 Species mapping (LIVE_PG)

species_collection_map: 162 rows, 161 distinct collections mapped.
BIRTH_REQUIRED ∩ IN_SCOPE collections without species mapping: 0.
Coverage by status / mapping presence:

coverage_status	count	with_species
BIRTH_REQUIRED	72	72
BIRTH_EXEMPT_STRUCTURAL_JUNCTION	20	20
BIRTH_EXEMPT_SYSTEM_LOG_OR_AUDIT	12	9
BIRTH_EXEMPT_DERIVED_CACHE	4	4
BIRTH_DEFERRED_NEEDS_REVIEW	3	2

(IN_SCOPE total = 111; matches B3-P snapshot adjusted by post-population governance edits — see §4 mismatch.)

3.4 Relationship support tables (LIVE_PG)

All 7 candidates present in public:

entity_dependencies, entity_labels, governance_relations, normative_relations,
pivot_definitions, species_collection_map, universal_edges

3.5 Birth trigger coverage by function (LIVE_PG)

function	trigger_count	distinct_tables
`fn_birth_registry_auto`	166	148
`fn_birth_registry_auto_id`	3	3

BIRTH_REQUIRED ∩ IN_SCOPE collections with NO accepted birth trigger: 0.
Tables with >1 birth trigger (duplicate pairs): 18. Examples observed: system_issues, table_registry, tasks, taxonomy, taxonomy_facets, ui_pages, workflow_change_requests, workflow_steps, workflows.

3.6 B3-F live objects (LIVE_PG via pg_proc / pg_trigger)

object	count
`fn_collection_onboarding_soft_gate()`	1
`trg_collection_onboarding_soft_gate` on `collection_registry`	1
`fn_birth_onboarding_full_scan()`	1
`fn_b3f1_log_collection_onboarding_gap(text,text,text,text)`	1

3.7 dot-dot-health scheduler blocker (LIVE_FILE_READ + LIVE_PG)

crontab -l (root) line: 0 3 * * * ... /opt/incomex/dot/bin/dot-dot-health --local >> /var/log/incomex/dot-health.log 2>&1.
Static grep of /opt/incomex/dot/bin/dot-dot-health:
- Line 164: parse_args() defined.
- Line 175: log_err "Unknown option: $1" in catch-all *) branch — --local still unsupported.
- Line 538: parse_args "$@".
Did NOT execute or source the script. Conclusion: scheduler blocker PERSISTS.
Incident rows id 38781..38787 (codes ISS-37262..ISS-37268, severity=warning) confirmed still present in public.system_issues. None deleted.

Several other DOT scripts (dot-collection-health, dot-dot-coverage, dot-apr-execute, dot-apr-health, etc.) all use --local in cron — broader convention. Whether they support the flag is out of scope here.

4. KB-vs-live mismatches

#	KB (snapshot)	Live (2026-05-14)	Reconciliation
1	B3-P (2026-05-12): `BIRTH_REQUIRED=73`, `EXEMPT_SYSTEM_LOG_OR_AUDIT=11`	72 / 12	One BIRTH_REQUIRED row moved to EXEMPT_SYSTEM_LOG_OR_AUDIT between 2026-05-12 and 2026-05-14. Drift expected (`coverage_decided_by` predicate allows manual overrides). LIVE wins.
2	B3-P: `DEFERRED IN_SCOPE=3` with 0 species	3 with 2 species	Two of 3 deferred IN_SCOPE rows now have species mappings (a B3-A1a/b backfill side-effect). LIVE wins.
3	Inventory (2026-05-12): `birth_trigger_coverage_in_sample = 3/12`	`fn_birth_registry_auto` on 148 distinct tables	Inventory was a small sample. Full live count confirms broad coverage. LIVE wins.
4	Inventory (2026-05-12): `canonical_address_coverage = 1/12 (information_unit only)`	Column not present on `birth_registry`; verified absent on `collection_registry`.	The inventory measured coverage on `information_unit` and other physical tables — not on `birth_registry`. Confirms Entity Living DB columns live on per-collection tables (where they exist) rather than centrally on `birth_registry`. Design v3 expected this; classified as Entity Living DB PARTIAL/CONCEPT_ONLY at the registry layer.

live_pg_mismatch_with_kb=true (drift confirmed and explained).

5. Six layers status

The six composition layers (atom → molecule → tissue → organ → system → organism) are referenced in design v3 §§F-H but per-layer count / placement on birth_registry was not directly probed in scope. The composition_level column exists on birth_registry (verified §3.1). Population by layer was not enumerated this run (no aggregate GROUP BY composition_level was executed beyond verification that the column exists). Marking PARTIAL — column exists, semantic enforcement via species_code, but no live verification of per-layer coverage today.

six_layers_status=PARTIAL

6. Species / loài status

species_collection_map: 162 rows / 161 collections (LIVE_PG §3.3).
BIRTH_REQUIRED ∩ IN_SCOPE: 72/72 covered (100%).
Earlier B3-A1a/B3-A1b backfills closed the gap to zero.
The DEFERRED IN_SCOPE bucket has 1 row without species — acceptable (deferred status).

species_mapping_status=COMPLETE for BIRTH_REQUIRED scope.

7. Entity Living DB status

Design v3 §F + §G (Lo + Lớp, Multidimensional model) and B2 §2-§3 require:

canonical_address — ABSENT (birth_registry.canonical_address not found)
owner resolution — ABSENT (birth_registry.owner not found; B2 contract notes "owner ABSENT", explicit gap)
jsonb_profile — ABSENT on birth_registry
identity_profile — ABSENT on birth_registry
description_policy — present on collection_registry, NULL/empty count = 0 (COMPLETE at registry-row level)
governance_role — present on birth_registry

The B3-P policy field set (coverage_status, coverage_scope_status, coverage_exemption_reason, coverage_review_owner) is fully populated on collection_registry (166/166 rows).

Verdict: PARTIAL. Governance/policy fields are populated at the collection_registry level. Entity-instance enrichment columns (canonical_address, owner, jsonb_profile, identity_profile) are not in the schema — the design intent ("birth = bia hồ sơ, mã hồ sơ, các mục trống") is realized only as far as the registry row + species_code + composition_level + dot_origin. The "mục trống" (empty slots) for downstream enrichment have not been added as columns.

entity_living_db_status=PARTIAL (closer to CONCEPT_ONLY for instance-level enrichment columns).

8. Relationship hooks status (8 rules — design v3 §I)

#	Rule	Required at birth?	Placeholder?	Live PG support	Derived later?	Downstream owner
1	IDENTITY	YES (REQUIRED_AT_BIRTH)	Registry row	`birth_registry.entity_code` ✅	n/a	birth engine
2	BELONGS_TO	HOOK	FK M2O	FK introspection live (no birth-time materialization column)	partly derived	enrichment
3	CONTAINS	HOOK	Reverse FK	FK introspection live	derived	enrichment
4	DEPENDS_ON	HOOK	source side	`entity_dependencies` table EXISTS — population not verified	filling separate	enrichment
5	USED_BY	HOOK	target side	`entity_dependencies` table EXISTS	filling separate	enrichment
6	TRANSITIVE	ENRICHED_LATER	BFS on graph	`universal_edges` table EXISTS	yes	Pivot/graph
7	PEERS	DERIVED_BY_PIVOT	classification query	`species_collection_map` LIVE; Pivot defs table EXISTS	yes	Pivot
8	SIMILAR	ENRICHED_LATER	Qdrant vector	NOT in PG (external)	yes	vector pipeline

Tables exist; population/usage hooks not verified this run. No birth_registry-side columns enforce or hint at these 8 hooks at birth time (other than IDENTITY via entity_code).

relationship_hooks_status=PARTIAL

9. Enrichment placeholders status

Placeholder	Status	Evidence
Vector / Qdrant	DEFERRED, external	INFERENCE — not in PG schema
Pivot / facet / classification	PARTIAL — `pivot_definitions`, `pivot_results`, `taxonomy_facets`, `taxonomy_matrix` tables exist (LIVE_PG)	LIVE_PG
Peers	DERIVED (no column)	INFERENCE
Similar	DEFERRED	INFERENCE
Transitive	DEFERRED	INFERENCE
description_policy	COMPLETE at collection level (NULL/empty=0); UNKNOWN at instance-level distribution	LIVE_PG
canonical_address	ABSENT — column not created anywhere	LIVE_PG
owner resolution	ABSENT — no `owner` column on `birth_registry` or `collection_registry` per schema scan	LIVE_PG / KB_REPORT (B2 §3 notes ABSENT)

enrichment_placeholders_status=PARTIAL (a few infra tables exist; key instance-level columns absent).

10. B3-F automation status

Step	Status	Evidence
Soft gate function + trigger on `collection_registry`	LIVE	LIVE_PG §3.6
Full-scan function `fn_birth_onboarding_full_scan`	LIVE	LIVE_PG §3.6
Wrapper + `system_health_checks` row	NOT INSTALLED	KB_REPORT (B3-F1c-f); blocked by audit incident
Scheduler integration via `dot-dot-health`	BROKEN	LIVE_FILE_READ §3.7 — `--local` not parsed, cron exits 2 daily
B3-F1c-g scheduler repair design	NOT YET DRAFTED	KB_REPORT (GPT review 2026-05-14)

b3f_automation_status=PARTIAL (closer to BLOCKED for automation closure; PG primitives are LIVE).

scheduler_repair_required=true. b3f_complete_allowed=false.

11. Blocker classification

#	Item	Classification	Evidence
1	`dot-dot-health` scheduler broken by `--local`	REQUIRED_BEFORE_5C2 (operational closure of B3-F) — also a BIRTH_COMPLETE blocker if "complete" includes automated detection	LIVE §3.7
2	Hardcoded jurisdiction `NRM-LAW-35-V5P2`	TECH_DEBT_AFTER_BIRTH_COMPLETE (governance debt; not a runtime blocker)	KB §3.2 of B3-F1c-f report
3	Entity Living DB gaps (`canonical_address`, `owner`, `jsonb_profile`, `identity_profile`)	BLOCKER_FOR_BIRTH_COMPLETE (the "mục trống" — empty slots — that birth must seed)	LIVE §3.2, KB B2 §2-§3
4	`canonical_address` coverage	BLOCKER_FOR_BIRTH_COMPLETE (column does not exist; coverage = 0)	LIVE §3.2
5	`jsonb_profile` coverage	BLOCKER_FOR_BIRTH_COMPLETE	LIVE §3.2
6	`owner` resolution gap	BLOCKER_FOR_BIRTH_COMPLETE (per B2 §3)	KB
7	`description_policy` unclassified rows	RESOLVED (NULL/empty = 0 on `collection_registry`)	LIVE — was an open item; now closed at collection-row level
8	Duplicate trigger pairs (18 tables)	TECH_DEBT_AFTER_BIRTH_COMPLETE	LIVE §3.5
9	`dot_tools` registry drift (5 items + 1 row mismatch)	TECH_DEBT_AFTER_BIRTH_COMPLETE	KB B3-F1c-f
10	Wrapper + `system_health_checks` row not yet installed	REQUIRED_BEFORE_5C2 (B3-F closure)	KB
11	7 accidental `system_issues` rows (38781..38787) from B3-F1c-f audit	TECH_DEBT_AFTER_BIRTH_COMPLETE (genuine findings; GPT directs no deletion)	LIVE_PG confirmed

Counts:

blocker_for_birth_complete_count=4 (items 3, 4, 5, 6 — overlapping Entity Living DB columns)
required_before_5c2_count=2 (items 1, 10)
tech_debt_after_birth_complete_count=4 (items 2, 8, 9, 11)
deferred_enrichment_count=3 (vector/similar, transitive, peers — see §9)

12. Recommended next work order

Option A — B3-F1c-g scheduler repair design (NOT execution).

Rationale:

GPT review of 2026-05-14 explicitly directs next_recommended_action=OPUS_DRAFT_B3F1C_G_DOT_DOT_HEALTH_SCHEDULER_REPAIR_DESIGN.
B3-F automation cannot close without it. While B3-F automation closure is technically REQUIRED_BEFORE_5C2 (not strictly REQUIRED_FOR_BIRTH_COMPLETE), it is the smallest-scope and lowest-risk next step, and unblocks both wrapper + the 7-row incident cleanup conversation.
Option B (Entity Living DB metadata completion) is the larger blocker for true birth-complete claim, but should be a parallel design track — not the very next action, because it requires new B-phase contract revisions (B2 rev3 or B7).

Therefore primary recommendation: A (B3-F1c-g design). Parallel secondary: scoping note for B (Entity Living DB column DDL design).

NOT recommended: G (Phase 5C2 resume) — phase5c2_resume_allowed=false.

13. Final fields (machine-readable)

birth_mainline_resume_review_status=PARTIAL
live_pg_verified=true
live_pg_mismatch_with_kb=true
birth_registry_schema_verified=true
trigger_coverage_verified_live=true
b3f_live_objects_verified=true
dot_dot_health_blocker_verified_live=true
live_evidence_used=true
kb_reports_used=true

six_layers_status=PARTIAL
species_mapping_status=COMPLETE
entity_living_db_status=PARTIAL
relationship_hooks_status=PARTIAL
enrichment_placeholders_status=PARTIAL
b3f_automation_status=PARTIAL

scheduler_repair_required=true
birth_complete_allowed=false
phase5c2_resume_allowed=false

blocker_for_birth_complete_count=4
required_before_5c2_count=2
tech_debt_after_birth_complete_count=4
deferred_enrichment_count=3

next_recommended_action=DRAFT_B3F1C_G_DOT_DOT_HEALTH_SCHEDULER_REPAIR_DESIGN_AND_PARALLEL_ENTITY_LIVING_DB_COLUMN_SCOPING_NOTE
secrets_redacted=true
report_doc_id=knowledge/dev/laws/dieu44-trien-khai/reports/p3d-birth-mainline-resume-completeness-verification-report.md
design_doc_id=none

B3-MAINLINE-RESUME | READ-ONLY VERIFICATION | Opus | 2026-05-14