KB-19F1

P3D — Birth System B3-F0 Onboarding Gate Dry-Run — Report

8 min read Revision 1

p3dbirth-systemb3fb3f0onboarding-gatedryrunreport

P3D — Birth System B3-F0 Onboarding Gate Dry-Run — Report

Date: 2026-05-12 Mode: READ-ONLY. Zero writes. Zero enforcement. Source prompt: knowledge/dev/laws/dieu44-trien-khai/prompts/p3d-birth-system-b3f-onboarding-gate-dryrun-prompt-DRAFT.md (rev 15 / latest) Database: PostgreSQL 16.13 (directus DB, public schema, VPS 38.242.240.89 container postgres)

Phase 0 — Environment + DB discovery

Item	Value
DB	`directus` (PostgreSQL 16.13)
Schema resolved	`public`
`collection_registry` rows	166
`dot_config` table exists	YES (columns: `key`, `value`, `description`, `updated_at`)
`species_collection_map` table exists	YES

Phase 1 — Function OID resolution

Resolved live from pg_proc:

Function name	OID	Schema
`fn_birth_registry_auto` (contract)	39232	public
`fn_birth_registry_auto_id` (sibling)	66750	public

Both critical catalog objects resolved. No BLOCKED state.

All subsequent trigger checks validate by OID, not by trigger name.

Phase 2 — Approved sibling scope policy

Query:

SELECT key, value FROM dot_config
 WHERE key = 'policy.birth_trigger.accepted_sibling_scope';

Result: 0 rows.

sibling_policy_in_pg = false
SIBLING_POLICY_NOT_IN_PG reported as WARN gap.
sibling_policy_fallback_used = true
sibling_policy_materialization_required = true

Fallback expected snapshot (dry-run comparison only; not authoritative policy):

[
  {
    "function": "fn_birth_registry_auto_id",
    "collections": ["governance_relations", "law_dot_enforcement", "law_jurisdiction"]
  }
]

Hardcoded list is not treated as policy. Sibling-policy governance is not marked fully compliant.

Phase 3 — Full governed collection scan (166 rows)

Coverage × scope matrix

coverage_status	coverage_scope_status	n
BIRTH_DEFERRED_NEEDS_REVIEW	FUTURE_SCOPE	17
BIRTH_DEFERRED_NEEDS_REVIEW	IN_SCOPE	3
BIRTH_DEFERRED_NEEDS_REVIEW	ORPHAN_REGISTRY	7
BIRTH_DEFERRED_NEEDS_REVIEW	USER_EXCLUDED	31
BIRTH_EXEMPT_DERIVED_CACHE	IN_SCOPE	4
BIRTH_EXEMPT_STRUCTURAL_JUNCTION	IN_SCOPE	20
BIRTH_EXEMPT_SYSTEM_LOG_OR_AUDIT	IN_SCOPE	12
BIRTH_REQUIRED	IN_SCOPE	72
Total		166

3A. Coverage policy gaps

Check	Count
`MISSING_COVERAGE_POLICY` (CRITICAL) — coverage_status NULL	0
`MISSING_SCOPE_POLICY` (WARN) — scope NULL where status NOT NULL	0
`UNCLASSIFIED_COVERAGE_POLICY` (WARN) — coverage_status='UNCLASSIFIED_NEW'	0
`DEFERRED_WITHOUT_OWNER` (WARN)	0
`SCOPE_MISMATCH` (WARN) — BIRTH_REQUIRED ∧ scope ≠ IN_SCOPE	0

3B. Physical table check (BIRTH_REQUIRED ∩ IN_SCOPE = 72)

Check	Count
`MISSING_TABLE` (CRITICAL)	0

3C. Species mapping check (BIRTH_REQUIRED ∩ IN_SCOPE = 72)

Check	Count
`MISSING_SPECIES` (CRITICAL) — no `species_collection_map` row	0

3D. Birth trigger check (BIRTH_REQUIRED ∩ IN_SCOPE = 72)

Triggers using birth functions (live by OID):

Function	Triggers	Distinct tables
`fn_birth_registry_auto` (OID 39232)	166	148
`fn_birth_registry_auto_id` (OID 66750)	3	3

Sibling-trigger tables (OID 66750):

governance_relations
law_dot_enforcement
law_jurisdiction

These match the GPT-approved snapshot exactly.

Check	Count
`MISSING_TRIGGER` (CRITICAL)	0
`OUT_OF_SCOPE_SIBLING` (CRITICAL)	0
`WIRED_CONTRACT` (OK)	69
`WIRED_SIBLING` (OK, approved scope)	3

3E. `birth_registry` recursion exemption

Field	Value
`birth_registry` has birth trigger (contract or sibling)	false
coverage_status	`BIRTH_EXEMPT_SYSTEM_LOG_OR_AUDIT`
coverage_exemption_reason	`SYSTEM_MANAGED: self-referential birth system table — recursive trigger risk`
`BIRTH_REGISTRY_RECURSIVE_RISK` (CRITICAL)	0

3F. Exempt validation

Check	Count
`EXEMPT_WITHOUT_REASON` (WARN)	0

Phase 4 — Summary statistics

total_governed                       = 166
total_compliant                      = 166
total_critical_gaps                  = 0
total_warn_gaps                      = 1   (SIBLING_POLICY_NOT_IN_PG, system-level)

# Per-collection criticals
missing_coverage_policy_count        = 0
missing_scope_policy_count           = 0
missing_physical_table_count         = 0
missing_species_mapping_count        = 0
missing_birth_trigger_count          = 0
out_of_scope_sibling_count           = 0
birth_registry_recursive_risk        = false

# Per-collection warnings
unclassified_coverage_policy_count   = 0
deferred_without_owner_count         = 0
exempt_without_reason_count          = 0
scope_mismatch_count                 = 0

# Sibling policy posture
sibling_policy_in_pg                 = false
sibling_policy_fallback_used         = true
sibling_policy_materialization_required = true

# Informational only (not classified / not cleaned in B3-F0)
description_policy_unclassified_count = 147
duplicate_trigger_pair_count          = 18

Informational — `description_policy` value distribution (live data, no classification by this dry-run)

description_policy	n
`unclassified`	147
`required_detailed`	12
`structured_exempt`	7

Informational — B3-A-DUP duplicate trigger pairs (read-only observation, not cleaned)

18 tables each carry two triggers bound to fn_birth_registry_auto, named birth_trigger_<table> and trg_birth_<table>:

agents, checkpoint_sets, checkpoint_types, collection_registry, dot_tools,
entity_dependencies, entity_species, meta_catalog, modules, system_issues,
table_registry, tasks, taxonomy, taxonomy_facets, ui_pages,
workflow_change_requests, workflow_steps, workflows

Both triggers reference the same contract function OID; duplication is name-level only and does not create a sibling-policy violation. Cleanup deferred to B3-A-DUP scope (not B3-F0).

Phase 5 — Detailed gap list

#	Scope	Gap type	Severity	Subject	Current values	Recommended action
1	System (sibling policy)	`SIBLING_POLICY_NOT_IN_PG`	WARN	`dot_config` key `policy.birth_trigger.accepted_sibling_scope`	row count = 0	Materialize approved sibling-scope policy into `dot_config` before B3-F1 enforcement. Fallback snapshot used for this dry-run only.

No per-collection critical or warn gaps were detected.

Hard-boundary attestation

No INSERT / UPDATE / DELETE / DDL issued.
No trigger / function / policy / species mutation.
No system_issues or system_health_checks rows created.
No Phase 5C2 step executed. No UI cutover.
All trigger validation was performed by function OID (39232, 66750), not by trigger name.
Hardcoded sibling list treated as fallback snapshot only, never as authoritative policy.

no_mutation_performed = true

Recommended next action

GPT_REVIEW_B3F0_DRYRUN — review this report and decide whether to:

Materialize policy.birth_trigger.accepted_sibling_scope into dot_config (clears the only WARN gap), then proceed to B3-F1; and/or
Schedule B3-A-DUP cleanup of the 18 duplicate name-pair contract triggers; and/or
Schedule description_policy classification pass for the 147 unclassified rows.

B3-F0 Dry-Run | Read-only | 2026-05-12 | Source prompt rev 15

P3D — Birth System B3-F0 Onboarding Gate Dry-Run — Report

Phase 0 — Environment + DB discovery

Phase 1 — Function OID resolution

Phase 2 — Approved sibling scope policy

Phase 3 — Full governed collection scan (166 rows)

Coverage × scope matrix

3A. Coverage policy gaps

3B. Physical table check (BIRTH_REQUIRED ∩ IN_SCOPE = 72)

3C. Species mapping check (BIRTH_REQUIRED ∩ IN_SCOPE = 72)

3D. Birth trigger check (BIRTH_REQUIRED ∩ IN_SCOPE = 72)

3E. birth_registry recursion exemption

3F. Exempt validation

Phase 4 — Summary statistics

Informational — description_policy value distribution (live data, no classification by this dry-run)

Informational — B3-A-DUP duplicate trigger pairs (read-only observation, not cleaned)

Phase 5 — Detailed gap list

Hard-boundary attestation

Recommended next action

3E. `birth_registry` recursion exemption

Informational — `description_policy` value distribution (live data, no classification by this dry-run)