Opus Constitutional Audit — B3-F Designs — NT Violations Found
Opus Constitutional Audit — Recent B3-F Designs — NT Violations Found
Date: 2026-05-14 Auditor: Opus Scope: All B3-F1c designs (c through h) + B3-ELD + cron observation plan
Violations found: 4
V1. NT7 (DUAL-TRIGGER) — scheduler designs have only 1 trigger
Recent designs (B3-F1c-c through H) only designed the SCHEDULED trigger path (cron). No ON-DEMAND trigger was designed. NT7 requires: "Trigger chính + trigger phụ. 1 trigger = không test được."
Impact: Cannot verify or invoke full-scan on demand. Must wait for cron schedule.
Fix required: Add on-demand invocation path alongside scheduled path.
V2. NT2 (TỰ ĐỘNG 100%) — cron observation plan is manual
The cron observation plan (§5 of B3-F1c-H design) requires a human to SSH, grep logs, and read results. NT2: "Máy thực hiện. Làm tay = thiết kế sai."
Impact: Verification depends on human action, not automatic detection.
Fix required: Post-patch verification should be automatic (e.g., a self-check within dot-dot-health, or a separate DOT that verifies cron health).
V3. NT5 (TỰ PHÁT HIỆN, TỰ SỬA) — "wait for natural cron" relies on human
"Chờ cron tự nhiên rồi read-only observe" = waiting for humans to notice. NT5: "Hệ thống biết khi sai. Không chờ con người."
Impact: If cron fails silently, nobody knows until someone manually checks.
Fix required: Automatic alerting or self-check mechanism.
V4. NT12 (DOT THEO CẶP) — full-scan has only scheduled path
NT12: "Động cơ phụ scope cố định = vi phạm NT2." The full-scan function (động cơ phụ for birth system) can only be triggered via scheduled cron. No on-demand trigger = scope is fixed to schedule = violates NT12's anti-fixed-scope clause.
Impact: Cannot respond to ad-hoc governance needs.
Fix required: Dual-trigger design: schedule + on-demand.
Designs that DO NOT violate:
| Design | Status | Why |
|---|---|---|
| B3-ELD (3 columns) | ✅ CLEAN | PG-native, self-expanding, no hardcode |
| B3-F1c-g patch | ✅ CLEAN | Bug fix, no logic change |
| Wrapper function design | ✅ CLEAN | PG-native, threshold configurable |
| system_health_checks row design | ✅ CLEAN | Table-driven, no hardcode |
Recommendation
All future B3-F designs must include dual-trigger from the start. The wrapper + system_health_checks row design (B3-F1c-H) should be extended to include an on-demand invocation path before execution.
constitutional_audit_status=VIOLATIONS_FOUND
nt7_dual_trigger_violation=true
nt2_manual_observation_violation=true
nt5_wait_for_human_violation=true
nt12_fixed_scope_violation=true
designs_requiring_remediation=B3-F1c-H_wrapper_and_observation_plan
designs_clean=B3-ELD, B3-F1c-g_patch, wrapper_function_sql, system_health_checks_row
Opus Constitutional Audit | B3-F Designs | 2026-05-14