dot-iu-cutter v0.5 — Constitution source_document Seed: content_checksum Drift Triage

Phase: v0_5_constitution_source_document_seed_checksum_drift_triage · Nature: read_only_triage__no_seed_no_checksum_update_no_dml · Date: 2026-05-18 · single triage doc

http_method_used: GET only (read-only) x3 ; redirects: 0 ; mutation: none
source_mutated: false ; production_mutated: false ; directus_mutated: false
kb_mutated: false (except THIS single triage report upload) ; repo_mutated: false
dml: none ; seed: none ; checksum_persisted_or_updated: NONE ; dry_run/cut/verify: none
scratch: local /tmp temp files for hashing, deleted after measurement
decision_authority: GPT / User ONLY ; self_advance: PROHIBITED

1. Trigger / handoff received

Codex ran the separately-gated controlled execution of the v0.5 Constitution source_document+source_document_version atomic seed and was correctly BLOCKED at QG1 / STOP-E3 (checksum_drift_on_rerun). It stopped pre-apply → no backup, no DML, no rollback (none required). Catalog prechecks PASS. Reported divergence:

metric	ratified (B6-CLOSED)	Codex fresh fetch (canonical pipeline)
candidate_B norm_len	17791	17522 (−269)
candidate_B sha256	f9d22d05…d1689	176604…
status markers ✅/📋/📝/⛔	19/1/1/1	19/1/1/1 (unchanged)

Constraints honored this phase: no seed retry, no checksum update (a silent re-cut is forbidden), no DML. Task = diff triage of root cause only.

2. Method (read-only, precedent = cross-interval confirmation phase)

• 3× read-only GET https://vps.incomexsaigoncorp.vn/knowledge/dev/laws/constitution from the operator workstation (publicly reachable, HTTP 200, nginx/1.29.5, Nuxt, cache-control: no-cache, 0 redirects — same transport class as prior phases).
• Reconstructed the nuxt-incomex-portal-constitution-v1 pipeline from its prose spec (first <article>, drop <script>/<style>, N1..N9, candidate_A inclusive, candidate_B = "HIẾN PHÁP" → end CHANGELOG excl. backlink, CHANGELOG INCLUDED).
• Caveat (explicit): this is a prose reimplementation, not the canonical VPS implementation Codex ran. My absolute checksums are therefore not authoritative (mine: candidate_B = 17657 / 072983… — matches neither ratified nor Codex). Triage relies on relative geometry + structural inspection, which is robust to reimplementation nuance. The authoritative drift numbers remain Codex's.
• Scratch hashed in local /tmp, deleted after measurement; no checksum persisted.

3. Evidence

raw_fetch (forensic-only, per ratified classification):
  3 GETs: sha 3284acc8 / 3284acc8 / 10d95a35  -> UNSTABLE intra-session
  bytes ~1,206,586 vs prior-phase ~1,199,873  -> still the known harmless Nuxt band
  verdict: raw drift NOT the signal (consistent with B6-CLOSED finding)

span_geometry (decisive — locates the change):
  A_len - B_len  this fetch = 339   ; prior ratified A-B = 336   (+3 only)
  -> candidate_B span boundary (HIẾN PHÁP -> end CHANGELOG, excl backlink) is STABLE
  -> the change is INSIDE the shared authoritative body span, NOT in
     extraction / breadcrumb / backlink / span-boundary logic

direction agreement (two independent pipelines):
  Codex canonical : candidate_B SHORTER vs ratified (-269), markers 19/1/1/1
  this reimpl.    : candidate_B SHORTER vs ratified-equiv (-134), markers 19/1/1/1
  -> both agree: content SHORTENED, marker census EXACTLY preserved 19/1/1/1

source identity inspection (live page, this fetch):
  constitution version : v4.6.3 BAN HÀNH   (UNCHANGED)
  newest CHANGELOG row  : v4.6.3 = "S178 Fix 15 (2026-04-18) ..." (UNCHANGED;
                          no new version row; all prior version rows identical)
  KB article revision   : "KB-7294 rev 44" / "Revision 44" / "20 min read"
                          (Nuxt/Directus CMS doc-revision counter — page chrome,
                           sits BEFORE "HIẾN PHÁP" so EXCLUDED from candidate_B)
  -> a KB-article re-revision occurred; constitution normative version did NOT bump

4. Root-cause classification

classification: (A) REAL source content change
sub_type: LIVING-DOCUMENT KB-REVISION DRIFT
explanation: >
  The Constitution source is a living Nuxt/Directus KB article. It was re-revised
  (KB doc "Revision 44") producing a normalized-content delta INSIDE the HIẾN PHÁP
  -> CHANGELOG authoritative body span, while the constitution's NORMATIVE substance
  is UNCHANGED: same version v4.6.3 BAN HÀNH, identical CHANGELOG version rows, and
  an EXACTLY preserved status-marker census 19/1/1/1 (no enacted clause / 📋 / 📝 /
  ⛔ node added, removed, or re-classified). The edit therefore hit non-marker prose
  / wording / formatting, not an enacted clause's status structure.
NOT (B) normalization/pipeline instability:
  Codex canonical pipeline AND an independent reimplementation agree on direction,
  marker stability, and a stable A−B span geometry (+3). Not a parser regression.
NOT (C) fetch / transport / tool issue:
  3× HTTP 200, clean; raw drift is the known, ratified, harmless Nuxt-render band.

5. Impact on prior rulings

B6 (Nuxt parser / normalized checksum determinism): NOT invalidated.
  B6 proved the normalized pipeline is deterministic ACROSS FETCH INTERVALS for a
  FIXED KB revision (raw Nuxt render-noise absorbed). It did NOT — and could not —
  prove the KB article CONTENT is immutable across KB re-revisions. The drift now
  is on a DIFFERENT axis (KB-revision content edit), not the axis B6 closed.
Materialized risk: the long-flagged "living drift (Directus -> Nuxt)" risk from
  the fixture-ratification blockers (B-series) has now MATERIALIZED. The registered
  content_checksum identity is stable across fetches but NOT across KB re-revisions
  of a living source whose constitution-version field does not bump per KB edit.
Codex behavior: CORRECT. STOP-E3 fired exactly as designed
  ("re-fetched content_checksum != stored -> STOP, propose NEW version row;
   never silent re-cut"). No remediation was auto-applied. Fail-closed held.

6. Decision required (GPT / User — sovereign; NOT decided here)

The operational framing's E3 path says: on drift → propose a NEW version row + route to review; never silent re-cut. The choice of how is sovereign:

OPT-1 re-ratify new canonical version:
  treat KB "rev 44" as a new source_document_version (new normalized
  content_checksum + provenance), re-run B6-style determinism on the NEW revision,
  re-author the seed against the NEW checksum. (Most aligned with E3 intent.)
OPT-2 pin to an immutable snapshot:
  register the source against a frozen snapshot/export (KB revision id pinned),
  decoupling the registered identity from live KB re-revisions.
OPT-3 version-model policy ruling:
  rule whether a KB-revision-only change (constitution version unchanged, markers
  unchanged) is a version-superseding event, and define the supersede/lineage rule
  (supersedes_version_id in provenance) before any re-seed.
forbidden_regardless: updating the stored/ratified checksum in place (silent
  re-cut), or retrying the seed against the old f9d22d05… checksum (will keep
  blocking by design).
recommendation (advisory only): OPT-1 gated behind a fresh B6-style cross-interval
  determinism re-confirmation ON THE NEW KB REVISION before any re-seed; plus an
  OPT-3 policy ruling so future KB re-revisions have a deterministic handling rule.

7. No-mutation statement

No source / production / Directus / repo mutation. No DML, no source_document / source_document_version INSERT, no checksum persisted or updated anywhere, no seed retry, no dry-run, no CUT, no VERIFY, no schema/GRANT/index change, no Directus/vector mutation, no deploy/restart, no git commit. Raw/normalized hashes computed in local /tmp scratch, deleted after measurement; no secrets recorded. Only KB mutation: this single triage report. (QG7)

8. Statement

• Same profile reproduced from spec (caveat: not canonical impl; absolute checksum non-authoritative — QG1); source grounded read-only ×3 (QG2); drift root-caused via span-geometry + marker census + source-identity inspection (QG3..QG5); enacted_only scope + Điều 44 deferral untouched (QG6); nothing executed, nothing persisted (QG4/QG7); report routes the sovereign decision (QG8).
• Single triage doc; STOP → route GPT/User. Self-advance PROHIBITED.

Companions: …seed-authoring-restart/ (5 docs), …nuxt-checksum-cross-interval-confirmation/ (3 docs).