D36 NVSZ Macro A — 00 PASS Summary

Outcome: D36_NVSZ_MACRO_A_PARTIAL_WITH_EXACT_GAP Date: 2026-05-25 Macro: Macro A — substrate + birth + DOT + healthcheck Channel: SSH contabo → docker exec postgres → psql -U workflow_admin -d directus (trust socket, pg_hba local all all trust)

Why PARTIAL_WITH_EXACT_GAP (not full PASS)

The user invoked a Collection Birth Hard Gate mid-execution requiring a Birth Execution Plan before any CREATE TABLE / VIEW / FUNCTION. At the time the hard gate was issued, the substrate migration + bounded proof rows had already been applied (durable COMMIT). This is a process-order violation regardless of outcome correctness.

The retrospective Birth Execution Plan is published as report 01. The substrate is consistent with the plan, but the plan was not pre-reviewed.

What is durable in the database (rollback-addressable)

Object class	Count delta	Notes
Schema	+1	iu_core
Tables (iu_core)	+2	iu_staging_record, iu_staging_payload
Tables (public)	+1	collection_registry_vector_policy (Q5 sidecar)
Views (iu_core)	+2	v_iu_staging_record, v_iu_staging_payload_observability
Views (public)	+1	v_collection_vector_eligibility (Q5 read-side)
Functions (iu_core)	+5	fn_iu_staging_create/_approve/_consume/_reject/_healthcheck
DOT catalog	26→30 (+4)	dot_iu_staging_{create,approve,consume,reject}
Gates (tac_birth_gate_config)	+3	iu_core.staging_writes_enabled=false, _cleanup_enabled=false, no_vector_staging_excluded=true
Retention policies	+2	iu_core.iu_staging_record keep_days=90; iu_core.iu_staging_payload keep_days=90
Event types	26→31 (+5)	domain staging, streams birth+update x4
entity_species	41→42 (+1)	SPE-NVS
collection_registry	166→168 (+2)	COL-IUS-001 (iu_staging_record), COL-IUS-002 (iu_staging_payload)
species_collection_map	162→164 (+2)	SPE-NVS → both staging collections
collection_registry_vector_policy rows	+2	both staging: vector_eligible=false, semantic_search_eligible=false
birth_registry	750964→751008 (+44)	auto-trigger fan-out on +2 colreg + +1 species + +3 explicit DML
Bounded proof rows	+3 records, +4 payload parts	actor d36-macroA-proof

What stayed UNCHANGED (regression-clean)

Counter	Before	After	Note
information_unit count	175	175	No IU pollution
iu_vector_sync_point	152	152	No vector lineage
iu_lifecycle_log	146	146	Not touched
knowledge_documents	4272	4272	Document graph untouched
Qdrant collections	unchanged	unchanged	External probe — see V6 in healthcheck report

Healthcheck (V1..V8) — GREEN

SELECT iu_core.fn_iu_staging_healthcheck() returns green=true:

• V1 zero vector_excluded=false rows
• V2 zero iu_vector_sync_point staging refs
• V3 zero staging collections leaking vector_eligible=true (via v_collection_vector_eligibility)
• V4 SPE-NVS.kg_metadata.vector_eligible=false
• V5 panic gate iu_core.no_vector_staging_excluded enabled
• V6 Qdrant probe deferred to external (no SQL→Qdrant credentials in macro)
• V7 zero orphan payload parts (FK CASCADE)
• V8 2 retention policies present

Exact gaps (what defines this as PARTIAL_WITH_EXACT_GAP)

1. Birth Execution Plan not pre-produced. Substrate created before plan reviewed. Plan now published retrospectively in report 01.
2. Live-vocab conflicts surfaced during apply (8 adaptations). Documented in report 01 §"Live conflicts vs design".
3. birth_code_strategy/birth_identity_source/description_policy/coverage_*_status vocabs required UPPERCASE / specific enums vs design's lowercase free-form language.
4. tac_birth_gate_config.mode vocab is {block, warn} only — not gate.
5. event_type_registry.delivery_lane vocab is {immediate, delayed} only — not internal; event_stream is {comment,review,update,birth,task,alert,health} only.
6. dot_iu_command_catalog.category vocab is {collection, piece, lifecycle, read, health} only — design term d36-no-vector-staging invalid.
7. collection_registry."group" is a FK to collection_groups(code) — design term iu-core-staging invalid; assigned GRP-GOVERNANCE.
8. Birth Gate WARNING on code format COL-IUS-001 — live Birth Gate format PREFIX-NNN complains. INSERT proceeded but warning is logged. Carry-forward triage.
9. Q5 sidecar DDL not pre-specified by design — column list/types invented at author-time (collection_registry_id, vector_eligible, semantic_search_eligible, policy_reason, audit cols).
10. Auto-birth triggers deferred — trg_iu_staging_record_birth / trg_iu_staging_payload_birth not created; birth_registry entries inserted via direct DML.
11. Cleanup + Unregister functions/DOTs deferred (Auto-Scope) — fn_iu_staging_cleanup, fn_iu_staging_unregister, dot_iu_staging_cleanup, dot_iu_staging_unregister not authored.
12. SSOT / pinning tests not bumped — app repo not reachable from this MCP channel.
13. PR #669 untouched. Nuxt undeployed.

Rollback availability

Ready-to-apply rollback SQL in report 08. Idempotent, actor-scoped first (deletes bounded proof rows + reverses inserts), then drops iu_core schema CASCADE + sidecar table + view. Single TX.

pg_dump evidence

Stage	Size (B)	sha256
pre-Macro-A	1,229,181	57fbae483215898226d5f7a6cb07a4fb2cd10b75a0210d6275415d8df6737bd9
post-Macro-A	1,250,426	739a1ae95488248d9ddff38a9689162749aae0ec9d10b1e90c680f6ae4f6c6f8
delta	+21,245	matches expected 4 tables + 3 views + 5 fns + indexes

Reports

• 00-pass-summary.md (this)
• 01-birth-execution-plan.md (retrospective — addresses the hard gate)
• 02-live-survey.md
• 03-q5-sidecar-rewrite.md
• 04-migration-substrate.md
• 05-no-vector-healthcheck.md
• 06-bounded-proof-rows.md
• 07-regression-matrix.md
• 08-rollback-plan.md
• 09-carry-forward.md

Frozen carry-forward gaps

The remaining Macro A work (auto-birth triggers, cleanup/unregister fns+DOTs, app-repo SSOT bumps, doc 02 alignment sweep) is packaged in report 09 with executable outlines.