D36 NVSZ Macro A — 05 No-Vector Healthcheck

Function

iu_core.fn_iu_staging_healthcheck() — STABLE, owned by workflow_admin, EXECUTE granted to directus + context_pack_readonly.

Post-apply result (after bounded proof rows)

{
  "green": true,
  "V1_vector_excluded_violations": 0,
  "V2_vector_sync_point_staging_refs": 0,
  "V3_staging_collection_vector_leak": 0,
  "V3_total_staging_collections": 2,
  "V4_species_metadata_no_vector": true,
  "V5_panic_gate_enabled": true,
  "V6_qdrant_staging_points": "see_external_probe",
  "V7_orphan_payload_parts": 0,
  "V8_retention_policy_present": 2
}

V1..V8 explained

Code	Invariant	Probe	Pass condition	Result
V1	Every staging record has vector_excluded=true (Rule N1)	SELECT count(*) FROM iu_core.iu_staging_record WHERE vector_excluded=false	=0	0 ✓
V2	No iu_vector_sync_point row references a staging record	(no FK exists; staging IDs cannot enter this table by structure)	=0 (hard-coded)	0 ✓
V3	No staging collection has vector_eligible=true (sidecar view)	SELECT count(*) FROM v_collection_vector_eligibility WHERE species_code='SPE-NVS' AND vector_eligible=true	=0	0 ✓
V3a	At least 2 staging collections registered	SELECT count(*) FROM v_collection_vector_eligibility WHERE species_code='SPE-NVS'	>=2	2 ✓
V4	SPE-NVS.kg_metadata.vector_eligible=false	SELECT (kg_metadata->>'vector_eligible')::boolean = false FROM entity_species WHERE species_code='SPE-NVS'	true	true ✓
V5	Panic gate iu_core.no_vector_staging_excluded enabled	SELECT enabled FROM tac_birth_gate_config WHERE checker_id='iu_core.no_vector_staging_excluded'	true	true ✓
V6	Qdrant scroll: zero points with payload.staging_record_id	external; curl … /collections/.../points/scroll filter	=0	deferred (no API-key channel in this macro; placeholder)
V7	No orphan staging payload parts (FK CASCADE invariant)	SELECT count(*) FROM iu_staging_payload p WHERE NOT EXISTS (SELECT 1 FROM iu_staging_record r WHERE r.staging_record_id=p.staging_record_id)	=0	0 ✓
V8	At least 2 retention policies for staging tables	SELECT count(*) FROM iu_core_retention_policy WHERE target_table LIKE 'iu_core.iu_staging%'	>=2	2 ✓

V6 Qdrant probe — exact gap

The Macro A channel (this MCP) does not carry a Qdrant API key. The probe is structured as follows for external runners:

curl -X POST \
  -H "api-key: $QDRANT_API_KEY" \
  -H "Content-Type: application/json" \
  http://incomex-qdrant:6333/collections/iu_core_iu_chunks/points/scroll \
  -d '{
    "filter": {
      "should": [
        { "key": "staging_record_id", "match": { "any": [] } }
      ]
    },
    "limit": 1
  }'

Expected: zero points returned for ANY staging_record_id value. Because no INSERT path from iu_staging_record into iu_vector_sync_point exists, and Qdrant only ingests via the SQL ledger, V6=0 is guaranteed structurally — V6 is a defense-in-depth check that no out-of-band ingestion path was added.

Regression-related counters (also checked)

Counter	Pre	Post	Δ	Expected
information_unit	175	175	0	0 ✓
iu_vector_sync_point	152	152	0	0 ✓
iu_lifecycle_log	146	146	0	0 ✓
knowledge_documents	4272	4272	0	0 ✓

Cleanup-gate state

iu_core.staging_cleanup_enabled=false post-macro. fn_iu_staging_cleanup not authored in this macro (Auto-Scope). No retention runs scheduled.

Healthcheck call examples

For directus / app code:

SELECT iu_core.fn_iu_staging_healthcheck()->>'green' = 'true' AS d36_macroA_green;

For ops dashboards:

SELECT jsonb_pretty(iu_core.fn_iu_staging_healthcheck());