DIEU 45 — Phase 3 MARK/CUT Queue Pilot (Điều 37)

HARD GATE 0 BLOCK + EXACT GAP

Status: PARTIAL_WITH_EXACT_GAP — pilot NOT executed. Date: 2026-05-26. Mission: DIEU45_PHASE_3_MARK_CUT_QUEUE_PILOT_DIEU37. Rule applied: Mission HARD GATE 0 — "If gate fails, stop with exact block. Do not author replacement docs." Open Goal Prompt Guide v1.2 + Điều 45 v1.0 §13/§17 (no bypass).

1. EXACT BLOCK (one line)

The MCP query_pg channel binds role context_pack_readonly (NOT a member of workflow_admin) and executes every statement inside a READ ONLY transaction, so the agent cannot call fn_job_enqueue / fn_job_claim / fn_job_ack / fn_iu_op_* / fn_queue_heartbeat_tick, cannot UPDATE dot_config, cannot INSERT into job_queue, and cannot take a pg_dump backup. Phase 3 LIVE APPLY requires write capability via the prior phases' channel: SSH contabo → docker exec postgres → psql workflow_admin@directus.

2. HARD GATE 0 verify matrix

Item	Result	Evidence
SSH / docker / `psql workflow_admin` write channel	FAIL	`current_user=context_pack_readonly`, `pg_has_role(workflow_admin,'MEMBER')=false`; `query_pg` tool advertises "READ ONLY transaction as a read-only role, statement_timeout 5s, hard LIMIT 500. No writes/DDL."
`pg_dump` backup	FAIL	No shell tool available; cannot exec `pg_dump -Fc`.
`job_queue` / `job_dead_letter` / `queue_heartbeat` exist	PASS	All 3 present in `public` (`information_schema.tables`).
Phase 2 gates state	PASS	`queue.job_substrate.enabled=false`, `queue.worker.enabled=false`, `queue.notify.enabled=false`, `queue.heartbeat.enabled=true`, `queue.lease.reaper_enabled=false`, `queue.lease.reaper_dry_run_only=true`, `queue.dlq.replay_enabled=false`, `queue.runtime.phase=phase2_governance`, `queue.lease.duration_sec=300`, `queue.heartbeat.stale_threshold_seconds=300`, `queue.retry.backoff_base_sec=10`, `queue.retry.max_attempts_default=5`.
MARK/CUT aliases	PASS	`fn_iu_op_mark_file / verify_mark / cut / verify_cut / cleanup_dry_run` present (signatures captured in §5).
Source Điều 37 exists	PASS	`information_unit` row `ICX-CONST/DIEU-37` (`unit_kind=law_unit`, `identity_profile.primary_section_type_ref=article`, `id=24656ed1-c4e2-4b77-8890-1a14b7f3b496`); KB doc `knowledge/dev/laws/dieu37-governance-organization-law.md` rev 5.

Two of the six Gate-0 items fail. Mission rule: STOP.

3. Baseline read-only counts (zero mutation taken)

Table	Rows
`public.job_queue`	0
`public.job_dead_letter`	0
`public.queue_heartbeat`	1 (only `iu_outbound_default` legacy passive, `last_tick_at=2026-05-22 11:31:41+00`, `last_tick_status=warn`, `metadata.marker=legacy_silent_passive`, `ticks_total=0`)
`iu_core.iu_staging_record`	4
`iu_core.iu_staging_payload`	7
`public.information_unit`	175
`public.iu_piece_membership`	223
`public.iu_vector_sync_point`	152
`public.event_outbox`	134,803
`public.iu_route_worker_cursor`	1
`public.production_documents`	ABSENT (correct)
`public.dot_config` keys `queue.*`	12
Điều 37 source IU	1 (`ICX-CONST/DIEU-37`)
Extensions	`{btree_gist, pgcrypto, plpgsql, postgres_fdw}` — pg_cron still absent

4. Schema deltas vs prior-memory assumptions (read-only confirmations)

iu_staging_record / iu_staging_payload live in schema iu_core, not public (caller must qualify).
queue_heartbeat PK column is executor_name (not executor_id); other columns: executor_kind, last_tick_at, last_tick_status, ticks_total, current_job_id, lease_owner, metadata, created_at, updated_at.
job_queue state CHECK: {queued, leased, in_progress, succeeded, failed, retry_waiting, dead_letter, cancelled, cleaned} — 9-state vocab as designed.
job_queue_payload_safe_check and job_dead_letter_payload_safe_check denylist 10 keys verbatim: {body, content, raw, vector, embedding, secret, token, password, ssn, personal_data}.
queue_heartbeat_kind_check vocab = §11.5 7-name {DOT, Agent, Hermes, Codex, PG_worker, external_worker, future_Kestra_adapter} (MOT excluded — pinned in memory feedback-executor-kind-7-value-vocab-pins-pg-worker-for-legacy-route-worker).
job_dead_letter_triage_check = {pending, acknowledged, manual_replay, escalated, closed}.
fn_job_enqueue signature (11 params): (p_job_kind text, p_actor text, p_payload_ref text, p_payload_json jsonb, p_source_ref text, p_target_ref text, p_priority integer, p_scheduled_at timestamptz, p_idempotency_key text, p_max_attempts integer, p_run_id uuid) — order is kind, actor, payload_ref, payload_json, … (not the previously-assumed first-pos kind, source, target).
21 expected functions present: 5 MARK/CUT aliases + fn_iu_mark_create_manifest + fn_iu_cut_from_manifest + fn_iu_verify_cut_result + fn_iu_reconstruct_source + 12 queue fns (fn_job_enqueue/claim/ack/fail_or_retry/move_to_dead_letter, fn_queue_heartbeat_tick/stale_check/heartbeat_register_passive, fn_job_reap_stale_leases_dry_run/apply, fn_job_dead_letter_requeue_dry_run/triage_update).

5. What was NOT done (preserved for handoff)

Nothing was mutated. No backup taken. The following pilot-loop work is deferred to the operator-side write channel:

pg_dump -Fc pre-pilot backup.
Bounded BEGIN/ROLLBACK or durable LIVE APPLY of the queue pilot loop:
- flip queue.job_substrate.enabled=true (bounded or scoped to pilot run);
- fn_queue_heartbeat_tick('pilot_cut_executor','external_worker','ok',…) to register pilot executor;
- 6 fn_job_enqueue rows tagged actor='pilot:dieu37-cut' with idempotency keys pilot:dieu37:<step>:1 and job_kind ∈ {cut.copy_to_staging, cut.mark, cut.verify_mark, cut.cut, cut.verify_cut, cut.cleanup_checkpoint} — job_kind is free text (CHECK only enforces non-empty), so no CHECK widening is needed;
- per step: fn_job_claim('pilot_cut_executor', ARRAY[<kind>], 1) → run the corresponding alias (fn_iu_op_mark_file for DIEU-37 source bytes via p_source_ref:='DIEU-37', then verify_mark/cut/verify_cut/cleanup_dry_run) → fn_job_ack.
D30 regression + D31 integrity proofs (gate-off enqueue refusal, denylist refusal with payload_json='{"body":"…"}', lease_owner mismatch refusal, unapproved-cut refusal, stale executor health, DLQ replay disabled).
Reports 01..08 in knowledge/dev/laws/dieu44-trien-khai/v0.6-dieu45-phase-3-mark-cut-queue-pilot-dieu37/.

Per mission rule, the agent did not author a replacement migration or proof bundle.

6. Forbidden invariants — all honored at exit

No broad worker start.
No pg_cron install (still absent).
No CHECK widening (job_queue.state 9-state and queue_heartbeat.executor_kind 7-name remain verbatim).
No event_outbox schema change.
No Qdrant operation.
No production_documents creation.
No START-HERE edit (this doc is report-only and is filed under the Phase 3 carry-forward folder).
No new law changes.
No MOT / customer / email runtime touched.

7. Exact handoff

To operator (workflow_admin channel) or GPT/User:

A. Confirm whether Phase 3 should be re-tried with the agent granted a write-capable MCP channel (route query_pg through workflow_admin or equivalent, OR provision a narrow Directus Flow that wraps the 12 queue/MARK-CUT functions behind an idempotency-keyed pilot actor), or whether the operator will execute Phase 3 manually following the design pack DP1–DP7 already on file (v0.6-dieu45-full-queue-orchestration-design-pack) and the function signatures captured in §4 above.

B. If channel re-provisioning happens, the next attempt must re-run HARD GATE 0 from scratch (re-check role, pg_dump, and gate states) — no shortcut from this report's numbers, since the queue_heartbeat passive row's age will have advanced and event_outbox will have moved.

C. The silent-gap on iu_outbound_default is still NOT closed durably (Phase 2 surfaced it; Phase 3 was meant to close it via real heartbeat caller — that work remains).

RETURN

DIEU45_PHASE_3_MARK_CUT_QUEUE_PILOT_DIEU37_PARTIAL_WITH_EXACT_GAP — channel readonly; no mutation; baseline captured; handoff routed.

Cross-link: [[project-dieu45-phase2-heartbeat-activation-lease-governance-pass-2026-05-26]], [[project-dieu45-phase1-minimal-job-substrate-live-apply-pass-2026-05-26]], [[project-dieu45-v1-0-enacted-2026-05-26]], [[feedback-dieu45-silent-gap-violation-post-enactment]].