KB-7BBB

100000x · 01 — Live Signature Matrix (Phase A)

8 min read Revision 1

iu-core100000xphase-asignature-matrixlive-schema2026-05-26

100000x · 01 — Live Signature Matrix

Phase: A · Status: PASS (channel up; baseline snapshot; matrix produced before authoring 040R/041R)

Apply channel

ssh contabo 'docker exec -i postgres psql -U workflow_admin -d directus -v ON_ERROR_STOP=1' — works via Unix socket trust. Test query returned workflow_admin | directus.

Baseline (pre-100000x)

Surface	Count
`information_unit`	175
DIEU-28 / DIEU-32 / DIEU-35	27 / 23 / 36
`iu_core.iu_staging_record` / `iu_staging_payload`	3 / 4
`iu_vector_sync_point`	152
`dot_iu_command_run`	18
`dot_iu_command_catalog`	34
`iu_piece_collection` / `iu_piece_membership`	44 / 223
`pg_proc` (public)	500
Composer gate	false
Retention gate	false
`production_documents` (in `directus` DB)	does not exist

pg_dump pre-100000x: 893,887,758 B · sha256 23b5781a….

037–039 live (re-verified)

Function	Args	Verdict
`fn_iu_staging_cleanup`	`(p_apply boolean DEFAULT false, p_actor text DEFAULT 'fn_iu_staging_cleanup')`	✅ present
`fn_iu_staging_unregister`	`(p_staging_record_id uuid, p_apply boolean DEFAULT false, p_actor text DEFAULT 'fn_iu_staging_unregister')`	✅ present
`fn_iu_mark_create_manifest`	`(p_manifest jsonb, p_mark_report_md text, p_coverage_proof jsonb, p_determinism_digest text, p_source_kind text, p_source_ref text, p_idempotency_key text, p_actor text DEFAULT 'agent_mark')`	✅ present
`fn_iu_verify_mark`	`(p_staging_record_id uuid, p_apply boolean DEFAULT false, p_approval_doc_id text DEFAULT NULL, p_approver text DEFAULT NULL, p_actor text DEFAULT 'fn_iu_verify_mark')`	✅ present
`fn_iu_cut_from_manifest`	—	❌ ABSENT (target for 040R)
`fn_iu_verify_cut` / `fn_iu_verify_cut_result`	—	❌ ABSENT (target for 041R)

Live signatures of inner callees (040R / 041R will call these)

Function	Live signature	Returns	Key drifts vs 90000x author
`fn_iu_create`	`(p_canonical_address text, p_title text, p_body text, p_actor text, p_unit_kind text DEFAULT NULL, p_section_type text DEFAULT NULL, p_owner_ref text DEFAULT NULL, p_publication_type text DEFAULT NULL, p_parent_ref uuid DEFAULT NULL)`	`jsonb` (return key `iu_id`)	9 args (90000x assumed 6+); return is jsonb not uuid; key is `iu_id`, not `id`; section_type stored only in identity_profile JSONB, not the column
`fn_iu_collection_add_piece`	`(p_collection_id uuid, p_iu_id uuid, p_piece_order integer, p_piece_role text, p_actor text)`	jsonb	5 args (90000x had 4); piece_role lives on this edge, not on information_unit
`fn_iu_composer_enabled`	`()`	boolean	reads `dot_config` key `iu_core.composer_enabled`
`fn_iu_subtree`	`(p_root uuid)`	TABLE(iu_id, canonical_address, depth, parent_id, relative_depth)	unchanged
`fn_iu_reconstruct_source`	`(p_doc_code text)`	TABLE	takes `doc_code` not `run_id` — 90000x V-recon plan would not apply directly

Critical table schemas

`public.information_unit` (19 cols)

id (uuid PK, default gen_random_uuid), canonical_address (text NOT NULL UNIQUE), unit_kind (text NN), lifecycle_status (text NN default 'draft'), content_anchor_ref (text), version_anchor_ref (uuid → unit_version), owner_ref (text NN), parent_or_container_ref (uuid), conformance_status (text NN default 'open'), identity_profile (jsonb NN default '{}'), created_at/updated_at (timestamptz NN default now), created_by/updated_by (text NN), deleted_at (timestamptz), sort_order (int), doc_code (text), section_type (text), section_code (text).

NO piece_role. NO source_position (use sort_order). NO status (use lifecycle_status).

`iu_core.iu_staging_record` (CHECK constraints)

lifecycle_chk vocab: {pending, pending_review, approved, consumed, rejected, expired, cleaned} (7 states — 91000x mig 037)
consumed_consistency_chk: lifecycle='consumed' ⇒ consumed_at + consumed_by_run_id + approved_at + approval_doc_id all NOT NULL
approved_consistency_chk: lifecycle='approved' = (approved_at NOT NULL AND approved_by NOT NULL) OR lifecycle ∈ {consumed, rejected, expired, cleaned}
expiry_ceiling_chk: expires_at ≤ created_at + 30d
source_kind_chk vocab: {agent, user, system, import} — fixture is invalid
staging_kind_chk vocab: {mark_manifest, review_package, cut_preview, sql_snapshot, nosql_payload, draft_iu_composition, agent_intermediate, event_working_state}
vector_excluded_chk: vector_excluded = true (Layer 1 of NVSZ)

No manifest_digest column — value lives in metadata.determinism_digest and in the cut_manifest payload's manifest_digest field.

`iu_core.iu_staging_payload`

kind_chk: payload_kind ∈ {json, text, blob_ref} — markdown is invalid
exclusive_chk: text⇒payload_text only, json⇒payload_json only, blob_ref⇒blob_ref only
byte_len NOT NULL; byte_cap_chk: ≤ 10 MiB
UNIQUE (staging_record_id, part_index)

`public.dot_iu_command_run`

Columns: run_id (uuid PK), command_name, category, run_mode, run_status, mutating, params_digest, gate_snapshot (jsonb NN '{}'), evidence (jsonb NN '{}'), actor, created_at.

CHECKs: run_mode ∈ {plan, apply, verify}; run_status ∈ {planned, applied, verified, refused, failed}.

NO payload_json. NO status. (90000x author had wrong column names.)

`public.dot_iu_command_catalog`

(command_name PK, category, mutating, reversible, target_functions text[], registered_at).

CHECK category_chk: {collection, piece, lifecycle, read, health}. cut / verify are INVALID — 040R uses piece, 041R uses health.

`public.iu_vector_sync_point`

No staging-path columns. Refs only unit_id + parent_piece_id (both → information_unit). Structural Layer 4 NVSZ guarantee.

`public.iu_piece_membership` (collection-edge)

(id, collection_id → iu_piece_collection, iu_id → information_unit, piece_order int, piece_role text NN, membership_status, added_by, added_at, updated_at).

piece_role CHECK vocab: {title, intro, body, step, clause, appendix, reference} — note clause IS valid for piece_role (but NOT for section_type).

source_axis_kind on iu_piece_collection: {composed, cut, imported}.

Decisions taken from this matrix

040R extracts unit id via (result->>'iu_id')::uuid.
040R follows fn_iu_create with UPDATE information_unit SET sort_order, section_type, doc_code, section_code WHERE id = … (since fn_iu_create writes section_type only to identity_profile JSONB).
040R registers DOT with category='piece' and mutating=true, reversible=true.
041R registers DOT with category='health' and mutating=false, reversible=false.
040R dot_iu_command_run writes one row per call: run_mode='plan'|'apply', run_status ∈ {refused, planned, applied}, evidence carries run_id + pieces_created (jsonb) + manifest_digest.
041R verifies axes against information_unit columns (sort_order for A, section_type for B, parent_or_container_ref for C); no iu_sql_link, no iu_piece_membership required for the structural axes.
Proof fixture must use source_kind='system' and section_type='paragraph' (not 'fixture' / 'clause').

Cross-links

[[feedback-fn-iu-create-returns-jsonb-not-uuid]] — refresh: key is iu_id, not id.
[[feedback-fn-iu-collection-add-piece-signature]]
[[feedback-information-unit-no-piece-role-column]]
[[feedback-iu-vector-sync-point-has-no-staging-path]]
[[feedback-channel-memory-drifts-verify-live]]

100000x · 01 — Live Signature Matrix

Apply channel

Baseline (pre-100000x)

037–039 live (re-verified)

Live signatures of inner callees (040R / 041R will call these)

Critical table schemas

public.information_unit (19 cols)

iu_core.iu_staging_record (CHECK constraints)

iu_core.iu_staging_payload

public.dot_iu_command_run

public.dot_iu_command_catalog

public.iu_vector_sync_point

public.iu_piece_membership (collection-edge)