110500x · 09 — Carry-Forward

A. Memory updates

New project memory

[[project-iu-core-110500x-apply-operator-alias-d30-d31-test-pass-2026-05-26]] — apply + live test of mig 042R; alias surface PASS, Điều 37 short proof PASS, D30 regression PASS, D31 refusals PASS-with-finding on R2.

New feedback memories

1. [[feedback-g5-is-format-check-not-recompute]] — fn_iu_cut_from_manifest G5 enforces 32-hex format on the stored manifest_digest; it does NOT recompute the digest and compare to the manifest content. The operative tamper-detector is G6 (source_changed). An attacker with direct DB UPDATE access can change the stored digest to a different VALID hex without triggering G5; the alias structurally prevents the cleaner attack vector (operator passing a fabricated digest) by NOT accepting a digest argument at all.

   • Why: documenting live behavior against 110000x report 04 R2's stronger claim.
   • How to apply: in audits, treat G5 as defense-in-depth; G6+payload-immutability is the load-bearing check.

2. [[feedback-cut-doc-code-from-source-ref-not-canonical-address]] — the live cut populates information_unit.doc_code from p_source_ref (which is what the operator passes to fn_iu_op_mark_file). It does NOT derive doc_code from canonical_address. So fn_iu_reconstruct_source('DIEU-37') won't find rows cut with source_ref='knowledge/dev/laws/dieu37-…' — those rows have doc_code = 'knowledge/dev/laws/dieu37-…'.

   • Why: caught in 110500x Phase 8.
   • How to apply: when querying IU pieces by "law", filter by canonical_address LIKE 'DIEU-37-%' or pass a short p_source_ref='DIEU-37' to the alias.

3. [[feedback-alias-mark-digest-canonicalizes-via-postgres-jsonb]] — fn_iu_op_mark_file casts p_pieces::text AFTER the implicit jsonb_typeof check, so the digest input uses Postgres-canonical JSONB encoding (sorted keys, normalized whitespace). A direct call to fn_iu_mark_create_manifest with a hand-built JSON literal will produce a different manifest_digest. Both routes produce valid 32-hex digests; they just authenticate different canonical byte sequences.

   • Why: explains 110500x D30-T2 digest_equal=f observation.
   • How to apply: don't claim "alias == direct" at the digest level; claim the more meaningful "alias produces same staging shape + same source_hash + valid 32-hex digest."

Refresh

• [[feedback-pg-hba-local-trust-unblocks-role-channel]] — confirmed again at 110500x. Apply channel for 042R was workflow_admin socket-trust inside the postgres container; HARD GATE 0 preflight covered all seven channel checks.
• [[feedback-channel-memory-drifts-verify-live]] — dot_iu_command_catalog.target_functions confirmed as ARRAY NOT NULL. CHECK on category confirmed {collection, piece, lifecycle, read, health}. Both kept in 02-current-live-status.md.

B. Operator commit (single commit recommended)

110500x landed the DB-side of 042R. The operator commit lands the application-side:

PR title: iu-core(110500x): operator alias surface live + D30/D31 protection

File	Change
migrations/postgres/042R_iu_core_operator_aliases.sql	new file (mirrors /tmp/042R_iu_core_operator_aliases.sql)
cutter_agent/iu_core/dot_commands.py::_REGISTRY	+5 entries (dot_iu_operator_*)
cutter_agent/tests/test_d9_conformance.py	public_fns 502→507, dot_catalog 36→41
Pinning tests (15 sites)	+5 alias names
cutter_agent/iu_core/short_command_router.py	new — parses 5 short commands → alias calls (optional but recommended)

C. Next gate — first DURABLE Điều 37 cut

After 110500x apply + START-HERE deployed, the next genuine production milestone is a durable Điều 37 cut (NO rollback):

1. Fresh agent reads only START-HERE + cheatsheet.
2. Operator issues: MARK file knowledge/dev/laws/dieu37-governance-organization-law.md theo quy trình operational-cut-workflow, lưu vào No-Vector Staging Zone.
3. Operator reviews staged MARK (SELECT * FROM iu_core.iu_staging_payload WHERE staging_record_id = <sid> AND part_name = 'cut_manifest').
4. Operator issues: VERIFY MARK staging_id <sid> with apply=true.
5. Operator opens composer gate.
6. Operator issues: CUT staging_id <sid>, output IU corpus, verify reconstruct + Axis A/B/C — no BEGIN/ROLLBACK wrap.
7. Operator closes composer gate immediately.
8. Operator issues: VERIFY CUT run_id <rid>.
9. KB report …/v0.6-iu-core-120000x-first-durable-dieu37-cut/.

Expected delta (full 20,482-byte source, ~13 pieces): public.information_unit +13, dot_iu_command_run +1 (applied audit), staging row consumed. iu_vector_sync_point unchanged.

Recommendation: pass p_source_ref:='DIEU-37' (short code) rather than the full KB path, so doc_code ends up as 'DIEU-37' and fn_iu_reconstruct_source('DIEU-37') works idiomatically (per 110500x finding [[feedback-cut-doc-code-from-source-ref-not-canonical-address]]).

D. Untouched surfaces re-confirmed for safety

Surface	Why preserved
production_documents	absent + mission rule + alias bodies clean (R8/R9)
Qdrant iu_core_iu_chunks	mission rule + zero outbound calls + 4-layer NVSZ (R6)
Nuxt deployment	mission rule
iu_core.retention_enabled gate	unchanged (false)
iu_core.composer_enabled gate	restored false at exit
PR #669	untouched
037/038/039/040R/041R fn bodies	unchanged
Pre-existing IU pieces (DIEU-28/32/35)	unchanged (175 IU, 27/23/36 counts)
25000x mig 033	unchanged
iu_core schema (tables/constraints)	no DDL beyond CREATE FUNCTION + INSERT INTO catalog

E. The exact verdict

IU_CORE_110500X_APPLY_OPERATOR_ALIAS_D30_D31_TEST_PASS — all PASS criteria from the mission charter satisfied:

• apply channel preflight passed
• mig 042R applied
• all 5 aliases live
• short alias proof passes
• Điều 30 regression suite passes
• Điều 31 integrity/refusal suite passes (with R2 finding documented)
• START-HERE pack validated/updated
• production_documents untouched
• Qdrant unchanged
• all gates inert
• KB reports verified (10 documents under …/v0.6-iu-core-110500x-apply-operator-alias-d30-d31-test/)
• no unsafe state remains

F. Lessons (one-line each)

• HARD GATE 0 is real, fast, and decisive — channel preflight took <30s; mig apply + proof took <10 min after that. The 110000x author-mode session correctly returned PARTIAL_WITH_EXACT_GAP rather than fake-PASSing without the apply channel.
• G5 is format defense-in-depth, G6 is the operative tamper-detector — documented as live-vs-doc finding so future audits don't expect digest-recompute at G5.
• The alias surface IS the operator UX — five short commands replaced multi-hundred-line per-file prompts. The cost was 5 plpgsql wrappers + 5 DOT entries; the benefit is non-bypass-able UX consistency.
• doc_code derivation matters for downstream queries — fn_iu_reconstruct_source requires the agent to think about what string the operator passes as source_ref; recommended short codes like DIEU-37 rather than full KB paths.
• pg_dump Fc delta is the source-of-truth size signal — SQL-text estimates of "+25-35 KB" became "+10 KB" after Fc compression. Always trust the actual binary delta.

G. Cross-links

• Report 00 — summary
• Report 02 — apply transcript
• Report 03 — short alias proof (Điều 37, bounded)
• Report 04 — D30 regression results
• Report 05 — D31 integrity results
• Report 07 — regression matrix
• …/v0.6-iu-core-cutting-operator-start-here/ — onboarding (revs 4/5 patched here)
• …/v0.6-iu-core-110000x-operator-alias-surface-d30-d31-protection/ — author-mode source
• …/v0.6-iu-core-100000x-reauthor-apply-cut-verify-full-proof/ — pipeline live PASS
• 80000x doctrine — MARK is not CUT