91000x · 00 — Summary

Verdict: IU_CORE_91000X_APPLY_MARK_TO_CUT_PIPELINE_AND_PROOF_PARTIAL_WITH_EXACT_GAP Date: 2026-05-26 Apply channel: workflow_admin via pg_hba local trust socket (Docker container postgres, DB directus). Confirmed live. Backup: pg_dump -Fc taken pre-apply at /tmp/pre-91000x-20260526T010854Z.dump (82,096,758 B) and post-apply at /tmp/post-91000x-20260526T012335Z.dump (82,111,840 B). Delta +15,082 B consistent with +4 fn + 4 DOT INSERTs.

What landed PASS

Migration	Title	Status	Notes
037	Staging lifecycle hardening (CHECK swaps + cleanup + unregister)	APPLIED with drift patches	lifecycle CHECK now 7-vocab incl. pending_review; consumed-tighten + expiry≤30d CHECKs in place; +2 fn + 2 DOT rows
038	MARK writer surface (fn_iu_mark_create_manifest)	APPLIED with drift patches	writes 1 staging row + 3 payloads + 1 audit; idempotency by idempotency_key
039	Verify MARK (fn_iu_verify_mark)	APPLIED with drift patches	axis A/B/C + coverage + 32-hex digest; refuses lifecycle != pending_review
BOUNDED PROOF	MARK → VERIFY-MARK live against FIXTURE-NVSZ-PROOF-1	PASS in BEGIN/ROLLBACK	full pipeline exercised; post-ROLLBACK state = pre exactly
No-vector verification	3-layer guarantee (CHECK + sidecar + view)	PASS (live read)	all 3 staging rows vector_excluded=true; 190/191 vector_eligible=false; no staging path to iu_vector_sync_point
Regression	DIEU-28/32/35, IU total, VSP, production data	PASS	27/23/36 unchanged; iu=175; vsp=152; staging 3/4 unchanged

The exact gap

Migration	Title	Status	Reason
040	Cut from approved manifest (fn_iu_cut_from_manifest)	NOT APPLIED	Multi-point schema drift requires full re-author (out of scope per user rule)
041	Verify CUT (fn_iu_verify_cut)	NOT APPLIED	Same — references iu.information_unit (doesn't exist), source_position / piece_role (don't exist), iu_sql_link.parent_unit_id / child_unit_id (don't exist)

040/041 drift evidence (live, captured 2026-05-26)

1. fn_iu_create signature — Live: (p_canonical_address text, p_title text, p_body text, p_actor text, p_unit_kind text DEFAULT NULL, p_section_type text DEFAULT NULL, p_owner_ref text DEFAULT NULL, p_publication_type text DEFAULT NULL, p_parent_ref uuid DEFAULT NULL) RETURNS jsonb. Authored mig 040 assumed (unit_kind, content_text, section_type, piece_role, canonical_address, source_position) RETURNS uuid. Mismatch on arg order, arg names, parameter count, return type.
2. fn_iu_collection_add_piece signature — Live: (p_collection_id uuid, p_iu_id uuid, p_piece_order integer, p_piece_role text, p_actor text) RETURNS jsonb. Authored mig 040 used (parent_uuid, child_uuid, piece_role, source_position) — 4 args, swapped order, missing actor.
3. information_unit schema — Live: public.information_unit. Authored mig 041 referenced iu.information_unit. Schema iu does not exist in directus DB.
4. information_unit columns — Live has sort_order (integer), no source_position; no piece_role column; has section_type, section_code, doc_code. Authored mig 041 referenced source_position and piece_role on this table.
5. iu_sql_link schema — Live columns: id, unit_id, unit_version_id, canonical_address, link_role, object_kind, object_schema, object_name, collection_name, row_pk, function_identity, trigger_name, object_fingerprint, direction, lifecycle_status, enabled, idempotency_key, metadata, created_at, updated_at, created_by, updated_by. Authored mig 041 referenced parent_unit_id / child_unit_id — these do not exist.

Drift patches applied to 037/038/039 (surgical only — contract/signature/algorithm unchanged)

Drift	Authored	Live	Fix scope
iu_core_retention_policy.keep_days CHECK	0	>=1	Changed value 0→1 in 037 INSERT (metadata-only; fn uses literal intervals not this column)
dot_iu_command_catalog.category vocab	maintenance/mark/verify	{collection,piece,lifecycle,read,health}	cleanup/unregister→lifecycle, mark_article→piece, verify_mark_manifest→health
iu_staging_payload.byte_len NOT NULL	missing in INSERT	required	added byte_len computation + INSERT column
iu_staging_payload_kind_chk vocab	markdown	{json,text,blob_ref}	mark_report part: 'markdown'→'text'
iu_staging_payload_exclusive_chk	payload_json with kind=text	text-kind must use payload_text	mark_report part: payload_json→payload_text
dot_iu_command_run cols	(command_name, payload_json, actor, status)	(command_name, category, run_mode, run_status, mutating, actor, evidence) with vocab CHECKs	rewrote all 4 INSERTs in 037/038/039 fn bodies
iu_core_retention_policy duplicates	INSERT 2 new rows	D36 Macro A had already inserted them	ON CONFLICT DO NOTHING

Live delta this macro produced

Surface	Pre	Post	Delta	Planned (90000x report 00)
dot_iu_command_catalog rows	30	34	+4	+6 (40/41 DOTs not registered)
public schema functions	470	474	+4	+6 (fn_iu_cut_from_manifest, fn_iu_verify_cut not created)
iu_core_retention_policy rows	6 (D36 prior)	6	0	+2 (D36 had already inserted; ON CONFLICT preserved)
iu_staging_record_lifecycle_chk vocab	6 states	7 states	+pending_review	+pending_review
iu_staging_record_consumed_consistency_chk	requires consumed_at+consumed_by_run_id	requires +approved_at+approval_doc_id	tightened	tightened
iu_staging_record_expiry_ceiling_chk	absent	expires_at <= created_at + 30d	new	new
iu_core.iu_staging_record rows	3	3	0	0 (proof was BEGIN/ROLLBACK)
iu_core.iu_staging_payload rows	4	4	0	0
iu_vector_sync_point rows	152	152	0	0
public.information_unit rows	175	175	0	0
DIEU-28/32/35 counts	27/23/36	27/23/36	0	0
Qdrant iu_core_iu_chunks	149	(untouched, no MCP write surface)	0	0

Non-negotiable rules honored

• No fake PASS — 040/041 labeled NOT APPLIED, not PASS.
• No production_documents mutation (table doesn't exist in directus DB; not touched in any DB).
• No Qdrant reindex.
• No Nuxt deploy.
• No retention global enable (p_apply=false everywhere; fn_iu_staging_cleanup(true) never called).
• No KB upload of pending MARK files (mark_manifest rows live in iu_core.iu_staging_payload, not KB).
• All gates inert (none toggled).
• No unsafe state — proof in BEGIN/ROLLBACK; post-state matches pre exactly.
• No re-author of 040/041 (skipped per user rule).

Honest scope of "drift patches"

The patches to 037/038/039 fn bodies are SQL-column-level adjustments to match live schema. Contract, signature, algorithm, axis checks, refusal codes, and external API are unchanged from 90000x author intent. Each patch is documented in 02-apply-037-039-with-patches.md. The user explicitly approved this scope ("Cho phép patch surgical các drift runtime"), distinguishing it from the deeper 040/041 re-author which was forbidden.

What "PARTIAL_WITH_EXACT_GAP" means here

The MARK → VERIFY-MARK half of the operating flow is LIVE and proven. The APPROVE → CUT → VERIFY-CUT → CLEANUP-15D half is blocked on multi-point schema drift in 040/041 that requires re-authoring against live fn_iu_create/fn_iu_collection_add_piece/public.information_unit/iu_sql_link signatures. The carry-forward in 07-carry-forward.md lays out the precise re-author plan for a 100000x macro.

Cross-links

• [[project_iu_core_90000x_mark_to_cut_pipeline_hardening_partial_with_exact_gap_2026_05_25]] — parent macro that authored 037-041.
• [[feedback-honest-channel-block-beats-partial-trigger]] — applied: 040/041 not half-applied; clean BEGIN/ROLLBACK proofs only.
• [[feedback-channel-memory-drifts-verify-live]] — refreshed by this macro with 5 more drifts in live schema.
• [[feedback-pg-hba-local-trust-unblocks-role-channel]] — channel held throughout.
• 80000x operational doctrine — MARK is not CUT; honored.