{ "document": "authority-contract-v0-1", "workstream": "tool-kiem-thu", "date": "2026-06-09", "status": "AUTHORITY_CONTRACT_V0_1_READY_FOR_GPT_REVIEW", "production_mutation": "NO", "nature": "binding authority contract; not a tool spec, implementation, schema, runner, or law", "authority_basis": { "codex_seal": "reviews/codex-seal-authority-matrix-bcdgh-2026-06-09.md", "seal_verdict": "BCDGH_SEALED", "adopted_defaults_source": "reports/authority-decision-matrix-draft-after-baseline-2026-06-09.md", "baseline_ledger": "reports/dot-registry-directus-text-as-code-baseline-reconciliation-2026-06-09.{md,json}", "baseline_read": "live 2026-06-09 07:11-07:30 UTC, role context_pack_readonly, READ ONLY" }, "scope": { "governs": "future Implementation Package DOT v0.1 planning for tool-kiem-thu", "creates_new_law": false, "creates_new_tool": false, "replaces_existing_authorities": false, "does_not_replace": ["Đ38", "Điều 23", "Đ43", "Đ39", "Đ19", "existing checker/logger authorities"], "role": "bridge/constraint document for the tool-kiem-thu workstream" }, "denominator_contract": { "rule": "each denominator is a distinct query on a distinct surface at a distinct date; never collapse to one canonical DOT number; a collapsed count is a disguised hardcode; load-bearing set = runtime query against a named surface, never a literal/hand-list; every count carries surface+denominator+query+timestamp+key+population+confidence as dated evidence, never an invariant", "denominators": [ {"count": 309, "name": "dot_tools / PIV-007", "surface": "dot_tools (= meta_catalog CAT-006 309 = PIV-007 309 = PIV-104 309); frozen since 2026-04-02", "allowed_use": "catalog/listing authority only; listing = live SELECT FROM dot_tools", "not_permitted_to_mean": "count of runnable or file-backed DOTs; a baked constant"}, {"count": 214, "name": "operational files", "surface": "wf_fs_dot_bin_snapshot status=OPERATIONAL (/opt/incomex/dot/bin)", "allowed_use": "filesystem presence surface", "not_permitted_to_mean": "proof of safe execution"}, {"count": 186, "name": "mapped / confirmed", "surface": "wf_fs_dot_bin_snapshot mapped / v_dot_reconciliation_reliability CONFIRMED", "allowed_use": "reconciliation diagnostic", "not_permitted_to_mean": "safe-call set; '186 ∩ command-catalog' formula WITHDRAWN (join=0, disjoint spaces)"}, {"count": 163, "name": "CAT-006 actual_count / local checkout", "surface": "meta_catalog CAT-006 actual_count; …/web-test/dot/bin local", "allowed_use": "none for authority — unsafe/unverified", "not_permitted_to_mean": "authority denominator; runtime proof; production runtime; actual_count=163 is an external dot-catalog-sync artifact with undefined filter (UNVERIFIABLE/UNSAFE); local checkout is NOT production"}, {"count": 54, "name": "command catalog", "surface": "dot_iu_command_catalog", "allowed_use": "IU command catalog surface; candidate future governed set (15 rows mutating=false)", "not_permitted_to_mean": "a DOT tool count; an authorized v0.1 call set"}, {"count": "128 / 36", "name": "Directus flows / DOT-named", "surface": "directus_flows (128 total / 111 active / 36 DOT-named)", "allowed_use": "Directus flow surface (read-only observe)", "not_permitted_to_mean": "proof of 100% DOT control (control = PARTIAL_EVIDENCE_ONLY)"}, {"count": "219 / 102", "name": "information_unit / tac_logical_unit", "surface": "information_unit (219), tac_logical_unit (102), 0 joining DB views", "allowed_use": "two separate corpora, dual-report only", "not_permitted_to_mean": "a merged corpus; either chosen canonical; a bridge"} ], "other_carried_not_collapsed": {"file_path": 228, "script_path": 119, "classification_real": 0, "v_dot_registry_no_file": 41, "v_dot_reconciliation_reliability.MISSING_FILE": 4, "dot_iu_command_run": 55, "dot_operations": 20, "law_dot_enforcement_bindings": 272, "opt_incomex_scripts_42": "separate non-DOT surface (wf_fs_script_snapshot)"} }, "v0_1_allowed_behavior": [ "read/report only", "file-report-only evidence under knowledge/dev/laws/tool-kiem-thu/", "may query/read named existing surfaces (read-only)", "may produce timestamped reports, diffs, evidence tables with full provenance and both-direction diffs", "may reference existing authorities (Đ38/Đ23/Đ43/Đ39/Đ19/fn_tac_log_checker_issue/reconciliation views)", "may NOT call filesystem DOT", "may NOT mutate anything", "may NOT infer authority from presence/run-history alone" ], "prohibited_behavior": [ "new runner authority", "filesystem DOT invocation", "new registry authority", "new logger/sink", "new duplicate/graph/orphan resolver (unless a concrete miss is proven under separate authorization)", "TAC/IU merge, bridge, or corpus choice", "Directus mutation", "registry cleanup/reconciliation mutation", "package/schema/tool build before Reuse Extraction Map and approved spec", "prose-only PASS", "collapsed counts" ], "existing_authority_reuse": { "registry_catalog": "dot_tools / PIV-007 — listing only", "registry_filesystem_current_diff": "latest code-keyed v_dot_reconciliation_reliability over wf_fs_dot_bin_snapshot (canonical current diff)", "name_keyed_old_view": "v_dot_registry_no_file — diagnostic only, must not override canonical current diff", "logger": "fn_tac_log_checker_issue -> system_issues (Đ23) — named sink, write deferred until later authorized", "graph_orphan_duplicate": "Đ19/Đ23/Đ39/universal_edges(2199)/v_kg_edges_all(2259)/entity_dependencies(142)/existing engines", "context": "Đ43 context pack", "text_as_code": "Đ38/P3D/IU system — dual-report TAC/IU until a separate bridge contract" }, "unresolved_deferred": [ "call contract for any future command execution", "proof-of-run semantics", "Directus 100% DOT-control proof", "TAC<->IU bridge/resolver contract", "registry cleanup/reconciliation mutation", "system_issues wiring timing", "Implementation Package DOT actual spec", "MVP implementation", "fresh-read items: CAT-006 actual_count=163 filter, direct OS listing of /opt/incomex/dot/bin, /opt/incomex/scripts '42' surface, Đ19/Đ23 inverse-check read-only run" ], "gate_to_next_phase": { "next_permitted_phase": "Reuse Extraction Map", "not_permitted_yet": ["Implementation Package DOT scope spec", "verifier code", "schema", "runner", "command invocation"] }, "reusable_prompt_block": "Implementation Package DOT v0.1 is currently authorized as read/report-only. It must not invoke filesystem DOT, mutate Directus/PG/registry, create runner/logger/graph/corpus authority, or choose between TAC/IU. All denominators must remain separate.", "sealed_decisions": { "A": {"disposition": "adopted default", "wording": "309 dot_tools = catalog of record (listing = live query; frozen 2026-04-02); listing-only, not a runnability/file-backing count"}, "B": {"disposition": "MODIFY -> SEALED (option 5)", "wording": "filesystem-DOT 'can run' NOT AVAILABLE for v0.1; MUST NOT invoke filesystem DOT; presence/mapping/proof-of-run are separate facts; nothing callable until a separate per-command call contract; registry presence, local checkout, CAT-006 actual_count, executable bit, historical run rows alone never prove 'can run'"}, "C": {"disposition": "MODIFY -> SEALED (option 5)", "wording": "v0.1 read/report only, MUST make no calls; neither filesystem DOTs nor IU commands invoked until a separate call contract is sealed; 15 IU mutating=false commands are a candidate future set, not an authorized v0.1 call set; filesystem-186 not directly callable; no static whitelist, no new dispatcher"}, "D": {"disposition": "MODIFY -> SEALED (option 1)", "wording": "canonical current registry->filesystem diff base = latest code-keyed v_dot_reconciliation_reliability over wf_fs_dot_bin_snapshot; v_dot_registry_no_file is a separately named/dated/name-keyed diagnostic, must not override; reports expose source/timestamp/key/population/both-direction diffs; unmatched = NON-CALLABLE; reuse existing reconciliation surfaces; no reconciliation mutation or new registry authority"}, "E": {"disposition": "adopted default", "wording": "no direct Directus mutation until 100% DOT-control proven; future writes only via [DOT-REG]/[WATCHDOG] flows; v0.1 writes no Directus"}, "F": {"disposition": "adopted default", "wording": "authoritative sink = fn_tac_log_checker_issue -> system_issues (Đ23); new logger PROHIBITED; v0.1 file-report-only; system_issues write deferred"}, "G": {"disposition": "SEALED", "wording": "existing Đ19/Đ23/Đ39 graph/duplicate/orphan/dependency/reconciliation surfaces are the only permitted authorities; new resolver prohibited unless a separately authorized read-only gap proof shows a concrete miss; presence of a view/function does not authorize executing a detector or writing findings; doc-level canonical-id coverage UNPROVEN, not a true-new gap"}, "H": {"disposition": "SEALED", "wording": "no TAC<->IU bridge in the sealed fresh-read snapshot; v0.1 MUST discover and dual-report both corpora separately; MUST NOT choose/merge/reconcile/consume-as-canonical/create-bridge; corpus authority unresolved until a separate owner-authorized bridge/resolver contract; no counts or 'no bridge' result hardcoded, all runtime-read"}, "I": {"disposition": "adopted default", "wording": "v0.1 file-report-only under knowledge/dev/laws/tool-kiem-thu/; escalate to system_issues via fn_tac_log_checker_issue only once approved to mutate; Directus registry tables = NO"}, "J": {"disposition": "adopted default", "wording": "KB design (knowledge/dev/…) + runtime mirror /opt/incomex/dot/bin (matches Đ43 paired build/verify); local checkout …/web-test/dot/bin (163) NOT a runtime; binds only when executable code authored (post-spec)"} }, "parallel_authority_risk": { "new_runner_authority": "NO", "new_registry_authority": "NO", "new_logger_authority": "NO", "new_graph_duplicate_authority": "NO", "new_tac_iu_corpus_authority": "NO", "note": "sealed decisions create no new runner, registry, logger, graph/duplicate, or TAC/IU corpus authority" }, "cross_references": { "codex_seal": "reviews/codex-seal-authority-matrix-bcdgh-2026-06-09.md", "seal_checkpoint": "checkpoints/checkpoint-codex-seal-authority-matrix-bcdgh-2026-06-09.md", "fresh_read_closure": "reports/authority-matrix-fresh-read-closure-bcdgh-2026-06-09.{md,json}", "decision_matrix": "reports/authority-decision-matrix-draft-after-baseline-2026-06-09.{md,json}", "baseline": "reports/dot-registry-directus-text-as-code-baseline-reconciliation-2026-06-09.{md,json}", "main_contract": "contracts/authority-contract-v0-1-2026-06-09.md", "checkpoint": "checkpoints/checkpoint-authority-contract-v0-1-2026-06-09.md" } }