Incomex AI Portal
KB-499C

Text-as-Code Reuse / Anti-Duplication Audit (2026-06-09)

28 min read Revision 1
tool-kiem-thureuse-auditanti-duplicationtext-as-codeinformation-unitdieu44iu-coredot-iu-cutterp11ep9-g6dieu43dieu39universal-edgesdieu23dieu19dieu14constitution-14nt142026-06-09

Text-as-Code Reuse / Anti-Duplication Audit

Date: 2026-06-09 · Status: REUSE_AUDIT_READY · Production mutation: NO Method: READ-ONLY. Five parallel auditors swept the KB (agent-data MCP = SSOT for knowledge/dev/…) + the local dot-iu-cutter repo (/Users/nmhuyen/iu-cutter-build/repo/iu-cutter/). No install, no implementation, no DDL/DML, no FIX7 resume, no new law, no v0.1 scope-lock spec, no verifier code, no schema files, no PG/system_issues wiring. Supersedes the maturity claims in: planning/implementation-package-dot-v0-1-feasibility-plan-2026-06-09.md (that plan's "PARTIAL / mostly-design" framing materially understated the deployed foundation — see §1). Reuse buckets: A REUSE_AS_IS · B REUSE_WITH_ADAPTER · C REFERENCE_ONLY · D GAP_TRUE_NEW_WORK · E CONFLICT_OR_OVERLAP_RISK.

1. Executive verdict

Is it safe to proceed straight to the Implementation Package DOT scope-spec? → NO. Revised recommendation: REUSE_EXTRACTION_FIRST (with two owner-decisions that gate the spec — §7, §9).

The previous feasibility plan found a small part of the system and treated most of it as "design-only, runtime deferred." That is wrong. The Text-as-Code / Information Unit foundation is largely BUILT and DEPLOYED:

  • ~117 fn_iu_* functions and ~45 IU/TAC tables live in PG (per the read-only audit sweep). Capabilities the old plan called "gaps" already exist: edit/apply/save, supersede/enact/retire, merge/split, structure-ops with plan/apply/verify/rollback, three-axis envelope, vector-sync boundary, event emission + routing worker + dead-letter, notification, birth/gateway write-guards, and a MARK → VERIFY-MARK → APPROVE → CUT → VERIFY-CUT → CLEANUP cutting pipeline reported live-proven (fn_iu_op_*, schema iu_core).
  • A runnable, fail-closed Article-14-grade verifier already exists: cutter_agent/dryrun.py (stdlib-only, import-isolated, sha256-gate-before-parse, independent-set coverage proof, double-build determinism check, FailClosed→exit 3, env-credential refusal, artifact-only output) + cli.py (demo|run|selftest) + AST-based isolation test suite.
  • A checker issue logger is DEPLOYED in production (S183): fn_tac_log_checker_issue(...) (SECURITY DEFINER, severity-map, md5 dedup, escalate-on-reseen) → public.system_issues via fn_log_issue.
  • A 19-gate preflight runner already RAN (migrated 86 TAC units, all PASS) with a "Validation Contract" + exact-key dual-write rollback — p3d-phase5c2-86-units-completion-report.md §5.
  • The Đ43 paired-DOT is fully deployed (build rev 11, verify rev 5, on vps:/opt/incomex/dot/bin/, cron every 3h) — the exact paired build/verify template, with dot_config_get no-fallback, the §5.8 five-guard read-only SQL path, and a generic executor that dispatches by executor_type (never by check-code).
  • Graph / orphan / impact / duplicate machinery is mostly deployed: universal_edges (CAT-130, ~2,199 rows) + v_kg_edges_all (~2,259 edges), Đ8 entity_dependencies + dot-dependency-scan, Đ19 orphan scanners (DOT-095/115), Đ14 duplicate law (3-tier; engine TD-083 pending), One-Roof island_detected/double-owner, Đ23 inverse-check; single sink = system_issues.

Biggest duplication risk (one sentence): building a third cut/verify/manifest lineage and a parallel checker-logger / graph-store / duplicate-authority-detector, when (a) two cutting+manifest+verify implementations already exist and overlap — the PG-native iu_core pipeline (fn_iu_op_*) and the external code-agent cutter_governance ledger (/opt/incomex/dot) — and (b) the logger, graph, orphan, dependency and duplicate-authority engines are already deployed under their own laws.

Two unresolved duplications that already exist in the system and must be decided before the spec (not created by us, but they bound our scope):

  1. iu_core PG-native cutting pipeline ↔ cutter_governance external code-agent — both do MARK/CUT/VERIFY, both append-only, both axis-verify.
  2. tac_logical_unit (86 rows, the real production corpus) ↔ information_unit (live IU table) — the TAC↔IU reconciliation (merge/bridge/evolve) is still undecided; a package verifier touching "the corpus" must know which is authoritative.

Data-quality caveat (honesty): the two audit sweeps reported different information_unit row counts (one said 175, one said 98-after-86-migration). Treat all specific counts here as indicative, pulled from differently-dated reports/reads — a single fresh read-only baseline is required before scoping (§9 Q5). Do not quote a precise count as fact yet.

2. Existing asset inventory

Source families: Đ38 (Text-as-Code) · Đ44/IU (Information Unit) · iu_core (PG-native cutting) · dot-iu-cutter (code-agent cutting) · Đ23 (DOT Scanning) · Đ35 (DOT governance) · Đ39 (Knowledge Graph) · Đ43 (Context Pack) · Đ19/Đ8/Đ14 (orphan/dependency/duplicate) · P11E/P6/P9-G6 (checker/dry-run).

Asset (path / identifier) Family What it does Maturity Reuse
cutter_agent/dryrun.py (+ tests/test_dryrun_snapshot_mark.py) — local /Users/nmhuyen/iu-cutter-build/repo/iu-cutter/ dot-iu-cutter Runnable fail-closed verifier: extract_regionsnapshot_gate sha256-before-parse, coverage proof, determinism re-run, FailClosed→exit 3, env-cred refusal, artifact-only executable B (clone skeleton; swap parser for "resolve+run declared cmds")
cli.py (demo|run|selftest) dot-iu-cutter CLI entrypoint; selftest=run stdlib unittest suite executable B (add a verify subcommand)
iu_core/text_as_code.py (computed_digest, validate_collection_manifest, roundtrip_collection_manifest) dot-iu-cutter sha256 digest + manifest validate + byte-identity round-trip executable A/B (sha256 + manifest-validate core)
iu_core/healthcheck.py (run_healthcheck, _VERDICTS, SurfaceResult, HealthcheckReport) dot-iu-cutter Per-surface _verdict_*→aggregate report (verdict-dispatch) executable B (per-claim verdict pattern)
iu_core/dot_commands.py (DOT_COMMANDS, 34 dot_iu_*, paired) dot-iu-cutter/Đ35 Operator command registry, reversible-paired executable C (paired-command convention)
orchestrator/{policy,gates,discover}.py (assert_no_module_level_pins, assert_discover_first, LiveReadOnlyDiscoverer) dot-iu-cutter Anti-hardcode + discover-first + read-only live survey executable B (scope / no-hardcode guards)
fn_tac_log_checker_issue(p_checker_id,p_severity,p_entity_code,p_summary,p_issue_signature,p_details) Đ38/P6 (E-R3) Deployed checker logger → system_issues (severity-map, md5 dedup, escalate) deployed (S183) A (call it; do NOT fork)
p3d-phase5c2-86-units-completion-report.md §5 — 19-gate preflight runner + Validation Contract + exact-key rollback Đ44/IU --doc_code preflight (19 hard gates), count/hash/body fidelity contract, dual-write KB+VPS rollback executable (ran, PASS) B (generalize --doc_code--manifest)
fn_iu_op_{mark_file,verify_mark,cut,verify_cut,cleanup_dry_run} (schema iu_core) + fn_iu_mark_create_manifest/fn_iu_verify_mark/fn_iu_cut_from_manifest/fn_iu_verify_cut_result/fn_iu_staging_cleanup iu_core MARK→CUT→VERIFY operator surface; manifest approve-before-cut; gate-refusal vocab (not_found/wrong_kind/not_approved/incomplete_approval/digest_changed/source_changed/composer_gate_closed) deployed (live-proven) A/E (reuse pattern; conflict with cutter_governance)
iu_core.iu_staging_record / iu_staging_payload (+ vector_excluded CHECK, fn_iu_staging_*) iu_core No-Vector Staging Zone: hold unapproved artifact, fail-closed consume deployed A (hold unverified packages)
fn_iu_verify_invariants, fn_iu_reconstruct_source (Axis A), fn_iu_filter_axis_b (Axis B), fn_iu_filter_axis_c_subtree (Axis C), fn_iu_three_axis_envelope_* iu_core Executable verification harness + verdict shape deployed A (verification verdict)
fn_iu_gateway_write_guard, fn_iu_birth_gate_layer1/2, fn_iu_gate_{open,close,verify_closed,watchdog} (+ dot_config.iu_create.gateway.*) Đ44/IU Block writes lacking authorized marker / approval deployed/enforced A (reuse marker allow-list)
fn_iu_{edit,save,apply_edit_draft,create_edit_draft,edit_plan,supersede,enact,retire}; unit_edit_draft/_comment Đ44/IU edit/draft/comment/apply/save + lifecycle (policy require_review) deployed A/C (lifecycle exists — don't rebuild)
fn_iu_piece_{split,merge,soft_delete,restore}, fn_iu_structure_op_{plan,apply,verify,rollback}, iu_merge_set/iu_split_set Đ44/IU merge/split/structure-ops w/ rollback deployed (3-way-merge-conflict still design) A/C
event_outbox, iu_notification_event/_read, fn_iu_emit_event, iu_outbound_route/iu_route_attempt/iu_route_dead_letter/fn_iu_route_worker_run Đ44/IU event bus + routing worker + dead-letter; event_domain='information_unit' deferred deployed (inert for IU domain) A (emit here; don't build a new bus)
dot_iu_command_catalog (41 rows) / dot_iu_command_run (run_mode plan/apply/verify, run_status planned/applied/verified/refused/failed) iu_core/Đ35 DOT command registry + run ledger deployed B (register the new DOT here)
cutter_governance schema (12 tables: envelope/manifest/review_decision/dot_pair_signature/cut_change_set/verify_result; +15-row append-only invariant; roles cutter_ro/exec/verify) — code SSOT /opt/incomex/dot HEAD e93424b dot-iu-cutter External code-agent governance ledger; single-IU production CUT/VERIFY CLOSED_PASS deployed (trial) B/E (manifest-envelope+dot_pair_signature model; conflict w/ iu_core)
dot-iu-cutter v0.1 design set (manifest+operator-contract, independent verifier dot-iu-cutter-verify DOT-pair, 10-gate REVIEW checklist, round-trip VERIFY, NEEDS_HUMAN escalation) dot-iu-cutter NT14-motivated package/verify design design (COMPLETE_PENDING_REVIEW) C/E (precedent; don't fork its manifest authority)
P11E checker_run_status (ran_clean|ran_with_drift|not_ready|error_running) + readiness contract + §4.5 truth table Đ38/P11E The anti-FIX7 verdict vocabulary; "No metadata → NOT_READY/INFO, not FAIL" design (official) A (adopt verbatim)
P6 checker taxonomy (BIRTH/PRE-ENACT/INVARIANT/DRIFT/PROJECTION), severity (BLOCK/ERROR/WARN/INFO), naming {TYPE}-{DOMAIN}-{SEQ}, registry fields Đ38/P6 Checker design contract design (official) A (severity + registry fields)
P9-G6 dry-run package (PF-01..PF-10, fail-loud search_path, pg_catalog.sha256(), DROP-CASCADE 0-residue, KB-report-only) Đ38/P9 DB-touching dry-run PATTERN design→as-built (PF-07 v0.5 + wrapper v0.6 archived) C (DB-step template; E vs artifact-only lineage)
dot-context-pack-build.sh (rev 11) ↔ dot-context-pack-verify.sh (rev 5) + cp-render-section.py (rev 3) Đ43 Paired build/verify DOT; dual-checksum + staging→symlink-swap→single-TX publish; §9 generic executor; §5.8 5-guard SQL deployed (VPS, cron) B (copy paired-DOT pattern)
context_pack_manifest (.health_status), v_context_pack_latest, context_pack_section_definitions, v_entity_full_classification, rendered PROJECT_MAP/LAWS_INDEX/DOT_REGISTRY/RED_ZONES Đ43 Published, checksummed, health-verified active context deployed A (read for approved-SSOT/scope)
universal_edges (CAT-130, ~2,199 rows, 25 cols incl. Đ39 enrichment) + v_kg_edges_all (~2,259 edges) + fn_iu_kg_edge_audit() Đ39/KG System graph SoT mirror + unified read surface deployed + populated A (resolve-ref / depends-on / orphan — query, don't rebuild)
Đ8 entity_dependencies (tbl_registry_entity_dependencies) + dot-dependency-scan Đ8 Dependency/impact (blast-radius) before deprecate deployed (90+ rows) A (impact substrate)
Đ19 orphan: dot-orphan-scan (DOT-095) / dot-orphan-scanner (DOT-115), fn_birth_onboarding_full_scan, fn_refresh_orphan_*, meta_catalog.orphan_count Đ19 Orphan / coverage (Side A/B) deployed A (orphan/coverage)
Đ14 No-Duplicate (3-tier: exact-block / vector-suspect / Jaccard) + dot-duplicate-engine (TD-083) Đ14 Entity duplicate detection law enacted / engine pending C→D (conform to contract; engine unbuilt)
Đ23 inverse-check (UNMONITORED/UNREGISTERED), system_issues sink, tam-quyền Đ23 Coverage/scope set-difference; single result store deployed (partial) A/B (scope set-diff; sink)
audit_dead_links() (broken-ref) Đ23 Relations → deleted entities to-build (🔴) D (bounded new work, reuse v_kg_edges_all+system_issues)
Art.14/Đ14 + One-Roof island_detected/double-owner + FIX7 G-NO-DUPLICATE-CANONICAL-AUTHORITY const/One-Roof/FIX7 Duplicate-AUTHORITY detection (must be executed, not asserted) law + active guard / engine partial E (integrate, don't fork)

3. Reuse map for Implementation Package DOT v0.1

Required capability Existing asset to reuse How
manifest / package envelope iu_core fn_iu_mark_create_manifest + cutter_governance envelope/manifest/dot_pair_signature + 86-units "manifest-as-code" B — generalize one existing manifest model; do NOT invent a third
artifact existence check dryrun.py extract_region / discover-first + Đ19 orphan / v_kg_edges_all resolve B — "declared artifact resolves?" = an orphan/dead-link query
command execution + exit-code capture (none — dryrun.py deliberately REFUSES to run anything) D — TRUE NEW WORK
sha256 check dryrun.py snapshot_gate, text_as_code.computed_digest, P9-G6 pg_catalog.sha256(), Đ43 dual-checksum A — reuse verbatim
selftest evidence binding cli.py selftest + AST isolation test; P11E checker_run_status A/B — add --selftest N/N + module_sha256 self-pin (NEW counter)
negative test (parse-and-reject real input) dryrun.py fail-closed negatives B — extend to reject real seal/envelope revision input
blocked / allowed scope Đ43 §5.8 5-guard, orchestrator/policy.assert_*, Đ23 inverse-check A/B — config-driven scope set-difference
duplicate-AUTHORITY detection Art.14/Đ14 + One-Roof island_detected + FIX7 G-NO-DUPLICATE-CANONICAL-AUTHORITY, v_entity_full_classification, governance_registry E — call/integrate the existing guard; must be executed, anti-bootstrap (SoD)
path alias / canonical id Đ23 inverse-check (UNREGISTERED vs meta_catalog) + orphan ground-truth inventories A/D — document-level canonical-id resolver is the new slice
report format P11E CheckerOutput + healthcheck.HealthcheckReport.to_json() + system_issues A — reuse shape; sink to system_issues
context pack integration v_context_pack_latest, context_pack_manifest.health_status, v_entity_full_classification, rendered LAWS_INDEX/DOT_REGISTRY A — read to resolve approved-SSOT
orphan / impact / overlap Đ19 orphan, Đ8 entity_dependencies, universal_edges/v_kg_edges_all A — query existing engines, don't rebuild
SQL / migration safety Đ43 §5.8 banned-token + read-only + timeout guards; P9-G6 fail-loud; Đ33 DOT-PG-01 A/B — reuse the 5-guard; Squawk remains a deferred advisory engine only
IU / Text-as-Code lifecycle integration fn_iu_* create/edit/apply/supersede/merge/split/structure-op, staging zone, gateway guards A — the package IS a Đ38 artifact in this lifecycle; don't re-implement it
event / report / log integration event_outbox + fn_iu_emit_event; fn_tac_log_checker_issuesystem_issues A — emit/log via deployed infra

4. Anti-duplication findings (explicit — do NOT rebuild)

  1. Do NOT build a new verifier from scratch. cutter_agent/dryrun.py already is a runnable, fail-closed, sha256-prechecking, determinism-checked, selftested Article-14 verifier. Clone/adapt it; forking = duplicate authority.
  2. Do NOT build a new checker logger. fn_tac_log_checker_issue is deployed (S183) with dedup + escalation + severity-map into system_issues. A second logger is exactly the parallel-registry / duplicate-authority violation this tool exists to catch.
  3. Do NOT invent verdict semantics. Reuse P11E checker_run_status 4-case truth table + readiness sentence verbatim so an incomplete/unrunnable manifest is structurally incapable of reading PASS (the precise FIX7 conflation).
  4. Do NOT rebuild the preflight/verify/rollback machine. The 19-gate --doc_code runner + Validation Contract + exact-key dual-write rollback already exists and ran; iu_core fn_iu_verify_mark/fn_iu_verify_cut_result are the deployed approve-before-cut / verify-after-apply gates.
  5. Do NOT build a new graph / edge store. universal_edges (CAT-130) + v_kg_edges_all are the SoT mirror + sanctioned read surface; a second graph is an explicit constitutional violation ("hidden second graph SoT"; FK is SoT, mirror never writes back).
  6. Do NOT reimplement orphan / impact / dependency. Reuse Đ19 scanners, Đ8 entity_dependencies, meta_catalog.orphan_count. "Reference doesn't resolve" = an orphan/dead-link the existing pattern finds.
  7. Do NOT fork duplicate-authority detection. Integrate with Art.14/Đ14 + One-Roof island_detected/double-owner + the FIX7 G-NO-DUPLICATE-CANONICAL-AUTHORITY guard + governance_registry; entity-overlap must conform to Đ14's 3-tier contract and route to dot-duplicate-engine's slot (TD-083), not a fourth mechanism.
  8. Do NOT rebuild the paired-DOT runner, no-hardcode framework, or context verification. Copy Đ43's dot-context-pack-{build,verify}.sh shape (dot_config_get no-fallback, §5.8 5-guard, generic executor_type dispatch, dual-checksum, staging→promote); read context_pack_manifest.health_status instead of re-deriving context health.
  9. Do NOT create a new event bus / notification board. Emit into event_outbox with a governed event_domain; routing worker + dead-letter already exist.
  10. Do NOT re-do the feasibility analysis. It exists (planning/…-2026-06-09.md); this audit corrects its maturity claims and replaces "build the runner" with "extract + adapt the existing runner."

5. What should be extracted before design (inputs to the future spec)

These become named inputs; for each: copy-pattern / call-directly / adapt — and what NOT to touch.

Component Exact path / name Action Do NOT touch
Runnable verifier skeleton /Users/nmhuyen/iu-cutter-build/repo/iu-cutter/cutter_agent/dryrun.py (+ tests/test_dryrun_snapshot_mark.py, cli.py) Copy pattern / adapt (the extract_regionsnapshot_gate→determinism→FailClosed/exit-3 backbone) its snapshot-MARK semantics + DB-refusal contract
Checker logger fn_tac_log_checker_issue(...) (deployed) → system_issues Call directly its signature / severity-map / production rows
Verdict vocabulary P11E checker_run_status + §4.5 truth table + §4.1 readiness sentence; P6 severity + registry fields Copy verbatim the AP-CHECKER-* proof-layer namespace (keep separate from real DOTs)
Preflight/verify/rollback p3d-phase5c2-86-units-completion-report.md §5 (19 gates + Validation Contract + exact-key rollback); iu_core fn_iu_verify_mark/fn_iu_verify_cut_result Adapt (--doc_code--manifest) / call the live iu_core functions' behavior
Manifest model iu_core fn_iu_mark_create_manifest or cutter_governance envelope/dot_pair_signature/verify_result Adapt ONE (after the iu_core↔cutter_governance decision) both until the duplication is resolved (§9 Q1)
Paired-DOT runner knowledge/dev/dot/dot-context-pack-build.sh (rev 11) + dot-context-pack-verify.sh (rev 5); dot_config_get, §5.8 5-guard, generic executor Copy pattern the deployed context-pack scripts/cron/VPS files
Active-context data source v_context_pack_latest, context_pack_manifest.health_status, v_entity_full_classification, rendered LAWS_INDEX/DOT_REGISTRY/RED_ZONES Read (call) directly the pack's build/promote pipeline
Graph / dependency / orphan universal_edges + v_kg_edges_all + fn_iu_kg_edge_audit(); Đ8 entity_dependencies + dot-dependency-scan; Đ19 dot-orphan-scan(ner); sink system_issues Call directly the SoT FK tables; never write-back to universal_edges
Duplicate-authority guard Art.14/Đ14, One-Roof island_detected/double-owner, FIX7 G-NO-DUPLICATE-CANONICAL-AUTHORITY, governance_registry Integrate (call) the One-Roof single governance_registry (no parallel)
Staging zone iu_core.iu_staging_record/_payload (+ vector_excluded) Reuse (hold unverified packages) the vector-boundary rule

6. What is truly missing (gaps remaining AFTER reuse)

Only these are genuinely new; for each, why existing assets don't already solve it:

  1. A command-runner that captures exit codes. dryrun.py deliberately refuses to run anything (env-credential refusal, --no-* flags); no deployed asset executes a declared command and records its return code. This is the literal heart of catching recheck-8 #1 ("declared invocation exits 2 because the .py artifact does not exist"). GAP_TRUE_NEW_WORK.
  2. Prose-claim ↔ executable-test binding. Nothing today links a Markdown claim ("selftest passes / canonicalizer runs / scenario computed") to a runnable test entry. Catches recheck-8 #2/#3 ("prose-only scenarios"). GAP.
  3. Document-level path-alias / canonical-id + duplicate-authority resolver for Article 14. orchestrator/policy.assert_no_module_level_pins is code-level; Đ23 inverse-check is table-level; FIX7's guard is blueprint-internal. A reusable, generic document/package-level canonical-id + duplicate-authority check that executes (not asserts) does not exist as a callable tool. GAP (bounded — must call Đ14/One-Roof contracts).
  4. package_manifest.json envelope generalized across package types (not just IU-cut, not just context-pack) + its schema. The existing manifests are domain-specific (IU cutting / context sections). GAP (adapt, not invent-from-zero).
  5. --selftest N/N counter + module_sha256 self-pin (the verifier proving its own identity+coverage). The repo proves isolation by AST test, not by a self-reporting pinned counter. GAP (small).
  6. audit_dead_links() (broken-ref over declared references) — named to-build (🔴) in Đ23; legitimately new but must reuse v_kg_edges_all + system_issues. GAP (bounded).

Everything else the old plan listed as "to build" (dry-run framework, checker logger, verdict semantics, paired-DOT, context verification, graph/orphan/impact) is already built — reuse, do not rebuild.

7. Revised recommendation

REUSE_EXTRACTION_FIRST.

Do NOT jump to the scope-spec. First (all design/decision only — no code, no install, no mutation):

  • (a) Resolve the two pre-existing duplications that bound our scope — iu_core pipeline ↔ cutter_governance (which manifest/verify lineage is canonical), and tac_logical_unitinformation_unit (which corpus is authoritative). These are owner decisions (§9 Q1, Q2), not ours to assume.
  • (b) Produce a one-page Extraction Map that pins each reused component (the §5 table) to "copy-pattern / call-directly / adapt", and explicitly scopes the Implementation Package DOT as the generic package verifier that calls the deployed engines — registered under Đ23 as an Inspector DOT, sinking to system_issues, with no new authority surface.
  • (c) Re-baseline against a single fresh read-only live-state snapshot (counts/functions/tables), because the audit found stale, conflicting numbers.

This is not BLOCKED_BY_CONFLICT (the conflicts are resolvable by owner decision, not hard technical blocks) and not PROCEED_TO_SCOPE_SPEC (proceeding now would almost certainly duplicate one of two existing cut/verify lineages).

8. Revised next roadmap (reuse-first, parallel-authority-avoiding)

Phase Deliverable Guardrail
R0 — Owner decisions Decide iu_core↔cutter_governance canonical lane + TAC↔IU corpus authority (§9 Q1/Q2) No build until decided
R1 — Fresh read-only baseline One query_pg read-only snapshot of fn_iu_* / iu_* tables / counts; pin as the do-not-rebuild baseline READ-ONLY; no mutation
R2 — Extraction Map The §5 table finalized: each reused asset → copy/call/adapt + "what not to touch"; scope the tool as a generic Đ23 Inspector DOT calling deployed engines No new authority; sink = system_issues
R3 — Gap-only mini-spec Spec ONLY the §6 true gaps (command-runner+exit-code, claim↔test binder, doc-level canonical-id/duplicate-authority, generic package_manifest schema, --selftest+module_sha256) Everything else = "reuse X", not "build X"
R4 — FIX7 pilot via reuse Run the adapted verifier against the FIX7 package; acceptance = detect all five CONSTITUTION_14_EXECUTABLE_CHECK_FAIL reasons No FIX7 resume; pilot only

(Only after R0–R3 does the original "scope-lock spec" become safe to write.)

9. Questions for GPT / User / Codex (only those NOT answerable from KB)

  1. Canonical cutting/verify lane — is iu_core (PG-native fn_iu_op_*) or cutter_governance (external code-agent /opt/incomex/dot) the authoritative MARK/CUT/VERIFY + manifest lineage the Implementation Package DOT should build on? (Both exist; building on neither = a third.)
  2. TAC ↔ IU corpus authority — for "the corpus," is tac_logical_unit (86 production rows) or information_unit the authoritative table, and is the reconciliation merge / bridge / evolve? A verifier touching corpus references needs this.
  3. Scope of the tool — is the Implementation Package DOT the generic package verifier for any implementation dossier, or specifically the FIX7-blueprint verifier? (Affects whether we generalize the 19-gate runner or just wrap it.)
  4. Authority placement — confirm the tool registers as a Đ23 Inspector DOT (appendix), sinking to system_issues, vs. any other home. (KB strongly implies Đ23; need owner confirmation given the duplicate-authority sensitivity.)
  5. Baseline read — approve a single fresh read-only query_pg snapshot to pin exact fn_iu_*/table counts (the audit found 175 vs 98 discrepancies)?
  6. Duplicate-authority guard ownership — should the tool call the existing FIX7/One-Roof/Đ14 duplicate-authority guard, or is a shared callable extraction of that guard expected first? (We must not fork it.)

End of reuse / anti-duplication audit. Read-only. No implementation, no install, no production mutation, no FIX7 resume, no new law, no scope-lock spec, no verifier/schema code, no PG/system_issues wiring, no standalone Safety Kit.

Back to Knowledge Hub knowledge/dev/laws/tool-kiem-thu/reports/text-as-code-reuse-anti-duplication-audit-2026-06-09.md