Birth/Governance/Orphan-Detection Systemic Automation Audit — 00 README FIRST
00 — README FIRST
Birth / Governance / Orphan-Detection Systemic Automation Audit
Date: 2026-06-03 · Mode: production read-only (0 mutations) · Trigger: GPT decision to expand the dot-pivot-update audit into a root birth/orphan/onboarding control-system audit.
Why this audit exists
RP DOT cleanup was paused. The owner's constitutional requirement is stronger than "does dot-pivot-update have a birth row?" It is: no object may exist silently outside birth + orphan detection + governance onboarding — "cố ý làm nhầm cũng không có cơ hội" (even a deliberate mistake gets no chance). This audit tests whether the LIVE system actually enforces that end-to-end.
One-paragraph verdict
Automatic birth (row creation) is broadly LIVE and genuine — 1,116,379 birth rows across 79 collections, auto-trigger on ~100+ tables with a synthetic-code fallback. But the control loop has structural holes proven by live evidence: (1) the birth gate is advisory (warning), not blocking, and bypassable; (2) the live "orphan" metric measures metadata-completeness, not missing-birth, so row-level unborn objects are undetected; (3) dot_iu_command_catalog (54 rows) sits entirely outside the system — 0 triggers, 0 collection_registry, 0 species map, 0 meta_catalog, 0 birth; (4) filesystem DOT scripts are invisible to birth (birth is DB-row-triggered) and no reconciler is scheduled — dot-pivot-update is a concrete file-orphan; (5) governance onboarding is built but INERT (ospa=0, ownership=0, candidates=0) and operates at collection granularity, so individual born DOTs are never onboarded; (6) the detection DOTs that should catch all this are registered but unscheduled (cron NULL; no pg_cron). The answer to "can any object exist outside birth + orphan + onboarding?" is YES — therefore the target is NOT met, and RP DOT cleanup remains NO-GO pending hardening.
Status
PARTIAL — all five audit surfaces audited from decisive live evidence; controlled live-write rollback proofs were intentionally not performed (default-no-mutation honored; read-only catalog diffs + function-body determinism + read-only gate simulation were sufficient and are stronger for proving detection failure than a write proof would be).
Document map
| Doc | Contents |
|---|---|
01-law-design-and-claim-recovery.md |
What the laws require (Đ0-G, Đ33, Đ35, GPT decision); claimed-complete vs live vs design-only reconciliation. |
02-live-birth-infrastructure-audit.md |
birth_registry, trigger functions/signatures, gate, coverage counts, anomalies, dot-pivot-update birth status. |
03-live-orphan-unborn-detection-audit.md |
Orphan scanners/functions/views; the metadata-vs-birth semantic gap; what is/ isn't detectable. |
04-live-governance-onboarding-audit.md |
Ownership/candidate/scan tables, inventory/gap views, collection-granularity finding, inert state. |
05-bypass-resistance-audit.md |
Privileges, owner role, gate kill-switch, manual/Directus/ssh/DOT-file bypass paths. |
06-controlled-proof-results.md |
Read-only proofs A–D; why live writes were declined; gate simulation; catalog diffs; filesystem diff. |
07-dot-pivot-update-status.md |
Definitive classification of the dot-pivot-update file. |
08-gap-classification-and-severity.md |
G0–G9 with severity, example, family, fix, can-continue?, guardrail. |
09-safe-path-forward.md |
Path selection (E+C+D), guardrails, next macro. |
10-final-go-nogo-for-rp-dot-cleanup.md |
GO/NO-GO decision + the 12 required answers. |
11-self-review.md |
Method, limits, forbidden-action compliance, KB verification. |
Channels used (all read-only)
query_pg(directus)— read-only rolecontext_pack_readonly, AST-validated, 5s timeout, LIMIT 500.ssh contabo— read-only recon (sha256sum,ls); used becauseread_fileallowlist denies/opt/incomex/dot/bin.- KB
Incomex_KB— list/get/upload for state recovery + publishing.
Forbidden-action compliance: FULL
0 production mutations. No dot-pivot-update registration or cleanup. No manual/fake birth. No INSERT/UPDATE/DELETE to dot_tools or pivot_definitions. No governance rollout, event emit, system_issues write, DOT execution, UI/Directus/Qdrant mutation, or law/version change.
Continues the Registries-Pivot line ([[project_registries_pivot_dot_pivot_update_author_register_cleanup_2026_06_03]]) but supersedes its "next" instruction: RP DOT cleanup stays paused until the hardening in doc 09 lands.