Checkpoint — Pre-Birth Admission Control & Sequential DOT Workflow (MCP-readable short proof)

Date: 2026-06-03 Macro: PRE_BIRTH_ADMISSION_CONTROL_AND_SEQUENTIAL_DOT_WORKFLOW_DECISION Final status: PARTIAL Execution mode: read-only verification (query_pg, prod directus). Live mutation: NONE.

1. Recommended model

Option 2 — a separate, reversible birth_admission_permit table, composed from patterns ALREADY LIVE in prod: IU layered triggers (BEFORE fn_iu_birth_gate_layer1 + DEFERRABLE CONSTRAINT fn_iu_birth_gate_layer2) and the Điều 32 gate-token ledger (fn_iu_gate_open → iu_gate_transition → fn_dot_iu_command_log). Option 1 (overload birth_registry with reservation states) REJECTED — couples lifecycles, forces a 1.12M-row migration, and the UNIQUE(entity_code)-alone defect bleeds in. Option 3 (AFTER-trigger + scanner) retained for legacy/backfill/emergency ONLY.

2. Pilot family

dot_tools — already has the BEFORE gate (fn_birth_gate), orphan-clean (0 unborn), governed DOT creation path, controlled volume.

3. Can birth-first be enforced NOW?

NO. Today it is POLICY, not ENFORCEMENT: fn_birth_gate defaults to warning (non-blocking), has a kill-switch GUC (app.bypass_birth_gate), and skips null-code rows; fn_birth_first() is planned, not live. It CAN be enforced for the dot_tools pilot after prerequisites + owner approval; it CANNOT be flipped globally. No flip was performed (forbidden).

4. What must be fixed first

1. Composite-unique (entity_code, collection_name) on birth_registry + conflict-target change in fn_birth_registry_auto (unblocks 5 pivots; prerequisite for FINALIZED↔BORN).
2. birth_admission_permit table (empty, reversible).
3. Gate extension (consume permit) + DEFERRABLE finalize constraint (report-only globally; blocking for dot_tools only).
4. Registry-driven coverage + STOP-on-mismatch + per-family code rule (the hardcoded ^[A-Z]+-[0-9]+$ rule rejects 100% of entity_species, 47% of dot_tools).
5. Retire-transition mechanism (safety check fn_retire_gate_check exists; transition fn + status vocab/CHECK missing).
6. Function/trigger drift monitor (superuser bypass is detect-only — workflow_admin is superuser).

5. Governance handoff decision

Decoupled cursor-tail/CDC over the birth_registry BORN tail + registry_changelog (70,313 rows live) → upsert governance_candidate_state dirty=true → emit-or-capture handoff.object_born (registered live, active=false → captured to event_pending). 0 new tables. Never blocks creation/birth; may block governed activation where policy requires coverage. Gated by OSPA ≥ 1 (governance_build_authorization = 0 live).

6. Estimated rollout phases

P0 verification (done) · P1 design+rehearsal (1–2 d) · P2 pilot enforce dot_tools (3–5 d) · P3 sequential DOT (3–5 d) · P4 gov handoff (5–8 d) · P5 stage-2 expansion + anti-hardcode (5–8 d) · P6 cutoff (3–5 d) · P7 RP return (gated). ≈ 20–33 engineering-days (~4–7 weeks); wall-clock dominated by human/owner/creds gates.

7. Remaining absolute blockers

• dot-dot-register registrar creds — ABSENT.
• Owner DDL approval (permit table, composite-unique, gate extension, flip).
• Human OSPA ≥ 1 — governance activation.
• External scheduler — pg_cron absent.
• Owner identity decisions — dot_iu_command_catalog (54), pivot collisions.

8. Live BLOCK dimensions (confirmed, unchanged from prior checkpoint)

orphan_critical_active 59 (54 dot_iu_command_catalog + 5 pivot_definitions) · phantom_real 6 (+283 synthetic) · fs_file_no_registry 16 · dot_pivot_update 1 (STAGED_FILE_ONLY / UNBORN / NOT_VALID_DOT). RP cleanup NO-GO, enforced by fn_assert_safe_for_dot_action.

9. Next macro

PRE_BIRTH_PILOT_DOT_TOOLS_PERMIT_AND_COMPOSITE_UNIQUE_ROLLBACK_REHEARSAL — author the permit table + composite-unique migration + gate extension + deferred finalize trigger; rehearse in one BEGIN…ROLLBACK on prod (0 mutation, prove entry-hash==exit-hash); produce an operator-credentialed apply packet; STOP for owner DDL approval + registrar creds.

10. Reports

Full report set: knowledge/dev/reports/architecture/pre-birth-admission-control-and-sequential-dot-workflow-2026-06-03/ (docs 00–12). This checkpoint is the MCP-readable short proof and may be used as SSOT for the next macro.