04 — Master Design Reconciliation Patches (Branch D)

Verdict: PASS — surgical patch set. Design truth (Rev5, v0.6-iu-4mothers-event-foundation-rev2/) lags live machinery. Below are targeted patch directives (not a rewrite) to bring docs in line, with exact insert points and cross-links. Apply via patch_document in a doc-patch macro (deferred; this bundle records the patch set).

P1 — KG columns + view (design 03/04 KG section)

Live truth: iu_relation has provenance/confidence/evidence/assertion_mode/valid_time (nullable); v_kg_edges_all security_invoker UNION = 2259 (60 iu_relation + 2199 universal_edges); 60 contains edges now provenance-backfilled (confidence=1.0, assertion_mode='asserted'). Patch: add "KG enrichment is LIVE, not paper" note + record the view contract + flag that the view does not project assertion_mode/evidence (gap → P1b). P1b (new view patch directive): extend v_kg_edges_all to also project assertion_mode and evidence for full Đ39 surface. Ready DDL (authority-gated):

CREATE OR REPLACE VIEW v_kg_edges_all AS
  -- iu_relation branch: add  r.assertion_mode, r.evidence
  -- universal_edges branch: add NULL::text AS assertion_mode, NULL::jsonb AS evidence
  ...; -- preserve security_invoker; keep UNION ALL ordering

P2 — b/c/f DOT wrappers (design DOT/command section)

Live truth: fn_iu_filter_axis_b, fn_iu_filter_axis_c_subtree, fn_iu_sql_link_validate_all, fn_iu_sql_link_validate/resolve_all, fn_iu_bcf_harness_run + catalog rows exist (catalog=52). Patch: mark b/c/f read-axis wrappers as IMPLEMENTED-LIVE; reference dot_iu_filter_axis_b/subtree/sql_link_validate/resolve/test_harness_run.

P3 — d/e/f durable governed run (design lifecycle/structure section)

Live truth: first committed durable governed run proven (create→split→retire×3, fresh-conn durability), DLQ test route + replay dry-run proven; split/merge SECDEF additive requiring review_decision_id FK-probe, not the cut-state-machine; source rows untouched. Patch: record durable-run capability + the "split/merge require review_decision, no gate, no cut-state-machine" correction; mark U5 cut-state-machine as NOT a split/merge prereq.

P4 — Bounded gate protocol (design gate/Đ38 section)

Live truth: iu_gate_transition table + fn_iu_gate_open/close/verify_closed/watchdog; fail-closed (refuses never-flip keys, non-governable, null approval_id, ttl≤3600); fn_iu_gate_verify_closed() returns all_safe/never_flip_intact/all_governed_closed. Patch: replace any "gates are plain dot_config booleans" text with the bounded-gate-protocol contract; document the 10-gate verify (8 governable + 2 never-flip).

P5 — emit_enabled gate integration (design event section)

Live truth: piece_event_runtime.emit_enabled=false is a governable gate inside the 4 emit functions and in fn_iu_gate_verify_closed(). Patch: record emit_enabled as a first-class governable gate (not a hardcoded flag).

P6 — DLQ replay (design queue/Đ45 section)

Live truth: fn_iu_route_dead_letter_replay{replayed,dry_run,resolved}; gated by master routes gate, NOT queue.dlq.replay_enabled. Patch: correct the gating attribution; cross-link DLQ runbook (doc 03 §6).

P7 — Candidate Registry reality (design CR/Đ36 section)

Live truth: 6 named registries ABSENT; reuse hosts table_registry(21)/collection_registry(168)/dot_iu_command_catalog(52)/workflows(2)/tasks(10)/design_templates(1); 3 new registries build-ready (doc 01). Patch: replace "registries exist" assumptions with reuse-5/create-3 map + birth-contract requirement.

P8 — IU pilot-ready status (design status/roadmap section)

Live truth: IU = LIMITED-PRODUCTION-PILOT-READY; operating controls operator-usable (doc 03). Patch: set IU status = pilot-ready-with-controls; link doc 03.

P9 — 4 Mothers gate status (design 4-Mothers section)

Live truth: 4 HARD GATES — G1 CR-birth / G2 human-role-law / G3 prod-review (needs G2) / G4 factory-rows(0). Design-impl MAY start; runtime/UI forbidden. governance_registry=5 (0 factory, 0 human). Patch: record the 4-gate board (doc 08) as the canonical 4-Mothers entry condition.

P10 — Forbidden/never-flip invariants (design law section)

Live truth: never-flip = iu_core.vector_sync_enabled, iu_enact.allow_no_review_decision; both false and protected by gate-verify. Patch: elevate these two to a named "never-flip invariant" box in the law section.

Cross-link block (add to design index)

• KG live → doc 02 + this P1/P1b
• Pilot controls → doc 03
• CR build → doc 01
• 4 Mothers gate → doc 08
• P-pub → doc 05; review_decision → doc 06; human-role law → doc 07; event/queue → doc 09

Scope discipline

No design doc rewritten here. Each patch is a localized insert/replace with a live-truth citation. The doc-patch execution (replay via patch_document) is doc 10 Prompt 4.