SuperBundle — 04 P-pub Staged Promotion Path
04 — Branch D: P-pub Staged Promotion Advancement
Goal: advance P-pub toward block_new without unsafe breakage. Result: ADVANCED — authority pack; signature change deferred (default stays warn).
1. Live state (re-verified)
fn_iu_create(p_canonical_address, p_title, p_body, p_actor, p_unit_kind, p_section_type, p_owner_ref, p_publication_type, p_parent_ref uuid)— 9 params, NOauthority_ref. Confirmed viapg_get_function_identity_arguments.dot_confighas noiu_create.ppub.enforcement_modekey (the staged-enforcement switch does not exist yet).tac_publicationexists inpublic. Prior survey: 133/219 IU lack publication authority; vocab authorities thin.- Birth gate
fn_iu_birth_gate_layer1/layer2exist; P-pub checks are warn-only today.
2. Staged promotion path (warn → block_new → backfill → block_all)
| Stage | Config | Safety | Owner |
|---|---|---|---|
| S0 (today) | implicit warn | safe | — |
| S1 warn (explicit) | add iu_create.ppub.enforcement_mode='warn' key |
safe now — pure config, no behavior change; makes the switch first-class | GOV-NRM-SYS |
| S2 block_new | ='block_new' — new IU without authority_ref rejected |
safe only after signature carries authority_ref AND callers updated | council |
| S3 backfill | supersede-based authority backfill for 133/219 | safe, additive | council |
| S4 block_all | ='block_all' |
needs council + sovereign (touches existing 219) | sovereign |
3. fn_iu_create signature patch (PREPARED — deferred)
-- add authority_ref as a trailing optional param (keeps 9-arg callers working)
CREATE OR REPLACE FUNCTION public.fn_iu_create(
p_canonical_address text, p_title text, p_body text, p_actor text,
p_unit_kind text, p_section_type text, p_owner_ref text,
p_publication_type text, p_parent_ref uuid,
p_publication_authority_ref text DEFAULT NULL -- NEW, trailing, nullable
) RETURNS ... AS $$ ... enforcement_mode-aware body ... $$;
Deferred because: (a) fn_iu_create is the canonical gateway function (iu_create.gateway.canonical_function) — changing its signature touches the allowlisted marker contract and the _plan twin; (b) overloading vs. replacing must be a council call to avoid breaking the gateway guard. Not applied (forbidden: no unsafe P-pub block; canonical gateway change needs council).
4. Safe step that COULD be committed next (recommended, not done here)
Add the explicit iu_create.ppub.enforcement_mode='warn' config key (S1). It is pure config, default-warn, zero behavior change, fully reversible (DELETE the key). Held back this campaign to keep the P-pub branch a single coherent council decision, but it is the lowest-risk first move.
5. Backfill script (prepared)
-- dry-run report of IU lacking publication authority
SELECT count(*) FROM information_unit iu
LEFT JOIN tac_publication p ON p.unit_ref = iu.id
WHERE p.id IS NULL; -- ~133
-- backfill via supersede (NOT direct UPDATE of enacted rows) — needs Đ32 + council
Advancement: P-pub path is now a precise 4-stage ladder with prepared signature patch + config key + backfill, blocked on council decision about the gateway signature. No mutation.