IU d / e / f-enable — Remaining Governed Live-Test Suite (2026-05-28)

Macro: IU_D_E_F_REMAINING_GOVERNED_LIVE_TEST_SUITE_250000X Execution class: C3 GOVERNED_MUTATION_TEST suite (branches d, e, f-enable). Apply channel: SSH workflow_admin → docker exec -i postgres psql -U workflow_admin -d directus (stdin pipe). Read-proof: MCP query_pg (role context_pack_readonly). Companion appendix: iu-d-e-f-remaining-governed-live-test-suite-appendix-2026-05-28.md. Precursors: iu-mutation-safety-foundation-for-d-e-f-enable-live-apply-2026-05-28.md (+ appendix), iu-b-c-f-additive-dot-wrapper-and-harness-live-apply-2026-05-28.md, iu-core-process-brick-readiness-and-gap-survey-2026-05-28.md.

1. Final status — PASS

Branch	Verdict	One-line
D — compose / structure ops	PASS	d1–d7 on cloned test IUs; split/merge with a real manifest-bound `review_decision_id`; rollback/cleanup proven; gates closed
E — trigger in/out	PASS	trigger-out emit (iu + piece), trigger-in inbound capture, forced-failure → DLQ, route-scoping refusals + one isolated test delivery; no real route touched
F-enable — SQL link enable/capture	PASS	test link validate→enable→capture→disable; 3 real links stayed `enabled=false`; link inbound capture proven on INSERT

Method: each branch ran as a single BEGIN … ROLLBACK transaction. Gates were opened via the bounded gate protocol inside the transaction (functions observe them open via own-write visibility), every operation acted on cloned TEST/def-suite/* artifacts only, rich in-transaction evidence was captured, then ROLLBACK performed the cleanup. This is the strongest cleanup available (atomic revert), guarantees no gate is ever committed open, and persisted nothing — confirmed by a separate committed verification after each branch and a final whole-suite verification. This mirrors the mutation-safety-foundation precedent (its self-test ran in BEGIN/ROLLBACK and committed nothing).

Acceptance met: branch d completed; every safe branch completed; all attempted branches have rollback/cleanup proof; no gate left open; no real route touched; no real SQL link enabled; no production law IU changed; no vector/Directus/4-Mothers work.

4 Mothers remains BLOCKED.

2. Source matrix

#	Source	Found	Used for
S1	`iu-mutation-safety-foundation-…-2026-05-28.md` + appendix	KB	Gate-protocol signatures (`fn_iu_gate_open/close/verify_closed/watchdog`), §13 paste-ready d/e/f prompts, corrected substrate facts
S2	Live DB `directus` (pg_proc bodies, pg_constraint, table schemas, 31 registry rows, 15 routes)	live	Authoritative function contracts + constraints that drove the test SQL (corrected several assumptions — see §16)
S3	`iu-b-c-f-additive-dot-wrapper-…-2026-05-28.md`; survey `iu-core-process-brick-readiness-…`	KB/memory	Baseline (catalog 51 / run 55), channel pattern, b/c/f read proofs
S4	Laws Hiến pháp / Đ0-G / Đ7 / Đ30 / Đ31 / Đ32 / Đ35 / Đ38-39 / Đ45; Master Design Rev5	auto-memory	Owner-law mapping, never-flip absolutes, refs-only payload, register-before-emit
S5	Prompt standard `prompt-muc-tieu-mo-for-claude-code.md`	auto-memory	PASS/PARTIAL/BLOCKED, underload rule, evidence requirements

Source gaps: none blocking. Laws/Master-Design carried via auto-memory + the foundation report; all gate/approval decisions grounded in live DB inspection.

3. Hard Gate 0 — result (PASS)

Check	Result
Host	contabo VPS (`ssh contabo` → `vmi3080463` / `root` / `/root`)
Container	`postgres`
Database	`directus`
Read channel	`query_pg` = `context_pack_readonly` @ `directus`, `172.19.0.3/32`, PG 16.13
Write channel (SELECT-first)	`docker exec -i postgres psql -U workflow_admin -d directus` → `current_user=workflow_admin`, db `directus`, PG 16.13
Write probe (BEGIN/ROLLBACK)	`UPDATE dot_config … composer_enabled` → in-TX `true` → ROLLBACK → `false` (reversibility proven, persisted nothing)
Gate protocol present	`fn_iu_gate_open / fn_iu_gate_close / fn_iu_gate_verify_closed / fn_iu_gate_watchdog` all present
`fn_iu_gate_verify_closed(NULL)` pre-start	`all_safe=true`, `all_governed_closed=true`, `never_flip_intact=true`
Rollback prepared	each branch is its own atomic `BEGIN … ROLLBACK`; pre-suite `pg_dump --schema-only` = 1,523,493 B

No no-go condition triggered.

4. Baseline snapshot (pre-suite)

Gates (dot_config) — all safe defaults: composer_enabled=false, structure_ops_enabled=false, delivery_enabled=false, three_axis_auto_refresh_enabled=false, operator_runtime_enabled=false, queue.job_substrate.enabled=false, queue.dlq.replay_enabled=false; never-flip iu_enact.allow_no_review_decision=false, iu_core.vector_sync_enabled=false. Also delivery_live_routes="" (empty), routes_master_enabled=true, route_worker_enabled=true, piece_event_runtime.emit_enabled=false, piece_event_runtime.dry_run_only=true.

Counts: information_unit=216, unit_version=223, iu_piece_collection=45, iu_piece_membership=227, iu_split_set=0, iu_merge_set=0, iu_structure_operation=72, iu_sql_link=3 (all enabled=false), event_type_registry=31, event_outbox≈149,095, iu_outbound_route=15, iu_route_attempt=68, iu_route_dead_letter=0, iu_gate_transition=0, dot_iu_command_catalog=51, dot_iu_command_run=55, cutter_governance.review_decision=4, manifest_envelope=3, manifest_unit_block=147. Schema --schema-only=1,523,493 B.

5. Branch D — compose / structure ops (PASS)

Single BEGIN … ROLLBACK. Actor iu_def_suite. All artifacts under TEST/def-suite/.

Step	Action	Result
D.0	`fn_iu_gate_open` composer + structure_ops (each: a real `approval_id` uuid, ttl=300)	both `opened`; ledger rows written; `composer_on=t structops_on=t`
D.1	`fn_iu_compose` mint 3 pieces (p1/p2/p3) into collection	`ok=true, pieces_minted=3, pieces_attached=3`
D.2	`fn_iu_create` p4 + `fn_iu_collection_add_piece`	created + added at order 3
D.3	`fn_iu_collection_remove_piece` p2	membership removed (reversible), remaining renumbered
D.4	`fn_iu_collection_reorder_piece` p3 → 0	reordered
D.7	`fn_iu_collection_render`	active order p3(0), p1(1), p4(2); p2 gone — matches expectation
D.gov	INSERT TEST `manifest_envelope` + `review_decision` (verdict=`approve`, status=`decided`, scope=`manifest`, `manifest_unit_local_id=NULL`)	`rd_exists=1`
D.5	`fn_iu_piece_split` p1 → {p1a,p1b} with the test `review_decision_id`	`status=split_recorded`, 2 children, `iu_split_set` row, rd_bound=true, source untouched
D.6	`fn_iu_piece_merge` {p3,p4} → pm with the test `review_decision_id`	`status=merge_recorded`, merged IU, `iu_merge_set` row, rd_bound=true, sources untouched
in-tx	counts	test_ius=7, nontest_ius=216 (unchanged), split_sets=1, merge_sets=1
D.9	`fn_iu_gate_close` both gates → `fn_iu_gate_verify_closed`	`all_safe=true`; ledger = 2 open + 2 close
post-RB	committed verify	information_unit=216, split=0, merge=0, collections=45, gate_transitions=0, command_runs=55, review_decisions=4; `final_all_safe=true`

Key facts proven: fn_iu_piece_split/fn_iu_piece_merge are SECURITY DEFINER, additive (create children/merged IU in draft, record iu_split_set/iu_merge_set, leave the source untouched), require p_review_decision_id unconditionally with an FK-probe of cutter_governance.review_decision, and do not consult allow_no_review_decision. They do not traverse the cut state machine → U5 (cut-state-machine rollback) is NOT a prerequisite for d5/d6.

6. Branch E — trigger in/out (PASS)

Single BEGIN … ROLLBACK. Master gate (routes_master_enabled) and worker gate (route_worker_enabled) already open; delivery gate closed.

Step	Action	Result
E.1	trigger-OUT iu: `fn_iu_emit_event('template.instance_auto_composed', …)`	`event_outbox` row domain=iu, stream=update, lane=delayed, payload refs-only (no body/secret/vector); needs master gate only
E.1b	trigger-OUT piece: enable `piece_event_runtime.emit_enabled` in-tx → `fn_iu_piece_emit_event('updated', …)` → revert flag	outbox row type=updated, `emit_mode=dry_run`
E.2	trigger-IN: test table + enabled `iu_sql_event_route` + AFTER-INSERT trigger → INSERT	`iu_route_attempt(route_kind=inbound, status=dry_run)` written
E.3	forced DLQ: test route (iu, `template.instance_auto_composed`, enabled, dry_run=false) + dedicated test worker cursor positioned just before the test event → `fn_iu_route_worker_run`	`seen=1, dead_lettered=1`; `iu_route_dead_letter` row `failure_code=worker_process_error` reason "delivery gate closed"; `iu_route_attempt(status=failed)`. Delivery gate stayed closed → the RAISE itself produced the DLQ.
E.4	open `delivery_enabled` via protocol; `fn_iu_route_deliver('iu.collection_created.workflow', …)` (a REAL route, not in allowlist)	refused_as_expected (`insufficient_privilege`) — real route never delivered
E.5	isolated success: `fn_iu_route_deliver('iu.test_def_suite.dlq', …)` (test route in allowlist, target `sql_function/fn_iu_structure_consumer`)	success → `iu_tree_change_log` projection row written (idempotent, internal-only)
E.6	`fn_iu_gate_close` delivery + empty allowlist + `verify_closed`	`all_safe=true`; ledger = delivery open + close
post-RB	committed verify	test_outbox=0, routes=15, attempts=68, dlq=0, test_cursor=0, allowlist="", emit_enabled=false, gate_transitions=0, runs=55; `final_all_safe=true`

No real route touched (the 15 real routes are iu-domain, all enabled=true, dry_run=true → a worker only ever writes dry-run attempts; the forced-failure used a dedicated test route + test worker, and the one real-route call was refused). No real delivery (DLQ came from the closed-gate RAISE; the only successful delivery was to an isolated test route hitting the internal projection). Payload refs-only throughout.

7. Branch F-enable — SQL link enable/capture (PASS)

Single BEGIN … ROLLBACK. No governable gate required (inbound capture needs only the already-open master gate).

Step	Action	Result
F.0	baseline	3 real links, all `enabled=false`, `enabled_true_count=0`
F.1	create test IU + test `iu_sql_link` (`object_kind=table`, `object_name=information_unit`, `enabled=false`)	link created
F.2	`fn_iu_sql_link_validate` (before) + `fn_iu_sql_link_resolve_all`	`resolved=true` (pg_class_match); resolve_all `total=4, resolved_true=4, all_view_eq_direct=true`
F.3	enable test link (UPDATE `enabled=true`)	enabled; capture did not fire (trigger is AFTER INSERT only)
F.3b	create enabled route for (`iu_sql_link`,insert) first, then INSERT a test link	`iu_route_attempt(route_kind=inbound, dry_run, table=iu_sql_link)` written — capture proven
F.4	`fn_iu_sql_link_validate` (after)	`resolved=true` — consistent
F.5	disable test link	`enabled=false`
F.6	real-link check + verify	`enabled_true_count=0`; 3 real links `enabled=false`; `all_safe=true`
post-RB	committed verify	iu_sql_link=3, enabled_true=0, test_link_remaining=0, information_unit=216, attempts=68, runs=55; `final_all_safe=true`

Finding: trg_iu_sql_in_iu_sql_link is AFTER INSERT … FOR EACH ROW only — enabling a link (an UPDATE) does not itself emit an inbound capture; the link's inbound capture fires on link INSERT (and is fail-closed without an enabled matching iu_sql_event_route). The generic inbound-capture path is independently proven in E.2. The 3 real links were never enabled.

8. Gates opened/closed ledger (all within rolled-back transactions)

Branch	Gate	open	close	committed?
D	iu_core.composer_enabled	✓ (approval_id+ttl=300)	✓	no (ROLLBACK)
D	iu_core.structure_ops_enabled	✓ (approval_id+ttl=300)	✓	no (ROLLBACK)
E	iu_core.delivery_enabled	✓ (approval_id+ttl=300)	✓	no (ROLLBACK)
F	—	none required	—	—

Every open recorded a real approval_id (Điều 32) + bounded ttl in iu_gate_transition; every open was paired with a close inside the same transaction; in-tx verify_closed returned all_safe=true before each ROLLBACK. Committed iu_gate_transition=0 (no gate ever persisted open). Never-flip keys were never targeted (the protocol would refuse them).

9. Review-decision evidence (Branch D)

cutter_governance.review_decision is invisible to context_pack_readonly (permission denied) — read/written via workflow_admin.
It has no CHECK constraints; FK manifest_id → manifest_envelope(envelope_id) and composite (manifest_id, manifest_unit_local_id) → manifest_unit_block. Setting manifest_unit_local_id=NULL makes the composite FK vacuously satisfied (MATCH SIMPLE), so a valid review_decision needs only a manifest_envelope parent.
The test decision: governance_event_kind='review_decision', verdict='approve', status='decided', review_scope='manifest', reviewer_class='automated_agent', risk_class_assessment='standard', cross_signed_by_dot_verifier=false. It was FK-probed and bound by both fn_iu_piece_split and fn_iu_piece_merge (rd_bound=true on both set rows). Created and destroyed inside the transaction; committed review_decision=4 (unchanged). allow_no_review_decision never flipped.

10. Event-type / route evidence (Branch E)

event_type_registry = 31 rows (16 iu, 6 piece, 5 staging, 4 system); no JSON-schema / no compat_mode column; key (event_domain,event_type); event_stream/delivery_lane must MATCH the registry (enforced by trigger fn_event_type_validate). No new event type needed to be registered for the exercised paths (structure/piece/iu types already present; route.delivered/route.failed have no emitter and stay correctly deferred).
15 iu_outbound_route rows: all event_domain=iu, target_kind=workflow, target_ref=event_outbox, enabled=true, dry_run=true → the worker only ever writes dry-run attempts for real events; no live delivery.
iu_outbound_route.event_domain CHECK ∈ {iu,iu_sql} (piece-domain cannot be routed). target_kind CHECK includes sql_function; the only delivered target supported by fn_iu_route_deliver is sql_function/fn_iu_structure_consumer.
Delivery is route-scoped: fn_iu_route_deliver requires delivery_enabled=true AND route_code ∈ dot_config.iu_core.delivery_live_routes (CSV) AND the sole internal target. A second guard fn_iu_outbound_route_delivery_guard blocks creating an enabled=true, dry_run=false route unless its code is already in the allowlist. All proven by refusals + one isolated test delivery.

11. SQL-link evidence (Branch F-enable)

3 real iu_sql_link rows (represents, governs, governs), all enabled=false before, during, and after — untouched.
fn_iu_sql_link_validate resolves a table link via pg_class (pg_class_match); fn_iu_sql_link_resolve_all confirmed all_view_eq_direct=true over all 4 links (3 real + 1 test) → the resolved view equals direct validation.
Test link enabled then disabled inside the transaction; link inbound capture fires on INSERT only (see §7). No real link ever enabled; committed iu_sql_link=3, enabled_true=0.

12. Before/after row-count delta (committed, whole suite)

Table	Before	After
information_unit	216	216
iu_split_set	0	0
iu_merge_set	0	0
iu_piece_collection	45	45
iu_sql_link (enabled=true)	3 (0)	3 (0)
iu_outbound_route	15	15
iu_route_attempt	68	68
iu_route_dead_letter	0	0
event_type_registry	31	31
iu_gate_transition	0	0
dot_iu_command_catalog	51	51
dot_iu_command_run	55	55
cutter_governance.review_decision	4	4
pg_dump --schema-only (bytes)	1,523,493	1,523,493

Residue scan: TEST/def-suite/* IUs=0, test routes=0, test worker cursor=0, test manifest envelopes=0. Zero net change of any kind.

13. Production-IU no-change proof

Each branch carried an in-tx nontest_ius / real-link / real-route check and a post-ROLLBACK committed check; the final whole-suite verification confirms information_unit=216, all governance/event/route/link tables at baseline, and zero TEST/def-suite/* residue. No production law IU was mutated (the only IUs created were TEST/def-suite/* clones, all reverted).

14. Rollback / cleanup proof

Cleanup = atomic ROLLBACK of each branch transaction, independently confirmed by a committed post-rollback read after each branch (counts return to baseline) and the final suite verification (§12). The split/merge "source UNTOUCHED" semantics were additionally observed in the function outputs. No partial state, no orphan, no dangling gate.

15. `fn_iu_gate_verify_closed()` — final committed state

all_safe=true, never_flip_intact=true, all_governed_closed=true. 7 governable gates false; iu_enact.allow_no_review_decision=false; iu_core.vector_sync_enabled=false. iu_gate_transition=0 committed rows.

16. Substrate corrections / findings (for the next operator)

split/merge need no gate and no cut-state-machine — only a FK-valid review_decision_id; they create draft children/merged IU + a set row, source untouched. U5 is not a blocker for d5/d6.
Birth gate L1 is PILOT-ONLY: fn_iu_create warns P-pub1 / P-pub2 missing — production sẽ BLOCK but proceeds. Production hardening must close this (publication-policy birth checks currently warn, not block).
Two distinct emit gates: fn_iu_emit_event (iu) needs only the master gate (routes_master_enabled, already open); fn_iu_piece_emit_event additionally needs piece_event_runtime.emit_enabled. emit_enabled is NOT in the bounded-gate-protocol whitelist — it had to be toggled by a direct in-tx UPDATE (reverted). Consider adding it to the protocol's governable set, or document it as a deliberate runtime-only switch.
Outbound routes are iu/iu_sql domain only; piece-domain events have no route (worker skipped). All 15 real routes are dry_run=true.
Delivery double-guard: both fn_iu_route_deliver and the iu_outbound_route insert/update guard enforce the delivery_live_routes allowlist; fn_iu_structure_consumer is the only delivery target (writes idempotent iu_tree_change_log).
trg_iu_sql_in_iu_sql_link is AFTER INSERT only — link enable (UPDATE) does not emit capture.
cutter_governance is invisible to context_pack_readonly — read via workflow_admin. review_decision has no CHECK constraints; manifest_unit_local_id=NULL skips the composite FK.
Nested ssh contabo "… ssh contabo …" fails (inner host can't resolve contabo); run pg_dump | wc -c as a top-level ssh.

17. Remaining blockers / production-hardening backlog

B-1 Durable governed run (optional): this suite proved everything in BEGIN/ROLLBACK (persists nothing). A future macro may commit a single governed split (or trigger-out) end-to-end and then exercise the real supersede/retire + DLQ-replay (fn_iu_route_dead_letter_replay) path, leaving an audited durable trail — only after a sovereign approval for a committed mutation.
B-2 Birth-gate publication policy: promote L1 P-pub1/P-pub2 from warn → block before any production IU creation (finding #2).
B-3 emit_enabled governance: decide whether piece_event_runtime.emit_enabled joins the bounded-gate protocol or is documented as a runtime-only switch (finding #3).
B-4 DLQ-replay test: fn_iu_route_dead_letter_replay(uuid) was not exercised (no durable DLQ row to replay under the no-persist method); cover it in the durable run.
B-5 Real review_decision authoring: a production split/merge still needs a real manifest-bound Điều 32 review_decision (the TD-P1 row-builder) — out of scope for a test suite.
B-6 4 Mothers: remains BLOCKED until b–f + Wave-5 readiness fully close.

18. Forbidden-compliance statement

No production law IU mutated (only TEST/def-suite/* clones, all rolled back). No real route delivery (DLQ from closed-gate RAISE; one delivery only to an isolated test route → internal projection). None of the 3 real iu_sql_link rows enabled. iu_enact.allow_no_review_decision never set true (a real review_decision_id was supplied instead). iu_core.vector_sync_enabled never set true. No Qdrant/vector write. No Directus mutation. No Nuxt/UI work. No 4-Mothers work. No final OSS selection. No gate left open (committed verify_closed.all_safe=true, iu_gate_transition=0). No test route left in the delivery allowlist (delivery_live_routes=""). No link left enabled. No unregistered event emitted. No payload carried body/secret/vector (refs-only). Only persisted writes: these KB documents. Schema bytes unchanged (1,523,493 → 1,523,493).

19. Next recommended macro

IU_DEF_DURABLE_GOVERNED_RUN_AND_DLQ_REPLAY_60000X — a small, sovereign-approved C3 that commits exactly one governed split (or trigger-out) end-to-end on a cloned test IU, then exercises supersede/retire + fn_iu_route_dead_letter_replay, leaving a durable audited trail; address backlog B-2/B-3 in the same window. Run before reconsidering 4 Mothers. 4 Mothers stays BLOCKED.