Incomex AI Portal
KB-2291

05 — P-pub Birth-Gate Promotion Authority Refinement (staged, 2026-05-28)

6 min read Revision 1
iuppubbirth-gatepublication-authoritystaged-enforcementwarnblock-newblock-allbackfillfn-iu-createdieu38dieu322026-05-28

05 — P-pub Birth-Gate Promotion Authority Refinement

Refines the predecessor P-pub pack with live evidence and an implementation-grade staged plan. No unsafe hard-block now. This is an authority pack to be enacted later under human/council sign-off.

1. Why hard-block now is unsafe

  • P-pub1/P-pub2 are currently warn-only inside fn_iu_birth_gate_layer1() (BEFORE-INSERT trigger). fn_iu_create(...) has no publication_authority_ref parameter — it cannot bind authority at creation time.
  • Live gap (measured 2026-05-28): 133 of 219 IUs (61%) have no doc_code-matching authority publication. Only 86 IUs anchor to one of the 4 tac_publication rows (all publication_type='law', lifecycle='proposed').
  • Flipping to block_all now would immediately break creation/edit of the majority of the corpus and any descendant operations. Unsafe.

2. Current missing-data counts (live)

Metric Value
total IUs 219
IUs with no authority publication (by doc_code) 133 (61%)
IUs anchored to an authority publication 86
tac_publication rows total 4 (all type=law, lifecycle=proposed)
publication_authority vocab keys 1 (incomex_council)
publication_type vocab keys 2 (law, design_doc)
iu_create.ppub.enforcement_mode config key does not exist yet

3. fn_iu_create signature change (proposed, DEFER)

Current: fn_iu_create(p_canonical_address, p_title, p_body, p_actor, p_unit_kind, p_section_type, p_owner_ref, p_publication_type, p_parent_ref).

Proposed additive change (later, governed):

  • Add p_publication_authority_ref uuid DEFAULT NULL (points at a tac_publication.id whose owner/approved_by/council_score constitutes authority).
  • Keep it nullable so existing callers don't break.
  • The birth gate reads this param (or resolves it via doc_code) and applies the staged policy (§4).
  • NB: changing the signature changes the gateway's iu_create.gateway.canonical_function registration — update that config key in the same migration.

4. Staged enforcement levels (new config key iu_create.ppub.enforcement_mode)

Stage Value Behavior Safe today?
0 warn (current) P-pub1/P-pub2 log a warning, never block ✅ (current state)
1 block_new NEW IUs must bind a valid publication_authority_ref; legacy 133 untouched ✅ once vocab + 1+ authority publication exist
2 (backfill) Backfill authority for the 133 via lawful supersede/edit, not direct UPDATE ✅ governed
3 block_all All creates/edits require authority ❌ until backfill complete + council sign-off

The gate function reads iu_create.ppub.enforcement_mode and branches: warn → notice; block_new → RAISE only when the row is new AND lacks authority; block_all → RAISE whenever authority absent.

5. Publication authority vocabulary (extend, governed)

Live vocab keys: vocab.publication_authority.incomex_council, vocab.publication_type.{law,design_doc}. Extend (council-approved) with the authority sources the corpus needs (e.g. sovereign, architecture_council) and publication types (e.g. standard, policy, runbook). Each new vocab value = one dot_config row, council-approved.

6. Backfill strategy

  1. Inventory the 133 unauthorized IUs grouped by doc_code.
  2. For each doc_code cluster, create/identify the authoritative tac_publication (owner=authority, type set, lifecycle advanced from proposed).
  3. Bind via lawful path — fn_iu_supersede/fn_iu_create_edit_draft+fn_iu_enact with a review_decision — not a direct UPDATE information_unit.
  4. Re-measure the 133 count after each cluster; target 0 before stage 3.

7. Rollout sequence

warn (now) → add vocab + ≥1 real authority publication → block_new (safe: legacy untouched) → backfill 133→0 → council sign-off → block_all. Each transition is a single dot_config UPDATE of iu_create.ppub.enforcement_mode, reversible by setting it back.

8. Required sign-offs

  • block_new: architecture council (GOV-COUNCIL) approval_id.
  • Vocab additions: council.
  • block_all: council and sovereign (it can block the whole corpus).

9. Rollback

Every stage is a config value flip — roll back by reverting iu_create.ppub.enforcement_mode to the prior value. The signature change rolls back by DROP-ing the added param overload / restoring the prior canonical_function config. No data is destroyed (backfill uses supersede, preserving history).

10. Test plan

  • In BEGIN..ROLLBACK: set mode=block_new in-tx, attempt a create without authority → expect RAISE; attempt with authority → expect success; attempt to edit a legacy unauthorized IU → expect success (legacy untouched). ROLLBACK.
  • Verify fn_iu_gate_verify_closed() unaffected (P-pub is a birth-gate, not one of the 10 governable/never-flip gates).
  • Confirm zero-delta after ROLLBACK (account for dot_iu_command_run audit rows).

11. Exact macro prompt for future safe promotion

See doc 08, prompt #5 (IU_PPUB_BIRTH_GATE_STAGED_PROMOTION). It is design+apply with acceptance criteria: never block_all before backfill=0; never break legacy; council approval_id required for each stage.

12. No-go

  • No block_all before backfill 0 + council/sovereign sign-off.
  • No direct UPDATE information_unit for backfill — lawful supersede only.
  • No silent vocab expansion — each value is council-approved.
Back to Knowledge Hub knowledge/dev/reports/architecture/iu-limited-pilot-cr-kg-design-recon-authority-megabundle-2026-05-28/05-ppub-promotion-authority-refinement.md