00 — Overview & Control Tower: IU Pilot / CR / KG / Recon / Authority Live-Assembly SuperBundle (2026-05-28)
00 — Overview & Control Tower
Macro: IU_PILOT_CR_KG_RECON_AUTHORITY_LIVE_ASSEMBLY_SUPERBUNDLE_10000000X
Date: 2026-05-28
Status: PASS — first bundle in this series to perform a safe, authorized, reversible LIVE additive change (KG Branch C) alongside survey + authority/design packs.
Effort: xhigh. Execution class: mixed C2 (additive live) / C3 (governed) / C5 (doc-only).
Channels
- Read:
mcp__claude_ai_Incomex_VPS__query_pg, rolecontext_pack_readonly, dbdirectus, server172.19.0.3, PostgreSQL 16.13 (READ ONLY txn, AST-validated, 5s timeout, LIMIT 500). - Apply: SSH
ssh contabo→docker exec -i postgres psql -U workflow_admin -d directus(confirmed live:workflow_admin|directus). Used only for the KG Branch C additive change, via dress-rehearse→commit→fresh-connection-verify.
Hard Gate 0 — PASS
| Check | Result |
|---|---|
| Host = contabo VPS | ✅ 38.242.240.89 |
| Container = postgres / DB = directus | ✅ 172.19.0.3, PG 16.13 |
| Read channel | ✅ context_pack_readonly |
| Apply channel (SELECT first) | ✅ workflow_admin confirmed |
fn_iu_gate_verify_closed() |
✅ all_safe=true, never_flip_intact=true, all_governed_closed=true |
| Rollback prepared before apply | ✅ DROP VIEW + DROP COLUMN authored & rehearsed |
Entry baseline snapshot (== prior 3,000,000X exit)
information_unit=219 · iu_relation=60 · universal_edges=2199 · dot_iu_command_catalog=52 · dot_iu_command_run=55 · event_type_registry=31 · iu_gate_transition=0
Gates: 8 governable all=false, 2 never_flip (vector_sync, allow_no_review_decision) =false.
Exit state (after Branch C live apply)
information_unit=219 (Δ0) · iu_relation=60 rows (Δ0, +5 nullable cols) · universal_edges=2199 (Δ0) · NEW view v_kg_edges_all (2259 unified edges) · catalog=52 · run=55 · gate_tx=0
Gates: unchanged, all_safe=true, never_flip_intact=true. No data row mutated. No gate opened. Vector OFF. No review-decision shortcut.
Branch verdicts
| Branch | Title | Verdict | Live change? |
|---|---|---|---|
| A | IU pilot adoption package | DELIVERED (operator-usable, doc 01) | no |
| B | Candidate Registry foundation | MATERIALLY ADVANCED — full implementation-ready DDL + birth-contract sequence + reuse map (doc 02); live-create deferred (birth-contract = Đ32 approval needed) | no (authority pack) |
| C | IU KG enrichment foundation | LIVE-APPLIED — iu_relation enriched in place (5 Đ39 cols) + read-only v_kg_edges_all projection (doc 03) |
YES, committed + durable |
| D | Master Design recon patch | DELIVERED (doc 04, R1–R15 reconciliation, patch-ready) | no |
| E | P-pub staged promotion | AUTHORITY-PACK (doc 05, staged warn→block_new→backfill→block_all + exact macro) | no |
| F | Production review_decision governance | AUTHORITY-PACK (doc 06, human/council/sovereign + cross-sign + manifest binding) | no |
| G | Human-org-role / permission law | DRAFT DELIVERED (doc 07, 7 roles × 5 verbs + Directus policy map) | no |
| H | 4 Mothers entry gate board | DELIVERED (doc 08, explicit unblock/blocked matrix) | no |
| I | Next prompt pack | DELIVERED (doc 09, 10 large paste-ready prompts) | no |
The one safe live change (full disclosure)
Branch C only. Two additive, reversible operations on a trigger-free, non-Directus-managed table:
ALTER TABLE iu_relation ADD COLUMN×5 —provenance jsonb, confidence numeric, evidence jsonb, assertion_mode text, valid_time tstzrange(all nullable, no default → zero behavior change to the 60 existing rows).CREATE VIEW v_kg_edges_all WITH (security_invoker=true)— read-only UNION projection of enrichediu_relation+universal_edges. No SoT duplication; the view reads existing SoTs. Rollback (one statement each):DROP VIEW IF EXISTS public.v_kg_edges_all;andALTER TABLE public.iu_relation DROP COLUMN IF EXISTS provenance, DROP COLUMN IF EXISTS confidence, DROP COLUMN IF EXISTS evidence, DROP COLUMN IF EXISTS assertion_mode, DROP COLUMN IF EXISTS valid_time;
Why everything else stayed authority-pack
Creating registry base tables, P-pub hard-blocks, and production review-decision builders all create or govern born objects under Điều 0-G (birth registry) + Điều 32 (approval) + Điều 37 (governance). Raw-creating them via workflow_admin without birth/collection/species/governance rows and an approval is precisely the "đẻ rơi" (orphan birth) at scale anti-pattern the 4 Mothers design exists to prevent. The KG enrichment is different: iu_relation already exists and is governed; adding nullable columns + a derived read-only view is infrastructure maintenance of an existing object, not the birth of a new one.
Document map
- 01 — IU pilot adoption package
- 02 — Candidate Registry foundation (DDL + reuse + birth-contract)
- 03 — IU KG enrichment foundation (live + forward path)
- 04 — Master Design Rev5 live-inventory reconciliation patch
- 05 — P-pub staged promotion path
- 06 — Production review_decision governance path
- 07 — Human-org-role / permission law draft
- 08 — 4 Mothers entry gate board
- 09 — Next macro prompt pack (10)
- 10 — Law mapping, forbidden compliance & self-review
Next macro recommendation
IU_KG_RELATION_BACKFILL_AND_VOCAB_EXPANSION_LIVE_300000X (now unblocked by the live enrichment) in parallel with IU_CANDIDATE_REGISTRY_GOVERNED_BIRTH_LIVE_FOUNDATION_500000X (apply doc 02 DDL through the birth contract). See doc 09.