IU Test b–f Command Pack — 11 Law/Gate/Risk Self-Review
11 — Law / Gate / Risk Self-Review
Final self-review of the command pack against the prompt standard and the Constitution.
1. Prompt-standard compliance (v1.2)
| Standard rule | This pack |
|---|---|
| Design-Only Macro Mode | YES — authored, no implementation; no DDL/DML/migration/trigger/worker/cron/mutation |
| Survey-Then-Design Gate | YES — design accepted (Rev5) → design_pack_macro allowed; implementation deferred to named macros |
| No-underload / adaptive scale | YES — 12 deliverables, 5 author-ready prompts, full gate + DOT matrices, U1–U11 backlog, risk register; did not stop at a checklist |
| Author-ready-followup (§4F) | YES — drift feeds a surgical patch (U11), not a redesign; existing functions reused not re-authored |
| Live-ready-means-use-not-rewrite (§4C) | YES — reuse fn_iu_*/dot_iu_*/envelope/routes; no duplicate logic proposed |
| Execution Channel Pack | YES — each mutating prompt carries SSH workflow_admin channel proof + Hard-Gate-0; this macro = AUTHOR_MODE_ONLY by design |
| Dependency Closure Pack | YES — each mutating prompt lists upstream functions/tables/FKs/rollback primitives to confirm |
| Self-contained-after-clear | YES — each prompt names sources, baseline counts, allowed/forbidden, PASS criteria |
| No-hardcode | YES — identifiers resolved from registries; no literal uuids; tag keys validated against iu_metadata_tag_registry |
| FORBIDDEN section + no-mutation report | YES — deliverable 00 §7 + this section |
2. Constitutional principles
- NT13 PG-first / NT8 Assembly-First / Điều 7: all tests read/assemble over existing PG substrate; no Nuxt logic, no OSS substitution; commands are DOT pairs. ✔
- NT14 six execution-readiness questions answered per test (data where / who runs / when / threshold / verified by what / failure handling) across deliverables 02–08. ✔
- NT6 five-layer sync / no bespoke Nuxt: no UI authored; tests are DB+DOT only. ✔
- Evidence-first / no fake PASS: every test defines explicit assertions + evidence rows; gated tests cannot report PASS without verify-close. ✔
3. Per-law mapping
| Law | How honored |
|---|---|
| Điều 0-G (Birth) | d's split/merge must not create orphan children; first-use of split/merge sets carries birth/lineage supersede; orphan checks in c and d. |
| Điều 7 (Assembly First) | reuse-first; no new substrate where live exists; OSS only as adapter (none introduced). |
| Điều 28 (Nuxt/template) | no UI/template work; tests are headless DOT-callable. |
| Điều 30 (Reversibility) | every mutating step has a rollback primitive (fn_iu_structure_op_rollback, retire test objects, gate auto-close, BEGIN/ROLLBACK). |
| Điều 31 (Audit/Integrity) | every command writes dot_iu_command_run; gate flips write transition records. |
| Điều 32 (Approval) | bounded gate open requires approval_id; split/merge require review_decision_id; allow_no_review_decision NEVER flipped. |
| Điều 35 (DOT) | all new commands are catalog pairs with correct mutating flag + audit. |
| Điều 36 (Collection) | test collections born via registered path; collection law stays paper where DRAFT — no runtime collection-create invented. |
| Điều 37 (Governance/Factory) | no factory built; governance registries untouched; no 4 Mothers. |
| Điều 38/39 (IU/KG/cut/vector) | IU body single-owner respected; Axis-A reconstruct preserved through split/merge; iu_kg_edge derivation noted as iu_relation (drift, U11). |
| Điều 45 (Event/Queue) | register-before-emit for iu.*; idempotency + DLQ classification + heartbeat respected; route-scoped delivery preferred. |
4. No-double-ownership
Each concern maps to exactly one owner law (verified live in survey §11). This pack introduces no new owner: read tests (b/c/f) sit under Điều 38/39; gate protocol approval under Điều 32; DOT under Điều 35; event/route under Điều 45. No concern is owned twice. The only NEW concern remains the 4 Mothers application layer (future Điều XX), explicitly deferred. ✔
5. No vector pollution
iu_core.vector_sync_enabled=false is respected and never flipped by any prompt; event payloads use refs-only (MP-D8 deny-list includes vector/embedding/body/secret); 1 IU → ≥1 point invariant unaffected (no vector writes proposed). ✔
6. No hardcode / no hidden second SoT
- All identifiers resolved from live registries/config; tag keys validated against
iu_metadata_tag_registry. - No second source of truth introduced: filters read
iu_three_axis_envelope(derived from IU), not a parallel store; harness evidence is reporting, not authority. ✔
7. No gate left open
The bounded gate protocol (08) mandates fail-closed + verify-close; every mutating prompt's acceptance requires a final dot_config snapshot identical to baseline. allow_no_review_decision and vector_sync_enabled are pinned closed. ✔
8. No mutation in this macro
Confirmed: only read-only MCP query_pg (AST-validated read-only role; write-denied) + KB document uploads (the deliverables). No PG/Directus/Qdrant write, no migration, no DOT run, no gate change, no event registration, no schema/table/template/collection creation, no law enactment. ✔
9. No missing b–f path
Every test b–f has a dedicated deliverable with substrate, contract, DOT wrapper, gate map, assertions, evidence, failure modes, PASS criteria, and an implementing macro. Test a is acknowledged proven. ✔
10. No underload
12/12 deliverables; 5 author-ready prompts (+ a 6th flagged); drift table covers all §2.2 artifacts; gate matrix covers all 8 listed gates; DOT matrix covers all required proposed commands; backlog U1–U11 with parallelization; full law/risk review. Substance matches a large planning macro. ✔
11. Residual risks (carried forward)
- R-A:
cutter_governance.review_decisionshape unconfirmed by RO role → U3 must privileged-read first (BLOCKED-able). - R-B: delivery gate may not support route-scoping → test e may need a global flip with all 15 routes proven inert (higher risk; mitigated by pre-open inventory + post-check).
- R-C: cut state-machine wedge (no
mark_verified→mark_rejected) → U5 prerequisite for d's failure path. - R-D: running 4 Mothers before b–f close → R1–R6 from survey (duplicate fields, industrial đẻ-rơi, ungoverned mutation). Held by the no-go.
12. Verdict
PASS — document-only command pack complete, constitutionally compliant, no mutation, no gate left open, every b–f path covered, sequencing and author-ready prompts provided. Implementation remains correctly BLOCKED behind the named macros and their approvals.