IU Text-as-Code Smart-Brick Foundation — Live Audit & Master Roadmap

Macro: IU_TEXT_AS_CODE_SMART_BRICK_FOUNDATION_LIVE_AUDIT_AND_MASTER_ROADMAP
Date: 2026-06-01
Mode: READ-ONLY AUDIT & DESIGN-ALIGNMENT. Zero mutation — no DDL/DML, no migration, no Qdrant/Directus/Nuxt/code change. Live access via AST-validated read-only SELECT role on database directus + read-only Agent Data search/read.
Method: Source recovery (3 parallel read-only doc-cluster sweeps) + first-hand live PG verification (15 read-only queries). Every "LIVE_VERIFIED" claim below is backed by a query run in this session; report-sourced claims are labelled REPORT_CLAIM. Live evidence beats report text.
Authority anchor: GPT Handoff …/gpt-handoff-iu-text-as-code-smart-brick-foundation-gap-and-next-requirements-2026-06-01.md. This audit IS the IU_TEXT_AS_CODE_SMART_BRICK_FOUNDATION_AUDIT_AND_MASTER_DESIGN macro that handoff recommended.

0. Executive Verdict

Is Phase 1 (IU Core foundation) truly complete? — Substantially YES for the narrow IU-Core substrate, at "limited-production-pilot" grade — not full production. Unitization, stable identity, registries, versioning, schema/birth gates, health checks, composer, the per-IU vector boundary, the bounded DOT gate protocol, and a 22-event IU event family are all LIVE_VERIFIED in directus. Three caveats keep it short of full production: (a) every runtime gate is deliberately fail-closed false (composer, vector-sync, structure-ops, operator-runtime, delivery, auto-instantiate, retention, three-axis-auto-refresh, piece-event-emit); (b) the production review_decision path is undefined — only a test builder exists and 0 approval_requests reference IU; (c) publication-authority birth enforcement is warn-only, not hard-blocking. So Phase 1 is real and durable, but it is a pilot foundation, not a finished production substrate.

Is Phase 2 (Text-as-Code Smart-Brick) implemented? — NO. The "code-like" operations that distinguish a smart-brick substrate from a text-chunking store are DESIGN_ONLY or MISSING: IU diff/patch/blame/revert, text 3-way merge/conflict, proposal→review→merge workflow (production), typed-edge contract, dependency impact analysis, semantic lint, per-IU test-coverage map, release/version bundles, package public/private API, governance coverage map, and governance-orphan detection. The primitives a Phase 2 build will reuse exist (collections, template registry, KG view, lifecycle, gates, events) — but the Phase 2 engine does not.

Corrected status (one line): IU Core foundation = LIVE & pilot-ready (~Phase 1 ≈ 85%). IU Text-as-Code Smart-Brick layer = early substrate only (~15–20%): the bricks and the yard exist; the compiler, the linter, the merge engine, and the bill-of-materials do not.

What must be done BEFORE any Phase-2 implementation (hard prerequisites, all currently open):

OP-B — assign an accountable IU owner. Live proof: information_unit.owner_ref is ungoverned free-text (21 distinct build/agent tags), there is no GOV-IU row in governance_registry, and all four Mothers explicitly list information_unit under must_not_own. IU is the substrate everyone references and nobody owns. Implementation cannot be governed until this is resolved.
SB-3 — generalize the axis model off the hardcoded 3-axis DDL. iu_three_axis_envelope physically encodes exactly three axes (axis_a/b/c_*). The handoff's "do not hardcode the 3 axes" principle is concept-true but substrate-false until this table is generalized to an Axis Registry. A Phase-2 typed-edge/traceability build on top of a 3-axis table would bake the violation in.
Production review/approval path + conformance closure. Define the real review_decision builder and route it (Đ32 vs governed adapter exception = open question C-4); close conformance_status (today open for all 219 IUs).
Accept One-Roof binding (concept patch already GO) and register NRM-LAW-44 (today DRAFT, not in normative_registry = blocker L-2).
TAC ↔ IU reconciliation (≈86 tac_logical_unit vs the live information_unit corpus) — a stated prerequisite gate before finalizing the canonical contract.
Author the Phase-2 Master Design (this audit feeds it) and get it reviewed before building.

1. Source Recovery

All documents read READ-ONLY via Agent Data. Grouped by type. (Dates and statuses are as stated in each doc.)

Requirements / Law

knowledge/dev/reports/architecture/gpt-handoff-iu-text-as-code-smart-brick-foundation-gap-and-next-requirements-2026-06-01.md — 2026-06-01 — the corrected requirement note (read in full). Establishes the 10-role target + open-axis + adapter-not-SSOT principles.
knowledge/dev/laws/dieu44-trien-khai/requirements/p3d-information-unit-text-as-code-requirements-spec.md — 2026-05-10 — RE-AUTHORED DRAFT (awaiting GPT review). 17 sections A–Q, 15 packs, acceptance criteria AC-G/H/I/K/L; birth gate = 15 strict elements, Tier-0 ≥44 contract elements.
knowledge/dev/laws/dieu44-trien-khai/roadmaps/p3d-information-unit-text-as-code-roadmap-nom-na-2026-05-10.md — 2026-05-10 — plain-language 12-step roadmap + strict ordering rule (UI last).
knowledge/dev/laws/dieu44-trien-khai/handoffs/handoff-p3d-…-resume-after-nuxt-notification-2026-05-10.md — 2026-05-10 — restates 9 missing text-as-code mechanisms.
knowledge/dev/laws/dieu44-trien-khai/ssot/p3d-iu-text-as-code-completed-state-and-remaining-work-2026-05-10.md — 2026-05-10 — SSOT do-not-rebuild list + 12 remaining buckets.
knowledge/dev/requirements/v0.6-iu-4mothers-event-foundation-rev2/00-requirement-brief-rev2.md — 2026-05-27 — DRAFT Rev2 (MP1–MP6), document-only, IU-as-process-brick doctrine; OSS adapter §15.
knowledge/dev/laws/dieu44-trien-khai/design/07-iu0-information-unit-minimum-standard-outline.md + 07-iu0-index-and-core.md — 2026-05-02/03 — IU-0 minimum standard (Đ44 v0.1.2 controlled DRAFT).
knowledge/dev/laws/prompt-muc-tieu-mo-for-claude-code.md — open-goal prompt discipline (live-evidence-beats-report; obeyed here).

Roadmap / Design

knowledge/dev/design/v0.6-iu-4mothers-event-foundation-rev2/00-master-design-rev2.md — 2026-05-27→28 — DRAFT Revision 5 (MP-D1..D30; 41 invariants; PG Maximization Map).
…/01-requirement-traceability-matrix.md — 2026-05-27 — per-requirement landing site + PG artifact evidence-levels.
knowledge/dev/design/iu-mow-mot-event-foundation-design.md — 2026-05-27 (+ 2026-06-01 One-Roof concept patch appended) — IU first-class, open-axis, OP-B/SB-3 HELD.
knowledge/dev/laws/dieu44-trien-khai/design/23-p1-iu-text-as-code-edit-merge-design.md — 2026-05-06 — Git↔IU model (rev2, GPT-approved); Model D Hybrid (separate unit_proposal).
knowledge/dev/laws/dieu44-trien-khai/design/04-information-unit-profile-schema.md — 2026-05-01 — P38-XC universal substrate + UMC + DOT contract.

Implementation reports (REPORT_CLAIM)

IU Core scale-run final reports under knowledge/dev/laws/dieu44-trien-khai/v0.6-iu-core-…: 1k+, 1500x, 6000x, 7000x, 10000x, 12000x, 15000x, 18000x, 100000x, 110000x/110500x (dates 2026-05-23 → 05-26). Track migrations 001–032, 040R–042R; tests 1020→1324; split/merge, template registry, versioning, cut/verify pipeline.
knowledge/dev/reports/architecture/iu-core-process-brick-readiness-and-gap-survey-2026-05-28.md — 3000x readiness survey.

Live-vs-design reconciliation reports

…/iu-limited-production-promotion-…-2026-05-28/00-overview-and-pilot-readiness-verdict.md + 04-live-vs-design-reconciliation.md — 2026-05-28 — verdict "LIMITED-PRODUCTION-PILOT READY".
…/iu-design-live-gap-dot-ops-workflow-design-registry-audit-2026-05-29/ (docs 00–09) — 2026-05-29 — A=PARTIAL, C≈68%, D=GAP (workflow inline body, 0 IU-binding), E=HYBRID.
…/iu-pilot-cr-kg-recon-authority-live-assembly-superbundle-2026-05-28/03-iu-kg-enrichment-foundation.md — KG Branch C live-applied (iu_relation enrich + v_kg_edges_all).
knowledge/dev/laws/dieu44-trien-khai/reports/agent-readonly-investigation-…-2026-05-14.md + 23-p3c4-iu-policy-and-agent-context-report.md.

Governance reports

…/one-roof-governance-hardening-revision-all-domains-all-axes-2026-06-01/03-information-unit-governance-coverage.md — IU first-class governed domain but island.
…/one-roof-governance-law-hardening-finalization-round4-2026-06-01/05-iu-open-axis-final-hardening.md — open-axis YES@concept / NO@substrate (SB-3); OP-B; non-exemptable invariant checks.

Missing / inaccessible

The original 50KB Opus-4.7 P3D requirements spec is lost (MCP timeout); the re-authored spec is the standing surrogate (flagged in SSOT).
Function bodies / migration files: not directly readable through the allowlisted file tool (allowlist = /opt/incomex/docs, /opt/incomex/dot/specs, /var/log/nginx); verified instead via pg_proc.prosrc queries where needed.
Qdrant internals (actual point counts in the cluster) — not reachable by the read-only PG role; PG-side ledger only (iu_vector_sync_point = 152). Marked ACCESS_BLOCKED where relevant.

2. Live Inventory (first-hand, database `directus`, 2026-06-01)

Schemas: iu_core (4 objects: iu_staging_payload, iu_staging_record + 2 views, + fn_iu_staging_healthcheck) and public (the bulk of IU machinery).

IU tables/views matched (66 objects): ~33 iu_* base tables in public + information_unit + 3 dot_iu_* tables + ~28 v_iu_*/v_kg_* views.

Functions (96): full fn_iu_* family — create-path absent from name list but present via gateway (iu_create.gateway.canonical_function = public.fn_iu_create(...)); fn_iu_apply_edit_draft, fn_iu_enact, fn_iu_compose, fn_iu_collection_render, fn_iu_reconstruct_source, fn_iu_supersede, fn_iu_retire, fn_iu_piece_split/merge, fn_iu_gate_open/close/verify_closed/watchdog, fn_iu_structure_op_plan/apply/verify/rollback, fn_iu_bcf_harness_run, fn_iu_three_axis_envelope_refresh*, fn_iu_filter_axis_b, fn_iu_filter_axis_c_subtree, fn_iu_test_review_decision_create (TEST only), etc.

Triggers (16, all enabled O) on IU tables (verified via pg_catalog.pg_trigger — information_schema.triggers is empty for the read-only role, a privilege artifact, NOT an absence): on information_unit — trg_aa_iu_gateway_write_guard, trg_birth_information_unit, trg_iu_birth_gate_layer1, trg_iu_birth_gate_layer2, trg_iu_enacted_immut, trg_iu_three_axis_envelope_auto_refresh_iu, trg_iu_updated_at; on unit_version — trg_aa_uv_gateway_write_guard, trg_uv_enacted_immut, trg_aa_iu_notif_version, trg_iu_out_version; plus lifecycle-log piece-event emit, outbound-route delivery guard, sql-link capture, lineage/tag auto-refresh.

Row counts (live):

Object	Rows	Object	Rows
`information_unit`	219	`event_outbox`	181,706
`unit_version`	226	`event_type_registry`	40 (IU-family 22)
`iu_relation`	60 (all `contains`)	`birth_registry`	1,037,674
`iu_three_axis_envelope`	216	`collection_registry`	168
`iu_lifecycle_log`	149	`meta_catalog`	169
`iu_structure_operation`	72	`universal_edges`	2,199
`iu_split_set` / `iu_merge_set`	1 / 0	`v_kg_edges_all`	2,259
`iu_piece_collection`	45	`dot_tools`	309 (IU≈2)
`iu_piece_membership`	227	`dot_iu_command_catalog`	54 (island)
`iu_vector_sync_point`	152	`dot_iu_command_run`	55
`iu_metadata_tag`	536	`iu_qdrant_collection_registry`	1
`iu_route_attempt`	68	`iu_route_dead_letter`	0
`iu_collection_template_registry/version`	4 / 4	`iu_sql_link`	3

information_unit composition: only 2 of 9 designed unit_kind values are live — law_unit (146 enacted + 41 draft = 187) and design_doc_section (17 draft + 12 deprecated + 3 retired = 32). conformance_status = open for all 219. No row carries lifecycle_status='superseded'.

owner_ref (the OP-B evidence): TEXT column, 21 distinct ungoverned values — incomex_council (83), S178-FIX23 (36), INCOMEX (27), dieu45-phase3-pilot… (17), codex_step5_cut_approved (16), iu-core-15000x (10), claude_opus_4_7 (8), and assorted agent:*/runtime:* tags. Not an FK; no governance agency referenced.

Runtime gates (dot_config): iu_core.composer_enabled=false, vector_sync_enabled=false, structure_ops_enabled=false, operator_runtime_enabled=false, delivery_enabled=false, auto_instantiate_enabled=false, retention_enabled=false, three_axis_auto_refresh_enabled=false, piece_event_runtime.emit_enabled=false (dry_run_only=true). Open (dry-run/passive): routes_master_enabled=true, route_worker_enabled=true, queue.heartbeat.enabled=true. Enforcement modes: iu_create.gateway.mode=enforced (direct_insert_policy=block_after_guard), iu_enact.mode=enforced (allow_no_review_decision=false), iu_edit.policy.default_mode=require_review.

Events: 16 iu.* + 6 piece.* = 22 IU-family event types, all active=true (register-before-emit satisfied). Includes version_applied, collection_created/rendered/validated/exported/import_proposed, structure_* (split/merge/replaced/deprecated/child_added/op_applied), template.instance_auto_composed, and piece.{created,updated,split,merged,superseded,retired}. Emission is gated OFF (emit_enabled=false), so these are registered but not live-emitting; they are also not wired into the central anarchy/orphan detector.

Qdrant: iu_qdrant_collection_registry = 1 (collection iu_core_iu_chunks); iu_vector_sync_point = 152 PG-side ledger rows. Actual cluster contents = ACCESS_BLOCKED for this role.

3. Phase 1 Status

LIVE & durable: information_unit (gateway-enforced writes, birth-gate L1/L2 triggers, enacted-immutability triggers); canonical_address (immutable; reconstruction fingerprint proven in reports); birth_registry (1.0M rows); collection_registry (168); unit_version + lifecycle_status + iu_lifecycle_log + iu_lifecycle_vocab + enforced fn_iu_enact; health checks (fn_iu_collection_healthcheck, fn_iu_gate_verify_closed; hc_executor_last_run = 2026-06-01); the bounded DOT gate protocol (fn_iu_gate_* + iu_gate_transition, fail-closed); 22-event IU family registered.

PARTIAL (live but gated or incomplete): DOT composer (fn_iu_compose exists; composer_enabled=false); Qdrant per-IU boundary (registry + 152 sync points + CHECK/guard, but vector_sync_enabled=false and cluster reconcile unverifiable); event emission (registered, emit_enabled=false, not wired to detector); meta/DOT registry (meta_catalog live, but IU DOT catalog is a parallel island outside dot_tools); agent context pack (Đ43 context-pack infra live per context_pack_* config; IU front-door pack = report claim).

CLAIMED-ONLY / deploy-gated: Directus IU registration package (built, not applied); Nuxt IU assembly shell (PR-ready, not deployed).

Blocked / unresolved for full production (vs pilot): production review_decision builder undefined (only fn_iu_test_review_decision_create; 0 IU approval_requests); publication-authority birth enforcement warn-only; conformance_status never closes.

Report-claim corrections from live truth:

7000x reported fn_iu_supersede/fn_iu_retire BLOCKED (count=0). Live: both functions EXIST. Corrected → exist (supersession-to-superseded-state simply not exercised on information_unit; only deprecated/retired rows present).
event_type_registry reported variously as 31 / "16 iu.*". Live: 40 total, 22 IU-family (16 iu.* + 6 piece.*), all active.
dot_iu_command_catalog reported 42→52→54. Live: 54.
information_unit reported 163 / 216 / 219. Live: 219.

4. Phase 2 Gap Matrix (40 rows)

Status legend: LV=LIVE_VERIFIED · PL=PARTIAL_LIVE · DO=DESIGN_ONLY · RC=REPORT_CLAIM_ONLY · M=MISSING · CE=CONFLICTING_EVIDENCE · AB=ACCESS_BLOCKED. Confidence H/M/L = how sure given evidence checked this session.

A. Phase 1 / IU Core foundation

#	Capability	Live evidence (this session unless noted)	Status	Conf	Blocker	Next action	Design upd?	Impl?
1	information_unit	219 rows, 19 cols, gateway write-guard + birth-gate triggers enabled	LV	H	none	maintain	no	done
2	canonical_address	`canonical_address` col, `*_enacted_immut` triggers; fingerprint reconstruct (RC)	LV	H	none	—	no	done
3	birth_registry	1,037,674 rows; L1/L2 birth-gate triggers enabled	LV	H	P-pub warn-only	harden P-pub before full prod	no	hardening
4	collection_registry	168 rows; 147 unclassified (deferred, non-blocking RC)	LV	H	none	classify backlog	no	minor
5	unit_version / lifecycle	`unit_version` 226; `lifecycle_status`; `fn_iu_enact` enforced; log 149	LV	H	none	—	no	done
6	schema / CHECK gates	gateway+birth+immutability triggers; enforced gateway/enact modes	LV	H	none	—	no	done
7	meta_catalog / species / DOT registry	meta_catalog 169 LV; IU DOT = parallel `dot_iu_command_catalog` 54, not in `dot_tools` (309/IU≈2); no Đ35 Tier-A paired_dot	PL	H	island	fold IU DOTs into `dot_tools` Tier-A	yes	yes
8	universal_edges	2,199 (int-keyed, excludes IU); `iu_relation` 60 all `contains`; `v_kg_edges_all` 2,259	PL	H	IU not in universal edges; one edge type	see #23	yes	yes
9	health checks	`fn_iu_collection_healthcheck`, `fn_iu_gate_verify_closed`, executor ran 2026-06-01	LV	H	no PG↔Qdrant reconcile health	add vector reconcile check	no	small
10	DOT composer	`fn_iu_compose` present; `composer_enabled=false`	PL	H	gate closed by design	keep gated until owner	no	done(gated)
11	Qdrant vector boundary	registry 1, sync_point 152, CHECK+guard (RC); `vector_sync_enabled=false`; cluster=AB	PL	M	gate closed; cluster unverifiable RO	reconcile ledger vs cluster under owner	no	partial
12	Directus surfacing	registration package built, not applied (RC)	DO	M	deploy gate	defer to surfaces pack	no	yes
13	Nuxt/UI assembly	PR-ready shell, not deployed for IU (RC)	DO	M	UI-last ordering	defer (Phase-2 last)	no	yes
14	event_outbox / IU events	outbox 181,706; 22 IU events active; `emit_enabled=false`; not wired to detector	PL	H	emit gate; no detector wiring	wire to central detector under Đ45	yes	yes
15	agent context pack	Đ43 `context_pack_*` config live; IU front-door pack (RC)	PL	M	IU pack not live-verified	verify/compile (see #33)	no	partial

B. Phase 2 / Text-as-Code Smart-Brick layer

#	Capability	Live evidence	Status	Conf	Blocker	Next action	Design upd?	Impl?
16	IU diff / patch / blame / revert	no `fn_iu_diff/blame/revert` among 96 fns; 23-P1 designs it	DO	H	engine absent	build (Pack RESOLVE/DIFF)	no(design exists)	yes
17	proposal / review / merge	`require_review` policy live; only TEST builder `fn_iu_test_review_decision_create`; 0 IU approval_requests	PL→M	H	no prod builder; C-4	define prod review path	some	yes
18	merge conflict detection/resolution	no 3-way merge fn; `fn_iu_piece_merge`=structural; `iu_merge_set`=0	M	H	engine absent	build with #16	no	yes
19	current resolver	`version_anchor_ref` (HEAD pointer) present on every IU	PL	H	no resolver service/view	wrap as resolver API/view	some	yes
20	supersession chain / current status	`fn_iu_supersede` EXISTS; `iu_lifecycle_vocab`; 0 `superseded` rows; template auto-supersede (RC)	PL	H	path unexercised on IU	exercise + view chain	some	small
21	context receipt	`trace_id` in routing; no formal receipt object	DO	M	object absent	design receipt object	yes	yes
22	stale / superseded input detector	`v_iu_three_axis_envelope_drift`, `v_iu_vector_sync_status` (digest drift); no stale-proposal detector	PL	M	proposal-stale absent	extend apply-stale into proposals	yes	yes
23	typed edge contract	`iu_relation` has Đ39 provenance cols (RC) but only `contains`; no 15-type vocab; edge-write has no DOT	DO	H	contract+DOT absent	build typed-edge registry + write DOT	no(design exists)	yes
24	open-axis multi-axis traceability	`iu_three_axis_envelope` 216 LV; axis_b open tag-bag; DDL hardcodes 3 axes	CE	H	SB-3	generalize to Axis Registry FIRST	yes	yes
25	dependency impact analysis	no `fn_iu_impact`; `v_iu_template_observability` = template-level only	M	H	engine absent	build recursive impact on typed edges	no(design exists)	yes
26	semantic lint	no lint fns; 9-check design (AC) only	DO	H	engine absent	build lint executor (gate/warn/dry)	no	yes
27	IU test coverage map	`fn_iu_bcf_harness_run` exists (BCF), no `iu_test`/per-IU coverage	M	H	model absent	build `iu_test` + coverage view	no	yes
28	build / render pipeline	`fn_iu_collection_render`, `fn_iu_reconstruct_source` LV (RC 0-drift); release generalization absent	PL	H	release artifacts absent	generalize render→artifacts	some	yes
29	package / module system	`iu_piece_collection` 45 + template registry/version (4/4) = bundle substrate; no public/private API, no module deps	PL	M	API/deps absent	extend bundle→module	yes	yes
30	release / version bundle	template versioning live; no release manifest object	DO	M	manifest absent	build release-bundle + manifest	yes	yes
31	workflow automation config	`fn_iu_auto_instantiate_from_event` (gate false); `workflows` store inline body, 0 IU-binding cols (RC, D=GAP)	PL	M	no IU↔step binding	add IU-binding to step def (HYBRID MOWD)	yes	yes
32	agent / DOT preflight gate	`fn_iu_gate_open/close/verify_closed/watchdog` + `iu_gate_transition`, fail-closed; birth+gateway guards	LV	H	none	extend to action preflight	some	small
33	current context pack compiler	Đ43 infra live; IU compiler not verified live	PL	M	compiler not proven	build/verify IU pack compiler	some	yes
34	governance coverage map	`conformance_status` `open` for all 219; no coverage invariant live	M/DO	H	OP-B; invariant absent	build coverage invariant after owner	yes	yes
35	governance-orphan detection	IU issue types not registered; not wired to detector; no `GOV-IU`	M	H	OP-B	register IU issue types + wire	yes	yes
36	law→design→workflow→code→test→report trace	NT14 matrix (design); typed edges+impact+test all missing; workflow 0 IU-binding	DO	H	depends #23/25/27/31	build after edges/impact/tests	some	yes
37	open-axis model (no hardcoded 3 axes)	concept GO (RC); `iu_three_axis_envelope` DDL = 3 axes	CE	H	SB-3	same as #24 (prerequisite)	yes	yes
38	One-Roof binding	concept patch GO (RC); no `GOV-IU`; all 4 Mothers `must_not_own:[information_unit]` + `can_reference:[information_unit]`	DO/HELD	H	OP-B; L-2 (NRM-LAW-44 draft)	assign owner + enact law	some	yes
39	OPA/Temporal/LangGraph adapter boundary	principle stated (RC); only W3C trace_id adopt-now; no tool bound	DO	M	no binding decided	adapter ADR when needed	yes	later
40	no-hardcode compliance	`dot_config` heavily config-driven LV; violations: SB-3 axis DDL; workflow inline body	PL	H	SB-3 + workflow body	fix via #24/#31	yes	yes

Confirmed P0 nuance (live): fn_iu_post_cut_axis_materialize is referenced by exactly one caller — fn_cut_complete. The reconciliation report's "0 callers" is now stale: there is one caller, but axis materialization still depends on the COMPLETE step being invoked and three_axis_auto_refresh_enabled=false, so the envelope can legitimately be stale. Use fn_iu_subtree, not the stored axis_c_depth. (Severity downgraded from "P0 unwired" to "manual/gated refresh — verify autowiring of fn_cut_complete itself.")

5. Design-vs-Live Reconciliation

Where LIVE is AHEAD of design (design docs are STALE):

The 23-P1 edit/merge design (2026-05-06) lists lifecycle_status/merge fn as "missing" → superseded by live fn_iu_apply_edit_draft/fn_iu_enact/iu_lifecycle_log.
fn_iu_supersede/fn_iu_retire are LIVE, contradicting the 7000x "BLOCKED count=0".
The bounded DOT gate protocol (fn_iu_gate_*, iu_gate_transition) is operational, beyond the "design-first proposal" framing.
Reconstruction/render (fn_iu_reconstruct_source, fn_iu_collection_render) operate as discrete ops not fully reflected in design text.
The 22-event IU family is registered and active; design referenced a smaller 7/9-event set.

Where REPORTS OVERCLAIMED (live is behind the prose):

"Foundation essentially done" → Phase 2 engine is absent (matrix §B). The handoff's correction is validated.
Birth "hard gate" → publication-authority enforcement is warn-only.
Conformance implied closeable → open for all 219, never closes.
KG "lineage populated" → iu_relation is only contains (60/60).
Vector "greenfield" → 152 PG sync points exist (historical CLI indexing); cluster state unverifiable RO.

Substrate contradictions to carry (not resolved here):

SB-3 (axis envelope): open-axis is concept-true but iu_three_axis_envelope hardcodes 3 axes in DDL. A Phase-2 build MUST generalize this first or it bakes in the violation.
OP-B (owner): every Mother is configured to reference but not own IU, and no GOV-IU exists. Live-confirmed island.
Workflow inline body: workflows store bpmn_xml/narrative inline with 0 IU-binding columns — violates the IU-centered doctrine; reconcile via a HYBRID MOWD def-side sub-registry under MOW, not a 5th Mother.

6. Corrected Master Target ("miếng thông tin")

The Information Unit is not "text cutting", not only prompt-context, not only vector search. The corrected target is a Text-as-Code Smart-Brick Foundation under One-Roof Governance: a single governed substrate where laws, designs, prompts, workflows, DOT specs, UI contracts, configs, and tests are all information units that behave like code —

Current-context resolver (every consumer reads the live HEAD, never a stale copy);
Governed SoT for laws/designs/prompts/workflows/DOT/UI;
Proposal/review/merge substrate (text-as-code change requests with diff/blame/revert and conflict-safe merge);
Dependency & impact graph (typed edges; "if A changes, what breaks");
Configurable workflow/automation substrate (2-step and 500-step from the same IU-backed primitive);
Build/render/release substrate (artifacts + versioned release bundles/manifests);
Test + semantic-lint substrate (per-IU coverage; orphan/dangling/stale lints);
Agent/DOT preflight gate (no action without a satisfied governed gate);
Governance coverage + orphan/anarchy detection (every IU has an owner; conformance closes);
Adapter boundary — OPA/Temporal/LangGraph/Directus/Qdrant/Nuxt are adapters/surfaces, never competing SSOTs; the axis model is open and data-governed, current axes are examples only.

7. Master Roadmap (packs)

Ordering obeys the strict rule (substrate → graph/version/test/build → vector/metadata/event → UI LAST) and the prerequisites in §0. P-0 gates everything.

P-0 — Prerequisite/Design-Truth Pack (BLOCKING). Goal: clear the three substrate blockers + author Phase-2 master design. Why: governance + axis correctness must precede engine build. Reuse: governance_registry, normative_registry, iu_three_axis_envelope, One-Roof concept patch. New: Axis Registry (generalize off 3-axis DDL — SB-3), GOV-IU (or assign existing owner — OP-B), enact NRM-LAW-44 (L-2), TAC↔IU reconciliation decision. Forbidden: building Phase-2 on the 3-axis table; self-approving the owner. Acceptance: owner assigned + axis registry design accepted + master design reviewed. Rollback: design-only, nothing to roll back. Order: 1st.

P-1 — Current Resolver + Supersession. Goal: canonical HEAD resolver + exercised supersession chain. Reuse: version_anchor_ref, fn_iu_supersede, iu_lifecycle_vocab, iu_lifecycle_log. New: resolver view/API; supersession chain view; produce real superseded rows. Acceptance: every IU resolves to exactly one current version; chain query returns full lineage. Rollback: views are droppable. Order: 2nd.

P-2 — Proposal/Review/Merge. Goal: production proposal→review→merge state machine. Reuse: require_review policy, fn_iu_apply_edit_draft, Đ32 approval, unit_version. New: unit_proposal (Model D Hybrid), production review_decision builder, route to Đ32 (resolve C-4). Forbidden: shipping the TEST builder as prod. Acceptance: a proposal merges only via a real approval; ≥1 IU approval_requests row exists. Order: 3rd.

P-3 — Diff/Patch/Blame/Revert. Goal: fn_iu_diff/patch/blame/revert. Reuse: INSERT-only unit_version, content hashes. New: diff/blame functions; revert = new UV (no DELETE). Acceptance: AC-H1/H3/H4. Order: 4th (with P-2).

P-4 — Typed Edges + Open-Axis Traceability. Goal: typed-edge contract (15-type vocab) + open-axis traceability on the Axis Registry. Reuse: iu_relation (+Đ39 cols), v_kg_edges_all. New: edge-type registry with per-type source/target/cardinality; edge-write DOT (currently missing); axis-aware trace built on P-0 Axis Registry. Forbidden: hardcoding 3 axes (depends P-0). Acceptance: AC-K1/K2/K4; edge writes only via DOT. Order: 5th.

P-5 — Dependency Impact Analysis. Goal: fn_iu_impact(uv, depth) recursive over typed edges. Reuse: P-4 edges, fn_iu_subtree. New: recursive impact fn + view. Acceptance: AC-K3 ("change A → list affected laws/designs/workflows/code/tests/reports"). Order: 6th (needs P-4).

P-6 — Semantic Lint. Goal: 9-check lint executor (gate/warn/dry). Reuse: health-check executor pattern. New: lint rules L1–L9. Acceptance: orphan/dangling/stale/dup-address all detected. Order: 7th.

P-7 — Test Coverage Map. Goal: iu_test + per-IU pass/fail/skip + coverage %. Reuse: fn_iu_bcf_harness_run pattern. New: iu_test table + executor + coverage view. Acceptance: AC-L1/L2. Order: 8th.

P-8 — Build/Render/Release. Goal: generalize render → artifacts + versioned release bundle/manifest. Reuse: fn_iu_collection_render, fn_iu_reconstruct_source, template registry/version. New: release-bundle object + manifest ("release vX = laws/designs/workflows/tests/reports"). Acceptance: deterministic 0-drift bundle reproducible from manifest. Order: 9th.

P-9 — Package/Module System. Goal: module with owner/version/public-private API/deps. Reuse: iu_piece_collection, template registry. New: module API + dependency edges (reuse P-4). Acceptance: import across modules respects public API. Order: 10th.

P-10 — Workflow Automation Config. Goal: IU-backed step binding (HYBRID MOWD). Reuse: workflows, workflow_steps, fn_iu_auto_instantiate_from_event (gated), GOV-MOW. New: workflow_step_def.binding_kind+binding_ref (one of iu/bundle/assembly-view/task-template); MOWD def sub-registry. Forbidden: inline body; a 5th Mother. Acceptance: 2-step and 500-step share one primitive; no inline body. Order: 11th.

P-11 — Agent/DOT Preflight Gate (extend). Goal: generalize the bounded gate protocol into an action-preflight gate. Reuse: fn_iu_gate_*, iu_gate_transition. New: preflight contract referencing impact (P-5) + lint (P-6) + tests (P-7). Acceptance: no governed action proceeds with an open required gate. Order: 12th.

P-12 — Current Context Pack Compiler. Goal: compile a current, governed context pack per consumer from HEAD. Reuse: Đ43 context-pack infra, P-1 resolver. New: IU pack compiler. Acceptance: compiled pack contains only current versions; stale → rebuild. Order: 13th.

P-13 — Governance Coverage + Orphan Detector. Goal: coverage invariant + IU orphan/anarchy detection wired to the central detector. Reuse: One-Roof coverage model, event_type_registry, system_issues. New: register IU issue types (iu_object_orphan, axis_unregistered, reconstruction_integrity_fail, iu_vector_drift, iu_kg_edge_unowned); close conformance_status; emit under Đ45. Forbidden: running before OP-B owner exists. Acceptance: total = covered + orphans + exceptions + retired; 0 unowned IUs. Order: 14th (needs P-0 owner).

P-14 — Design-Truth Patch Pack (continuous). Goal: patch stale design docs to match live (the §5 list); record overclaim corrections. Reuse: this audit. Acceptance: design docs cite live evidence; no "done" without live proof. Order: parallel/continuous.

8. Recommended Next Macro

IU_TEXT_AS_CODE_SMART_BRICK_PHASE2_MASTER_DESIGN_AND_PREREQUISITE_RESOLUTION (design-only, no production mutation).

Scope: execute P-0 end-to-end as a design + decision pack — (a) resolve OP-B by proposing the IU owner/GOV-IU and routing it for sovereign approval; (b) design the Axis Registry that generalizes iu_three_axis_envelope off the 3-axis DDL (SB-3), with a migration plan (not applied); (c) define the production review_decision path and the C-4 routing decision; (d) draft the TAC↔IU reconciliation; (e) author the Phase-2 Master Design that sequences packs P-1…P-13 with acceptance criteria and rollback gates; (f) prepare NRM-LAW-44 enactment packet (L-2). It must NOT mutate production; all DDL is plan-only pending review and an assigned owner. This is large enough for a serious agent run and unblocks every subsequent implementation pack.

9. Final Decision Gate

READY_FOR_USER_REVIEW — with a flagged dependency: the implementation track is NEEDS_GOVERNANCE_DECISION on two items that this audit cannot decide and that block Phase-2 build:

OP-B — assign the accountable IU owner (no GOV-IU exists; owner_ref is free-text; all Mothers must_not_own IU).
SB-3 — approve generalizing the axis model off the hardcoded 3-axis DDL before any typed-edge/traceability build.

Phase 1 IU Core is confirmed LIVE at pilot grade. Phase 2 is design-only/missing. The audit, source recovery, and live verification are complete; no production state was mutated (read-only SELECT + read-only document access only). Recommend approving the P-0 design macro in §8 and the governance decisions above before any implementation.

Appendix — Live verification log (this session, read-only)

information_schema.tables (iu_core+public IU pattern) → 66 objects.
information_schema.routines → 96 IU functions.
pg_catalog.pg_trigger (information_schema.triggers empty for RO role) → 16 enabled IU triggers.
Row counts (2 UNION queries) → table in §2.
dot_config (100 rows) → gate matrix + enforcement modes.
event_type_registry by event_domain → 22 IU-family events, all active.
information_schema.columns (information_unit) → 19 columns incl. free-text owner_ref.
information_unit GROUP BY kind/lifecycle/conformance → 2 kinds; conformance all open.
pg_proc.prosrc ILIKE '%post_cut_axis_materialize%' → 1 caller (fn_cut_complete).
information_unit GROUP BY owner_ref → 21 ungoverned free-text owners.
governance_registry (9 rows) → no GOV-IU; 4 Mothers must_not_own:[information_unit].