Incomex AI Portal
KB-6035

45 — GCOS Consolidated Build Index & Docs 24/25 Cross-References (T6/T7-build-requires-GCOS, design-only, read-only zero mutation, 2026-06-01)

24 min read Revision 1
one-roof-governanceimplementation-indexgcosconsolidated-build-indexcrossrefdocs-24-25t6-t7-build-requires-gcosstale-read-riskconflict-orderread-orderstale-doc-warningmin-final-report-fieldssb-10sb-11sb-12sb-13c-7ten-addendalive-correctionbirth-registry-1042909canonical-address-nullint-vs-uuid-watermarkno-hardcodeno-islandbuild-no-godesign-only2026-06-01

45 — GCOS Consolidated Build Index & Docs 24/25 Cross-References

Path: knowledge/dev/reports/architecture/one-roof-governance-technical-addendum-and-implementation-index-2026-06-01/ Doc: 45. Role: Consolidated build-prep entrypoint for T6 (doc 25) + T7 (doc 24) + the GCOS substrate (docs 31–42). This doc exists to make it impossible for a future implementation agent to build T6/T7 from docs 24/25 alone and silently miss GCOS. Status: DESIGN / CONTROL DOCUMENT ONLY. Zero PG / Directus / Qdrant / Nuxt / schema / DOT / event / law / approval / version mutation. Authored read-only; one set of non-semantic cross-reference header patches was added to docs 24 and 25 (recorded in §9; reversible). Date: 2026-06-01. Supersedes: nothing. Extends: doc 00 (the package read-me-first) and doc 42 (GCOS build readiness). Doc 00 still controls overall; this doc is the track-level build gate for T6/T7+GCOS.

45.0 Why this document exists (the GPT-flagged hole)

The external GPT review (…/gpt-review-gcos-substrate-build-prep-design-pass-next-crossref-redteam-2026-06-01.md) passed the GCOS detailed design and then flagged, verbatim:

"Docs 24/25 still need at least cross-reference or consolidated build index so implementation agents cannot miss GCOS."

The risk is concrete and structural:

  • Docs 24 (T7) and 25 (T6) are revision 1 and predate the entire GCOS package (docs 31–42). Verified: neither doc 24 nor doc 25 contains a single reference to GCOS, SB-10, SB-11, SB-12, SB-13, or C-7 anywhere in its body. Doc 25's own "Next" line points only to docs 26/27.
  • Docs 24/25 were deliberately left byte-for-byte unchanged by the GCOS work (doc 35 §0.2 froze them). That freeze is correct for the design, but it means an agent who opens doc 25, reads "DESIGN ONLY, APPLY IS NO-GO; the scanner detects → classifies → proposes," and proceeds to build the 7-DOT scanner family would:
    1. Re-enumerate every born object on every scan pass — now 1,042,909 rows (live, see §3) under a 5-second read statement-timeout and a 500-row hard LIMIT. Unscalable. This is one of the two forbidden anti-patterns doc 42 §42.4 names.
    2. Track "checked" as a permanent boolean — the "checked-forever" anti-pattern SB-10 (doc 40) exists to forbid.
    3. Register the governance event domain and emit before the candidate/handoff/input findings exist in the taxonomy — violating register-before-emit (Điều 45).
    4. Key the worker cursor and candidate state on canonical_address and on a uuid watermark — both live-incorrect (see §3).

A consolidated build index alone does not protect an agent who opens doc 24/25 directly. Therefore this mission applies both mitigations (doc 42 §42.6 offered either): (a) this consolidated build index (doc 45) AND (b) a minimal non-semantic cross-reference header inside docs 24 and 25 pointing here (§9).

45.1 THE RULE — T6/T7 BUILD REQUIRES GCOS (mandatory for every future build agent)

T6/T7 design (docs 24 + 25) is COMPLETE and unaffected. T6/T7 build is GATED. It MUST NOT begin until the GCOS substrate (SB-10, SB-11, SB-12, SB-13) is built AND the 10 build addenda of doc 35 §3.2 are applied AND the gate table of doc 42 §42.5 passes.

Concretely, do not:

  • register the 7 T6 scanner DOTs (doc 25 §6) until SB-10 (doc 40) + SB-12 (doc 38) + SB-13 (doc 39) are built — without the candidate-state store, snapshot/ruleset registry, and resumable cursors, the scanner falls into the rescan-everything and checked-forever anti-patterns;
  • register or activate the governance event domain (doc 24 §4) for emit until the candidate/handoff/input/backfill finding types are part of the taxonomy and SB-11 (doc 41) has registered the domain rows active=false first (register-before-emit, Điều 45);
  • run the T6 inventory layer (doc 25 §4 L1) as a full enumeration on every pass — it must read the dirty + stale-expired candidate working set from SB-10 (doc 34 §6 / doc 35 §3.2 patch #1);
  • treat docs 24/25's birth_registry/canonical_address/cursor assumptions as current — apply the live corrections in §3.

The single most important sentence for a build agent: If you are about to implement anything from doc 24 or doc 25, you must first have read docs 31–42 and this doc, and you must build the four GCOS blockers first, in the order of §4.

45.2 Conflict-resolution order (extends doc 00 §0.2)

When two documents disagree, resolve in this order (this doc inserts items at the GCOS layer; doc 00's order otherwise stands):

  1. The muc-tieu-mo house law (knowledge/dev/laws/prompt-muc-tieu-mo-for-claude-code.md) — operating constitution; nothing here overrides it. In particular: if_stated_value_differs_from_live_evidence_live_evidence_wins.
  2. Live PG read-only evidence over any stated value in any doc (per item 1). The §3 live corrections in this doc therefore win over the row-counts / key assumptions printed in docs 24/25/31/34/39/40.
  3. This implementation index package (docs 00–51) over older reports.
  4. Doc 00 (read-me-first) for package-level rules; doc 42 (GCOS build readiness) for the GCOS dependency graph, gate table, rollback, and no-island/no-hardcode proofs; this doc 45 for the T6/T7-build-requires-GCOS rule and the docs 24/25 reconciliation.
  5. GCOS detailed designs (docs 38–42) over the GCOS branch designs (docs 31–35) where they refine a decision (e.g. doc 40 corrects the candidate-key; doc 39 corrects the watermark type).
  6. GCOS branch designs (docs 31–35) over docs 24/25 for anything touching backfill / handoff / input-gate / candidate-scan / scale; docs 24/25 remain authoritative for the base T6/T7 taxonomy, the 6-layer detector, the 20 findings, the anti-spam model, and owner routing, as amended by the 10 addenda.
  7. Concept canon (knowledge/dev/design/one-roof-governance-concepts/) over pre-patch design text.
  8. Blockers win over implementation ambition — a named open blocker (doc 03 + SB-10/11/12/13 + C-7) defeats any plan that needs it resolved.
  9. If still unclear → STOP and report. Do not guess, do not self-approve, do not invent a path.

45.3 Stale-doc warning + live corrections (live PG wins)

These facts were re-verified read-only against the live directus database on 2026-06-01 for this mission. Where they differ from a value printed in an earlier doc, the live value wins (muc-tieu-mo §1). Build agents MUST re-verify these again at build time.

# Fact (live 2026-06-01) What earlier docs printed Action for build agents
C-1 birth_registry = 1,042,909 rows; all status='born'; born_at 0 nulls doc 31: 1,037,716; docs 39/40: 1,037,724 The spine grew ~+5,190 rows since the GCOS docs were authored. It is still growing daily. Confirms: backfill is a one-time seed that must be incremental/resumable (doc 31), and the handoff (doc 32) must sustain continuously. Size batch/cadence to the current live count at build time, not to any printed number.
C-2 birth_registry.canonical_address = text, NULL in ALL 1,042,909 rows (0 non-null) doc 31 §6 / doc 34 §2 used canonical_address as the idempotency key **Candidate/idempotency key = `COALESCE(canonical_address, collection_name
C-3 Watermark type mismatch (confirmed): birth_registry.id=integer, registry_changelog.id=integer, iu_route_worker_cursor.last_event_id=uuid, event_outbox.id=uuid doc 31 §4 implied "reuse iu_route_worker_cursor 1:1" SB-13 (doc 39) is correct: the new gov_worker_cursor needs a type-generalized text watermark + typed predicate, NOT a 1:1 copy of the uuid cursor. Live wins over the "reuse 1:1" phrasing in doc 31.
C-4 No governance event domain (event_type_registry=40: iu 16/16, mother 9/0 active, piece 6/6, staging 5/5, system 4/3) docs 24/41 (consistent) SB-4 gap holds. SB-11 (doc 41) registers one governance domain with rows active=false first (the live mother 9/0-active pattern is the precedent). Register-before-emit.
C-5 All 4 GCOS target tables + both SB-2 tables ABSENT (governance_candidate_state, governance_candidate_object, candidate_scan_run, governance_ruleset, gov_worker_cursor, governance_object_ownership, governance_responsibility_scope — none exist) docs 38–42 (consistent) Greenfield confirmed. Additive CREATE TABLE only; empty at create; DROP is full rollback. Re-confirm absence in the BEGIN/ROLLBACK rehearsal (doc 48) before any DDL.
C-6 measurement_registry = 142 rows, 140 enabled; evolution_snapshots=1; derived_objects_registry=7 (refresh_strategy: on_demand 3 / null 2 / realtime_trigger 2) doc 38: 142/140; doc 34/40: derived_objects_registry=7 SB-12 ruleset_version hash component count (140 enabled detector rows) is exact. The 3 live refresh_strategy values back the 3 candidate refresh modes (doc 34).
C-7 os_proposal_approvals = 0 all docs (consistent) os_proposal_approvals = 0 ⇒ COMMIT_FORBIDDEN remains the master apply gate. No COMMIT of any kind in any GCOS build until this is non-zero via the real approval spine.
C-8 Event substrate live: event_outbox=182,725; event_read=182,364; event_pending=0; event_subscription=3; queue_heartbeat=3; system_issues=191,301; registry_changelog=68,444 doc 41: 181,712 / 181,351 / 0 / 3 / 3 / 190,288 / 68,323 Buses grew ~+1,013 (normal traffic). event_pending=0 unchanged (confirms it is unused and available for GCOS capture/retry, doc 32/39). No structural change.

General stale-doc warning: Treat every printed live count in docs 24, 25, 31–42 as evidence as of authoring date, not a build-time constant. Re-run the §3 re-verification queries (and doc 42 §42.5 G-DDL pre-flight) at the top of every build/rehearsal macro.

45.4 The 10 GCOS build addenda — count PINNED (resolves the "10-vs-11" warning)

Doc 42 §42.6 explicitly warned: "the build plan must pin the exact count by re-reading doc 35 §3.2 live." Done. The §3.2 patch table contains EXACTLY 10 rows. Doc 35 §7 mislabels the same reference as "eleven targeted addenda" — that is an off-by-one documentation drift, not a real 11th addendum. The production-gate fail-closed rule is the 10th in-table row, not a separate "+1." Authoritative count for build = 10. (Flag for a future surgical-drift patch: reconcile doc 35 §7's "eleven" → "ten"; not patched here to avoid a semantic edit to a frozen doc — recorded as open item OI-45-1.)

The 10 binding build addenda (apply during the T6/T7 build macro, not now), verbatim targets:

# Target Required patch (summary) Reason
1 T6 §4 L1 (Inventory) Add a pre-stage L0 = input-quality gate (doc 33); change L1 to enumerate the dirty + stale-expired candidate set from the SB-10 store (doc 34); full enumeration only during periodic full audit + initial backfill (doc 31). Scalability over 1.04M+; no perpetual full scan.
2 T6 §4 L2 (Birth precedence) Note it is now pre-enforced by input-gate state birth_or_registry_missing (doc 33 §4); retain L2 as defense-in-depth. Single precedence rule, two enforcement points.
3 T6 §5 lifecycle Insert GCOS pre-stages: HANDOFF-INTAKE → INPUT-GATE → CANDIDATE-SCAN → [SCAN/DETECT…]; SCAN reads the candidate working set. Candidate layer is upstream of SCAN.
4 T6 §6 DOT family Add 4 GCOS DOTs (dot_governance_backfill_sweep, …_handoff_intake, …_input_gate, …_candidate_scan) + a dot_coverage_required row per each. GCOS DOTs are themselves governed objects (DOT-100%).
5 T6 §9 dot_coverage_required Add governance.candidate, governance.backfill, governance.handoff, governance.input rows (A-tier read/propose). Cover the GCOS DOTs.
6 T7 §5 issue table (20 types) Add the GCOS finding types: 4 backfill + 4 handoff + 7 input-quality + 4 candidate = 19 new types, riding existing buckets + the governance domain. Input/backfill/handoff/candidate gaps must be findings, not silent.
7 T7 §6 anti-spam Add a coalesce dimension group_key (doc 34 §3) so dirty-group storms coalesce; add group_invalidation_storm ceiling. Dirty-group churn is a new storm source.
8 T7 §9 auto-close Re-key auto-close by (coalesce_key, ruleset_version) so a close under an old ruleset cannot mask a needed re-open under a new ruleset. Stale-truth safety (doc 34 §6).
9 T7 §2 / Điều 45 contract Register the GCOS event types under the same governance domain (one domain, GOV-SIV): backfill.*/handoff.*/input.*/candidate.*. One event domain, no second bus.
10 Production gate (concept §11) Add rule: candidate status stale/unknown for a high-risk object ⇒ G-PROD blocks (fail-closed); low-risk ⇒ scheduled re-scan. The GPT fail-closed requirement (doc 34 §6).

The 19 new finding types in addendum #6 = 4 backfill (doc 31 §10) + 4 handoff (doc 32 §8) + 7 input-quality (doc 33 §8) + 4 candidate (doc 34 §10). All ride existing system_issues buckets; none is registered or emitted now.

45.5 Mandatory read order for a T6/T7+GCOS build agent

Read in this exact order before designing or rehearsing any build step. (This is the track-level expansion of doc 00 §0.3 for the T6/T7 track.)

  1. knowledge/dev/laws/prompt-muc-tieu-mo-for-claude-code.md — the house law (no-hardcode, reuse-first, design-only macro mode, Điều 45, live-apply hard gate).
  2. doc 00 — read-me-first (package rule, conflict order, forbidden list, §0.9 final-report fields, §0.10 state-recovery preamble).
  3. doc 03 — blocker register & gates (then the SB-10/11/12/13 + C-7 status in docs 35/42/46).
  4. THIS doc 45 — T6/T7-build-requires-GCOS rule, conflict order, live corrections, the 10 addenda.
  5. doc 42 — GCOS build readiness: build order, dependency graph, gate table, rollback, no-island/no-hardcode proofs.
  6. The four GCOS detailed designs in build order: doc 38 (SB-12) → doc 39 (SB-13) → doc 40 (SB-10) → doc 41 (SB-11).
  7. The four GCOS branch designs: doc 31 (backfill) → doc 32 (handoff) → doc 33 (input gate) → doc 34 (candidate scan), and doc 35 (integration + the 10 addenda + 15 scale controls + new blockers).
  8. doc 46 — the C-7 decision packet (must be ruled before input.* activation, ruleset activation, and the observer-trigger option).
  9. doc 47 — the GCOS end-to-end red-team (the failure modes the build must defend).
  10. doc 24 (T7) + doc 25 (T6) — the base taxonomy/scanner design, read THROUGH the lens of the 10 addenda (§45.4) and the live corrections (§45.3), never as standalone build specs.
  11. doc 48 — author-mode rehearsal prompts; doc 49 — implementation gate checklist (must all pass before any COMMIT).

If you arrived at doc 24 or doc 25 first (e.g. via search), STOP and start at step 1. The cross-ref header now at the top of each (added by this mission, §9) tells you the same thing.

45.6 The complete T6/T7+GCOS document map

Layer Docs Status
Package control 00 read-me-first · 01 sources · 02 source-map · 03 blockers · 04 track-map COMPLETE
SB-1/SB-2 substrate (ownership + APR action-types) 05/06/07 scaffolds · 16/17 detailed · 18 PG evidence · 19 rehearsal · 20 readiness · 23 C-1/C-2 packet DESIGN COMPLETE; build NO-GO
T7 base design 24 DESIGN COMPLETE (frozen); build gated on GCOS
T6 base design 25 DESIGN COMPLETE (frozen); build gated on GCOS
OP-B / auto-approve 26 OP-B packet · 27 auto-approve hardening DESIGN/DECISION COMPLETE
GCOS branches 31 backfill · 32 handoff · 33 input gate · 34 candidate scan · 35 integration+addenda+scale+new-blockers DESIGN COMPLETE; build NO-GO
GCOS substrate detailed 38 SB-12 · 39 SB-13 · 40 SB-10 · 41 SB-11 · 42 build readiness DESIGN COMPLETE (PASS, GPT-reviewed); build NO-GO
This build-prep bundle 45 this index/crossrefs · 46 C-7 packet · 47 red-team · 48 rehearsal prompts · 49 gate checklist · 50 next-prompts · 51 self-review this mission

Open blockers that gate T6/T7 build (all OPEN): SB-10 (candidate-state store), SB-11 (governance event domain + handoff path), SB-12 (snapshot/ruleset registry), SB-13 (worker-cursor family), C-7 (input-trust / ruleset owner / backfill 60-day cut-over / observer-trigger ruling — see doc 46). Owner-relevant T6 work additionally needs SB-1/SB-2; any apply needs H-1/H-2/SB-6 + os_proposal_approvals>0.

45.7 Build order, dependency graph, gate table (authority: doc 42)

This is a one-screen restatement; doc 42 is authoritative. Build agents must read doc 42 in full.

Build order (Phase 1, gated DDL): SB-12 → SB-13 → SB-10 → SB-11. Rationale: SB-12 + SB-13 are cheapest (reuse-shaped) and SB-10 cannot key verdicts without the snapshot/ruleset (SB-12) nor be seeded/dirtied without cursors (SB-13); SB-10 is the convergence point (third); SB-11 (register-before-emit) is fourth. Phase 2 (activation, gated): Branch B handoff intake (cursor-tail Option A) → Branch A backfill seed → Branch C/D input-gate + candidate-scan → T6/T7 build with the 10 addenda. Phase 0 (parallel decision track): C-7 ruling + SB-1/SB-2 owner line.

Dependency graph: SB-12 + SB-13 → SB-10 → (+ SB-11) → Branch B → Branch A → Branch C/D → T6/T7 (patched). C-7 gates input.* activation + ruleset activation + observer-trigger Option B. SB-2 sharpens owner routing (degrade-not-block until live). SB-3 caps the IU axis-grain invariant at 3 axes until live.

Gate table (summary; doc 42 §42.5 authoritative): G-DESIGN (docs 38–41 accepted) → start build · G-DDL (operator reversible BEGIN/ROLLBACK, 0 collisions, 4 tables confirmed absent) → create tables · G-C7 (council ruling) → input.* + ruleset activation + Option B · G-RBE (register-before-emit: event_type_registry governance rows active=true) → any governance emit · G-SB2 (owner table + 6-row scope + v_object_effective_owner) → sharpen owner routing · G-SB1A (Phase-A action-types) → valid APR proposal · G-APPLY (Phase-B handler + SB-2 + APR quorum + sovereign + os_proposal_approvals>0) → the only mutating DOT dot_governance_assignment_apply (NO-GO today) · G-PROD (status not stale/unknown for high-risk) → production action. os_proposal_approvals = 0 ⇒ COMMIT_FORBIDDEN is the master gate.

45.8 Minimum final-report fields for a T6/T7+GCOS build agent

Every future build/rehearsal macro on this track must return at least (extends doc 00 §0.9):

  1. Status — PASS / PARTIAL (+ exact blocker) / BLOCKED.
  2. Track + phase — which of SB-12/13/10/11 / Branch B/A/C/D / T6 / T7, and which gate (G-DDL/G-RBE/…) it touched.
  3. Controlling sources used — in the §45.2 conflict order; must include doc 45 + doc 42 + the relevant detailed design (38–41) + docs 24/25 read through the addenda.
  4. Live re-verification block — the §45.3 facts re-run at build time, with the current live counts (especially birth_registry size, table absence/presence, os_proposal_approvals, event_type_registry governance rows). Live wins; print the numbers.
  5. The 10 addenda — which of the 10 (§45.4) were applied/exercised; none silently skipped.
  6. Gate check — every gate in doc 42 §42.5 marked PASS / NOT-MET, with evidence. G-APPLY and any COMMIT must show os_proposal_approvals>0 + named sovereign sign-off or be marked NO-GO.
  7. Rehearsal evidence — for any DDL/worker step: BEGIN..ROLLBACK transcript, entry==exit proof, 0-collision pre-flight, additivity proof (doc 48).
  8. Mutation footprint — exact (KB-only for design; for build, the precise DDL/rows, all reversible, with the rollback used or staged).
  9. No-hardcode / no-island attestation — every literal sourced from a registry/catalog/config (doc 42 §42.9); one domain / one bus / one issue store / one audit / one cursor family / one candidate store (doc 42 §42.8). Missing source ⇒ fail-closed + finding, never an invented list.
  10. C-7 status — which C-7 items (doc 46) are ruled vs pending, and what that unlocks/blocks for this step.
  11. Next allowed macro — from doc 50.
  12. Forbidden-compliance — explicit confirmation no forbidden action occurred.

45.9 The docs 24/25 cross-reference header patches (what was changed; reversible)

To close the GPT-flagged hole at the source, this mission prepended a single non-semantic cross-reference block to the very top of docs 24 and 25, above the existing # heading. The patch:

  • adds no contract and changes no business meaning — it is a pointer block that says "this is base design; build requires GCOS; see doc 45 + live corrections"; the original heading, the Status: line, and 100% of the body below are byte-identical;
  • does not bump the documents' declared Status or any semantic version (their Status: DESIGN ONLY … lines are untouched);
  • qualifies as a surgical, documented, rollback-safe addition under muc-tieu-mo §4G (contract_unchanged, business_meaning_unchanged, rollback_safe, documented) and matches doc 42 §42.6's "non-destructive BUILD ADDENDUM cross-reference header" recommendation;
  • is the in-doc complement to this index: an agent who opens doc 24/25 directly now sees, in the first lines, that GCOS gates the build and where to go.

Exact text prepended to BOTH docs (with the doc-specific design-doc name):

> ⚠️ BUILD ADDENDUM — NON-SEMANTIC CROSS-REFERENCE (added 2026-06-01; design below UNCHANGED)
> This is the T6/T7 base **design** (complete). **Do NOT build from this document alone.**
> T6/T7 **BUILD requires the GCOS substrate** — SB-10/11/12/13 (docs 38–41) built first,
> plus the 10 build addenda in doc 35 §3.2, per the consolidated build index **doc 45**.
> Live corrections that override values printed below: `birth_registry`≈1.04M & still growing;
> `canonical_address` is NULL in ALL rows (key on `collection_name:entity_code`); worker watermark
> is `text` type-generalized (int birth-id vs uuid outbox-id). Re-verify live before any build.
> START HERE: doc 45 → doc 42 → docs 38–41 → docs 31–35 → doc 46 (C-7) → then this design.

Rollback: delete the block (it is delimited and self-identifying); the documents return byte-for-byte to revision 1's content. No downstream artifact depends on it.

Open item OI-45-1: doc 35 §7 says "eleven targeted addenda" while §3.2 enumerates 10. Reconcile to "ten" in a future surgical-drift patch. Not patched here (it touches body prose of a frozen doc and is not load-bearing once §45.4 pins the count).

45.10 What this doc does and does not do

  • Does: consolidate the T6/T7+GCOS build entrypoint; state the T6/T7-build-requires-GCOS rule; pin the addenda count at 10; record the live corrections; define read order + final-report fields; document the 24/25 header patches.
  • Does NOT: implement anything; create any schema/DOT/event/approval; register or emit; enact law; bump any semantic version/status; rewrite the semantics of docs 24/25; create a competing package. All build remains NO-GO pending SB-10/11/12/13 build + C-7 + the doc 42 gate table.
Back to Knowledge Hub knowledge/dev/reports/architecture/one-roof-governance-technical-addendum-and-implementation-index-2026-06-01/45-gcos-consolidated-build-index-and-crossrefs.md