Incomex AI Portal
KB-4FB6

69 — Surgical Drift Findings: Mandatory Build Fold-In (doc 65 §65.2 extracted, 2026-06-01)

10 min read Revision 1
one-roof-governancegcosbuild-intakedrift-findingsf-57f-r7build-fold-insb-13sb-11addendano-mutation2026-06-01

69 — Surgical Drift Findings: Mandatory Build Fold-In

Path: knowledge/dev/reports/architecture/one-roof-governance-technical-addendum-and-implementation-index-2026-06-01/ Doc: 69. Role: Branch C of the gated build-intake packet. Extracts the five surgical drift findings from doc 65 §65.2 (discovered live during the rehearsal run) and converts each into a mandatory build-fold-in with risk, exact build adjustment, verification test, and rollback impact. Status: BUILD-INTAKE DOCUMENT ONLY. No mutation. These are engineering corrections to apply inside the future build macro, not changes to make now. Date: 2026-06-01. Source: doc 65 §65.2; root evidence docs 57, 59, 61, 63. Authority for the frozen design docs being patched: docs 38 (SB-12), 39 (SB-13), 40 (SB-10), 41 (SB-11); addenda #4/#5 of doc 45 §45.4.

69.0 Why these are mandatory

All five are §4G surgical drift (the data/contract is unchanged; only the representative DDL placeholders (...) were wrong). They were invisible in docs 38–41 because those docs used representative column lists. The live BEGIN..ROLLBACK rehearsal hit the real CHECK constraints and FKs and surfaced them. A build macro authored from docs 38–41 alone would fail or mis-register. Per doc 65 §65.2: "These must be applied before any COMMIT build." Per doc 13 (GPT review): "Five surgical drift findings from doc 65 §65.2 must be folded into any future build prompt."

69.1 Verbatim source (doc 65 §65.2)

65.2 Drift findings to fold into the build (discovered live)

These must be applied before any COMMIT build (all are §4G surgical drift, contract unchanged):

  • F-57-1 queue_heartbeat: use executor_name/executor_kind (PK executor_name); executor_kind∈{…,PG_worker,…}; metadata Điều-45 safe-check (no body/content/secret keys). SB-13 build DDL/inserts must use these names.
  • F-57-2/3/4 event_type_registry: delivery_lane='delayed' (not deferred); event_stream∈{alert(findings),health(heartbeats)} (not governance); default_severity medium→warning. SB-11 registration must use these enum values; event_domain='governance' is the new free-text domain.
  • F-R7-1 dot_coverage_required.domain FK → dot_domains(code): build addendum #5 must register governance.{backfill,handoff,input,candidate} in dot_domains first.
  • F-R7-2 dot_tools Birth-Gate code-format PREFIX-NNN warning on dot_governance_* (non-blocking): decide rename to GOVDOT-### vs accept warning — addendum #4.
  • OI-45-1 doc 35 §7 "eleven" → "ten" reconciliation (count pinned at 10).

69.2 Per-finding build fold-in

F-57-1 — queue_heartbeat real columns (SB-13 build)

  • Issue: doc 39's representative DDL assumed generic heartbeat columns. Live queue_heartbeat PK = executor_name; real cols executor_name / executor_kind; executor_kind ∈ {DOT, Agent, Hermes, Codex, PG_worker, external_worker, future_Kestra_adapter}; last_tick_status ∈ {ok, warn, error}; metadata jsonb is under an Điều-45 safe-check that forbids keys body/content/raw/vector/embedding/secret/token/password/ssn/personal_data.
  • Risk if ignored: SB-13 heartbeat inserts fail (wrong column names / PK), or the Điều-45 safe-check trigger rejects a metadata payload, or a worker writes data (not signal) into the queue — an Điều-45 violation (payload-through-queue).
  • Exact build adjustment: SB-13 build DDL/inserts use executor_name = 'gov_<worker>', executor_kind = 'PG_worker', last_tick_status ∈ {ok,warn,error}, metadata = '{}'::jsonb (or only safe keys). No body/content/secret keys ever.
  • Verification test: BEGIN; INSERT … gov_backfill_sweep …; SELECT executor_name, executor_kind FROM queue_heartbeat WHERE executor_name LIKE 'gov\_%'; ROLLBACK; → row present, kind=PG_worker, no safe-check RAISE. (Proven in R-3 / doc 59.)
  • Rollback impact: heartbeat rows are reuse-table additive rows; rollback = DELETE WHERE executor_name LIKE 'gov\_%' (or DROP-of-transaction). Zero schema change to roll back.

F-57-2/3/4 — event_type_registry CHECK enum values (SB-11 build)

  • Issue: doc 41's representative registration used values that violate live CHECK constraints. Live constraints: delivery_lane ∈ {immediate, delayed} (NOT deferred); event_stream ∈ {comment, review, update, birth, task, alert, health} (NOT governance); default_severity ∈ {info, warning, critical} (NOT medium). event_domain='governance' is free-text (new domain, unconstrained). PK = (event_domain, event_type).
  • Risk if ignored: SB-11 registration INSERT fails on the CHECK constraint → register-before-emit step blocked → G-RBE cannot COMMIT.
  • Exact build adjustment: SB-11 registers the 5 governance event types with delivery_lane='delayed', event_stream='alert' for finding-type events / 'health' for heartbeat-type events, default_severity='warning' for the medium input finding (else 'info'), event_domain='governance', active=false (RR-9, register-before-emit).
  • Verification test: BEGIN; INSERT 5 governance rows active=false …; SELECT count(*) FROM event_type_registry WHERE event_domain='governance' AND active=false; SELECT count(*) FROM event_outbox WHERE event_domain='governance'; ROLLBACK; → 5 registered, outbox governance=0 (zero emit). (Proven in R-5 / doc 61.)
  • Rollback impact: registry rows are additive reuse-table rows; rollback = DELETE WHERE event_domain='governance'. No emit occurred (rows inactive), so nothing downstream to unwind.

F-R7-1 — dot_coverage_required.domain FK ordering (build addendum #5)

  • Issue: dot_coverage_required.domain has an FK → dot_domains(code). dot_domains has governance, governance.approval, governance.audit but not the 4 GCOS subdomains. First R-7 attempt failed: Key (domain)=(governance.backfill) is not present in dot_domains.
  • Risk if ignored: the T6/T7 addenda build fails at the dot_coverage_required insert (FK violation) → addenda #4/#5 cannot COMMIT.
  • Exact build adjustment: build addendum #5 must first INSERT governance.{backfill,handoff,input,candidate} into dot_domains (parent = governance) before inserting the dot_coverage_required rows. Ordering: dot_domains → dot_tools → dot_coverage_required.
  • Verification test: BEGIN; INSERT 4 dot_domains; INSERT 4 dot_tools; INSERT 4 dot_coverage_required; SELECT count(*) FROM dot_coverage_required WHERE domain LIKE 'governance.%'; ROLLBACK; → 4 GCOS coverage rows, no FK error. (Proven corrected in R-7 / doc 63.)
  • Rollback impact: three additive reuse-table inserts; rollback in reverse order (DELETE dot_coverage_requireddot_toolsdot_domains GCOS rows), or whole-transaction rollback.

F-R7-2 — dot_tools Birth-Gate code-format warning (build addendum #4)

  • Issue: the dot_tools Birth-Gate trigger warns when a code does not match PREFIX-NNN; dot_governance_* codes raise WARNING: Birth Gate [dot_tools]: Code format PREFIX-NNN … sai format. Non-blocking (INSERTs succeeded).
  • Risk if ignored: none functional (warning only); but un-decided it produces noise and an inconsistent naming convention vs the rest of dot_tools.
  • Exact build adjustment (decision required at build): either rename the 4 GCOS DOTs to GOVDOT-001..004 (PREFIX-NNN-compliant, silences the warning) or explicitly accept the warning and document dot_governance_* as an intentional descriptive naming. Recommend GOVDOT-### for convention-consistency. Record the choice in addendum #4.
  • Verification test: BEGIN; INSERT 4 dot_tools with chosen codes; -- observe WARNING count; ROLLBACK; → if renamed, zero Birth-Gate warnings; if accepted, 4 non-blocking warnings, INSERTs succeed.
  • Rollback impact: additive rows; rollback = DELETE the 4 DOT rows. Naming choice has no rollback consequence.

OI-45-1 — addenda count pinned at 10 (documentation reconciliation)

  • Issue: doc 35 §7 says "eleven targeted addenda"; the §3.2 / doc 45 §45.4 patch table contains exactly 10 rows. The "11th" is an off-by-one (the production-gate fail-closed rule is the 10th in-table row, not a separate +1).
  • Risk if ignored: a build agent looks for a non-existent 11th addendum, or believes one was skipped.
  • Exact build adjustment: authoritative addenda count for build = 10. When the frozen design docs are surgically patched at build time, correct doc 35 §7 wording "eleven" → "ten".
  • Verification test: count rows in doc 45 §45.4 addenda table = 10; confirm production-gate is addendum #10 in-table.
  • Rollback impact: documentation only; no PG impact.

69.3 Where each fold-in lands in the build

Finding Build step it modifies Frozen doc to surgically patch at build Addendum
F-57-1 SB-13 CREATE TABLE gov_worker_cursor + queue_heartbeat inserts doc 39
F-57-2/3/4 SB-11 event_type_registry registration doc 41 #9 (Điều-45 contract)
F-R7-1 T6/T7 addenda dot_domains pre-insert doc 45 §45.4 #5 (mandatory order)
F-R7-2 T6/T7 addenda DOT naming doc 45 §45.4 #4 (decision)
OI-45-1 doc 35 §7 wording doc 35 count pin

69.4 Surgical-drift verdict

All five findings are extracted, risk-assessed, and mapped to exact build adjustments + verification tests + rollback impacts. Each was already proven live (the corrected form ran successfully under BEGIN..ROLLBACK in R-3/R-5/R-7). They are mandatory build-fold-ins: the build macro MUST apply F-57-1, F-57-2/3/4, F-R7-1 (ordering) and resolve the F-R7-2 decision before COMMIT, and reconcile OI-45-1 in the patched design docs. None requires new authorization; all are engineering corrections.

Back to Knowledge Hub knowledge/dev/reports/architecture/one-roof-governance-technical-addendum-and-implementation-index-2026-06-01/69-surgical-drift-findings-build-fold-in.md