Incomex AI Portal
KB-30ED

05 · Computed Proof + Count Reliability Field Contract

10 min read Revision 1
terminal2computed-proofcount-reliabilityreliability-labelsno-literal-passP0P12026-06-05

05 · Computed Proof Matrix + Count Reliability Field Contract

Covers Area 4 (computed proof) and Area 5 (count reliability design).

Part A — Computed Proof (Area 4)

Verdict: PARTIAL → has a literal/curated branch (P0). Verdicts are not computed from the invariant.

A.1 Current state (proof IS partly curated/literal)

From pg_get_viewdef(v_rp_dynamic_drill_proof_matrix_v2) (01 §5):

  • base-12 verdicts are baked-in literals carried from v_rp_dynamic_drill_proof_matrix, including false-green case 12 (count 408, NEEDS_GROUPING, SHOW_SUBSTRATE → PASS).
  • GRP twins: verdict = CASE WHEN grouping_status_v2='GROUPED' AND group_count>0 THEN 'PASS' ELSE 'FAIL'computed, but only checks grouping existence, not child-sum coverage.
  • EMPTY: verdict = e.proof_verdict (delegated to classification view — acceptable).
  • BLK: verdict = 'PASS_WITH_EXPECTED_BLOCKER' LITERAL — can never FAIL (the H4 finding). It also hardcodes the node list ARRAY['PROC:official_rp','PROC:jobcut_verified'].

So the proof can show all green while the bound contract is broken (case 12) and cannot detect a regression in the blocked branch (literal PASS).

A.2 Computed proof spec — v_rp_dynamic_drill_proof_matrix_computed

Principle: the proof verdict IS the invariant verdict. The proof stops being an independent set of literals and becomes a named, human-readable projection of v_rp_full_population_drill_invariant.

v_rp_dynamic_drill_proof_matrix_computed =
  SELECT
    i.node_code AS case_id,
    i.axis_code, i.scenario_label,           -- scenario_label optional, from a small curated lookup (storytelling only)
    i.count_value, i.has_children, i.grouping_status, i.drill_action,
    i.substrate_available, i.next_route,
    i.drill_integrity AS verdict,            -- COMPUTED, never a literal
    i.warning_flags
  FROM v_rp_full_population_drill_invariant i
  • Blocked branch is computed: a node is PASS_WITH_EXPECTED_BLOCKER only if the invariant returns EXPECTED_AUTHORITY_BLOCKED and the node is not faked-green (real count, owner_blocker set, no green substrate). If a "blocked" node ever silently serves green substrate, the invariant returns a FAIL_* and the proof shows FAIL. No literal, no hardcoded node list.
  • Case 12 is fixed automatically: under _current→v2/reliability it becomes EXPECTED_…/PASS (GROUPED); under _current→v1 it becomes FAIL_MISLEADING_SUBSTRATE. The proof now reflects which contract is bound.

A.3 Curated examples vs full-population proof (keep both, distinguish clearly)

Artifact Role Cardinality Verdict source
Curated example matrix (the 26 named scenarios) documentation / storytelling ("base root→children→leaf") small, hand-picked must agree with the invariant for those nodes (a test, not the source of truth)
Full-population computed proof (…_computed) the actual proof of correctness every node + child group (337 today) the invariant

System PASS = v_rp_full_population_drill_invariant has 0 FAIL_* (WARN/EXPECTED allowed and counted). The curated matrix is retained as a readable subset and gains a guard: for each curated node, curated_expectation == invariant_verdict; mismatch ⇒ the curated matrix is stale (a labeled DATA_DEBT, not a silent pass).

A.4 Acceptance (Area 4)

  • …_computed derives 100% of verdicts from the invariant (grep: no 'PASS'/'PASS_WITH_EXPECTED_BLOCKER' string literal in the verdict column expression).
  • Flipping _current to v1 makes the computed proof show ≥1 FAIL_* (proves it can fail).
  • The acceptance dashboard reads …_computed counts, not the curated 26.

Part B — Count Reliability Field Contract (Area 5)

Verdict: PARTIAL (P1). 8 reliability fields exist on the node, but several are shallow proxies (01 §3); systemic detectors are not joined onto the node.

B.1 Gap analysis (implemented vs needed)

Field Implemented Gap Target
reliability_label 3-value CASE on count_status (AUTHORITY_BLOCKED/CANDIDATE/UNKNOWN) only 3 of the 15-label vocabulary; ignores stale/synthetic/non-additive data-driven label from the 15-vocab, resolved by joining detectors (see B.2)
source_scope binary `synthetic_axis registered_axis` no CANDIDATE/OFFICIAL/DERIVED distinction
confidence_score per-label default (50) not evidence-based composite: adapter freshness × governance × staleness × additivity (0–100)
lane_code = axis_code ignores the 23-lane split real lane from v_rp_axis_lane_split (e.g. AX-BASE→AX-BASE/active, MTX-TEST→AX-BASE/test)
count_semantics = count_status (raw) not an additivity contract `ADDITIVE
warning_flags_v2 adds SYNTHETIC_AXIS/NEEDS_GROUPING/SUBSTRATE_UNAVAILABLE misses STALE_LITERAL/NOT_ADDITIVE/DEDUP_INERT/PARTIAL_SOURCE union node flags ∪ systemic detector flags (B.2)
blocker_type_v2 register_axis/president_vote/object_owner/none OK (computed) add operator (kb_sop partial, REAL_RUN, deploy)
next_action_v2 = drill_action not a governance action reuse v_process_trigger_actionability_ledger.recommended_action pattern: a real next step

B.2 Final reliability field contract (the spec)

_current (and thus the UI) must expose, per node:

reliability_label   TEXT  -- one of the 15-label vocabulary, resolved by precedence:
                          --   STALE (if node's count is a static literal flagged by v_rp_static_literal_detector)
                          -- > SYNTHETIC (if axis governance_class IN (SYNTHETIC,DERIVED))
                          -- > NOT_ADDITIVE (if count_semantics<>ADDITIVE and node aggregates lanes)
                          -- > AUTHORITY_BLOCKED (owner_blocker / official_workflow)
                          -- > PARTIAL (if any feeding adapter is PARTIAL, e.g. kb_sop)
                          -- > CANDIDATE (status CANDIDATE) > FINAL (official+fresh+additive) > UNKNOWN
source_scope        TEXT  -- OFFICIAL | CANDIDATE | SYNTHETIC | DERIVED   (from axis_registry.governance_class)
confidence_score    INT   -- 0..100 composite (adapter freshness, governance, staleness, additivity)
lane_code           TEXT  -- real lane from v_rp_axis_lane_split (not axis_code)
count_semantics     TEXT  -- ADDITIVE | NON_ADDITIVE | PARTIAL | MIXED | UNKNOWN
warning_flags       JSONB -- union of node flags + detector flags:
                          --   STALE_LITERAL, NOT_ADDITIVE, SYNTHETIC_AXIS, DERIVED_AXIS,
                          --   NEEDS_GROUPING, SUBSTRATE_UNAVAILABLE, PARTIAL_SOURCE, DEDUP_INERT
blocker_type        TEXT  -- register_axis | president_vote | object_owner | operator | none
next_action         TEXT  -- concrete governance action (ledger-style), not the drill action

Joins required (all existing detectors — reuse-first):

  • v_rp_static_literal_detector → STALE_LITERAL + which nodes (residual_reconcile=8 stale vs 2; job_queue=8 vs 13).
  • v_rp_synthetic_axis_register_gap / axis_registry.governance_class → SYNTHETIC/DERIVED + source_scope.
  • v_rp_axis_lane_split → lane_code + NOT_ADDITIVE (the 39/52/309/19 mixed totals).
  • v_rp_source_adapter_coverage / _scope_warnings → PARTIAL_SOURCE (kb_sop).
  • v_rp_dedup_signature_gap → DEDUP_INERT (normalized_signature 39/39 NULL).

B.3 Which surfaces must expose these fields

  1. _current per-node contract — all 8 fields (drives badges).
  2. v_rp_count_reliability_dashboard — systemic rollup (already has overall 83 etc.).
  3. UI — every rendered count must carry, visibly: source_scope + reliability_label (and a warning_flags badge if non-empty). No bare number without a scope/label (the "no silently-wrong unlabeled count" rule, law: evidence-first / no-fake).

B.4 Classification

Issue Class Severity
Proof verdict literal/curated (BLK branch + case 12) HARD_BUG (design) P0
No full-population computed proof ARCHITECTURE_GAP P0
reliability_label 3-value (not 15-vocab, detectors not joined) DESIGN_DRIFT P1
lane_code=axis_code, count_semantics=count_status, confidence=default DESIGN_DRIFT P1
next_action_v2 = drill_action (not governance action) UI_DEBT / DESIGN_DRIFT P2

B.5 Required technical spec for T1 (Area 5)

  1. Rebuild the reliability decorator to join the 5 detectors (B.2) and emit the full field contract (B.2 names — drop the _v2 suffixes; _current is the stable name).
  2. source_scope/count_semantics from axis_registry.governance_class/count_semantics (doc 03).
  3. lane_code from v_rp_axis_lane_split; reliability_label by the precedence ladder.
  4. confidence_score composite formula (document the weights).
  5. next_action from a ledger-style mapping (reuse the actionability-ledger pattern).
  6. Acceptance: a node with a stale literal shows reliability_label=STALE; an AX-PXT node shows source_scope=DERIVED; a NON_ADDITIVE aggregate shows count_semantics=NON_ADDITIVE + NOT_ADDITIVE flag; no node shows a bare count without scope+label.
Back to Knowledge Hub knowledge/dev/reports/architecture/parallel-terminal2-rp-canonical-contract-design-alignment-technical-spec-2026-06-05/05-computed-proof-and-count-reliability-design.md