10 · Technical Design Supplement (consolidated)

The single updated RP technical design. Each section references the detailed doc. All of this is birth-free, T1-buildable, no authority required (except where flagged P3).

1. Target architecture (end state)

                       axis_registry  (rows = the axis universe; binding columns = the contract)
                       ──────────────────────────────────────────────────────────────────────
                       axis_code, node_source, node_filter, child_rule, substrate_resolver,
                       route_prefix, governance_class, count_semantics, derived_from, …
                                   │ iterate rows
                                   ▼
   rp_grouping_policy ──▶ fn_rp_axis_nodes(axis_code) ──▶ v_rp_universal_node_base  (registry-driven; NO hardcoded UNION)
   (threshold)                                                   │
   detectors (lane_split, static_literal,                        │  + grouping decorator (policy-driven)
    synthetic_gap, dedup_gap, adapter_coverage) ───────────────▶ │  + reliability decorator (full field contract)
                                                                 ▼
                                            v_rp_universal_node_ui_contract_current   ◀── UI binds ONLY this
                                                                 │
                          ┌──────────────────────────────────────┼───────────────────────────────┐
                          ▼                                      ▼                                ▼
        v_rp_full_population_drill_invariant      v_rp_dynamic_drill_proof_matrix_computed   v_rp_contract_current_guard
        (every node + child; FAIL/EXPECTED/WARN)  (verdict = invariant, no literals)        (deploy gate: 0 FAIL, rowcount, non-null route)

2. Canonical contract architecture (doc 02)

One canonical view v_rp_universal_node_ui_contract_current; UI binds it exclusively.
Version lifecycle: ACTIVE_CURRENT / SUPERSEDED / DEPRECATED / FROZEN_COMPAT, tracked in v_rp_contract_version_registry.
Stale prevention: single binding target + lifecycle registry + v_rp_contract_current_guard + deprecation markers + a no-_vN-reference lint.
Same _current convention for proof matrix + acceptance dashboard.

3. Registry-driven axis binding (doc 03)

Extend axis_registry (reuse-first; no parallel axis_source_binding) with: source_kind, governance_class, route_prefix, count_semantics, reliability_source, child_grouping_policy_ref, ui_render_kind, derived_from.
fn_rp_axis_nodes(axis_code) generic dispatcher; base view iterates axis_registry. Kills the 6-way UNION, route literals, the job:cut special branch, the hardcoded 50/count>1 threshold.
New axis = registry row (+ optional resolver fn). Never a view/UI edit.
Residual acceptable hardcode: per-domain substrate resolver functions (the adapter layer), referenced by name from the registry.

4. Full-population drill invariant (doc 04)

v_rp_full_population_drill_invariant over _current ∪ grouped children.
FAIL: FAIL_NULL_ROUTE, FAIL_MISLEADING_SUBSTRATE, FAIL_DEAD_END, FAIL_EMPTY_GROUPING, FAIL_UNCOVERED.
Expected-blocker: EXPECTED_NEEDS_GROUPING, EXPECTED_EMPTY, EXPECTED_AUTHORITY_BLOCKED.
Warn: WARN_COUNT_SUBSTRATE_MISMATCH, WARN_CHILD_SUM_MISMATCH, WARN_NON_ADDITIVE.
New computation substrate_represents_count; coverage assertion v_rp_drill_invariant_coverage.
UI render branch per status (doc 04 §5). System PASS = 0 FAIL.

5. Computed proof (doc 05A)

v_rp_dynamic_drill_proof_matrix_computed = verdict IS drill_integrity (no literals; blocked branch computed from EXPECTED_AUTHORITY_BLOCKED, no hardcoded node list).
Curated 26-case matrix retained as examples only, guarded to agree with the invariant.
Distinguish curated examples (storytelling) vs full-population proof (truth).

6. Reliability labels (doc 05B)

Final per-node fields on _current: reliability_label (15-vocab, precedence-resolved), source_scope (OFFICIAL/CANDIDATE/SYNTHETIC/DERIVED), confidence_score (composite), lane_code (23-lane), count_semantics (ADDITIVE/NON_ADDITIVE/PARTIAL/MIXED), warning_flags (node ∪ detectors), blocker_type (+operator), next_action (governance action).
Join the 5 detectors (static_literal, synthetic_gap, lane_split, adapter_coverage, dedup_gap).
Surfaces: _current, reliability dashboard, UI badges. No bare count without scope+label.

7. Source adapter coverage (doc 08)

Formalize adapter registry; add freshness_sla_days + partial/unknown behavior; build v_rp_adapter_freshness + v_rp_scanner_heartbeat.
Propagate PARTIAL_SOURCE/STALE_ADAPTER onto nodes. Partial never counted as total.

8. Synthetic-axis governance (doc 06)

Register AX-BASE (DERIVED_STRUCTURAL), AX-PXT (DERIVED_CROSS, terminal), AX-TRIGGER (CANDIDATE) as candidate/derived rows (engineering proposes; owner ratifies activation).
Rule: DERIVED axes never independently officialized (officiality = MIN(parents)).
source_scope reads governance_class; UI badges.

9. UI route/render contract (doc 09)

Pass-through routes bind _current only (grep gate).
One generic drill.vue switching on drill_action/drill_integrity, never axis_code.
Badges from reliability/governance fields; FAIL never renders green; new axis renders with no new component.
Source UNVERIFIED this run.

10. Birth/governance/RP sync (doc 07)

Per-node gov_sync_state; propagate STALE_LITERAL (closes the only dangerous-mismatch).
Official RP stays 0 (honest); no fake authority.

11. Migration path (from current v1/v2/reliability to the end state)

Phase 0 — canonical alias (P0, ~30 min, birth-free, zero risk):

v_rp_universal_node_ui_contract_current = SELECT * FROM …_reliability.
v_rp_contract_version_registry + v_rp_contract_current_guard.
(UI, when access) repoint routes to _current; grep gate. → UI immediately gets the corrected grouping/empty + reliability fields; the 12 v1 false-affordances disappear from the bound surface.

Phase 1 — invariant + computed proof (P0, birth-free): 4. v_rp_full_population_drill_invariant (+substrate_represents_count, coverage view). 5. v_rp_dynamic_drill_proof_matrix_computed; wire guard to FAIL on any FAIL_*. 6. Regression test: _current→v1 yields 12 FAIL; _current→reliability yields 0 FAIL.

Phase 2 — reliability hardening (P1, birth-free): 7. ALTER axis_registry (binding + governance_class columns); backfill. 8. Rebuild reliability decorator with the 5 detector joins → full field contract; gov_sync_state; propagate STALE/PARTIAL. 9. Register the 3 synthetic axes (candidate/derived).

Phase 3 — registry-drive the base (P1, birth-free, surgical-drift only): 10. fn_rp_axis_nodes + v_rp_universal_node_base iterating axis_registry; output columns byte-identical to today's v1. 11. Repoint the decorator chain onto the new base; retire v1/v2/reliability to SUPERSEDED→DEPRECATED; _current resolves to the new single registry-driven view. 12. Move grouping threshold to rp_grouping_policy; route prefixes to route_prefix.

Phase 4 — adapter freshness + scanner heartbeat (P2): docs 08.

Phase 5 — authority (P3, NOT T1): president votes → official RP; AX-TRIGGER/AX-PROCESS owners; REAL_RUN flips; UI operator deploy.

Each phase is independently shippable and reversible (CREATE OR REPLACE + a 99_rollback.sql); birth-free (no inserts into birth-triggered tables — axis_registry row proposals are candidate/derived and owner-gated, not auto-active).

12. Constitutional compliance (law §5)

No-hardcode: Phase 3 removes the axis/route/threshold literals; remaining literals = the label vocabulary dictionary (acceptable, classified).
DOT/visibility: all new views are RP-visible; guard + invariant give DOT-style health.
Reuse-first: extend axis_registry/rp_grouping_policy/detectors/actionability-ledger; build nothing duplicate.
Reversible: every step CREATE OR REPLACE + rollback.
Five-layer / assembly-first: PG renders logic; Nuxt pass-through binds _current; no direct-PG-from-Nuxt.
No-fake / fail-closed: official RP 0 preserved; authority untouched.
Điều-45: scanner = job not event; queue carries signal; executor boundary held.