12 · Final Summary — T2 RP Canonical Contract Design Alignment (PARTIAL; design implementation-ready)
12 · Final Summary — T2 RP Canonical Contract Design Alignment
Status: PARTIAL — design advanced and is implementation-ready; T1 final checkpoint absent → AWAITING_T1_FINAL.
Mode: READ-ONLY. Mutations: NONE except this KB doc set (13 docs + checkpoint). DB: directus.public.
Design alignment verdict: DESIGN_ADVANCED_AND_IMPLEMENTATION_READY — the newest direction (canonical/registry/invariant/computed-proof/reliability) is correct; only the reliability fields + a registry label join have landed; the structural P0 moves are designed here, not yet built.
1. T1 current state used
checkpoint-rp-contract-canonical-registry-driven-fullpop-nohardcode-2026-06-05= NOT PRESENT (404) →AWAITING_T1_FINAL.- Latest applied state =
checkpoint-rp-count-reliability-adapter-reconciliation-2026-06-05(reliability layer, overall 83) + the two drill checkpoints + the prior T2 systemic audit (overall 54). Live read-only re-verification confirms no drift (axis_registry 2, ownership 0, votes 0, REAL_RUN 0, contracts v1/v2/reliability present, no_current/invariant/computed-proof/binding objects).
2. What is already implemented correctly (credit)
- Reliability fields exist on a 29-col
…_reliabilitysuperset; systemic detectors (lane split, static-literal, synthetic-gap, dedup-gap, adapter coverage) are built and computing (dashboard overall 83). - Grouping + empty-substrate fixes are correct in v2 (10 NEEDS_GROUPING → GROUPED; 2 dead-ends → classified EMPTY) — the logic is right.
- axis_registry already carries a binding schema (node_source/child_rule/substrate_resolver/…) — a strong reuse base.
- Governance honesty: official RP 0 (not faked), ownership/votes/REAL_RUN 0, events fail-closed, birth-safe, divergences labeled, no Nuxt math. The framing "authority-blocked, no engineering blocker" is correct.
- Adapter coverage strong (94; scanner fired 04:10:01 CEST).
3. What is design-drift (must fix)
- DD1: UI bound to stale v1 while corrected logic lives only in undeployed v2/reliability; no
_current. - DD2: Contract is view-driven-with-metadata, not registry-driven (8239-char hardcoded UNION; axis_registry read only for one label).
- DD3: Reliability fields are shallow proxies (
lane_code=axis_code,count_semantics=count_status,reliability_label3-of-15,confidence=default); detectors not joined onto the node. - DD4: Proof verdicts curated/literal (false-green case 12; literal
PASS_WITH_EXPECTED_BLOCKER); no full-population invariant feeds them. - DD5: 3 synthetic axes RP-visible-but-not-governed.
- DD6: UI binds versioned views, not
_current; badges not in renderer.
4. Classification table (all issues)
| ID | Issue | Class | Severity |
|---|---|---|---|
| F1 | No canonical _current view |
ARCHITECTURE_GAP | P0 |
| F1b | UI bound to stale v1 (corrected logic undeployed) | DESIGN_DRIFT | P0 |
| F2 | Contract not registry-driven (hardcoded 6-way UNION, routes, threshold, job:cut) | ARCHITECTURE_GAP | P0 |
| F3 | No full-population drill invariant; 12/87 nodes violate it in v1 | ARCHITECTURE_GAP / HARD_BUG(design) | P0 |
| F4 | Proof verdicts literal/curated (case 12 false-green; literal blocked branch) | HARD_BUG(design) | P0 |
| F5a | reliability_label 3-of-15; detectors not joined to node | DESIGN_DRIFT | P1 |
| F5b | lane_code=axis_code; count_semantics=count_status; confidence=default | DESIGN_DRIFT | P1 |
| F5c | next_action_v2=drill_action (not governance action) | UI_DEBT / DESIGN_DRIFT | P2 |
| F6a | 3 synthetic axes unregistered (RP-visible-not-governed) | GOVERNANCE_BLOCKED + DESIGN_DRIFT | P1 |
| F6b | No governance_class; no "DERIVED never official" rule | ARCHITECTURE_GAP | P1 |
| F7a | PXT ledger stale literals readable as live (dangerous-mismatch) | DATA_DEBT | P1 (label) / P2 (refactor) |
| F7b | No per-node gov_sync_state | ARCHITECTURE_GAP | P2 |
| F7c | Phantom PIV-301/302/303/310; MTX-TEST/PIV-020 in AX-BASE headline | DATA_DEBT | P2 |
| A1 | No version lifecycle / registry | ARCHITECTURE_GAP | P1 |
| A2 | 3-deep view nesting (transitional) / version sprawl | OPERATIONAL_DEBT | P2 |
| AD1 | kb_sop adapter PARTIAL | INFRA_INCOMPLETE | P2 |
| AD2 | No contract-level freshness policy/propagation | ARCHITECTURE_GAP | P2 |
| AD3 | adapter-log vs scanner-log disagreement | OPERATIONAL_DEBT | P2 |
| U1 | UI binds _vN not _current; badges missing |
DESIGN_DRIFT / UI_DEBT | P1 |
| U2 | UI source not auditable this run | — | UNVERIFIED_SOURCE_ACCESS |
| AUTH | president votes / owners / REAL_RUN / UI deploy | GOVERNANCE_BLOCKED | P3 |
| OK1 | grouping/empty logic correct in v2 | ACCEPTABLE_TEMPORARY | — |
| OK2 | label vocabulary dictionary literals | ACCEPTABLE_TEMPORARY | — |
5. P0 / P1 / P2 design gaps (the short list)
- P0 (must fix before UI trusted): canonical
_current+ guard; full-population invariant; computed proof; registry-drive the base. → STEP 1–3 (deployable today) + STEP 6. - P1 (before production monitoring): full reliability field contract + detector joins; axis_registry binding/governance columns; register synthetic axes; per-node gov_sync + STALE label; version lifecycle registry; UI bind
_current+ badges. - P2 (label & track): adapter freshness/propagation; scanner-log reconcile; PXT static-literal refactor; phantom/MTX cleanup; view-nesting/sprawl.
- P3 (authority/operator only): votes, owners, REAL_RUN flips, UI deploy, kb_sop full adapter.
6. What T1 must fix next (ordered)
Per doc 11: STEP 1 (canonical _current + guard) → STEP 2 (invariant) → STEP 3 (computed proof) are the trust-critical, deployable-today P0 trio. Then STEP 4–6 (registry binding + full reliability + kill the UNION). All birth-free, no authority.
7. What must be labeled until fixed (UI must-label-now)
- AX-BASE/AX-PXT/AX-TRIGGER = SYNTHETIC/DERIVED (AX-PXT permanently derived).
- PXT ledger counts may be STALE literals (residual/job_queue) — badge until refactor.
- Trigger universe 525 = DB-only (host 77 not in additive total) —
PARTIAL. - All nodes CANDIDATE / 0 official.
- The bound contract is stale v1 until STEP 1 (
_current) lands.
8. Whether more live checks are needed
No additional live DB checks required for the design — the contract chain, viewdefs, invariant violations, proof logic, axis_registry schema, and reliability field computation were all captured live. One check is deferred to T1: the UI source grep (no _vN references; no axis_code switch) — not possible this run (UNVERIFIED_SOURCE_ACCESS; Nuxt repo on contabo, divergent, no creds). T1 must run it when source access is available (doc 09 §3).
9. PASS rationale
Per the task's PASS bar — "the updated design is specific enough for T1 to implement without rediscovery" — docs 02–11 provide exact view/column/predicate/DDL specs, a regression test for the invariant (v1⇒12 FAIL, reliability⇒0 FAIL), a migration path in 6 shippable phases, and an ordered backlog. The reason this run is PARTIAL not PASS is solely that T1's final checkpoint is absent (AWAITING_T1_FINAL), so the design "advances without T1 final" — which the task defines as PARTIAL. The design itself meets the specificity bar.