10 — Fix Roadmap & Priorities

Each item: root cause · classification · severity · exact safe fix · T1-fixable? · authority needed? · UI-label-first?

Classification: BUG / ARCHITECTURE_GAP / INFRA_INCOMPLETE / GOVERNANCE_BLOCKED / UI_DEBT / DATA_DEBT / OPERATIONAL_DEBT.

P0 — must fix before RP is trusted as a supervision UI

P0-1 — Unify the dual contract (v1/v2) behind one canonical name

• Root cause: grouping/empty closure landed in _v2 twins; the un-suffixed v1 is still live and stale (AX-PXT 10 NEEDS_GROUPING).
• Class: ARCHITECTURE_GAP / DATA_DEBT. Sev: P0.
• Fix: CREATE OR REPLACE VIEW v_rp_universal_node_ui_contract AS SELECT * FROM <v2 logic> (fold v2 into the canonical name), or create v_rp_node_contract_current alias and repoint UI/proof to it. Drop/retire the stale twin. Birth-free.
• T1: YES. Authority: NO. UI-label-first: N/A (fix removes the ambiguity).

P0-2 — Make the contract registry-driven (kill the hardcoded axis UNION)

• Root cause: H1 — v_rp_universal_node_ui_contract hardcodes 5 axes; ignores axis_registry.
• Class: ARCHITECTURE_GAP. Sev: P0 (root of auto-scale 38).
• Fix: introduce an axis_source_binding registry (axis_code → source view → node/label/count/route mapping), register AX-BASE/AX-TRIGGER/AX-PXT (with a governance_class of NATIVE/SYNTHETIC/DERIVED), and rebuild the contract to iterate registry rows instead of literal UNION branches. Generalize the job:cut special-case into a verified-process row source.
• T1: YES (DDL-only, birth-free). Authority: NO. UI-label-first: label synthetic axes immediately (see P1-1) while this lands.

P0-3 — Add a full-population drill-invariant guard

• Root cause: proof is curated (26 cases), AX-PXT high-count nodes route to mismatched substrate (doc 05 I3/H8), blocked verdict is literal PASS (H4).
• Class: BUG / ARCHITECTURE_GAP. Sev: P0.
• Fix: build v_rp_drill_invariant_violations (the 4 checks in doc 05). Make the proof matrix's blocked verdict computed (not literal). Wire the violations view into the acceptance dashboard so "0 violations over all 87 nodes" is the PASS gate, not "26 curated cases."
• T1: YES. Authority: NO. UI-label-first: until 0 violations, label AX-PXT count>1 nodes "grouped-children, substrate is a gap summary."

P1 — fix soon; required for honest production

P1-1 — Label/register synthetic axes

• Root cause: AX-BASE/AX-TRIGGER/AX-PXT not in axis_registry (H6, doc 06). Class: ARCHITECTURE_GAP. Sev: P1.
• Fix: add governance_class to the contract now (NATIVE_PIVOT / SYNTHETIC / DERIVED_LEDGER / CANDIDATE_AXIS); optionally insert registry rows with status=SYNTHETIC. T1: YES. Authority: NO. UI-label-first: YES — UI must badge these 3 as derived lenses immediately.

P1-2 — Drive AX-PXT counts from live counts, not ledger literals

• Root cause: C1/H5 — object_count literals, residual=8 stale vs live 2. Class: DATA_DEBT. Sev: P1.
• Fix: replace v_process_trigger_actionability_ledger literal counts with live count(*) subqueries (or join to census). Add count_freshness column. T1: YES. Authority: NO. UI-label-first: label ledger counts "may be stale" until fixed.

P1-3 — Label partial-scope counts (triggers 525, KB-SOP)

• Root cause: C3 — 525 excludes host triggers; KB-SOP unknown. Class: DATA_DEBT/UI_DEBT. Sev: P1.
• Fix: add scope column (DB_ONLY / INCLUDES_HOST / PARTIAL_UNKNOWN) to trigger/coverage contracts. T1: YES. Authority: NO. UI-label-first: YES.

P1-4 — Establish canonical-view aliasing (version-sprawl hygiene)

• Root cause: G2 — 131 views, multiple v2–v6, no _current pointer. Class: OPERATIONAL_DEBT. Sev: P1.
• Fix: for each concern, create a stable _current view that selects from the chosen version; retire superseded versions or mark DEPRECATED. T1: YES. Authority: NO.

P2 — hygiene / completeness

P2-1 — Remove phantom pivots + test pivot

• PIV-301/302/303/310 phantom, MTX-TEST in prod (H7/C7). Class DATA_DEBT. Fix: remove phantom references; delete/retire MTX-TEST. T1: YES (MTX-TEST delete is a DML on a test row — confirm owner intent first). Authority: light (data owner).

P2-2 — Prove or fix the scanner orchestrator fire

• wf_scanner_run_log 0 runs 06-05 (doc 07). Class INFRA_INCOMPLETE. Fix: inspect timer/orchestrator; confirm 04:10 fire writes a run row; add a heartbeat/silent-gap alert (Điều 45). T1: partial (read-only diagnosis here; the fix touches host systemd → OPERATOR). Authority: operator.

P2-3 — Reconcile DB↔host drift (cron 42-vs-7, bin 287-vs-186)

• doc 03. Class DATA_DEBT. Fix: extend fn_dot_wf_map_host_objects mapping. T1: YES.

P2-4 — Build remediation/drift actuation loop (safe steps only)

• doc 07 — queues without drainers. Class INFRA_INCOMPLETE. Fix: a dry-run drainer that proposes (not executes) and logs; execution stays fail-closed. T1: YES (dry-run). Authority: for real execution only.

P3 — defer / authority-gated (NOT T1)

• President votes PROC-OWN-01..05 → first official AX-PROCESS. GOVERNANCE_BLOCKED.
• AX-TRIGGER owner (Dieu-39), AX-TOPIC ratification (Điều 32). GOVERNANCE_BLOCKED.
• dot:kg REAL_RUN flips (real_run_enabled etc.). GOVERNANCE_BLOCKED / OPERATOR.
• UI deploy (push feat/process-axis-dashboard, PR, redeploy). OPERATOR.

What T1 should do next (ordered)

1. P0-1 unify v1/v2 contract behind canonical name.
2. P0-2 registry-drive the contract (+ axis_source_binding).
3. P0-3 drill-invariant violations view + computed blocked verdict.
4. P1-1/P1-2/P1-3 add governance_class / live counts / scope labels.
5. P1-4 canonical _current aliases; P2-1 phantom cleanup. All P0/P1 are birth-free DDL, no authority required. P3 stays paused for authority/operator.