T2 RP Systemic Reality Audit — 11 Final Summary
11 — Final Summary
Audit: T2 RP Systemic Reality / Hardcode / Auto-Scale / Design-Gap · Date: 2026-06-05 · Mode: READ-ONLY · Verdict: PASS
Mutations: NONE except this KB audit doc set. · DB: directus.public (corrects "incomex").
Scores
| Dimension | Score | One-line |
|---|---|---|
| Hardcode safety | 52 | counts labeled, no Nuxt math — but axis topology hardcoded in the contract UNION |
| Auto-scale readiness | 38 | census layer scales; render contract does not (ignores axis_registry) |
| Source adapter coverage | 62 | 16/16 built, adapters ran 06-05; host-trigger + KB-SOP partial |
| Count reliability | 70 | no silent wrong counts; stale ledger literals + dual-contract + partial-as-total |
| Drill full-population readiness | 45 | curated proof; AX-PXT high-count → mismatched substrate; literal PASS verdict |
| Birth/governance sync | 58 | birth-safe, no-fake — but 3/5 axes synthetic/unregistered, ownership=0 |
| Automation reality | 40 | adapters real; orchestrator unproven 06-05; queues without drainers |
| UI architecture readiness | 55 (design) | PG-rendered/pass-through good; not deployed; source UNVERIFIED; binds stale v1 |
| Overall RP trustworthiness | 54 | honest & safe, not yet a trustworthy supervision UI |
Hardcode findings
- H1 (P0):
v_rp_universal_node_ui_contractis a 6-wayUNION ALLof hardcoded axis literals (AX-BASE/TOPIC/PROCESS/TRIGGER/PXT); never readsaxis_registry. New axis = view edit. - H2: hardcoded route prefixes per branch. H3:
job:cutspecial-cased branch. - H4 (P0): proof_matrix_v2 blocked branch hardcodes
ARRAY['PROC:official_rp','PROC:jobcut_verified']+ literalPASS_WITH_EXPECTED_BLOCKERverdict → can never FAIL. - H5/C1: AX-PXT counts are static ledger literals;
PROC:residual_reconcile=8stale vs live 2. - H6: AX-BASE/AX-TRIGGER/AX-PXT not in axis_registry (3/5 synthetic).
- H7: phantom PIV-301/302/303/310 +
MTX-TESTin prod. - H8 (P0): AX-PXT count>1 nodes hardcoded
drill_action=SHOW_SUBSTRATEdespitegrouping_status=NEEDS_GROUPING.
Auto-scale findings
New axis = REQUIRES_VIEW_EDIT (worst). New pivot = AUTO_COVERED (the good pattern). New source-class = NOT_COVERED; known class = COVERED_IF_REGISTERED. New host trigger = NOT_COVERED (excluded from the 525 universe). New governance object = NOT_COVERED (ownership table empty). The counting layer scales; the rendering layer does not.
Adapter / source reality
16/16 adapters built; wf_adapter_run_log 5 runs on 06-05 02:10 (REAL). But wf_scanner_run_log last run 06-04 09:53, 0 on 06-05 (orchestrator unproven). KB-SOP adapter PARTIAL/UNKNOWN. Host triggers excluded from 525. wf_*_digest_v2 tables are 06-04 snapshots — read the views.
Count reliability
No silently-wrong unlabeled count. Issues: stale ledger literals (residual 8 vs 2), dual-contract v1/v2 divergence (v1 still 10 NEEDS_GROUPING / 2 missing; v2 resolved), trigger 525 partial-shown-as-total, stale digest tables, phantom pivots. "Empty 2→0" = 0 unexplained, not 0 missing (substrate still 20/22).
Full-population drill risk
Proof is curated 26, not 87. AX-PXT substrate_available=true points at a 12-row gap ledger while count_value is up to 408 — substrate ref ≠ substrate population (route-to-misleading-page). No invariant-violations guard exists; building one would flag ≥10 nodes today.
Birth / governance / RP sync
Birth-safe (before==after), fail-closed (real_run_enabled=false), no-fake (0/453 official, 5/5 PROC-OWN pending, ownership 0). Mismatch: 3 synthetic axes RP-visible-but-not-governed. No "governed-but-invisible" found. No dangerous fake; the risk is presenting synthetic axes as peers of candidate axes unlabeled.
Automation reality
Only proven recurring automation = source-adapter refresh. Orchestrator fire unproven; remediation/drift/action queues are READONLY_VIEW_ONLY; review loop MANUAL; REAL_RUN PLAN_ONLY (fail-closed). RP currently observes live; it does not act.
UI architecture readiness
Design sound (PG-rendered, pass-through, label-data present), but not deployed, source UNVERIFIED (outside read allowlist), binds the stale hardcoded v1 contract, and lacks synthetic/partial/stale flags the UI needs to label honestly.
Design gaps
Master gap G1: registry-driven rendering is designed but not wired. G2: version sprawl (131 views, v2–v6) with no canonical _current. G3: derived lenses (AX-PXT/AX-TRIGGER) costumed as governed axes. G4: observe-heavy, actuate-light.
P0/P1/P2 fix roadmap (all P0/P1 are birth-free, T1-fixable, no authority)
- P0-1 unify v1/v2 contract behind canonical name.
- P0-2 registry-drive the contract (add
axis_source_binding, kill hardcoded UNION). - P0-3 full-population drill-invariant view + computed (not literal) blocked verdict.
- P1-1
governance_classlabel for synthetic axes. P1-2 live AX-PXT counts. P1-3scopelabels for partial counts. P1-4 canonical_currentaliases. - P2 phantom/MTX-TEST cleanup; prove scanner fire (operator); DB↔host drift reconcile; dry-run actuation loop.
- P3 (NOT T1): president votes, AX-TRIGGER/AX-TOPIC owners, REAL_RUN flips, UI deploy.
What T1 should fix next
- P0-1 unify contract → 2. P0-2 registry-drive → 3. P0-3 drill-invariant guard → 4. P1 labels (governance_class / live counts / scope) → 5. P1-4 canonical aliases + P2-1 cleanup.
What must be labeled in the UI immediately
- AX-BASE/AX-TRIGGER/AX-PXT = SYNTHETIC/DERIVED, not governed axes.
- AX-PXT counts = ledger-literal, may be stale; AX-PXT count>1 nodes = substrate is a gap summary, not the object list.
- Trigger 525 = DB/dot only (host excluded).
- All nodes = CANDIDATE / 0 official; nothing is officialized.
- The bound contract is v1 (un-resolved grouping) until P0-1 lands.
Mismatch with T1 assumptions
T1's "production-closeout ready / UI_DYNAMIC_DRILL_PROVEN" is true only for the non-deployed v2 twins on a curated proof set. The deployed-intended v1 contract is stale (10 ungrouped, 2 missing), the proof is curated not full-population, the orchestrator hasn't fired 06-05, and the contract is not registry-driven. None of this contradicts T1's engineering effort or its "authority-blocked, no-engineering-blocker" framing on governance — but there is un-flagged architecture/engineering debt (P0-1..P0-3) that T1 can and should fix without any authority. RP is honest and safe; it is not yet trustworthy as a supervision UI (trustworthiness 54/100).