13 — No-Hardcode Enforcement + Real Violations Found (live source scan)
title: 13 — No-Hardcode Enforcement + Real Violations (Branch K) date: 2026-05-31 scan_target: /opt/incomex/docker/nuxt-repo/web (the real web source — readable via ssh, NOT the compiled image) gate: P10 / macro M12 (continuous from M8)
13 — No-Hardcode Enforcement + Real Violations (Branch K)
Update vs gateway pack: the web SOURCE is on the VPS at /opt/incomex/docker/nuxt-repo/web (also
/opt/incomex/deploys/web-test/web), grep-able read-only via ssh. So this session ran a real scan and
found actual current violations (not hypothetical).
A. CURRENT VIOLATIONS (live scan 2026-05-31, file:line)
| # | violation | location | rule |
|---|---|---|---|
| 1 | totalGap = reduce(+Math.abs(gap)) (API gap-math) |
server/api/registry/health.get.ts:123 |
no frontend/API count math |
| 2 | sort(Math.abs(gap)) + noi_chua/noi_sinh build |
health.get.ts:117,101-110 |
gap-math |
| 3 | hardcoded code:'CAT-017' injected row |
pages/knowledge/registries/index.vue:312 |
no hardcoded CAT codes |
| 4 | v-if="row.code === 'CAT-017'" |
index.vue:595 |
no hardcoded CAT branching |
| 5 | orphan_count: hd.totalGap (gap-sum → orphan) |
index.vue:271 |
no frontend count logic |
| 6 | record_count/orphan_count: reduce(...) |
index.vue:161-162 |
no frontend count math |
| 7 | totalRecords/totalOrphans = items.reduce(...) |
pages/knowledge/registries/[entityType]/index.vue:80-81 |
no frontend count math |
| 8 | total_records: entries.reduce(...) |
server/api/registry/raw-counts.get.ts:58 |
no API count math |
| 9 | noi_chua/noi_sinh columns rendered | pages/knowledge/registries/health/index.vue:16-27,94 |
gap-math surface |
| — | localStorage pin array | (none found) | ✅ clean — no client pin state |
| — | hardcoded list-ceiling >50 |
components/ai/DetailPanel.vue:82 (DOT activity, not registry list) |
minor; out of registries scope |
| These are the retire-after-replace targets (doc 12) AND the seed regressions the CI must block. |
B. Static scan patterns (CI in the web repo; fail build on match outside tests/fixtures)
noi_sinh|noi_chua|totalGap # gap-math
(reduce|Math\.abs).{0,40}(gap|count|orphan|phantom)# client/API count math
["'`]CAT-[0-9] # hardcoded registry codes
["'`](PIV|MTX)-[\w-]+["'`] (in render/branch) # hardcoded pivot codes
\[\s*['"](catalog|collection|dot_tool|species)['"] # hardcoded species/category arrays
(>=?|<=?|===) ?50\b near count|list|ungroup # hardcoded ceiling
level\s*===?\s*\d / depth\s*===?\s*\d # frontend hierarchy depth
localStorage near pin|ghim|favor|watch # client pin arrays
Hit → write hardcode_violation/hc_finding_* to system_issues (existing pattern) + fail build.
Allowlist: tests/, server/utils/registryE2EFixtures.ts (fixtures), this KB, the /ui-preview mock.
C. SQL evidence checks (live, read-only — Truth Check, Đ28 Test-4 / Đ31)
| check | pass |
|---|---|
| S-LEAF leaf rule data-only | =160, no CAT list |
| S-NOFANOUT integrity rows == leaf rows | 160==160 |
| S-CLOSURE leaf net_gap == Σ drift gap | 148==148 ✓ this session |
| S-COVERAGE backed + PIVOT_MISSING == leaf | 21+139=160 ✓ |
| S-PIVOTONLY every surfaced count has pivot_code or PIVOT_MISSING | no count without provenance |
| S-LABELPG labels from taxonomy/label_rules | 0 client arrays |
| S-THRESHPG ceiling from display_policy | 0 literal 50 in resolution |
| S-PINPG pins from registry_pin | 0 localStorage (✅ already) |
S-NOGAPMATH 0 gap/noi_sinh reduce in converged surface |
grep handlers |
D. Route checks
Converged /knowledge/registries-pivot must call only /api/registries-pivot/* (view-backed) — never
health.get.ts/counts.get.ts/raw-counts.get.ts. CI greps the converged page's imports/fetches.
E. Truth-Check (Đ28 Test-4)
Every rendered count == pivot_count(code) (or view value); 100% coverage; 0 counts computed in Nuxt.
Automated DOM-vs-PG diff at M10/M14.