[CLAUDE] Docs: S58 session-end closeout — E-008/AS-12 error-ledger + session log + STATUS/HANDOFF final Run #386 + harvest gate PASS 5/5

- error-ledger: AS-12 NEW (identifier-based prod op phải dump env-đích) + E-008 RCA lock NO-OP 2 tầng (population Dev-only + password 11<12 silent CreateAsync-fail; Why-0 RAG-archaeology: từng phát hiện S22 nhưng const không fix — lesson "discovery phải thành code-fix/guard ngay") + Active-Guard episodic mới (1 strike, verified Run #382). - Session log S58 NEW: 5 đợt việc / 7 commit / Run #382-#386 (4 PASS + #385 cancelled-supersede-benign) / 11 spawn / lessons / bundle final DMm9rtNA/BUkOMn_Y. - STATUS/HANDOFF: bundle line final + In-Progress refresh (ops anh: tzutil · chuong.phan typo · 5 staff password · lock IT users sau gán người thật) + S58-chiều section đủ 5 đợt + chore-flag H2-đo (cicd 41.1KB + inv 32.9KB). - Harvest (H2 GATE PASS 5/5): cicd #386 supersede-chain entry + #383 mark "VỊ TRÍ LẠC" chống curate-sweep nhầm (P2) + investigator tag normalize s58 (P5) + tooling-auditor H1-end on-behalf (return-cut partial — finding salvaged: docs verified-flushed) + harvest-curator H2-end entry. - RAG: +1 chunk S58 key facts (1153b74b, rerank 0.898 retrievable). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-11 14:33:20 +07:00
parent 3ebaf84531
commit 157792749f
8 changed files with 61 additions and 5 deletions
--- a/.claude/agent-memory/cicd-monitor/MEMORY.md
+++ b/.claude/agent-memory/cicd-monitor/MEMORY.md
@ -68,6 +68,7 @@ BE (test+build) ~90s · FE × 2 ~60s/app · deploy ~30s · **total ~3min code /
 ## 📅 Recent runs (FIFO — older → archive/git)
 - **2026-06-11 Run #385→#386 SUPERSEDE-CHAIN sha=`ea793a4` CANCELLED(benign)→shipped-via `3ebaf84` #386 PASS ~4m25s (S58 brand-accent polish x2 app then PE-workitem-merge):** Target push `6e53e33..ea793a4` 8 files FE polish CẢ 2 app (Layout/TopBar/PageHeader/DataTable each — stripe đỉnh + logo-zone tint + PageHeader accent bar + thead brand-50/60), NO BE/Mig. **Run #385 (run_number 271) status=`cancelled` @14:14:22 — NOT a fail: superseded by newer push `3ebaf84` (#386 run_number 272) landed @14:14:31 (Gitea concurrency-guard cancels in-flight same-branch run).** HEAD moved ea793a4→`3ebaf84`. **Verified ea793a4 IS ancestor of 3ebaf84 + the 8 polish files NOT re-touched by 3ebaf84 → polish PRESERVED in tree, ships via #386.** #386 adds 4 PE files (PeHeaderForm/PeWorkspaceCreateView ×2 app, anh Kiệt FDC 14:06 — gộp Tên gói thầu=chọn Hạng mục) → both apps rebuilt anyway. Polled #386 to status=`success` (started 14:14:31→14:18:56). **Bundle ROTATE BOTH (load-bearing, verified AFTER #386 success — anti-pattern #3): admin `CP4CB1ym→DMm9rtNA` (css `vMtY6u47→DDlKud5i`) + user `CKjwqnGL→BUkOMn_Y` (css `CV0H5hnq→BgAUPcnL`)** ✓ both touched → both rotate. **Brand preserved both apps: `1F7DC1` in HTML + `Be Vietnam Pro`+`1f7dc1` in CSS bundle; BONUS polish landed: `brand-50`/`brand-60` Tailwind classes present in BOTH CSS bundles** (thead/tint/accent shipped). Health live+ready **200/200** + admin/eoffice root 200. **NO migration** — prod `__EFMigrationsHistory` top = Mig 49 `AddWorkItemToPurchaseEvaluation` == repo, GIỮ NGUYÊN ✓ (neither ea793a4 nor 3ebaf84 has Mig). Smoke PE+contracts unauth=**401** + control `/api/zzz-not-a-route`=**404** (auth gates real). Test gate (CI both proj pre-deploy ⟹ #386 success=passed). Prior today #382/#383/#384 all PASS. **LESSON (cancelled ≠ fail — supersede-chain verify): a same-SHA run flipping to `cancelled` mid-flight is almost always Gitea concurrency-supersede by a newer push, NOT a build/deploy fault → MUST (1) check tasks list for newer run + HEAD movement, (2) `git merge-base --is-ancestor` confirm target commit preserved in new HEAD, (3) `git diff target..newHEAD -- <target-files>` empty ⟹ target changes survive, (4) verify prod via the SUCCESSFUL superseding run not the cancelled one. Do NOT report FAIL/escalate on a benign supersede-cancel.** Tag `[s58, run385-cancelled-benign, run386-pass, supersede-chain, brand-polish-x2, bundle-rotate-both, no-mig]`.
 - **2026-06-11 Run #384 (run_number 270) sha=`e959f72` PASS ~4m30s (S58 FE-USER visual redesign density-first per AI_INFRA UI/UX guide — keep brand #1F7DC1/Be Vietnam Pro/slate; FE-USER-ONLY, ZERO BE/Mig/fe-admin):** Push `6c5fd26..e959f72` 1 commit 16 files: 14 fe-user (`index.css` tokens + 6 ui primitives Button/Dialog/Input/Label/Select/Textarea + 6 shell DataTable/EmptyState/Layout/PageHeader/PhaseBadge/TopBar + LoginPage) + 2 broadcasts `.md`. NO fe-admin, NO `.cs`, NO Mig. `.tsx`/`.css` present → NOT docs-skip, pipeline RAN. ⚠️ GITEA_TOKEN empty both shells → unauth public API (200, no token needed). Run IN-PROGRESS at first poll (status=running 13:51) — correctly did NOT FAIL, polled iter6 status=success (started 13:51:18 → 13:55:48). **ASYMMETRIC bundle (load-bearing) PASS: user ROTATE `BmZ3VHnm→CKjwqnGL`** (redesign shipped, verified AFTER status=success, stable on +recheck no transient) **+ admin FROZEN `CP4CB1ym`** (=#382 UNCHANGED ✓ scope-correct, NO fe-admin leak — mirror Run #378 asymmetric fe-admin-only logic, inverted). user `.js` HEAD 200 app/js 1.47MB + CSS rotate `index-CV0H5hnq.css` 200 63KB. **Brand preserved: `1F7DC1` in HTML + `Be Vietnam Pro`+`1f7dc1` in CSS bundle** ✓; title "Solutions ERP". Health live+ready **200/200** + admin/eoffice root 200. **NO migration** — prod `__EFMigrationsHistory` top = Mig 49 `AddWorkItemToPurchaseEvaluation` == repo, GIỮ NGUYÊN ✓. sys.tables(excl mighist)=**92** (FE-only no new table). Smoke PE unauth=**401** + control `/api/zzz`=**404** (auth gates real). Test gate **240** (CI both proj pre-deploy ⟹ success=passed). 0 regression. Prior today #382(`5998163` lock-fix)+#383(`6c5fd26` hide-modules) both PASS as noted. **LESSON (single-app FE-USER redesign — asymmetric verify, inverse of #378):** PASS criteria asymmetric — user hash MUST rotate (ship-proof) AND admin hash MUST stay frozen (scope-proof, no accidental fe-admin redeploy). admin-unchanged is POSITIVE here. Visual-only CSS-token+className redesign rotates bundle exactly like logic change (Vite content-hash byte-sensitive). SSH→sqlcmd `<>`/`NOT LIKE '__%'` quoting traps: `<` mangled by PS redirect (use `!=`/CONCAT-CHAR), `_` is LIKE-wildcard (escape `'[_][_]%'`). Tag `[s58, run384, pass, fe-user-only-redesign, asymmetric-bundle-verify, no-mig, brand-preserved]`.
 - **2026-06-11 Run #382 (run_number 268) sha=`5998163` PASS ~3m31s (S58 FIX the Run #381 lock NO-OP — DbInitializer.cs ONLY, BE-only, NO Mig/FE):** Push `dd117b7..5998163` 1 commit 1 file `DbInitializer.cs` (+28/-5). Fix: (1) `LockDemoSampleUsersAsync` union +20 UAT-matrix prod email (`{act,equ,fin,hra,pm,qs}.{nv,pp,tp}@`+`bod.{1,2}@`) into prior 14 named-person = 34-email list; (2) `DemoUserPassword` 11→12 chars (`User@123456`→`User@1234567`) fixing silent CreateAsync-fail vs prod `RequiredLength=12` (S56 helpdesk-inert root cause). `.cs` present → full pipeline RAN. Poll iter5 status=success (started 12:58:06 → 13:01:37). **Bundle FROZEN admin `CP4CB1ym` + user `BmZ3VHnm`** (= #381 UNCHANGED ✓ CORRECT for BE-only, verified AFTER status=success — NOT ship-fail). **NO migration** — prod `__EFMigrationsHistory` top = Mig 49 `AddWorkItemToPurchaseEvaluation` == repo, GIỮ NGUYÊN ✓. sys.tables=**93** unchanged. Health live/ready 200 + admin/eoffice root 200. **THE FIX VERIFIED prod (Users table — note: custom Identity table name `Users` NOT `AspNetUsers`):** total **55** users · **21 active** · **34 inactive==34 locked-future** (== lock-list size exactly). 12-sample UAT-matrix all `active=0 locked=1` (#381 NO-OP now RESOLVED — these exist in prod + got locked ✓). Named-person 14/14 found+locked (CREATED this startup via 12-char pw fix + locked same run). **Must-stay-active 6/6** admin·catalog.manager·nv.test·chuong.phan@solution.com.vn(typo-domain)·**nv.cao+nv.truong** ALL `active=1` (IT helpdesk pool ALIVE — S56 ops-pending RESOLVED by pw fix, created this startup not in lock-list). **5 new real staff** (thanh.lethanh/anh.nguyen/tring.le/truong.le/long.nguyen) all CREATED+`active=1` ✓ (12-char pw passes RequiredLength=12). Smoke nv.test login OK (token 477) + GET /api/menus 200 + /purchase-evaluations 200. 0 regression. **LESSON: lock-by-email NO-OP (#381) was a DATA-mismatch not code-bug → S58 reconciled email-list to actual prod population (UAT-matrix created via admin UI, never in seed) + the 11-vs-12 pw bug was a SECOND latent cause silently blocking ALL non-existing-user CREATE on prod (RequiredLength=12) — same fix resurrected 16 named + 5 staff + helpdesk pool. Verify lock-fix = dump Users cohorts (active/inactive split + named exact-IN), NOT just total count.** Tag `[s58, run382, pass, fix-lock-noop, pw-11to12, be-only-bundle-frozen]`.
 - **2026-06-11 Run #381 (run_number 267) sha=`dd117b7` PASS+1PARTIAL ~4m25s (S57bis PE gắn WorkItem Mig 49 + all-role Pe perm + menu Cá nhân regroup + lock-14-demo-user — cross-stack BE+FE×2+Mig+test, +12 PeWorkItemGuardTests→240):** 2-commit push: prev `17b23a4` (governance+hmw.js → Run #380 **cancelled**, superseded — correct, no FE/BE contract change) then `dd117b7` (PRODUCT, Run 381 = the deciding run). 26 files: Mig 49 `20260611044424_AddWorkItemToPurchaseEvaluation` (3-file, PE.WorkItemId Guid? loose-Guid NO physical FK + `IX_PurchaseEvaluations_WorkItemId`) + Domain `PurchaseEvaluation.cs` + Config + Features + DbInitializer (perm + `LockDemoSampleUsersAsync` + menu regroup) + MenuKeys + 3 master controllers (write-lock Admin/CatMgr) + FE×2 (PeDetailTabs/PeHeaderForm/PeWorkspaceCreateView/menuKeys/types). **Run IN-PROGRESS at first check (status=running 12:14) — polled to terminal** (12:14:16→12:18:41 ≈4m25s success). ⚠️ poll-grep gotcha: `"status"` field sits AFTER `"display_title"` in tasks JSON → `[^}]*"display_title"` regex cut before status (showed blank all 10 iters); final FULL-object parse `\{"id":381,...deploy.yml[^}]*\}` confirmed status=success. **Bundle ROTATE BOTH** admin `4SUwDLD8→CP4CB1ym` + user `XdKzt9LL→BmZ3VHnm` (PE in both apps ✓ shipped, verified AFTER status=success). **Mig 49 applied prod** (`__EFMigrationsHistory` top = AddWorkItem... ✓ + WorkItemId col=1 + IX=1). sys.tables=**93** (col-only, no delta). Health live/ready 200 + admin/eoffice 200. **Perm seed STRONG: Pe_* CanCreate=1 = 130 rows across 13 roles** (was 3-role → all-role open landed); PeWf%=0 + AwV2%=2 (designer stays admin-only ✓ no leak). Menu regroup ✓: Personal root@30 · Off_ChamCong→Personal@1 · **Hrm_Config**→Master@25 (spec said key `HrmConfig`, real key has underscore `Hrm_Config` — verify by ParentKey/Order NOT literal Key) · Contracts@31 · Hrm_Dashboard→Hrm@1. Smoke PE unauth 401 (/purchase-evaluations + /catalogs/work-items) vs control 404 (auth real). WorkItems VT/TP/MEP/TB=71. **⚠️ PARTIAL item 7 — lock-14-users is a prod NO-OP:** `LockDemoSampleUsersAsync` SHIPPED+RAN but its 14 hardcoded emails (`bod.huynh@`,`pm.nguyen@`,`fin.do@`,`qs.hoang@`...) **DON'T EXIST in prod** — real demo set uses dept.position scheme `bod.1@`/`bod.2@`/`pm.{nv,pp,tp}@`/`fin.{nv,pp,tp}@`/`qs.{nv,pp,tp}@` (34 users ALL active, INACTIVE_TOTAL=0). Each FindByEmail→null→locked=0. Guard `nv.cao`/`nv.truong` also absent (-1, vacuously safe); catalog.manager+admin confirmed active. NOT a deploy fail (code correct) — email list stale vs this DB seed. Escalated em main: reconcile lock-list to actual `*.{nv,pp,tp}@` scheme OR confirm named-person legacy users were ever seeded. **LESSON: lock/deactivate-by-email assertion returning 0/`-1` ⟹ ALWAYS dump actual `Users` set before scoring FAIL — code may have run as no-op against mismatched data, NOT broken.** Tag `[s57bis, run381, pass-partial, mig49-pe-workitem, allrole-perm-130, lock-noop-email-mismatch]`.
@ -85,7 +86,7 @@ BE (test+build) ~90s · FE × 2 ~60s/app · deploy ~30s · **total ~3min code /
 - **2026-05-30 Run #364 (mem #250) sha=`e7b66cd` PASS ~4m07s (S42 P11-A wire ApproveV2+LevelOpinions 4 WorkflowApps):** 1 commit BE+FE×2+Mig41+Tests. Status=success iter3. Bundle rotate admin `cWAXid0q→BLA09-qv` + user `CX79e2kZ→CXvejOE-`. **Mig 41 auto-applied prod** (latest=`20260530021936_WireWorkflowAppsApprovalV2`). Tables 84→**90** (+5: Leave/Ot/Travel/VehicleRequest LevelOpinions + WorkflowAppCodeSequences — ALL EXIST). 4 new endpoint smoke 200 auth (leave/ot/travel/vehicle-requests) + unauth 401 (route exists) + POST .../approve=411 (route reg). health live/ready 200. **Stage 4.6 seed gate PASS** (gotcha #51): 4 WF seeded prod despite DemoSeed:Disabled — QT-NP/OT/CT/XE-V2-001 AppType=5/6/7/9, verified call-site L142-145 OUTSIDE `if(!demoSeedDisabled)` gate. Test gate 141 (CI runs both proj pre-deploy). Note: table count 90 vs spec-expected 89 = baseline-count diff, NOT missing table (all 5 present). Stale doc drift deploy.yml comments "54/17 test" (cosmetic, flag em main). Tag `[s42, run250, pass, p11a-approvev2-workflowapps]`.
 - **2026-05-28 Run #247 sha=`e54a22d` PASS 3m25s (S38 SKELETON 5-plan combo Mig 39+40 dual):** Push 1 commit mega `Domain+App+Infra+Api+FE×2`. ALL PASS. Bundle rotate admin `CGueDk22→cWAXid0q` + user `CEt0QRgX→CX79e2kZ`. Mig 39+40 dual auto-applied startup (90830→90839). 6 endpoint smoke 200 (leave/ot/travel/vehicle/it-tickets/hr-dashboard `totalEmployees=33 male=17 female=16`). 6 new tables + 8 menu seeded. 0 regression. Fastest S38 deploy. Tag `[s38, run247, pass, skeleton-combo]`.
 - **Archived Run #246 (S37 Proposal Mig 37+38 — `/api/proposals` 200 + QT-DX-V2-001 AppType=4 seed + Stage 4.6 INFRASTRUCTURE-gated correct gotcha #51) + #359/#243/#242/#241/#240 + S35/S36 startup → `archive/2026-05-q4.md` + git d2f52ba (S40 curate):** Run #359 G-O2 Meeting Mig 36 · #243 HrmConfig BE 16 endpoint (BE-only bundle unchanged anti-pattern verify) · #242 FE inline forms 5 satellite · #241 Mig 35 HRM foundation · #240 satellite CRUD. Discovery #7 path-filter eval/** + #8 collection `proj_*`. KEY absorbed in essentials/Stage sections above.
- **2026-06-11 Run #383 (run_number 269) sha=`6c5fd26` PASS ~4m25s (S58b TẠM ẨN HRM/Văn phòng số/Cá nhân khỏi non-Admin + Danh mục xuống cuối — BE-only seed, NO Mig/FE):** Push `2aefb31..6c5fd26` 1 file `DbInitializer.cs` (+61/-5): NEW `RevokeTemporarilyHiddenModulesAsync` (set 4 CRUD=false MỌI role TRỪ Admin trên `Hrm%`+`Off%`+`Personal`, idempotent, KHÔNG xóa row) + `SeedAllRolesReviewReadPermissionsAsync` scope THU HẸP còn Master/Catalogs/Pe_* + menu `Master` Order 20→80. `.cs` present → full pipeline RAN. Run IN-PROGRESS at first check (status=running 13:36) — correctly did NOT FAIL, polled to terminal (started 13:36:15 → success 13:40:40 iter5). **Bundle FROZEN admin `CP4CB1ym` + user `BmZ3VHnm`** (= Run #382 UNCHANGED ✓ CORRECT BE-only — verified AFTER status=success, NOT ship-fail). **NO Mig** — prod `__EFMigrationsHistory` top = Mig 49 `AddWorkItemToPurchaseEvaluation` == repo, GIỮ NGUYÊN ✓. Health live/ready 200 + admin/eoffice root 200. **6 prod sqlcmd ALL PASS exact (DB SolutionErp, custom tables `MenuItems`/`Permissions`/`Roles`):** MasterOrder=**80** ✓ · HiddenReadNonAdmin=**0** ✓ (revoke landed, `Hrm%`+`Off%`+`Personal` all CRUD=false non-Admin) · HiddenReadAdmin=**29** (>0, Dev est 28, Admin GIỮ ✓) · PeCreateNonAdmin=**120** (Pe_* untouched ✓) · MasterReadNonAdmin=**48** (Master still visible ✓). **Menu-tree smoke (gotcha #44 dual-role):** nv.test `/api/menus/me` 200 → keys = Master/Suppliers/Projects/Departments + Catalogs/Catalog* + all Pe_DuyetNcc*/Pe_DuyetNccPhuongAn* — **ZERO Hrm/Hrm_*/Off/Off_*/Personal** ✓; admin counter-check VẪN CÒN Hrm/Hrm_Config*/Off/Off_*/Personal + Contracts/Budgets/System ✓ (revoke scoped non-Admin only). 0 regression. **LESSON (seed-only permission-revoke verify = sqlcmd matrix + dual-role menu-tree, NOT bundle/endpoint):** RevokeTemporarilyHiddenModulesAsync runs UNCONDITIONALLY on startup (NOT gated — correct, it's a permission-correction not demo-seed); verify = COUNT(CanRead non-Admin)=0 for revoked-prefix + COUNT Admin>0 (kept) + COUNT untouched-scope (Pe/Master) unchanged + `/api/menus/me` key-set diff between regular-user (modules gone) and admin (modules present). FE has NO PermissionGuard per-route (commit note) → direct-URL still renders trang, mức "tạm ẩn" = menu hide + permission matrix only; acceptable pre-golive. Tag `[s58b, run383, pass, revoke-hidden-modules, master-order-80, be-only-bundle-frozen, no-mig, dual-role-menutree]`.
+- **[⚠️ VỊ TRÍ LẠC — entry MỚI 2026-06-11, thuộc FIFO slot giữa #384/#382 phía trên nhưng ghi lạc vào khu archive-zone này; curate-L2 ĐỪNG archive nhầm (H2 S58 P2 flagged); relocate khi curate] 2026-06-11 Run #383 (run_number 269) sha=`6c5fd26` PASS ~4m25s (S58b TẠM ẨN HRM/Văn phòng số/Cá nhân khỏi non-Admin + Danh mục xuống cuối — BE-only seed, NO Mig/FE):** Push `2aefb31..6c5fd26` 1 file `DbInitializer.cs` (+61/-5): NEW `RevokeTemporarilyHiddenModulesAsync` (set 4 CRUD=false MỌI role TRỪ Admin trên `Hrm%`+`Off%`+`Personal`, idempotent, KHÔNG xóa row) + `SeedAllRolesReviewReadPermissionsAsync` scope THU HẸP còn Master/Catalogs/Pe_* + menu `Master` Order 20→80. `.cs` present → full pipeline RAN. Run IN-PROGRESS at first check (status=running 13:36) — correctly did NOT FAIL, polled to terminal (started 13:36:15 → success 13:40:40 iter5). **Bundle FROZEN admin `CP4CB1ym` + user `BmZ3VHnm`** (= Run #382 UNCHANGED ✓ CORRECT BE-only — verified AFTER status=success, NOT ship-fail). **NO Mig** — prod `__EFMigrationsHistory` top = Mig 49 `AddWorkItemToPurchaseEvaluation` == repo, GIỮ NGUYÊN ✓. Health live/ready 200 + admin/eoffice root 200. **6 prod sqlcmd ALL PASS exact (DB SolutionErp, custom tables `MenuItems`/`Permissions`/`Roles`):** MasterOrder=**80** ✓ · HiddenReadNonAdmin=**0** ✓ (revoke landed, `Hrm%`+`Off%`+`Personal` all CRUD=false non-Admin) · HiddenReadAdmin=**29** (>0, Dev est 28, Admin GIỮ ✓) · PeCreateNonAdmin=**120** (Pe_* untouched ✓) · MasterReadNonAdmin=**48** (Master still visible ✓). **Menu-tree smoke (gotcha #44 dual-role):** nv.test `/api/menus/me` 200 → keys = Master/Suppliers/Projects/Departments + Catalogs/Catalog* + all Pe_DuyetNcc*/Pe_DuyetNccPhuongAn* — **ZERO Hrm/Hrm_*/Off/Off_*/Personal** ✓; admin counter-check VẪN CÒN Hrm/Hrm_Config*/Off/Off_*/Personal + Contracts/Budgets/System ✓ (revoke scoped non-Admin only). 0 regression. **LESSON (seed-only permission-revoke verify = sqlcmd matrix + dual-role menu-tree, NOT bundle/endpoint):** RevokeTemporarilyHiddenModulesAsync runs UNCONDITIONALLY on startup (NOT gated — correct, it's a permission-correction not demo-seed); verify = COUNT(CanRead non-Admin)=0 for revoked-prefix + COUNT Admin>0 (kept) + COUNT untouched-scope (Pe/Master) unchanged + `/api/menus/me` key-set diff between regular-user (modules gone) and admin (modules present). FE has NO PermissionGuard per-route (commit note) → direct-URL still renders trang, mức "tạm ẩn" = menu hide + permission matrix only; acceptable pre-golive. Tag `[s58b, run383, pass, revoke-hidden-modules, master-order-80, be-only-bundle-frozen, no-mig, dual-role-menutree]`.
 - **Archived Run #232 (S29 gotcha #51 catch — SeedSampleContractWorkflowV2 nested in demoSeedDisabled → empty V2 dropdown, hoist fix) → `archive/2026-05-q4.md` + git. Smart Friend ROI 4× cumulative (S22 #44 + S25 #48 + S29 ApplicableType + S29 DemoSeed).**
 ---
--- a/.claude/agent-memory/harvest-curator/MEMORY.md
+++ b/.claude/agent-memory/harvest-curator/MEMORY.md
@ -30,3 +30,4 @@ H2 harvest-MD-integrity auditor **SOLUTION_ERP-self**. Read-only + **propose-onl
 - **2026-06-10 (S57-RESUME @start RE-REPORT):** Verdict 🟢 — 3 delta agent-memory uncommitted (harvest-curator +1 · investigator +3-entry · tooling +1+baseline-reground) ALL SANE, attribution nhất quán **em main proxy-append B3** (mtime 2 đợt: investigator 10:56 S57-work → harvest/tooling 11:55-57 resume-attempt; style/nội-dung khớp em-main, KHÔNG dấu hiệu sub tự ghi — G-015 honest "no evidence" ≠ "impossible"). 5-trục: Corruption 0-byte=0 (11/11 ≥4.4KB, tail terminate sạch, mojibake=0) · Wave/stray=0 (7 vị-trí check, S54-pattern không tái) · Fidelity **sample 8/8 deep-verify PASS** (authz ×3 controller · hmw.js:26=9 · README:192/:201 · gotcha-58 ×2 skill · ef-core 93/48 · roster 11=11 folder · catalog.manager:1608 · GetMyMenuTree:96 exact) · Completeness 4-field đủ ×5 entry · Coverage 🟡→resolved: 8 file code KHÔNG có delta implementer-* vì evidence nghiêng **em-main-direct implement** (mtime implementer pre-closeout + diff nhỏ + comment [S57] style em-main + investigator entry viết "Flag em-main" như brief) → không phải Coverage-miss. **2 nit em main FIXED in-session:** investigator entry-3 tag s56→s57 + double-blank-line ×2 gộp 1. Chore còn: investigator 33.5KB>30KB cap → curate L2 @closeout/monthly. Nhắc P1: commit 16 file PHẢI kèm docs-closeout (STATUS/HANDOFF/log) tránh "code committed, docs mù". Tag [s57-resume, gate-start-pass, mtime-attribution, coverage-resolved].
 - **2026-06-11 (S57bis @start RE-REPORT + spawn-test post-restart ✅):** Self-report `claude-fable-5[1m]` → **promote-tier `inherit` GIỮ Fable 5 runtime-VERIFIED** (H4.3c). Verdict 🟢 **KEEP-ALL-5** — 5 agent-memory delta uncommitted (harvest+2 · impl-backend+1 · investigator+3 · reviewer+1 · tooling+baseline-reground+3) ALL dated 06-10 S57/S57-resume, em-main-proxy-append B3, attribution mtime-cluster 21:52–22:28 nhất quán, commit AS-IS. Corruption: 11/11 ≥4.4KB, 0-byte=0, tail sạch, mojibake=0. Wave-folder=0 tồn (S56 2 workflow harvest sạch). 3 untracked = em-main governance docs (KHÔNG phải harvest-MD) → vào commit bundle. Chore giữ: investigator-codebase 33.5KB>30KB cap → L2 @closeout/monthly (reviewer 29.6KB + cicd 29.2KB sát cap, watch). Tag [s57bis, spawn-test-verified, keep-all-5, promote-inherit-proof].
 - **2026-06-11 (post-S57bis @start RE-REPORT — rushed-closeout 4 Coverage-MISS):** S57bis đóng vội (commit 12:12-13 → post-commit ghi 12:23-25 rồi dừng, KHÔNG end-GATE). Verdict 🟡: **Coverage 4 MISS / 9 role spawned** — implementer-backend+frontend (CẢ 2 return-truncated #53) · database-agent (Mig-49 design DELIVERED mà 0 delta — miss đau nhất) · reviewer (**die-0-byte ×2** resume-kill → em main self-gate) → propose 4 spawn-record on-behalf. 5 record có sẵn (inv-codebase·test-spec·tooling·harvest·cicd-dirty) 4-field PASS, fidelity ground-truthed (Mig 49 file `Persistence/Migrations/20260611044424` exists + count 240 consistent ×4 nguồn). **Method ⭐: commit-stat "có append" ≠ "có fanout-record"** — impl-backend/reviewer append trong 17b23a4 = carry 06-10 S57-resume (mtime 06-10 22:21-28); classify bằng grep tag `57bis` + mtime, KHÔNG tin stat. Mồ-côi ×2 sane (cicd +Run#381 PASS+1PARTIAL — escalation lock-14-user prod NO-OP email-stale · gotchas #59 PS5.1 quote→`-F`) → commit bundle; cicd entry chứa bundle-hash CP4CB1ym/BmZ3VHnm = resolve flag "unverified" của tooling. Wave=0 · stray=0 · 0-byte=0 (find -size 0 empty). Chore: cicd 32.3KB + inv-codebase 32.1KB ĐỀU >30KB (inv vừa curate 11:30 vẫn over). Wrote OWN diary only (em main explicit). Tag [post-s57bis, coverage-4-miss, carry-vs-fanout-classify, die-0-byte].
 - **2026-06-11 (S58 `/session-end` 5-trục GATE — chiều, 8 spawn):** **GATE PASS 5/5** — Coverage 9 record/8 spawn (H1+H2 start · inv recon `:73` · cicd #382/#383/#384 + **#385→#386 supersede-chain UNCOMMITTED mtime 14:20 — run-cuối 3ebaf84 đã về có record, nhắc commit bundle** · designer proxy `:39`) · Completeness 4-field 8/8 · Placement đúng nhà, stray=0, **NIT: cicd #383 nằm `:89` GIỮA khu archived (dưới #377, trên Run #232) thay vì slot FIFO :72-73 → propose MOVE trước curate kẻo archive nhầm entry 1-ngày-tuổi** · Corruption 0-byte=0 cả repo + user-memory, last-byte 11/11 `0a`, 9/9 entry mới close-Tag sạch, mojibake 1 hit = quoted-evidence `C<>ng` cicd:79 (#377 sqlcmd lesson, cố ý) · Fidelity 5 on-behalf/proxy marked tường minh ("on-behalf em main ghi hộ, H2-proposed" ×4 + designer "[em main proxy — truncated #53, 2nd consecutive]") + reviewer honest "KHÔNG DELIVER die-0-byte ×2", spot `git merge-base --is-ancestor ea793a4 3ebaf84`=YES khớp claim #386 → no-escalate. Wave=0 confirm (workflows chỉ README+hmw.js). **Chore: cicd 41.1KB (sáng 32.2 → +4 entry siêu dài/ngày!) + inv-codebase 32.9KB ĐỀU over-cap → curate-L2 P1 next session; reviewer 29.6KB + impl-be 27.9KB watch.** Method ⭐: diff-filter `grep -v "^[+-][+-]"` NUỐT dòng `+- **…` bullet-append → suýt false-MISS investigator; extract added-bullet phải dùng `grep "^+-"`. Trend: self-tag session-drift lần 3 (inv `:73` tag s57bis cho spawn S58; trước: cicd s50→s51, inv s56→s57). 12-vs-8 spawn-count để em main reconcile. Wrote OWN diary only. Tag [s58-end, gate-pass-5/5, 383-misplaced, cicd-41kb].
--- a/.claude/agent-memory/investigator-codebase/MEMORY.md
+++ b/.claude/agent-memory/investigator-codebase/MEMORY.md
@ -70,7 +70,7 @@ Bearer từ `POST api.solutions.com.vn/api/auth/login` → status matrix expecte
 ## 📅 Recent activity (FIFO — older → archive/git)
- **2026-06-11 (S57bis lock no-op — prod user census, on-disk+prod):** ⭐ `LockDemoSampleUsersAsync` (DbInitializer.cs:1552, chạy CUỐI :98) hardcode 14 named-person email (bod.huynh/pm.nguyen/fin.do/qs.hoang…) = population CHỈ CÓ TRÊN DEV. **Prod 34 user ALL-active:** 20 UAT-matrix placeholder hand-created batch 2026-05-13 15:04-05, scheme `{act,equ,fin,hra,pm,qs}.{nv,pp,tp}@` + `bod.{1,2}@` (FullName tự khai "ACT NV - Drafter+Accounting", "[Bypass]"/"[SkipFinal]" = test Mig 29-31 flags) + 9 real staff hand-created 05-04→05-12 + `binh.lethanh@` (người thật Lê Thanh Bình — seed dùng `thanh.lethanh@` KHÔNG tồn tại prod) + `chuong.phan@solution.com.vn` TYPO-domain dup (twin đúng tạo 05-12) + admin/catalog.manager/nv.test. **ROOT CAUSE seed-user never-on-prod:** prod `Identity:Password:RequiredLength=12` (appsettings.Production.json) vs `DemoUserPassword="User@123456"`=11 chars → CreateAsync silent-fail MỌI startup từ prod-init 04-21 (code comment :1675-79 đã biết); Dev fallback 8 (DependencyInjection.cs:67 `?? 8`, Development.json no Identity section) → Dev đủ 33 user named-person. `bod.1@` NEVER in git pickaxe = tạo tay qua admin UI, không phải seed. Surprise: _Dev hiện CŨNG chưa khóa (Locked=0; LockoutEnd=MaxValue sẽ persist qua reconcile re-activate :1714 nếu từng chạy) → lock chưa từng execute against _Dev runtime. Fix cần 20 email prod-thật; GIỮ binh.lethanh + 9 real + admin/catalog.manager; `nv.test@` = creds smoke-verify (khóa = vỡ cicd smoke). Tag `[s57bis-lock-noop, prod-user-census, pwd-policy-env-divergence]`.
+- **2026-06-11 (S57bis lock no-op — prod user census, on-disk+prod):** ⭐ `LockDemoSampleUsersAsync` (DbInitializer.cs:1552, chạy CUỐI :98) hardcode 14 named-person email (bod.huynh/pm.nguyen/fin.do/qs.hoang…) = population CHỈ CÓ TRÊN DEV. **Prod 34 user ALL-active:** 20 UAT-matrix placeholder hand-created batch 2026-05-13 15:04-05, scheme `{act,equ,fin,hra,pm,qs}.{nv,pp,tp}@` + `bod.{1,2}@` (FullName tự khai "ACT NV - Drafter+Accounting", "[Bypass]"/"[SkipFinal]" = test Mig 29-31 flags) + 9 real staff hand-created 05-04→05-12 + `binh.lethanh@` (người thật Lê Thanh Bình — seed dùng `thanh.lethanh@` KHÔNG tồn tại prod) + `chuong.phan@solution.com.vn` TYPO-domain dup (twin đúng tạo 05-12) + admin/catalog.manager/nv.test. **ROOT CAUSE seed-user never-on-prod:** prod `Identity:Password:RequiredLength=12` (appsettings.Production.json) vs `DemoUserPassword="User@123456"`=11 chars → CreateAsync silent-fail MỌI startup từ prod-init 04-21 (code comment :1675-79 đã biết); Dev fallback 8 (DependencyInjection.cs:67 `?? 8`, Development.json no Identity section) → Dev đủ 33 user named-person. `bod.1@` NEVER in git pickaxe = tạo tay qua admin UI, không phải seed. Surprise: _Dev hiện CŨNG chưa khóa (Locked=0; LockoutEnd=MaxValue sẽ persist qua reconcile re-activate :1714 nếu từng chạy) → lock chưa từng execute against _Dev runtime. Fix cần 20 email prod-thật; GIỮ binh.lethanh + 9 real + admin/catalog.manager; `nv.test@` = creds smoke-verify (khóa = vỡ cicd smoke). Tag `[s58, s57bis-lock-noop-recon, prod-user-census, pwd-policy-env-divergence]`.
 - **2026-06-11 (S57bis PE recon — 4 đầu việc sếp, on-disk):** ⭐ PE entity NO Year, NO WorkItem link (`PurchaseEvaluation.cs:15` ProjectId req; Detail free-text `PurchaseEvaluationDetail.cs:10-13`). Create cmd `PurchaseEvaluationFeatures.cs:19-30`; MaPhieu gen-AT-CREATE `:114-116` format `PE/{YYYY}/{A|B}/{Seq:D3}` (`PurchaseEvaluationCodeGenerator.cs:23`). Main create UI = `PeWorkspaceCreateView.tsx` (:151 workflow-select isUserSelectable ĐẦU TIÊN → tenGoiThau → projectId → DiaDiem → MoTa → PaymentTerms → budget; canSubmit :129 = wf+project+ten). PE controller class-`[Authorize]` ONLY no policy → mở menu là đủ, no silent-403. Pe_* leaves NOT in `MenuKeys.All` (chỉ root :156); PE defaults 7 role × 11 key (root + 2type×{group,WfView,List,Create,Pending}) `DbInitializer.cs:2098-2160`. S57 `SeedAllRolesReviewReadPermissionsAsync:1993-2001` InReviewScope EXCLUDES Pe; extend đúng = `key == MenuKeys.PurchaseEvaluations` EXACT (prefix "Pe" sẽ dính PeWorkflows admin!) — root inherit cascade (`GetMyMenuTreeQuery.cs:49-82`). Demo gate: prod `appsettings.json:35 DemoSeed:Disabled=true` → 7 `[DEMO]` HĐ + 4 `[DEMO]` PE (MaPhieu `[DEMO]-A-001`) KHÔNG lên prod; UNGATED trên prod = 31 users + 18 demo NCC + 8 demo project (:2244-2315) + real 62/71/3 (:2329-2522). ⚠️ Clear-demo gotcha: seed re-add per-code idempotent MỖI startup → xóa DB-only sẽ resurrect, phải gỡ khỏi DbInitializer code. WorkItem write Admin-only (`CatalogsController:113-130`) — CatalogManager có menu-perm nhưng API write bị chặn. Tag `[s57bis, pe-recon, demo-inventory]`.
--- a/.claude/agent-memory/tooling-auditor/MEMORY.md
+++ b/.claude/agent-memory/tooling-auditor/MEMORY.md
@ -31,3 +31,4 @@ H1 tooling-freshness auditor **SOLUTION_ERP-self**. Read-only + **propose-only**
 - **2026-06-10 (spawn-test H4.8 — Harness-4 two-tier):** Mình bị DEMOTE pin `model: claude-opus-4-8` (checklist-class, mirror AI_INFRA demote con tương đương). Spawn-test echo model NGAY sau edit → self-report `claude-fable-5[1m]` = SE env (CCD harness) KHÔNG fresh-read frontmatter → pin ăn SAU restart CLI. Post-restart mình chạy Opus 4.8 (Max giữ nguyên env-wide) — nếu thấy verdict-quality tự giảm rõ → báo em main adap-request promote lại. Tag [h4-demote, spawn-test, pending-restart].
 - **2026-06-11 (S57bis @start RE-REPORT + spawn-test post-restart ✅):** Self-report nguyên văn `claude-opus-4-8[1m]` ("Opus 4.8 (1M context)") → **demote-pin ĂN runtime** (đóng 'pending-restart' entry trên) + `[1m]` 1M-resolve SE tự verify (hết lệ thuộc claim AI_INFRA s20). 4-mặt **ALL-PASS 0 drift mới** — 29 file dirty = Harness-4 closeout hợp lệ: ①3 skill-doc diff = freshness-fix đúng (48 mig/93 bảng/58 gotcha) ②roster 11=11=11, frontmatter grep = 7 pin + 4 inherit, 0 `[1m]` frontmatter ③plugin 18/15/3 identical, 0 new-alloc ④STATUS diff hợp lệ + 3 untracked governance đúng nấc → đề xuất promote PENDING-RESTART→runtime-verified (em main đã thực hiện cùng session). Carry-flag: docs/CLAUDE.md gotcha "(55)"→58 (defer monthly 07-01) · schema-diagram §16+ 14-mig ERD debt. Demote-watch data-point #1: verdict-quality trên Opus 4.8 tự đánh giá CHƯA suy giảm. Tag [s57bis, spawn-test-verified, 4-mat-pass, demote-watch-1].
 - **2026-06-11 (post-S57bis @start RE-REPORT — count-drift S57bis CHƯA flush docs):** Working tree 2 dirty (cicd MEMORY +Run#381 · gotchas.md +#59) — S57bis code đã COMMIT (dd117b7+17b23a4 push). 4-mặt: ①SKILL 6+23 unchanged; ef-core SKILL STALE 4 cite "48"→49 (:3 desc · :19 H2 "48 migration hiện có" · :72 "§16+ Mig 27-48"→27-49 · :280 "48 migration") + :280/:289 "93 bảng" giữ (Mig 49 AddColumn-only no new table — KHÔNG đổi); skills/README:20 "48 migration"→49 + :90 "58 bẫy/#58"→59; dep-audit:153 "58 bẫy"→59. ②ROSTER **CLEAN 11=11=11** (disk/README/STATUS); model-tier frontmatter grep = **4 inherit (database-agent·harvest-curator·investigator-codebase·reviewer) + 7 pin claude-opus-4-8** ✅ khớp two-tier H4 chính xác. ③PLUGIN **CLEAN 18/15/3 identical** (3 OFF: pr-review-toolkit·code-modernization·hookify), 0 new-alloc. ④DOCS **MAJOR data-row drift**: STATUS row :24 sub-agent ĐÃ cập runtime-VERIFIED 06-11 NHƯNG data-rows CHƯA: :14 Mig "48"→49 · :20 Tests "228"→240 · :21 Gotchas "58"→59 · :27 bundle (S57bis FE-touched nhưng session-log KHÔNG ghi hash mới → CP4CB1ym/BmZ3VHnm anh-cite KHÔNG verify được, grep 0 match) · STATUS:38 In-Progress "(none S56)" stale (S57+S57bis shipped). HANDOFF:5 Last-updated 06-09 S56 + thiếu HẲN S57/S57bis section. Root CLAUDE.md:53 "48 mig"→49 · :66/:87 "228"→240 · :133 "58 bẫy"→59. **Method-learning:** test attr-count disk=225 (`[Fact]/[Theory]`) NHƯNG authoritative=240 (S57bis log :14 "228→240"; Theory expand runtime → KHÔNG dùng attr-count làm count, tin session-log/test-run) · bundle-hash anh-cite phải verify từ session-log/cicd-MEMORY trước khi tin (S57bis log không ghi → flag "unverified" KHÔNG copy). Top-5 patch propose → em main APPEND. Tag [post-s57bis, 4-mat, count-drift-flush-pending, bundle-hash-unverified].
 - **2026-06-11 (S58 `/session-end` CHỐT 4-mặt — PARTIAL, return-cut giữa chừng, on-behalf em main ghi hộ):** Return bị cut sau finding chính (verdict 4-mặt đầy đủ KHÔNG kịp emit). FINDING ĐÃ GIAO: docs **KHÔNG stale như brief giả định** — STATUS lines 27/52/53 ĐÃ flush tới `ea793a4`+`3ebaf84`/Run #386 + bundle `DMm9rtNA`/`BUkOMn_Y` (em main flush song song lúc H1 chạy) → bài học brief: "chưa flush" là snapshot lúc spawn, auditor phải re-ground từ disk hiện tại (đã làm đúng). Em main tự chốt phần còn lại từ data sáng: ①SKILL — sáng patched đủ (ef-core ×5 + README + dep-audit), chiều không thêm skill; ②ROSTER 11 + two-tier frontmatter không đổi; ③PLUGIN 18/15/3 không đổi, 0 new-alloc (UI/UX guide AI_INFRA = reference doc, KHÔNG phải plugin/skill — đã cite trong frontend-designer MEMORY S58 entry); ④DOCS — session-end flush hoàn tất (STATUS/HANDOFF/session-log/error-ledger E-008+AS-12). SURPRISE: return-cut class này (chết giữa emit sau khi finding chính đã ra) = nhẹ hơn die-0-byte, finding salvageable từ partial return. Tag `[s58, session-end-chot, return-cut-partial, on-behalf]`.
--- a/docs/HANDOFF.md
+++ b/docs/HANDOFF.md
@ -2,7 +2,7 @@
 > **Tiering rule (S40):** giữ **2-3 session gần nhất**. Cũ hơn → `docs/changelog/sessions/`. Full brief history pre-S40 → `docs/_archive/HANDOFF-preS40-fullhistory.md`.
-**Last updated:** 2026-06-11 (Session 58 — **4 việc prod-verified Run #382/#383/#384**: lock-demo-user fix (việc sếp deadline 15:00 ĐÓNG TRỌN) + tạm ẩn HRM/Office/Cá nhân khỏi user thường + Danh mục cuối sidebar (`6c5fd26` #383) + **fe-user redesign theo UI/UX guide AI_INFRA giữ brand** (`e959f72` #384 — user bundle `CKjwqnGL`, admin frozen). Email AI_INFRA processed (guide + ACK H4 ACCEPT). Root cause 2 tầng: lock-list = population Dev-only + `DemoUserPassword` 11 ký tự < prod RequiredLength=12 → CreateAsync silent-fail từ trước tới giờ (= "helpdesk inert" S56). Fix union 20 UAT email + password 12 ký tự → prod 55 user/34 locked, nv.cao+nv.truong sống, 5 real staff tạo. gotcha #59+#60. Commit `5998163`. Prev S57bis — **PE gắn Hạng mục (Mig 49) + Pe all-role + menu Cá nhân + Harness-4 runtime-VERIFIED**. Test 228→**240**. Bundle `CP4CB1ym`/`BmZ3VHnm`. Commit `17b23a4`+`dd117b7` → Run #381 PASS+1PARTIAL (lock NO-OP → RESOLVED S58). Prev S56 — **Pre-golive verify sweep + golive-harden 4 fix — Run #379 PASS, code golive-ready**. WF1 `pre-golive-verify` 7-stream + adversarial → 6 PASS/1 CONCERN/0 blocker = GO (key finds = ops not code). WF2 `golive-harden` fix 4: #3 LeaveBalance lost-update→atomic ExecuteUpdate+Serializable tx (NO mig) · #5 ItTicket authz Forbidden-trước-NotFound · #6 DocxRenderer null-guard · #4 Travel/Vehicle ApproveV2 tests. Test 216→**228**. Bundle FROZEN `4SUwDLD8`/`XdKzt9LL`. `sys.tables` re-ground 92→**93**. gotcha **#58** NEW. reviewer StructuredOutput-fail→em main đỡ. **2 ops VPS pending** (gán user IT + tzutil UTC+7). FE Phase 2 redesign **deferred** (recon ready). Commit `a20cde8`. Prev S55 — **Nạp master data thật từ Excel (62 dự án + 71 hạng mục + 3 NCC) + Project +4 cột (Mig 48) — prod-verified**. HMW-mode ON. Commit `69cb393` → Run #377 PASS ~4m33s. Test 216 (compile-fix only). Bundle admin `B-d6893W`/user `XdKzt9LL`. `SeedRealMasterDataAsync` ungated idempotent → coexist demo. 2 agent return truncated (BE+reviewer) → em main disk/runtime-recover. Prev S54 — IT staff tự reassign ticket (cross-stack authz) — prod-verified. 1 code commit `ca4b602` → Run #376 PASS ~4m18s. Test 203→**216**. Bundle admin `DfCfHUE9`→`DmjI8Cmn`/user `_3S0BPJ2`→`YxL_MljK` (cả 2 rotate). NO migration. Task 1 Phase 9 Ops anh dừng. ⚠️ residual: 3 agent ghi MEMORY nhầm `src/Backend/.claude` → em main reconcile. Prev S53: gotcha #57 EXT Master Mig 47 + P11-D/E + database-agent verified-runtime.)
+**Last updated:** 2026-06-11 (Session 58 — **5 đợt prod-verified Run #382/#383/#384/#386** (#385 cancelled-supersede-benign): lock-demo-user fix (việc sếp deadline 15:00 ĐÓNG TRỌN — gotcha #60/E-008/AS-12, root cause password 11<12 từng phát hiện S22 nhưng const không fix) + tạm ẩn HRM/Office/Cá nhân + Danh mục cuối (`6c5fd26` #383) + **fe-user redesign theo UI/UX guide AI_INFRA giữ brand** (`e959f72` #384) + **brand polish ×2 app "thấy rõ"** (`ea793a4`: stripe 4px đỉnh + thead brand) + **PE gộp Tên-gói-thầu = chọn Hạng-mục** (anh Kiệt FDC chốt, `3ebaf84` #386 — bundle final admin `DMm9rtNA`/user `BUkOMn_Y`). Email AI_INFRA processed (guide + ACK H4 ACCEPT). Test **240**. → session log `2026-06-11-S58-lock-fix-hide-modules-redesign-pe-merge.md`. Root cause 2 tầng: lock-list = population Dev-only + `DemoUserPassword` 11 ký tự < prod RequiredLength=12 → CreateAsync silent-fail từ trước tới giờ (= "helpdesk inert" S56). Fix union 20 UAT email + password 12 ký tự → prod 55 user/34 locked, nv.cao+nv.truong sống, 5 real staff tạo. gotcha #59+#60. Commit `5998163`. Prev S57bis — **PE gắn Hạng mục (Mig 49) + Pe all-role + menu Cá nhân + Harness-4 runtime-VERIFIED**. Test 228→**240**. Bundle `CP4CB1ym`/`BmZ3VHnm`. Commit `17b23a4`+`dd117b7` → Run #381 PASS+1PARTIAL (lock NO-OP → RESOLVED S58). Prev S56 — **Pre-golive verify sweep + golive-harden 4 fix — Run #379 PASS, code golive-ready**. WF1 `pre-golive-verify` 7-stream + adversarial → 6 PASS/1 CONCERN/0 blocker = GO (key finds = ops not code). WF2 `golive-harden` fix 4: #3 LeaveBalance lost-update→atomic ExecuteUpdate+Serializable tx (NO mig) · #5 ItTicket authz Forbidden-trước-NotFound · #6 DocxRenderer null-guard · #4 Travel/Vehicle ApproveV2 tests. Test 216→**228**. Bundle FROZEN `4SUwDLD8`/`XdKzt9LL`. `sys.tables` re-ground 92→**93**. gotcha **#58** NEW. reviewer StructuredOutput-fail→em main đỡ. **2 ops VPS pending** (gán user IT + tzutil UTC+7). FE Phase 2 redesign **deferred** (recon ready). Commit `a20cde8`. Prev S55 — **Nạp master data thật từ Excel (62 dự án + 71 hạng mục + 3 NCC) + Project +4 cột (Mig 48) — prod-verified**. HMW-mode ON. Commit `69cb393` → Run #377 PASS ~4m33s. Test 216 (compile-fix only). Bundle admin `B-d6893W`/user `XdKzt9LL`. `SeedRealMasterDataAsync` ungated idempotent → coexist demo. 2 agent return truncated (BE+reviewer) → em main disk/runtime-recover. Prev S54 — IT staff tự reassign ticket (cross-stack authz) — prod-verified. 1 code commit `ca4b602` → Run #376 PASS ~4m18s. Test 203→**216**. Bundle admin `DfCfHUE9`→`DmjI8Cmn`/user `_3S0BPJ2`→`YxL_MljK` (cả 2 rotate). NO migration. Task 1 Phase 9 Ops anh dừng. ⚠️ residual: 3 agent ghi MEMORY nhầm `src/Backend/.claude` → em main reconcile. Prev S53: gotcha #57 EXT Master Mig 47 + P11-D/E + database-agent verified-runtime.)
 ---
--- a/docs/STATUS.md
+++ b/docs/STATUS.md
@ -24,7 +24,7 @@
 | Sub-agents | **11** | **two-tier H4 (06-10):** em main Fable 5 (1M) Max · 4 promote `inherit`=Fable 5 (reviewer·investigator-codebase·database-agent·harvest-curator) · 7 demote pin `claude-opus-4-8` (**runtime-VERIFIED 06-11** — spawn-test 2 chiều S57bis: H1 tooling-auditor self-report `claude-opus-4-8[1m]` + H2 harvest-curator `claude-fable-5[1m]`; `[1m]` 1M-resolve SE tự verify) · effort Max ×2 tier. 9 product/quality + 2 monitor INFORM-only. ✅ database-agent **verified-runtime S53** (spawn-test PASSED — caught Mig 46-unapplied-local drift) |
 | RAG chunks | **2420** | re-check S58 (`list_projects` — alive, rerank 0.504 live). Stale `last_indexed 05-29` (S42-S58 via store_memory stopgap; full re-index = AI_INFRA op cần VOYAGE_API_KEY). |
-**Bundle hash live (prod):** admin `CP4CB1ym` (S57bis Run #381) · user **`CKjwqnGL`** (S58 Run #384 fe-user redesign — rotate khỏi `BmZ3VHnm`; CSS `CV0H5hnq`). Latest deploy Run #384 (`e959f72`, ~4m30s): fe-user density redesign — asymmetric đúng (admin FROZEN ✓), brand #1F7DC1 + Be Vietnam Pro verified trong HTML+CSS prod, Mig giữ 49. Prior: Run #383 (`6c5fd26`) revoke hidden-modules + Master order 80, menu-tree đối chứng 2 chiều ✓ · Run #382 (`5998163`) lock fix — Users 55/21 active/34 locked, helpdesk nv.cao+nv.truong sống · Run #381 (`dd117b7`) Mig 49 + Pe all-role 130 rows.
+**Bundle hash live (prod):** admin **`DMm9rtNA`** · user **`BUkOMn_Y`** (S58 Run #386 `3ebaf84` — đợt cuối: brand polish ×2 app + PE gộp Tên-gói-thầu=Hạng-mục; CSS admin `DDlKud5i`/user `BgAUPcnL`; brand #1F7DC1 + Be Vietnam Pro verified HTML+CSS prod). Run #385 (`ea793a4`) cancelled = supersede benign (polish intact trong #386, `git merge-base` ancestor-verified). Prior cùng ngày: Run #384 (`e959f72`) fe-user density redesign (user `CKjwqnGL`) · #383 (`6c5fd26`) revoke hidden-modules + Master order 80 (menu-tree đối chứng 2 chiều ✓) · #382 (`5998163`) lock fix (Users 55/21 active/34 locked, helpdesk sống) · #381 (`dd117b7`) Mig 49 + Pe all-role 130 rows.
 **Phase:** ✅ Phase 10 COMPLETE · ✅ **Phase 11 product backlog ĐÓNG TRỌN** — P11-A/B/C/**D/E/F** ALL DONE (deployed prod) · 🚫 Phase 9 Ops blocked (anh main coordinate — S54 chưa khởi động, anh dừng).
 > ⚠️ **Count drift fixed S40:** endpoints ~223→**211**, FE pages 53→**65**, menu keys 85→**~53**. Tables **84 confirmed correct** (DbSet 77 + Identity 7). 3 số "khó fake" (mig/gotcha/git) luôn đúng. Cause: số "incremented mỗi session" over/under-count optimistic — re-ground định kỳ.
@ -35,7 +35,7 @@
 | Task | Owner | Status |
 |---|---|---|
-| _(none — S58 lock-demo-user fix DONE prod-verified Run #382: 34 locked / helpdesk nv.cao+nv.truong sống / 5 real staff tạo. Việc sếp Zalo 06-11 deadline 15:00 ĐÓNG TRỌN (S57bis ship + S58 fix NO-OP). **Ops S56 (1) gán user IT → RESOLVED S58** (nv.cao/nv.truong active — khóa nốt 2 account này khi anh gán người thật vào CNTT). **🔴 Ops còn — của anh:** (1) `ssh vietreport-vps "tzutil /g"` → confirm `SE Asia Standard Time` (codegen mã đơn dùng năm giờ-server) · (2) xác nhận anh Chương dùng email nào → dọn `chuong.phan@solution.com.vn` typo-domain (đang giữ active chủ đích) · (3) báo 5 real staff mới password mặc định + yêu cầu đổi. **NEXT (anh pick):** FE redesign Phase 2 (recon ready) · Phase 9 Ops (SMTP/backup/creds/UAT) · monthly audit 2026-07-01 (kèm: schema-diagram §16+ Mig 32-49 ERD debt · L1 cap cicd-monitor 32.2KB + investigator-codebase 32.1KB curate · STATUS/HANDOFF re-tier).)_ | 👤 | ✅ |
+| _(none — S58 ĐÓNG TRỌN 5 đợt prod-verified: lock fix #382 (34 locked, helpdesk sống, ops S56 "gán user IT" RESOLVED) · tạm ẩn modules + Master order 80 #383 · fe-user redesign guide AI_INFRA #384 · brand polish + PE gộp Tên-gói-thầu=Hạng-mục #386 (bundle final `DMm9rtNA`/`BUkOMn_Y`). **🔴 Ops còn — của anh:** (1) `tzutil /g` VPS → confirm `SE Asia Standard Time` · (2) xác nhận anh Chương email nào → dọn `chuong.phan@solution.com.vn` typo · (3) báo 5 real staff password mặc định `User@1234567` + yêu cầu đổi · (4) khi gán người thật vào CNTT → thêm nv.cao/nv.truong vào lock list. **NEXT (anh pick):** PE panels polish sâu (PeDetailTabs 111KB session riêng) · FE PermissionGuard per-route khi golive HRM/Office (flip revoke) · Phase 9 Ops (SMTP/backup/creds/UAT) · monthly audit 2026-07-01 (schema-diagram §16+ Mig 32-49 ERD debt · **curate L1 cicd-monitor 41.1KB + investigator-codebase 32.9KB** (H2-đo; entry #383 lạc khu archive đã mark chống sweep nhầm) · STATUS/HANDOFF re-tier). → session log `2026-06-11-S58-lock-fix-hide-modules-redesign-pe-merge.md`)_ | 👤 | ✅ |
 **S40 done:** ✅ Consolidation (`d2f52ba`) · ✅ Curate 4 agent MEMORY >25KB→<8.4KB (`78c9de3`) · ✅ RAG catch-up chunk S37-S40 (rerank 0.867) · ✅ **AI_INFRA bulletin 2026-05-29 adopt 4/4** (MỤC2 Tiered Memory Policy v1 `6f08d1f` + MỤC3 /session-start+/session-end slash commands `c8ff5e1`). ⏳ Full RAG re-index = AI_INFRA op (cần VOYAGE_API_KEY).
@ -49,6 +49,8 @@
 - **Ẩn + thu hồi quyền (anh yêu cầu từ screenshot eoffice, commit `6c5fd26` → Run #383 PASS):** NEW `RevokeTemporarilyHiddenModulesAsync` — set 4 cờ CRUD=false mọi role TRỪ Admin trên `Hrm*` + `Off*` + `Personal` (menu tự ẩn 2 app; giữ row flip-lại-nhanh khi golive) + grant seed thu hẹp scope (không re-grant). Menu `Master` Order 20→**80** (Danh mục cuối sidebar). Prod verified: non-Admin CanRead=0 · Admin giữ 29 · Pe 120 · Master 48 · **menu-tree đối chứng 2 chiều** (nv.test mất 3 nhóm, admin còn). User thường eoffice giờ chỉ thấy: Hộp thư · Quy trình chọn TP-NCC · Danh mục (cuối). ⚠️ Mức che = menu + permission matrix; URL gõ trực tiếp chưa chặn (FE không PermissionGuard per-route — chấp nhận "tạm ẩn", note sẵn khi golive flip lại).
 - **`/check-email ai_infra`:** nhận `2026-06-11-ui-ux-design-guide` (hash ✓✓ whole-file + body, processed) — **UI/UX Design Guide canonical 13 mục** (anh-approved, lineage NAMGROUP→BVAAU→AI_INFRA) + FYI lỗi stamp hash email H4-report SE (không tamper — lesson stamp lần send tới) + **ACK H4 ACCEPT** (SE = sister đầu tiên trọn vòng H4.7 email-back).
 - **fe-user redesign (commit `e959f72` → Run #384 PASS):** 🩷 frontend-designer 14 file (index.css + 6 ui primitives + 6 shell + LoginPage) — density-first theo guide, **BRAND GIỮ** #1F7DC1 + Be Vietnam Pro + slate. Variant/size keys + props STABLE, RowActions/RowActionButton additive. Build ×2 PASS. **Bundle asymmetric đúng:** user `CKjwqnGL` rotate / admin `CP4CB1ym` frozen; brand verified trong HTML+CSS prod. ⚠️ Designer truncated #53 **lần 2 liên tiếp cùng điểm** (trước FD2 screenshot) → em main disk-recover + self-gate (lesson: emit file-list verdict TRƯỚC screenshot loop — ghi MEMORY nó).
 - **Brand polish "thấy rõ" (anh: "có thấy khác gì đâu, trang trí lên 1 tý" — commit `ea793a4`, 8 file ×2 app, em main solo):** dải gradient brand 4px đỉnh app + logo zone sidebar tint brand-50 + PageHeader accent bar dọc + **thead mọi DataTable `bg-brand-50/60 text-brand-700`** + TopBar title semibold. Lý do anh chưa thấy đợt đầu: density tinh tế + PE panels (chỗ anh nhìn) chưa đụng (file shared 111KB).
 - **PE gộp "Tên gói thầu" = chọn Hạng mục công việc (anh Kiệt FDC Zalo 14:06: "hạng mục chính là tên gói thầu, cho chọn chỗ đó" — commit `3ebaf84` → Run #386 PASS):** `PeWorkspaceCreateView` + `PeHeaderForm` — field "a. Tên gói thầu" Input tay → **1 Select từ 71 hạng mục** (`[Category] Code — Name`), chọn 1 phát set cả `workItemId` + `tenGoiThau` (= tên hạng mục); gỡ field "c" S57bis (trùng ý nghĩa). Phiếu cũ: option "Giữ nguyên: «tên cũ»" — không ép, PUT null-safe. NO BE change. **SHA256 mirror ×2 app** ✓. Run #385 cancelled supersede-benign (cicd ancestor-verified polish intact #386).
 ### S58 (2026-06-11) — ✅ Fix lock-demo-user prod NO-OP + password-seed root-cause — prod-verified Run #382
 - **Commit `5998163` (1 file `DbInitializer.cs` +28/-5) → Run #382 PASS ~3m31s, prod-verified.** Anh: `/session-start` → bootstrap phát hiện Run #381 PARTIAL (lock NO-OP) + 2 file dirty S57bis → recon → anh chốt 3 quyết định (AskUserQuestion): union+password-fix · giữ chuong.phan-typo · giữ nv.test.
--- a/docs/changelog/sessions/2026-06-11-S58-lock-fix-hide-modules-redesign-pe-merge.md
+++ b/docs/changelog/sessions/2026-06-11-S58-lock-fix-hide-modules-redesign-pe-merge.md
@ -0,0 +1,41 @@
 # S58 (2026-06-11) — Lock-fix prod NO-OP + tạm ẩn modules + Danh mục cuối + fe-user redesign guide AI_INFRA + brand polish + PE gộp Tên-gói-thầu
 > **7 commit · 5 Gitea run (4 PASS + 1 cancelled-benign) · tất cả prod-verified.** Anh: `/session-start` → fix lock NO-OP (sếp deadline 15:00) → screenshot eoffice "tạm ẩn + thu quyền + Danh mục cuối" → "check email AI_INFRA + chỉnh giao diện giống vậy giữ brand" → "có thấy khác gì đâu, trang trí lên 1 tý" → Zalo anh Kiệt FDC "hạng mục chính là tên gói thầu, cho chọn chỗ đó" → `/session-end`.
 ## Việc 1 — Fix lock-demo-user prod NO-OP (Run #382 `5998163`, ~13:00, deadline 15:00 dư 2h)
 - Bootstrap `/session-start` bắt: S57bis 2 file dirty chưa commit + cicd Run #381 **PASS+1PARTIAL** (lock NO-OP — 14 email không tồn tại prod).
 - 🟦 recon (dump prod + Dev + git pickaxe): **root cause 2 tầng** — (1) lock list = population Dev-only; demo prod thật = 20 UAT-matrix `{dept}.{nv,pp,tp}@`+`bod.{1,2}@` tạo TAY 05-13; (2) `DemoUserPassword` 11 ký tự < prod `RequiredLength=12` → `CreateAsync` **silent-fail mọi startup từ trước** (= root cause "helpdesk inert phòng IT 0 user" S56 + 5 real staff thiếu account).
 - Anh chốt 3 (AskUserQuestion): union 20 + fix password 12 ký tự · giữ `chuong.phan@solution.com.vn` (typo-domain, có thể login thật) · giữ `nv.test` (creds smoke cicd).
 - 🟩 Run #382 đo thật: **55 user / 21 active / 34 locked** · 14 named-person created+locked · **nv.cao/nv.truong CREATED+ACTIVE (ops S56 "gán user IT" RESOLVED)** · 5 real staff created · guard 6/6 · nv.test login 200 · bundle FROZEN.
 - **gotcha #60** + checklist 32 + **AS-12 + E-008** error-ledger + Active-Guard episodic "dump env-đích trước identifier-based op".
 ## Việc 2 — Closeout residual S57bis (`2aefb31` docs)
 - Commit 2 dirty (gotcha #59 PS5.1 `git commit -F` + cicd #381 entry) · 4 spawn-record on-behalf (database-agent/impl-BE/impl-FE/reviewer — H2 Coverage 4-MISS đóng) · H1 5-patch (ef-core +row Mig 49 ×5 chỗ · skills/README · dep-audit · CLAUDE.md root) · STATUS/HANDOFF flush S57bis (2-session gap) · menu keys re-ground **57** · test **240** verified local · bundle curl-verified.
 ## Việc 3 — Tạm ẩn modules + Danh mục cuối (Run #383 `6c5fd26`)
 - Anh (screenshot eoffice): ẩn Cấu hình HRM + NHÂN SỰ + VĂN PHÒNG SỐ + CÁ NHÂN, thu quyền user thường; DANH MỤC xuống cuối.
 - NEW `RevokeTemporarilyHiddenModulesAsync` (cuối seed pipeline): 4 cờ CRUD=false mọi role TRỪ Admin trên `Hrm*`+`Off*`+`Personal` (giữ row — flip lại nhanh khi golive) + grant seed thu hẹp scope còn Master/Catalogs/Pe_* + menu `Master` Order 20→**80**.
 - Runtime-proof Dev TRƯỚC ship (sqlcmd: MasterOrder=80 · NonAdminHrmOffPersonal=0 · Admin giữ 28 · Pe 120 · Master 48). 🟩 Run #383: prod 6/6 + **menu-tree đối chứng 2 chiều** (nv.test mất 3 nhóm / admin còn đủ). eoffice user thường còn: Hộp thư · PE · Danh mục (cuối).
 - ⚠️ Mức che = menu + permission matrix; URL trực tiếp chưa chặn (FE không PermissionGuard per-route — chấp nhận "tạm ẩn"; golive flip: gỡ prefix revoke + thêm lại `InReviewScope`).
 ## Việc 4 — Email AI_INFRA + fe-user redesign (Run #384 `e959f72`)
 - `/check-email ai_infra`: **UI/UX Design Guide canonical 13 mục** (anh-approved 06-11, lineage NAMGROUP→BVAAU→AI_INFRA, "Surgical Precision Minimalism" — cấu trúc chung, màu plug brand riêng) + FYI stamp-hash lỗi email H4-report SE (KHÔNG tamper — canonical strip-1-newline lesson) + **ACK H4 ACCEPT** (SE = sister đầu tiên trọn vòng H4.7). Hash ✓✓ 2 tuyến, processed `inbox/ai_infra/`.
 - 🩷 frontend-designer: 14 file fe-user (index.css + 6 ui primitives + 6 shell + LoginPage) mirror design-system fe-admin S55 + rubric guide. **BRAND GIỮ**: #1F7DC1 + Be Vietnam Pro + slate. Keys/props STABLE. ⚠️ **Truncated #53 lần 2 liên tiếp CÙNG ĐIỂM** (ngay trước FD2 screenshot) → em main disk-recover (diff-review key-stability + build ×2) + self-gate + proxy MEMORY (lesson: emit file-list verdict TRƯỚC screenshot loop).
 - 🟩 Run #384: **bundle asymmetric đúng** (user `CKjwqnGL` rotate / admin frozen) + brand verified HTML+CSS prod.
 ## Việc 5 — Brand polish "thấy rõ" + PE gộp field (Run #385 cancelled-benign → **#386 `3ebaf84` PASS**)
 - Anh: "Giao diện có thấy khác gì đâu? Trang trí lên 1 tý" → em main solo 8 file ×2 app: **dải gradient brand 4px đỉnh app** + logo zone sidebar tint brand-50 + PageHeader accent bar dọc + **thead mọi DataTable `bg-brand-50/60 text-brand-700`** + TopBar title semibold. (Lý do chưa thấy: density tinh tế + PE panels — chỗ anh nhìn — chưa đụng file shared 111KB.)
 - Anh Kiệt FDC (Zalo 14:06): "hạng mục công việc chính là tên gói thầu á, em cho chọn chỗ đó" → `PeWorkspaceCreateView` + `PeHeaderForm`: field "a. Tên gói thầu" Input tay → **1 Select 71 hạng mục**, chọn set cả `workItemId`+`tenGoiThau` (= tên hạng mục); gỡ field "c" S57bis trùng ý nghĩa; phiếu cũ option "Giữ nguyên: «tên cũ»" (PUT null-safe). NO BE change. **SHA256 mirror ×2 app** ✓.
 - 🟩 Run #385 (`ea793a4`) cancelled = supersede-benign (push `3ebaf84` đè 9s sau — precedent #380; cicd `git merge-base` ancestor-verified polish intact). **Run #386 PASS ~4m25s**: bundle final **admin `DMm9rtNA` / user `BUkOMn_Y`** (CSS `DDlKud5i`/`BgAUPcnL`, `brand-50` classes present) + brand 2 app + Mig 49 + smoke PE/work-items 401 + control 404. cicd ×2 double-verify khớp 100% (cicd-cuối tự phát hiện entry đã có → KHÔNG duplicate, anti-pattern #4 held).
 ## Multi-agent & lessons
 - **11 spawn:** H1 ×2 (start RE-REPORT + end chốt — end bị cut sau finding chính) · H2 ×2 (start + end GATE PASS 5/5) · 🟦 inv-codebase ×1 (recon lock — 107K tok, root-cause 2 tầng) · 🟩 cicd ×5 (#382/#383/#384 + #385-86 double-verify ×2 — cicd-cuối tự phát hiện entry trùng → không duplicate) · 🩷 designer ×1 (truncated → proxy). **`ea793a4` polish + `3ebaf84` PE-merge = em-main-direct** (0 implementer spawn — precedent S57-resume, H2 P4 reconciled).
 - **Lessons:** (1) **E-008/AS-12**: identifier-based prod op phải dump env-đích trước — test xanh + deploy PASS + health 200 đều mù với data-absence; cicd data-dump PASS+PARTIAL = tầng duy nhất bắt được. (2) Seed password const phải thỏa policy NGHIÊM NHẤT mọi env (silent `IdentityResult` không throw). (3) Designer chết ×2 cùng điểm FD2 → brief sau bắt emit verdict trước screenshot. (4) "cancelled" run = supersede-benign khi có push đè — verify ancestor + diff-empty rồi verify run sau. (5) Field semantics từ domain expert (anh Kiệt) đến SAU khi ship S57bis — gộp 2 field trùng ý nghĩa ngay khi biết, phiếu cũ null-safe giữ nguyên.
 ## Counts cuối session
 Mig **49** · tables **93** · test **240 PASS** (58+182) · gotcha **60** · menu keys **57** · bundle **`DMm9rtNA`/`BUkOMn_Y`** · RAG 2420 (stale 05-29, AI_INFRA op) · user-memory index 20 entries.
 ## 🔴 NEXT (anh pick)
 - **Ops của anh:** tzutil UTC+7 VPS · xác nhận anh Chương email nào → dọn typo-domain · báo 5 real staff password mặc định `User@1234567` + đổi · khi gán người thật vào CNTT → thêm nv.cao/nv.truong vào lock list.
 - **Product:** PE panels nội bộ polish sâu (PeDetailTabs 111KB — session riêng) · cột Hạng mục ngoài list phiếu nếu anh Kiệt cần · FE PermissionGuard per-route khi golive HRM/Office (flip revoke) · Phase 9 Ops (SMTP/backup/creds/UAT).
 - **Hygiene (H2 đo byte cuối session):** curate L1 **cicd-monitor 41.1KB** (P1 — archive runs cũ + khu archived-inline → `archive/2026-06-runs.md`, target ~20KB; entry #383 lạc khu archive đã đánh dấu "VỊ TRÍ LẠC" chống sweep nhầm) + **investigator-codebase 32.9KB** (pass 2) · reviewer 29.6KB + implementer-backend 27.9KB watch · monthly audit 2026-07-01 (schema-diagram §16+ Mig 32-49 ERD debt + STATUS/HANDOFF re-tier).
--- a/docs/governance/error-ledger.md
+++ b/docs/governance/error-ledger.md
@ -30,6 +30,7 @@ Detect by **action-signature** (NOT "AI tự phán có vi phạm không"). Scan
 | AS-9 | A/B/C choice handed to anh **without** decision-brief trục | Gov-v2 §G2 | reframe as full brief |
 | AS-10 | sub-agent writes a tracked file (MEMORY.md / code) despite **R1 return-only** (Write/Bash residual) | R1 return-only (HMW) — prompt-rule, NOT mechanized (G-015) | git-diff post-P2 catch → lead VERIFY benign+accurate+placement → keep or revert (NOT a bug if correct; chunk-count for RAG-write) |
 | AS-11 | cross-stack feature: BE validator/nullability ≠ FE required-marker for the SAME field | em-main shared-contract consistency (E-007) | RCA + align FE↔BE + reviewer-gate (held S51) |
 | AS-12 | identifier-based data op trên prod (lock/seed/migrate-by-email/code) viết theo population đọc từ CODE/Dev, KHÔNG dump bảng env đích | gotcha #60 (E-008) — assertion 0-row/`-1` ⟹ nghi data-mismatch TRƯỚC code-bug | RCA + dump env-đích trước khi viết list + seed-password thỏa policy nghiêm nhất mọi env |
 ## 🛡️ Active-Guards index (2-strike promote: episodic → procedural)
@ -48,11 +49,20 @@ Detect by **action-signature** (NOT "AI tự phán có vi phạm không"). Scan
 | **git-diff + chunk-count post-P2 containment** (defense-in-depth, HMW) | R1 sub-write residual (AS-10) · store_memory bypass (AS-3) | **procedural** (institutionalized S50 = standard B6 post-wave audit) | 1 (S49) | ✅ S49 (caught inv-api self-MEMORY in git-diff; chunk 2414=2414) + **S50 wave `h2-verify` (git-diff agent-memory EMPTY, chunk 2415=2415, 0 leak)** | ++ (G-015 honest — NOT allowlist-alone) |
 | heavy spawn → `run_in_background` | looks-frozen | **procedural** (2-strike met) | 2 (S45, S48) | ✅ S48 (FD bg) + S50 (all 4 monitor+wave spawns bg) | + |
 | RAG glob `**/`-anchored (not root) | gotcha #10 node_modules leak | procedural | 1 (S41) | ✅ (2406 clean) | ++ |
 | dump bảng env-đích TRƯỚC identifier-based data op (lock/seed-by-email) | gotcha #60 (AS-12) | episodic | 1 (S57bis lock NO-OP) | ✅ S58 (recon dump → fix `5998163` → Run #382 đo 34 locked) | ++ |
 ## 📋 RCA entries (blameless — newest on top)
 > Format: `E-NNN | date | rule | what | 5-why root | fix (prod-bug = 2-fix: code + guard) | prevention | tags[TYPE/ACTOR/COMPONENT]`
 ### E-008 — AS-12 lock-demo-user prod NO-OP: population Dev ≠ prod + seed silent-fail (S57bis ship, S58 fix, cicd-caught)
 - **rule (AS-12 NEW):** thao tác data theo-identifier trên prod (lock/seed/migrate-by-email) mà list viết từ CODE/Dev population, KHÔNG dump bảng env đích → silent NO-OP/sai-target. Assertion trả 0-row/`-1` ⟹ nghi data-mismatch TRƯỚC khi nghi code.
 - **what:** S57bis ship `LockDemoSampleUsersAsync` 14 email named-person (đọc từ seed code = population Dev-only). Demo prod thật = 20 UAT-matrix (`bod.1@`, `pm.nv@`… tạo TAY 05-13, chưa từng trong code). Run #381 deploy PASS + health 200 + code RAN — locked=0, hoàn toàn silent. Tầng 2 ẩn sâu hơn: `DemoUserPassword` 11 ký tự < prod `Identity:Password:RequiredLength=12` → `CreateAsync` trả `IdentityResult.Failed` (LogWarning-only, by-design 1-fail-không-abort) **mọi startup từ trước tới giờ** → named-person + `nv.cao`/`nv.truong` (IT pool — root cause "helpdesk inert" S56!) + 5 real staff KHÔNG BAO GIỜ tồn tại trên prod.
 - **5-why:** author tin seed code là source-of-truth population → Dev ≠ prod vì password-policy silent-fail → silent vì `IdentityResult` không throw → warning log prod không ai đọc → chỉ cicd #381 data-dump (PASS+PARTIAL) bắt được — test xanh + CI gate + health 200 đều mù với data-absence. **Why-0 (RAG-archaeology S58):** bug này TỪNG được phát hiện S22 (2026-05-13, session log ghi "Identity password policy ≥12 — existing memory mention `User@123456` 11 chars OUTDATED", 20 UAT user seed bằng `TestUser@2026` 12 ký tự) — nhưng const `DemoUserPassword` trong code KHÔNG được fix lúc đó → knowledge nằm trong session-log mà không thành code-fix/guard → tái diễn S57bis. Lesson: discovery phải đổi thành code-fix HOẶC ledger-guard ngay, session-log alone = chết.
 - **fix (prod-bug = 2-fix):** (code) `5998163` union 20 email prod-population (exact-email, KHÔNG pattern — `binh.le@` người thật sát scheme demo) + password → 12 ký tự → Run #382 đo thật: 55 user / 34 locked / helpdesk sống / 5 staff tạo / guard 6-6 active. (guard) gotcha **#60** + debug-checklist item 32 + cicd LESSON "lock/deactivate-by-email trả 0 ⟹ ALWAYS dump actual Users trước khi score FAIL" + Active-Guard episodic mới (dump-env-đích).
 - **prevention/guard:** mọi identifier-based op → dump env đích TRƯỚC khi viết list; seed password const thỏa policy NGHIÊM NHẤT mọi env (prod 12); grep warning log sau deploy có user-seed mới. AS-12 added §L.a.
 - **tags:** [seed-silent-fail+population-mismatch / em-main-S57bis-author · cicd-caught · recon-grounded / DbInitializer]
 ### E-007 — AS-11 parallel-fan-out shared-contract mismatch (S51, reviewer-caught pre-commit)
 - **rule (AS-11 NEW):** cross-stack feature fan-out where BE field nullability/validator ≠ FE required-marker for the SAME field → contract mismatch (empty submit → 400/500). Em-main shared-contract must spec required/optional consistently BOTH sides.
 - **what:** P11-C BE∥FE parallel (file-disjoint) spawn. Driver `phoneNumber/licenseNumber/licenseClass`: BE `NotEmpty()` validator + EF `.IsRequired()` NOT NULL, but FE KIND_CONFIG rendered them OPTIONAL (no `required:true`) → `buildBody` empty→null → 400/500. 186 tests GREEN (no test hit empty-optional path).