From 17b23a418abff6f0bd0fd5fc093524648d3cb838 Mon Sep 17 00:00:00 2001 From: pqhuy1987 Date: Thu, 11 Jun 2026 12:12:22 +0700 Subject: [PATCH] =?UTF-8?q?[CLAUDE]=20Docs:=20Harness-4=20two-tier=20runti?= =?UTF-8?q?me-VERIFIED=20(spawn-test=202=20chi=E1=BB=81u=20post-restart)?= =?UTF-8?q?=20+=20email-back=20AI=5FINFRA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Spawn-test 2 chiều S57bis: H1 tooling-auditor (demote pin) self-report claude-opus-4-8[1m] + H2 harvest-curator (promote inherit) self-report claude-fable-5[1m] → nấc executed-file/PENDING-RESTART → RUNTIME-VERIFIED (adap-report §2/§5 + STATUS row). [1m] 1M-resolve SE tự verify. - Email update 2026-06-11-se-to-ai_infra-harness-4-runtime-verified (nac sent, sha ecf1d587, honest n=1/chiều, hmw.js executed-file giữ) + _index OUTBOUND. - Lesson env: CCD harness cache agent frontmatter — restart CLI mới ăn (2 data-point 06-10/06-11). - Bundle 06-10 carry: 7 agent pin opus-4-8 + 4 inherit + hmw.js tier-map H4.5 + agents/README two-tier + 2 adap-report + email 06-10 + agent-memory delta (KEEP-ALL-5 H2-verified) + investigator L1→L2 archive curate. Co-Authored-By: Claude Fable 5 --- .../agent-memory/harvest-curator/MEMORY.md | 3 ++ .../implementer-backend/MEMORY.md | 2 + .../investigator-codebase/MEMORY.md | 12 +++-- .../investigator-codebase/archive/2026-06.md | 7 +++ .claude/agent-memory/reviewer/MEMORY.md | 1 + .../agent-memory/test-specialist/MEMORY.md | 4 +- .../agent-memory/tooling-auditor/MEMORY.md | 10 ++-- .claude/agents/README.md | 11 ++-- .claude/agents/cicd-monitor.md | 2 +- .claude/agents/frontend-designer.md | 2 +- .claude/agents/implementer-backend.md | 2 +- .claude/agents/implementer-frontend.md | 2 +- .claude/agents/investigator-api.md | 2 +- .claude/agents/test-specialist.md | 2 +- .claude/agents/tooling-auditor.md | 2 +- .claude/commands/session-start.md | 14 +++--- .claude/commands/ultra-on.md | 6 +-- .claude/skills/README.md | 2 +- .claude/skills/dependency-audit-erp/SKILL.md | 2 +- .claude/skills/ef-core-migration/SKILL.md | 6 +-- .claude/workflows/hmw.js | 25 ++++++++-- broadcasts/_index.md | 2 + ...0-se-to-ai_infra-harness-4-adopt-report.md | 50 +++++++++++++++++++ ...-to-ai_infra-harness-4-runtime-verified.md | 36 +++++++++++++ docs/STATUS.md | 2 +- ...vernance-harness-4-model-tier-promotion.md | 40 +++++++++++++++ ...2026-06-10-Governance-model-fable-5-max.md | 25 ++++++++++ 27 files changed, 236 insertions(+), 38 deletions(-) create mode 100644 .claude/agent-memory/investigator-codebase/archive/2026-06.md create mode 100644 broadcasts/outbox/ai_infra/2026-06-10-se-to-ai_infra-harness-4-adopt-report.md create mode 100644 broadcasts/outbox/ai_infra/2026-06-11-se-to-ai_infra-harness-4-runtime-verified.md create mode 100644 docs/governance/adap-reports/2026-06-10-Governance-harness-4-model-tier-promotion.md create mode 100644 docs/governance/adap-reports/2026-06-10-Governance-model-fable-5-max.md diff --git a/.claude/agent-memory/harvest-curator/MEMORY.md b/.claude/agent-memory/harvest-curator/MEMORY.md index a3a9c9d..bddf314 100644 --- a/.claude/agent-memory/harvest-curator/MEMORY.md +++ b/.claude/agent-memory/harvest-curator/MEMORY.md @@ -26,3 +26,6 @@ H2 harvest-MD-integrity auditor **SOLUTION_ERP-self**. Read-only + **propose-onl - **2026-06-07 (CREATED):** Seeded H2 harvest-curator (adopt AI_INFRA Harness 1, anh giao). Tailored SE: 4 RAG-read · `model:inherit` · omit color · Fidelity-escalate → SE `reviewer` (KHÔNG AI_INFRA-specific). Wired @session-end §L.b GATE (nâng 3/5→5/5 trục) + @session-start RE-REPORT harvest-mới (Phase 2.1.1) + Harness 2 B5 wave-gom. Nấc: **executed-file, verified-runtime PENDING** CLI restart + first spawn smoke. Tag [created, harness-1, h2]. - **2026-06-07 (S50 FIRST REAL RUN — verified-runtime ✅):** Spawned @session-start (harvest RE-REPORT) + @session-end (5-trục GATE + B5 wave-gom). Load OK → **verified-runtime CONFIRMED**. @start: harvest 🟢 clean. @end: **GATE PASS 5/5** (Coverage 4 subs · Completeness 4-field · Placement correct homes · Corruption 0-byte/mojibake=0 · Fidelity no-flag — independently re-verified inv-codebase `.gitignore:93` claim). **B5 wave-gom executed:** 2 wave sub-MDs → propose APPEND agent-memory/{investigator-codebase,test-specialist} (em main wrote). B6 re-verify HELD (git diff agent-memory EMPTY). **Method-learning (⭐):** chunk-count CANNOT verify via Bash `curl localhost:6333` — RAG MCP points at DIFFERENT Qdrant host → collection 'not found' false-negative. Use **RAG MCP channel** (`list_projects`) for chunk-count, NOT shell probe; em main (single RAG-writer) = authoritative (confirmed 2415). Tag [first-run, verified-runtime, gate-pass, chunk-via-mcp]. - **2026-06-08 (S51 `/session-end` 5-trục GATE — DIRECT spawns, RAG down):** Verified 6 product subs · nấc=**verified-runtime** (on-disk ground-truth, **0 file written**, git-diff agent-memory clean = E-006 backstop ✅) · evidence=**GATE PASS 5/5** (Coverage 6/6 S51 entries · Completeness 4-field · Placement correct · Corruption 0-byte=0 + investigator-killed file intact 92L terminates-clean + mojibake/shell-bake=0 · Fidelity reviewer-proxy honestly-marked + "1 MAJOR" claim ground-truthed `HrmConfigsPage.tsx:132-134`). B5 wave-gom **n-a** (DIRECT spawns, no `wave-*/`). 3 non-block flags → em main: (1) test 185→186 honest RED→GREEN (raw 174 attrs→runtime 186) (2) cicd self-tag [s50]→should-be-s51 cosmetic (3) Mig 45→92 tables, CLAUDE.md stale 43→91. **Method-learning ⭐:** killed-mid-write sub → verify file **terminates cleanly** (`wc -l`+tail+closing-Tag), NOT just `-size 0` (partial-write = truncated tail not 0-byte). Tag [s51, gate-pass, killed-sub-verify, direct-spawns]. +- **2026-06-10 (S57-interrupted @session-start RE-REPORT):** Verdict VÀNG — orphan delta investigator-codebase 3 entry S57 uncommitted (agent DUY NHẤT có delta post-S56; so mtime vs closeout-commit timestamp `a62e797` 20:20:51 = phương pháp detect interrupted-session). 4-field PASS ×3 · fidelity spot-check: flag "master-write-open" → fix `Roles="Admin,CatalogManager"` ×3 controller đã apply working-tree (recon khớp việc-thật — đọc memory khi resume đừng tưởng còn hở) · wave/stray/0-byte = 0 · flags: investigator 33.5KB>cap archive-L2, entry-3 tag s56→s57, double-blank-line nit. 0 file written (em main append B3). Tag [s57-orphan, mtime-vs-closeout-method, gate-na-start]. +- **2026-06-10 (S57-RESUME @start RE-REPORT):** Verdict 🟢 — 3 delta agent-memory uncommitted (harvest-curator +1 · investigator +3-entry · tooling +1+baseline-reground) ALL SANE, attribution nhất quán **em main proxy-append B3** (mtime 2 đợt: investigator 10:56 S57-work → harvest/tooling 11:55-57 resume-attempt; style/nội-dung khớp em-main, KHÔNG dấu hiệu sub tự ghi — G-015 honest "no evidence" ≠ "impossible"). 5-trục: Corruption 0-byte=0 (11/11 ≥4.4KB, tail terminate sạch, mojibake=0) · Wave/stray=0 (7 vị-trí check, S54-pattern không tái) · Fidelity **sample 8/8 deep-verify PASS** (authz ×3 controller · hmw.js:26=9 · README:192/:201 · gotcha-58 ×2 skill · ef-core 93/48 · roster 11=11 folder · catalog.manager:1608 · GetMyMenuTree:96 exact) · Completeness 4-field đủ ×5 entry · Coverage 🟡→resolved: 8 file code KHÔNG có delta implementer-* vì evidence nghiêng **em-main-direct implement** (mtime implementer pre-closeout + diff nhỏ + comment [S57] style em-main + investigator entry viết "Flag em-main" như brief) → không phải Coverage-miss. **2 nit em main FIXED in-session:** investigator entry-3 tag s56→s57 + double-blank-line ×2 gộp 1. Chore còn: investigator 33.5KB>30KB cap → curate L2 @closeout/monthly. Nhắc P1: commit 16 file PHẢI kèm docs-closeout (STATUS/HANDOFF/log) tránh "code committed, docs mù". Tag [s57-resume, gate-start-pass, mtime-attribution, coverage-resolved]. +- **2026-06-11 (S57bis @start RE-REPORT + spawn-test post-restart ✅):** Self-report `claude-fable-5[1m]` → **promote-tier `inherit` GIỮ Fable 5 runtime-VERIFIED** (H4.3c). Verdict 🟢 **KEEP-ALL-5** — 5 agent-memory delta uncommitted (harvest+2 · impl-backend+1 · investigator+3 · reviewer+1 · tooling+baseline-reground+3) ALL dated 06-10 S57/S57-resume, em-main-proxy-append B3, attribution mtime-cluster 21:52–22:28 nhất quán, commit AS-IS. Corruption: 11/11 ≥4.4KB, 0-byte=0, tail sạch, mojibake=0. Wave-folder=0 tồn (S56 2 workflow harvest sạch). 3 untracked = em-main governance docs (KHÔNG phải harvest-MD) → vào commit bundle. Chore giữ: investigator-codebase 33.5KB>30KB cap → L2 @closeout/monthly (reviewer 29.6KB + cicd 29.2KB sát cap, watch). Tag [s57bis, spawn-test-verified, keep-all-5, promote-inherit-proof]. diff --git a/.claude/agent-memory/implementer-backend/MEMORY.md b/.claude/agent-memory/implementer-backend/MEMORY.md index e4b189b..a358c41 100644 --- a/.claude/agent-memory/implementer-backend/MEMORY.md +++ b/.claude/agent-memory/implementer-backend/MEMORY.md @@ -74,6 +74,8 @@ UI `disabled={!canX}` + BE helper `EnsureCanXAsync(id, userId)` throw 403 (NOT i ## 📅 Recent activity (FIFO — older → archive/git) +- **2026-06-10 (S57-resume spawn-test H4.8 — Harness-4 two-tier):** Mình bị DEMOTE pin `model: claude-opus-4-8` (deterministic-scaffold class, double-gate reviewer+test+cicd sau lưng). Spawn-test echo model NGAY sau edit → self-report `claude-fable-5[1m]` = SE env (CCD harness) KHÔNG fresh-read frontmatter → pin ăn SAU restart CLI. Post-restart mình chạy Opus 4.8 (effort Max giữ env-wide); task hệ-trọng giao mình qua hmw có thể override `tier:'fable'`. Tag [h4-demote, spawn-test, pending-restart]. + - **S56 GOLIVE-HARDEN 3 BE fix (NO mig, 3 file edit, em-main spec deterministic 100% → ACCEPT Case 1):** **#3 LeaveBalance lost-update** `LeaveOtApprovalFeatures.cs` terminal DaDuyet branch → atomic-executeupdate-tx (spec chosen, KHÔNG RowVersion/Mig). Replaced in-mem `bal.UsedDays += NumDays` với: set p.Status/Updated* → `(DbContext)db` cast + `BeginTransactionAsync(ct)` (plain, NO IsolationLevel — READ COMMITTED đủ vì increment atomic) → STEP1 ensure-row (FirstOrDefault, auto-create UsedDays=0 via tracker) + SaveChanges (opinion+status+insert trong tx) → STEP2 `db.LeaveBalances.Where(...).ExecuteUpdateAsync(s=>s.SetProperty(b=>b.UsedDays, b=>b.UsedDays+p.NumDays), ct)` server-side row-lock race-free → `tx.CommitAsync` + **`return;`** (skip trailing shared SaveChanges). **STALE-TRACKED caveat (load-bearing):** ExecuteUpdate bypass tracker → tracked `bal` giữ pre-increment value; SAFE vì không đọc lại + handler return ngay; KHÔNG thêm `bal.UsedDays +=` (double-count). `using System.Data` + EF Core đã import. **#5 AssignItTicketHandler existence-oracle** `WorkflowAppsFeatures.cs:493` → moved Admin-OR-dept-IT Forbidden guard (itDeptId+isAdmin+myDeptId resolve) TRƯỚC ticket NotFound lookup → fail-closed (non-IT nhận Forbidden cho MỌI ticketId). assignee-must-be-IT Conflict + reassign giữ nguyên. **#6 DocxRenderer.cs:30,40 CS8602** → hoist `mainPart = doc.MainDocumentPart ?? throw InvalidOperationException` + `document = mainPart.Document ?? throw` (Document cũng nullable — KEY: 1st hoist chỉ fix part, vẫn còn 1 warn ở `.Document.Body`); deref qua local non-null. Build SolutionErp.slnx **0 err 0 warn** (DocxRenderer warn CLEARED — thực tế 1 warn không phải 2 như MEMORY ghi). Test 58 Domain PASS + 154/158 Infra: **4 FAIL `LeaveBalanceTests` (Approve_LastLevel_DeductsLeave.../AccumulatesExisting.../OverEntitled.../MultiLevel_NoDeductAtIntermediate)** = EXPECTED #3 stale-tracked (re-query trả tracked instance pre-increment, DB row đúng) → tests_to_update cho test-specialist (add AsNoTracking/ChangeTracker.Clear). ItTicket authz tests #5 PASS (Case5 đã expect Forbidden, NotFound case dùng Admin caller). KHÔNG touch tests/FE/commit. #4 (Travel/Vehicle smoke test) = test-specialist next stage. Tag `[s56, golive-harden, executeupdate-atomic, fail-closed-authz, cs8602, no-mig]`. ↳ **[em main post-review S56]** Tx bumped → `IsolationLevel.Serializable` (shipped code `LeaveOtApprovalFeatures.cs:369`) per database-agent review — convention-align (codegen/Proposal/TravelVehicle) + serialize auto-create-row race. '(plain, NO IsolationLevel — READ COMMITTED đủ)' ở entry = pre-review reasoning, **superseded**. Test 228 green. - **S55 master-data import (Mig 48 `AddProjectMasterFields` 4 AddColumn no-table + `SeedRealMasterDataAsync` 62 Project+71 WorkItem+3 Supplier) [proxy by em main — agent return truncated gotcha #53 before MEMORY step]:** Project entity +4 prop (`Year int?`, `Investor/Location/Package string?`, maxlen 250/500/300 ProjectConfiguration). `ProjectFeatures.cs` DTO+CreateCmd+UpdateCmd+validators+handlers+List/Get projections +4 (all nullable, appended end). **`SeedRealMasterDataAsync`** = 3 tuple-loop per-code idempotent (mirror `SeedDemoMasterDataAsync:2185` `existingCodes.Contains→skip`) wired UNGATED line 118 AFTER `SeedCatalogsAsync` → reaches prod (DemoSeed:Disabled=true KHÔNG gate, by-design như SeedDemoMasterData/Catalogs). Project Name=Code khi Excel blank. WorkItem 4 Category (Vật tư16/Thầu phụ30/MEP9/Thiết bị16, gen Code VT/TP/MEP/TB-NN; divider "THIẾT BỊ" dropped). Supplier NTP→NhaThauPhu/NCC→NhaCungCap, extras→Note. **FLOCK01 collision** demo↔real → per-code skip (demo thắng, real code+year only, OK). Compile-fix `MasterCatalogFilteredUniqueTests.cs` +4 null args CreateProjectCommand (necessary build-green). **Runtime Dev proof (em main):** app-start seeded 62proj/71wi/3sup landed, CAL01.Investor col populates, 0 overflow/dup. Build 0/0, test 216. Data spec `scripts/master-import-data.generated.md`. Tag `[s55, master-import, mig48, seed-real-ungated, project-4field]`. diff --git a/.claude/agent-memory/investigator-codebase/MEMORY.md b/.claude/agent-memory/investigator-codebase/MEMORY.md index 7e7bf5a..9c684b9 100644 --- a/.claude/agent-memory/investigator-codebase/MEMORY.md +++ b/.claude/agent-memory/investigator-codebase/MEMORY.md @@ -70,6 +70,14 @@ Bearer từ `POST api.solutions.com.vn/api/auth/login` → status matrix expecte ## 📅 Recent activity (FIFO — older → archive/git) +- **2026-06-11 (S57bis PE recon — 4 đầu việc sếp, on-disk):** ⭐ PE entity NO Year, NO WorkItem link (`PurchaseEvaluation.cs:15` ProjectId req; Detail free-text `PurchaseEvaluationDetail.cs:10-13`). Create cmd `PurchaseEvaluationFeatures.cs:19-30`; MaPhieu gen-AT-CREATE `:114-116` format `PE/{YYYY}/{A|B}/{Seq:D3}` (`PurchaseEvaluationCodeGenerator.cs:23`). Main create UI = `PeWorkspaceCreateView.tsx` (:151 workflow-select isUserSelectable ĐẦU TIÊN → tenGoiThau → projectId → DiaDiem → MoTa → PaymentTerms → budget; canSubmit :129 = wf+project+ten). PE controller class-`[Authorize]` ONLY no policy → mở menu là đủ, no silent-403. Pe_* leaves NOT in `MenuKeys.All` (chỉ root :156); PE defaults 7 role × 11 key (root + 2type×{group,WfView,List,Create,Pending}) `DbInitializer.cs:2098-2160`. S57 `SeedAllRolesReviewReadPermissionsAsync:1993-2001` InReviewScope EXCLUDES Pe; extend đúng = `key == MenuKeys.PurchaseEvaluations` EXACT (prefix "Pe" sẽ dính PeWorkflows admin!) — root inherit cascade (`GetMyMenuTreeQuery.cs:49-82`). Demo gate: prod `appsettings.json:35 DemoSeed:Disabled=true` → 7 `[DEMO]` HĐ + 4 `[DEMO]` PE (MaPhieu `[DEMO]-A-001`) KHÔNG lên prod; UNGATED trên prod = 31 users + 18 demo NCC + 8 demo project (:2244-2315) + real 62/71/3 (:2329-2522). ⚠️ Clear-demo gotcha: seed re-add per-code idempotent MỖI startup → xóa DB-only sẽ resurrect, phải gỡ khỏi DbInitializer code. WorkItem write Admin-only (`CatalogsController:113-130`) — CatalogManager có menu-perm nhưng API write bị chặn. Tag `[s57bis, pe-recon, demo-inventory]`. + +- **2026-06-10 (S57 perm-broaden blocks A/B/E/F — on-disk):** ⭐ **BE AUTHZ SPLIT (decision-critical for E):** Config controllers gate WRITE behind `[Authorize(Roles="Admin")]`, READ open to any-authed: `HrmConfigsController.cs:15` class `[Authorize]`+GET open `:19-21`, all POST/PUT/DEL `Roles="Admin"`; `CatalogsController.cs:14` same (write `:23+` Admin); `MeetingRoomsController.cs:15` same (comment `:9-10` explicit). → granting FE read on Hrm_Config/Catalogs/MeetingRooms = pure UI-visibility, BE already correct. **BUT Master 3 controllers = class `[Authorize]` ONLY, no per-action role:** `SuppliersController.cs:17`, `ProjectsController.cs:11`, `DepartmentsController.cs:11` — ANY authed user can POST/PUT/DELETE via API (FE menu perm is only gate, not BE-enforced). Flag em-main: making Suppliers/Projects/Departments visible-to-all ⇒ staff can write master incl. S55 prod data unless add `[Authorize(Roles="Admin,CatalogManager")]` or per-action policy. **S55 PROD DATA location:** `SeedRealMasterDataAsync` `:2267-2460` writes to **Projects**(62, `:2270`), **WorkItems**(71=CatalogWorkItems key, `:2430-2438`), **Suppliers**(3, `:2440-2456`) — all ungated idempotent per-code. **10 departments now** (`SeedDepartmentsAsync:2104`): 9 orig + IT (`:2115`). **31 demo users** (`SeedDemoUsersAsync:1553-1609`): dept spread BOD4/PM2/CCM9/PRO6/QS2/FIN2/ACT1/EQU1/HRA2; roles = mostly Drafter/CostControl/Procurement + 1 CatalogManager (`catalog.manager@`, dept PRO, `:1608`). NO user has zero-role; every demo user authenticatable. **Inherit-root display:** `GetMyMenuTreeQuery.cs:96 HasAccess = CanRead OR Children.Any(HasAccess)` → a non-inherit root (Hrm/Off/Master) auto-shows if ANY child has CanRead, so granting leaves is enough to reveal the root node (root row itself optional for display, but grant it too for cleanliness). Inherit-roots (Contracts/Pe/Wf/PeWf) cascade root→child so root-row-only suffices there. Menu already S57-edited: `Personal` group + `Off_ChamCong` re-parent Off→Personal via `parentBackfill:1908`. Tag `[s57-perm, be-authz-split, master-write-open, s55-data, 31user]`. + +- **2026-06-10 (S57 perm-broaden RECON blocks C/D — RAG down, on-disk):** ⭐ **SEED MODEL:** `SeedAdminPermissionsAsync` `DbInitializer.cs:1939-1977` Admin loops `MenuKeys.All` CRUD=true skip-existing dedup (`:1950/:1952`). Calls 2 sub: (a) `SeedPurchaseEvaluationPermissionDefaultsAsync` `:2036-2098` → **7 roles** {Drafter,DeptManager,Procurement,CostControl,ProjectManager,Director,AuthorizedSigner} Read+Update on PE keys only; (b) `SeedCatalogManagerPermissionsAsync` `:1984-2029` → role **CatalogManager** full-CRUD 9 master keys. **NO generic per-employee Read seed** — plain Drafter user sees ONLY PE keys; DOESN'T see Off_*/Hrm_*/Master/Contracts. **Most non-admin staff today see ~nothing but PE.** GetMyMenuTree `:96` filters CanRead=true. **Permission entity** `Permission.cs:3-15`: RoleId/MenuKey/CanRead/Create/Update/Delete. Dedup=app-level skip-existing per(RoleId,MenuKey), NO DB upsert. **13 AppRoles** `AppRoles.cs:23`: Admin(system)+12 employee. **4 inherit-roots** `GetMyMenuTreeQuery.cs:56-84`: Contracts/Workflows/PurchaseEvaluations/PeWorkflows — root grant auto-cascades to child IF child no own row (`:66`). Hrm/Off/Master NOT inherit → each leaf needs own row or add to switch. **GRANT-ALL pattern (block D):** mirror CatalogManager seeder but loop `roleManager.Roles` (all 13) × chosen key-set, CanRead=true only, insertion AFTER SeedCatalogManagerPermissionsAsync `:1976`. Tag `[s57-perm-recon, seed-model, no-employee-default, inherit-4root]`. + +- **2026-06-10 (menu-order cross-repo recon SE↔NAMGROUP, RAG down, on-disk):** ⭐ **SE menu seed = `SeedMenusAsync` `DbInitializer.cs` tuple-list** (NOT partial). Văn phòng số root `Off` (Order=29) `:1769-1792`; HR root `Hrm` "Nhân sự" (Order=28) `:1754-1767` (+`Hrm_Dashboard` appended out-of-order `:1791`). ⚠️ **HR SCATTERED 2 roots:** `Hrm` holds only Hồ sơ+Cấu hình HRM(6 leaf)+Dashboard; transactional HR (Nghỉ phép/OT/Công tác/Đặt xe/Chấm công/Báo cáo CC) live under `Off` as `Off_DonTu_*`/`Off_DatXe`/`Off_ChamCong`/`Off_AttendanceReport`. **SEED = UPSERT that RE-SETS Order** (`:1845-1871` `if(existing.Order!=o){existing.Order=o}`) → reorder in code propagates to Dev/prod next deploy, NO migration. BUT Label/ParentKey/Icon NOT touched on existing rows (`:1855` comment) — rename needs separate `labelBackfill` dict `:1874`. **Order = BE-only:** `GetMyMenuTreeQuery.cs:35 OrderBy(m.Order)`; both FE `Layout.tsx` render `useAuth().menu` as-is, `staticMap`+`menuKeys.ts` = key→route ONLY (no sort). FE needs NO edit for pure reorder. **NAMGROUP "Puro" = hardcoded FE array (NOT DB seed),** index=order: client `InternalLayout.tsx:83-118` (Nhân sự 3-item / Văn phòng số 6-item FLAT / Chấm công under separate "Cá nhân" group); admin `AdminLayout.tsx:87-119` splits by function not HR/office. NAMGROUP `Đơn từ`/`Phòng họp`/`Đề xuất` = flat single links (no sub-children) vs SE deep-nested. Tag `[menu-order, se-namgroup, seed-upsert-order, fe-be-driven, s57]`. + - **2026-06-09 (S56 pre-golive verify — 4 logic streams, all PASS):** Audited P11-B/D/E/F + ApproveV2 + catalogs + S55 master-wiring. **LeaveBalance** deduction exactly-once (terminal DaDuyet, guard `Status!=DaGuiDuyet` :296 blocks re-approve), FK guard Create+UpdateDraft→Conflict; **AttendanceReport** classify day-type IN-MEMORY (Holiday DateOnly HashSet), OtPolicy multiplier; **MaTicket** gen-on-Create Serializable IT/2026/NNN. Tests cover (LeaveBalance 9 + AttReport 2 + codegen 3 = 29 green). ApproveV2 4-module flatten Steps→Levels correct; **Travel/Vehicle ApproveV2 = 0 test** (cookie-cutter of tested Leave/OT — add 2 smoke post-golive). master-data **idempotency PROVEN** (DbInitializer re-run → counts identical, per-code guard :2310/:2404/:2422). **⚠️ PROD FACT (corrects stale S52 mem):** dept "IT"/Phòng CNTT DOES exist (Id 65CC6307…) but has **0 active users** on prod → ItTicket auto-assign no-ops, reassign dropdown empty, SLA job no notify-target. Pre-golive ops fix: assign ≥1 real user to dept IT (1 UPDATE, no code). Tag [s56, pre-golive-verify, logic-pass, dept-IT-empty-prod, travel-vehicle-untested]. - **2026-06-09 (S56 Phase 2 FE-redesign RECON — 25 page audit, on-disk):** ⭐ **NOT a rewrite** — S55 already redesigned ui-primitives + DataTable + shell → any page importing `ui/{Button,Input}`+`DataTable` AUTO-inherits density. **Hover-hidden quick-win nearly absent:** repo-wide grep `opacity-0`×`group-hover` = **only 1 real site** `ContractCreatePage.tsx:196` (EXCLUDED scope) + DataTable.tsx:15 is a comment forbidding it (good). In-scope = **0 hover-hidden fixes**. **DataTable adoption split:** only 5/25 use `` (Suppliers/Projects/Departments/Users/Forms); 12 pages roll RAW `` (MeetingRooms/Catalogs/HrmConfigs/EmployeesList/Proposals/WorkflowApps/Attendance×2/MenuVisibility/Roles) → custom density pass needed. **Drawer ≥8-field candidates = 3:** Suppliers (9 fld, Dialog), Projects (10 fld, Dialog), Users-CREATE (~8 fld w/ roles multiselect, 4 Dialogs total but only create is big). All currently big-Dialog → convert. **NO `Drawer.tsx` exists** (`ui/` = Button/Dialog/Input/Label/Select/Textarea only) → build first. **Bậc-thang reference ALREADY EXISTS:** `EmployeesListPage.tsx` (1200L) = canonical inline add/edit-row for 5 satellites (`setEditing{X}Id` + `addingX` mutex, :256-356) → extract `InlineEditRow` pattern from here, reuse for Catalogs/HrmConfigs/MeetingRooms (these 3 currently edit via Dialog :251/:316/:232, ≤7 cols → bậc-thang candidates). **Modal-detail = NONE:** ProposalDetail:275 + WorkflowAppDetail:424 Dialogs are tiny action-confirm (just `