[CLAUDE] Docs: S58 closeout — lock fix prod-verified Run #382 + S57bis flush + gotcha #59/#60 + harvest on-behalf

- STATUS/HANDOFF: thêm S57bis + S58 (2-session gap S57bis đóng vội), counts re-ground (Mig 49 · test 240 · gotcha 60 · menu 57 · bundle CP4CB1ym/BmZ3VHnm curl-verified · RAG 2420). Ops S56 "gán user IT" RESOLVED (nv.cao/nv.truong sống lại nhờ password fix). - gotchas: #59 (PS5.1 git commit -F, residual S57bis) + #60 NEW (Identity seed CreateAsync silent-fail vs prod RequiredLength=12 — population Dev ≠ prod, dump data thật trước lock/seed-by-email) + checklist 31/32. - agent-memory: cicd Run #381 (residual) + #382 · 4 spawn-record on-behalf (database-agent/impl-backend/impl-frontend/reviewer — H2 Coverage 4-MISS đóng) · investigator-codebase recon · 2 monitor RE-REPORT entries. - skills: ef-core +row Mig 49 (49 mig ×5 chỗ) · README + dep-audit count sync. - CLAUDE.md root: Mig 49 + test 240 + gotcha 60 + schema-ref 32-49. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-11 13:09:29 +07:00
parent 5998163642
commit 2aefb3134d
15 changed files with 102 additions and 23 deletions
--- a/.claude/agent-memory/cicd-monitor/MEMORY.md
+++ b/.claude/agent-memory/cicd-monitor/MEMORY.md
@ -68,6 +68,8 @@ BE (test+build) ~90s · FE × 2 ~60s/app · deploy ~30s · **total ~3min code /

 ## 📅 Recent runs (FIFO — older → archive/git)

+- **2026-06-11 Run #382 (run_number 268) sha=`5998163` PASS ~3m31s (S58 FIX the Run #381 lock NO-OP — DbInitializer.cs ONLY, BE-only, NO Mig/FE):** Push `dd117b7..5998163` 1 commit 1 file `DbInitializer.cs` (+28/-5). Fix: (1) `LockDemoSampleUsersAsync` union +20 UAT-matrix prod email (`{act,equ,fin,hra,pm,qs}.{nv,pp,tp}@`+`bod.{1,2}@`) into prior 14 named-person = 34-email list; (2) `DemoUserPassword` 11→12 chars (`User@123456`→`User@1234567`) fixing silent CreateAsync-fail vs prod `RequiredLength=12` (S56 helpdesk-inert root cause). `.cs` present → full pipeline RAN. Poll iter5 status=success (started 12:58:06 → 13:01:37). **Bundle FROZEN admin `CP4CB1ym` + user `BmZ3VHnm`** (= #381 UNCHANGED ✓ CORRECT for BE-only, verified AFTER status=success — NOT ship-fail). **NO migration** — prod `__EFMigrationsHistory` top = Mig 49 `AddWorkItemToPurchaseEvaluation` == repo, GIỮ NGUYÊN ✓. sys.tables=**93** unchanged. Health live/ready 200 + admin/eoffice root 200. **THE FIX VERIFIED prod (Users table — note: custom Identity table name `Users` NOT `AspNetUsers`):** total **55** users · **21 active** · **34 inactive==34 locked-future** (== lock-list size exactly). 12-sample UAT-matrix all `active=0 locked=1` (#381 NO-OP now RESOLVED — these exist in prod + got locked ✓). Named-person 14/14 found+locked (CREATED this startup via 12-char pw fix + locked same run). **Must-stay-active 6/6** admin·catalog.manager·nv.test·chuong.phan@solution.com.vn(typo-domain)·**nv.cao+nv.truong** ALL `active=1` (IT helpdesk pool ALIVE — S56 ops-pending RESOLVED by pw fix, created this startup not in lock-list). **5 new real staff** (thanh.lethanh/anh.nguyen/tring.le/truong.le/long.nguyen) all CREATED+`active=1` ✓ (12-char pw passes RequiredLength=12). Smoke nv.test login OK (token 477) + GET /api/menus 200 + /purchase-evaluations 200. 0 regression. **LESSON: lock-by-email NO-OP (#381) was a DATA-mismatch not code-bug → S58 reconciled email-list to actual prod population (UAT-matrix created via admin UI, never in seed) + the 11-vs-12 pw bug was a SECOND latent cause silently blocking ALL non-existing-user CREATE on prod (RequiredLength=12) — same fix resurrected 16 named + 5 staff + helpdesk pool. Verify lock-fix = dump Users cohorts (active/inactive split + named exact-IN), NOT just total count.** Tag `[s58, run382, pass, fix-lock-noop, pw-11to12, be-only-bundle-frozen]`.
+- **2026-06-11 Run #381 (run_number 267) sha=`dd117b7` PASS+1PARTIAL ~4m25s (S57bis PE gắn WorkItem Mig 49 + all-role Pe perm + menu Cá nhân regroup + lock-14-demo-user — cross-stack BE+FE×2+Mig+test, +12 PeWorkItemGuardTests→240):** 2-commit push: prev `17b23a4` (governance+hmw.js → Run #380 **cancelled**, superseded — correct, no FE/BE contract change) then `dd117b7` (PRODUCT, Run 381 = the deciding run). 26 files: Mig 49 `20260611044424_AddWorkItemToPurchaseEvaluation` (3-file, PE.WorkItemId Guid? loose-Guid NO physical FK + `IX_PurchaseEvaluations_WorkItemId`) + Domain `PurchaseEvaluation.cs` + Config + Features + DbInitializer (perm + `LockDemoSampleUsersAsync` + menu regroup) + MenuKeys + 3 master controllers (write-lock Admin/CatMgr) + FE×2 (PeDetailTabs/PeHeaderForm/PeWorkspaceCreateView/menuKeys/types). **Run IN-PROGRESS at first check (status=running 12:14) — polled to terminal** (12:14:16→12:18:41 ≈4m25s success). ⚠️ poll-grep gotcha: `"status"` field sits AFTER `"display_title"` in tasks JSON → `[^}]*"display_title"` regex cut before status (showed blank all 10 iters); final FULL-object parse `\{"id":381,...deploy.yml[^}]*\}` confirmed status=success. **Bundle ROTATE BOTH** admin `4SUwDLD8→CP4CB1ym` + user `XdKzt9LL→BmZ3VHnm` (PE in both apps ✓ shipped, verified AFTER status=success). **Mig 49 applied prod** (`__EFMigrationsHistory` top = AddWorkItem... ✓ + WorkItemId col=1 + IX=1). sys.tables=**93** (col-only, no delta). Health live/ready 200 + admin/eoffice 200. **Perm seed STRONG: Pe_* CanCreate=1 = 130 rows across 13 roles** (was 3-role → all-role open landed); PeWf%=0 + AwV2%=2 (designer stays admin-only ✓ no leak). Menu regroup ✓: Personal root@30 · Off_ChamCong→Personal@1 · **Hrm_Config**→Master@25 (spec said key `HrmConfig`, real key has underscore `Hrm_Config` — verify by ParentKey/Order NOT literal Key) · Contracts@31 · Hrm_Dashboard→Hrm@1. Smoke PE unauth 401 (/purchase-evaluations + /catalogs/work-items) vs control 404 (auth real). WorkItems VT/TP/MEP/TB=71. **⚠️ PARTIAL item 7 — lock-14-users is a prod NO-OP:** `LockDemoSampleUsersAsync` SHIPPED+RAN but its 14 hardcoded emails (`bod.huynh@`,`pm.nguyen@`,`fin.do@`,`qs.hoang@`...) **DON'T EXIST in prod** — real demo set uses dept.position scheme `bod.1@`/`bod.2@`/`pm.{nv,pp,tp}@`/`fin.{nv,pp,tp}@`/`qs.{nv,pp,tp}@` (34 users ALL active, INACTIVE_TOTAL=0). Each FindByEmail→null→locked=0. Guard `nv.cao`/`nv.truong` also absent (-1, vacuously safe); catalog.manager+admin confirmed active. NOT a deploy fail (code correct) — email list stale vs this DB seed. Escalated em main: reconcile lock-list to actual `*.{nv,pp,tp}@` scheme OR confirm named-person legacy users were ever seeded. **LESSON: lock/deactivate-by-email assertion returning 0/`-1` ⟹ ALWAYS dump actual `Users` set before scoring FAIL — code may have run as no-op against mismatched data, NOT broken.** Tag `[s57bis, run381, pass-partial, mig49-pe-workitem, allrole-perm-130, lock-noop-email-mismatch]`.
 - **2026-06-09 Run #379 (run_number 265) sha=`a20cde8` PASS ~4m20s (S56 GOLIVE-HARDEN BE fixes — LeaveBalance concurrency + ItTicket authz-order + DocxRenderer null-guard + tests, ZERO FE/Mig):** Push `bef5825..a20cde8` 1 commit 13 files: 3 BE `LeaveOtApprovalFeatures.cs` (atomic ExecuteUpdate + Serializable tx vs lost-update) + `WorkflowAppsFeatures.cs` (authz reorder Forbidden-before-NotFound) + `DocxRenderer.cs` (null-guard) + 4 test files (+12 → 216→**228**) + 6 agent-memory `.md`. `.cs`+test present → NOT docs-skip, full pipeline RAN. **Run IN-PROGRESS at first check (status=running 17:51) — correctly did NOT FAIL, polled to terminal** (started 17:51:45 → updated 17:56:05 ≈4m20s status=success iter5). **Bundle FROZEN admin `4SUwDLD8` + user `XdKzt9LL`** (= #378, UNCHANGED ✓ CORRECT for BE-only — NOT ship-fail, mirror Run #243/#368; verified pre-deploy + post-success + +5s re-confirm, NO transient, NO unexpected rotation). **NO migration** — prod `__EFMigrationsHistory` top = `20260609020759_AddProjectMasterFields` (Mig 48) == repo latest, GIỮ NGUYÊN ✓ (BE-logic-only, schema untouched). sys.tables=**93** unchanged. Health live+ready **200/200** + admin/eoffice root 200. **Smoke changed-area endpoints (all gated, none crash):** `GET /it-tickets/assignable-staff` unauth=**401** · `PUT /it-tickets/{guid}/assign` unauth+body=**401** (authz-reorder fix live, route wired) · `GET /leave-balances/my` unauth=**401** (concurrency fix dll deployed) · control fake `/it-tickets/zzz-not-a-route`=**404** (proves 401s are real auth gates not catch-all). 0 regression. **Ship-proof for BE-only no-contract-change = run success + test 228 + Mig 48 unchanged + bundle frozen + health 200** (no observable API delta — fixes are internal handler logic: atomic tx / exception order / null-guard; cannot curl-assert lost-update fix, rely on +12 tests passing in CI gate). Tag `[s56, run379, pass, golive-harden, be-only-bundle-frozen, no-mig]`.
 - **2026-06-09 (S56 pre-golive verify — NO deploy, read-only audit):** Re-verified prod truth at golive gate (HEAD `bef5825` docs-only → prod correctly = Run #378). build SolutionErp.slnx 0-err + fe-admin/fe-user npm build 0-TS each + test **216** (58D+158I) exact. Prod health live+ready 200; admin root serves `4SUwDLD8` / eoffice `XdKzt9LL` (== baseline, NO drift). `__EFMigrationsHistory` top = Mig 48 == repo; 92 tables. Master-data prod spot: Projects=70 (62 real+8 demo), CAL01.Investor=N'Công ty TNHH Calofic' exact, WorkItems real=71 (VT16/TP30/MEP9/TB16) of 86, Suppliers 3/3. **LESSON — local-vs-prod FE hash divergence is EXPECTED, not ship-fail:** fresh local `npm build` produces a DIFFERENT content-hash than CI-built prod artifact (node_modules/timestamp inputs not byte-reproducible) → load-bearing check is `prod-hash == documented-baseline`, NOT `== my-local-rebuild`. Don't false-alarm on local≠prod when HEAD unchanged. Tag [s56, pre-golive-verify, prod-truth-pass, local-vs-prod-hash-lesson].

--- a/.claude/agent-memory/database-agent/MEMORY.md
+++ b/.claude/agent-memory/database-agent/MEMORY.md
@ -32,3 +32,4 @@
 ## Log
 - **S52 (2026-06-08):** Seeded (em main, adap-apply database-agent). Roster 10→11. Nấc executed-file. CHỜ restart + spawn-test → verified-runtime.
 - **S56 (2026-06-09) — pre-golive verify (2nd real spawn, verified-runtime ✓):** Schema/Mig integrity P11 + S55 master-data = SOLID. Mig 42-48 applied IDENTICALLY Dev+Design+prod `.\SQLEXPRESS` (48 mig / 92 tables, **NO S53-style unapplied-local drift**); 0 pending model-snapshot diff; **9 gotcha-#57 filtered-unique** confirmed BOTH EF config (HasFilter×13) AND DB (`filter_definition=([IsDeleted]=(0))`) incl Vehicle/Driver day-1; FK đúng (LeaveBalance→LeaveType Restrict + UNIQUE(User,Type,Year); 4× LevelOpinions Cascade(parent)/Restrict(Level)+UNIQUE composite; ItTicket SLA nullable). **DB11 FAIL (1 major, fast-follow KHÔNG blocker):** `LeaveBalance.UsedDays += NumDays` @ `LeaveOtApprovalFeatures.cs:361-386` chạy bare SaveChanges (no tx / no RowVersion / READ COMMITTED) → concurrent double-approve lost-update. **S43 gap STILL OPEN.** Fix-pattern sẵn repo: Serializable tx (codegen `:34`) HOẶC RowVersion+retry (1 mig). Low-prob ~30 user, recoverable Admin Adjustment. Tag [s56, pre-golive-verify, schema-pass, db11-lostupdate-open].
+- **S57bis (2026-06-11) — PE gắn Hạng mục design (3rd real spawn, DELIVERED — on-behalf em main ghi hộ, H2-proposed):** Introspect LocalDB → design `PurchaseEvaluations.WorkItemId Guid?` scalar **loose-Guid + IX, KHÔNG FK vật lý** — nhất quán convention PE (ProjectId/SelectedSupplierId đều loose; duy nhất ApprovalWorkflowId có FK). Guard = validator + handler mirror S43 FK-invariant. KHÔNG đụng CodeSequences (mã phiếu giữ `PE/{YYYY}/{A|B}/{Seq}`). LEARNED: PE FK-convention map (loose-Guid là norm module này — FK vật lý là exception). SURPRISE: WorkItems = catalog GLOBAL (KHÔNG ProjectId) → 2 dropdown độc lập; "Dự án (năm) – Hạng mục" chỉ là chuỗi ghép hiển thị, không ràng buộc quan hệ. Ship: Mig 49 deploy Run #381 prod-applied. Tag `[s57bis, mig49-design, on-behalf]`.
--- a/.claude/agent-memory/harvest-curator/MEMORY.md
+++ b/.claude/agent-memory/harvest-curator/MEMORY.md
@ -29,3 +29,4 @@ H2 harvest-MD-integrity auditor **SOLUTION_ERP-self**. Read-only + **propose-onl
 - **2026-06-10 (S57-interrupted @session-start RE-REPORT):** Verdict VÀNG — orphan delta investigator-codebase 3 entry S57 uncommitted (agent DUY NHẤT có delta post-S56; so mtime vs closeout-commit timestamp `a62e797` 20:20:51 = phương pháp detect interrupted-session). 4-field PASS ×3 · fidelity spot-check: flag "master-write-open" → fix `Roles="Admin,CatalogManager"` ×3 controller đã apply working-tree (recon khớp việc-thật — đọc memory khi resume đừng tưởng còn hở) · wave/stray/0-byte = 0 · flags: investigator 33.5KB>cap archive-L2, entry-3 tag s56→s57, double-blank-line nit. 0 file written (em main append B3). Tag [s57-orphan, mtime-vs-closeout-method, gate-na-start].
 - **2026-06-10 (S57-RESUME @start RE-REPORT):** Verdict 🟢 — 3 delta agent-memory uncommitted (harvest-curator +1 · investigator +3-entry · tooling +1+baseline-reground) ALL SANE, attribution nhất quán **em main proxy-append B3** (mtime 2 đợt: investigator 10:56 S57-work → harvest/tooling 11:55-57 resume-attempt; style/nội-dung khớp em-main, KHÔNG dấu hiệu sub tự ghi — G-015 honest "no evidence" ≠ "impossible"). 5-trục: Corruption 0-byte=0 (11/11 ≥4.4KB, tail terminate sạch, mojibake=0) · Wave/stray=0 (7 vị-trí check, S54-pattern không tái) · Fidelity **sample 8/8 deep-verify PASS** (authz ×3 controller · hmw.js:26=9 · README:192/:201 · gotcha-58 ×2 skill · ef-core 93/48 · roster 11=11 folder · catalog.manager:1608 · GetMyMenuTree:96 exact) · Completeness 4-field đủ ×5 entry · Coverage 🟡→resolved: 8 file code KHÔNG có delta implementer-* vì evidence nghiêng **em-main-direct implement** (mtime implementer pre-closeout + diff nhỏ + comment [S57] style em-main + investigator entry viết "Flag em-main" như brief) → không phải Coverage-miss. **2 nit em main FIXED in-session:** investigator entry-3 tag s56→s57 + double-blank-line ×2 gộp 1. Chore còn: investigator 33.5KB>30KB cap → curate L2 @closeout/monthly. Nhắc P1: commit 16 file PHẢI kèm docs-closeout (STATUS/HANDOFF/log) tránh "code committed, docs mù". Tag [s57-resume, gate-start-pass, mtime-attribution, coverage-resolved].
 - **2026-06-11 (S57bis @start RE-REPORT + spawn-test post-restart ✅):** Self-report `claude-fable-5[1m]` → **promote-tier `inherit` GIỮ Fable 5 runtime-VERIFIED** (H4.3c). Verdict 🟢 **KEEP-ALL-5** — 5 agent-memory delta uncommitted (harvest+2 · impl-backend+1 · investigator+3 · reviewer+1 · tooling+baseline-reground+3) ALL dated 06-10 S57/S57-resume, em-main-proxy-append B3, attribution mtime-cluster 21:52–22:28 nhất quán, commit AS-IS. Corruption: 11/11 ≥4.4KB, 0-byte=0, tail sạch, mojibake=0. Wave-folder=0 tồn (S56 2 workflow harvest sạch). 3 untracked = em-main governance docs (KHÔNG phải harvest-MD) → vào commit bundle. Chore giữ: investigator-codebase 33.5KB>30KB cap → L2 @closeout/monthly (reviewer 29.6KB + cicd 29.2KB sát cap, watch). Tag [s57bis, spawn-test-verified, keep-all-5, promote-inherit-proof].
+- **2026-06-11 (post-S57bis @start RE-REPORT — rushed-closeout 4 Coverage-MISS):** S57bis đóng vội (commit 12:12-13 → post-commit ghi 12:23-25 rồi dừng, KHÔNG end-GATE). Verdict 🟡: **Coverage 4 MISS / 9 role spawned** — implementer-backend+frontend (CẢ 2 return-truncated #53) · database-agent (Mig-49 design DELIVERED mà 0 delta — miss đau nhất) · reviewer (**die-0-byte ×2** resume-kill → em main self-gate) → propose 4 spawn-record on-behalf. 5 record có sẵn (inv-codebase·test-spec·tooling·harvest·cicd-dirty) 4-field PASS, fidelity ground-truthed (Mig 49 file `Persistence/Migrations/20260611044424` exists + count 240 consistent ×4 nguồn). **Method ⭐: commit-stat "có append" ≠ "có fanout-record"** — impl-backend/reviewer append trong 17b23a4 = carry 06-10 S57-resume (mtime 06-10 22:21-28); classify bằng grep tag `57bis` + mtime, KHÔNG tin stat. Mồ-côi ×2 sane (cicd +Run#381 PASS+1PARTIAL — escalation lock-14-user prod NO-OP email-stale · gotchas #59 PS5.1 quote→`-F`) → commit bundle; cicd entry chứa bundle-hash CP4CB1ym/BmZ3VHnm = resolve flag "unverified" của tooling. Wave=0 · stray=0 · 0-byte=0 (find -size 0 empty). Chore: cicd 32.3KB + inv-codebase 32.1KB ĐỀU >30KB (inv vừa curate 11:30 vẫn over). Wrote OWN diary only (em main explicit). Tag [post-s57bis, coverage-4-miss, carry-vs-fanout-classify, die-0-byte].
--- a/.claude/agent-memory/implementer-backend/MEMORY.md
+++ b/.claude/agent-memory/implementer-backend/MEMORY.md
@ -74,6 +74,8 @@ UI `disabled={!canX}` + BE helper `EnsureCanXAsync(id, userId)` throw 403 (NOT i

 ## 📅 Recent activity (FIFO — older → archive/git)

+- **2026-06-11 (S57bis PE WorkItemId BE slice — PARTIAL, on-behalf em main ghi hộ, H2-proposed):** Return-truncated #53 TRƯỚC Mig 49 + projection-3 → em main solo hoàn tất (fix CS7036 + CS8019, Mig 49 `AddWorkItemToPurchaseEvaluation` 3-file, projection ListItemDto ×3 LEFT-join WorkItems, UpdateDraft null-safe `if (request.WorkItemId is not null)` chống null-hóa bug-class S42). LEARNED: FK-guard loose-Guid `AnyAsync(w.Id==x && w.IsActive)`→Conflict (mirror S43); validator `NotEmpty` create-only, DB nullable backward-compat 4 phiếu cũ; `NotEmpty()` trên `Guid?` KHÔNG chặn `Guid.Empty` → handler guard bắt (defense-in-depth). SURPRISE: truncate 2 session liên tiếp (S55, S57bis) ở slice lớn cross-layer → cắt stage nhỏ hơn (entity+config / mig / projection tách spawn). Tag `[s57bis, truncated-53, on-behalf]`.
+
 - **2026-06-10 (S57-resume spawn-test H4.8 — Harness-4 two-tier):** Mình bị DEMOTE pin `model: claude-opus-4-8` (deterministic-scaffold class, double-gate reviewer+test+cicd sau lưng). Spawn-test echo model NGAY sau edit → self-report `claude-fable-5[1m]` = SE env (CCD harness) KHÔNG fresh-read frontmatter → pin ăn SAU restart CLI. Post-restart mình chạy Opus 4.8 (effort Max giữ env-wide); task hệ-trọng giao mình qua hmw có thể override `tier:'fable'`. Tag [h4-demote, spawn-test, pending-restart].

 - **S56 GOLIVE-HARDEN 3 BE fix (NO mig, 3 file edit, em-main spec deterministic 100% → ACCEPT Case 1):** **#3 LeaveBalance lost-update** `LeaveOtApprovalFeatures.cs` terminal DaDuyet branch → atomic-executeupdate-tx (spec chosen, KHÔNG RowVersion/Mig). Replaced in-mem `bal.UsedDays += NumDays` với: set p.Status/Updated* → `(DbContext)db` cast + `BeginTransactionAsync(ct)` (plain, NO IsolationLevel — READ COMMITTED đủ vì increment atomic) → STEP1 ensure-row (FirstOrDefault, auto-create UsedDays=0 via tracker) + SaveChanges (opinion+status+insert trong tx) → STEP2 `db.LeaveBalances.Where(...).ExecuteUpdateAsync(s=>s.SetProperty(b=>b.UsedDays, b=>b.UsedDays+p.NumDays), ct)` server-side row-lock race-free → `tx.CommitAsync` + **`return;`** (skip trailing shared SaveChanges). **STALE-TRACKED caveat (load-bearing):** ExecuteUpdate bypass tracker → tracked `bal` giữ pre-increment value; SAFE vì không đọc lại + handler return ngay; KHÔNG thêm `bal.UsedDays +=` (double-count). `using System.Data` + EF Core đã import. **#5 AssignItTicketHandler existence-oracle** `WorkflowAppsFeatures.cs:493` → moved Admin-OR-dept-IT Forbidden guard (itDeptId+isAdmin+myDeptId resolve) TRƯỚC ticket NotFound lookup → fail-closed (non-IT nhận Forbidden cho MỌI ticketId). assignee-must-be-IT Conflict + reassign giữ nguyên. **#6 DocxRenderer.cs:30,40 CS8602** → hoist `mainPart = doc.MainDocumentPart ?? throw InvalidOperationException` + `document = mainPart.Document ?? throw` (Document cũng nullable — KEY: 1st hoist chỉ fix part, vẫn còn 1 warn ở `.Document.Body`); deref qua local non-null. Build SolutionErp.slnx **0 err 0 warn** (DocxRenderer warn CLEARED — thực tế 1 warn không phải 2 như MEMORY ghi). Test 58 Domain PASS + 154/158 Infra: **4 FAIL `LeaveBalanceTests` (Approve_LastLevel_DeductsLeave.../AccumulatesExisting.../OverEntitled.../MultiLevel_NoDeductAtIntermediate)** = EXPECTED #3 stale-tracked (re-query trả tracked instance pre-increment, DB row đúng) → tests_to_update cho test-specialist (add AsNoTracking/ChangeTracker.Clear). ItTicket authz tests #5 PASS (Case5 đã expect Forbidden, NotFound case dùng Admin caller). KHÔNG touch tests/FE/commit. #4 (Travel/Vehicle smoke test) = test-specialist next stage. Tag `[s56, golive-harden, executeupdate-atomic, fail-closed-authz, cs8602, no-mig]`.
--- a/.claude/agent-memory/implementer-frontend/MEMORY.md
+++ b/.claude/agent-memory/implementer-frontend/MEMORY.md
@ -42,6 +42,7 @@ Dynamic class purged. PALETTE array full literal `as const` cycle `index % lengt

 ## 📅 Recent activity (last 10 FIFO)

+- **2026-06-11 (S57bis PE WorkItem FE ×2 app — PARTIAL, on-behalf em main ghi hộ, H2-proposed):** Task = PeWorkspaceCreateView select "c. Hạng mục công việc *" sau Dự án + PeHeaderForm (select + load existing + PUT/POST workItemId) + PeDetailTabs (subtitle "Dự án – Hạng mục" + FormRow + inline-edit khóa) + types +3 field. Return-truncated #53 GIỮA mirror fe-admin → em main solo mirror 7 edits PeHeaderForm + 3 edits PeDetailTabs ×2 app; PeHeaderForm SHA256 IDENTICAL. LEARNED: mirror đo bằng SHA256 (không diff mắt); option label `[Category] Code — Name` + canSubmit require; route reuse `/catalogs/work-items` (KHÔNG endpoint mới). SURPRISE: điểm gãy lặp tại mirror-2-app-trong-1-spawn → cân nhắc per-app stage khi slice lớn. Tag `[s57bis, truncated-53, sha256-mirror, on-behalf]`.
 - **2026-06-09 (S55 HMW P2 — Project +4 optional master fields):** Case 1 master-data enrich (NO 4-place, NO menu/route/Layout — chỉ Place-1 page+type). BE adds 4 nullable Project fields parallel (implementer-backend). 2 file × 2 app: (1) types/master.ts `Project` +`year:number|null`+`investor/location/package:string|null` (sau `note`) +ProjectInput auto-inherit via Omit · (2) ProjectsPage.tsx (single-Dialog CRUD, NO separate pages): FormState +4 `string` (form dùng string, convert on submit) + emptyForm +4 '' + mutate payload `year:d.year?Number():null, investor/location/package:d.x||null` + openEdit `year:p.year?.toString()??'', x:p.x??''` + Dialog 4 Input sau "Ngày kết thúc" trước "Ghi chú" (Năm type=number, Chủ đầu tư, Địa điểm col-span-2, Gói thầu col-span-2) + table column "Chủ đầu tư" (`p.investor??'—'`) giữa name↔startDate. **`package` = valid TS object KEY** (reserved chỉ khi binding-identifier) → `form.package`/`{...form,package:x}` build sạch, KHÔNG cần rename. cp admin→user SHA256 IDENTICAL: master.ts `93ac1b0f…`, ProjectsPage `b002061…`. Build PASS ×2 (admin 1945mod, user 1934mod, 0 TS err — tsc -b clean trước vite). Reuse S42 enrich-pattern (string-form + convert-on-submit). NO ambiguity, full precedent.
 - **2026-06-08 (S54 ItTicket reassign → CONVERGE 2 app, REVERSE S53 divergence) [harvested by em main — agent MEMORY write mis-landed, B2/B3]:** S53 đã tách fe-admin-only (admin reassign). S54 cho tổ IT tự reassign → cả 2 app cần nút. **Pattern mới: BE capability-flag gate thay vì FE đoán role.** Dropdown đổi `GET /users` → `GET /it-tickets/assignable-staff` trả `{canReassign:bool, staff:[{id,fullName}]}` (`[Authorize]` any-auth, KHÔNG 403 → chống gotcha #44). `canReassign = staffQ.data?.canReassign ?? false` (fetch on mount, KHÔNG `enabled`) → nút Pencil bọc `{canReassign && …}`. types/workflowApps.ts +`AssignableStaff`+`AssignableStaffResult` (mirror cả 2). fe-admin rewrite (bỏ UserOption/Paged<T>) + fe-user full-add → **SHA256 IDENTICAL `4bcaf2f…`** (viết admin canonical → `cp` → verify; cùng `@/...` import + shadcn Dialog/Select/Button identical 2 app). Build PASS ×2 (0 TS err). **Gotcha (pre-existing, NOT từ change này):** types/workflowApps.ts 2 app NOT SHA-identical — fe-admin có `AttendanceReportDto` (P11-E) mà fe-user thiếu; 2 type S54 mirror đúng cả 2. Lesson: BE-computed capability flag = single-source → 2 app converge lại sau intentional divergence.
 - **2026-06-08 (S52 Task C+D-FE — ItTicket admin reassign + AttendanceReport menu, fe-admin ONLY):** Both intentional mirror-break (admin-only, NO fe-user touch, NO SHA256). **Task D-FE menu wiring:** Page+App.tsx route `/attendance/report` ALREADY exist (S52 prior). Only 2 of 4-place needed: (1) menuKeys.ts +OffAttendanceReport='Off_AttendanceReport' (mirror BE string exact, after OffChamCong) · (2) Layout.tsx staticMap +Off_AttendanceReport:'/attendance/report' (4th place gotcha #50). `types/menu.ts` = MenuNode tree type, key:string NOT typed-union → NO mirror there (resolvePath(key:string)). Leaf perm-gated via BE All[]→admin auto. **Task C reassign:** ItTicketsPage.tsx top-comment updated DIVERGES fe-user. Per-card Pencil button (cạnh 👤 assignee) → Dialog (size sm) + Select user. Users source = **GET /users {params:{page:1,pageSize:200}}→{items:UserOption{id,fullName,email}}** (reuse, proven PeWorkflows/Workflows/MeetingCalendar — `enabled:target!==null` lazy fetch). useMutation api.put(`/it-tickets/${id}/assign`,{assignedToUserId})→204 (NO json read)→invalidate['it-tickets']+toast.success+close. preselect t.assignedToUserId. UI deps: Dialog(open/onClose/title/children/footer?/size) + Select(native passthrough) + Button(variant=outline) + toast(sonner) + getErrorMessage(@/lib/apiError). Build PASS (0 err, 1945 mod). git: only 3 fe-admin file, fe-user untouched.
--- a/.claude/agent-memory/investigator-codebase/MEMORY.md
+++ b/.claude/agent-memory/investigator-codebase/MEMORY.md
@ -70,6 +70,8 @@ Bearer từ `POST api.solutions.com.vn/api/auth/login` → status matrix expecte

 ## 📅 Recent activity (FIFO — older → archive/git)

+- **2026-06-11 (S57bis lock no-op — prod user census, on-disk+prod):** ⭐ `LockDemoSampleUsersAsync` (DbInitializer.cs:1552, chạy CUỐI :98) hardcode 14 named-person email (bod.huynh/pm.nguyen/fin.do/qs.hoang…) = population CHỈ CÓ TRÊN DEV. **Prod 34 user ALL-active:** 20 UAT-matrix placeholder hand-created batch 2026-05-13 15:04-05, scheme `{act,equ,fin,hra,pm,qs}.{nv,pp,tp}@` + `bod.{1,2}@` (FullName tự khai "ACT NV - Drafter+Accounting", "[Bypass]"/"[SkipFinal]" = test Mig 29-31 flags) + 9 real staff hand-created 05-04→05-12 + `binh.lethanh@` (người thật Lê Thanh Bình — seed dùng `thanh.lethanh@` KHÔNG tồn tại prod) + `chuong.phan@solution.com.vn` TYPO-domain dup (twin đúng tạo 05-12) + admin/catalog.manager/nv.test. **ROOT CAUSE seed-user never-on-prod:** prod `Identity:Password:RequiredLength=12` (appsettings.Production.json) vs `DemoUserPassword="User@123456"`=11 chars → CreateAsync silent-fail MỌI startup từ prod-init 04-21 (code comment :1675-79 đã biết); Dev fallback 8 (DependencyInjection.cs:67 `?? 8`, Development.json no Identity section) → Dev đủ 33 user named-person. `bod.1@` NEVER in git pickaxe = tạo tay qua admin UI, không phải seed. Surprise: _Dev hiện CŨNG chưa khóa (Locked=0; LockoutEnd=MaxValue sẽ persist qua reconcile re-activate :1714 nếu từng chạy) → lock chưa từng execute against _Dev runtime. Fix cần 20 email prod-thật; GIỮ binh.lethanh + 9 real + admin/catalog.manager; `nv.test@` = creds smoke-verify (khóa = vỡ cicd smoke). Tag `[s57bis-lock-noop, prod-user-census, pwd-policy-env-divergence]`.
+
 - **2026-06-11 (S57bis PE recon — 4 đầu việc sếp, on-disk):** ⭐ PE entity NO Year, NO WorkItem link (`PurchaseEvaluation.cs:15` ProjectId req; Detail free-text `PurchaseEvaluationDetail.cs:10-13`). Create cmd `PurchaseEvaluationFeatures.cs:19-30`; MaPhieu gen-AT-CREATE `:114-116` format `PE/{YYYY}/{A|B}/{Seq:D3}` (`PurchaseEvaluationCodeGenerator.cs:23`). Main create UI = `PeWorkspaceCreateView.tsx` (:151 workflow-select isUserSelectable ĐẦU TIÊN → tenGoiThau → projectId → DiaDiem → MoTa → PaymentTerms → budget; canSubmit :129 = wf+project+ten). PE controller class-`[Authorize]` ONLY no policy → mở menu là đủ, no silent-403. Pe_* leaves NOT in `MenuKeys.All` (chỉ root :156); PE defaults 7 role × 11 key (root + 2type×{group,WfView,List,Create,Pending}) `DbInitializer.cs:2098-2160`. S57 `SeedAllRolesReviewReadPermissionsAsync:1993-2001` InReviewScope EXCLUDES Pe; extend đúng = `key == MenuKeys.PurchaseEvaluations` EXACT (prefix "Pe" sẽ dính PeWorkflows admin!) — root inherit cascade (`GetMyMenuTreeQuery.cs:49-82`). Demo gate: prod `appsettings.json:35 DemoSeed:Disabled=true` → 7 `[DEMO]` HĐ + 4 `[DEMO]` PE (MaPhieu `[DEMO]-A-001`) KHÔNG lên prod; UNGATED trên prod = 31 users + 18 demo NCC + 8 demo project (:2244-2315) + real 62/71/3 (:2329-2522). ⚠️ Clear-demo gotcha: seed re-add per-code idempotent MỖI startup → xóa DB-only sẽ resurrect, phải gỡ khỏi DbInitializer code. WorkItem write Admin-only (`CatalogsController:113-130`) — CatalogManager có menu-perm nhưng API write bị chặn. Tag `[s57bis, pe-recon, demo-inventory]`.

 - **2026-06-10 (S57 perm-broaden blocks A/B/E/F — on-disk):** ⭐ **BE AUTHZ SPLIT (decision-critical for E):** Config controllers gate WRITE behind `[Authorize(Roles="Admin")]`, READ open to any-authed: `HrmConfigsController.cs:15` class `[Authorize]`+GET open `:19-21`, all POST/PUT/DEL `Roles="Admin"`; `CatalogsController.cs:14` same (write `:23+` Admin); `MeetingRoomsController.cs:15` same (comment `:9-10` explicit). → granting FE read on Hrm_Config/Catalogs/MeetingRooms = pure UI-visibility, BE already correct. **BUT Master 3 controllers = class `[Authorize]` ONLY, no per-action role:** `SuppliersController.cs:17`, `ProjectsController.cs:11`, `DepartmentsController.cs:11` — ANY authed user can POST/PUT/DELETE via API (FE menu perm is only gate, not BE-enforced). Flag em-main: making Suppliers/Projects/Departments visible-to-all ⇒ staff can write master incl. S55 prod data unless add `[Authorize(Roles="Admin,CatalogManager")]` or per-action policy. **S55 PROD DATA location:** `SeedRealMasterDataAsync` `:2267-2460` writes to **Projects**(62, `:2270`), **WorkItems**(71=CatalogWorkItems key, `:2430-2438`), **Suppliers**(3, `:2440-2456`) — all ungated idempotent per-code. **10 departments now** (`SeedDepartmentsAsync:2104`): 9 orig + IT (`:2115`). **31 demo users** (`SeedDemoUsersAsync:1553-1609`): dept spread BOD4/PM2/CCM9/PRO6/QS2/FIN2/ACT1/EQU1/HRA2; roles = mostly Drafter/CostControl/Procurement + 1 CatalogManager (`catalog.manager@`, dept PRO, `:1608`). NO user has zero-role; every demo user authenticatable. **Inherit-root display:** `GetMyMenuTreeQuery.cs:96 HasAccess = CanRead OR Children.Any(HasAccess)` → a non-inherit root (Hrm/Off/Master) auto-shows if ANY child has CanRead, so granting leaves is enough to reveal the root node (root row itself optional for display, but grant it too for cleanliness). Inherit-roots (Contracts/Pe/Wf/PeWf) cascade root→child so root-row-only suffices there. Menu already S57-edited: `Personal` group + `Off_ChamCong` re-parent Off→Personal via `parentBackfill:1908`. Tag `[s57-perm, be-authz-split, master-write-open, s55-data, 31user]`.
--- a/.claude/agent-memory/reviewer/MEMORY.md
+++ b/.claude/agent-memory/reviewer/MEMORY.md
@ -57,6 +57,7 @@ Adversarial pre-commit reviewer SOLUTION_ERP. Read-only verify + live curl prod

 ## 📅 Recent activity (FIFO — older → archive/git)

+- **2026-06-11 (S57bis product gate — KHÔNG DELIVER, die-0-byte ×2, on-behalf em main ghi hộ, H2-proposed):** Cả 2 spawn (email-gate đầu + final gate) chết 0-byte output 0 return (resume-kill class #3, ref `feedback_agent_kill_recovery`) → em main SELF-GATE evidence-checklist: grep authz key-set + role-string vs AppRoles + Mig 49 Up/Down reversible + 240 test + Run #381 + prod smoke 401/404-control. LEARNED: output-file size=0 + im >5 phút = chết, KHÔNG đợi thêm; KHÔNG re-spawn >2 lần trong session có `--resume`. SURPRISE: khác S52 killed-with-partial — lần này 0-byte tuyệt đối (không gì recover được từ return). Tag `[s57bis, die-0-byte-x2, self-gate, on-behalf]`.
 - **2026-06-10 (S57-resume Harness-4 two-tier adopt gate — PASS-with-fixes, 0 blocker):** Gate trước send-email + commit (governance, không product code). Self-report spawn: `claude-fable-5[1m]` (reviewer = promote-list inherit → direct promote-tier evidence, em main cite được). Independent re-verify ALL GREEN: grep frontmatter = đúng 7 pin `claude-opus-4-8` + 4 `inherit` + 0 `[1m]`-in-frontmatter (2 body-text hits hợp lệ: database-agent.md:46 + README.md:9 MỚI — adap-report "match duy nhất" stale-by-own-edit) + 0 project-pin settings. Evidence track-record **8/8 REAL** vs HANDOFF/STATUS/own-memory (S51 MAJOR · S54 QTV-decoy · S53 Mig46 · S56 H2-4.5/5 + dept-IT-0-user · S57 ×3 controller +5/+5/+5 `[Authorize(Roles="Admin,CatalogManager")]` working-tree). Nấc G-011 đúng mọi chỗ load-bearing (demote = executed-file·pending-restart, 0 overclaim runtime). Fixes: hash PLACEHOLDER trước send (`nac: sent` + "SENT ✓" premature = đúng status-verb class broadcast cảnh báo) · STATUS "(runtime resolve 1M)" thiếu attribution AI_INFRA-s20 · hmw.js:91 log "same-model inherit" stale + :9 "8-agent" vs 9 roles · adap-report "(13)" vs "11" count · invalid-role typo → rơi 'opus' (fail-direction xuống vs H4.5 nghiêng-quality). **Learned:** gate adopt-governance = re-run MỌI grep claim + cross-check evidence vs HANDOFF nguyên văn; n=2 demoted spawn-test double-duty làm inherit-chain proof là HỢP LỆ (registry cached = chạy config cũ) nhưng cần phrase rõ kẻo đọc nhầm thành promote-list spawn-test. Tag [s57, harness-4, two-tier-gate, pre-send-gate, g011].
 - **2026-06-09 (S56 pre-golive authz live-curl — PASS, 0 blocker):** Live prod curl 8 new endpoints. **8/8 return 401 unauth**; admin-authed: hrm-configs/vehicles(2)+drivers(2), leave-balances/my(5 lazy), attendances/report+excel(200, 6797B xlsx) all 200; non-admin Drafter correctly 403 on the 2 Admin-only attendance endpoints. **gotcha #44 silent-403 sweep CLEAN:** capability GET /it-tickets/assignable-staff returns HTTP 200 `{canReassign:false,staff:[]}` for non-IT Drafter (NOT swallowed 403) + `{true,[]}` admin — handler returns flag, doesn't throw (`WorkflowAppsFeatures.cs:466`). assign-mutation guard fail-closed (:504). E2E: GET /projects payload has all +4 fields (70/70), CAL01 Investor live. Off_AttendanceReport menu key in admin /menus/me. **1 MINOR (non-block, defense-in-depth):** PUT /it-tickets/{id}/assign checks NotFound BEFORE Admin-OR-IT Forbidden (`WorkflowAppsFeatures.cs:496-508`) → existence-oracle leak; mutation itself fail-closed → post-golive hardening only. Tag [s56, pre-golive-verify, authz-clean, gotcha44-clean, notfound-before-forbidden-minor].

--- a/.claude/agent-memory/tooling-auditor/MEMORY.md
+++ b/.claude/agent-memory/tooling-auditor/MEMORY.md
@ -30,3 +30,4 @@ H1 tooling-freshness auditor **SOLUTION_ERP-self**. Read-only + **propose-only**
 - **2026-06-10 (S57-RESUME @start RE-REPORT):** Re-audit 4-mặt với 16-file dirty (S57-interrupted). ①SKILL PASS 6+23; 3 skill-doc dirty verified ĐÚNG (ef-core:72/:280/:289 · dep-audit:153 · skills/README:90); permission-matrix = conditional closeout (S57 đổi seed model). ②ROSTER DRIFT-residual: dirty README:192(9)+:201(11)+hmw.js(9) đúng+nhất quán, NHƯNG catch MỚI `ultra-on.md:23-24` VALID_ROLES "8 sub" thiếu database-agent (floor-doc README:197 trỏ tới!) + `session-start.md:37/:44-54` "10-agent"+list 9 tên thiếu frontend-designer+database-agent +:40 gotcha (55)→58 — commands/*.md TRƯỚC GIỜ NGOÀI radar grep roster → thêm vào checklist mặt-② vĩnh viễn. **Em main PATCHED cả 2 ngay trong session** (ultra-on→9-sub + session-start→11-agent list đủ + 58). ③PLUGIN PASS 18/15/3 identical, marketplace 35, 0 new. ④DOCS: root+docs CLAUDE.md SẠCH (fix từ S56 a62e797, KHÔNG phải monthly-pending) → HANDOFF:24 backlog-item = stale-contradiction tự mâu thuẫn HANDOFF:17 — backlog coords PHẢI re-verify trước khi tin (3/5 coords HANDOFF:121 cũng đã obsolete). S57 invisible STATUS/HANDOFF = P1 closeout debt. Verdict 8 file .claude: 5 tooling COMMIT-AS-IS; 3 MEMORY → H2 verified OK. Tag [s57-resume, 4-mat, ultra-on-catch, stale-backlog-coords].
 - **2026-06-10 (spawn-test H4.8 — Harness-4 two-tier):** Mình bị DEMOTE pin `model: claude-opus-4-8` (checklist-class, mirror AI_INFRA demote con tương đương). Spawn-test echo model NGAY sau edit → self-report `claude-fable-5[1m]` = SE env (CCD harness) KHÔNG fresh-read frontmatter → pin ăn SAU restart CLI. Post-restart mình chạy Opus 4.8 (Max giữ nguyên env-wide) — nếu thấy verdict-quality tự giảm rõ → báo em main adap-request promote lại. Tag [h4-demote, spawn-test, pending-restart].
 - **2026-06-11 (S57bis @start RE-REPORT + spawn-test post-restart ✅):** Self-report nguyên văn `claude-opus-4-8[1m]` ("Opus 4.8 (1M context)") → **demote-pin ĂN runtime** (đóng 'pending-restart' entry trên) + `[1m]` 1M-resolve SE tự verify (hết lệ thuộc claim AI_INFRA s20). 4-mặt **ALL-PASS 0 drift mới** — 29 file dirty = Harness-4 closeout hợp lệ: ①3 skill-doc diff = freshness-fix đúng (48 mig/93 bảng/58 gotcha) ②roster 11=11=11, frontmatter grep = 7 pin + 4 inherit, 0 `[1m]` frontmatter ③plugin 18/15/3 identical, 0 new-alloc ④STATUS diff hợp lệ + 3 untracked governance đúng nấc → đề xuất promote PENDING-RESTART→runtime-verified (em main đã thực hiện cùng session). Carry-flag: docs/CLAUDE.md gotcha "(55)"→58 (defer monthly 07-01) · schema-diagram §16+ 14-mig ERD debt. Demote-watch data-point #1: verdict-quality trên Opus 4.8 tự đánh giá CHƯA suy giảm. Tag [s57bis, spawn-test-verified, 4-mat-pass, demote-watch-1].
+- **2026-06-11 (post-S57bis @start RE-REPORT — count-drift S57bis CHƯA flush docs):** Working tree 2 dirty (cicd MEMORY +Run#381 · gotchas.md +#59) — S57bis code đã COMMIT (dd117b7+17b23a4 push). 4-mặt: ①SKILL 6+23 unchanged; ef-core SKILL STALE 4 cite "48"→49 (:3 desc · :19 H2 "48 migration hiện có" · :72 "§16+ Mig 27-48"→27-49 · :280 "48 migration") + :280/:289 "93 bảng" giữ (Mig 49 AddColumn-only no new table — KHÔNG đổi); skills/README:20 "48 migration"→49 + :90 "58 bẫy/#58"→59; dep-audit:153 "58 bẫy"→59. ②ROSTER **CLEAN 11=11=11** (disk/README/STATUS); model-tier frontmatter grep = **4 inherit (database-agent·harvest-curator·investigator-codebase·reviewer) + 7 pin claude-opus-4-8** ✅ khớp two-tier H4 chính xác. ③PLUGIN **CLEAN 18/15/3 identical** (3 OFF: pr-review-toolkit·code-modernization·hookify), 0 new-alloc. ④DOCS **MAJOR data-row drift**: STATUS row :24 sub-agent ĐÃ cập runtime-VERIFIED 06-11 NHƯNG data-rows CHƯA: :14 Mig "48"→49 · :20 Tests "228"→240 · :21 Gotchas "58"→59 · :27 bundle (S57bis FE-touched nhưng session-log KHÔNG ghi hash mới → CP4CB1ym/BmZ3VHnm anh-cite KHÔNG verify được, grep 0 match) · STATUS:38 In-Progress "(none S56)" stale (S57+S57bis shipped). HANDOFF:5 Last-updated 06-09 S56 + thiếu HẲN S57/S57bis section. Root CLAUDE.md:53 "48 mig"→49 · :66/:87 "228"→240 · :133 "58 bẫy"→59. **Method-learning:** test attr-count disk=225 (`[Fact]/[Theory]`) NHƯNG authoritative=240 (S57bis log :14 "228→240"; Theory expand runtime → KHÔNG dùng attr-count làm count, tin session-log/test-run) · bundle-hash anh-cite phải verify từ session-log/cicd-MEMORY trước khi tin (S57bis log không ghi → flag "unverified" KHÔNG copy). Top-5 patch propose → em main APPEND. Tag [post-s57bis, 4-mat, count-drift-flush-pending, bundle-hash-unverified].