[CLAUDE] Docs: adopt User-Mark (H-12/13 canonical §P) + Harness-14 + RC-signature (S79)

Áp canonical §P đầy-đủ (P1-P10) khi anh gõ /user-mark-active-high "áp đầy-đủ
chính-xác nhất theo AI_INFRA". 0 production code.

- 4 lệnh /user-mark-{active-high,active,medium,disable} (DACI report-before-stamp)
- ledger .claude/governance/ACTIVE-MARKS.md (4 cấp Active-High/Active/Medium/Disable
  + display-filter) + 3 mark Active-High stamped anh-confirm
  (RC-pqhuy1987-20-06-2026-10-29-09/10/11 = objective-criteria/User-Mark/time-age)
- harness-11-engine.md §E (P1-P10) + §F (Harness-14 3-mức maturity honest)
- rules.md §6.6 objective-criteria (KHÔNG quy-mô-đội / KHÔNG thời-gian-tuổi)
- session-start §2.1.4 + session-end §L.b(h) mark-display
- 4 Workflow: invest wf_82337f7f-95c + review wf_a7cbe93e-912
  + align-re-review wf_9d3beebb-a95 (§P 10/10) + H14-review wf_4d4eba6f-8a0 (§F 6/6)
- completeness-gate H-6→H-13 ĐẠT (H-8 11/11 inherit no-[1m])
- 3 adap-report + email ai_infra (7b8615b3) + check-email STAGE 2

State THẬT GIỮ NGUYÊN: Mig 57 · 88 bảng · 354 test · gotcha 71 · bundle CsJetgZH/BVS0ApIm.
Restart CLI để activate 4 lệnh + session-cmd (no hot-reload).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

.claude/agent-memory/investigator-codebase/MEMORY.md

@@ -70,10 +70,14 @@ Bearer từ `POST api.solutions.com.vn/api/auth/login` → status matrix expecte
 
 ## 📅 Recent activity (FIFO — older → archive/git)
 
+- **2026-06-20 (governance-landing map for RC-sig + User-Mark H12/13 + objective-criteria, on-disk):** ⭐ **WHERE-to-land 3 AI_INFRA gov broadcasts.** Key files: `docs/governance/harness-11-engine.md` = CANONICAL engine (PHẦN A/B/C/D + CAVEAT; line5 "doc khác TRỎ về đây KHÔNG copy luật"; D5/D6/D7/D8 safety-tier line62-72; D7 OWNER-APPROVE line69; D9 single-writer line73; D10 "Bash residual chưa block cứng" line74; CAVEAT no-OS-hook line80). `error-ledger.md` = §L.a action-sig table AS-1..AS-13 + §L.b 7-step + Active-Guards 2-strike; **3-ledger triad** README.md:6 (error/comms/summary by FUNCTION). adap-report FORMAT = `adap-reports/YYYY-MM-DD-<Topic>.md` frontmatter(id/from/applied_by/nac/project_fit/source_content_sha256)+VERDICT/Nấc-table/Tailoring/Honest-caveats/Reverse-findings/Evidence(run-id) — richest template = `2026-06-18-Governance-harness-11.md`. rules.md §6=Docs/gov-discipline (§6.4 audit-cadence/§6.5 consolidate-KEEP-vs-CUT) → objective-criteria → NEW §6.6. session-start §2.1.3 (line83-88 H11-detector) = EXACT precedent for per-session gov-surface → mark-list-display START = NEW §2.1.4. session-end §L.b(c) (line48 archive-gate+sleep) → mark-list END. **RECs:** RC-sig+4-tier → NEW section in engine.md (REUSE file, after PHẦN D); decision-mark ledger → **NEW `docs/governance/decision-marks.md`** sibling error-ledger (forward-registry ≠ reactive-RCA). **CONFLICT: report-before-stamp ⊂ D7 already** (owner-approve exists) — extend D7 not duplicate (else C3 vocab-fork). 2-channel enforce already empirical: E-006/AS-10 + CAVEAT "hook fails-open, permission-config strip = real gate". Tag `[gov-landing-map, rc-sig, user-mark-h12-13, decision-marks-new-file, report-before-stamp-subset-d7, objective-criteria-rules-6-6]`.
+
 - **2026-06-19 (S76 P2+P3 — budget-edit-role BADGE insert-point map, designer+fe-user-flow, on-disk):** ⭐ **Display-only "✎ NS PRO/CCM" badge per approver — BE change = SMALL both DTOs.** **(A) Designer fe-admin `ApprovalWorkflowsV2Page.tsx`:** read-only render `DefinitionCard:446-454` (level group → approver `{approverUserName}` + `({approverEmail})`); DTO `LevelDto:37-54` (approverUserId/userName/email + 7 Allow* flag, **NO role/dept field**). Feed = `GetAwAdminOverview` (`/approval-workflows-v2`). **Insert badge → `:447-452`** cạnh `approverUserName`. **(B) fe-user `PeDetailTabs.tsx`:** approvalFlow render `LevelOpinionsSectionV2:588` (signed-only) — но live flow tree = `currentApproval.approvers` :131 + Panel3 separate. `PeApprovalFlow` DTO `purchaseEvaluation.ts` + BE `PurchaseEvaluationApprovalLevelApproverDto` (`PurchaseEvaluationDtos.cs:129-132` = UserId/FullName/Email, **NO role**). **(C) Role-resolve for LIST userId:** codebase uses `userManager.GetRolesAsync(u)` (per-user, N+1 risk) OR `GetUsersInRoleAsync(role)` (reverse, `PeUrgentFeatures.cs:74`). `IApplicationDbContext` exposes `DbSet<Role> Roles` :29 but **NO UserRoles join-table DbSet** → efficient batch = either (a) `userManager.GetUsersInRoleAsync(Procurement/CostControl)`→2 HashSet<Guid>, mark approver if id∈set (NO N+1, 2 queries total); or (b) add `DbSet<IdentityUserRole<Guid>>` to interface for join. **BE build site `PurchaseEvaluationFeatures.cs:964-972`** already batches `approverInfos` via `userManager.Users.Where(Contains(allApproverIds))` — extend SELECT or post-join 2 role-sets here; handler has both `db`+`userManager` :750-751. **(D) Change size = SMALL:** +2 bool field (canEditProBudget/canEditCcmBudget) per approver DTO + 2 GetUsersInRoleAsync calls. Designer side: `GetAwAdminOverview` query needs same 2-set lookup (admin-only, cheap). Gate semantics ALREADY proven `:800-801` (canEditPro=Admin||Procurement, canEditCcm=Admin||CostControl). **(E) REC:** minimal = compute 2 HashSet once (proFans/ccmFans via GetUsersInRoleAsync), pass into approver-DTO map both sites; badge = pure display `id∈proFans→"✎ NS PRO"` `id∈ccmFans→"✎ NS CCM"`. RISK low (display-only, no authz touch) — only watch: a user can hold BOTH roles → show both badges; Admin holds neither role explicitly unless seeded → may need OR Admin note. Tag `[s76, budget-role-badge, designer+pe-flow, getusersinrole-batch-no-n1, approver-dto-add-2bool, display-only]`.
 
 - **2026-06-19 (PE Block-A budget editable-gate audit — submission-count lock NEXISTS, on-disk):** ⭐ **Gate = PURE ROLE, KHÔNG phase, KHÔNG số-lần-trình.** BE `PurchaseEvaluationFeatures.cs:800-801` `canEditPro=isAdmin||Procurement` · `canEditCcm=isAdmin||CostControl` (DTO arg :856). Handler `PeWorkItemBudgetFeatures.cs`: PRO `:86-91` CCM `:152-157` fail-closed ForbiddenException role-only TRƯỚC side-effect; comment `:18-20` ghi RÕ "KHÔNG ràng Phase (bảng NS = tài-liệu-sống chỉnh bất-kỳ-lúc-nào như Excel)". Validator chỉ `>=0` (Initial :136, Adjustment cho-ÂM :138), absolute-set null=clear. **FE `PeDetailTabs.tsx:1060 PeBudgetSummaryTable`:** ô "Ban hành lần đầu" :1173 + ô "hiệu chỉnh V0" :1188 dùng **CÙNG biến `bs.canEditCcm`** — ZERO phân-biệt 2 ô, ZERO lock-after-first. `drafterEditable:1066`=`!readOnly&&isEditablePhase` chỉ áp row3/row8 (drafter NS-kỳ-này), KHÔNG áp Block-A. **(b) submission-count lock = KHÔNG TỒN TẠI:** grep `submitCount|lanTrinh|firstSubmit|lockInitial|hasSubmitted|soLanTrinh` toàn `src/Backend`=0 + FE=0. Entity `PeWorkItemBudget.cs` 6 field plain, KHÔNG cờ `IsInitialLocked`/`SubmitCount`; record per-cặp(Project×WorkItem) share mọi phiếu KHÔNG track lần-trình. **Kết luận: yêu-cầu chị Trà/anh Kiệt (khóa Initial sau lần-trình-đầu, mở Adjustment) = FEATURE MỚI — cần field track first-submit-done + TÁCH gate 2 ô (Initial vs Adjustment), HIỆN cùng `canEditCcm` không tách được.** Tag `[pe-block-a-gate, role-only-no-phase, submission-count-lock-NEXISTS, initial-vs-adjustment-same-gate, fdc-feature-new]`.
 
+- **2026-06-20 (Harness-14 Eval/Budget/Outcome adoption-readiness audit, on-disk):** ⭐ H-14 rule = time/age/recency-decay KHÔNG được làm căn-cứ cắt feature (cùng họ lỗi team-size). **(1) BUDGET ALIGNED:** `memory-budget.json` grep decay|recency|retention|age|TTL|expire=**0 hit**. Params = `autoinject_cap 25600`/`soft_cap 30720` (L1) · `archive_gate{low_watermark_ratio 0.85, keep_floor_entries 5, strike_threshold 2}`. `keep_floor=5` = **newest-entry-protection** (gate-script `:144` `entryCount - keepFloor` drains OLDEST keeps newest N — KHÔNG age-window). Cap = **seed-by-MEASURE** (`_note:2` "SEEDED BY MEASUREMENT NOT imagined headroom" + `scripts/measure-agent-memory.ps1` real-bytes), bump-not-cut khi curate drops markers. Hysteresis drain-to-BELOW-low-water (`gate:33`). ✅ fully H-14-aligned, zero forbidden knob. **(2) BASELINE-DRIFT ALIGNED:** `governance-detectors.ps1` staleness = **CANONICAL-ANCHOR vs docs/STATUS.md** (`Get-StatusValue:133` parse `| label | **N** |`) + **disk cross-check** (`:164-194` mig=count .cs · gotcha=max `### N.` anchor; flag if canonical-itself-stale) — ZERO age-window. `memory-archive-gate.ps1` over-cap = byte-MEASURE+2-strike-hysteresis (`:106 bytes>cap`), A7 = substring-pointer-resolve. Neither uses time. **(3) EVAL = GENUINE (not a gap!):** SE HAS RAG golden-set harness — `eval/golden-set-solution_erp.jsonl` (14 q: 11 pos + 3 neg) + `eval/evaluator.md` (Spec-A strict recall@5 gate 0.7, rerank≥0.7) + `eval/trial-state-lock.json` (baseline recall@5=1.0, chunk-drift 5% threshold) + `eval/runs/*.json`. BUT: weekly-Friday manual (`evaluator.md:88`), no scripts/ automation, RAG re-index AI_INFRA-owned. Honest nuance: harness EXISTS (richer than expected) but NOT auto-run. **(4) OUTCOME PARTIAL:** anti-downgrade rule EXISTS as Harness-8 "all-inherit, chất-lượng-trên-chi-phí, 'nhanh'=parallelism KHÔNG hạ-model" (`agents/README.md:12` + adap-report `2026-06-16-...harness-8:18,42,65`). BUT phrased as model-tier policy, NOT a generic "downgrade-to-save-tokens=forbidden" rule; `docs/rules.md` has NO such rule (grep 0). em-main must author H-14-specific knobs only if wanting explicit "age≠cut-basis" doctrine — mechanisms already structurally compliant. Tag `[harness-14, budget-no-decay-knob, canonical-anchor-not-age, eval-genuine-richer, anti-downgrade-h8-partial]`.
+
 - **2026-06-18 (PE price-model recon FDC "Giá chào thầu" PRO-Min/Max + CCM-proposed, on-disk):** ⭐ **"Giá chào thầu" mục c = DERIVED, KHÔNG stored column** = `WinnerQuoteTotal` = SUM(Quote.ThanhTien WHERE supplierRows==SelectedSupplierId). Computed 3 nơi đồng-predicate: submit-guard `PurchaseEvaluationWorkflowService.cs:188-192` · detail-GET `PurchaseEvaluationFeatures.cs:818-826`(→`CurrentProposalTotal`) · CEO-threshold `:833`. DTO `WinnerQuoteTotal` `PurchaseEvaluationDtos.cs:244`. **ALL money fields:** Quote(NCC) `BgVat/ChuaVat/ThanhTien` decimal non-null `PurchaseEvaluationQuote.cs:12-14` · PE-header `BudgetPeriodAmount`(row3 drafter)/`ExpectedRemainingAmount`(row8) decimal? `PurchaseEvaluation.cs:40-41` · PeWorkItemBudget(per cặp Project×WorkItem) PRO `ProEstimateAmount:27` + CCM `InitialAmount`/`AdjustmentAmount`(ÂM-OK) `:29-30` decimal? · Detail dự-toán `KhoiLuong/DonGia/ThanhTienNganSach` `PurchaseEvaluationDetail.cs:15-18`. **PRO-min/max + CCM-proposed = KHÔNG tồn-tại** (grep Min|Max|Proposed|Suggest|BidPrice|GiaChaoThau PE-entities=0) → field MỚI. **Role-gate mirror-được (`PeWorkItemBudgetFeatures.cs`):** 2 cmd tách `UpdatePeBudgetProCommand:61`+`UpdatePeBudgetCcmCommand:126`; handler fail-closed `ForbiddenException` TRƯỚC side-effect — PRO `:86-91`(`Admin||Procurement`) CCM `:150-155`(`Admin||CostControl`); capability-flag BE-computed `canEditPro/canEditCcm` `PurchaseEvaluationFeatures.cs:783-784`→DTO `PeBudgetSummaryDto:290-291`; auto-create race-safe `PeWorkItemBudgetEnsurer.EnsureTrackedAsync:34`; KHÔNG ràng Phase. NO AutoMapper (DTO project tay). **FE (fe-user `src/`; fe-admin PeDetailTabs.tsx = SHA-identical `diff -q`):** mục-c `components/pe/PeDetailTabs.tsx:1406-1417`(helper `computeGiaChaoThau` def:71 call:1393) · budget-table `PeBudgetSummaryTable:1062-`(rows:1110-1128, host `ChonNccSection:1383`) · giá-gói+CEO-threshold `:311-313` · create `PeWorkspaceCreateView.tsx` · header `PeHeaderForm.tsx`. FE type `types/purchaseEvaluation.ts` `PeBudgetSummary:292-307`+`winnerQuoteTotal:445`. ⚠️ fe-admin types DIFFER (sync cả 2). **Surprise:** PRO-Min/Max-chốt + CCM-proposed = semantic MỚI (giá-người-duyệt ≠ giá-NCC-báo); gắn PeWorkItemBudget(per-cặp role-gate-sẵn) vs column-PE(per-phiếu) = em-main quyết. Mig 53 CeoApprovalThreshold+cờ-gấp đã có khung CEO-duyệt-theo-ngưỡng. Tag `[pe-price-model, gia-chao-thau-derived, pro-minmax-ccm-proposed-NEW, role-gate-mirror, fdc]`.
 
 - **2026-06-18 (S71 PART-C audit — run-trace vs checklist-v2 FLAT + detector-refine, on-disk):** ⭐ **2 GAP THẬT (trung-thực, không inflate):** (1) **C1/C2/C8 = SUBFOLDER, canonical-v2 = FLAT → migration NEEDED, chưa làm.** `find runs/` cho thấy MỖI run-folder có `sub-md/`+`harvest/` SUBDIR (5 run: h10-{invest,implement,review}+h910-{finalize,curate}) — đúng cấu-trúc CŨ broadcast-delta phát-bỏ. ZERO flat-awareness: grep `phẳng|flat|cùng cấp` trong `.claude/workflows/`+`.claude/commands/`=0 hit. SE-adoption-commit `8c47bd0`(06-18) TRƯỚC broadcast-flat cùng-ngày → SE chưa biết. README/hmw.js/session-end đều mô-tả subfolder. C8 dual-form-acceptance close-gate cũng chưa. (2) **REFINE(b) detector = MISSING HOÀN-TOÀN.** `find .claude -name *.js/*.ps1`=CHỈ `hmw.js`(=engine ≠ detector). `.claude/hooks`+`.claude/scripts` KHÔNG tồn-tại. Repo-wide grep `bypass|scan.*runs` script=0. SE KHÔNG có bộ-dò chống-lách-engine → 3-function (whitelist/path-variants/launch-key-anchor)+relation-acceptance = n-a. **MET (đừng nhạ oan):** C3 committed THẬT — `git check-ignore runs`=exit1(NOT-ignored)+`git ls-files runs`=22 file (cả hai nấc). C4 per-turn real (`invest-synthesis.md` 43-dòng). C5 3-layer wired: L1 README:51(convention em-main) · L2 `session-start.md:71` orphan-scan `runs/*/` closed=⏳+harvest-rỗng · L3 `session-end.md:51` close-gate idempotent 5-trục. C6 ledger 2-beat (`_ledger.md:7`, 5 run đều CLOSE-beat+wf_). C7 caveat present (README §69-73 no-overclaim/fragile/G-015 TRACKED≠enforced). ⚠️ sub-md/ chỉ `.gitkeep` (read-only sub→em-main scribe, design KHÔNG phải miss). Tag `[s71, part-c-audit, subfolder-not-flat, detector-MISSING, c3-committed-real]`.

.claude/agents/README.md

@@ -13,6 +13,7 @@
 > **Upgrade S70 (2026-06-17 — Harness-9 L2-recovery + adap 2-workflow adopt):** **(1) PROCESS-mandate 🔴 BẮT BUỘC (PART 2/3, áp MỌI adap từ nay):** mỗi adap 1 Harness = **2 workflow tách biệt** (IMPLEMENT + REVIEW double-check RIÊNG) + REPORT về AI_INFRA kèm **run-id** bằng chứng; task ngắn-nhưng-cần-confirm VẪN phải review-workflow. Codify `.claude/commands/adap-apply.md`. **(2) L2 dark-matter recovery (PART 1, tailored):** archive `agent-memory/<sub>/archive/*.md` KHÔNG vào RAG → build `archive/_INDEX.md` (mục-lục 1-dòng/bản-ghi + con-trỏ **substring** sha-keyed, fallback Ctrl-F, KHÔNG line-hint) + `<period>.gist.md` (nén 4-field ADDITIVE, `distill-gen` counter, verbatim FROZEN) + `memory-budget.json` (seed-by-measure qua `scripts/measure-agent-memory.ps1`) + budget-audit @session-start (§2.1.2) + `.ragignore` guard. Rollout S70 (đầy-đủ-nhất, stage investigate→implement→audit qua 3 Workflow run-id): 4 over-cap sub (cicd-monitor · investigator-codebase · reviewer · implementer-backend). adap-report `2026-06-17-Governance-harness-9-l2-recovery-and-adap-workflow.md`.
 > **Upgrade S72 (2026-06-18 — Harness-10 flat-refine + checklist-v2 adopt):** run-trace SUBFOLDER→**FLAT** (file phẳng cùng cấp: `sub-<role>-<i>.md` raw + `<stage>-synthesis.md` verified, KHÔNG `sub-md/`/`harvest/` subdir) — `hmw.js` (`:103` subMd path) + `workflows/README` + `runs/README` + session-start/end + decision-tree (dòng dưới) repoint. **C8 migration:** 5 run cũ S71 GIỮ subfolder (đừng rewrite history); close-gate dual-accept cả hai dạng. **+`/sleep-recovery-memory-l2`** (đóng A8 — port §J2-tailored SE-only: sleep-compress L2 gist additive, INFORM-only ≥7d). **Anti-bypass detector (refine b): TAILORED-OUT** — SE dùng Anthropic Workflow tool (no CLI-launcher bypass-surface), containment = git-diff + run-folder TRACKED + ledger orphan-scan (G-015). 3 run-id bằng-chứng: audit `wf_13868efb-ea7` · implement `wf_ac43b5ff-7d1` · review (pending). adap-report `2026-06-18-Governance-harness-10-flat-refine-checklist-v2.md` (pending).
 > **Upgrade S75 (2026-06-18 — Harness-11 engine bộ-nhớ-và-governance TỰ-BẢO-TRÌ adopt):** engine tự-DÒ toàn-diện (luôn tươi báo cờ) + AUTO chỉ semantic-null git-diff + **single-writer bar-KHÔNG-hạ (D9)** + đổi-luật owner-approve (D7). 🔑 Canonical → [`docs/governance/harness-11-engine.md`](../../docs/governance/harness-11-engine.md) (**KHÔNG copy luật ở đây — B1 dogfood**). Artifact MỚI: `scripts/governance-detectors.ps1` (C1 broken-pointer + C2/B3 staleness + C3 vocab-fork + C4 self-exclusion, NO-API DÒ+FLAG-only, **runtime-proven** bắt drift root CLAUDE.md mig53→55 + 0 self-match; số flag động → run-trace) + `scripts/memory-archive-gate.ps1` (PHẦN A hysteresis 0.85/keep-floor 5/2-strike/A7 NO-API L1-eval) + budget.json `archive_gate`. 3-tier D5(AUTO)/D6(DÒ+FLAG)/D7(owner-approve) + one-direction-lock D8 (canonical→derived) codify ở engine-doc. Cadence wired: D1 session-start §2.1.3 (chạy detector) · D2 session-end §L.b(c) (archive-gate). Áp qua workflow: audit `wf_7fdc3bd5-930` + implement `wf_c5e5844e-7c1` + review `wf_d7ca1ff8-942` + double-check `wf_a0b68d2f-30e`. adap-report `docs/governance/adap-reports/2026-06-18-Governance-harness-11.md`.
+> **Upgrade S79 (2026-06-20 — User-Mark H-12/13 canonical §P + Harness-14 Eval/Budget/Outcome adopt):** áp **canonical §P đầy-đủ** (P1-P10) khi anh gõ `/user-mark-active-high` "áp đầy-đủ chính-xác nhất theo AI_INFRA". Artifact: **4 lệnh** `.claude/commands/user-mark-{active-high,active,medium,disable}.md` (DACI report-before-stamp) + ledger `.claude/governance/ACTIVE-MARKS.md` (4 cấp Active-High/Active/Medium/Disable + display-filter) + `harness-11-engine.md §E` (cơ-chế P1-P10) **+§F** (Harness-14 3-mức maturity) + `rules.md §6.6` (objective-criteria: KHÔNG quy-mô-đội / KHÔNG thời-gian-tuổi) + session-start §2.1.4 / session-end §L.b(h) mark-display. **3 mark Active-High stamped** anh-confirm S79 (`RC-pqhuy1987-20-06-2026-10-29-09/10/11`). completeness-gate H-6→H-13 ĐẠT (H-8 11/11 inherit no-`[1m]`). 4 workflow: invest `wf_82337f7f-95c` + review `wf_a7cbe93e-912` + align-re-review `wf_9d3beebb-a95` + H14-review `wf_4d4eba6f-8a0`. ⚠️ restart CLI (lệnh/session no hot-reload). adap-report 3× (`…rc-signature` + `…harness-all-update` + `2026-06-20-Governance-harness-14`).
 
 ---
 

.claude/commands/session-end.md

@@ -42,7 +42,7 @@ Em main PHẢI echo **TOÀN BỘ nội dung command body này** (đầy đủ Ph
 
 **§L.a — Deterministic detect (scan action-signature, KHÔNG để AI tự-phán):** quét session theo bảng **AS-1..AS-9** trong error-ledger. Mỗi hit → 1 RCA entry blameless (5-why + fix + guard). **Bug-production = lỗi KÉP → 2 fix** (vá code **VÀ** vá guard/eval-case). List AS mở — gặp class mới thì thêm.
 
-**§L.b — 7-step auto-maintain (đủ 7, KHÔNG skip — thiếu = ledger thối). (d)(f) = H2 harvest-curator · (g) = H1 tooling-auditor (2026-06-07 Harness 1):**
+**§L.b — 8-step auto-maintain (đủ 8, KHÔNG skip — thiếu = ledger thối). (d)(f) = H2 harvest-curator · (g) = H1 tooling-auditor (2026-06-07 Harness 1) · (h) = User-Mark H-12/13 (S79):**
 - **(a) summary-index** += 1 dòng/session vào `STATUS.md` Recently Done (pointer, KHÔNG full-log).
 - **(b) Active-Guards** (error-ledger): promote guard **2-strike** (episodic→procedural) · mark `verified` nếu held qua session · retire theo **net-effect** (hại>lợi → gỡ).
 - **(c) chore-flag:** agent L1 >~30KB → archive L2 · error-ledger open-entry quá ngưỡng · **0-byte memory check (AS-8)** · **🌙 sleep-check (Harness-10b, S72):** `last_sleep_at` null hoặc ≥7d (`memory-budget.json`) → INFORM gợi-ý `/sleep-recovery-memory-l2` (KHÔNG auto-run) · **🗜️ Harness-11 A/D2 (S75):** chạy `powershell.exe -ExecutionPolicy Bypass -File scripts/memory-archive-gate.ps1` (DRY-RUN) → đề-xuất dồn-archive sub over-cap (A4 hysteresis 0.85 + A5 keep-floor 5 + A6 2-strike) + A7 NO-API L1-eval (pointer-resolve + byte-0-loss). Engine → [`docs/governance/harness-11-engine.md`](../../docs/governance/harness-11-engine.md). DRY-RUN báo kế-hoạch; MOVE thật do em-main (D5 AUTO semantic-null sau khi xem).
@@ -50,6 +50,7 @@ Em main PHẢI echo **TOÀN BỘ nội dung command body này** (đầy đủ Ph
 - **(e) pending-request audit:** request anh CHƯA-thực-thi đã log SPECIFICS chưa (KHÔNG placeholder).
 - **(f) 🌾 harvest-integrity GATE (⬜ harvest-curator H2 — 5-trục, Harness 1+2):** verify spawn-record (d) đủ+đúng mọi sub TRƯỚC khi đóng — **Coverage** (0 silent-miss) · **Completeness** (đủ 4-field) · **Placement** (delta đúng `agent-memory/X`) · **Corruption** (moved-not-cut, no-mojibake/shell-baked) · **Fidelity-FLAG** (nghi bịa/on-behalf → escalate 🟥 reviewer, KHÔNG tự phán). + **🌊 close-gate C5 Layer3 (Harness-10, thay B5 wave-gom):** với MỌI `runs/<run-id>/` của session → **VERIFY per-turn harvest đã xong** (em-main đã viết `runs/<run-id>/<stage>-synthesis.md` phẳng h10-refine — run cũ S71: `harvest/*.md` — NGAY sau mỗi fan-out turn = C4 Layer1) + `_ledger.md` mọi run đã CLOSE-beat (closed≠⏳). 🔴 **IDEMPOTENT — close-gate chỉ VERIFY, KHÔNG re-APPEND** (per-turn đã APPEND rồi → re-APPEND = DUPLICATE-HARVEST). 5-trục GATE giữ làm **backstop**. GATE = run còn `*-synthesis.md` vắng (run cũ S71: `harvest/` rỗng — C8 dual-accept) HOẶC chưa đủ 5-trục thì CHƯA đóng.
 - **(g) 🔌 tooling-freshness CHỐT (🟫 tooling-auditor H1 — Harness 1):** spawn → chốt 4-mặt (skill·sub-role·plugin·docs) đổi gì session này + **new-alloc audit** (skill/plugin MỚI chưa phân-bổ → đề-xuất gán em main + sub phù-hợp vai) + flag doc-drift/roster-lệch/count-stale. Propose → em main APPEND/sửa doc (single-writer). 🔴 G-015: 2 monitor = propose-only, em main VERIFY trước APPEND (Bash residual → KHÔNG "read-only enforced").
+- **(h) 🔏 User-Mark CHỐT cuối phiên (H-12/13 canonical §P/P7, S79 — `harness-11-engine.md §E`):** đọc [`.claude/governance/ACTIVE-MARKS.md`](../governance/ACTIVE-MARKS.md) → (i) **hiển-thị** status-filtered (Active-High/Active hiện · Medium tóm-tắt · Disable ẩn) cho anh đọc lại (đối-xứng `session-start §2.1.4`); (ii) nếu session này có **quyết-định cấp-governance MỚI** (scope-check P6: đổi CANONICAL §-rule/authority) → chạy `/user-mark-<cấp>` DACI: adjust-gov → double-check → **report-trước-đóng-dấu 3-7 tiêu-chí khách-quan (P4)** → anh confirm → stamp `RC-pqhuy1987-dd-mm-yyyy-hh-mm-ss`; (iii) supersede/disable mark cũ (P5) → con-trỏ-xuôi + Active-High cần anh-confirm RIÊNG. 🔴 **KHÔNG tự đóng dấu / đổi cấp trước khi báo (P4/P8).** 0 quyết-định-mới → "n-a, chỉ hiển-thị".
 
 ## Phase 2 — WRITE (update MD/RAG)
 

.claude/commands/session-start.md

@@ -87,6 +87,14 @@ Em main xác nhận **lead model resolve được** đầu session. Lead SE = **
 - Chạy `powershell.exe -ExecutionPolicy Bypass -File scripts/governance-detectors.ps1` → báo cờ: **C1** con-trỏ-gãy (gotcha#/wikilink) · **C2/B3** derived-doc stale vs `docs/STATUS.md` canonical (mig#/test#/gotcha#/table#) · **C3** vocab-fork (1-khái-niệm-nhiều-tên). NO-API, **DÒ+NÊU-CỜ-only KHÔNG tự sửa** (D6 tầng). Cờ → em-main soạn bản sửa (gated B4).
 - Nấc: detector = LƯỚI giảm-sót (khoảng-mù giữa 2 nhịp), count-token soft-net có false-pos (sev LOW khi |lệch|<10) → đọc cờ bằng phán-đoán, KHÔNG auto-fix. **Light/hỏi-đáp session → có thể skip; governance/doc-heavy session → nên chạy.**
 
+### 2.1.4 User-Mark display — hiển-thị sổ-cái mark ĐẦU phiên (H-12/13 canonical §P/P7, S79)
+
+> Floor User-Mark (🔴 P7 `harness-11-engine.md §E.4`): danh-sách quyết-định-mark hiển-thị đầu + cuối mỗi phiên cho anh đọc lại. Canonical sổ-cái → [`.claude/governance/ACTIVE-MARKS.md`](../governance/ACTIVE-MARKS.md). INFORM-only.
+
+- Đọc `.claude/governance/ACTIVE-MARKS.md` → **báo status-filtered (P7):** 🔴 **Active-High** + 🟢 **Active** HIỆN rõ (ID + what gọn) · 🟡 **Medium** tóm-tắt (1 dòng đếm) · 📦 **Disable/superseded** ẨN. Mục-đích: anh thấy lại các LỆNH governance đã ký ("vì quan-trọng").
+- Mark cấp Active-High = LỆNH (P3 binding); vi-phạm → `error-ledger.md §L.a` RCA (P9). KHÔNG tự đóng dấu / đổi cấp (P4/P8 — chờ anh confirm).
+- **Light/hỏi-đáp session → có thể skip; governance session → nên chạy.**
+
 ### 2.2 Skill registry (6 skill)
 - Liệt kê: `contract-workflow` · `form-engine` · `permission-matrix` · `dependency-audit-erp` · `ef-core-migration` · `iis-deploy-runbook`
 - Dùng skill khi task khớp (KHÔNG tự suy luận lại). Phân bổ per agent: xem README skill matrix.

.claude/commands/user-mark-active-high.md

@@ -0,0 +1,21 @@
+---
+description: User-Mark cấp Active-High (bắt-buộc phải làm; vi-phạm → error-ledger §L.a RCA) — DACI report-before-stamp (canonical §P/H-12). Adopt S79.
+argument-hint: <quyết-định governance + §-target SE>
+---
+
+# /user-mark-active-high — neo quyết-định governance cấp CAO NHẤT
+
+> Chữ-ký quyết-định **GOVERNANCE** cấp **Active-High** (canonical §P, cơ-chế → [`docs/governance/harness-11-engine.md §E`](../../docs/governance/harness-11-engine.md)). Cặp: `/user-mark-active` · `/user-mark-medium` · `/user-mark-disable`. Ledger = `.claude/governance/ACTIVE-MARKS.md`.
+
+**Quyết-định anh nêu:** $ARGUMENTS
+
+## Quy trình (§P/H-12 DACI — report-before-stamp, P4) — em-main thực-thi:
+
+1. **Scope-check (P6):** quyết-định trên có đổi CANONICAL §-rule (rules.md / harness-11-engine / authority-routing) không? **KHÔNG** → đây là work-flow/task, **KHÔNG mark** → dừng + báo anh.
+2. **Adjust-Gov (P4):** soạn thay-đổi governance tương-ứng — **em-main single-writer (engine D9)**, KHÔNG fan-out memory/governance.
+3. **Double-check (P4):** quét `harness-11-engine.md §A-§E` + `error-ledger.md` Active-Guards + `ACTIVE-MARKS.md` tìm mâu-thuẫn (cross-harness contradiction · vocab-fork C3).
+4. **🔴 BÁO-CÁO anh TRƯỚC khi stamp (P4):** trình brief gồm `{thay-đổi · 3–7 tiêu-chí KHÁCH-QUAN (điểm-đau/khối-lượng/chất-lượng — rules §6.6, KHÔNG cảm-tính/quy-mô-đội/thời-gian-tuổi) · §-target · supersedes? · mâu-thuẫn-nếu-có}`. **CHỜ anh confirm. KHÔNG stamp trước báo-cáo.**
+5. **Stamp (anh confirm):** tạo `RC-pqhuy1987-dd-mm-yyyy-hh-mm-ss` (timestamp lúc anh sign-off, lấy `date +'%d-%m-%Y-%H-%M-%S'`) → ghi `ACTIVE-MARKS.md` mục 🔴 Active-High + áp §-change vào canonical (rules.md/engine).
+6. **Lifecycle (P5):** supersede mark cũ → `supersedes:` con-trỏ-xuôi 1-chiều + cập-nhật status mark-cũ. 🔴 supersede mark **Active-High** cũ = anh-confirm RIÊNG (KHÔNG auto-downgrade).
+
+**Nghĩa cấp (H-13 deterministic):** Active-High = **bắt-buộc phải làm; vi-phạm → error-ledger §L.a RCA** (behavioral→MD+RCA · tool-action→`.claude/settings*.json` permission-deny, KHÔNG hook vì hook fails-open — E-006/AS-10). Binding (P3): stamp = LỆNH.

.claude/commands/user-mark-active.md

@@ -0,0 +1,21 @@
+---
+description: User-Mark cấp Active (follow + nhắc-lại xuyên-suốt) — DACI report-before-stamp (canonical §P/H-12). Adopt S79.
+argument-hint: <quyết-định governance + §-target SE>
+---
+
+# /user-mark-active — neo quyết-định governance cấp Active
+
+> Chữ-ký quyết-định **GOVERNANCE** cấp **Active** (canonical §P, cơ-chế → [`docs/governance/harness-11-engine.md §E`](../../docs/governance/harness-11-engine.md)). Cặp: `/user-mark-active-high` · `/user-mark-medium` · `/user-mark-disable`. Ledger = `.claude/governance/ACTIVE-MARKS.md`.
+
+**Quyết-định anh nêu:** $ARGUMENTS
+
+## Quy trình (§P/H-12 DACI — report-before-stamp, P4) — em-main thực-thi:
+
+1. **Scope-check (P6):** có đổi CANONICAL §-rule / authority-routing không? KHÔNG → work-flow, KHÔNG mark → dừng + báo anh.
+2. **Adjust-Gov (P4):** soạn thay-đổi governance — em-main single-writer (engine D9).
+3. **Double-check (P4):** quét `harness-11-engine.md §A-§E` + `error-ledger.md` + `ACTIVE-MARKS.md` tìm mâu-thuẫn.
+4. **🔴 BÁO-CÁO anh TRƯỚC khi stamp (P4):** brief `{thay-đổi · 3–7 tiêu-chí KHÁCH-QUAN (rules §6.6) · §-target · supersedes?}`. CHỜ anh confirm. KHÔNG stamp trước.
+5. **Stamp (anh confirm):** `RC-pqhuy1987-dd-mm-yyyy-hh-mm-ss` → ghi `ACTIVE-MARKS.md` mục 🟢 Active + áp §-change.
+6. **Lifecycle (P5):** supersede mark cũ → `supersedes:` + cập-nhật status mark-cũ.
+
+**Nghĩa cấp (H-13 deterministic):** Active = **follow + nhắc-lại xuyên-suốt** (HIỆN @session-start §2.1.4 / session-end §L.b(h)). Nhẹ hơn Active-High (KHÔNG mandate RCA-tự-động), nhưng vẫn deterministic-follow. Binding (P3): stamp = LỆNH.

.claude/commands/user-mark-disable.md

@@ -0,0 +1,20 @@
+---
+description: User-Mark-Disable — tắt/thu-hồi một mark đang active (reversible; canonical §P/H-12 P5 lifecycle). Adopt S79.
+argument-hint: <RC-id HOẶC mô-tả mark cần tắt>
+---
+
+# /user-mark-disable — tắt một User-Mark (reversible)
+
+> Thu-hồi/tắt một mark đang active trong `.claude/governance/ACTIVE-MARKS.md` (canonical §P/H-12 P5). **Reversible** (KHÔNG xóa audit-trail — chuyển status, giữ lịch-sử). Cơ-chế → [`docs/governance/harness-11-engine.md §E`](../../docs/governance/harness-11-engine.md). Cặp: `/user-mark-active-high` · `/user-mark-active` · `/user-mark-medium`.
+
+**Mark cần tắt:** $ARGUMENTS
+
+## Quy trình (§P/H-12 P5 lifecycle) — em-main thực-thi:
+
+1. **Locate:** tìm mark trong `ACTIVE-MARKS.md` khớp `$ARGUMENTS` (RC-id hoặc mô-tả). KHÔNG khớp / mơ-hồ → hỏi anh rõ mark nào.
+2. **🔴 BÁO-CÁO anh TRƯỚC khi tắt:** trình `{mark · cấp hiện-tại · §-target · lý-do tắt · hệ-quả nếu §-rule đang dựa vào nó}`. CHỜ anh confirm.
+   - 🔴 Nếu mark là **Active-High** → BẮT BUỘC anh-confirm RIÊNG (cấp cao nhất, KHÔNG auto-disable — P5).
+3. **Disable (anh confirm):** chuyển mark → mục 📦 SUPERSEDED/DISABLED (status `Disable`, giữ RC-id + nội-dung). Nếu mark đã codify §-rule → cân-nhắc revert/giữ §-rule (báo anh tách-bạch "tắt-mark ≠ revert-rule").
+4. **Reversible:** mark Disable có thể re-stamp lại sau (re-activate) — giữ nguyên audit-trail con-trỏ.
+
+**Nguyên-tắc (P5):** KHÔNG freeze-immutable — anh được đổi-ý/tắt qua re-stamp; git-history = audit-trail thật. Disable ≠ xóa (giữ để debate/trace sau).

.claude/commands/user-mark-medium.md

@@ -0,0 +1,21 @@
+---
+description: User-Mark cấp Medium (neo quyết-định chưa-rõ; follow nhưng skippable) — DACI report-before-stamp (canonical §P/H-12). Adopt S79.
+argument-hint: <quyết-định governance chưa-chốt-hẳn + §-target SE>
+---
+
+# /user-mark-medium — neo quyết-định governance cấp Medium (chưa-rõ)
+
+> Chữ-ký quyết-định **GOVERNANCE** cấp **Medium** (canonical §P) — dùng khi anh muốn NEO MỐC một hướng chưa-chốt-hẳn (follow nhưng skippable). Cơ-chế → [`docs/governance/harness-11-engine.md §E`](../../docs/governance/harness-11-engine.md). Cặp: `/user-mark-active-high` · `/user-mark-active` · `/user-mark-disable`. Ledger = `.claude/governance/ACTIVE-MARKS.md`.
+
+**Quyết-định anh nêu:** $ARGUMENTS
+
+## Quy trình (§P/H-12 DACI — report-before-stamp, P4) — em-main thực-thi:
+
+1. **Scope-check (P6):** có đổi CANONICAL §-rule / authority-routing không? KHÔNG → work-flow, KHÔNG mark → dừng + báo anh.
+2. **Adjust-Gov (P4):** soạn thay-đổi (nếu có) HOẶC chỉ neo-mốc-không-codify (Medium thường chưa-đổi-rule cứng) — em-main single-writer (engine D9).
+3. **Double-check (P4):** quét `harness-11-engine.md §A-§E` + `error-ledger.md` + `ACTIVE-MARKS.md` tìm mâu-thuẫn.
+4. **🔴 BÁO-CÁO anh TRƯỚC khi stamp (P4):** brief `{hướng-neo · 3–7 tiêu-chí KHÁCH-QUAN (rules §6.6) · §-target nếu có · cái-gì-chưa-rõ}`. CHỜ anh confirm. KHÔNG stamp trước.
+5. **Stamp (anh confirm):** `RC-pqhuy1987-dd-mm-yyyy-hh-mm-ss` → ghi `ACTIVE-MARKS.md` mục 🟡 Medium + ghi rõ "chưa-rõ phần X".
+6. **Lifecycle (P5):** khi anh chốt-rõ → re-stamp lên Active/Active-High (con-trỏ-xuôi `supersedes:`).
+
+**Nghĩa cấp (H-13 deterministic):** Medium = **neo quyết-định chưa-rõ; follow nhưng SKIPPABLE** (tóm-tắt @session display). KHÔNG mandate. Binding (P3): stamp = đã-neo (chưa phải lệnh-cứng như Active-High).

.claude/governance/ACTIVE-MARKS.md

@@ -0,0 +1,26 @@
+# ACTIVE-MARKS — User-Mark ledger (Harness-12/13 · canonical §P) — SOLUTION_ERP
+
+> **Chữ-ký quyết-định cấp GOVERNANCE** (rule/policy/architecture/harness — KHÔNG work-flow/task). Single-writer em-main (B3 VERIFY→APPEND). Cơ-chế đầy-đủ (§P P1-P10) → [`docs/governance/harness-11-engine.md §E`](../../docs/governance/harness-11-engine.md). Lệnh: `/user-mark-active-high` · `/user-mark-active` · `/user-mark-medium` · `/user-mark-disable`.
+> 🔴 **SHOW @/session-start (§2.1.4) + @/session-end (§L.b(h))** status-filtered: 🔴 Active-High + 🟢 Active **HIỆN rõ** · 🟡 Medium **tóm-tắt** · 📦 Disable/superseded **ẨN** — anh đọc-lại 1 lần/đầu+cuối session ("vì quan-trọng").
+> **Binding (P3):** có stamp = **LỆNH** · không stamp = đang **BÀN**. **No-retrofit:** từ 2026-06-20 forward (KHÔNG truy-ngược quyết-định pre-S79).
+> **Adopt S79 (2026-06-20)** — AI_INFRA broadcast User-Mark H-12/13 (`2026-06-19-Governance-harness-all-update` + `…rc-signature`) + canonical §P, áp `/user-mark-active-high` (anh-confirm). adap-report → `adap-reports/2026-06-19-Governance-harness-all-update.md`.
+
+## Schema (1 mark)
+`{ id: RC-pqhuy1987-dd-mm-yyyy-hh-mm-ss · cấp · §-target SE (≙ AI_INFRA) · what · objective-criteria(3–7, rules §6.6) · supersedes? · status }`
+
+## 🔴 ACTIVE-HIGH (bắt-buộc phải làm; vi-phạm → error-ledger §L.a RCA — HIỆN @session)
+
+| ID (RC-signature) | §-target SE (≙ AI_INFRA) | What | objective-criteria (pain · volume · quality) | supersedes | Status |
+|---|---|---|---|---|---|
+| `RC-pqhuy1987-20-06-2026-10-29-09` | `rules.md §6.6` + `engine §E.4` (≙ §F4.2) | Quyết-định kiến-trúc/chức-năng = tiêu-chí KHÁCH-QUAN (điểm-đau · khối-lượng · chất-lượng) **KHÔNG quy-mô-đội**; "overkill/quá-mức-solo-dev/cảm-tính" = **BÁC**; thẩm-quyền cần-vs-thừa = AI_INFRA cross-project; AI = neo lý-tính | **pain:** lập-luận "quá mức solo-dev" đã khiến 1 dự-án từ-chối chức-năng chống-lách-engine (sự-cố thật) — SE = solo-dev, đúng đối-tượng · **volume:** 6 dự-án federated + SE 11-agent cần neo nhất-quán · **quality:** quyết-định-cảm-tính trôi chất-lượng âm-thầm; neo-lý-tính giữ rigor | null | 🔖 **Active-High** (anh-confirm S79 · P4 DACI report-before-stamp) |
+| `RC-pqhuy1987-20-06-2026-10-29-10` | `engine §E` (≙ §P) | Codify **User-Mark + chữ-ký RC** (Harness-12/13) — chữ-ký quyết-định governance + 4 cấp + no-cảm-tính deterministic + report-before-stamp | **pain:** quyết-định governance bị quên / giảm-bằng-cảm-tính (không chữ-ký+tier) · **volume:** SE tích-lũy Harness 1-14 cần audit-trail nhất-quán · **quality:** RC-sig = minh-oan + tranh-luận-bằng-bằng-chứng + trách-nhiệm-2-chiều | null | 🔖 **Active-High** (anh-confirm S79 · P4 dogfood: invest-wf→review-wf→báo-cáo→confirm→stamp) |
+| `RC-pqhuy1987-20-06-2026-10-29-11` | `rules.md §6.6 DM-time/age` (≙ §F4.2-ext / H-14) | **Mở-rộng mark-1** — time/age/recency-decay = **false-proxy** (cùng-họ team-size); kiến-trúc KHÔNG dựa cũ / lâu-chưa-dùng / auto-decay; trần budget=(dung-lượng÷tốc-độ-thay-mới) KHÔNG núm-decay-tuổi, drift=đường-nền-cuộn KHÔNG cửa-sổ-tuổi; **additive** (mark-1 GIỮ) | **pain:** cap∝chunk_count = Goodhart-vanity + age-window drift = alarm-spam (sự-cố thật H-14); SE memory-budget từng dễ mắc "giảm-theo-độ-cũ" · **volume:** 6 dự-án áp budget/drift/eval + SE L1/L2/L3 + archive-gate · **quality:** age-decay cắt memory-tốt = false-economy (DM-004 Goodhart §6.6) | null (additive) | 🔖 **Active-High** (anh-confirm S79 via `/user-mark-active-high` · P4 DACI · supersedes:null) |
+
+## 🟢 ACTIVE (follow + nhắc-lại xuyên-suốt — HIỆN @session)
+_(trống)_
+
+## 🟡 MEDIUM (neo chưa-rõ; follow nhưng skippable — tóm-tắt @session)
+_(trống)_
+
+## 📦 SUPERSEDED / DISABLED (ẨN khỏi session display — giữ audit-trail, KHÔNG xóa)
+_(trống)_