[CLAUDE] Docs: S73 closeout — Mig 54 PE gia de xuat + CCM duyet-done (STATUS/HANDOFF/session-log + review run-trace + agent-memory harvest)

- STATUS/HANDOFF S73: Mig 54 · test 334 · bundle Bv3jUCNo/BWlMBQz6 (Run #313 feature + #314 fix)
- session log 2026-06-18-S73-pe-gia-de-xuat-ccm-done.md
- run-trace runs/2026-06-18-mig54-pe-review (custom-inline review, bu post-hoc) + _ledger 2 row (R1 schema 1/4 + R2 free-text 2/3)
- agent-memory flush 5 sub + reconcile implementer-frontend cwd-misland stray -> canonical

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>

.claude/agent-memory/test-specialist/MEMORY.md

@@ -15,7 +15,7 @@ WRITE specialist độc quyền `tests/**`. xUnit + FluentAssertions 7.2 + EF SQ
 - ❌ NOT: production code `src/Backend/**` + `fe-*/**` → test reveal bug → REPORT em main, KHÔNG fix
 - ❌ NOT: decide WHAT to test (test plan) → em main + reviewer chốt priority
 
-## 📊 Baseline 306 tests = 306 PASS (45 Domain + 261 Infra)  ← S69b +14 PE 2 feature anh Kiệt FDC (test-before-merge SECURITY/FINANCIAL): `PeCcmThresholdFinalizeTests.cs` (5, Services ns, value-threshold CCM-finalize ApproveV2Async) + `PeUrgentToggleAuthzTests.cs` (9, Application ns, urgent-toggle role authz). Prev 292 ← S69 +6 Office golive permission-seed (`OfficeModulePermissionSeedTests.cs`, test-after, mirror HrmProfilePermissionSeedTests S67). Prev 286 ← S67 +23 HRM test-after [DepartmentTreeTests 8 cycle-guard/rollup/orphan + PeHoSoLinkTests 9 absolute-set (⚠️spec-drift: HoSoLink gửi null=CLEAR, KHÔNG null-safe như Budget*/WorkItemId) + HrmProfilePermissionSeedTests 6 reflection private-static revoke→seed chain]. **em main PROXY-RECORD** — return truncated #53 (chết lúc update MEMORY), 3 file delivered + `dotnet test` 286 PASS verify-on-disk. Prev 263 (S61 +22 PeWorkItemBudget −14 BudgetPolicy; Domain 58→45 drop Budget module). Pre = 254 (S60).
+## 📊 Baseline 334 tests = 334 PASS (45 Domain + 289 Infra)  ← S72 +28 PE Mig 54 anh Kiệt FDC (spec-change + 2 test-after): update PeCcmThresholdFinalizeTests 6→11 (AUTO→OPT-IN finalizeByCcmDelegation) + NEW PeApprovedPriceFinalizeTests 10 (① giá chốt) + NEW PeSuggestedPriceSetterAuthzTests 13 (③ 2 setter role-gate). Prev 306  ← S69b +14 PE 2 feature anh Kiệt FDC (test-before-merge SECURITY/FINANCIAL): `PeCcmThresholdFinalizeTests.cs` (5, Services ns, value-threshold CCM-finalize ApproveV2Async) + `PeUrgentToggleAuthzTests.cs` (9, Application ns, urgent-toggle role authz). Prev 292 ← S69 +6 Office golive permission-seed (`OfficeModulePermissionSeedTests.cs`, test-after, mirror HrmProfilePermissionSeedTests S67). Prev 286 ← S67 +23 HRM test-after [DepartmentTreeTests 8 cycle-guard/rollup/orphan + PeHoSoLinkTests 9 absolute-set (⚠️spec-drift: HoSoLink gửi null=CLEAR, KHÔNG null-safe như Budget*/WorkItemId) + HrmProfilePermissionSeedTests 6 reflection private-static revoke→seed chain]. **em main PROXY-RECORD** — return truncated #53 (chết lúc update MEMORY), 3 file delivered + `dotnet test` 286 PASS verify-on-disk. Prev 263 (S61 +22 PeWorkItemBudget −14 BudgetPolicy; Domain 58→45 drop Budget module). Pre = 254 (S60).
 > Pattern S67: private-static seed/init → invoke qua REFLECTION (`GetMethod(name, NonPublic|Static)` + `Invoke(null, [db, roleManager, NullLogger.Instance])`); seed MenuItem rows TRƯỚC Permission (FK MenuKey→MenuItem.Key Cascade, SQLite Error 19 nếu thiếu). Cycle-guard test: SqliteDbFixture đủ (no User); rollup-count test cần IdentityFixture (đếm User.DepartmentId active).
 Run: `dotnet test SolutionErp.slnx --nologo --verbosity minimal -p:BuildInParallel=false -maxcpucount:1` (MSBuild OOM → serialize build)
 
@@ -54,6 +54,7 @@ Test theo CODE (single source truth), document mismatch header comment + report.
 
 ## 📅 Recent activity (last 10 FIFO)
 
+- **2026-06-18 (S72 PE Mig 54 anh Kiệt FDC — SPEC-CHANGE + 2 test-after FINANCIAL):** +28 test → **306→334 PASS** (45 Domain + Infra 261→289, 0 fail). BE Mig 54 committed+builds. Mig 54 fields PE: `ProSuggestedMin/MaxPrice` + `CcmSuggestedPrice` + `ApprovedPriceAmount` + `ApprovedPriceSource`; `TransitionAsync`/`ApproveV2Async` +3 param `finalizeByCcmDelegation`(bool) + `approvedPriceAmount`(decimal?) + `approvedPriceSource`(string?). **① SPEC-CHANGE CCM-finalize AUTO→OPT-IN — UPDATE `PeCcmThresholdFinalizeTests` 6→11 (Services ns):** S69b AUTO (gói<ngưỡng+CCM → tự DaDuyet im-lặng) NAY chỉ finalize khi `finalizeByCcmDelegation=true` + đủ ĐK fail-closed (check theo thứ tự code 832-851: threshold-null→Conflict / role≠CostControl→Forbidden / `winnerQuoteTotal>=ceoThreshold`→Conflict, strict-`<` giữ nguyên) → ApplyApprovedPriceOnFinalize(BẮT BUỘC giá chốt human)→DaDuyet. ApproveAsync helper +3 optional param. Cover: flag-true+<ngưỡng+giá→DaDuyet skip-CEO + bind ApprovedPrice / **flag-FALSE+<ngưỡng→KHÔNG finalize advance-CEO (đổi-chính)** / flag-true ==ngưỡng→Conflict + >ngưỡng→Conflict (no-mutation reload-assert) / flag-true non-CCM→Forbidden / flag-true threshold-null→Conflict / flag-true slot-cuối+giá→DaDuyet 1-Approval no-double / flag-true đủ-ĐK null-giá→Conflict("giá chốt"). **② NEW `PeApprovedPriceFinalizeTests` 10 (Services ns) — ApplyApprovedPriceOnFinalize (private-static):** terminal DaDuyet normal-advance human valid-price→bind / null-price human→Conflict NOT-finalized(ChoDuyet reload) / garbage-source→Conflict / Theory 4 valid-source {Ncc,ProMin,ProMax,Ccm} each-set + **isSystem null-price→no-throw no-set qua REFLECTION** (⚠️OBSERVATION report: isSystem KHÔNG reachable qua public ApproveV2Async — approve-branch gate `decision==Approve` còn isSystem cần `AutoApprove`; PE no SLA-auto-job chỉ Contract SlaExpiryJob → isSystem-exempt = defensive/dead qua V2-approve; test contract mức UNIT) + đối-chứng isSystem-false→Conflict + isSystem-true amount+garbage-source→Conflict. Reflection unwrap TargetInvocationException→inner. **③ NEW `PeSuggestedPriceSetterAuthzTests` 13 (Application ns) — 2 setter handler 2-dep db+ICurrentUser mirror PeWorkItemGuard:** PRO-cmd Procurement/Admin set Min/Max·CostControl/Drafter→Forbidden+no-set·validator Min>Max invalid+negative invalid+single/null valid·unknown-PE→NotFound(existence TRƯỚC authz). CCM-cmd CostControl/Admin set·Procurement→Forbidden·validator negative invalid·NotFound. **No prod bug** — code đúng spec (OPT-IN finalize an-toàn-hơn AUTO, fail-closed order intentional). FakeCurrentUser configurable-roles. Tag [s72, pe-mig54, ccm-finalize-opt-in, spec-change, approved-price, applyapprovedprice-private-static-reflection, issystem-unreachable-observation, suggested-price-setter-authz, fail-closed, test-after].
 - **2026-06-17 (S69b PE 2 feature anh Kiệt FDC — test-before-merge SECURITY+FINANCIAL workflow):** +14 test → **292→306 PASS** (45 Domain + Infra 247→261, 0 fail). BE done+builds, mirror harness PeSubmitGuardAndBypassTests/PeWorkItemGuardTests. **FEATURE B value-threshold CCM-finalize (`PeCcmThresholdFinalizeTests.cs` 5, Services ns, ApproveV2Async line 816-854):** NV duyệt role=CostControl + `aw.CeoApprovalThreshold!=null` + `winnerQuoteTotal < ngưỡng` + chưa-slot-cuối → Phase=DaDuyet bỏ CEO + pointers/SLA null. **⭐ BOUNDARY load-bearing: predicate `winnerQuoteTotal < ceoThreshold` STRICT-less-than (line 838)** → gói==đúng-ngưỡng = KHÔNG finalize = advance. Cover: (1)⭐LOAD-BEARING CCM<ngưỡng mid-wf→DaDuyet skip-CEO pointers-null + chỉ CCM-slot opinion no CEO-opinion / (2) ==ngưỡng→advance Bước2(CEO) stays-ChoDuyet SLA+7d / (2b) >ngưỡng→advance / (3) threshold-null→advance kể-cả-CCM+gói-1đ (backward-compat) / (4) non-CCM(PRO)<ngưỡng→advance (chỉ CostControl trigger, nhận-diện-theo-role) / (5) CCM-at-last-slot<ngưỡng→DaDuyet via NORMAL-advance (guard `!(idx==last&&lvl==max)` skip finalize-branch, nhánh advance terminal cũng DaDuyet — no double, 1 Approve row). Harness: dựng PE TRỰC TIẾP ở ChoDuyet pin pointer slot CCM (skip submit guard) + drive 1 Approve; `SeedWorkflowAsync(stepApprovers, ceoThreshold)`. **FEATURE A urgent-toggle authz (`PeUrgentToggleAuthzTests.cs` 9, Application ns, SetPurchaseEvaluationUrgentCommandHandler 4-dep db+ICurrentUser+UserManager+INotificationService):** role→cờ: PRO→IsUrgentByPro / CCM→IsUrgentByCcm / Admin→CẢ2 / else→ForbiddenException. Notify-CEO best-effort try/catch — KHÔNG assert (NoOpNotificationService nuốt; CreateUserAsync idempotent-register role nên GetUsersInRoleAsync(Director) no-throw). Cover: PRO-only-ByPro(Ccm-untouched) / CCM-only-ByCcm / Admin-both / Drafter→Forbidden+no-mutation / Finance→Forbidden / PRO-turn-off clears-only-Pro Ccm-preserved / **multi-role PRO+CCM no-Admin→else-if short-circuit chỉ ByPro (LOCK behavior)** / unknown-PE→NotFound. **No prod bug** — cả 2 feature code đúng spec (strict-`<` intentional rollout-safe, else-if priority Admin>PRO>CCM intentional). FakeCurrentUser configurable-roles ctor. Reuse NoOpNotificationService internal qua `using ...Tests.Services`. Tag [s69b, pe-ccm-threshold-finalize, value-threshold, strict-less-than-boundary, role-based-routing, urgent-toggle-authz, forbidden-no-mutation, else-if-short-circuit, test-before-merge].
 
 - **2026-06-17 (S69 Office golive permission-seed regression — test-after SECURITY invariant, public Văn phòng số):** +6 test `tests/.../Application/OfficeModulePermissionSeedTests.cs` → **286→292 PASS** (45 Domain + Infra 241→247, 0 fail). Mirror `HrmProfilePermissionSeedTests` (S67) — SAME reflection harness (invoke 2 private-static `RevokeTemporarilyHiddenModulesAsync` + `SeedAllRolesOfficeModulePermissionsAsync` qua `GetMethod(name, NonPublic|Static).Invoke(null, [db, rm, NullLogger.Instance])`; SqliteDbFixture/IdentityFixture; seed MenuItem rows TRƯỚC Permission FK Cascade). **KHÁC HRM:** Office grant mở **CanRead AND CanCreate** (HRM read-only) trên allow-list **16 key**; HRM chỉ 2 key. Chain = revoke (StartsWith("Off")→all false non-Admin) → office-grant (allow-list→read+create, upgrade-only). **Cover:** (1) chain non-Admin allow-list-16 → read+create=true + **excluded-3 stay hidden** (`OffPhongHopManage`/`OffAttendanceReport`/`OffChamCong` ⭐ LOAD-BEARING security assert) / (2) allow-list Update+Delete stay false / (3) no-leak HRM-dashboard+Personal stay hidden / (4) Admin not-revoked keeps all incl excluded-3 / (5) create-missing-row read+create=true update/delete=false + excluded NOT created / (6) **upgrade-only preserves admin-raised Update/Delete=true** (office-grant chỉ đụng Read/Create, KHÔNG hạ). **No prod bug** — seed logic đúng spec (excluded-3 confirmed hidden, upgrade-only không phá quyền admin). Tag [s69, office-golive, permission-seed, security-invariant, excluded-3-hidden, read+create-grant, upgrade-only, reflection-private-static, test-after].