[CLAUDE] Docs: Harness-11 double-check ×2 + finalize report (anh giao)

- DOUBLE-CHECK wf_a0b68d2f-30e (3× reviewer): committed-state e70c046 PASS — B1 ×11 exact, root CLAUDE.md:53 tail byte-identical, broadcasts hash recompute khớp, single-writer clean. Over-suppression regression CLEAN: DA1 no-return → em-main self-gate fake-drift "99 migration" CAUGHT (runtime) + DA2/DA3 độc-lập confirm - CHECKLIST-VERIFY wf_39cd4cbe-f07 (3× investigator-codebase): completeness-gate H11 FORMAL ĐẠT — B 4/4 + C 5/5 + D 11/11 đủ-trọn (function-floor MET), A 🟡 tailored; D5/D6/D7 explicit + D8 one-direction codify = YES - detector refine: +C2 "test project" skip (27→26); tree-skip reverted (gotcha #30 box-glyph trap, kể cả qua Edit render-normalize); detector pure-ASCII verified - agents/README "(pending)"→run-id; adap-report + outbox email +double-check section (hash 2316773229f2) - 0 production code; state THẬT giữ nguyên (Mig 55 · 88 bảng · 339 test · gotcha 69 · bundle BYF5vIMJ/CB-tiRxd) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
[CLAUDE] Docs: adopt Harness-11 engine tự-bảo-trì (3-workflow audit→implement→review)
2026-06-18 23:01:10 +07:00 · 2026-06-18 20:44:26 +07:00
31 changed files with 2001 additions and 19 deletions
--- a/.claude/agent-memory/memory-budget.json
+++ b/.claude/agent-memory/memory-budget.json
@ -29,6 +29,13 @@
      "rule": "coverage-diff GATE: every surprise/guard/file:line/root-cause/gotcha# in verbatim must survive in gist (or marked N/A)"
    }
  },
  "archive_gate": {
    "_note": "Harness-11 PART-A (S73, 2026-06-18) params for scripts/memory-archive-gate.ps1 (DRY-RUN planner, NO-API, grep+measure only). ADDITIVE — does not touch measured/tiers/last_sleep_at. A4 hysteresis = drain to BELOW low_watermark (not just to the line). A5 = never auto-drain below keep_floor newest entries (WARN instead). A6 = only PROPOSE archive after strike_threshold consecutive over-cap runs (stateless script persists strikes in .claude/agent-memory/.archive-strikes.json).",
    "autoinject_cap_bytes": 25600,
    "low_watermark_ratio": 0.85,
    "keep_floor_entries": 5,
    "strike_threshold": 2
  },
  "measured": {
    "cicd-monitor":          { "l1_hot": 23653, "l2_verbatim": 178856, "l2_index": 16779, "l2_gist": 29737, "rollout": "done" },
    "investigator-codebase": { "l1_hot": 23187, "l2_verbatim": 68612,  "l2_index": 9234,  "l2_gist": 27297, "rollout": "done (re-curated S71: moved 3 oldest, gist gen:2)" },
--- a/.claude/agents/README.md
+++ b/.claude/agents/README.md
@ -12,6 +12,7 @@
 > **Upgrade S66 (2026-06-16 — Harness-8 all-inherit + workflow-fastest adopt):** 🔴 BẮT BUỘC (anh-chốt, mọi sister; chất lượng trên chi phí). **H8.1** — toàn bộ 11 sub-agent có memory → `model: inherit` (ăn top-tier lead), **GỠ cơ chế demote two-tier của Harness-4** (7 sub pin `claude-opus-4-8` đã flip `inherit`: 2 implementer · test-specialist · cicd-monitor · investigator-api · frontend-designer · tooling-auditor; 4 đã-inherit giữ nguyên reviewer·investigator-codebase·database-agent·harvest-curator). SE KHÔNG có helper/gopher rẻ để chừa → cả 11 lên inherit. Escape-hatch per-task `tier:'opus'` (hmw.js) GIỮ cho sweep/cost. **H8.2** — chạy workflow nhanh nhất: **song song tối đa + xuất nhanh + lead auto-HMW** cho task substantive (theo H6) — "nhanh" = parallelism, **KHÔNG phải hạ model**. **Caveat (trung thực):** runtime HIỆN KHÔNG đổi (inherit = Opus 4.8 1M vì Fable suspended H5 — trùng two-tier đã collapse); khác biệt thật khi Fable về (cả đội tự lên Fable 5 không sửa frontmatter) + H5.6 restore gọn hơn (chỉ đổi lead). Frontmatter no hot-reload → **executed-file, VERIFIED-pending-restart**. `[1m]` cấm trong frontmatter `model` (gotcha #37). adap-report `2026-06-16-Governance-harness-8-all-inherit-workflow-fastest.md`.
 > **Upgrade S70 (2026-06-17 — Harness-9 L2-recovery + adap 2-workflow adopt):** **(1) PROCESS-mandate 🔴 BẮT BUỘC (PART 2/3, áp MỌI adap từ nay):** mỗi adap 1 Harness = **2 workflow tách biệt** (IMPLEMENT + REVIEW double-check RIÊNG) + REPORT về AI_INFRA kèm **run-id** bằng chứng; task ngắn-nhưng-cần-confirm VẪN phải review-workflow. Codify `.claude/commands/adap-apply.md`. **(2) L2 dark-matter recovery (PART 1, tailored):** archive `agent-memory/<sub>/archive/*.md` KHÔNG vào RAG → build `archive/_INDEX.md` (mục-lục 1-dòng/bản-ghi + con-trỏ **substring** sha-keyed, fallback Ctrl-F, KHÔNG line-hint) + `<period>.gist.md` (nén 4-field ADDITIVE, `distill-gen` counter, verbatim FROZEN) + `memory-budget.json` (seed-by-measure qua `scripts/measure-agent-memory.ps1`) + budget-audit @session-start (§2.1.2) + `.ragignore` guard. Rollout S70 (đầy-đủ-nhất, stage investigate→implement→audit qua 3 Workflow run-id): 4 over-cap sub (cicd-monitor · investigator-codebase · reviewer · implementer-backend). adap-report `2026-06-17-Governance-harness-9-l2-recovery-and-adap-workflow.md`.
 > **Upgrade S72 (2026-06-18 — Harness-10 flat-refine + checklist-v2 adopt):** run-trace SUBFOLDER→**FLAT** (file phẳng cùng cấp: `sub-<role>-<i>.md` raw + `<stage>-synthesis.md` verified, KHÔNG `sub-md/`/`harvest/` subdir) — `hmw.js` (`:103` subMd path) + `workflows/README` + `runs/README` + session-start/end + decision-tree (dòng dưới) repoint. **C8 migration:** 5 run cũ S71 GIỮ subfolder (đừng rewrite history); close-gate dual-accept cả hai dạng. **+`/sleep-recovery-memory-l2`** (đóng A8 — port §J2-tailored SE-only: sleep-compress L2 gist additive, INFORM-only ≥7d). **Anti-bypass detector (refine b): TAILORED-OUT** — SE dùng Anthropic Workflow tool (no CLI-launcher bypass-surface), containment = git-diff + run-folder TRACKED + ledger orphan-scan (G-015). 3 run-id bằng-chứng: audit `wf_13868efb-ea7` · implement `wf_ac43b5ff-7d1` · review (pending). adap-report `2026-06-18-Governance-harness-10-flat-refine-checklist-v2.md` (pending).
 > **Upgrade S75 (2026-06-18 — Harness-11 engine bộ-nhớ-và-governance TỰ-BẢO-TRÌ adopt):** engine tự-DÒ toàn-diện (luôn tươi báo cờ) + AUTO chỉ semantic-null git-diff + **single-writer bar-KHÔNG-hạ (D9)** + đổi-luật owner-approve (D7). 🔑 Canonical → [`docs/governance/harness-11-engine.md`](../../docs/governance/harness-11-engine.md) (**KHÔNG copy luật ở đây — B1 dogfood**). Artifact MỚI: `scripts/governance-detectors.ps1` (C1 broken-pointer + C2/B3 staleness + C3 vocab-fork + C4 self-exclusion, NO-API DÒ+FLAG-only, **runtime-proven** bắt drift root CLAUDE.md mig53→55 + 0 self-match; số flag động → run-trace) + `scripts/memory-archive-gate.ps1` (PHẦN A hysteresis 0.85/keep-floor 5/2-strike/A7 NO-API L1-eval) + budget.json `archive_gate`. 3-tier D5(AUTO)/D6(DÒ+FLAG)/D7(owner-approve) + one-direction-lock D8 (canonical→derived) codify ở engine-doc. Cadence wired: D1 session-start §2.1.3 (chạy detector) · D2 session-end §L.b(c) (archive-gate). Áp qua workflow: audit `wf_7fdc3bd5-930` + implement `wf_c5e5844e-7c1` + review `wf_d7ca1ff8-942` + double-check `wf_a0b68d2f-30e`. adap-report `docs/governance/adap-reports/2026-06-18-Governance-harness-11.md`.
 ---
--- a/.claude/commands/session-end.md
+++ b/.claude/commands/session-end.md
@ -45,7 +45,7 @@ Em main PHẢI echo **TOÀN BỘ nội dung command body này** (đầy đủ Ph
 **§L.b — 7-step auto-maintain (đủ 7, KHÔNG skip — thiếu = ledger thối). (d)(f) = H2 harvest-curator · (g) = H1 tooling-auditor (2026-06-07 Harness 1):**
 - **(a) summary-index** += 1 dòng/session vào `STATUS.md` Recently Done (pointer, KHÔNG full-log).
 - **(b) Active-Guards** (error-ledger): promote guard **2-strike** (episodic→procedural) · mark `verified` nếu held qua session · retire theo **net-effect** (hại>lợi → gỡ).
- **(c) chore-flag:** agent L1 >~30KB → archive L2 · error-ledger open-entry quá ngưỡng · **0-byte memory check (AS-8)** · **🌙 sleep-check (Harness-10b, S72):** `last_sleep_at` null hoặc ≥7d (`memory-budget.json`) → INFORM gợi-ý `/sleep-recovery-memory-l2` (KHÔNG auto-run).
+- **(c) chore-flag:** agent L1 >~30KB → archive L2 · error-ledger open-entry quá ngưỡng · **0-byte memory check (AS-8)** · **🌙 sleep-check (Harness-10b, S72):** `last_sleep_at` null hoặc ≥7d (`memory-budget.json`) → INFORM gợi-ý `/sleep-recovery-memory-l2` (KHÔNG auto-run) · **🗜️ Harness-11 A/D2 (S75):** chạy `powershell.exe -ExecutionPolicy Bypass -File scripts/memory-archive-gate.ps1` (DRY-RUN) → đề-xuất dồn-archive sub over-cap (A4 hysteresis 0.85 + A5 keep-floor 5 + A6 2-strike) + A7 NO-API L1-eval (pointer-resolve + byte-0-loss). Engine → [`docs/governance/harness-11-engine.md`](../../docs/governance/harness-11-engine.md). DRY-RUN báo kế-hoạch; MOVE thật do em-main (D5 AUTO semantic-null sau khi xem).
 - **(d) flush agent-memory** mỗi sub đã spawn session này — **spawn-record 4-field** `{agent · task · nấc(agreed/executed/verified) · evidence}`. (0 sub spawn → "n-a".) → **⬜ harvest-curator (H2) HỖ TRỢ:** spawn → propose spawn-record cho mọi sub đã chạy → em main single-writer VERIFY → APPEND (B3 no-overwrite-unverified).
 - **(e) pending-request audit:** request anh CHƯA-thực-thi đã log SPECIFICS chưa (KHÔNG placeholder).
 - **(f) 🌾 harvest-integrity GATE (⬜ harvest-curator H2 — 5-trục, Harness 1+2):** verify spawn-record (d) đủ+đúng mọi sub TRƯỚC khi đóng — **Coverage** (0 silent-miss) · **Completeness** (đủ 4-field) · **Placement** (delta đúng `agent-memory/X`) · **Corruption** (moved-not-cut, no-mojibake/shell-baked) · **Fidelity-FLAG** (nghi bịa/on-behalf → escalate 🟥 reviewer, KHÔNG tự phán). + **🌊 close-gate C5 Layer3 (Harness-10, thay B5 wave-gom):** với MỌI `runs/<run-id>/` của session → **VERIFY per-turn harvest đã xong** (em-main đã viết `runs/<run-id>/<stage>-synthesis.md` phẳng h10-refine — run cũ S71: `harvest/*.md` — NGAY sau mỗi fan-out turn = C4 Layer1) + `_ledger.md` mọi run đã CLOSE-beat (closed≠⏳). 🔴 **IDEMPOTENT — close-gate chỉ VERIFY, KHÔNG re-APPEND** (per-turn đã APPEND rồi → re-APPEND = DUPLICATE-HARVEST). 5-trục GATE giữ làm **backstop**. GATE = run còn `*-synthesis.md` vắng (run cũ S71: `harvest/` rỗng — C8 dual-accept) HOẶC chưa đủ 5-trục thì CHƯA đóng.
--- a/.claude/commands/session-start.md
+++ b/.claude/commands/session-start.md
@ -80,6 +80,13 @@ Em main xác nhận **lead model resolve được** đầu session. Lead SE = **
 - Đọc `.claude/agent-memory/memory-budget.json` → so kích-thước THẬT `_INDEX.md` mỗi sub vs cap. Nếu cắt-cho-vừa-ngân-sách đang rớt dấu-mốc quan trọng → **bump budget** (chốt-chặn chống "quên chỉnh ngân sách"). Đo lại bằng `scripts/measure-agent-memory.ps1` (seed-by-measure — KHÔNG đặt cap bằng số tưởng tượng).
 - L1 over-cap → curate L1→L2 (byte-exact additive) + build/refresh `_INDEX.md` (con-trỏ **substring** sha-keyed, fallback Ctrl-F) + `<period>.gist.md` (nén 4-field, `distill-gen` counter, verbatim FROZEN). Rollout đầu: 4 over-cap sub (S70).
 ### 2.1.3 Harness-11 D1 — DÒ+BÁO governance-detectors (2026-06-18 S75)
 > Engine bộ-nhớ-và-governance tự-bảo-trì spec → [`docs/governance/harness-11-engine.md`](../../docs/governance/harness-11-engine.md) (canonical — KHÔNG copy luật ở đây, B1). DÒ tự-động; SỬA qua em-main single-writer (D6/D9).
 - Chạy `powershell.exe -ExecutionPolicy Bypass -File scripts/governance-detectors.ps1` → báo cờ: **C1** con-trỏ-gãy (gotcha#/wikilink) · **C2/B3** derived-doc stale vs `docs/STATUS.md` canonical (mig#/test#/gotcha#/table#) · **C3** vocab-fork (1-khái-niệm-nhiều-tên). NO-API, **DÒ+NÊU-CỜ-only KHÔNG tự sửa** (D6 tầng). Cờ → em-main soạn bản sửa (gated B4).
 - Nấc: detector = LƯỚI giảm-sót (khoảng-mù giữa 2 nhịp), count-token soft-net có false-pos (sev LOW khi |lệch|<10) → đọc cờ bằng phán-đoán, KHÔNG auto-fix. **Light/hỏi-đáp session → có thể skip; governance/doc-heavy session → nên chạy.**
 ### 2.2 Skill registry (6 skill)
 - Liệt kê: `contract-workflow` · `form-engine` · `permission-matrix` · `dependency-audit-erp` · `ef-core-migration` · `iis-deploy-runbook`
 - Dùng skill khi task khớp (KHÔNG tự suy luận lại). Phân bổ per agent: xem README skill matrix.
--- a/.claude/skills/README.md
+++ b/.claude/skills/README.md
@ -17,7 +17,7 @@ Skill này là tài liệu chuyên biệt để Claude (và developer khác) dù
 | Skill | Mục đích | Trigger ví dụ | Trạng thái |
 |---|---|---|---|
 | `dependency-audit-erp` | Scan CVE NuGet + npm 2 FE, respect pin constraint (MediatR 12.4.1, Swashbuckle 6.9.0) | "npm audit", "dotnet vulnerable", "deps scan", "nâng cấp package" | ✅ New Tier 3 |
-| `ef-core-migration` | Tạo/revert EF Core 10 migration, 3-file rule, DesignTimeDbContextFactory, **53 migration history** (Init → AddPeUrgentAndCeoApprovalThreshold Mig 53) | "thêm migration", "EF migration", "schema update", "snapshot lỗi" | ✅ Updated S69 (Mig 53 PE cờ gấp PRO/CCM + CCM duyệt-final theo ngưỡng) |
+| `ef-core-migration` | Tạo/revert EF Core 10 migration, 3-file rule, DesignTimeDbContextFactory, migration history (mới nhất Mig 55; số → `docs/STATUS.md`) | "thêm migration", "EF migration", "schema update", "snapshot lỗi" | ✅ Updated S74 (Mig 55 PE CcmNote) |
 | `iis-deploy-runbook` | 3 IIS site + win-acme cert + gitea-runner + LibreOffice + debug 500/502/SignalR prod + **G-084 IPv4/IPv6 hardening** | "prod 500", "IIS fail", "cert hết hạn", "restart app pool", "deploy IIS", "port hijack" | ✅ Updated (G-084) |
 ## Format chuẩn 1 skill
@ -87,5 +87,5 @@ when-to-use:
 ## Related
 - `docs/CLAUDE.md` — quick rules + full stack context
- `docs/gotchas.md` — 68 bẫy đã gặp (latest #68 IDE TS diagnostic giữa background-agent/workflow = snapshot dở-dang → chỉ tin build sạch sau-cùng, S69; #67 Tailwind v4 accent palette thiếu-stop vỡ-màu im-lặng; #66 rule `h1-h4{color}` unlayered thắng utility `text-white`, S68; #65 build csproj con ≠ `dotnet build SolutionErp.slnx` → miss test-compile → CI CS7036 FAIL-gated)
+- `docs/gotchas.md` — bẫy đã gặp (số hiện tại → `docs/STATUS.md`; latest #69 FE bundle-hash non-deterministic + deploy rebuild-FE-unconditional, S72; #68 IDE TS diagnostic giữa background-agent/workflow = snapshot dở-dang → chỉ tin build sạch sau-cùng, S69; #67 Tailwind v4 accent palette thiếu-stop vỡ-màu im-lặng; #66 rule `h1-h4{color}` unlayered thắng utility `text-white`, S68)
 - `docs/changelog/migration-todos.md` — roadmap 5 phase + Tier 3
--- a/.claude/skills/dependency-audit-erp/SKILL.md
+++ b/.claude/skills/dependency-audit-erp/SKILL.md
@ -150,6 +150,6 @@ Lưu vào `docs/changelog/deps-audit-{YYYY-MM-DD}.md` nếu có action.
 ## Related
- `docs/gotchas.md` — 68 bẫy package compat / CI / IIS / Identity / per-NV refactor / SQLite tie-break đã gặp
+- `docs/gotchas.md` — bẫy package compat / CI / IIS / Identity / per-NV refactor / SQLite tie-break đã gặp (số hiện tại → `docs/STATUS.md`)
 - `docs/changelog/migration-todos.md` Phase 5.1 — checklist deps scan CI
 - `SolutionErp.slnx` + `global.json` — .NET version pin
--- a/.claude/skills/ef-core-migration/SKILL.md
+++ b/.claude/skills/ef-core-migration/SKILL.md
@ -1,6 +1,6 @@
 ---
 name: ef-core-migration
-description: Tạo/sửa/revert EF Core 10 migration cho SOLUTION_ERP. Dùng khi thêm entity mới, thay đổi schema, rollback migration, debug DesignTimeDbContextFactory fail. Đã có 53 migration sẵn (Init → AddPeUrgentAndCeoApprovalThreshold Mig 53, S69). Snapshot + Designer + Migration 3-file rule bắt buộc commit đủ.
+description: Tạo/sửa/revert EF Core 10 migration cho SOLUTION_ERP. Dùng khi thêm entity mới, thay đổi schema, rollback migration, debug DesignTimeDbContextFactory fail. Đã có nhiều migration (số hiện tại → docs/STATUS.md canonical; mới nhất Mig 55 AddCcmNoteToPeWorkItemBudget, S74). Snapshot + Designer + Migration 3-file rule bắt buộc commit đủ.
 when-to-use:
  - "thêm migration"
  - "EF Core migration"
@ -16,7 +16,7 @@ when-to-use:
 > **Context:** .NET 10 + EF Core 10 + SQL Server. DbContext: `ApplicationDbContext` ở `Infrastructure/Persistence/`. Startup: `SolutionErp.Api`.
-## Migration history (53 migration hiện có)
+## Migration history (số hiện tại → `docs/STATUS.md` canonical; mới nhất Mig 55)
 | # | Name | Tables added / changed |
 |---|---|---|
@ -73,8 +73,10 @@ when-to-use:
 | **51** | **`AddDepartmentParentId`** | **🎯 S65 — Department.ParentId `Guid?` loose-Guid (KHÔNG FK vật lý — org-tree phân cấp; `GET /departments/tree` ráp cây in-memory + rollup count theo `User.DepartmentId` + cycle-guard HashSet chặn tự-cha + vòng A→B→A). AddColumn-only, no new table.** |
 | **52** | **`AddHoSoLinkToPurchaseEvaluation`** | **🎯 S65 — PE.HoSoLink `nvarchar(1000)?` hyperlink NAS (mục "e. Link hồ sơ", FE `<a target=_blank rel=noopener>` null-safe). AddColumn-only, no new table.** |
 | **53** | **`AddPeUrgentAndCeoApprovalThreshold`** | **🎯 S69 — PE +`IsUrgentByPro`/`IsUrgentByCcm` (bit, cờ gấp PRO đỏ/CCM xanh) + ApprovalWorkflow +`CeoApprovalThreshold` `decimal(18,2)?` (ngưỡng gói CEO — CCM role CostControl duyệt-final khi winnerQuoteTotal < ngưỡng). 3 AddColumn, no new table. anh Kiệt FDC.** |
 | **54** | **`AddPeSuggestedAndApprovedPrice`** | **🎯 S73 — PE +5 cột giá đề xuất (ProSuggestedMin/Max + CcmSuggested + ApprovedPriceAmount + ApprovedPriceSource) additive-nullable — CEO chọn giá chốt + CCM duyệt-done opt-in. anh Kiệt FDC go-live 22/06.** |
 | **55** | **`AddCcmNoteToPeWorkItemBudget`** | **🎯 S74 — PeWorkItemBudget +`CcmNote nvarchar(1000)?` (ô "Ghi chú từ CCM" mirror ProNote). AddColumn-only, no new table.** |
-Total: **88 bảng** dbo + `__EFMigrationsHistory` (re-ground S62 cicd `sys.tables`; last Mig 50 net 93→88 — Mig 51+52 đều AddColumn-only, không đổi số bảng). Xem `docs/database/schema-diagram.md` migration table + §11-15 module ERD (§16+ Mig 27-52 chi tiết pending).
+Total: **88 bảng** dbo + `__EFMigrationsHistory` (re-ground S62 cicd `sys.tables`; last schema-changing Mig 50 net 93→88 — Mig 51-55 đều AddColumn-only, không đổi số bảng). Xem `docs/database/schema-diagram.md` migration table + §11-15 module ERD (§16+ Mig 27-55 chi tiết pending).
 ## N-stage workflow pattern (Mig 18-20 — Session 12-13)
@ -282,7 +284,7 @@ sqlcmd -S .\SQLEXPRESS -d SolutionErp -U vrapp -P <pw> -i migrate.sql
 ## Code pointers
- `src/Backend/SolutionErp.Infrastructure/Persistence/ApplicationDbContext.cs` — DbSet cho 88 bảng (53 migration)
+- `src/Backend/SolutionErp.Infrastructure/Persistence/ApplicationDbContext.cs` — DbSet cho 88 bảng (số migration → `docs/STATUS.md`)
 - `src/Backend/SolutionErp.Infrastructure/Persistence/DesignTimeDbContextFactory.cs` — EF tooling factory
 - `src/Backend/SolutionErp.Infrastructure/Persistence/DbInitializer.cs` — seed + warn + migrate runtime + backfill (idempotent reconcile pattern)
 - `src/Backend/SolutionErp.Infrastructure/Persistence/Configurations/` — IEntityTypeConfiguration<T> per entity
@ -291,5 +293,5 @@ sqlcmd -S .\SQLEXPRESS -d SolutionErp -U vrapp -P <pw> -i migrate.sql
 ## Related
 - `docs/database/database-guide.md` — conventions + migration workflow chi tiết
- `docs/database/schema-diagram.md` — **ERD 88 bảng** + §11 PE + §12 ~~Budget~~ (REMOVED Mig 50) + §13 PEDeptOpinions (Mig 15) + §14 ApprovalWorkflow V2 (Mig 22-25) + §15 PE Level Opinions V2 (Mig 26); §16+ Mig 27-52 detail pending (xem migration table)
+- `docs/database/schema-diagram.md` — **ERD 88 bảng** + §11 PE + §12 ~~Budget~~ (REMOVED Mig 50) + §13 PEDeptOpinions (Mig 15) + §14 ApprovalWorkflow V2 (Mig 22-25) + §15 PE Level Opinions V2 (Mig 26); §16+ Mig 27-55 detail pending (xem migration table)
 - `docs/gotchas.md` #7, #17, #38 — migration pitfalls + Identity 4-field rename
--- a/.claude/workflows/runs/2026-06-18-h11-audit/audit-synthesis.md
+++ b/.claude/workflows/runs/2026-06-18-h11-audit/audit-synthesis.md
@ -0,0 +1,81 @@
 # AUDIT SYNTHESIS — Harness-11 adap (2026-06-18-h11-audit · `wf_7fdc3bd5-930`)
 > 4× investigator-codebase (read-only ∥, no Write tool → findings-in-return, **em-main scribe @P3 per writeGuard hmw.js:112**). Ground-truth đọc-disk. Nấc trung-thực: executed-file (tĩnh) / runtime (chạy-quan-sát) / mechanized (cổng-máy) vs convention (người tuân-thủ).
 ## Ground-truth canonical (STATUS.md = nguồn-chuẩn state)
 mig **55** (last `AddCcmNoteToPeWorkItemBudget`) · gotcha **69** · test **339** · tables **88**.
 ---
 ## PHẦN A — hot-mem auto-archive by budget (🟡 TAILORABLE)
 | Item | Verdict | Evidence |
 |---|---|---|
 | A1 session-end byte-gate đo→kích | **PARTIAL** | `measure-agent-memory.ps1:14,32` đo-byte THẬT nhưng KHÔNG call-site auto-run; `session-end.md:48` chỉ prose "L1>~30KB→archive". mechanized-MEASURE, KHÔNG mechanized-TRIGGER |
 | A2 additive MOVE→archive | **PRESENT (runtime)** | `h910-curate` reviewer 36738→24844 (moved 10) "+22 -0 grep-Fxf byte-exact + md5sum"; budget.json:30 "NEVER rewrite, APPEND-only" |
 | A3 _INDEX pointer-only append | **PRESENT** | 3 `_INDEX.md` on-disk; budget.json:19 pointer substring sha-keyed, NO line-hint |
 | A4 hysteresis ~0.85 | **GAP** | grep `0.85\|hysteresis`=0; chỉ 2 cap rời (25600/30720), không band |
 | A5 keep-floor ≥5 | **GAP** | grep `keep-floor`=0; curate "N oldest" theo phán-đoán người |
 | A6 2-strike anti-thrash (archive) | **GAP** | 2-strike duy nhất = Active-Guards (`session-end.md:47`), KHÔNG cho archive |
 | A7 NO-API L1-eval (pointer-resolve+byte-0-loss) | **PARTIAL** | chạy 1-lần trong `h910-curate` (grep-Fxf 10/10+md5sum) NHƯNG one-off em-main-driven, KHÔNG standing-gate |
 **Verdict A:** convention-người-đo (mechanized-MEASURE + mechanized-VERIFY nhưng KHÔNG mechanized-TRIGGER). A4/A5/A6 GAP **hợp-lệ vì A=🟡**. → IMPLEMENT chọn mechanize để A mạnh hơn (optional nhưng giá-trị).
 ## PHẦN B — derived→canonical pointer + freshness (🔴 FUNCTION-FLOOR)
 | Item | Verdict | Evidence |
 |---|---|---|
 | B1 derived TRỎ canonical | **GAP** | derived COPY hard-code count, 0 pointer. Sites: root `CLAUDE.md:53`(53mig→55)/:66(306test→339)/:131(88table)/:133(68→69) · `docs/CLAUDE.md:70`(93bảng pre-Mig50!) · `ef-core-migration/SKILL.md:3,19,77,285,294`(53mig) · `skills/README.md:20,90` · `dependency-audit-erp/SKILL.md:153`. CLEAN exemplar: `PROJECT-MAP.md` (0 count-token, 241 dòng) |
 | B2 readable (no pointer-soup) | **PRESENT** | root CLAUDE.md:1-9 readable; stable facts inline đúng |
 | B3 freshness-DETECT grep gate | **GAP** | NO detector (`.claude/hooks`+`.claude/scripts` absent; hmw.js no-fs ≠ comparator; grep 0 hit) |
 | B4 fix-after-FLAG GATED qua người | **PRESENT (mechanized)** | em-main single-writer `workflows/README:38,39` + `agents/README:199` + git-diff commit-gate backstop |
 **Verdict B:** B2+B4 ĐẠT · **B1+B3 = function-floor GAP**. B4 fix-path đã sẵn → B3 detector output trực-tiếp actionable.
 ## PHẦN C — 3 deterministic-grep detectors (🔴 FUNCTION-FLOOR MANDATE)
 | Item | Verdict | Evidence |
 |---|---|---|
 | C1 broken-pointer detector | **GAP** | 0 detector-script (find .claude *.ps1/sh=0; CI deploy.yml 0 grep-gate). Chỉ tooling-auditor agent-judgement |
 | C2 staleness detector (=B3) | **GAP** | trùng B3; monthly-drift-audit = agent đọc tay, KHÔNG grep tất-định |
 | C3 vocab-fork detector | **GAP** | 0; vocab-fork SỐNG THẬT chưa ai dò: `wave↔run-trace`(_ledger:15), `Dự trù↔Ngân sách PRO↔PeWorkItemBudget`, PRO=Procurement |
 | C4 self-line exclusion | **N/A** | chưa detector → chưa self-exclusion |
 | C5 resolve-condition+2-strike | **PARTIAL** | 2-strike chỉ ở memory-archive convention, KHÔNG ở detector-flag |
 **Verdict C:** **detector-script-thật = CHƯA CÓ.** Chỉ 2 monitor-agent (tooling-auditor/harvest-curator) LLM-judgement propose-only = convention KHÔNG mechanized. → **GAP lớn nhất, IMPLEMENT trọng-tâm.** (Lưu ý: `runs/README:122` "anti-bypass detector TAILORED-OUT" = threat-model KHÁC, KHÔNG phải C1-C3.)
 ## PHẦN D — orchestration engine (🔴 FUNCTION-FLOOR)
 | Item | Verdict | Evidence |
 |---|---|---|
 | D1 session-start DÒ+BÁO | **PRESENT** | §2.1.1 monitor RE-REPORT + §2.1.2 budget-audit, INFORM-only |
 | D2 session-end archive+gác-cờ | **PRESENT** | `session-end.md:39-52` §L + harvest GATE 5-trục |
 | D3 per-turn distill-APPEND | **PRESENT (convention)** | C4 primary harvest-LIỀN sau P2 |
 | D4 threshold→workflow-gate | **PRESENT-MẠNH (mechanized)** | `hmw.js:76-78` checkpoint THROW (anti-accidental 515K) |
 | D5 tầng AUTO (semantic-null) | **PARTIAL** | hành-vi có (archive/_INDEX/gist) NHƯNG chưa nhãn 3-tier |
 | D6 tầng DÒ+NÊU-CỜ | **PARTIAL** | monitor INFORM-only flag, chưa gom thành tier có-tên |
 | D7 tầng OWNER-APPROVE | **PARTIAL** | consent+single-writer ngầm, chưa nhãn 3-tier |
 | D8 one-direction lock (canonical→derived) | **GAP** | grep `one-direction\|1-chiều`=0; khái-niệm H11 mới |
 | D9 append-only single-writer (BAR) | **PRESENT-MẠNH (mechanized)** | store_memory strip runtime S48 0/8 subs; B3 |
 | D10 file-tool-write-only | **PRESENT (convention)** | `hmw.js:111` + gotcha #61; CHƯA mechanized-block (Bash residual) |
 | D11 archive MOVE-không-XOÁ | **PRESENT-MẠNH (mechanized)** | byte-0-loss md5sum/grep-Fxf artifact `_ledger:14` |
 **Verdict D:** 7/11 PRESENT (D4/D9/D11 mechanized-mạnh) · **D5/D6/D7 PARTIAL** (3-tier chưa explicit) · **D8 GAP**. H11 "chuẩn-hoá-lại" = nhãn-hoá cái-đã-có, KHÔNG xây-mới.
 ---
 ## 🎯 GAP-LIST → IMPLEMENT (completeness-gate B+C+D phải đủ-trọn)
 **🔴 FUNCTION-FLOOR (bắt-buộc cho ĐẠT):**
 1. **PHẦN C — 3 grep detector script** (`scripts/governance-detectors.ps1`): C1 broken-pointer · C2 staleness (=B3) · C3 vocab-fork · C4 self-line exclusion (0 self-match) · C5 resolve-condition + 2-strike. NO-API (grep+measure only). RUNTIME-prove (chạy + FLAG drift thật + fake-drift test).
 2. **PHẦN B — B1 pointer + B3 detector.** B3 = C2 (cùng script). B1 = derived count-copy → pointer "→ docs/STATUS.md (canonical)" + FIX drift hiện-tại (gated em-main). Sites: root CLAUDE.md + ef-core SKILL + skills/README + dep-audit SKILL + docs/CLAUDE.md.
 3. **PHẦN D — D5/D6/D7 3-tier explicit + D8 one-direction lock.** Codify khối nhãn-hoá (AUTO semantic-null / DÒ+FLAG / OWNER-APPROVE) + luật canonical→derived 1-chiều. → engine-doc + agents/README.
 **🟡 TAILORABLE (optional-mechanize, làm để A mạnh):**
 4. **PHẦN A — A4/A5/A6 + standing-gate.** Add hysteresis(0.85)/keep-floor(≥5)/2-strike params → budget.json + session-end archive-gate script (mechanize A1/A7 thành standing).
 **Engine consolidation doc:** `docs/governance/harness-11-engine.md` — codify D1-D11 + 3-tier + locks + trỏ detector-script + canonical, để engine có 1 nguồn-chuẩn.
 **Single-writer split (D9):** sub viết SCRIPT (.ps1 non-canonical, testable runtime) · **em-main viết governance MD** (engine-doc + B1 pointer + cadence-wire + agents/README — vì đụng canonical/luật, B4 gated).
 **Nấc dogfood trung-thực:** A2/A3/D4/D9/D11 = SE đã runtime-mechanized SẴN (H11 = chuẩn-hoá). C1-C3 + B3 = MỚI build (chưa từng có). D5-D8 + B1 = nhãn-hoá/codify cái ngầm-có.
--- a/.claude/workflows/runs/2026-06-18-h11-audit/run.md
+++ b/.claude/workflows/runs/2026-06-18-h11-audit/run.md
@ -0,0 +1,25 @@
 # RUN — 2026-06-18-h11-audit (Harness-11 adap · STAGE 1 AUDIT)
 > **Harness-10 FLAT run-trace** (TRACKED). Sub ghi `sub-<role>-<i>.md` phẳng cùng cấp. Synthesis → `audit-synthesis.md`.
 - **Workflow:** Harness-11 adap — AUDIT (ground-truth GAP vs SE-present)
 - **Mode:** hmw RUN-TRACE, 4× investigator-codebase (read-only ∥)
 - **Opened:** 2026-06-18 (S75)
 - **Mandate:** anh giao `/check-email AI_INFRA + /adap-apply` (mỗi stage workflow review kiểm + report trung thực). H11 ⑤ = IMPLEMENT + REVIEW tách biệt.
 ## Mục tiêu
 Harness-11 = engine bộ-nhớ-và-governance TỰ-BẢO-TRÌ. Tự-DÒ toàn diện (luôn tươi) + AUTO chỉ semantic-null + single-writer bar-không-hạ + đổi-luật owner-approve. **Completeness-gate: phải đủ TRỌN PHẦN B+C+D (🔴 function-floor) mới ĐẠT; A 🟡 tailor.** H11 = chuẩn-hoá lại cái SE đã có một phần (H9 L2 + H10 run-trace) → AUDIT để biết PRESENT/PARTIAL/GAP từng item, tránh xây lại.
 ## Task list (4 lane, mỗi lane 1 PHẦN)
 | Lane | Role | PHẦN | Scope |
 |---|---|---|---|
 | audit-A | investigator-codebase | A1–A7 (hot-mem auto-archive 🟡) | session-end.md · measure-agent-memory.ps1 · memory-budget.json · agent-memory/*/archive/_INDEX/gist |
 | audit-B | investigator-codebase | B1–B4 (derived→canonical + freshness 🔴) | root CLAUDE.md · docs/CLAUDE.md · agents/README · skills · có freshness-detector chưa |
 | audit-C | investigator-codebase | C1–C5 (3 grep detectors 🔴) | scripts/ · .claude/ — có broken-pointer/staleness/vocab-fork detector chưa · self-exclusion · resolve-condition |
 | audit-D | investigator-codebase | D1–D11 (orchestration 🔴) | session-start/end cadence · 3-tier safe-split · 4 locks (1-direction/append-single-writer/file-tool/move-not-delete) |
 ## Acceptance
 Mỗi item (A1-7, B1-4, C1-5, D1-11) phân loại **PRESENT / PARTIAL / GAP** + evidence file:line + artifact nếu có. Output → `audit-synthesis.md` (em main gom).
 ## Run-id
 `wf_7fdc3bd5-930`
--- a/.claude/workflows/runs/2026-06-18-h11-checklist-verify/checklist-verify-synthesis.md
+++ b/.claude/workflows/runs/2026-06-18-h11-checklist-verify/checklist-verify-synthesis.md
@ -0,0 +1,39 @@
 # CHECKLIST-VERIFY SYNTHESIS — Harness-11 (2026-06-18-h11-checklist-verify · `wf_39cd4cbe-f07`)
 > 3× investigator-codebase (read-only ∥, evidence-mapping). Em-main scribe @P3. **VERDICT: ✅ completeness-gate H11 ĐẠT — B+C+D đủ-trọn, A 🟡 tailored.** Rà từng item bằng bằng-chứng thật (run-output/file:line), KHÔNG trí-nhớ.
 ## CL1 — PHẦN A (🟡) + PHẦN B (🔴) → PASS
 **A1-A7 PRESENT (🟡 tailored), runtime qua `memory-archive-gate.ps1`:**
 | Item | Nấc | Loại | Evidence |
 |---|---|---|---|
 | A1 byte-gate | exec+runtime | mechanized | cap 25600 echoed; flag 3 over-cap (cicd 26798·inv 31502·reviewer 38755) |
 | A2 additive MOVE | exec (design) | convention | DRY-RUN plan-only, MOVE thật = em-main D5 (no auto-move memory canonical) |
 | A3 _INDEX pointer | exec+runtime | mechanized | A7 đọc 4 _INDEX, 186 pointer |
 | A4 hysteresis 0.85 | exec+runtime | mechanized | low-water 21760 echoed |
 | A5 keep-floor 5 | exec+runtime | mechanized | WARN fired inv+reviewer (oldest-movable exhausted trước lowMark) |
 | A6 2-strike | exec / runtime-PARTIAL | mechanized | **legit-gap by-design:** cần 2× `-Apply` (DRY-RUN strike=1 WATCH, `.archive-strikes.json` absent); script self-doc [TAILOR] |
 | A7 NO-API L1-eval | exec+runtime | mechanized | **GATE PASS 186/186 resolve, 0 fail, exit 0** |
 **B1-B4 PRESENT (🔴 floor MET), completeness B PASS:**
 - B1 ✅ 5/5 derived docs ≥1 STATUS pointer (CLAUDE.md:53/66/87 · ef-core SKILL:3/19 · skills/README:20). Caveat: residual soft-net FP (module-local "6 test"/"4 bảng Budget") — B2 tradeoff, KHÔNG B1-fail.
 - B2 ✅ readable giữ (ef-core SKILL:85-120 table inline, không pointer-soup).
 - B3 ✅ exec+runtime (C2 ran, canonical mig55/test339/gotcha69/table88 == disk, FLAG 10 stale = detect-works).
 - B4 ✅ GATED (engine:42 FLAG→em-main + git-diff backstop + D9 single-writer).
 ## CL2 — PHẦN C (🔴 MANDATE) → ĐẠT 5/5, completeness-gate CỨNG met
 26 flag, exit 0, qua `governance-detectors.ps1`:
 - C1 ✅ exec+runtime mechanized (gotcha-ref 0 broken + 13 dangling-wikilink LOW).
 - C2/B3 ✅ exec+runtime mechanized (canonical 55/339/69/88 + disk cross-check [OK] + 10 MED).
 - C3 ✅ exec+runtime mechanized (CẢ 3 fork: wave↔run-trace 15/19f · Dự trù↔Ngân sách PRO 7/6f · two-tier↔all-inherit 17/10f).
 - C4 ✅ exec+runtime mechanized (self-match=0, 5 paths excluded ALL exist, leaked=0).
 - C5 ✅ resolve 26/26 + 2-strike HONEST-scoped (convention em-main, detector stateless — KHÔNG over-claim).
 - NO-API grep 0-hit · 0-auto-write grep 0-hit.
 ## CL3 — PHẦN D (🔴) → ĐẠT 11/11, completeness-gate D PASS
 - D1 session-start.md:83 (detector) · D2 session-end.md:48 (archive-gate) · D3 ultra-on.md:35 (per-turn) · **D4 hmw.js:76-78 THROW MECHANIZED** (verify dòng throw tồn-tại ✓).
 - **D5/D6/D7 explicit-label = YES** (engine:62-69 table NHÃN-HOÁ EXPLICIT — H11 chuẩn-hoá-mới).
 - **D8 one-direction codify = YES** (engine:72 'codify mới H11' canonical→derived KHÔNG ghi ngược).
 - D9 store_memory strip MECHANIZED (grep tools-line 0-hit) · D10 file-tool-write convention (engine tự nhận Bash chưa block cứng) · **D11 byte-0-loss RUNTIME** (h910-curate md5sum+grep-Fxf 10/10 proven).
 ## TỔNG: completeness-gate H11 ĐẠT
 **B (4/4) + C (5/5) + D (11/11) đủ-trọn** = function-floor MET. **A 🟡 tailored** (A6 runtime cần 2× -Apply = legit-gap có-chủ-đích, đã self-doc). Honest residual: B1 soft-net FP (advisory), A6 runtime-partial (by-design), C3 console mojibake (display-only). KHÔNG bộ-khung nào thiếu → KHÔNG phải "áp một phần".
--- a/.claude/workflows/runs/2026-06-18-h11-checklist-verify/run.md
+++ b/.claude/workflows/runs/2026-06-18-h11-checklist-verify/run.md
@ -0,0 +1,25 @@
 # RUN — 2026-06-18-h11-checklist-verify (Harness-11 adap · CHECKLIST self-verify, anh giao)
 > **Harness-10 FLAT run-trace** (TRACKED). 3× investigator-codebase (read-only ∥, evidence-mapping). Synthesis → `checklist-verify-synthesis.md`.
 - **Workflow:** Harness-11 CHECKLIST formal self-verify (anh giao "workflow double check lại checklist 1 lần nữa")
 - **Mode:** hmw RUN-TRACE. Rà TỪNG item checklist H11 broadcast → chấm nấc + bằng-chứng. "Completeness-gate: bằng chứng thật, KHÔNG bằng trí nhớ."
 - **Khác double-check #1:** DC#1 = adversarial correctness/regression. Cái này = formal checklist scorecard từng-item theo đúng rubric checklist H11 (Hành-động · Tự-verify · Nấc · Loại).
 ## Rubric (theo checklist H11)
 - **Nấc:** executed-file (file tĩnh có trên đĩa) / runtime (đã chạy-quan-sát) / executed-file+runtime.
 - **Loại:** mechanized (artifact/cổng-máy bảo-chứng) / convention (người tuân-thủ, không cổng máy).
 - **Completeness-gate:** B+C+D phải hiện-diện ĐỦ-TRỌN; thiếu 1 = CHƯA-ĐẠT. A = 🟡 tailorable.
 ## 3 lane
 | Lane | Role | Checklist section |
 |---|---|---|
 | CL1 | investigator-codebase | PHẦN A (A1-A7 🟡) + PHẦN B (B1-B4 🔴) |
 | CL2 | investigator-codebase | PHẦN C (C1-C5 🔴 mandate) — chạy detector |
 | CL3 | investigator-codebase | PHẦN D (D1-D11 🔴) — D.1 nhịp + D.2 3-tier + D.3 4-chốt |
 ## Acceptance
 Mỗi item: status + evidence (file:line / run-output) + nấc + loại, KHÔNG trí-nhớ. Section verdict ĐẠT/CHƯA. Completeness-gate cuối: B+C+D đủ-trọn?
 ## Run-id
 `wf_39cd4cbe-f07`
--- a/.claude/workflows/runs/2026-06-18-h11-doublecheck/_patch.py
+++ b/.claude/workflows/runs/2026-06-18-h11-doublecheck/_patch.py
@ -0,0 +1,14 @@
 p=r"D:/Dropbox/CONG_VIEC/SOLUTION/SOLUTION_ERP/.claude/workflows/runs/2026-06-18-h11-doublecheck/_scratch-det.ps1"
 lines=open(p,encoding='utf-8').read().split('\n')
 out=[];n=0
 for ln in lines:
    s=ln
    if "if ($line -match '^\s*\|') { continue }" in ln:
        s="        if ($false) { continue } #DIS-tablerow"; n+=1
    elif "baseline|" in ln and "S\d{2}" in ln and "{ continue }" in ln:
        s="        if ($false) { continue } #DIS-historical"; n+=1
    elif "if ($pre -match" in ln and "phase|session" in ln:
        s="                if ($false) { continue } #DIS-versionprefix"; n+=1
    out.append(s)
 open(p,'w',encoding='utf-8').write('\n'.join(out))
 print("patched lines:",n)
--- a/.claude/workflows/runs/2026-06-18-h11-doublecheck/_scratch-det.ps1
+++ b/.claude/workflows/runs/2026-06-18-h11-doublecheck/_scratch-det.ps1
@ -0,0 +1,406 @@
 <#
 .SYNOPSIS
  governance-detectors.ps1 - Harness-11 PHAN C + B3 governance drift detectors.
 .DESCRIPTION
  NO-API, DETECT-and-FLAG-only grep net (Harness-11 mandate):
    (1) NO-API   - only Select-String + byte/file-exist measure. NEVER calls model/API.
    (2) FLAG-only - prints FLAGs, NEVER edits files (auto-WRITE of rules = top hazard, forbidden).
    (3) PowerShell 5.1 compatible. Run offline. ASCII-only script body (gotcha #30);
        target-file content is read -Encoding UTF8 so Vietnamese count-tokens
        (bay / bang / Du tru) match correctly.
    (5) DETECT-only LOWERING NET, not a hard build gate. Exit code always 0.
  Detectors:
    C2/B3 - derived-staleness : canonical counts from STATUS.md (cross-checked vs disk),
                                then derived docs scanned for stale count-tokens.
    C1    - broken-pointer    : (a) gotcha #N refs > max-gotcha or missing "### N." anchor
                                (b) dangling [[wikilink]] in user-memory / agent-memory.
    C3    - vocab-fork        : alias-sets where >=2 variants live side-by-side.
    C4    - self-line exclusion: pattern-describing files removed from every scan
                                 (else the detector self-matches).
  Each FLAG line:
    [DETECTOR] severity | file:line | description | resolve: <un-flag condition>   (C5)
 .PARAMETER RepoRoot
  Repo root. Default = resolved 2 levels up from this script (scripts/ -> repo root).
 .EXAMPLE
  powershell.exe -ExecutionPolicy Bypass -File scripts/governance-detectors.ps1
 #>
 param(
    [string]$RepoRoot = (Resolve-Path (Join-Path $PSScriptRoot '..')).Path
 )
 $ErrorActionPreference = 'Continue'
 # ---------------------------------------------------------------------------
 # Helpers
 # ---------------------------------------------------------------------------
 $script:FlagCount = 0
 function Write-Flag {
    param(
        [ValidateSet('HIGH', 'MED', 'LOW')] [string]$Severity,
        [string]$Where,        # file:line
        [string]$Desc,
        [string]$Resolve
    )
    $color = switch ($Severity) { 'HIGH' { 'Red' } 'MED' { 'Yellow' } default { 'Gray' } }
    Write-Host ("[DETECTOR] {0,-4} | {1} | {2} | resolve: {3}" -f $Severity, $Where, $Desc, $Resolve) -ForegroundColor $color
    $script:FlagCount++
 }
 function Write-Section($title) {
    Write-Host ''
    Write-Host ("===== $title =====") -ForegroundColor Cyan
 }
 # Make a path repo-relative for readable FLAG output (forward slashes).
 function Rel($full) {
    $r = $full
    if ($full.StartsWith($RepoRoot, [StringComparison]::OrdinalIgnoreCase)) {
        $r = $full.Substring($RepoRoot.Length).TrimStart('\', '/')
    }
    return ($r -replace '\\', '/')
 }
 # ---------------------------------------------------------------------------
 # Unicode-token builder (gotcha #30 mojibake guard).
 # This .ps1 is ASCII-only on disk. PowerShell 5.1 decodes a BOM-less .ps1 with
 # the system ANSI codepage (NOT UTF-8) when launched via -File, which corrupts
 # any inline Vietnamese literal (e.g. "bay" -> mojibake) so it can no longer
 # match correctly-decoded UTF-8 file content. We therefore build every
 # Vietnamese token from Unicode code points at RUNTIME -> encoding-independent.
 function U { param([int[]]$cp) -join ($cp | ForEach-Object { [char]$_ }) }
 # Vietnamese tokens used by detectors:
 $VN_BAY  = U @(0x62, 0x1EAB, 0x79)                                  # "bay" (gotcha synonym)
 $VN_BANG = U @(0x62, 0x1EA3, 0x6E, 0x67)                            # "bang" (table synonym)
 $VN_DUTRU_PRO  = U @(0x44, 0x1EF1, 0x20, 0x74, 0x72, 0xF9, 0x20, 0x50, 0x52, 0x4F)             # "Du tru PRO"
 $VN_NGANSACH_PRO = U @(0x4E, 0x67, 0xE2, 0x6E, 0x20, 0x73, 0xE1, 0x63, 0x68, 0x20, 0x50, 0x52, 0x4F) # "Ngan sach PRO"
 # ---------------------------------------------------------------------------
 # C4 - self-line exclusion (BUILT FIRST so every scan can apply it)
 # These files DESCRIBE the patterns the detectors look for; without exclusion
 # the detector would flag itself. Glob-style suffix/substring rules.
 # ---------------------------------------------------------------------------
 $ExcludeExact = @(
    (Join-Path $RepoRoot 'scripts\governance-detectors.ps1'),
    (Join-Path $RepoRoot 'docs\governance\harness-11-engine.md')
 ) | ForEach-Object { $_ -replace '/', '\' }
 $ExcludeDirFragments = @(
    '\broadcasts\inbox\',
    '\broadcasts\outbox\',
    '\.claude\workflows\runs\',
    '\.claude\workflows\scripts\'
 )
 function Test-Excluded($full) {
    $p = ($full -replace '/', '\')
    foreach ($ex in $ExcludeExact) { if ($p -ieq $ex) { return $true } }
    foreach ($frag in $ExcludeDirFragments) { if ($p -ilike "*$frag*") { return $true } }
    return $false
 }
 # Resolve which excluded paths actually exist on disk (for the audit line).
 $ExcludedActual = @()
 foreach ($ex in $ExcludeExact) { if (Test-Path $ex) { $ExcludedActual += $ex } }
 foreach ($frag in $ExcludeDirFragments) {
    $probe = Join-Path $RepoRoot ($frag.Trim('\'))
    if (Test-Path $probe) { $ExcludedActual += $probe }
 }
 # Gather governance MD set ONCE (docs/** + .claude/** *.md), minus excluded.
 function Get-GovernanceMd {
    $dirs = @((Join-Path $RepoRoot 'docs'), (Join-Path $RepoRoot '.claude'))
    $all = @()
    foreach ($d in $dirs) {
        if (Test-Path $d) {
            $all += Get-ChildItem -Path $d -Recurse -Filter *.md -File -ErrorAction SilentlyContinue
        }
    }
    return $all | Where-Object { -not (Test-Excluded $_.FullName) }
 }
 $GovMd = Get-GovernanceMd
 # ---------------------------------------------------------------------------
 # Canonical values from docs/STATUS.md  +  disk cross-check
 # ---------------------------------------------------------------------------
 function Get-StatusValue {
    param([string]$StatusPath, [string]$RowLabel)
    # Match a CURRENT-STATE table row:  | <label> | **<number>** |
    $pat = '^\|\s*' + [regex]::Escape($RowLabel) + '\s*\|\s*\*\*(\d+)'
    $m = Select-String -Path $StatusPath -Pattern $pat -Encoding UTF8 | Select-Object -First 1
    if ($m) { return [int]$m.Matches[0].Groups[1].Value }
    return $null
 }
 Write-Section 'C2/B3 - canonical resolve + disk cross-check'
 $statusPath = Join-Path $RepoRoot 'docs\STATUS.md'
 $canonical = [ordered]@{}
 $canonicalOk = $true
 if (-not (Test-Path $statusPath)) {
    Write-Flag 'HIGH' (Rel $statusPath) 'docs/STATUS.md not found - cannot resolve canonical counts' 'create docs/STATUS.md CURRENT STATE table'
    $canonicalOk = $false
 }
 else {
    $canonical['mig']    = Get-StatusValue $statusPath 'Migrations'
    $canonical['test']   = Get-StatusValue $statusPath 'Tests'
    $canonical['gotcha'] = Get-StatusValue $statusPath 'Gotchas'
    $canonical['table']  = Get-StatusValue $statusPath 'SQL tables'
    Write-Host ("  STATUS.md canonical: mig={0} test={1} gotcha={2} table={3}" -f `
            $canonical['mig'], $canonical['test'], $canonical['gotcha'], $canonical['table'])
    # ---- disk cross-check: canonical must not itself be stale ----
    # mig = migration .cs files (exclude *Designer.cs / *ModelSnapshot.cs), recursive
    #       so it survives Migrations/ vs Persistence/Migrations/ layout differences.
    $migDirs = Get-ChildItem -Path (Join-Path $RepoRoot 'src') -Recurse -Directory -Filter 'Migrations' -ErrorAction SilentlyContinue |
        Where-Object { $_.FullName -notmatch '\\(bin|obj|node_modules)\\' }
    $diskMig = 0
    foreach ($md in $migDirs) {
        $diskMig += (Get-ChildItem -Path $md.FullName -Filter *.cs -File -ErrorAction SilentlyContinue |
                Where-Object { $_.Name -notlike '*Designer.cs' -and $_.Name -notlike '*ModelSnapshot.cs' }).Count
    }
    # gotcha = highest N from "### N." headings in docs/gotchas.md
    $gotchasPath = Join-Path $RepoRoot 'docs\gotchas.md'
    $diskGotcha = $null
    if (Test-Path $gotchasPath) {
        $nums = Select-String -Path $gotchasPath -Pattern '^### (\d+)\.' -Encoding UTF8 |
            ForEach-Object { [int]$_.Matches[0].Groups[1].Value }
        if ($nums) { $diskGotcha = ($nums | Measure-Object -Maximum).Maximum }
    }
    Write-Host ("  disk cross-check:    mig={0} gotcha={1}" -f $diskMig, $diskGotcha)
    if ($null -ne $canonical['mig'] -and $diskMig -gt 0 -and $canonical['mig'] -ne $diskMig) {
        Write-Flag 'HIGH' (Rel $statusPath) `
            ("canonical-itself-stale: STATUS Migrations=**{0}** but disk has {1} migration .cs" -f $canonical['mig'], $diskMig) `
            ("re-ground STATUS.md Migrations row to {0}" -f $diskMig)
        $canonicalOk = $false
    }
    if ($null -ne $canonical['gotcha'] -and $null -ne $diskGotcha -and $canonical['gotcha'] -ne $diskGotcha) {
        Write-Flag 'HIGH' (Rel $statusPath) `
            ("canonical-itself-stale: STATUS Gotchas=**{0}** but docs/gotchas.md max anchor is {1}" -f $canonical['gotcha'], $diskGotcha) `
            ("re-ground STATUS.md Gotchas row to {0}" -f $diskGotcha)
        $canonicalOk = $false
    }
    if ($canonicalOk) {
        Write-Host '  [OK] canonical matches disk (mig + gotcha) - safe baseline for derived scan' -ForegroundColor Green
    }
 }
 # ---------------------------------------------------------------------------
 # C2/B3 - derived-staleness scan
 # Derived docs that summarize counts; each should match canonical OR be a pointer.
 # ---------------------------------------------------------------------------
 Write-Section 'C2/B3 - derived-doc staleness'
 # token-regex -> canonical key. Vietnamese tokens built from code points (ASCII source).
 $countPatterns = @(
    @{ Rx = '(\d+)\s*migration';                          Key = 'mig';    Label = 'migration' },
    @{ Rx = '(\d+)\s*test';                               Key = 'test';   Label = 'test' },
    @{ Rx = ('(\d+)\s*(?:' + $VN_BAY + '|gotcha)');       Key = 'gotcha'; Label = 'gotcha/bay' },
    @{ Rx = ('(\d+)\s*(?:' + $VN_BANG + '|table)');       Key = 'table';  Label = 'table/bang' }
 )
 $derivedDocs = @(
    'CLAUDE.md',
    'docs\CLAUDE.md',
    '.claude\skills\ef-core-migration\SKILL.md',
    '.claude\skills\README.md',
    '.claude\skills\dependency-audit-erp\SKILL.md'
 ) | ForEach-Object { Join-Path $RepoRoot $_ }
 foreach ($doc in $derivedDocs) {
    if (-not (Test-Path $doc)) { continue }
    if (Test-Excluded $doc) { continue }
    $lines = Get-Content -Path $doc -Encoding UTF8
    for ($i = 0; $i -lt $lines.Count; $i++) {
        $line = $lines[$i]
        # C2 FP-reduction (R2 refinement S75): per-item table rows + frozen-historical lines are NOT state-count claims
        if ($false) { continue } #DIS-tablerow
        if ($false) { continue } #DIS-historical
        foreach ($cp in $countPatterns) {
            $canon = $canonical[$cp.Key]
            if ($null -eq $canon) { continue }
            foreach ($m in [regex]::Matches($line, $cp.Rx)) {
                $pre = $line.Substring([Math]::Max(0, $m.Index - 12), [Math]::Min(12, $m.Index))
                if ($false) { continue } #DIS-versionprefix
                $n = [int]$m.Groups[1].Value
                if ($n -ne $canon) {
                    $sev = if ([math]::Abs($n - $canon) -ge 10) { 'MED' } else { 'LOW' }
                    Write-Flag $sev ("{0}:{1}" -f (Rel $doc), ($i + 1)) `
                        ("derived-stale: writes {0} {1} but canonical={2}" -f $n, $cp.Label, $canon) `
                        ("update to {0} OR replace with pointer '-> docs/STATUS.md'" -f $canon)
                }
            }
        }
    }
 }
 Write-Host '  (note: count-token grep is a soft net - module-local phrases like "4 bang Budget" / "71 test (Phase 8)" can false-positive; treat LOW sev as review-not-fail)' -ForegroundColor DarkGray
 # ---------------------------------------------------------------------------
 # C1 - broken-pointer: gotcha #N refs
 # ---------------------------------------------------------------------------
 Write-Section 'C1 - broken gotcha-ref'
 $maxGotcha = $canonical['gotcha']
 $gotchasPath = Join-Path $RepoRoot 'docs\gotchas.md'
 $gotchaAnchors = @{}
 if (Test-Path $gotchasPath) {
    Select-String -Path $gotchasPath -Pattern '^### (\d+)\.' -Encoding UTF8 |
        ForEach-Object { $gotchaAnchors[[int]$_.Matches[0].Groups[1].Value] = $true }
 }
 if ($null -eq $maxGotcha -or $gotchaAnchors.Count -eq 0) {
    Write-Host '  [skip] no canonical max-gotcha or no anchors parsed - cannot validate gotcha refs' -ForegroundColor DarkGray
 }
 else {
    # Match "gotcha #N", "gotcha N", and bare "#N" tokens.
    $refRx = '(?:gotcha[s]?\s*#?(\d+))|(?<![A-Za-z0-9])#(\d+)'
    foreach ($f in $GovMd) {
        $lines = Get-Content -Path $f.FullName -Encoding UTF8
        for ($i = 0; $i -lt $lines.Count; $i++) {
            foreach ($m in [regex]::Matches($lines[$i], $refRx)) {
                $num = if ($m.Groups[1].Success) { [int]$m.Groups[1].Value } else { [int]$m.Groups[2].Value }
                $isGotchaWord = $m.Groups[1].Success
                # bare "#N": only treat as gotcha-ref candidate when N is in gotcha numeric range
                # to avoid PR/issue/run numbers. gotcha-word form always validated.
                if (-not $isGotchaWord) {
                    if ($num -le 0 -or $num -gt ($maxGotcha + 50)) { continue }
                    # bare #N with N <= maxGotcha and anchor exists -> fine, skip silently
                    if ($num -le $maxGotcha -and $gotchaAnchors.ContainsKey($num)) { continue }
                    # bare #N > maxGotcha is ambiguous (could be Run #312) -> skip to avoid noise
                    if ($num -gt $maxGotcha) { continue }
                }
                if ($num -gt $maxGotcha) {
                    Write-Flag 'MED' ("{0}:{1}" -f (Rel $f.FullName), ($i + 1)) `
                        ("broken-gotcha-ref: cites #{0} but max gotcha is {1}" -f $num, $maxGotcha) `
                        'fix the number or add the gotcha to docs/gotchas.md'
                }
                elseif ($isGotchaWord -and -not $gotchaAnchors.ContainsKey($num)) {
                    Write-Flag 'LOW' ("{0}:{1}" -f (Rel $f.FullName), ($i + 1)) `
                        ("broken-gotcha-ref: 'gotcha #{0}' has no '### {0}.' anchor in gotchas.md" -f $num) `
                        'fix ref or create the missing gotcha anchor'
                }
            }
        }
    }
 }
 # ---------------------------------------------------------------------------
 # C1 - broken-pointer: dangling [[wikilink]]  (user-memory + agent-memory)
 # ---------------------------------------------------------------------------
 Write-Section 'C1 - dangling wikilink'
 # user-memory dir (outside repo). Derive from this machine's project slug; if not
 # reachable, fall back to in-repo agent-memory only + emit a note.
 $userMemDir = 'C:\Users\pqhuy\.claude\projects\D--Dropbox-CONG-VIEC-SOLUTION-SOLUTION-ERP\memory'
 $agentMemDir = Join-Path $RepoRoot '.claude\agent-memory'
 $memScopes = @()
 if (Test-Path $userMemDir)  { $memScopes += [pscustomobject]@{ Name = 'user-memory';  Dir = $userMemDir;  Recurse = $false } }
 else { Write-Host "  [note] user-memory path not reachable ($userMemDir) - scanning in-repo agent-memory only" -ForegroundColor DarkGray }
 if (Test-Path $agentMemDir) { $memScopes += [pscustomobject]@{ Name = 'agent-memory'; Dir = $agentMemDir; Recurse = $true } }
 foreach ($scope in $memScopes) {
    $gp = if ($scope.Recurse) {
        Get-ChildItem -Path $scope.Dir -Recurse -Filter *.md -File -ErrorAction SilentlyContinue
    } else {
        Get-ChildItem -Path $scope.Dir -Filter *.md -File -ErrorAction SilentlyContinue
    }
    # Build the set of existing target basenames in this scope.
    $targets = @{}
    foreach ($g in $gp) { $targets[$g.BaseName] = $true; $targets[($g.BaseName -replace '[-_]', '')] = $true }  # C1 refinement (R2 S75): also index separator-normalized form (hyphen<->underscore fork)
    foreach ($g in $gp) {
        $lines = Get-Content -Path $g.FullName -Encoding UTF8
        for ($i = 0; $i -lt $lines.Count; $i++) {
            foreach ($m in [regex]::Matches($lines[$i], '\[\[([a-z0-9_-]+)\]\]')) {
                $tgt = $m.Groups[1].Value
                if (-not ($targets.ContainsKey($tgt) -or $targets.ContainsKey(($tgt -replace '[-_]', '')))) {
                    Write-Flag 'LOW' ("{0}/{1}:{2}" -f $scope.Name, $g.Name, ($i + 1)) `
                        ("dangling-wikilink: [[{0}]] -> {0}.md not found in {1}" -f $tgt, $scope.Name) `
                        'fix the link target or create the file (note: hyphen vs underscore basename fork is common)'
                }
            }
        }
    }
 }
 # ---------------------------------------------------------------------------
 # C3 - vocab-fork
 # ---------------------------------------------------------------------------
 Write-Section 'C3 - vocab-fork'
 # Seed alias-sets (hard-coded from audit; extend over time). Vietnamese variants
 # built from code points so the .ps1 stays ASCII-only (gotcha #30) yet matches
 # correctly-decoded UTF-8 content.
 $aliasSets = @(
    @('wave-folder', 'run-trace'),
    @($VN_DUTRU_PRO, $VN_NGANSACH_PRO),
    @('two-tier', 'all-inherit')
 )
 for ($s = 0; $s -lt $aliasSets.Count; $s++) {
    $variants = $aliasSets[$s]
    $perVariantFiles = @{}
    foreach ($v in $variants) { $perVariantFiles[$v] = New-Object System.Collections.Generic.List[string] }
    foreach ($f in $GovMd) {
        $content = Get-Content -Path $f.FullName -Raw -Encoding UTF8
        if ($null -eq $content) { continue }
        foreach ($v in $variants) {
            if ($content -match [regex]::Escape($v)) {
                $perVariantFiles[$v].Add((Rel $f.FullName)) | Out-Null
            }
        }
    }
    $liveVariants = @($variants | Where-Object { $perVariantFiles[$_].Count -gt 0 })
    if ($liveVariants.Count -ge 2) {
        $detail = ($liveVariants | ForEach-Object { "{0}={1}f" -f $_, $perVariantFiles[$_].Count }) -join ' vs '
        $sample = ($liveVariants | ForEach-Object {
                $first = $perVariantFiles[$_] | Select-Object -First 2
                "'$_' in [$($first -join ', ')]"
            }) -join ' | '
        Write-Flag 'MED' 'multiple files' `
            ("vocab-fork: $detail live side-by-side -- $sample") `
            'merge to ONE canonical term, or record an alias-map in docs/governance'
    }
 }
 # ---------------------------------------------------------------------------
 # Summary + C4 self-exclusion audit (RUNTIME proof)
 # ---------------------------------------------------------------------------
 Write-Section 'Summary'
 # Confirm 0 self-match: the detector script must never appear in the scanned set.
 $selfPath = (Join-Path $RepoRoot 'scripts\governance-detectors.ps1') -replace '/', '\'
 $selfInScan = @($GovMd | Where-Object { ($_.FullName -replace '/', '\') -ieq $selfPath }).Count
 # (governance-detectors.ps1 is .ps1 not .md so never in $GovMd; this asserts the
 #  invariant explicitly. Also assert none of the excluded dirs leaked in.)
 $leaked = @($GovMd | Where-Object { Test-Excluded $_.FullName }).Count
 Write-Host ("self-exclusion: {0} paths excluded (exact+dir rules)" -f $ExcludedActual.Count)
 foreach ($e in $ExcludedActual) { Write-Host ("  - excluded: {0}" -f (Rel $e)) -ForegroundColor DarkGray }
 Write-Host ("self-match check: governance-detectors.ps1 in scan = {0} ; leaked excluded files in scan = {1}" -f $selfInScan, $leaked)
 if ($selfInScan -eq 0 -and $leaked -eq 0) {
    Write-Host '  [OK] 0 self-match (C4 satisfied)' -ForegroundColor Green
 } else {
    Write-Host '  [!] self-exclusion LEAK - investigate Test-Excluded rules' -ForegroundColor Red
 }
 Write-Host ''
 Write-Host ("TOTAL FLAGS: {0}" -f $script:FlagCount) -ForegroundColor Cyan
 Write-Host 'NOTE: DETECT-only lowering net. Exit 0 always (never fails build). FLAGs are advisory.' -ForegroundColor DarkGray
 exit 0
--- a/.claude/workflows/runs/2026-06-18-h11-doublecheck/doublecheck-synthesis.md
+++ b/.claude/workflows/runs/2026-06-18-h11-doublecheck/doublecheck-synthesis.md
@ -0,0 +1,28 @@
 # DOUBLE-CHECK SYNTHESIS — Harness-11 adap (2026-06-18-h11-doublecheck · `wf_a0b68d2f-30e`)
 > 3× reviewer (read-only, adversarial ∥). Em-main scribe @P3. **VERDICT: ✅ PASS — 0 blocker.** Re-verify commit `e70c046` + regression của refinement em-main áp sau REVIEW-1.
 ## DA1 — over-suppression regression → FAILED-no-StructuredOutput → **em-main self-gate CLOSED**
 - Reviewer lane parallel[0] không trả StructuredOutput (lỗi #53 schema-force tái diễn).
 - **Em-main self-gate (recovery-pattern):** inject prose fake-drift "99 migration" (KHÔNG table-row/version/historical) → detector **CAUGHT** "99 migration but canonical=55" → revert clean. → **no over-suppression, runtime-proven.**
 - Bonus: detector pure-ASCII (Python scan 0 non-ASCII — gotcha #30 clean) · PS parse OK · exit 0 · 26 flag.
 ## DA2 — committed-state correctness → **PASS**
 - B1 **exactly 11** pointer-conversion (grep -c = 11). root CLAUDE.md:53 **tail byte-identical** (`sed -n '53p'` ends "...phiếu cũ.)" = old) → 0 load-bearing prose loss; chỉ leading count-phrase swap + S74/S73 additive prefix.
 - ef-core Mig 54/55 rows = **tên migration THẬT trên disk** (`AddPeSuggestedAndApprovedPrice` + `AddCcmNoteToPeWorkItemBudget` .cs EXIST).
 - 0 stale-count residual (grep 53mig/306test/68gotcha/93bảng = 0). cadence §2.1.3/§L.b cú-pháp đúng, path tồn-tại + run clean. engine-doc line-ref accurate (D5=:67, hmw.js:76/103/111, budget.json:19).
 - 2 MINOR (đã FIX): agents/README "(pending)" stale + C2 FP CLAUDE.md:84/:90.
 ## DA3 — containment + regression → **PASS** (0 blocker/0 major/1 minor-info)
 - Q1 0 production code (grep src/|fe-* = 0). Q2 run-trace đủ (audit/review NO sub = read-only em-main-scribe ✓ · implement có sub-task-0/1 = general-purpose Write ✓ · ledger CLOSE-beat all prior). Q4 single-writer (0 sub MEMORY.md residual · .archive-strikes.json absent). Q5 budget.json pure-additive (measured/tiers/last_sleep_at untouched).
 - **Q3 broadcasts byte-verified:** recompute INBOX body=`b2a2fc1cf399` (==_index ==frontmatter), whole-file=`318ff9f6` (==commit-msg); OUTBOX body=`7fa1b53a61ae` (==_index ==frontmatter). KHỚP TUYỆT-ĐỐI.
 - **REGRESSION over-suppression HUNT (độc-lập confirm self-gate):** enumerate cái C2-skip che = per-item frozen (ef-core "Mig 12→10 bảng") + Session-N historical + CLAUDE.md "88 table"==canonical — KHÔNG cái nào là live-aggregate-state-count. Cả 11 prose-drift VẪN bắt. C1 normalize verified 2 chiều (genuine-dangling vẫn flag + prefix-differ vẫn flag). **NO real drift hidden.**
 - Anti-finding: C3 console mojibake "D? tr<74>" = console-codepage Bash-capture artifact, KHÔNG script bug ([Console]::OutputEncoding=UTF8 render "Dự trù PRO" đúng; Select-String so-sánh UTF-8 chính-xác).
 ## Em-main actions post-doublecheck
 1. ✅ self-gate fake-drift (close DA1) — no over-suppression, runtime.
 2. ✅ +C2 "test project" skip (line 90 FP gone, 27→26) — ASCII clean.
 3. ✅ agents/README "(pending)" → run-id thật (review `wf_d7ca1ff8-942` + doublecheck `wf_a0b68d2f-30e`).
 4. ⚠️ Tree-line FP-skip ATTEMPTED rồi REVERT (literal box-glyph = gotcha #30 trap; \u-escape edit bị tool render-normalize → bỏ, line 84 "6 test" giữ làm documented soft-net FP, advisory exit-0 harmless). **Bài học: KHÔNG đưa box-glyph vào .ps1 — kể cả qua Edit tool (normalize).**
 ## VERDICT: PASS — committed-state đúng, refinement 0-regression (triple-confirmed self-gate+DA2+DA3), containment clean. Sẵn-sàng checklist-verify + push.
--- a/.claude/workflows/runs/2026-06-18-h11-doublecheck/run.md
+++ b/.claude/workflows/runs/2026-06-18-h11-doublecheck/run.md
@ -0,0 +1,20 @@
 # RUN — 2026-06-18-h11-doublecheck (Harness-11 adap · DOUBLE-CHECK #1, anh giao)
 > **Harness-10 FLAT run-trace** (TRACKED). 3× reviewer (read-only, adversarial ∥). Synthesis → `doublecheck-synthesis.md`.
 - **Workflow:** Harness-11 adap — DOUBLE-CHECK vòng 2 (anh giao "double check lại 1 turn nữa")
 - **Mode:** hmw RUN-TRACE free-text. Re-review state ĐÃ COMMIT `e70c046` (post-refinement).
 - **Trọng tâm:** REVIEW vòng 1 (`wf_d7ca1ff8-942`) đã PASS + em-main refine C2/C1 (59→27). Vòng này soi **regression của chính refinement** + bất kỳ thứ gì 2 vòng trước sót.
 ## 3 lane
 | Lane | Role | Focus |
 |---|---|---|
 | DA1 over-suppression regression | reviewer | C2 context-skip (table-row/version/historical) + C1 [-_] normalize có làm detector MÙ drift thật không? Test: tạo fake-drift trong context KHÔNG-skip → chạy → confirm bắt → revert. Over-suppress = nguy cơ #1 của refinement |
 | DA2 committed-state correctness | reviewer | git show e70c046: engine-doc + B1 ×11 + cadence-wire ĐÚNG trên disk? B1 có vô-tình đổi nghĩa/xóa nội-dung load-bearing? cadence §2.1.3/§L.b cú-pháp đúng? |
 | DA3 containment + run-trace integrity | reviewer | commit có gì sai? run-trace 4 folder đủ synthesis? broadcasts hash khớp? 0 production code thật? sub-task MD present (impl) vs read-only-scribe (audit/review)? |
 ## Acceptance
 PASS = refinement KHÔNG over-suppress (detector vẫn bắt drift thật) + committed-state đúng + containment clean. Issue → em-main fix trước checklist-verify + push.
 ## Run-id
 `wf_a0b68d2f-30e`
--- a/.claude/workflows/runs/2026-06-18-h11-implement/implement-synthesis.md
+++ b/.claude/workflows/runs/2026-06-18-h11-implement/implement-synthesis.md
@ -0,0 +1,42 @@
 # IMPLEMENT SYNTHESIS — Harness-11 adap (2026-06-18-h11-implement · `wf_c5e5844e-7c1`)
 > 2× general-purpose (script, file-disjoint ∥) + em-main single-writer (governance MD cluster). Em-main scribe synthesis @P3.
 ## Sub Lane 1 — `scripts/governance-detectors.ps1` (PHẦN C + B3) ✅ RUNTIME-PROVEN
 - 401 dòng, ASCII-only body, PS 5.1, exit 0. Flag: **71 pre-B1 → 59 post-B1 → 27 post-refinement (R2)** (HIGH=0) — drift-fix + FP-cut (C2 context-skip table-row/version/historical + C1 `[-_]` normalize), C4 0 self-match suốt.
 - **C1 broken-pointer:** gotcha-ref 0 dangling (sạch) + **29 dangling-wikilink** (hyphen-form `[[feedback-x]]` vs file underscore `feedback_x.md` — REAL inconsistency, để REVIEW judge FP-vs-real).
 - **C2/B3 staleness:** bắt đúng drift root CLAUDE.md (mig53→55·test306→339·gotcha68→69) = runtime proof. Canonical đọc STATUS.md + cross-check disk (mig=55, gotcha=69 khớp → 0 'canonical-stale').
 - **C3 vocab-fork:** `wave-folder=15f vs run-trace=18f` + bonus `two-tier=17f vs all-inherit=10f` + `Dự trù PRO=7f vs Ngân sách PRO=6f` (rename S65 còn 2 tên sống).
 - **C4 self-exclusion:** 5 paths excluded, 0 self-match ✓.
 - **C5 resolve-condition:** 100% FLAG có `resolve:`.
 - **NO-API verified:** 0 hit Invoke-WebRequest/HttpClient/System.Net/6333/store_memory. Detector **0 auto-write** (Set-Content/Out-File = 0) → DÒ+FLAG-only ✓.
 - **gotcha #30 RUNTIME-CATCH:** vòng-1 chỉ 53 flag — PS5.1 `-File` decode .ps1 UTF-8-no-BOM bằng ANSI-1252 → literal Việt mojibake → MISS 18 flag (gồm '68 bẫy' + vocab-fork Việt). FIX: body ASCII-only + build token Việt từ code-point runtime (`U @(0x62,0x1EAB,0x79)`). **Minh-chứng giá-trị mandate "chạy thật"** (không runtime → over-claim detector hoạt-động khi nó MÙ token Việt).
 - **HONEST limitation:** C2 count-token = soft-net ~12 TRUE / ~29 false-pos (version "Core 10", per-row "N bảng module", historical "154 test", greedy cross-line). sev LOW khi |lệch|<10. → người xử cờ, KHÔNG auto-fix (đúng D6).
 ## Sub Lane 2 — `scripts/memory-archive-gate.ps1` (PHẦN A) ✅ RUNTIME-PROVEN
 - 289 dòng, exit 0, DRY-RUN default, NO-API, FLAG-only.
 - budget.json `archive_gate` block ADDITIVE (autoinject_cap 25600 · low_watermark_ratio 0.85 · keep_floor_entries 5 · strike_threshold 2). `measured`/`tiers`/`last_sleep_at` UNTOUCHED.
 - **A4 hysteresis** proven (cicd after-est ~21180 < low-water 21760, không dừng ở vạch). **A5 keep-floor** proven (inv/reviewer WARN "keep-floor hit (5); cannot auto-drain - SPLIT/condense" — từ-chối vét-sạch khi 5 entry mới-nhất đã > cap). **A6 2-strike** lifecycle proven (-Apply ×2: run1 strike1 WATCH → run2 strike2 PROPOSE). **A7 NO-API gate** 186/186 pointer resolve across 4 sub có archive + byte-sanity.
 - DRY-RUN flag over-cap đúng: reviewer 38755 · inv-codebase 31502 · cicd 26798.
 - 3 bug fixed mid-build (honest): PS-5.1 parser cascade (typo `'`→`"`) · gotcha #30 mojibake (ReadAllText UTF8) · legend-line FP (`^\s*>` skip).
 ## Em-main cluster (governance MD — single-writer D9, B4 gated) ✅
 - **Engine-doc** `docs/governance/harness-11-engine.md` — canonical SE: artifact-map + PHẦN A/B/C/D + **3-tier D5(AUTO)/D6(DÒ+FLAG)/D7(owner-approve) nhãn-hoá EXPLICIT** + **one-direction-lock D8 codify** + CAVEAT honest. Doc khác TRỎ về đây (B1 dogfood).
 - **B1 pointer + drift-fix (11 edit):** root CLAUDE.md ×7 (count→`docs/STATUS.md` pointer) · ef-core SKILL ×6 (incl +Mig 54/55 rows) · skills/README ×2 · dep-audit SKILL ×1 · docs/CLAUDE.md ×2 (93→88 + 58→pointer). **Post-B1 detector re-run: drift THẬT root CLAUDE.md RESOLVED** (3 real flag gone); còn lại = documented FP (version/per-row/historical).
 - **Cadence-wire:** session-start §2.1.3 (D1 chạy detector @start) + session-end §L.b(c) (D2 archive-gate @end) + agents/README Upgrade S75 — tất cả TRỎ engine-doc.
 ## Completeness-gate status (B+C+D function-floor)
 - **PHẦN B:** B1 ✅ (pointer + drift-fix) · B2 ✅ (readable giữ) · B3 ✅ (detector C2) · B4 ✅ (em-main gated). ĐẠT.
 - **PHẦN C:** C1 ✅ · C2 ✅ · C3 ✅ · C4 ✅ (0 self-match) · C5 ✅ (resolve-condition). ĐẠT (runtime-proven).
 - **PHẦN D:** D1 ✅ (wired session-start) · D2 ✅ (wired session-end) · D3-D4 PRESENT (sẵn) · D5/D6/D7 ✅ (3-tier codify engine-doc) · D8 ✅ (one-direction-lock codify) · D9/D10/D11 PRESENT-mạnh (sẵn). ĐẠT.
 - **PHẦN A (🟡):** A1-A3 sẵn · A4/A5/A6 ✅ (params + gate) · A7 ✅ (NO-API standing-gate). Mechanized-hoá hơn (tailored).
 ## Single-writer (D9) respected
 git status: sub Lane 1 chỉ tạo `governance-detectors.ps1` + sub-task-0.md · Lane 2 chỉ `memory-archive-gate.ps1` + budget.json + sub-task-1.md · em-main = mọi canonical MD. KHÔNG sub đụng canonical/agent-memory/sibling. Containment CLEAN.
 ## Cho REVIEW (W3) đánh-giá
 1. Completeness-gate: B+C+D đủ-trọn? (claim ĐẠT — verify độc-lập).
 2. Detector quality: FP-rate C2 (~29/71) có chấp-nhận-được không, hay cần refine regex context-aware? (em KHÔNG tự-refine = tránh self-bias).
 3. C1 wikilink 29 flag: hyphen-vs-underscore = REAL inconsistency hay detector normalization-FP?
 4. Honesty: nấc executed-file vs runtime đúng chưa, có over-claim không.
 5. Containment: single-writer giữ, no auto-write-of-law.
--- a/.claude/workflows/runs/2026-06-18-h11-implement/run.md
+++ b/.claude/workflows/runs/2026-06-18-h11-implement/run.md
@ -0,0 +1,24 @@
 # RUN — 2026-06-18-h11-implement (Harness-11 adap · STAGE 2 IMPLEMENT)
 > **Harness-10 FLAT run-trace** (TRACKED). Sub ghi `sub-<role>-<i>.md` phẳng. Synthesis → `implement-synthesis.md`.
 - **Workflow:** Harness-11 adap — IMPLEMENT (fill GAP từ audit-synthesis)
 - **Mode:** hmw RUN-TRACE. 2× general-purpose (script, file-disjoint ∥) + em-main MD cluster (single-writer D9)
 - **Opened:** 2026-06-18 (S75)
 - **Input:** `../2026-06-18-h11-audit/audit-synthesis.md` GAP-list
 ## Phân-công (single-writer split D9: sub=SCRIPT non-canonical · em-main=governance MD)
 | Lane | Owner | Deliverable | PHẦN |
 |---|---|---|---|
 | impl-detectors | general-purpose (Write+Bash) | `scripts/governance-detectors.ps1` — C1 broken-pointer + C2 staleness(=B3) + C3 vocab-fork + C4 self-exclusion + C5 resolve-condition · NO-API grep · RUNTIME-prove | C1-C5 + B3 |
 | impl-archive-gate | general-purpose (Write+Bash) | `scripts/memory-archive-gate.ps1` (hysteresis 0.85 + keep-floor ≥5 + 2-strike + NO-API L1-eval) + budget.json A4/A5/A6 params | A1/A4/A5/A6/A7 |
 | em-main cluster | 👤 em-main | `docs/governance/harness-11-engine.md` (D1-D11 + 3-tier D5/D6/D7 + one-direction-lock D8 + trỏ detector+canonical) · B1 pointer+drift-fix (root CLAUDE.md·ef-core SKILL·skills/README·dep-audit·docs/CLAUDE.md) · cadence-wire (session-start D1·session-end D2) · agents/README ref | B1·D5-D8 |
 ## Acceptance (completeness-gate: B+C+D đủ-trọn)
 - C: 3 detector chạy được (runtime), FLAG drift thật + 0 self-match (C4)
 - B: derived count → pointer canonical; B3 detector FLAG mismatch
 - D: 3-tier + one-direction-lock codify explicit
 - Single-writer giữ: sub KHÔNG đụng canonical MD; em-main scribe
 ## Run-id
 `wf_c5e5844e-7c1`
--- a/.claude/workflows/runs/2026-06-18-h11-implement/sub-task-0.md
+++ b/.claude/workflows/runs/2026-06-18-h11-implement/sub-task-0.md
@ -0,0 +1,124 @@
 # sub-task-0 — `scripts/governance-detectors.ps1` (Harness-11 PHẦN C + B3)
 > Lane **impl-detectors** · owner general-purpose (Write+Bash) · single-writer: CHỈ `scripts/governance-detectors.ps1` + file này.
 > NO-API · DÒ+FLAG-only · PowerShell 5.1 · RUNTIME-proven (output thật dán §3).
 ## 1. Deliverable
 `D:\Dropbox\CONG_VIEC\SOLUTION\SOLUTION_ERP\scripts\governance-detectors.ps1` (~355 dòng, ASCII-only body).
 3 bộ dò + self-exclusion + summary. Param `$RepoRoot` (default = `Resolve-Path $PSScriptRoot\..`). Exit-code **0 luôn** (dò-only, KHÔNG fail-build). Mỗi FLAG: `[DETECTOR] severity | file:line | desc | resolve: <điều-kiện-gỡ-cờ>` (C5).
 ## 2. Thiết-kế từng detector
 ### C2/B3 — derived-staleness (ưu-tiên, value cao nhất) ✅
 - **Canonical** đọc từ `docs/STATUS.md` CURRENT STATE table qua regex `^\|\s*<label>\s*\|\s*\*\*(\d+)` (số trong `**N**` đúng row Migrations/Tests/Gotchas/SQL tables). Runtime đọc đúng: **mig=55 test=339 gotcha=69 table=88**.
 - **Cross-check disk** (canonical tự-nó không stale):
  - `mig` = đếm `*.cs` trong **mọi** dir tên `Migrations` dưới `src` (exclude `bin|obj|node_modules` + `*Designer.cs`/`*ModelSnapshot.cs`). Recursive-search vì migration thật ở `src\Backend\SolutionErp.Infrastructure\**Persistence**\Migrations (SPEC ghi gần-đúng `...\Migrations` — đã xử robust). Runtime: disk mig=55.
  - `gotcha` = max N từ `^### (\d+)\.` trong `docs/gotchas.md`. Runtime: disk gotcha=69.
  - STATUS-value ≠ disk-value → FLAG `canonical-itself-stale` (HIGH). Lần này KHỚP → 0 HIGH (baseline an-toàn).
 - **Derived scan** 5 file: `CLAUDE.md`(root) · `docs/CLAUDE.md` · `.claude/skills/ef-core-migration/SKILL.md` · `.claude/skills/README.md` · `.claude/skills/dependency-audit-erp/SKILL.md`. Count-token regex: `(\d+)\s*migration` · `(\d+)\s*test` · `(\d+)\s*(?:<bay>|gotcha)` · `(\d+)\s*(?:<bang>|table)`. Lệch canonical → FLAG `derived-stale` (MED nếu |lệch|≥10, else LOW).
 ### C1 — broken-pointer ✅
 - **(a) gotcha-ref**: grep `docs/** + .claude/** *.md` bắt `gotcha[s]?\s*#?(\d+)` + bare `#(\d+)`. `gotcha #N` luôn validate (N>max → broken MED; thiếu `### N.` anchor → LOW). Bare `#N` chỉ xét trong range; `#N`>max bỏ qua (tránh nhầm Run #312/PR #). Runtime: **0 flag** — mọi gotcha-ref ≤69 và có anchor (đúng — repo sạch khoản này).
 - **(b) wikilink**: scan user-memory `C:\Users\pqhuy\.claude\projects\...\memory\*.md` + in-repo `.claude/agent-memory/**`. Bắt `\[\[([a-z0-9_-]+)\]\]`; target `<name>.md` không tồn tại trong scope → dangling. User-memory KHÔNG reachable → note + agent-memory-only (lần này user-memory REACHABLE, 29 file).
 ### C3 — vocab-fork ✅
 - Seed alias-set: `@('wave-folder','run-trace')`, `@('<Du tru PRO>','<Ngan sach PRO>')`, `@('two-tier','all-inherit')`. Mỗi set đếm file dùng từng biến-thể; ≥2 biến-thể CÙNG sống → FLAG count + sample | resolve gộp/alias-map.
 ### C4 — self-line exclusion (BẮT BUỘC) ✅
 - Exact: `scripts/governance-detectors.ps1`, `docs/governance/harness-11-engine.md`. Dir-fragment: `\broadcasts\inbox\`, `\broadcasts\outbox\`, `\.claude\workflows\runs\`, `\.claude\workflows\scripts\`. `Test-Excluded` áp MỌI scan. Summary in `self-exclusion: N paths excluded` + assert `self in scan=0` + `leaked=0`.
 ### 🔴 Encoding-robustness (gotcha #30 — phát-hiện lúc RUNTIME, đã FIX)
 Vòng-1 detector MISS `CLAUDE.md:133` "68 bẫy" + cả set vocab-fork `Dự trù PRO`↔`Ngân sách PRO`. Root-cause: file `.ps1` ghi **UTF-8 KHÔNG BOM** (Write-tool); `powershell.exe -File` ở PS 5.1 decode file no-BOM bằng **codepage ANSI (1252)**, KHÔNG phải UTF-8 → literal tiếng Việt `bẫy`/`bảng`/`Dự trù` bị mojibake → KHÔNG match content UTF-8 đọc đúng (`Get-Content -Encoding UTF8`). FIX: body **ASCII-only**, mọi token tiếng Việt build từ **Unicode code-point runtime** qua helper `U @(0x62,0x1EAB,0x79)` → encoding-độc-lập. Sau fix: 71 flag (vòng-1 chỉ 53 — thiếu 18 do mojibake). Đây là minh-chứng giá-trị của mandate "viết xong PHẢI chạy thật".
 ## 3. RUNTIME — output thật (`powershell.exe -ExecutionPolicy Bypass -File scripts/governance-detectors.ps1`)
 **Exit code: 0** · **TOTAL FLAGS: 71** (HIGH=0 · MED=33 · LOW=38).
 ```
 ===== C2/B3 - canonical resolve + disk cross-check =====
  STATUS.md canonical: mig=55 test=339 gotcha=69 table=88
  disk cross-check:    mig=55 gotcha=69
  [OK] canonical matches disk (mig + gotcha) - safe baseline for derived scan
 ===== C2/B3 - derived-doc staleness =====
 [DETECTOR] LOW  | CLAUDE.md:53 | derived-stale: writes 53 migration but canonical=55 | resolve: update to 55 OR replace with pointer '-> docs/STATUS.md'   <== TRUE drift (root CLAUDE mig)
 [DETECTOR] MED  | CLAUDE.md:53 | derived-stale: writes 53 gotcha/bay but canonical=69 | resolve: ...   <== FALSE-POS ("53" la mig-number, dinh token 'bay'? -> thuc te dong 53 KHONG co 'bay'; xem honesty #2)
 [DETECTOR] MED  | CLAUDE.md:66 | derived-stale: writes 306 test but canonical=339 | resolve: ...   <== TRUE drift (root CLAUDE test)
 [DETECTOR] MED  | CLAUDE.md:80 | derived-stale: writes 45 test but canonical=339   <== FALSE-POS (45 = Domain breakdown)
 [DETECTOR] MED  | CLAUDE.md:81 | derived-stale: writes 261 test but canonical=339   <== FALSE-POS (261 = Infra breakdown)
 [DETECTOR] MED  | CLAUDE.md:84 | derived-stale: writes 6 test but canonical=339   <== FALSE-POS
 [DETECTOR] MED  | CLAUDE.md:90 | derived-stale: writes 2 test but canonical=339   <== FALSE-POS ('2 test project')
 [DETECTOR] LOW  | CLAUDE.md:133 | derived-stale: writes 68 gotcha/bay but canonical=69 | resolve: update to 69 ...   <== TRUE drift (root CLAUDE '68 bay') -- VONG-1 BI MISS, sau fix encoding moi bat
 [DETECTOR] MED  | docs/CLAUDE.md:13 | derived-stale: writes 4 table/bang but canonical=88   <== FALSE-POS ('4 bang Budget' module-local)
 [DETECTOR] LOW  | docs/CLAUDE.md:70 | derived-stale: writes 93 table/bang but canonical=88 | resolve: update to 88 ...   <== TRUE drift (ERD '93 bang')
 [DETECTOR] MED  | docs/CLAUDE.md:123 | derived-stale: writes 4 table/bang but canonical=88   <== FALSE-POS (Phase 7 '4 bang Budget')
 [DETECTOR] MED  | docs/CLAUDE.md:124 | derived-stale: writes 71 test but canonical=339   <== FALSE-POS (Phase 8 historical '71 test')
 [DETECTOR] MED  | .claude/skills/ef-core-migration/SKILL.md:3 | writes 10 migration   <== FALSE-POS ('.NET Core 10 migration')
 [DETECTOR] LOW  | .claude/skills/ef-core-migration/SKILL.md:3 | writes 53 migration   <== TRUE drift
 [DETECTOR] LOW  | .claude/skills/ef-core-migration/SKILL.md:19 | writes 53 migration   <== TRUE drift
 [DETECTOR] MED  | .claude/skills/ef-core-migration/SKILL.md:34..115 | writes 1/3/4/10 table/bang   <== FALSE-POS (per-migration '<n> bang module ...')
 [DETECTOR] MED  | .claude/skills/ef-core-migration/SKILL.md:42/86/87/154/171 | writes 1/2 migration   <== FALSE-POS (mig list seq number)
 [DETECTOR] MED  | .claude/skills/ef-core-migration/SKILL.md:107 | writes 58/96/154 test   <== FALSE-POS (per-project breakdown)
 [DETECTOR] LOW  | .claude/skills/ef-core-migration/SKILL.md:285 | writes 53 migration   <== TRUE drift
 [DETECTOR] MED  | .claude/skills/README.md:20 | writes 10 migration   <== FALSE-POS ('.NET Core 10')
 [DETECTOR] LOW  | .claude/skills/README.md:20 | writes 53 migration   <== TRUE drift
 [DETECTOR] LOW  | .claude/skills/README.md:90 | writes 68 gotcha/bay   <== TRUE drift ('68 bay')
 [DETECTOR] LOW  | .claude/skills/dependency-audit-erp/SKILL.md:153 | writes 68 gotcha/bay   <== TRUE drift ('68 bay')
  (note: count-token grep is a soft net - module-local phrases like "4 bang Budget" / "71 test (Phase 8)" can false-positive; treat LOW sev as review-not-fail)
 ===== C1 - broken gotcha-ref =====
 (no flags -- all gotcha #N refs <= 69 and anchored; bare #N>max skipped to avoid Run#/PR# noise)
 ===== C1 - dangling wikilink =====
 [DETECTOR] LOW  | user-memory/<29 file>:* | dangling-wikilink: [[<hyphen-form>]] -> <name>.md not found in user-memory | resolve: fix link / create file (hyphen-vs-underscore fork)
  ... 21 user-memory dangling (vd [[feedback-implementer-truncation-mitigation]] -- file that la feedback_implementer_truncation_mitigation.md _underscore_) ...
 [DETECTOR] LOW  | agent-memory/pattern_*.md:* | [[pattern-...-hyphen]] -> not found   ... 8 agent-memory dangling (6 hyphen-fork + 2 trong 2026-06.gist.md tro feedback_* underscore khac-scope) ...
 ===== C3 - vocab-fork =====
 [DETECTOR] MED  | multiple files | vocab-fork: wave-folder=15f vs run-trace=18f live side-by-side -- 'wave-folder' in [docs/HANDOFF.md, docs/STATUS.md] | 'run-trace' in [docs/HANDOFF.md, docs/STATUS.md] | resolve: merge / alias-map
 [DETECTOR] MED  | multiple files | vocab-fork: Du tru PRO=7f vs Ngan sach PRO=6f live side-by-side -- in [docs/HANDOFF.md, docs/STATUS.md] | resolve: merge / alias-map   <== VONG-1 BI MISS (mojibake), sau fix moi bat
 [DETECTOR] MED  | multiple files | vocab-fork: two-tier=17f vs all-inherit=10f live side-by-side -- in [docs/HANDOFF.md, docs/STATUS.md] | resolve: merge / alias-map
 ===== Summary =====
 self-exclusion: 5 paths excluded (exact+dir rules)
  - excluded: scripts/governance-detectors.ps1
  - excluded: docs/governance/harness-11-engine.md
  - excluded: broadcasts/inbox
  - excluded: broadcasts/outbox
  - excluded: .claude/workflows/runs
 self-match check: governance-detectors.ps1 in scan = 0 ; leaked excluded files in scan = 0
  [OK] 0 self-match (C4 satisfied)
 TOTAL FLAGS: 71
 NOTE: DETECT-only lowering net. Exit 0 always (never fails build). FLAGs are advisory.
 === EXIT CODE: 0 ===
 ```
 > (Output trên rút-gọn các block lặp dài; con-số tally + dòng load-bearing y-nguyên run thật. Full 71 dòng có trong stdout.)
 ## 4. Acceptance — verdict (số đo)
 | Mục SPEC | Verdict | Bằng-chứng (file:line từ output thật) |
 |---|---|---|
 | (i) C2/B3 FLAG drift root CLAUDE.md **mig 53 vs 55** | ✅ PASS | `CLAUDE.md:53 ... 53 migration but canonical=55` |
 | (i) **gotcha 68 vs 69** | ✅ PASS | `CLAUDE.md:133 ... 68 gotcha/bay but canonical=69` (sau encoding-fix) + `README.md:90` + `dep-audit/SKILL.md:153` |
 | (i) **test 306 vs 339** | ✅ PASS | `CLAUDE.md:66 ... 306 test but canonical=339` |
 | (ii) C3 FLAG vocab-fork wave↔run-trace | ✅ PASS | `wave-folder=15f vs run-trace=18f live side-by-side` |
 | (iii) self-exclusion 0 self-match | ✅ PASS | `governance-detectors.ps1 in scan = 0 ; leaked = 0 ; [OK] C4 satisfied` |
 | Exit-code 0 (dò-only) | ✅ PASS | `=== EXIT CODE: 0 ===` |
 | NO-API | ✅ PASS | Chỉ `Select-String/Get-Content/Get-ChildItem/regex`. grep script: 0 hit `Invoke-WebRequest|curl|api|http` |
 | PS 5.1 parse | ✅ PASS | `PSParser.Tokenize` 0 error |
 | Bonus drift bắt thêm | ℹ️ | `docs/CLAUDE.md:70 93 bảng` (canon 88) + vocab-fork thứ-3 `Dự trù PRO=7f vs Ngân sách PRO=6f` (rename S65 còn 2 tên sống) |
 ## 5. C5 resolve-condition — đủ mọi FLAG
 derived-stale → "update to M OR replace with pointer '-> docs/STATUS.md'" · canonical-itself-stale → "re-ground STATUS.md <row> to <disk>" · broken-gotcha-ref → "fix number or add gotcha to docs/gotchas.md" · dangling-wikilink → "fix link target or create file" · vocab-fork → "merge to ONE canonical term, or record alias-map".
 ## 6. Honest limitations (LƯỚI giảm-sót, KHÔNG khoá-cứng — đừng over-claim)
 1. **C2/B3 count-token = soft net, FALSE-POSITIVE thật**: trong 41 derived-flag, ~12 TRUE drift / ~29 FP. Nguồn FP: `.NET Core 10 migration` (version), per-project test breakdown (45/261/58/96), migration list seq number (`1 migration`), module-local `4 bảng Budget`, Phase-historical `71 test`. Mitigation: NOTE cảnh-báo + sev LOW khi |lệch|<10. KHÔNG lọc cứng theo ngữ-cảnh (giòn). Người xử FLAG, KHÔNG auto-fix. **TRUE-signal (53 mig · 306 test · 68 bẫy · 93 bảng) ĐỀU có trong list** → runtime-proof ĐẠT.
 2. **`CLAUDE.md:53 "53 gotcha/bay"` = FP do regex tham**: token `(\d+)\s*(?:bẫy|gotcha)` bắt "53" rồi nuốt khoảng-trắng dài tới chữ "gotcha" xa hơn trên cùng dòng (dòng 53 dài, có chữ `gotcha #63/#64`). → over-match. Đây là giới-hạn regex flat-line, GHI RÕ. Dòng 53 thật-sự stale ở "53 migration" (đã bắt riêng, đúng).
 3. **bare `#N` gotcha-ref** cố-ý bỏ qua khi N>max (tránh nhầm Run #312/PR #) → có thể MISS broken-ref dạng `#999` thật. Trade-off ít-noise.
 4. **agent-memory `2026-06.gist.md` 2 dangling** trỏ file user-memory (khác-scope) → "dangling trong agent-memory" kỹ-thuật đúng nhưng có thể cross-scope cố-ý. GHI nhận, không khẳng định tuyệt-đối broken.
 5. **user-memory path hard-code** theo slug máy này; máy/CI khác → tự fallback agent-memory-only + note (đã code; chưa test máy khác).
 6. **vocab-fork sample chỉ in 2 file đầu** mỗi biến-thể (gọn output); muốn full-list cần mở rộng — chấp-nhận cho lần này.
 ## 7. Single-writer compliance
 CHỈ ghi 2 file: `scripts/governance-detectors.ps1` + sub-MD này (`runs/2026-06-18-h11-implement/sub-task-0.md`). KHÔNG đụng canonical MD (CLAUDE/README/STATUS/agents) · KHÔNG agent-memory · KHÔNG sub-MD khác · KHÔNG store_memory/RAG/HTTP/Qdrant. Detector tự-nó KHÔNG ghi file nào (FLAG ra stdout only) — auto-WRITE luật = mối-nguy #1, đã tránh tuyệt-đối.
 ```
--- a/.claude/workflows/runs/2026-06-18-h11-implement/sub-task-1.md
+++ b/.claude/workflows/runs/2026-06-18-h11-implement/sub-task-1.md
@ -0,0 +1,156 @@
 # sub-task-1 — Harness-11 PART-A — memory-archive-gate.ps1 (hot-mem auto-archive standing-gate, NO-API)
 **Role:** general-purpose (implementer, has Write/Edit) · **Run:** 2026-06-18-h11-implement
 **Files owned (single-writer, file-disjoint):**
 - `scripts/memory-archive-gate.ps1` (NEW, 266 lines)
 - `.claude/agent-memory/memory-budget.json` (ADD `archive_gate` block only)
 - this sub-MD
 **Verdict:** DONE + RUNTIME-PROVEN. DRY-RUN clean (A7 GATE PASS 186/186 pointers, exit 0). A6 2-strike lifecycle proven across 2 `-Apply` runs (WATCH@strike1 → PROPOSE@strike2). NO-API + FLAG-ONLY audited clean.
 ---
 ## 1. budget.json — additive params (acceptance item 1)
 Added `archive_gate` block **before** `measured` (did NOT touch `measured` / `tiers` / `last_sleep_at` / `seeded_date`):
 ```json
 "archive_gate": {
  "_note": "Harness-11 PART-A ... ADDITIVE ...",
  "autoinject_cap_bytes": 25600,
  "low_watermark_ratio": 0.85,
  "keep_floor_entries": 5,
  "strike_threshold": 2
 }
 ```
 - `autoinject_cap_bytes: 25600` = A1 over-cap line (matches existing `tiers.l1_hot.autoinject_cap_bytes`).
 - `low_watermark_ratio: 0.85` → `floor(0.85 * 25600) = 21760` = A4 hysteresis drain target.
 - `keep_floor_entries: 5` = A5.
 - `strike_threshold: 2` = A6.
 **Untouched-block proof (runtime):**
 ```
 JSON parse OK
 archive_gate: cap=25600 low_ratio=0.85 keep_floor=5 strike=2
 measured block still present? cicd l1_hot=23653
 last_sleep_at preserved? 2026-06-18
 ```
 ## 2. memory-archive-gate.ps1 — structure
 Two independent passes, DRY-RUN by default (`-Apply` only advances the strike counter; **never** moves/edits a `.md`).
 | Pass | Maps to | What it does |
 |---|---|---|
 | PASS 1 PLANNER | A1 / A4 / A5 / A6 | per `<sub>/MEMORY.md`: measure bytes (A1); if > cap, plan #oldest-entries to MOVE to get **below** low-watermark (A4 hysteresis), keeping ≥ keep_floor newest (A5), gated behind 2-strike (A6). Prints `sub bytes over? entries strike after-est resolve`. |
 | PASS 2 A7-GATE | A7 NO-API | per `<sub>/archive/_INDEX.md`: extract every `substring:"..."`; literal `.Contains()` search across `archive/*.md` (UTF-8); byte-sanity (file exists + size>0). Prints PASS/FAIL per pointer. |
 Key design points:
 - **Entry boundary** (A5 counting) = first of `^##` / `^###` / `^---` (regex `^(#{2,3}\s|---\s*$)`). MEMORY.md files here are h2-only today (verified) so marker-count == entry-count; regex also tolerates h3/HR files.
 - **after-est** = `total − sum(line.Length+2)` for the moved prefix (CRLF-aware estimate; prefixed `~` to flag it as approximate — the gate never performs a real cut).
 - **A6 strike state** persisted to `.claude/agent-memory/.archive-strikes.json` (flat `{sub:int}`, ASCII). Reset-to-0 on any clean run ⇒ *consecutive*-over-cap semantics. Mutated **only under `-Apply`** so DRY-RUN is side-effect-free.
 - **A7 robustness**: resolves the substring against ALL `archive/*.md` for the sub (not just the arrow-named file) because the 3 `_INDEX` formats name the target differently (reviewer `→ \`file\``; cicd `\`file\` · substring:`; inv-codebase q-shorthand table). A unique substring landing anywhere in the sub's frozen archive == resolved. Skips `^\s*>` blockquote legend lines (the `substring:"<unique-string>"` template is documentation, not a record).
 - **Exit code**: `2` on A7 integrity failure (broken pointer / 0-byte archive); `0` otherwise. Over-cap is a FLAG, not an error (gate reports, human curates).
 ## 3. RUNTIME — DRY-RUN (canonical evidence)
 `powershell.exe -ExecutionPolicy Bypass -File scripts\memory-archive-gate.ps1` → EXIT 0:
 ```
 ============================================================
 memory-archive-gate.ps1  -  Harness-11 PART-A
 mode        : DRY-RUN (no writes at all)
 cap         : 25600 bytes (autoinject_cap)
 low-water   : 21760 bytes (A4 hysteresis drain target = ratio 0.85)
 keep-floor  : 5 newest entries (A5)
 strike-need : 2 consecutive over-cap runs to PROPOSE (A6)
 ============================================================
 ### PASS 1 - hot-tier over-cap planner (FLAG ONLY, no moves)
 sub                          bytes over?    entries  strike    after-est resolve
 ------------------------ --------- ----- ---------- ------- ------------ -------
 cicd-monitor                 26798   YES         18       1       ~21180 WATCH (strike 1<2): re-run; propose only after 2 consecutive over-cap
 database-agent                5917    no          6       0            - ok
 frontend-designer            24004    no          6       0            - ok
 harvest-curator              18952    no          6       0            - ok
 implementer-backend          17692    no         23       0            - ok
 implementer-frontend         13394    no         16       0            - ok
 investigator-api              8510    no          9       0            - ok
 investigator-codebase        31502   YES         20       1       ~27069 WARN keep-floor hit (5); cannot auto-drain - SPLIT/condense entries by hand
 reviewer                     38755   YES         14       1       ~33738 WARN keep-floor hit (5); cannot auto-drain - SPLIT/condense entries by hand
 test-specialist              24663    no         17       0            - ok
 tooling-auditor              18431    no          6       0            - ok
  [A6] DRY-RUN: strike counters NOT persisted (run with -Apply to advance strikes)
 ### PASS 2 - A7 archive-integrity gate (NO-API: grep + measure only)
  [cicd-monitor] _INDEX.md + 7 archive file(s)
    -> PASS  pointers 76  resolved 76  failed 0
  [implementer-backend] _INDEX.md + 7 archive file(s)
    -> PASS  pointers 41  resolved 41  failed 0
  [investigator-codebase] _INDEX.md + 7 archive file(s)
    -> PASS  pointers 40  resolved 40  failed 0
  [reviewer] _INDEX.md + 5 archive file(s)
    -> PASS  pointers 29  resolved 29  failed 0
 ------------------------------------------------------------
 A7 GATE PASS  -  total pointers 186, resolved 186, failed 0
 ------------------------------------------------------------
 EXITCODE=0
 ```
 **Reads the spec's expected over-cap subs:** reviewer 38755 (~37.8KB, over), investigator-codebase 31502 (~30.8KB, over). cicd-monitor 26798 also over (current, > spec's stale ~note). All 8 under-cap subs print `ok`.
 ## 4. RUNTIME — A6 2-strike lifecycle (`-Apply` ×2)
 The strike-counter is an **executed-file** mechanism; it needs 2 runs to demonstrate the PROPOSE gate (honest n"executed-file vs runtime" tier).
 **APPLY run 1** → strikes file written `{cicd:1, inv:1, reviewer:1, all-clean:0}`; over-cap subs show `WATCH (strike 1<2)`:
 ```
 cicd-monitor          26798 YES 18 1 ~21180 WATCH (strike 1<2): re-run; propose only after 2 consecutive over-cap
 investigator-codebase 31502 YES 20 1 ~27069 WARN keep-floor hit (5); cannot auto-drain - SPLIT/condense entries by hand
 reviewer              38755 YES 14 1 ~33738 WARN keep-floor hit (5); cannot auto-drain - SPLIT/condense entries by hand
  [A6] strikes persisted -> ...\.archive-strikes.json
 ```
 **APPLY run 2** → strikes advance to 2; cicd-monitor flips WATCH → **PROPOSE** (it has drainable headroom: move 6 oldest → ~21180 < low-water 21760); inv/reviewer stay WARN (A5 keep-floor priority — newest 5 entries alone exceed cap):
 ```
 cicd-monitor          26798 YES 18 2 ~21180 PROPOSE archive (strike 2>=2): move 6 oldest -> curate L1->L2 by hand
 investigator-codebase 31502 YES 20 2 ~27069 WARN keep-floor hit (5); cannot auto-drain - SPLIT/condense entries by hand
 reviewer              38755 YES 14 2 ~33738 WARN keep-floor hit (5); cannot auto-drain - SPLIT/condense entries by hand
 ```
 strikes file after run 2: `{cicd:2, inv:2, reviewer:2, all-clean:0}`.
 **Strike artifact cleaned up** post-test (`rm .archive-strikes.json`) — DRY-RUN default never creates it; shipped repo carries no stale strike state. Cold-start DRY-RUN re-verified: EXIT 0, A7 GATE PASS 186/186.
 ## 5. Bugs hit + fixed during build (honesty log)
 1. **PS 5.1 parser cascade (mid-build, self-fixed):** line 94 had a typo `'resolve")` — a `"` where a `'` belonged — which left a single-quoted string unterminated and consumed forward, throwing 4 misleading errors anchored at *later* valid lines (102/222/233/266). Root-caused via per-line `0x22`-byte hexdump (`xxd | grep 22`) → the closing `'` of the last `-f` arg was a `"`. Fixed → `'resolve')`. Lesson: PS 5.1 mis-locates the error site of an unterminated string; bisect by counting quotes, not by trusting the reported line.
 2. **gotcha #30 mojibake (A7 false-FAIL):** first A7 run reported 55 PTR-FAILs, all on pointers containing Vietnamese diacritics / em-dash / arrows (`â€"`, `Ã—`, `â†'`). Cause: PS 5.1 `Get-Content` / `Select-String` default to ANSI codepage and mangle UTF-8. Fix: read BOTH `_INDEX.md` and archive files via `[System.IO.File]::ReadAllText($path, UTF8)` + `String.Contains()` → 189/190 resolve. This **is the gotcha #30 trap the precedent script's "ASCII-only" header warns about**, hit from the read side.
 3. **legend-line false-positive (true-positive catch):** cicd `_INDEX.md:4` blockquote documents the format with literal `substring:"<unique-string>"`; my regex matched it (77 vs the index's self-declared 76 real pointers). Added `^\s*>` skip → clean 76/76. The gate correctly distinguished a non-record from a broken pointer.
 ## 6. Acceptance checklist evidence
 | Item | Verdict | Evidence |
 |---|---|---|
 | (1) NO-API | PASS | grep audit: only `Set-Content` is the strikes int-map (line 177); zero http/curl/api/model/qdrant calls. `.md` files are read-only. |
 | (2) FLAG-ONLY / no auto-write of rules | PASS | DRY-RUN header "no writes at all"; over-cap = printed FLAG; no Move/Edit of any MEMORY.md or archive. `-Apply` writes only the counter. |
 | (3) PowerShell .ps1, `-ExecutionPolicy Bypass` | PASS | runs via `powershell.exe -ExecutionPolicy Bypass -File`; ASCII-only output; PS 5.1 parse OK. |
 | (4) RUNTIME-prove | PASS | DRY-RUN output §3 (exit 0) + 2× `-Apply` strike lifecycle §4 pasted from real runs. |
 | (5) sub writes only file-disjoint + sub-MD | PASS | `git status --porcelain` after cleanup = only `M memory-budget.json` + `?? memory-archive-gate.ps1` (+ this sub-MD in run-folder). No canonical MD touched. |
 | A1 measure | PASS | bytes column real (reviewer 38755 etc.). |
 | A4 hysteresis | PASS | drains to BELOW low-water (cicd after-est ~21180 < 21760), not to the line. |
 | A5 keep-floor | PASS | inv/reviewer WARN "keep-floor hit (5); cannot auto-drain" — refuses to vét-sạch. |
 | A6 2-strike | PASS | run1 WATCH(1<2) → run2 PROPOSE(2>=2); strikes file 1→2; reset-on-clean. |
 | A7 pointer-resolve + byte-sanity | PASS | 186/186 across 4 subs w/ archive; UTF-8 round-trip; legend-line skipped. |
 ## 7. Tailoring declared (PART-A = 🟡 tailorable)
 Documented inline in the script `[TAILOR]` footer block:
 - **after-est is an ESTIMATE** (`line.Length+2` CRLF heuristic, `~` prefixed) — real bytes only known post-move, which the gate deliberately never does.
 - **Entry boundary** = first of `^##`/`^###`/`^---` (today's files are h2-only → exact; tolerant of other styles).
 - **A6 strike** = flat `{sub:int}` JSON, consecutive semantics via reset-on-clean, requires 2 real `-Apply` runs to reach PROPOSE (matches spec "runtime needs 2 runs").
 - **A7** resolves substring against ALL `archive/*.md` for the sub (the 3 index formats name targets differently) + skips `>` legend lines.
--- a/.claude/workflows/runs/2026-06-18-h11-review/review-synthesis.md
+++ b/.claude/workflows/runs/2026-06-18-h11-review/review-synthesis.md
@ -0,0 +1,37 @@
 # REVIEW SYNTHESIS — Harness-11 adap (2026-06-18-h11-review · `wf_d7ca1ff8-942`)
 > 3× reviewer (read-only, adversarial ∥). Em-main scribe @P3. **VERDICT TỔNG: ✅ PASS** (0 blocker · refinement applied · nit fixed).
 ## R1 — COMPLETENESS-GATE → **ĐẠT** (B+C+D function-floor đủ-trọn)
 - **PHẦN B 4/4 PRESENT:** B1 (engine:39 + landed root CLAUDE.md 7 pointer + ef-core 4 + README 2 + dep-audit 1) · B2 (readable giữ) · B3 (script:142-243 LIVE-catch, KHÔNG stub) · B4 (em-main gated + git-diff backstop).
 - **PHẦN C 5/5 runtime-proven:** C1 (0 gotcha-dangling + wikilink-dangling) · C2 (canonical+disk cross-check OK) · C3 (3 vocab-fork) · C4 (**0 self-match LIVE**, 5 paths excluded, leaked=0) · C5 (100% flag có resolve:).
 - **PHẦN D 11/11:** D1 wired §2.1.3 · D2 wired §L.b(c) · D3 · D4 (hmw.js:76 THROW mechanized) · **D5/D6/D7 3-tier EXPLICIT** (engine §D.2 :67-69) · **D8 one-direction-lock codify** (:72) · D9 · D10 · D11.
 - **PHẦN A 🟡 over-floor:** A4/A5/A6/A7 runtime-proven.
 - **HARDEST gate: NO-API PASS · 0-auto-write PASS.** 0 floor thiếu.
 ## R2 — DETECTOR CORRECTNESS+QUALITY → **PASS** (6/6 mechanized criteria clean)
 - C4 0-self-match ✓ · C5 59/59 resolve ✓ · NO-API grep 0-hit ✓ · 0-auto-write (chỉ Out-Null in-mem) ✓ · DRY-RUN no-write (git pre==post byte-identical) ✓ · A7 186/186 pointer-resolve + byte-sanity ✓.
 - **2 refinement non-blocking → ÁP DỤNG (review→fix loop):**
  - **(7a) C2 FP-rate ~89% (24/27 FP):** version-token "EF Core 10" / per-row "N bảng module" / historical "154 test". → **FIXED:** context-skip (table-row `^\s*\|` + historical `baseline|S\d\d|(current` + version-prefix `core|.net|react|vite|mig|phase|session`). C2 **27→11**.
  - **(7b) C1 wikilink 29 = REAL (KHÔNG normalization-FP):** 3 class (hyphen↔underscore-fork · truly-missing · cross-scope). → **FIXED:** normalize `[-_]` both sides → auto-resolve fork-where-file-exists. C1 **29→13** (13 còn lại = genuinely-missing/cross-scope, drift THẬT của memory-index).
  - **Post-refinement: TOTAL 59→27, PS parse OK, C4 vẫn 0 self-match.** Detector từ "noisy" → "sắc".
 ## R3 — HONESTY+CONTAINMENT → **PASS** (0 blocker, 1 MINOR nit)
 - OVER-CLAIM: none-material. Re-run cả 2 script khớp claim. Nấc executed-file vs runtime phân ĐÚNG (A6-2strike tự-khai executed-file; A7/DRY-RUN tick runtime). 71→59 reconcile honest (pre-B1 vs post-B1, grep CLAUDE.md `53 migration`=0 chứng-minh B1 gỡ TP).
 - SINGLE-WRITER D9: git-status grep MEMORY.md = 0-hit · `.archive-strikes.json` absent · budget.json additive-only · 0 sub đụng canonical. CLEAN (KHÔNG lặp S72 residual).
 - NO-AUTO-WRITE-OF-LAW (D6): detector 0 file-write stdout-only · archive-gate 1 Set-Content → counter `.archive-strikes.json` (-Apply-only, KHÔNG MD/luật). ✓
 - B1 GATED (B4): sub KHÔNG tự sửa canonical, em-main cluster. ✓
 - byte-0-loss D11: A7 verify pointer-resolve + nonzero-size (MOVE thật engine CỐ Ý không làm — DRY-RUN; D11 dựa precedent h910-curate md5sum). Phân-định đúng, KHÔNG over-claim.
 - CAVEAT engine-doc:79-84 trung-thực (no-OS-hook + auto-write-CỐ-Ý-CHƯA-LÀM + net-not-lock + executed≠runtime).
 - **MINOR nit → FIXED:** agents/README "71 flag" = volatile-count hardcoded (chính anti-pattern engine chống) → đổi non-volatile.
 ## Em-main actions post-review
 1. ✅ C2 context-skip + C1 normalize (script refinement, re-run 59→27, parse OK).
 2. ✅ agents/README "71 flag" → non-volatile (số → run-trace).
 3. ✅ reconcile số trong synthesis/ledger (71 pre-B1 → 59 post-B1 → 27 post-refinement).
 ## Honest residual (cho report AI_INFRA)
 - C1 13 wikilink-dangling = REAL pre-existing memory-index drift (engine SURFACE đúng; fix từng cái = chore riêng, KHÔNG block adap).
 - C2 11 residual = module-local edge ("4 bảng Budget" historical, "1 migration" prose revert-cmd) — soft-net chấp-nhận (LOW/MED advisory exit-0, self-documented).
 - C3 console mojibake VN-variant = cosmetic Bash-capture (match THẬT đúng, gotcha #30 code-point builder hoạt-động).
 - **VERDICT: PASS — engine adopted, completeness-gate ĐẠT, detector sharp + runtime-proven, containment clean.**
--- a/.claude/workflows/runs/2026-06-18-h11-review/run.md
+++ b/.claude/workflows/runs/2026-06-18-h11-review/run.md
@ -0,0 +1,21 @@
 # RUN — 2026-06-18-h11-review (Harness-11 adap · STAGE 3 REVIEW double-check)
 > **Harness-10 FLAT run-trace** (TRACKED). 3× reviewer (read-only, adversarial ∥). Synthesis → `review-synthesis.md`.
 - **Workflow:** Harness-11 adap — REVIEW (B2 mandate: workflow độc-lập soi IMPLEMENT + chắt know-how)
 - **Mode:** hmw RUN-TRACE, free-text-in-findings (KHÔNG ép custom-schema per S73 lesson). reviewer read-only → subMdPath + em-main scribe.
 - **Opened:** 2026-06-18 (S75)
 - **Input:** engine-doc `docs/governance/harness-11-engine.md` · 2 script `scripts/governance-detectors.ps1` + `memory-archive-gate.ps1` · B1 edits · cadence-wire · `../2026-06-18-h11-implement/implement-synthesis.md`
 ## 3 lane adversarial
 | Lane | Role | Focus |
 |---|---|---|
 | R1 completeness-gate | reviewer | verify B+C+D function-floor đủ-trọn (mandate gate) — từng B1-4/C1-5/D1-11 PRESENT + evidence; CHƯA-ĐẠT nếu thiếu 1 |
 | R2 detector correctness+quality | reviewer | RUN 2 script độc-lập: C4 0-self-match · C5 resolve-condition · NO-API · 0 auto-write · FP-rate chấp-nhận? · C1 wikilink 29-flag real-vs-FP |
 | R3 honesty+containment | reviewer | over-claim nấc (executed-file vs runtime)? single-writer D9 git-diff? no auto-write-law (D6)? byte-0-loss? synthesis claim khớp disk? |
 ## Acceptance
 PASS = B+C+D đủ-trọn (completeness) + detector runtime-correct (C4/C5/NO-API) + 0 over-claim + containment clean. Issue → em-main fix trước commit.
 ## Run-id
 `wf_d7ca1ff8-942`
--- a/.claude/workflows/runs/_ledger.md
+++ b/.claude/workflows/runs/_ledger.md
@ -17,3 +17,8 @@
 | 2026-06-18-harness-fix-review | Harness 8/9/10 re-audit — REVIEW (B2 double-check) · 🆕FLAT | 2026-06-18 13:27 +07 | 2026-06-18 13:37 +07 | 3× reviewer (adversarial ∥) | ✅ PASS sau-fix — R3 PASS (containment clean, honesty strong) · R1/R2 PASS-w-concerns: 1 major (auto-wire overclaim) + 4 minor → TẤT CẢ FIXED em-main (hmw.js:52 schema · WIRE last_sleep_at session-start/end · provenance · charter-anchor · README:31); post-fix node --check OK + grep verified · `wf_d482e10d-5dd` | `review-synthesis.md` ✓ (FLAT) |
 | 2026-06-18-mig54-pe-review | Mig 54 PE giá-đề-xuất + CCM duyệt-done — ADVERSARIAL REVIEW (⚠️ **custom inline, KHÔNG hmw**) · FLAT | 2026-06-18 15:55 +07 | 2026-06-18 16:05 +07 | 4× reviewer (schema-forced ∥) + verify-chéo | ⚠️ **1/4 RETURNED** — be-logic PASS 0-blocker (V1-by-design not-an-issue + stray-nit, verify-chéo) · 3/4 lane FAILED no-StructuredOutput → em-main self-gate PASS (authz/wire/regression) + 1 UAT-note (empty-candidates UX edge) · `wf_8c979a93-1a4` | `review-synthesis.md` ✓ (FLAT) |
 | 2026-06-18-mig54-pe-review (R2) | Mig 54 — DOUBLE-CHECK free-text reliable + verify fix empty-candidates | 2026-06-18 16:10 +07 | 2026-06-18 16:18 +07 | 3× reviewer (free-text ∥) | ✅ **2/3 PASS 0-issue** (authz + cross-stack/fix độc-lập) · 🎯 rủi ro #1 ĐÓNG (empty-candidates UNREACHABLE per submit-guard `:194`) · 1 lane no-return (covered) · free-text > schema-force (1/4→2/3) · `wf_f885d9ef-5f6` | `review-synthesis.md` §E |
 | 2026-06-18-h11-audit | Harness-11 adap — AUDIT (PRESENT/PARTIAL/GAP vs SE-present) · 🆕FLAT | 2026-06-18 19:45 +07 | 2026-06-18 19:55 +07 | 4× investigator-codebase (read-only ∥, 1 PHẦN/lane) `wf_7fdc3bd5-930` | ✅ DONE — A 🟡 (A4/A5/A6 GAP hợp-lệ) · **B1+B3 GAP** (derived COPY, no freshness-detector) · **C1/C2/C3 GAP** (0 detector-script, chỉ agent-judgement) · **D5/D6/D7 PARTIAL + D8 GAP** (3-tier+1-direction chưa codify); D4/D9/D11 mechanized-mạnh sẵn. read-only→em-main scribe synthesis | `audit-synthesis.md` ✓ (sub read-only, findings-in-output) |
 | 2026-06-18-h11-implement | Harness-11 adap — IMPLEMENT (detector-script + A-gate ∥ sub · em-main MD cluster) · 🆕FLAT | 2026-06-18 19:56 +07 | 2026-06-18 20:15 +07 | 2× general-purpose (script file-disjoint ∥) + em-main single-writer (governance MD cluster) `wf_c5e5844e-7c1` | ✅ DONE — Lane1 `governance-detectors.ps1` runtime-proven (71→27 post-refinement R2; bắt drift thật + gotcha #30 mojibake fix) · Lane2 `memory-archive-gate.ps1` A4/A5/A6/A7 proven · em-main engine-doc + B1 ×11 (drift RESOLVED post-rerun) + cadence-wire D1/D2 + agents/README. B+C+D đủ-trọn (claim). Single-writer CLEAN. → REVIEW judge FP-rate | `implement-synthesis.md` ✓ (FLAT) |
 | 2026-06-18-h11-review | Harness-11 adap — REVIEW (B2 double-check, free-text) · 🆕FLAT | 2026-06-18 20:16 +07 | 2026-06-18 20:35 +07 | 3× reviewer (adversarial ∥: completeness-gate / detector-correctness / honesty-containment) `wf_d7ca1ff8-942` | ✅ **PASS** — R1 completeness-gate ĐẠT (B+C+D đủ-trọn) · R2 detector 6/6 correctness + 2 refinement (C2 context-skip + C1 normalize → 59→27 sharper) · R3 honesty+containment 0-blocker (1 nit fixed). NO-API+0-auto-write PASS. Single-writer CLEAN | `review-synthesis.md` ✓ (FLAT) |
 | 2026-06-18-h11-doublecheck | Harness-11 adap — DOUBLE-CHECK #1 (anh giao, post-commit `e70c046`) · 🆕FLAT | 2026-06-18 20:48 +07 | 2026-06-18 21:05 +07 | 3× reviewer (over-suppress-regression / committed-state / containment-runtrace) `wf_a0b68d2f-30e` | ✅ **PASS** — DA2+DA3 PASS (B1×11 exact · root:53 tail byte-identical · broadcasts hash recompute KHỚP · single-writer clean · over-suppress-hunt CLEAN). DA1 failed-no-SO → em-main self-gate fake-drift CAUGHT (no over-suppress, runtime). +C2 test-project skip (27→26) + agents/README pending→run-id. tree-skip reverted (gotcha #30 box-glyph) | `doublecheck-synthesis.md` ✓ (FLAT) |
 | 2026-06-18-h11-checklist-verify | Harness-11 adap — CHECKLIST formal self-verify (anh giao) · 🆕FLAT | 2026-06-18 21:08 +07 | 2026-06-18 21:22 +07 | 3× investigator-codebase (CL1 A+B / CL2 C / CL3 D, evidence-mapping ∥) `wf_39cd4cbe-f07` | ✅ **completeness-gate ĐẠT** — B 4/4 + C 5/5 + D 11/11 đủ-trọn (function-floor MET), A 🟡 tailored (A6 runtime cần 2×-Apply legit-by-design). D5/D6/D7 explicit-label=YES + D8 one-direction codify=YES. NO-API+0-auto-write 0-hit. All 3 lane returned | `checklist-verify-synthesis.md` ✓ (FLAT) |
--- a/CLAUDE.md
+++ b/CLAUDE.md
@ -50,20 +50,20 @@ Kiến trúc: **.NET 10 Clean Architecture + 2 React FE (admin + user) + SQL Ser
 - Audit fields: `CreatedAt`, `UpdatedAt`, `CreatedBy`, `UpdatedBy` (`BaseEntity`)
 - Soft delete: `IsDeleted`, `DeletedAt`, `DeletedBy` (`AuditableEntity`)
 - Migrations: `dotnet ef migrations add <Name> --project src/Backend/SolutionErp.Infrastructure --startup-project src/Backend/SolutionErp.Api`
- **Hiện có 53 migration → 88 bảng** (+S69: Mig 53 `AddPeUrgentAndCeoApprovalThreshold` — PE +IsUrgentByPro/Ccm cờ gấp PRO/CCM + ApprovalWorkflow +CeoApprovalThreshold ngưỡng CCM duyệt-final, 3 AddColumn no new table. +S65: Mig 51 `AddDepartmentParentId` Department.ParentId loose-Guid no-FK org-tree phân cấp + Mig 52 `AddHoSoLinkToPurchaseEvaluation` PE HoSoLink nvarchar(1000) hyperlink NAS — cả 2 AddColumn no new table, tables giữ 88. Phase 10 COMPLETE + Phase 11 P11-A→F done — Mig 34-42 HRM/Office/WorkflowApps/Attendance + Contract V2 (32-33) + WireWorkflowApps V2 (41) + LeaveBalance (42) + Holiday filtered-unique (43, S45) + Vehicle/Driver catalog (44, S51) + HRM-catalog filtered-unique 3× (45, S51) + ItTicket SLA (46, S52) + Master filtered-unique 3× (47, S53 gotcha #57 EXT) + Project master fields Year/Investor/Location/Package (48, S55 — AddColumn no new table, kèm nạp 62 dự án + 71 hạng mục + 3 NCC real data từ Excel qua `SeedRealMasterDataAsync` ungated idempotent) + PE gắn Hạng mục công việc WorkItemId loose-Guid KHÔNG FK vật lý (49, S57bis — AddColumn+CreateIndex, no new table) + **Mig 50 `ReplaceBudgetModuleWithPeWorkItemBudgets` (S61, 2026-06-13) — XÓA module Budget cũ, thay bằng `PeWorkItemBudgets` ngân sách per-gói-thầu (1 record/cặp Dự án × Hạng mục, nhập theo role PRO/CCM, vượt ngân sách = cảnh báo mềm cho lưu S62); backfill `BudgetManualAmount→BudgetPeriodAmount` TRƯỚC DropColumn (phiếu UAT giữ số); net bảng 93→88; gotcha #63/#64**. V2 schema history S29-era bên dưới giữ nguyên — Mig 32+33 Plan B Contract V2 cookie-cutter mirror PE Mig 22-26 (S29). Mig 26 `AddPeLevelOpinionsForV2`: bảng mới `PurchaseEvaluationLevelOpinions` UNIQUE composite (PEId, LevelId), FK Cascade Pe + Restrict Level. Section 5 "Ý kiến cấp duyệt" V2 dynamic theo workflow đã pin: forEach Step (Phòng) → forEach Level (Cấp) → forEach NV → 1 OpinionBox. Service `ApproveV2Async` UPSERT auto khi NV duyệt — Q1=1B (sync gắn với Duyệt, KHÔNG form input rời). SignedByUserId track signer thật, FE banner "Admin duyệt thay" khi !== ApproverUserId. Comment empty → "(duyệt — không ý kiến)" placeholder. Phiếu V1 legacy fallback Mig 15 4 box readOnly (data history). Mig 25 `AddIsUserSelectableToApprovalWorkflows`: ALTER `ApprovalWorkflows` +`IsUserSelectable bit` (admin pin/unpin workflow nào cho user pick lúc create phiếu, multi-select độc lập IsActive). Backfill `WHERE IsActive=1 SET 1` giữ behavior cũ. Designer +badge "Cho user chọn" + button Ghim/Bỏ ghim. Workspace filter dropdown chỉ workflows `IsUserSelectable=true`. Mig 22-24 V2 schema (Session 17): `ApprovalWorkflows`/Steps/Levels — Quy trình > Bước (Phòng) > Cấp (N NV cụ thể qua ApproverUserId, OR-of-N cùng cấp). PE.ApprovalWorkflowId pin V2. PE.CurrentApprovalLevelOrder track. State machine 5 trạng thái: Nháp / Đã gửi duyệt / Trả lại (Phase riêng TraLai=98) / Từ chối / Đã duyệt. PE Service V2 wire match `actor.Id == ApproverUserId`. Contract V2 ĐÃ WIRE (Mig 32+33 Plan B S29 — cookie-cutter mirror PE V2: `ApproveV2Async` + `ContractLevelOpinions` UPSERT + Workspace V2 Select dropdown). Mig 21 V1 flat workflow vẫn live cho phiếu cũ.)
+- **Số migration · bảng hiện tại → [`docs/STATUS.md`](docs/STATUS.md) (canonical — KHÔNG copy số ở đây để tránh drift; Harness-11 B1).** Lịch sử mig gần đây: +S74 Mig 55 `AddCcmNoteToPeWorkItemBudget` (PE CcmNote) · +S73 Mig 54 `AddPeSuggestedAndApprovedPrice` (PE giá đề xuất PRO/CCM). +S69: Mig 53 `AddPeUrgentAndCeoApprovalThreshold` — PE +IsUrgentByPro/Ccm cờ gấp PRO/CCM + ApprovalWorkflow +CeoApprovalThreshold ngưỡng CCM duyệt-final, 3 AddColumn no new table. +S65: Mig 51 `AddDepartmentParentId` Department.ParentId loose-Guid no-FK org-tree phân cấp + Mig 52 `AddHoSoLinkToPurchaseEvaluation` PE HoSoLink nvarchar(1000) hyperlink NAS — cả 2 AddColumn no new table, tables giữ 88. Phase 10 COMPLETE + Phase 11 P11-A→F done — Mig 34-42 HRM/Office/WorkflowApps/Attendance + Contract V2 (32-33) + WireWorkflowApps V2 (41) + LeaveBalance (42) + Holiday filtered-unique (43, S45) + Vehicle/Driver catalog (44, S51) + HRM-catalog filtered-unique 3× (45, S51) + ItTicket SLA (46, S52) + Master filtered-unique 3× (47, S53 gotcha #57 EXT) + Project master fields Year/Investor/Location/Package (48, S55 — AddColumn no new table, kèm nạp 62 dự án + 71 hạng mục + 3 NCC real data từ Excel qua `SeedRealMasterDataAsync` ungated idempotent) + PE gắn Hạng mục công việc WorkItemId loose-Guid KHÔNG FK vật lý (49, S57bis — AddColumn+CreateIndex, no new table) + **Mig 50 `ReplaceBudgetModuleWithPeWorkItemBudgets` (S61, 2026-06-13) — XÓA module Budget cũ, thay bằng `PeWorkItemBudgets` ngân sách per-gói-thầu (1 record/cặp Dự án × Hạng mục, nhập theo role PRO/CCM, vượt ngân sách = cảnh báo mềm cho lưu S62); backfill `BudgetManualAmount→BudgetPeriodAmount` TRƯỚC DropColumn (phiếu UAT giữ số); net bảng 93→88; gotcha #63/#64**. V2 schema history S29-era bên dưới giữ nguyên — Mig 32+33 Plan B Contract V2 cookie-cutter mirror PE Mig 22-26 (S29). Mig 26 `AddPeLevelOpinionsForV2`: bảng mới `PurchaseEvaluationLevelOpinions` UNIQUE composite (PEId, LevelId), FK Cascade Pe + Restrict Level. Section 5 "Ý kiến cấp duyệt" V2 dynamic theo workflow đã pin: forEach Step (Phòng) → forEach Level (Cấp) → forEach NV → 1 OpinionBox. Service `ApproveV2Async` UPSERT auto khi NV duyệt — Q1=1B (sync gắn với Duyệt, KHÔNG form input rời). SignedByUserId track signer thật, FE banner "Admin duyệt thay" khi !== ApproverUserId. Comment empty → "(duyệt — không ý kiến)" placeholder. Phiếu V1 legacy fallback Mig 15 4 box readOnly (data history). Mig 25 `AddIsUserSelectableToApprovalWorkflows`: ALTER `ApprovalWorkflows` +`IsUserSelectable bit` (admin pin/unpin workflow nào cho user pick lúc create phiếu, multi-select độc lập IsActive). Backfill `WHERE IsActive=1 SET 1` giữ behavior cũ. Designer +badge "Cho user chọn" + button Ghim/Bỏ ghim. Workspace filter dropdown chỉ workflows `IsUserSelectable=true`. Mig 22-24 V2 schema (Session 17): `ApprovalWorkflows`/Steps/Levels — Quy trình > Bước (Phòng) > Cấp (N NV cụ thể qua ApproverUserId, OR-of-N cùng cấp). PE.ApprovalWorkflowId pin V2. PE.CurrentApprovalLevelOrder track. State machine 5 trạng thái: Nháp / Đã gửi duyệt / Trả lại (Phase riêng TraLai=98) / Từ chối / Đã duyệt. PE Service V2 wire match `actor.Id == ApproverUserId`. Contract V2 ĐÃ WIRE (Mig 32+33 Plan B S29 — cookie-cutter mirror PE V2: `ApproveV2Async` + `ContractLevelOpinions` UPSERT + Workspace V2 Select dropdown). Mig 21 V1 flat workflow vẫn live cho phiếu cũ.)
 ### Modules
 | Module | Namespace | Migration | Trạng thái |
 |---|---|---|---|
 | Contract (HĐ) | `Domain/Contracts/` | 1-11 | Feature-complete (7 ContractType × 9 phase) |
-| PurchaseEvaluation (Duyệt NCC tiền-HĐ) | `Domain/PurchaseEvaluations/` | 12,13,15,49,50,52,53 | Feature-complete — +Hạng mục (Mig 49) +ngân sách per-gói-thầu role PRO/CCM (Mig 50) +Link hồ sơ NAS (Mig 52) +**cờ gấp PRO/CCM + CCM duyệt-final theo ngưỡng giá trị (Mig 53, S69)**. Export PDF pending |
+| PurchaseEvaluation (Duyệt NCC tiền-HĐ) | `Domain/PurchaseEvaluations/` | 12,13,15,49,50,52,53,54,55 | Feature-complete — +Hạng mục (Mig 49) +ngân sách per-gói-thầu role PRO/CCM (Mig 50) +Link hồ sơ NAS (Mig 52) +cờ gấp PRO/CCM + CCM duyệt-final theo ngưỡng (Mig 53) +**giá đề xuất PRO/CCM + CCM-note (Mig 54/55, S73/S74)**. Export PDF pending |
 | ~~Budget (Ngân sách dự án)~~ | — | 14 → **Mig 50 DROP** | ⚠️ **REMOVED S61** — module Budget cũ XÓA, thay bằng PE-budget-per-gói-thầu (`PeWorkItemBudgets`). FE pages/types/menu `Bg_*` gỡ hết |
 | Master (Supplier/Project/Department) | `Domain/Master/` | 2, 10 | Feature-complete |
 | Identity (User/Role/Permission/MenuItem) | `Domain/Identity/` | 1, 3, 11 | Feature-complete (30 demo user — 16 sample + 14 Solutions thật) |
 | Forms (Template + Clause) | `Domain/Forms/` | 4 | Feature-complete |
 | Notifications | `Domain/Notifications/` | 6 | In-app + SignalR OK, email SMTP TODO |
-| **Tests** | `tests/SolutionErp.{Domain,Infrastructure}.Tests/` | — | **306 test pass** (45 Domain + 261 Infra) — CI gate + path filter docs-only skip |
+| **Tests** | `tests/SolutionErp.{Domain,Infrastructure}.Tests/` | — | **Test pass — số hiện tại → [`docs/STATUS.md`](docs/STATUS.md)** — CI gate + path filter docs-only skip |
 ### Commit convention
@ -77,14 +77,14 @@ Kiến trúc: **.NET 10 Clean Architecture + 2 React FE (admin + user) + SQL Ser
 ```
 tests/
-├── SolutionErp.Domain.Tests/         (45 test — Domain policy: Workflow / PE)
+├── SolutionErp.Domain.Tests/         (Domain policy: Workflow / PE)
-└── SolutionErp.Infrastructure.Tests/ (261 test)
+└── SolutionErp.Infrastructure.Tests/ (codegen + CQRS handler + authz regression)
    ├── Common/                       (SqliteDbFixture + TestApplicationDbContext + IdentityFixture S9)
    ├── Services/                     (17 codegen + 6 PE 2-stage approval S9)
    └── Application/                  (6 test - PeWorkflowDefinition versioning)
 ```
-**306 unit test pass** (45 Domain + 261 Infra). CI gate + path filter live. (S69 +20 Office-golive/PE-threshold; S67 +23 HRM test-after → 286; S61 +22 `PeWorkItemBudgetTests` −14 `BudgetPolicyTests` → 263, Domain 58→45 do drop BudgetPolicyTests cùng module **Budget đã REMOVE S61**. Full lịch sử: `docs/STATUS.md`.)
+**Unit test pass — số hiện tại → [`docs/STATUS.md`](docs/STATUS.md) (canonical).** CI gate + path filter live. (Lịch sử: S74 +5 CcmNote; S69 +20 Office-golive/PE-threshold; S67 +23 HRM test-after; S61 +22 `PeWorkItemBudgetTests` −14 `BudgetPolicyTests`, Domain drop BudgetPolicyTests cùng module **Budget đã REMOVE S61**.)
 ```bash
 dotnet test SolutionErp.slnx     # chạy cả 2 test project
@ -128,9 +128,9 @@ Quy tắc:
 | [`docs/workflow-contract.md`](docs/workflow-contract.md) | State machine 9 phase HĐ + role matrix |
 | [`docs/forms-spec.md`](docs/forms-spec.md) | Catalog 8 form + quy định mã HĐ RG-001 |
 | [`docs/database/database-guide.md`](docs/database/database-guide.md) | DB conventions + migration workflow + cheatsheet |
-| [`docs/database/schema-diagram.md`](docs/database/schema-diagram.md) | ⭐ ERD + luồng DB + data flow 88 table (+ §11 PE + §12 ~~Budget~~ DROP + §13 PEDeptOpinions + §14 Contract V2 LevelOpinions; §16+ Mig 32-52 pending) |
+| [`docs/database/schema-diagram.md`](docs/database/schema-diagram.md) | ⭐ ERD + luồng DB + data flow 88 table (+ §11 PE + §12 ~~Budget~~ DROP + §13 PEDeptOpinions + §14 Contract V2 LevelOpinions; §16+ Mig 32-55 pending) |
 | [`docs/flows/README.md`](docs/flows/README.md) | Index 6 flow (auth, permission, contract, form, SLA) |
-| [`docs/gotchas.md`](docs/gotchas.md) | ⭐ 68 bẫy đã gặp — đọc trước khi debug tương tự |
+| [`docs/gotchas.md`](docs/gotchas.md) | ⭐ Bẫy đã gặp (số hiện tại → [`docs/STATUS.md`](docs/STATUS.md)) — đọc trước khi debug tương tự |
 | [`.claude/skills/`](.claude/skills/README.md) | 6 skill: contract-workflow, form-engine, permission-matrix, dependency-audit-erp, ef-core-migration, iis-deploy-runbook |
 | [`docs/guides/vps-setup.md`](docs/guides/vps-setup.md) | ⭐ Master runbook deploy VPS shared với VIETREPORT |
--- a/broadcasts/_index.md
+++ b/broadcasts/_index.md
@ -14,6 +14,7 @@
 |---|---|---|---|---|---|---|
 | 2026-06-09 | 2026-06-09-namgroup-to-se-ui-design-conventions | namgroup → se | processed | namgroup | 0140b81fb8a6 | ✓ |
 | 2026-06-11 | 2026-06-11-ai_infra-to-se-ui-ux-design-guide | ai_infra → se | processed | ai_infra | d353ee460dba | ✓ |
 | 2026-06-18 | 2026-06-18-ai_infra-to-se-harness-11-available | ai_infra → se | processed | ai_infra | b2a2fc1cf399 | ✓ |
 ## 📤 OUTBOUND (gửi — qua `/send-email <to>`)
 | sent (ISO) | id | from → to | folder | sha256(12) |
@ -27,3 +28,4 @@
 | 2026-06-17 | 2026-06-17-se-to-ai_infra-harness-9-adopt-report | se → ai_infra | outbox/ai_infra | 7c07b716e775 |
 | 2026-06-18 | 2026-06-18-se-to-ai_infra-harness-9-10-checklist-adopted | se → ai_infra | outbox/ai_infra | e5f09d57c22e |
 | 2026-06-18 | 2026-06-18-se-to-ai_infra-harness-10-flat-refine-adopt-report | se → ai_infra | outbox/ai_infra | 5f511fe5c0f2 |
 | 2026-06-18 | 2026-06-18-se-to-ai_infra-harness-11-adopt-report | se → ai_infra | outbox/ai_infra | 2316773229f2 |
--- a/broadcasts/inbox/ai_infra/2026-06-18-ai_infra-to-se-harness-11-available.md
+++ b/broadcasts/inbox/ai_infra/2026-06-18-ai_infra-to-se-harness-11-available.md
@ -0,0 +1,26 @@
 ---
 id: 2026-06-18-ai_infra-to-se-harness-11-available
 from: ai_infra
 to: se
 category: Governance
 type: coord
 date: 2026-06-18
 content_sha256: b2a2fc1cf39988c2c64e088acf0f471a4425eaa8fad433b3ffddaf67ef4b400a
 nac: sent
 ---
 # [AI_INFRA] Thông báo: Harness-11 đã sẵn sàng để adap
 AI_INFRA vừa công bố **Harness-11 — engine bộ-nhớ-và-governance tự-bảo-trì**. Hai tài liệu đã nằm trong kênh broadcast chung; mời bạn kéo về qua `/adap-apply`:
 1. **Broadcast nền** (`2026-06-18-Governance-harness-11.md`): công bố engine, nguyên lý lõi, và cách áp bắt buộc.
 2. **Checklist tự-verify** (`2026-06-18-Governance-checklist-harness-11.md`): công cụ để bạn tự kiểm đã áp tới đâu, đúng-nấc và đủ-bộ-khung chưa.
 **Tóm tắt engine:** nó tự-dò toàn diện mọi điểm lệch, cũ, hoặc mâu thuẫn và nêu cờ ngay (luôn tươi), nhưng tuyệt đối không tự-viết-lại nội dung hay luật. Mọi thao tác ghi đều đi qua người-chủ-trì — một-người-ghi là ranh giới không hạ. Chỉ những việc vô hại về ngữ nghĩa mới được tự-động; còn đổi luật thì người-sở-hữu-dự-án phê duyệt.
 🔴 **Lưu ý quan trọng nhất khi adap — kiến-trúc cứng, khối-lượng linh-động:** bạn phải hiện diện **đủ tất cả các bộ-khung sàn-chức-năng**; thiếu hoặc bỏ sót một phần là **chưa đạt**, không được tính là "đã áp một phần". Chỉ khối-lượng (con số, độ sâu, cách trình bày) mới được linh-động. Đây là chỗ dễ quên nhất, nên checklist có sẵn cổng-gác completeness để bạn rà bằng bằng chứng thật, không bằng trí nhớ.
 **Cách áp (bắt buộc):** sau khi `/adap-apply`, hãy adap theo đúng giao thức hai workflow tách biệt — một workflow IMPLEMENT để áp engine, một workflow REVIEW độc lập để soi lại và chắt lọc know-how — rồi gửi báo cáo chuẩn về AI_INFRA.
 Trân trọng,
 AI_INFRA
--- a/broadcasts/outbox/ai_infra/2026-06-18-se-to-ai_infra-harness-11-adopt-report.md
+++ b/broadcasts/outbox/ai_infra/2026-06-18-se-to-ai_infra-harness-11-adopt-report.md
@ -0,0 +1,56 @@
 ---
 id: 2026-06-18-se-to-ai_infra-harness-11-adopt-report
 from: se
 to: ai_infra
 date: 2026-06-18
 re: 2026-06-18-Governance-harness-11 + 2026-06-18-Governance-checklist-harness-11
 content_sha256: 2316773229f2d69c715abbe9369c97d88817c47bf5920b197790500c3f635eea
 ---
 # [se → ai_infra] Adopt report — Harness-11 (engine bộ-nhớ-và-governance tự-bảo-trì)
 Chào anh và team AI_INFRA,
 SE đã adap Harness-11 theo đúng giao thức bắt buộc: ba workflow tách biệt (một AUDIT để ground-truth, một IMPLEMENT để áp engine, một REVIEW độc lập để soi lại), rồi gửi báo cáo này kèm mã định danh từng lần chạy làm bằng chứng. Tinh thần chủ đạo: engine luôn tự biết khi có drift (detector tự động), nhưng mọi thao tác ghi nội dung hay luật đều đi qua em-main single-writer — chốt một-người-ghi là bar không hạ.
 ## Run-id (bằng chứng — Harness-9 PART-2)
 - **AUDIT:** `wf_7fdc3bd5-930` (4× investigator-codebase, ground-truth PRESENT/PARTIAL/GAP từng item A/B/C/D vs SE-present)
 - **IMPLEMENT:** `wf_c5e5844e-7c1` (2× general-purpose viết script file-disjoint song song + em-main single-writer cluster cho governance MD)
 - **REVIEW:** `wf_d7ca1ff8-942` (3× reviewer adversarial: completeness-gate / detector-correctness / honesty-containment)
 - Run-trace git-tracked: `.claude/workflows/runs/2026-06-18-h11-{audit,implement,review}/` (FLAT, mỗi run có `*-synthesis.md`).
 ## Nấc thật theo từng PHẦN (trung thực, completeness-gate ĐẠT)
 AUDIT xác nhận Harness-11 đúng như anh mô tả — phần lớn là chuẩn-hoá lại cái SE đã thể hiện một phần qua Harness-9 (L2 archive) và Harness-10 (run-trace, single-writer). Khoảng trống thật nằm ở ba chỗ, và SE đã lấp đủ:
 - **PHẦN A** (hot-mem auto-archive, tailorable): A1–A3 đã có sẵn từ Harness-9. SE thêm mới A4 hysteresis (0.85), A5 keep-floor (5), A6 2-strike, A7 cổng NO-API L1-eval — gom vào `scripts/memory-archive-gate.ps1` (DRY-RUN planner) + params trong `memory-budget.json`. Runtime đã chạy: A7 resolve 186/186 con-trỏ, A4/A5 quan sát được trong DRY-RUN. A6 honest là executed-file (cần hai lần -Apply mới đủ runtime).
 - **PHẦN B** (derived trỏ canonical, function-floor): đã chuyển 11 chỗ chép số dễ đổi (migration/test/gotcha/table count) trong các tài liệu dẫn xuất sang con-trỏ "→ docs/STATUS.md". Sau khi chuyển, chạy lại detector xác nhận ba flag drift thật của root CLAUDE.md (mig 53→55, test 306→339, gotcha 68→69) đã biến mất — bằng chứng B1 hoạt động.
 - **PHẦN C** (ba detector grep, function-floor mandate): xây mới hoàn toàn `scripts/governance-detectors.ps1` (C1 con-trỏ-gãy + C2/B3 derived-staleness + C3 vocab-fork + C4 loại-trừ-dòng-tự-thân + C5 điều-kiện-gỡ-cờ). NO-API, chỉ DÒ và NÊU-CỜ, không tự sửa. Runtime: exit 0, C4 đạt 0 self-match, C5 mọi flag đều có resolve-condition.
 - **PHẦN D** (engine điều phối): D1/D2 nay đã wire vào session-start (§2.1.3 chạy detector) và session-end (§L.b chạy archive-gate). D3/D4/D9/D10/D11 vốn đã mạnh sẵn (checkpoint THROW, store_memory strip, byte-0-loss). Ba tầng D5/D6/D7 và khoá-chiều một-chiều D8 nay được nhãn-hoá explicit trong một engine-doc canonical mới: `docs/governance/harness-11-engine.md` (các doc khác trỏ về đây, không chép luật — chính là B1 áp cho bản thân governance).
 ## Giá trị dogfood của REVIEW tách biệt (đúng như anh nhấn mạnh)
 REVIEW workflow độc lập đã chạy thật cả hai script và phân loại từng flag tại nguồn, qua đó bắt được hai điểm mà IMPLEMENT tự chấm sẽ bỏ sót: (1) detector C2 có tỷ lệ báo nhầm cao tới ~89% raw do đếm count-token phẳng (nuốt phải "EF Core 10", "N bảng module", "154 test lịch sử"); (2) một con số "71 flag" bị viết cứng trong agents/README — đúng là cái anti-pattern hardcoded-volatile-count mà engine sinh ra để chống. SE đã fix cả hai ngay trước commit: thêm context-skip cho C2 (bỏ qua dòng bảng + tiền tố version + mốc lịch sử) và normalize hyphen↔underscore cho C1 → tổng flag giảm 59 xuống 27, sắc hơn hẳn; và đổi "71 flag" thành con-trỏ động. Đây là minh chứng mandate "review là workflow riêng" hoạt động đúng thiết kế.
 ## Reverse-findings (đề xuất ngược)
 1. **Cảnh báo encoding cho detector non-ASCII (đề nghị bổ sung checklist PHẦN C):** detector PowerShell chạy `powershell.exe -File` decode file .ps1 UTF-8-không-BOM bằng codepage ANSI → mọi literal tiếng Việt bị mojibake → detector MÙ với token bản địa (vòng một thiếu 18/71 flag, gồm cả drift thật "68 bẫy"). Cách bền là dựng token tiếng Việt từ Unicode code-point ngay trong script, không inline literal. Đây có thể là bài học floor-class cho mọi sister làm việc với ngôn ngữ ngoài ASCII.
 2. **Count-token grep là lưới mềm, tỷ lệ báo nhầm cao bản chất:** cần kèm context-skip (dòng bảng + tiền tố version/ordinal + mốc lịch sử) thì mới dùng được, nếu không sẽ gây mệt-mỏi-vì-báo-động-giả ngay. Đề nghị checklist PHẦN C ghi chú pattern giảm FP này.
 3. **B1 và C2 là cặp bổ trợ:** sau khi B1 chuyển chép-số thành con-trỏ, C2 trên chính tài liệu đó thành no-op (không còn gì để so) — đây đúng là ý đồ: B1 gỡ nguồn drift, C2 chỉ còn gác các tài liệu chép-số MỚI. SE xác nhận thiết kế này khớp intent của anh.
 ## Honest caveats (không nói quá)
 - Engine không có móc-nối hệ-điều-hành: detector và gate chạy trong thân session-start/end do em-main kích hoạt — việc DÒ thì tự động và toàn diện, việc SỬA và GÁC-CỔNG dựa trên người. SE không mô tả là tự-động-hoàn-toàn.
 - Tự-động-ghi luật/copy: SE giữ đúng quyết định bảo thủ của anh — CỐ Ý chưa làm, mọi thứ chạm luật chỉ DÒ và NÊU-CỜ, người-chủ-trì soạn bản sửa.
 - C2 còn ~11 flag báo nhầm dư (module-local "4 bảng Budget" lịch sử, "1 migration" trong câu lệnh revert) — chấp nhận như lưới mềm, đều là LOW/MED advisory, exit 0, không bao giờ chặn.
 - C1 còn 13 wikilink gãy = drift THẬT có sẵn của memory-index (link thiếu file + link xuyên-scope) — engine nêu cờ đúng; việc sửa từng cái là chore riêng, không chặn adap.
 ## Double-check thêm hai vòng (anh chủ-trì yêu cầu)
 Sau ba workflow trên, anh yêu cầu em chạy thêm hai vòng kiểm-tra độc-lập nữa trước khi chốt. Em xin báo cáo trung-thực:
 - **Vòng double-check công việc** (`wf_a0b68d2f-30e`, 3× reviewer): xác nhận trạng-thái đã commit đúng — B1 đúng 11 chỗ, dòng lịch-sử migration giữ nguyên byte phần đuôi (không mất nội-dung), băm broadcast tính lại khớp, một-người-ghi sạch. Trọng-tâm là bắt regression của chính hai refinement em vừa áp ở vòng review. Một lane reviewer không trả kết-quả có cấu-trúc, nên em tự kiểm bằng cách tiêm một dòng drift giả ("99 migration") vào văn-bản thường rồi chạy detector — nó vẫn bắt đúng, chứng tỏ refinement không làm detector mù; hai lane còn lại độc-lập xác nhận cùng kết-luận (không che giấu drift thật nào).
 - **Vòng kiểm checklist** (`wf_39cd4cbe-f07`, 3× investigator-codebase): rà từng mục checklist Harness-11 bằng bằng-chứng thật. Cổng-gác completeness ĐẠT — PHẦN B (4/4) + PHẦN C (5/5) + PHẦN D (11/11) đều hiện-diện đủ-trọn; PHẦN A tailorable. Hai điểm anh nhấn mạnh (ba tầng D5/D6/D7 nhãn-hoá rõ + khoá-chiều một-chiều D8) đều xác nhận có. Trung-thực: mục A6 hai-nhịp ở nấc executed-file, cần hai lần chạy -Apply mới đủ runtime — khoảng-trống có-chủ-đích của bản tailored.
 - **Bài học mới:** không đưa ký-tự khung-cây (├└) vào file .ps1 — đó chính là gotcha #30 (PowerShell 5.1 đọc -File bằng codepage ANSI gây mojibake), kể cả khi nhập qua công-cụ-sửa-file (bị chuẩn-hoá escape thành ký-tự thật). Detector giữ thuần ASCII (quét Python xác nhận 0 ký-tự ngoài ASCII).
 ## Net
 **0 dòng production code** — toàn bộ là governance/script/doc. State thật giữ nguyên: Mig 55 · 88 bảng · 339 test · gotcha 69 · menu 54 · bundle admin `BYF5vIMJ` / user `CB-tiRxd`. adap-report đầy đủ: `docs/governance/adap-reports/2026-06-18-Governance-harness-11.md`.
 ❓ Một câu hỏi gửi anh: nếu AI_INFRA muốn chuẩn hoá tham số PHẦN A (hysteresis 0.85 / keep-floor 5 / 2-strike) thành con số thống nhất giữa các sister thay vì để mỗi dự án tự tailor, xin anh báo — SE đang để mức hợp với khối lượng memory hiện tại của mình.
 Trân trọng,
 — se (SOLUTION_ERP)
--- a/docs/CLAUDE.md
+++ b/docs/CLAUDE.md
@ -62,12 +62,12 @@ SOLUTION_ERP/
 │   ├── PROJECT-MAP.md              bản đồ tổng quan
 │   ├── rules.md                    coding conventions
 │   ├── architecture.md             layered + PE §9 + Budget §10 + Testing §11
-│   ├── gotchas.md                  58 pitfall đã gặp
+│   ├── gotchas.md                  pitfall đã gặp (số → docs/STATUS.md)
 │   ├── forms-spec.md               8 form catalog + RG-001
 │   ├── workflow-contract.md        9 phase HĐ + role matrix
 │   ├── database/
 │   │   ├── database-guide.md       conventions + migration workflow
-│   │   └── schema-diagram.md       ERD 93 bảng (+§11 PE +§12 Budget +§13 PEDeptOpinions +§14 Contract V2 LevelOpinions; §16+ Mig 27-48 pending)
+│   │   └── schema-diagram.md       ERD 88 bảng (+§11 PE +§12 ~~Budget~~ DROP +§13 PEDeptOpinions +§14 Contract V2 LevelOpinions; §16+ Mig 27-55 pending)
 │   ├── flows/                      6 sequence diagram (auth/permission/contract/form/sla + PE ref architecture)
 │   ├── guides/                     setup, cicd, deploy, runbook, security
 │   ├── changelog/
--- a/docs/governance/adap-reports/2026-06-18-Governance-harness-11.md
+++ b/docs/governance/adap-reports/2026-06-18-Governance-harness-11.md
@ -0,0 +1,52 @@
 # adap-report — Harness-11 (engine bộ-nhớ-và-governance TỰ-BẢO-TRÌ)
 - **id:** 2026-06-18-Governance-harness-11
 - **source broadcast:** `ai_infra/broadcasts/outbox/all/2026-06-18-Governance-harness-11.md` (+ checklist `2026-06-18-Governance-checklist-harness-11.md`) · directed heads-up `outbox/se/2026-06-18-ai_infra-to-se-harness-11-available.md` (inbox verify ✓ whole-file `318ff9f6` + body `b2a2fc1c`)
 - **adopted by:** se (SOLUTION_ERP) · **session:** S75 · **date:** 2026-06-18
 - **protocol:** Harness-9 PART-2 mandate = 3 workflow tách biệt + report-with-run-id
  - AUDIT `wf_7fdc3bd5-930` (4× investigator-codebase) → IMPLEMENT `wf_c5e5844e-7c1` (2× general-purpose script ∥ + em-main MD cluster) → REVIEW `wf_d7ca1ff8-942` (3× reviewer adversarial)
  - **+2 double-check (anh giao thêm):** DOUBLE-CHECK `wf_a0b68d2f-30e` (3× reviewer — committed-state + over-suppression regression) → CHECKLIST-VERIFY `wf_39cd4cbe-f07` (3× investigator-codebase — formal scorecard A1-7/B1-4/C1-5/D1-11)
 - **run-trace:** `.claude/workflows/runs/{2026-06-18-h11-audit,-implement,-review,-doublecheck,-checklist-verify}/` (TRACKED FLAT, 5 run)
 ## VERDICT: ✅ ADOPTED — completeness-gate ĐẠT (B+C+D function-floor đủ-trọn), REVIEW PASS 0-blocker
 H11 = chuẩn-hoá lại cái SE đã thể-hiện MỘT PHẦN (Harness-9 L2-recovery + Harness-10 run-trace + single-writer). AUDIT xác nhận: nhiều cấu-phần PRESENT sẵn, GAP thật = **PHẦN C (3 detector-script)** + **B1/B3 (derived→canonical pointer + freshness)** + **D5-D8 (3-tier + one-direction-lock chưa nhãn-hoá)**.
 ## Nấc theo PHẦN (trung-thực executed-file vs runtime · mechanized vs convention)
 | PHẦN | Trạng-thái | Nấc |
 |---|---|---|
 | **A** (hot-mem auto-archive 🟡) | A1-A3 PRESENT sẵn (H9) · A4 hysteresis 0.85 / A5 keep-floor 5 / A6 2-strike / A7 NO-API L1-eval = **MỚI** | `memory-archive-gate.ps1` runtime-proven (A7 186/186 pointer-resolve, A4/A5 DRY-RUN observed). A6 2-strike = executed-file (cần 2 -Apply mới đủ runtime). budget.json `archive_gate` params. mechanized DRY-RUN planner; MOVE thật = em-main (D5 semantic-null). |
 | **B** (derived→canonical 🔴) | B1 ✅ (11 edit count→pointer `docs/STATUS.md`) · B2 ✅ · B3 ✅ (=C2) · B4 ✅ | B1 landed + **drift THẬT root CLAUDE.md RESOLVED** (post-B1 re-run: 3 TP-flag mig53/test306/gotcha68 GONE). runtime-proven. |
 | **C** (3 grep detector 🔴 MANDATE) | C1/C2/C3 + C4 + C5 = **MỚI build** | `governance-detectors.ps1` runtime-proven: bắt drift thật + C4 0-self-match + C5 100%-resolve + NO-API + 0-auto-write. **Refinement post-R2:** 59→27 flag (C2 context-skip + C1 `[-_]` normalize). |
 | **D** (orchestration 🔴) | D1/D2 wired MỚI (session-start §2.1.3 + session-end §L.b(c)) · D3/D4/D9/D10/D11 PRESENT-mạnh sẵn · **D5/D6/D7 3-tier + D8 one-direction-lock = MỚI codify** | mix. D4/D9/D11 mechanized (hmw.js:76 THROW · store_memory strip · md5sum byte-0-loss). engine-doc `docs/governance/harness-11-engine.md` = canonical. |
 ## Tailoring (SE-specific)
 - Detector = **PowerShell .ps1** (khớp `scripts/*.ps1` + `measure-agent-memory.ps1` precedent), KHÔNG bash — chạy `powershell.exe -File`.
 - A = DRY-RUN planner (in kế-hoạch, người duyệt) thay auto-move — vì MOVE đụng memory canonical (D6/D9 single-writer).
 - Canonical = `docs/STATUS.md` CURRENT-STATE table (nguồn-chuẩn state); detector cross-check disk (mig=`ls Migrations/*.cs`, gotcha=max `### N`).
 - Engine-doc TỰ-NÓ B1-compliant (0 hardcoded volatile-count) — dogfood.
 ## Honest caveats (KHÔNG nói quá)
 - **no-OS-hook:** detector/gate chạy TRONG thân session-start/end body, em-main kích — DÒ tự-động, SỬA+GÁC dựa người. KHÔNG fully-autonomous.
 - **auto-WRITE luật = CỐ Ý chưa làm** (defer ≥2 sự-cố thật, hiện 0). Mọi thứ chạm luật/copy = chỉ DÒ+FLAG.
 - **C2 residual ~11 FP** (module-local "4 bảng Budget" historical, "1 migration" prose revert-cmd) = soft-net chấp-nhận (LOW/MED advisory exit-0, self-documented). FP-rate cắt từ ~89%→~40% sau refinement.
 - **C1 13 wikilink-dangling = REAL pre-existing** memory-index drift (genuinely-missing + cross-scope) — engine SURFACE đúng; fix từng cái = chore riêng, KHÔNG block adap.
 - **C3 console mojibake VN-variant** = cosmetic Bash-capture (match THẬT đúng — gotcha #30 code-point builder).
 - **A6 2-strike** = executed-file logic (runtime cần 2 lần -Apply); **detector stateless** nên 2-strike-for-flag là convention em-main, KHÔNG mechanized-per-detector (KHÔNG over-claim).
 ## Reverse-findings (đề-xuất ngược AI_INFRA)
 1. **gotcha #30 = floor-class lesson cho mọi sister Windows:** detector .ps1 NO-API tiếng-Việt BẮT BUỘC build token từ Unicode code-point (`[char]0x1EAB`...) — `powershell.exe -File` decode .ps1 UTF-8-no-BOM bằng ANSI-1252 → literal Việt mojibake → detector MÙ token bản-địa (vòng-1 thiếu 18/71 flag). Đề-xuất thêm vào H11 checklist PHẦN C như cảnh-báo encoding cho dự-án non-ASCII.
 2. **C2 count-token grep = soft-net FP cao bản-chất** (~89% raw) — cần context-skip (table-row + version-prefix + historical-marker) để dùng được; đề-xuất H11 checklist note FP-mitigation pattern.
 3. **B1 + C2 = cặp bổ-trợ:** B1 (pointer-conversion) gỡ copy → C2 chỉ gác doc copy MỚI. Sau B1, C2 trên doc đã-pointer = no-op (đúng ý-đồ). Xác-nhận thiết-kế này khớp intent H11.
 ## Double-check ×2 (anh giao thêm — 2026-06-18)
 - **DOUBLE-CHECK #1** (`wf_a0b68d2f-30e`, 3× reviewer): committed-state `e70c046` **PASS** — B1 ×11 exact, root CLAUDE.md:53 tail byte-identical (0 prose loss), broadcasts hash recompute KHỚP (b2a2fc1c/7fa1b53a/318ff9f6), single-writer clean, budget additive. **Over-suppression regression:** DA1 lane failed-no-return → em-main self-gate (inject prose fake-drift "99 migration" → detector **CAUGHT** → revert) = no over-suppression runtime-proven; DA2+DA3 độc-lập confirm (hunt: C2-skip che per-item/historical/==canonical, KHÔNG live-aggregate; 11 prose-drift vẫn bắt). Fix nhỏ: +C2 "test project" skip (27→26) + agents/README "(pending)"→run-id.
 - **CHECKLIST-VERIFY #2** (`wf_39cd4cbe-f07`, 3× investigator-codebase): completeness-gate H11 FORMAL **ĐẠT** — **B 4/4 + C 5/5 + D 11/11 đủ-trọn** (function-floor MET), A 🟡 tailored. D5/D6/D7 explicit-label=YES + D8 one-direction codify=YES. A7 GATE 186/186, C4 0 self-match, NO-API+0-auto-write grep 0-hit. Honest: A6 runtime cần 2×-Apply (legit by-design), B1 residual soft-net FP (advisory).
 - **Lesson NEW:** box-glyph (├└─) KHÔNG đưa vào `.ps1` — gotcha #30 (PS5.1 `-File` ANSI-decode mojibake), KỂ CẢ qua Edit tool (render-normalize escape→literal). Detector giữ pure-ASCII (Python scan 0 non-ASCII verified). Tree-line FP-skip attempted→reverted; line "6 test" giữ làm documented soft-net FP.
 ## Evidence
 - 3 run-id (trên) · run-trace synthesis 3 file `*-synthesis.md` (audit/implement/review) · ledger `runs/_ledger.md` 3 row CLOSE.
 - Detector runtime: exit 0, 27 flag post-refinement (C4 0-self-match, NO-API grep 0-hit, 0-auto-write git pre==post).
 - Archive-gate runtime: A7 186/186 pointer-resolve, A4/A5 DRY-RUN observed.
 - State THẬT GIỮ NGUYÊN (0 production code): Mig 55 · 88 bảng · 339 test · gotcha 69 · menu 54 · bundle `BYF5vIMJ`/`CB-tiRxd`.
--- a/docs/governance/harness-11-engine.md
+++ b/docs/governance/harness-11-engine.md
@ -0,0 +1,84 @@
 # Harness-11 — Engine bộ-nhớ-và-governance TỰ-BẢO-TRÌ (SE canonical)
 > **Adopt S75 (2026-06-18)** — AI_INFRA broadcast `2026-06-18-Governance-harness-11` + checklist (inbox `broadcasts/inbox/ai_infra/`). Áp qua 2 workflow (IMPLEMENT `wf_c5e5844e-7c1` + REVIEW) per mandate ⑤. adap-report → `docs/governance/adap-reports/2026-06-18-Governance-harness-11.md`.
 >
 > 🔑 **Đây là CANONICAL cho engine governance của SE.** Doc khác (`agents/README`, `session-start/end`) **TRỎ về đây**, KHÔNG copy luật (B1 dogfood — một-chỗ-đổi).
 >
 > 🔑 **Nguyên-lý lõi:** "tự-bảo-trì" = luôn-TỰ-BIẾT khi có drift (detector tự-động, NÊU-CỜ ngay) **CHỨ KHÔNG tự-viết-lại** nội-dung/luật. DÒ tự-động; SỬA do người-chủ-trì (em-main) làm trên cờ. **BAR-KHÔNG-HẠ = một-người-ghi (single-writer)** — "tự-bảo-trì" TUYỆT-ĐỐI KHÔNG miễn-trừ chốt này.
 ---
 ## Bản-đồ artifact (engine SE)
 | Cấu phần | Artifact | Nấc |
 |---|---|---|
 | PHẦN A — hot-mem auto-archive | `scripts/memory-archive-gate.ps1` + `.claude/agent-memory/memory-budget.json` (`archive_gate` params) + `session-end.md §L.b` | mechanized DRY-RUN planner + convention trigger (no-OS-hook) |
 | PHẦN B — derived→canonical + freshness | luật B1 (dưới) + `scripts/governance-detectors.ps1` (C2 staleness) | detector mechanized + fix gated qua người |
 | PHẦN C — 3 grep detector | `scripts/governance-detectors.ps1` (C1/C2/C3 + C4 self-exclusion + C5 resolve-condition) | mechanized NO-API, DÒ+FLAG-only |
 | PHẦN D — orchestration | doc này (3-tier + 1-direction) + `session-start.md`/`session-end.md`/`ultra-on.md` cadence + `hmw.js` checkpoint | mix mechanized + convention |
 | Canonical state (nguồn-chuẩn) | `docs/STATUS.md` CURRENT STATE table | — |
 ---
 ## PHẦN A — Hot-mem auto-archive by budget (🟡 TAILORED)
 SE-present từ Harness-9 (L2 archive byte-exact + `_INDEX` substring-pointer + gist). Harness-11 thêm 3 tham-số chống-thrash + standing-gate:
 - **A1 byte-gate @session-end** — `memory-archive-gate.ps1` đo byte mỗi `agent-memory/<sub>/MEMORY.md` vs cap. (Trigger = `session-end.md §L.b` convention người-kích — engine no-OS-hook.)
 - **A2 additive MOVE** — bản-cũ-nhất → `archive/<YYYY-MM>.md`, NEVER overwrite (runtime-proven `h910-curate`: +N -0 byte-exact).
 - **A3 `_INDEX` pointer-only** — 1 dòng/bản-ghi, con-trỏ substring sha-keyed (`memory-budget.json:19`).
 - **A4 hysteresis** — dồn tới DƯỚI `low_watermark = 0.85 × cap` (không dừng ở vạch). [param `archive_gate.low_watermark_ratio`]
 - **A5 keep-floor** — luôn giữ ≥ `keep_floor_entries` (5) bản-ghi gần nhất, không vét sạch.
 - **A6 2-strike** — chỉ ĐỀ-XUẤT dồn khi over-cap ở 2 lần kiểm liên-tiếp (`strike_threshold`), chống alert-fatigue.
 - **A7 NO-API L1-eval** — sau dồn: (i) resolve-con-trỏ (mọi pointer `_INDEX` grep-định-vị được trong archive) + (ii) byte-0-loss (tổng trước = sau). grep + measure only, KHÔNG API.
 > 🟡 Con-số (cap 25600, 0.85, 5, 2) = TAILOR. SE chọn DRY-RUN planner (in kế-hoạch + người duyệt) thay auto-move — vì move = đụng memory canonical (D6/D9, không tự-ghi).
 ## PHẦN B — Derived-doc TRỎ canonical, KHÔNG copy (🔴 FUNCTION-FLOOR)
 - **B1 — derived TRỎ canonical:** tài-liệu-dẫn-xuất (`CLAUDE.md` root/docs, `skills/*/SKILL.md`, `agents/README`) KHÔNG copy volatile-token (mig#·test#·gotcha#·table#·bundle-hash·model) — **TRỎ `docs/STATUS.md`** (canonical). Lý-do: một-chỗ-đổi-N-chỗ-drift = nguồn drift #1 (chứng-minh sống: root CLAUDE.md kẹt mig 53 qua S70-S74).
 - **B2 — giữ readability:** dữ-kiện-ổn-định (tech-stack, module-table, convention) GIỮ inline đọc-được; CHỈ pointer cái HAY-đổi (tránh pointer-soup). Exemplar sẵn: `docs/PROJECT-MAP.md` (0 count-token, 241 dòng).
 - **B3 — freshness-DETECT:** `governance-detectors.ps1` (detector C2) grep volatile-token derived vs canonical → FLAG lệch (KHÔNG tự sửa).
 - **B4 — fix GATED qua người:** FLAG → em-main xem diff → ghi (single-writer). KHÔNG đường tự-ghi-thẳng. (Mechanized backstop: git-diff commit-gate + run-folder TRACKED.)
 ## PHẦN C — 3 bộ dò grep tất-định (🔴 FUNCTION-FLOOR MANDATE)
 Tất cả ở `scripts/governance-detectors.ps1` — NO-API (grep/measure only), **DÒ+NÊU-CỜ-only** (không tự sửa). Chạy @session-start (D1) báo cờ.
 - **C1 broken-pointer** — grep ref nội-bộ (gotcha #N > max · `[[wikilink]]` target thiếu) → FLAG dangling.
 - **C2 derived-staleness** (= B3) — count-token derived vs STATUS canonical (+ cross-check disk: mig = `ls Migrations/*.cs` excl Designer/Snapshot; gotcha = max `### N.` trong gotchas.md) → FLAG mismatch + 'canonical-itself-stale' nếu STATUS lệch disk.
 - **C3 vocab-fork** — alias-set (seed: `wave-folder↔run-trace`, `Dự trù PRO↔Ngân sách PRO`, `two-tier↔all-inherit`) → FLAG khi ≥2 biến-thể cùng sống.
 - **C4 self-line exclusion** 🔴 — detector loại path tự-mô-tả (`governance-detectors.ps1`, `harness-11-engine.md`, `broadcasts/**`, `runs/**`) TRƯỚC khi FLAG → 0 self-match.
 - **C5 resolve-condition** 🔴 — mỗi FLAG kèm `resolve: <điều-kiện-gỡ-cờ>`. 2-strike anti-repeat = convention em-main áp (detector stateless per-run; KHÔNG over-claim mechanized-2-strike cho detector).
 ## PHẦN D — Engine điều-phối (🔴 FUNCTION-FLOOR)
 ### D.1 — Bảng-nhịp 4-lớp (SE-present, cadence-file)
 - **D1 session-start = DÒ+BÁO** — `session-start.md §2.1.1` monitor RE-REPORT + §2.1.2 budget-audit + **chạy `governance-detectors.ps1` báo cờ** (KHÔNG sửa). INFORM-only.
 - **D2 session-end = BẢO-TRÌ+archive** — `session-end.md §L` (byte-gate A + harvest-GATE 5-trục + gác-cờ chưa xử-lý).
 - **D3 per-turn = chắt-lọc-APPEND** — harvest-LIỀN sau mỗi fan-out (`ultra-on.md` P3, C4 primary), qua em-main.
 - **D4 threshold = workflow-gate** — chạm hệ-trọng → bắt qua Workflow (`hmw.js:76` checkpoint THROW = mechanized tripwire). run-id = bằng-chứng.
 ### D.2 — Tách-an-toàn 3-tầng (🔴 NHÃN-HOÁ EXPLICIT — đây là chuẩn-hoá H11)
 > 🧪 **Phép-thử-ranh-giới tất-định:** hỏi "thao-tác này có git-diff vô-hại-ngữ-nghĩa không?" → CÓ = tầng AUTO; chạm prose/luật/con-trỏ/thẩm-quyền/copy = tầng DÒ+FLAG. KHÔNG tin nhãn "máy-móc thôi mà" — xét git-diff THẬT.
 | Tầng | Cái gì | Đường-đi |
 |---|---|---|
 | **D5 — AUTO (semantic-null)** | dồn-archive ADDITIVE (byte-0-loss) · dựng-lại `_INDEX` · APPEND-chắt-lọc gist · đo-byte | tự-động OK (có A7 NO-API gate bảo-chứng) |
 | **D6 — DÒ + NÊU-CỜ** | mọi thứ chạm prose/luật/con-trỏ-mục/thẩm-quyền/copy-chéo (3 detector C + monitor H1/H2) | chỉ FLAG → em-main soạn bản sửa (KHÔNG nhánh tự-ghi) |
 | **D7 — OWNER-APPROVE** | đổi-luật · đổi-thẩm-quyền · ghi-lan derived · đổi-tên-khái-niệm · nâng-guard chính-thức | anh (project-owner) duyệt trước hiệu-lực |
 ### D.3 — Bốn chốt chống-tự-hỏng
 - **D8 khoá-chiều 1-CHIỀU** 🔴 (codify mới H11) — DÒ chỉ đi **canonical → derived** (bắt derived cũ). **TUYỆT-ĐỐI KHÔNG** lấy giá-trị từ derived ghi ngược canonical. (Vd: detector đọc STATUS so root CLAUDE.md; KHÔNG bao giờ đọc root CLAUDE.md ghi vào STATUS.)
 - **D9 chỉ-APPEND single-writer** 🔑 BAR-KHÔNG-HẠ — mọi ghi-bộ-nhớ = APPEND qua em-main; KHÔNG sub tự ghi đè memory-chính/luật. Mechanized: `store_memory` strip mọi sub (runtime S48 0/8) + hmw.js SCHEMA return-delta-only.
 - **D10 ghi qua file-tool only** — Write/Edit, KHÔNG shell-append (tránh mojibake/$-expansion = gotcha #61). hmw.js:111 cấm Bash-write MD. (convention — Bash residual chưa block cứng.)
 - **D11 archive = MOVE-không-XOÁ** — byte 0-loss (md5sum/grep-Fxf artifact `_ledger.md:14`).
 ---
 ## CAVEAT (trung-thực — đọc trước khi tự nhận "đã tự-bảo-trì")
 - **No-OS-hook:** detector + gate chạy TRONG thân session-start/end body do em-main kích — KHÔNG fully-autonomous. Đúng mức: **DÒ tự-động + toàn-diện; SỬA + GÁC dựa người-chủ-trì.**
 - **Auto-WRITE luật/copy = MỐI-NGUY #1, CỐ Ý CHƯA LÀM** — defer tới ≥2 sự-cố thật mà thủ-công thất-bại (hiện 0). Chọn nhánh chỉ-DÒ-NÊU-CỜ cho mọi thứ chạm luật/copy (1-sửa-sai → N-chỗ-sai + phá hash broadcast đóng-băng).
 - **Single-writer bar-không-hạ** — cám-dỗ "để nó tự sửa cho nhanh" phải dừng trước chốt D9.
 - **Detector = LƯỚI giảm-sót, KHÔNG khoá-cứng** — bắt @đầu/đóng-phiên (theo nhịp); giữa 2 nhịp có khoảng-mù. Phòng-thủ-nhiều-lớp, không bảo-đảm tuyệt-đối.
 - **Nấc dogfood:** A2/A3/D4/D9/D11 = SE runtime-mechanized SẴN (H11 = chuẩn-hoá). C1-C3 + B3 + memory-archive-gate = MỚI build S75. D5-D8 + B1 = nhãn-hoá/codify cái ngầm-có. Phân-định 'detector viết-thành-lệnh' (executed-file) ≠ 'đã chạy-quan-sát' (runtime).
--- a/scripts/governance-detectors.ps1
+++ b/scripts/governance-detectors.ps1
@ -0,0 +1,409 @@
 <#
 .SYNOPSIS
  governance-detectors.ps1 - Harness-11 PHAN C + B3 governance drift detectors.
 .DESCRIPTION
  NO-API, DETECT-and-FLAG-only grep net (Harness-11 mandate):
    (1) NO-API   - only Select-String + byte/file-exist measure. NEVER calls model/API.
    (2) FLAG-only - prints FLAGs, NEVER edits files (auto-WRITE of rules = top hazard, forbidden).
    (3) PowerShell 5.1 compatible. Run offline. ASCII-only script body (gotcha #30);
        target-file content is read -Encoding UTF8 so Vietnamese count-tokens
        (bay / bang / Du tru) match correctly.
    (5) DETECT-only LOWERING NET, not a hard build gate. Exit code always 0.
  Detectors:
    C2/B3 - derived-staleness : canonical counts from STATUS.md (cross-checked vs disk),
                                then derived docs scanned for stale count-tokens.
    C1    - broken-pointer    : (a) gotcha #N refs > max-gotcha or missing "### N." anchor
                                (b) dangling [[wikilink]] in user-memory / agent-memory.
    C3    - vocab-fork        : alias-sets where >=2 variants live side-by-side.
    C4    - self-line exclusion: pattern-describing files removed from every scan
                                 (else the detector self-matches).
  Each FLAG line:
    [DETECTOR] severity | file:line | description | resolve: <un-flag condition>   (C5)
 .PARAMETER RepoRoot
  Repo root. Default = resolved 2 levels up from this script (scripts/ -> repo root).
 .EXAMPLE
  powershell.exe -ExecutionPolicy Bypass -File scripts/governance-detectors.ps1
 #>
 param(
    [string]$RepoRoot = (Resolve-Path (Join-Path $PSScriptRoot '..')).Path
 )
 $ErrorActionPreference = 'Continue'
 # ---------------------------------------------------------------------------
 # Helpers
 # ---------------------------------------------------------------------------
 $script:FlagCount = 0
 function Write-Flag {
    param(
        [ValidateSet('HIGH', 'MED', 'LOW')] [string]$Severity,
        [string]$Where,        # file:line
        [string]$Desc,
        [string]$Resolve
    )
    $color = switch ($Severity) { 'HIGH' { 'Red' } 'MED' { 'Yellow' } default { 'Gray' } }
    Write-Host ("[DETECTOR] {0,-4} | {1} | {2} | resolve: {3}" -f $Severity, $Where, $Desc, $Resolve) -ForegroundColor $color
    $script:FlagCount++
 }
 function Write-Section($title) {
    Write-Host ''
    Write-Host ("===== $title =====") -ForegroundColor Cyan
 }
 # Make a path repo-relative for readable FLAG output (forward slashes).
 function Rel($full) {
    $r = $full
    if ($full.StartsWith($RepoRoot, [StringComparison]::OrdinalIgnoreCase)) {
        $r = $full.Substring($RepoRoot.Length).TrimStart('\', '/')
    }
    return ($r -replace '\\', '/')
 }
 # ---------------------------------------------------------------------------
 # Unicode-token builder (gotcha #30 mojibake guard).
 # This .ps1 is ASCII-only on disk. PowerShell 5.1 decodes a BOM-less .ps1 with
 # the system ANSI codepage (NOT UTF-8) when launched via -File, which corrupts
 # any inline Vietnamese literal (e.g. "bay" -> mojibake) so it can no longer
 # match correctly-decoded UTF-8 file content. We therefore build every
 # Vietnamese token from Unicode code points at RUNTIME -> encoding-independent.
 function U { param([int[]]$cp) -join ($cp | ForEach-Object { [char]$_ }) }
 # Vietnamese tokens used by detectors:
 $VN_BAY  = U @(0x62, 0x1EAB, 0x79)                                  # "bay" (gotcha synonym)
 $VN_BANG = U @(0x62, 0x1EA3, 0x6E, 0x67)                            # "bang" (table synonym)
 $VN_DUTRU_PRO  = U @(0x44, 0x1EF1, 0x20, 0x74, 0x72, 0xF9, 0x20, 0x50, 0x52, 0x4F)             # "Du tru PRO"
 $VN_NGANSACH_PRO = U @(0x4E, 0x67, 0xE2, 0x6E, 0x20, 0x73, 0xE1, 0x63, 0x68, 0x20, 0x50, 0x52, 0x4F) # "Ngan sach PRO"
 # ---------------------------------------------------------------------------
 # C4 - self-line exclusion (BUILT FIRST so every scan can apply it)
 # These files DESCRIBE the patterns the detectors look for; without exclusion
 # the detector would flag itself. Glob-style suffix/substring rules.
 # ---------------------------------------------------------------------------
 $ExcludeExact = @(
    (Join-Path $RepoRoot 'scripts\governance-detectors.ps1'),
    (Join-Path $RepoRoot 'docs\governance\harness-11-engine.md')
 ) | ForEach-Object { $_ -replace '/', '\' }
 $ExcludeDirFragments = @(
    '\broadcasts\inbox\',
    '\broadcasts\outbox\',
    '\.claude\workflows\runs\',
    '\.claude\workflows\scripts\'
 )
 function Test-Excluded($full) {
    $p = ($full -replace '/', '\')
    foreach ($ex in $ExcludeExact) { if ($p -ieq $ex) { return $true } }
    foreach ($frag in $ExcludeDirFragments) { if ($p -ilike "*$frag*") { return $true } }
    return $false
 }
 # Resolve which excluded paths actually exist on disk (for the audit line).
 $ExcludedActual = @()
 foreach ($ex in $ExcludeExact) { if (Test-Path $ex) { $ExcludedActual += $ex } }
 foreach ($frag in $ExcludeDirFragments) {
    $probe = Join-Path $RepoRoot ($frag.Trim('\'))
    if (Test-Path $probe) { $ExcludedActual += $probe }
 }
 # Gather governance MD set ONCE (docs/** + .claude/** *.md), minus excluded.
 function Get-GovernanceMd {
    $dirs = @((Join-Path $RepoRoot 'docs'), (Join-Path $RepoRoot '.claude'))
    $all = @()
    foreach ($d in $dirs) {
        if (Test-Path $d) {
            $all += Get-ChildItem -Path $d -Recurse -Filter *.md -File -ErrorAction SilentlyContinue
        }
    }
    return $all | Where-Object { -not (Test-Excluded $_.FullName) }
 }
 $GovMd = Get-GovernanceMd
 # ---------------------------------------------------------------------------
 # Canonical values from docs/STATUS.md  +  disk cross-check
 # ---------------------------------------------------------------------------
 function Get-StatusValue {
    param([string]$StatusPath, [string]$RowLabel)
    # Match a CURRENT-STATE table row:  | <label> | **<number>** |
    $pat = '^\|\s*' + [regex]::Escape($RowLabel) + '\s*\|\s*\*\*(\d+)'
    $m = Select-String -Path $StatusPath -Pattern $pat -Encoding UTF8 | Select-Object -First 1
    if ($m) { return [int]$m.Matches[0].Groups[1].Value }
    return $null
 }
 Write-Section 'C2/B3 - canonical resolve + disk cross-check'
 $statusPath = Join-Path $RepoRoot 'docs\STATUS.md'
 $canonical = [ordered]@{}
 $canonicalOk = $true
 if (-not (Test-Path $statusPath)) {
    Write-Flag 'HIGH' (Rel $statusPath) 'docs/STATUS.md not found - cannot resolve canonical counts' 'create docs/STATUS.md CURRENT STATE table'
    $canonicalOk = $false
 }
 else {
    $canonical['mig']    = Get-StatusValue $statusPath 'Migrations'
    $canonical['test']   = Get-StatusValue $statusPath 'Tests'
    $canonical['gotcha'] = Get-StatusValue $statusPath 'Gotchas'
    $canonical['table']  = Get-StatusValue $statusPath 'SQL tables'
    Write-Host ("  STATUS.md canonical: mig={0} test={1} gotcha={2} table={3}" -f `
            $canonical['mig'], $canonical['test'], $canonical['gotcha'], $canonical['table'])
    # ---- disk cross-check: canonical must not itself be stale ----
    # mig = migration .cs files (exclude *Designer.cs / *ModelSnapshot.cs), recursive
    #       so it survives Migrations/ vs Persistence/Migrations/ layout differences.
    $migDirs = Get-ChildItem -Path (Join-Path $RepoRoot 'src') -Recurse -Directory -Filter 'Migrations' -ErrorAction SilentlyContinue |
        Where-Object { $_.FullName -notmatch '\\(bin|obj|node_modules)\\' }
    $diskMig = 0
    foreach ($md in $migDirs) {
        $diskMig += (Get-ChildItem -Path $md.FullName -Filter *.cs -File -ErrorAction SilentlyContinue |
                Where-Object { $_.Name -notlike '*Designer.cs' -and $_.Name -notlike '*ModelSnapshot.cs' }).Count
    }
    # gotcha = highest N from "### N." headings in docs/gotchas.md
    $gotchasPath = Join-Path $RepoRoot 'docs\gotchas.md'
    $diskGotcha = $null
    if (Test-Path $gotchasPath) {
        $nums = Select-String -Path $gotchasPath -Pattern '^### (\d+)\.' -Encoding UTF8 |
            ForEach-Object { [int]$_.Matches[0].Groups[1].Value }
        if ($nums) { $diskGotcha = ($nums | Measure-Object -Maximum).Maximum }
    }
    Write-Host ("  disk cross-check:    mig={0} gotcha={1}" -f $diskMig, $diskGotcha)
    if ($null -ne $canonical['mig'] -and $diskMig -gt 0 -and $canonical['mig'] -ne $diskMig) {
        Write-Flag 'HIGH' (Rel $statusPath) `
            ("canonical-itself-stale: STATUS Migrations=**{0}** but disk has {1} migration .cs" -f $canonical['mig'], $diskMig) `
            ("re-ground STATUS.md Migrations row to {0}" -f $diskMig)
        $canonicalOk = $false
    }
    if ($null -ne $canonical['gotcha'] -and $null -ne $diskGotcha -and $canonical['gotcha'] -ne $diskGotcha) {
        Write-Flag 'HIGH' (Rel $statusPath) `
            ("canonical-itself-stale: STATUS Gotchas=**{0}** but docs/gotchas.md max anchor is {1}" -f $canonical['gotcha'], $diskGotcha) `
            ("re-ground STATUS.md Gotchas row to {0}" -f $diskGotcha)
        $canonicalOk = $false
    }
    if ($canonicalOk) {
        Write-Host '  [OK] canonical matches disk (mig + gotcha) - safe baseline for derived scan' -ForegroundColor Green
    }
 }
 # ---------------------------------------------------------------------------
 # C2/B3 - derived-staleness scan
 # Derived docs that summarize counts; each should match canonical OR be a pointer.
 # ---------------------------------------------------------------------------
 Write-Section 'C2/B3 - derived-doc staleness'
 # token-regex -> canonical key. Vietnamese tokens built from code points (ASCII source).
 $countPatterns = @(
    @{ Rx = '(\d+)\s*migration';                          Key = 'mig';    Label = 'migration' },
    @{ Rx = '(\d+)\s*test';                               Key = 'test';   Label = 'test' },
    @{ Rx = ('(\d+)\s*(?:' + $VN_BAY + '|gotcha)');       Key = 'gotcha'; Label = 'gotcha/bay' },
    @{ Rx = ('(\d+)\s*(?:' + $VN_BANG + '|table)');       Key = 'table';  Label = 'table/bang' }
 )
 $derivedDocs = @(
    'CLAUDE.md',
    'docs\CLAUDE.md',
    '.claude\skills\ef-core-migration\SKILL.md',
    '.claude\skills\README.md',
    '.claude\skills\dependency-audit-erp\SKILL.md'
 ) | ForEach-Object { Join-Path $RepoRoot $_ }
 foreach ($doc in $derivedDocs) {
    if (-not (Test-Path $doc)) { continue }
    if (Test-Excluded $doc) { continue }
    $lines = Get-Content -Path $doc -Encoding UTF8
    for ($i = 0; $i -lt $lines.Count; $i++) {
        $line = $lines[$i]
        # C2 FP-reduction (R2 refinement S75): per-item table rows + frozen-historical lines are NOT state-count claims
        if ($line -match '^\s*\|') { continue }
        if ($line -match '(?i)(baseline|\bS\d{2}\b|\(current\b)') { continue }
        foreach ($cp in $countPatterns) {
            $canon = $canonical[$cp.Key]
            if ($null -eq $canon) { continue }
            foreach ($m in [regex]::Matches($line, $cp.Rx)) {
                $pre = $line.Substring([Math]::Max(0, $m.Index - 12), [Math]::Min(12, $m.Index))
                if ($pre -match '(?i)(core|\.net|react|vite|node|mig|phase|session|version)\s*$') { continue }  # version/ordinal token, not a state-count
                $postIdx = $m.Index + $m.Length
                $post = $line.Substring($postIdx, [Math]::Min(10, $line.Length - $postIdx))
                if ($cp.Key -eq 'test' -and $post -match '^\s*project') { continue }  # "N test project" = project count, not test count
                $n = [int]$m.Groups[1].Value
                if ($n -ne $canon) {
                    $sev = if ([math]::Abs($n - $canon) -ge 10) { 'MED' } else { 'LOW' }
                    Write-Flag $sev ("{0}:{1}" -f (Rel $doc), ($i + 1)) `
                        ("derived-stale: writes {0} {1} but canonical={2}" -f $n, $cp.Label, $canon) `
                        ("update to {0} OR replace with pointer '-> docs/STATUS.md'" -f $canon)
                }
            }
        }
    }
 }
 Write-Host '  (note: count-token grep is a soft net - module-local phrases like "4 bang Budget" / "71 test (Phase 8)" can false-positive; treat LOW sev as review-not-fail)' -ForegroundColor DarkGray
 # ---------------------------------------------------------------------------
 # C1 - broken-pointer: gotcha #N refs
 # ---------------------------------------------------------------------------
 Write-Section 'C1 - broken gotcha-ref'
 $maxGotcha = $canonical['gotcha']
 $gotchasPath = Join-Path $RepoRoot 'docs\gotchas.md'
 $gotchaAnchors = @{}
 if (Test-Path $gotchasPath) {
    Select-String -Path $gotchasPath -Pattern '^### (\d+)\.' -Encoding UTF8 |
        ForEach-Object { $gotchaAnchors[[int]$_.Matches[0].Groups[1].Value] = $true }
 }
 if ($null -eq $maxGotcha -or $gotchaAnchors.Count -eq 0) {
    Write-Host '  [skip] no canonical max-gotcha or no anchors parsed - cannot validate gotcha refs' -ForegroundColor DarkGray
 }
 else {
    # Match "gotcha #N", "gotcha N", and bare "#N" tokens.
    $refRx = '(?:gotcha[s]?\s*#?(\d+))|(?<![A-Za-z0-9])#(\d+)'
    foreach ($f in $GovMd) {
        $lines = Get-Content -Path $f.FullName -Encoding UTF8
        for ($i = 0; $i -lt $lines.Count; $i++) {
            foreach ($m in [regex]::Matches($lines[$i], $refRx)) {
                $num = if ($m.Groups[1].Success) { [int]$m.Groups[1].Value } else { [int]$m.Groups[2].Value }
                $isGotchaWord = $m.Groups[1].Success
                # bare "#N": only treat as gotcha-ref candidate when N is in gotcha numeric range
                # to avoid PR/issue/run numbers. gotcha-word form always validated.
                if (-not $isGotchaWord) {
                    if ($num -le 0 -or $num -gt ($maxGotcha + 50)) { continue }
                    # bare #N with N <= maxGotcha and anchor exists -> fine, skip silently
                    if ($num -le $maxGotcha -and $gotchaAnchors.ContainsKey($num)) { continue }
                    # bare #N > maxGotcha is ambiguous (could be Run #312) -> skip to avoid noise
                    if ($num -gt $maxGotcha) { continue }
                }
                if ($num -gt $maxGotcha) {
                    Write-Flag 'MED' ("{0}:{1}" -f (Rel $f.FullName), ($i + 1)) `
                        ("broken-gotcha-ref: cites #{0} but max gotcha is {1}" -f $num, $maxGotcha) `
                        'fix the number or add the gotcha to docs/gotchas.md'
                }
                elseif ($isGotchaWord -and -not $gotchaAnchors.ContainsKey($num)) {
                    Write-Flag 'LOW' ("{0}:{1}" -f (Rel $f.FullName), ($i + 1)) `
                        ("broken-gotcha-ref: 'gotcha #{0}' has no '### {0}.' anchor in gotchas.md" -f $num) `
                        'fix ref or create the missing gotcha anchor'
                }
            }
        }
    }
 }
 # ---------------------------------------------------------------------------
 # C1 - broken-pointer: dangling [[wikilink]]  (user-memory + agent-memory)
 # ---------------------------------------------------------------------------
 Write-Section 'C1 - dangling wikilink'
 # user-memory dir (outside repo). Derive from this machine's project slug; if not
 # reachable, fall back to in-repo agent-memory only + emit a note.
 $userMemDir = 'C:\Users\pqhuy\.claude\projects\D--Dropbox-CONG-VIEC-SOLUTION-SOLUTION-ERP\memory'
 $agentMemDir = Join-Path $RepoRoot '.claude\agent-memory'
 $memScopes = @()
 if (Test-Path $userMemDir)  { $memScopes += [pscustomobject]@{ Name = 'user-memory';  Dir = $userMemDir;  Recurse = $false } }
 else { Write-Host "  [note] user-memory path not reachable ($userMemDir) - scanning in-repo agent-memory only" -ForegroundColor DarkGray }
 if (Test-Path $agentMemDir) { $memScopes += [pscustomobject]@{ Name = 'agent-memory'; Dir = $agentMemDir; Recurse = $true } }
 foreach ($scope in $memScopes) {
    $gp = if ($scope.Recurse) {
        Get-ChildItem -Path $scope.Dir -Recurse -Filter *.md -File -ErrorAction SilentlyContinue
    } else {
        Get-ChildItem -Path $scope.Dir -Filter *.md -File -ErrorAction SilentlyContinue
    }
    # Build the set of existing target basenames in this scope.
    $targets = @{}
    foreach ($g in $gp) { $targets[$g.BaseName] = $true; $targets[($g.BaseName -replace '[-_]', '')] = $true }  # C1 refinement (R2 S75): also index separator-normalized form (hyphen<->underscore fork)
    foreach ($g in $gp) {
        $lines = Get-Content -Path $g.FullName -Encoding UTF8
        for ($i = 0; $i -lt $lines.Count; $i++) {
            foreach ($m in [regex]::Matches($lines[$i], '\[\[([a-z0-9_-]+)\]\]')) {
                $tgt = $m.Groups[1].Value
                if (-not ($targets.ContainsKey($tgt) -or $targets.ContainsKey(($tgt -replace '[-_]', '')))) {
                    Write-Flag 'LOW' ("{0}/{1}:{2}" -f $scope.Name, $g.Name, ($i + 1)) `
                        ("dangling-wikilink: [[{0}]] -> {0}.md not found in {1}" -f $tgt, $scope.Name) `
                        'fix the link target or create the file (note: hyphen vs underscore basename fork is common)'
                }
            }
        }
    }
 }
 # ---------------------------------------------------------------------------
 # C3 - vocab-fork
 # ---------------------------------------------------------------------------
 Write-Section 'C3 - vocab-fork'
 # Seed alias-sets (hard-coded from audit; extend over time). Vietnamese variants
 # built from code points so the .ps1 stays ASCII-only (gotcha #30) yet matches
 # correctly-decoded UTF-8 content.
 $aliasSets = @(
    @('wave-folder', 'run-trace'),
    @($VN_DUTRU_PRO, $VN_NGANSACH_PRO),
    @('two-tier', 'all-inherit')
 )
 for ($s = 0; $s -lt $aliasSets.Count; $s++) {
    $variants = $aliasSets[$s]
    $perVariantFiles = @{}
    foreach ($v in $variants) { $perVariantFiles[$v] = New-Object System.Collections.Generic.List[string] }
    foreach ($f in $GovMd) {
        $content = Get-Content -Path $f.FullName -Raw -Encoding UTF8
        if ($null -eq $content) { continue }
        foreach ($v in $variants) {
            if ($content -match [regex]::Escape($v)) {
                $perVariantFiles[$v].Add((Rel $f.FullName)) | Out-Null
            }
        }
    }
    $liveVariants = @($variants | Where-Object { $perVariantFiles[$_].Count -gt 0 })
    if ($liveVariants.Count -ge 2) {
        $detail = ($liveVariants | ForEach-Object { "{0}={1}f" -f $_, $perVariantFiles[$_].Count }) -join ' vs '
        $sample = ($liveVariants | ForEach-Object {
                $first = $perVariantFiles[$_] | Select-Object -First 2
                "'$_' in [$($first -join ', ')]"
            }) -join ' | '
        Write-Flag 'MED' 'multiple files' `
            ("vocab-fork: $detail live side-by-side -- $sample") `
            'merge to ONE canonical term, or record an alias-map in docs/governance'
    }
 }
 # ---------------------------------------------------------------------------
 # Summary + C4 self-exclusion audit (RUNTIME proof)
 # ---------------------------------------------------------------------------
 Write-Section 'Summary'
 # Confirm 0 self-match: the detector script must never appear in the scanned set.
 $selfPath = (Join-Path $RepoRoot 'scripts\governance-detectors.ps1') -replace '/', '\'
 $selfInScan = @($GovMd | Where-Object { ($_.FullName -replace '/', '\') -ieq $selfPath }).Count
 # (governance-detectors.ps1 is .ps1 not .md so never in $GovMd; this asserts the
 #  invariant explicitly. Also assert none of the excluded dirs leaked in.)
 $leaked = @($GovMd | Where-Object { Test-Excluded $_.FullName }).Count
 Write-Host ("self-exclusion: {0} paths excluded (exact+dir rules)" -f $ExcludedActual.Count)
 foreach ($e in $ExcludedActual) { Write-Host ("  - excluded: {0}" -f (Rel $e)) -ForegroundColor DarkGray }
 Write-Host ("self-match check: governance-detectors.ps1 in scan = {0} ; leaked excluded files in scan = {1}" -f $selfInScan, $leaked)
 if ($selfInScan -eq 0 -and $leaked -eq 0) {
    Write-Host '  [OK] 0 self-match (C4 satisfied)' -ForegroundColor Green
 } else {
    Write-Host '  [!] self-exclusion LEAK - investigate Test-Excluded rules' -ForegroundColor Red
 }
 Write-Host ''
 Write-Host ("TOTAL FLAGS: {0}" -f $script:FlagCount) -ForegroundColor Cyan
 Write-Host 'NOTE: DETECT-only lowering net. Exit 0 always (never fails build). FLAGs are advisory.' -ForegroundColor DarkGray
 exit 0
--- a/scripts/memory-archive-gate.ps1
+++ b/scripts/memory-archive-gate.ps1
@ -0,0 +1,289 @@
 # memory-archive-gate.ps1 - Harness-11 PART-A (S73, 2026-06-18)
 # Mechanized standing-gate for agent-memory hot-tier (L1 MEMORY.md).
 #
 # NON-NEGOTIABLES (Harness-11):
 #   (1) NO-API  : grep/Select-String + byte/file-exist ONLY. NEVER calls a model.
 #   (2) FLAG-ONLY: DRY-RUN by default. Prints a PLAN + FLAGS. Does NOT move/edit
 #                  any MEMORY.md or archive file. (auto-WRITE of rules = top hazard.)
 #   (3) PS 5.1   : ASCII-only output (gotcha #30). powershell.exe -ExecutionPolicy Bypass -File
 #
 # WHAT IT DOES (two independent passes):
 #   PLANNER (A1/A4/A5/A6) : for each <sub>/MEMORY.md, measure bytes; if over cap,
 #                           plan how many oldest entries to MOVE to get BELOW the
 #                           low-watermark (hysteresis), never draining below a
 #                           keep-floor of newest entries; gate the *proposal* behind
 #                           a 2-strike counter persisted to .archive-strikes.json.
 #   A7 L1-GATE  (NO-API)  : for each <sub>/archive/_INDEX.md, verify every
 #                           substring:"..." pointer resolves (SimpleMatch) inside the
 #                           sub's archive/*.md, and that referenced archive files
 #                           exist + size>0. Prints PASS/FAIL.
 #
 # TAILORING NOTE (Harness-11 PART-A = 'tailorable'): see header comment block at the
 # bottom marked [TAILOR] for the simplifications made vs the maximal spec.
 #
 # Usage:
 #   powershell.exe -ExecutionPolicy Bypass -File scripts\memory-archive-gate.ps1
 #   powershell.exe -ExecutionPolicy Bypass -File scripts\memory-archive-gate.ps1 -Apply   (records strikes; STILL no file moves)
 param(
    [string]$RepoRoot = "$PSScriptRoot\..",
    [switch]$Apply = $false
 )
 $ErrorActionPreference = 'Stop'
 # ---- resolve paths --------------------------------------------------------
 $memRoot = Join-Path $RepoRoot '.claude\agent-memory'
 $budgetPath = Join-Path $memRoot 'memory-budget.json'
 $strikePath = Join-Path $memRoot '.archive-strikes.json'
 if (-not (Test-Path $memRoot))   { Write-Error "agent-memory root not found: $memRoot"; exit 1 }
 if (-not (Test-Path $budgetPath)){ Write-Error "memory-budget.json not found: $budgetPath"; exit 1 }
 # ---- load tunables from budget.json (archive_gate block) ------------------
 $budget = Get-Content $budgetPath -Raw | ConvertFrom-Json
 $gate = $budget.archive_gate
 if ($null -eq $gate) { Write-Error "memory-budget.json missing 'archive_gate' block (Harness-11 PART-A)"; exit 1 }
 $cap        = [int]$gate.autoinject_cap_bytes      # A1: over this => over-cap
 $lowMark    = [int]([math]::Floor($cap * [double]$gate.low_watermark_ratio))  # A4: drain target
 $keepFloor  = [int]$gate.keep_floor_entries        # A5: never auto-drain below N newest
 $strikeNeed = [int]$gate.strike_threshold          # A6: consecutive over-cap runs before proposing
 # ---- strike-counter state (A6) -------------------------------------------
 # Stateless script => persist a tiny counter file (additive, NOT a memory file).
 # Only mutated under -Apply so DRY-RUN is side-effect-free.
 $strikes = @{}
 if (Test-Path $strikePath) {
    try {
        $raw = Get-Content $strikePath -Raw | ConvertFrom-Json
        foreach ($p in $raw.PSObject.Properties) { $strikes[$p.Name] = [int]$p.Value }
    } catch { $strikes = @{} }
 }
 # ---- helpers --------------------------------------------------------------
 # Entry boundaries in a hot MEMORY.md = lines matching one of:
 #   ^##    (h2)   |  ^### (h3)  |  ^---  (separator)
 # Count of such markers approximates entry count (A5 keep-floor uses this).
 function Get-EntryMarkerLineNumbers([string[]]$lines) {
    $idx = @()
    for ($i = 0; $i -lt $lines.Count; $i++) {
        if ($lines[$i] -match '^(#{2,3}\s|---\s*$)') { $idx += $i }
    }
    return ,$idx
 }
 # ---- header ---------------------------------------------------------------
 $mode = if ($Apply) { "APPLY (records strikes; NO file moves)" } else { "DRY-RUN (no writes at all)" }
 Write-Output "============================================================"
 Write-Output " memory-archive-gate.ps1  -  Harness-11 PART-A"
 Write-Output " mode        : $mode"
 Write-Output " cap         : $cap bytes (autoinject_cap)"
 Write-Output " low-water   : $lowMark bytes (A4 hysteresis drain target = ratio $($gate.low_watermark_ratio))"
 Write-Output " keep-floor  : $keepFloor newest entries (A5)"
 Write-Output " strike-need : $strikeNeed consecutive over-cap runs to PROPOSE (A6)"
 Write-Output "============================================================"
 # ==========================================================================
 # PASS 1 - PLANNER (A1 measure / A4 hysteresis / A5 keep-floor / A6 strike)
 # ==========================================================================
 Write-Output ""
 Write-Output "### PASS 1 - hot-tier over-cap planner (FLAG ONLY, no moves)"
 Write-Output ""
 $dash = [string]([char]45)   # '-' as a value, never a bare token (PS 5.1 treats '--' runs as decrement op)
 Write-Output ("{0,-24} {1,9} {2,5} {3,10} {4,7} {5,12} {6}" -f 'sub','bytes','over?','entries','strike','after-est','resolve')
 Write-Output ("{0,-24} {1,9} {2,5} {3,10} {4,7} {5,12} {6}" -f ($dash*24),($dash*9),($dash*5),($dash*10),($dash*7),($dash*12),($dash*7))
 $subDirs = Get-ChildItem -Path $memRoot -Directory | Sort-Object Name
 $anyOver = $false
 foreach ($d in $subDirs) {
    $sub = $d.Name
    $mem = Join-Path $d.FullName 'MEMORY.md'
    if (-not (Test-Path $mem)) { continue }
    $bytes = (Get-Item $mem).Length            # A1
    $isOver = $bytes -gt $cap
    $lines = Get-Content $mem
    $markers = Get-EntryMarkerLineNumbers $lines
    $entryCount = $markers.Count
    # --- A6 strike bookkeeping ---
    $prev = if ($strikes.ContainsKey($sub)) { [int]$strikes[$sub] } else { 0 }
    if ($isOver) {
        $cur = $prev + 1
    } else {
        $cur = 0   # reset on a clean run (consecutive-only)
    }
    if ($Apply) { $strikes[$sub] = $cur }
    if (-not $isOver) {
        # Under cap: one tidy line, nothing to plan.
        Write-Output ("{0,-24} {1,9} {2,5} {3,10} {4,7} {5,12} {6}" -f $sub, $bytes, 'no', $entryCount, $cur, '-', 'ok')
        continue
    }
    $anyOver = $true
    # --- A4 hysteresis + A5 keep-floor : how many OLDEST entries to move? ---
    # Move oldest entries one-by-one; estimate bytes-after by cutting at the
    # marker line of the FIRST entry we keep. Stop when est < lowMark, but never
    # let kept-entries drop below keepFloor.
    $moveCount = 0
    $afterEst = $bytes
    $warnFloor = $false
    if ($entryCount -le $keepFloor) {
        # Already at/under floor but still over cap => cannot auto-drain.
        $warnFloor = $true
        $afterEst = $bytes
    } else {
        # markers[k] = line index where entry (k) starts. Keeping entries
        # [k..end] means the kept region begins at byte offset of markers[k].
        # Bytes-after = total - (bytes before markers[k]).
        for ($move = 1; $move -le ($entryCount - $keepFloor); $move++) {
            $cutLine = $markers[$move]    # first KEPT entry starts here (0-based line idx)
            # bytes of the moved prefix = sum of (line length + 1 newline) for lines [0..cutLine-1]
            $prefixBytes = 0
            for ($li = 0; $li -lt $cutLine; $li++) { $prefixBytes += ($lines[$li].Length + 2) } # +2 ~ CRLF est
            $est = $bytes - $prefixBytes
            $moveCount = $move
            $afterEst = $est
            if ($est -lt $lowMark) { break }
        }
        # If we exhausted the movable range and still >= lowMark, floor was hit.
        if ($afterEst -ge $cap -and $moveCount -eq ($entryCount - $keepFloor)) { $warnFloor = $true }
    }
    # --- A6 gate the resolution wording on the strike count ---
    if ($warnFloor) {
        $resolve = "WARN keep-floor hit ($keepFloor); cannot auto-drain - SPLIT/condense entries by hand"
    } elseif ($cur -ge $strikeNeed) {
        $resolve = "PROPOSE archive (strike $cur>=$strikeNeed): move $moveCount oldest -> curate L1->L2 by hand"
    } else {
        $resolve = "WATCH (strike $cur<$strikeNeed): re-run; propose only after $strikeNeed consecutive over-cap"
    }
    Write-Output ("{0,-24} {1,9} {2,5} {3,10} {4,7} {5,12} {6}" -f $sub, $bytes, 'YES', $entryCount, $cur, "~$afterEst", $resolve)
 }
 if (-not $anyOver) {
    Write-Output ""
    Write-Output "  (no sub over cap - hot tier within auto-inject budget)"
 }
 # Persist strikes under -Apply (additive counter file, NOT a memory file).
 if ($Apply) {
    ($strikes | ConvertTo-Json) | Set-Content -Path $strikePath -Encoding ASCII
    Write-Output ""
    Write-Output "  [A6] strikes persisted -> $strikePath"
 } else {
    Write-Output ""
    Write-Output "  [A6] DRY-RUN: strike counters NOT persisted (run with -Apply to advance strikes)"
 }
 # ==========================================================================
 # PASS 2 - A7 NO-API L1-GATE : pointer-resolve + byte-sanity on EXISTING archive
 # ==========================================================================
 Write-Output ""
 Write-Output "### PASS 2 - A7 archive-integrity gate (NO-API: grep + measure only)"
 Write-Output ""
 $gateTotalPtr = 0
 $gateOkPtr = 0
 $gateFailPtr = 0
 $anyArchive = $false
 foreach ($d in $subDirs) {
    $sub = $d.Name
    $archDir = Join-Path $d.FullName 'archive'
    $indexPath = Join-Path $archDir '_INDEX.md'
    if (-not (Test-Path $indexPath)) { continue }   # only subs with a built index
    $anyArchive = $true
    # all archive content files (exclude the index itself)
    $contentFiles = Get-ChildItem -Path $archDir -Filter *.md | Where-Object { $_.Name -ne '_INDEX.md' }
    Write-Output "  [$sub] _INDEX.md + $($contentFiles.Count) archive file(s)"
    # (ii) byte-sanity: every archive content file exists + size>0
    foreach ($cf in $contentFiles) {
        if ($cf.Length -le 0) {
            Write-Output ("    BYTE-FAIL  {0} is 0 bytes" -f $cf.Name)
            $gateFailPtr++
        }
    }
    # Pre-load every archive content file as UTF-8 (gotcha #30: PS 5.1 Get-Content
    # defaults to ANSI codepage and MANGLES Vietnamese diacritics / em-dash / arrows,
    # which made byte-identical pointers falsely FAIL. Force UTF-8 on BOTH sides.)
    $utf8 = New-Object System.Text.UTF8Encoding($false)
    $haystacks = @{}
    foreach ($cf in $contentFiles) {
        $haystacks[$cf.Name] = [System.IO.File]::ReadAllText($cf.FullName, $utf8)
    }
    # (i) pointer-resolve: extract every substring token (substring:QUOTE...QUOTE) and
    #     locate it literally (String.Contains = SimpleMatch) in ANY archive file.
    $indexText = [System.IO.File]::ReadAllText($indexPath, $utf8)
    $indexLines = $indexText -split "`r?`n"
    $subPtrCount = 0; $subOk = 0; $subFail = 0
    foreach ($line in $indexLines) {
        # skip blockquote legend/convention lines (e.g. the '> Pointer style ...
        # substring:"<unique-string>"' template); those document the format, they
        # are not real record pointers.
        if ($line -match '^\s*>') { continue }
        # robust across all 3 formats (bullet / table / arrow) - just grab the quoted payload
        $m = [regex]::Matches($line, 'substring:"([^"]+)"')
        foreach ($match in $m) {
            $needle = $match.Groups[1].Value
            $subPtrCount++; $gateTotalPtr++
            # literal substring search across ALL archive content files for this sub
            $found = $false
            foreach ($k in $haystacks.Keys) {
                if ($haystacks[$k].Contains($needle)) { $found = $true; break }
            }
            if ($found) {
                $subOk++; $gateOkPtr++
            } else {
                $subFail++; $gateFailPtr++
                $q = [char]34
                Write-Output ("    PTR-FAIL   substring not found in archive/*.md : {0}{1}{0}" -f $q, $needle)
            }
        }
    }
    $verdict = if ($subFail -eq 0) { "PASS" } else { "FAIL" }
    Write-Output ("    -> {0}  pointers {1}  resolved {2}  failed {3}" -f $verdict, $subPtrCount, $subOk, $subFail)
 }
 if (-not $anyArchive) {
    Write-Output "  (no sub has archive/_INDEX.md yet - nothing to gate)"
 }
 Write-Output ""
 Write-Output "------------------------------------------------------------"
 $overallA7 = if ($gateFailPtr -eq 0) { "PASS" } else { "FAIL" }
 Write-Output (" A7 GATE {0}  -  total pointers {1}, resolved {2}, failed {3}" -f $overallA7, $gateTotalPtr, $gateOkPtr, $gateFailPtr)
 Write-Output "------------------------------------------------------------"
 # Exit non-zero only on A7 integrity failure (broken pointer / 0-byte archive).
 # Over-cap is a FLAG (not an error) - the gate reports, a human curates.
 if ($gateFailPtr -gt 0) { exit 2 } else { exit 0 }
 # ==========================================================================
 # [TAILOR] Harness-11 PART-A simplifications (honest record):
 #   * bytes-after-est uses (line.Length + 2) as a CRLF-aware estimate per moved
 #     line; it is an ESTIMATE for the plan, not a real cut. The "~" prefix in the
 #     after-est column flags it as approximate. (Real bytes only known post-move,
 #     which the gate deliberately never performs.)
 #   * Entry boundary = first of (^##, ^###, ^---). MEMORY.md files here are h2-only
 #     today (verified S73), so marker-count == entry-count in practice; the regex
 #     also tolerates h3/HR-delimited files.
 #   * A6 strike state is a flat {sub: int} JSON. Reset-to-0 on any clean run =>
 #     "consecutive over-cap" semantics. Requires 2 real runs (-Apply) to reach the
 #     PROPOSE nudge by design (the spec "runtime needs 2 runs" note).
 #   * A7 resolves the substring against ALL archive/*.md for the sub (not just the
 #     arrow-named file) because the 3 _INDEX formats name the target differently
 #     (reviewer arrow / cicd arrow-then-substr / inv-codebase q-shorthand table).
 #     A unique substring landing anywhere in the sub's frozen archive == resolved.
 # ==========================================================================