vietreport-admin/solution-erp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: vietreport-admin:c3ee6cb326d7be680809ecb7fcd13ba3a2ad32d5
Branches Tags
vietreport-admin:main
...
compare: vietreport-admin:main
Branches Tags
vietreport-admin:main

33 Commits
c3ee6cb326 ... main

Author SHA1 Message Date
pqhuy1987
f0e616fd5a [CLAUDE] Docs: S78 closeout — PE attach-file khi duyet (Run #330) + gotcha #71 + cicd flush 
STATUS/HANDOFF tier +S78 (bundle CsJetgZH/BVS0ApIm, no migration, test 354 unchanged) + trim S75 row. gotcha #71 (them enum value vao entity dung-chung -> pollute UI/guard proxy-predicate supplierId===null). session log S78. cicd-monitor MEMORY self-flush Run #330. curate-debt carry: reviewer 45.2KB + cicd 38.8KB + inv 35.7KB keep-floor-hit (archive-gate A7 PASS 186/186). Docs-only -> CI skip.
 2026-06-19 19:32:41 +07:00
pqhuy1987
7886fd03dd [CLAUDE] PurchaseEvaluation: nguoi duyet dinh kem file khi DUYET (reuse attachment Purpose=ApprovalAttachment, no migration)
All checks were successful
Deploy SOLUTION_ERP / build-deploy (push) Successful in 4m56s
Details 
Modal Duyet them picker multi-file -> upload TRUOC khi chuyen phase (file loi/>20MB = throw, khong duyet). File hien o muc 'File dinh kem khi duyet' (download/preview) trong Panel quy trinh, gan ten nguoi tai + thoi gian. Fix 2 filter dung supplierId=null lam proxy Bang-so-sanh (banSoSanhAttachments + submit-guard) loai purpose=5 tranh lan section + false-pass. FE 2 app SHA-identical. authz: approver upload duoc (handler khong guard drafter-only). Test 354 PASS, no migration. UAT Tra Sol / 5 tester.
 2026-06-19 16:46:37 +07:00
pqhuy1987
095fb492cd [CLAUDE] Docs: S77 closeout — PE UX batch 10 deploy (#320->#329) + Mig 57 + test 354 + flush agent-memory 
Closeout buoi san pham lon (anh Kiet FDC + Tra Sol + Bich Phuong, HMW-mode ON): 10 deploy prod-verified #320->#329, 10/10 cicd PASS. STATUS + HANDOFF + session log 2026-06-19-S77. State: Mig 56->57 (AddPeSuggestedPriceNotes) · test 344->354 (+10) · bundle cuoi BqKD3Y23/Cn-i349D · 88 tables · gotcha 70. Viec: co GAP pill moi danh sach+inbox · focus->revert list · Mig 57 ghi chu gia de xuat PRO/CCM + so phan cach + chinh ta + guard #70 · so am do-ngoac · muc con thut-gach · co gap GAN=NV/GO=Truong phong bat-doi-xung · tach chon-phieu(inline) khoi mo-rong(overlay)+nut Xem mo rong · chuong bao nguoi duyet · banner Tra-lai. 3 loi em tu bat review-truoc-deploy (guard#70 · asymmetric · double-mount). FD process-death Task H->recover-disk. Flush 5 sub-agent MEMORY (self-flush khi return). CARRY: curate L1 over-cap reviewer 45KB+cicd 37.6KB+inv 35.6KB keep-floor-hit manual (archive-gate A7 GATE PASS 186/186). Docs+memory only -> CI skip (gotcha #41).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-19 15:55:45 +07:00
pqhuy1987
e823694202 [CLAUDE] FE: PE phieu Tra lai them banner huong dan gui duyet lai (che do Xem)
All checks were successful
Deploy SOLUTION_ERP / build-deploy (push) Successful in 4m50s
Details 
Bich Phuong hoi 'chi Tra tra ve thi bam nop lan 2 cho nao'. Phieu Tra lai o che do XEM (readOnly) khong co nut 'Luu & Gui Duyet' (nut do chi hien khi Sua) -> NV khong biet gui lai. Them banner amber khi phase==TraLai && readOnly: huong dan ra danh sach -> ✏️ Sua (but chi) -> dieu chinh -> 'Luu & Gui Duyet ->' o cuoi phieu; ly do tra lai xem o Lich su. Khop dung cau tra loi cua anh cho Bich Phuong. FE-only, 2 app SHA256-identical PeDetailTabs. Build PASS x2.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-19 15:38:15 +07:00
pqhuy1987
424131d0b1 [CLAUDE] PurchaseEvaluation: chuong bao nguoi duyet khi phieu vao cap cua ho (submit + moi cap)
All checks were successful
Deploy SOLUTION_ERP / build-deploy (push) Successful in 4m48s
Details 
Tra Sol (Zalo): 'khong thay chuong bao - viec co ho so can duyet'. PE workflow truoc chi notify DRAFTER luc terminal; nguoi DUYET khong duoc bao khi phieu toi cap cua ho. Fix: block trong LogTransitionAsync (sau drafter-notify) - khi toPhase==ChoDuyet, resolve approver cap hien tai (workflow.Steps[CurrentWorkflowStepIndex].Levels Order==CurrentApprovalLevelOrder -> ApproverUserId OR-of-N, exclude actor) -> NotifyManyAsync Generic 'Phieu can ban duyet'. Fire moi luc phieu vao cap ChoDuyet: submit (cap 1) + moi approve-advance (cap ke) - 5 call-site advance deu log toPhase=ChoDuyet sau khi set pointer (verified). Best-effort try/catch (notify fail KHONG rollback transition). V2-only guard. Bell render Generic san (urgent->CEO da chung minh). BE-only, no-mig. Build slnx 0/0, test 354 PASS (khong vo transition cu). Notify = test-after (UAT).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-19 15:22:44 +07:00
pqhuy1987
fa6654b8f4 [CLAUDE] FE: PE tach chon-phieu (inline 3-panel nhu cu) khoi mo-rong (overlay) + nut Xem mo rong moi dong
All checks were successful
Deploy SOLUTION_ERP / build-deploy (push) Successful in 4m47s
Details 
anh (annotate 2026-06-19): bam dong phieu = xem thuong inline 3-panel NHU CU; them nut 'Xem mo rong' (Maximize2) goc moi dong -> overlay full-man. Param ?expand=1 tach khoi ?id: click row=select (wide: inline 3-panel / narrow <lg: overlay vi 3-panel khong vua man); 'Xem mo rong'=id+expand; Thu gon/Esc/backdrop=bo expand GIU id (ve inline); Dong/duyet/xoa=clear ca 2 (ve list). Overlay render khi id&&expand; inline detail khi id&&!isExpand. em-main review them !isExpand guard vao 2 panel inline -> tranh double-mount PeDetailTabs/PeWorkflowPanel phia sau overlay (intent comment co nhung code sot). Giu tree 4 tang + PeUrgentChips + overlay a11y (slide/Esc/focus-trap). FE-only, 2 app SHA256-identical. Build PASS x2.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-19 14:57:10 +07:00
pqhuy1987
b5aa72d005 [CLAUDE] PurchaseEvaluation: co gap GAN=NV chuc nang / GO=chi Truong phong (DeptManager) bat doi xung
All checks were successful
Deploy SOLUTION_ERP / build-deploy (push) Successful in 4m48s
Details 
Tra Sol + anh Kiet (Zalo chot 14:25): tranh NV khac lo tay go co cua nguoi da gan. Handler SetPurchaseEvaluationUrgent gate BAT DOI XUNG theo IsUrgent: GAN (true) = role chuc nang (Procurement->do / CostControl->xanh / Admin->ca 2); GO (false) = role chuc nang + DeptManager (Truong phong) hoac Admin. FE PeDetailTabs nut toggle gate theo trang thai hien tai (da gap->can quyen GO; chua gap->can quyen GAN) → an nut GO voi NV thuong. Test PeUrgentToggleAuthzTests rewrite asymmetric (354 PASS 0 fail). FE 2 app SHA256-identical. Build slnx 0-err.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-19 14:42:08 +07:00
pqhuy1987
e29391ec9e [CLAUDE] FE: PE bang ngan sach muc con thut dong + gach dau dong (phan biet muc co so / khong so)
All checks were successful
Deploy SOLUTION_ERP / build-deploy (push) Successful in 4m39s
Details 
Tra Sol + anh Kiet (Zalo, annotate anh do): muc con (khong co so) thut vao + gach dau dong '–' de phan biet voi muc cha co so (1-9). BudgetRow +indent prop (pl-5 + dash span). Ap dung: Block A '– Ngan sach Ban hanh lan dau' + '– Ngan sach V0/hieu chinh tang giam' (con cua Ngan sach full); Block B '– Gia tri ky nay' + '– So sanh voi ngan sach ky nay' + '– So voi NS' + '– So sanh voi Ngan sach full'. Muc 1-9 giu cap cha. FE-only, 2 app SHA256-identical PeDetailTabs. Build PASS x2.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-19 14:24:48 +07:00
pqhuy1987
e42d103694 [CLAUDE] FE: PE bang ngan sach so am -> do + ngoac (...) hang 7/8/9 dong bo hang so sanh
All checks were successful
Deploy SOLUTION_ERP / build-deploy (push) Successful in 4m45s
Details 
Tra Sol (Zalo): cai nao la so am thi ngoac + mau do. Hang 7 (Ngan sach con lai) / 8 (Gia tri thuc hien du kien con lai) / 9 (Gia tri tong thuc hien du kien) dang dung fmtVnd (dau tru, mau mac dinh) -> chuyen sang fmtVndSigned (ngoac '(abs) d' cho so am, da co san) + span text-red-600 khi <0; dong bo voi cac hang 'So sanh' (cmpPeriod/cmp56/cmpFull da do+ngoac tu truoc). FE-only, 2 app SHA256-identical PeDetailTabs. Build PASS x2.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-19 14:17:19 +07:00
pqhuy1987
94e0e12f77 [CLAUDE] PurchaseEvaluation: Mig 57 ghi chu gia de xuat PRO/CCM + so phan cach VND + sua chinh ta + guard #70
All checks were successful
Deploy SOLUTION_ERP / build-deploy (push) Successful in 4m52s
Details 
Theo Tra Sol + anh Kiet FDC (Zalo): A) o nhap tien VndInlineEdit + BudgetCell nhay phan cach vi-VN (300.000.000) on-keystroke (o dialog da co san). B) them o ghi chu PRO + CCM canh nut Luu trong khoi Gia de xuat (giai thich vi sao chon Min/Max) — Mig 57 AddPeSuggestedPriceNotes (+ProSuggestedPriceNote +CcmSuggestedPriceNote nvarchar(1000) null, additive no-backfill no-table); 2 setter command +Note absolute-set rides role-gate PRO/CCM/Admin; DTO +2 field; controller body +note. C) sua chinh ta 'd. Ban so sanh' -> 'd. Bang so sanh gia' (2 app). GUARD gotcha #70: o gia + ghi chu echo nhau absolute-set -> them peFetching khoa nut Luu toi khi pe-detail refetch land, tranh stale-echo mat du lieu (mirror bang ngan sach S76; em-main review bat impl-frontend sot guard). BE slnx 0-warn 0-err; FE build PASS x2; test 344->351 (+7); PeDetailTabs/PeWorkspaceCreateView 2 app SHA256-identical.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-19 14:08:45 +07:00
pqhuy1987
3b98845976 [CLAUDE] FE: PE tra danh sach ve layout goc (bam trai lap day) + giu focus overlay bam phieu
All checks were successful
Deploy SOLUTION_ERP / build-deploy (push) Successful in 4m40s
Details 
anh Kiet/Tra Sol UAT: list state dang canh giua (max-w-5xl) trong 2 ben -> tra ve bo cuc goc 8e68ed1: grid lg:[400px_1fr_360px], list bam trai + 2 placeholder panel lap day man hinh, KHONG canh giua. Giu nguyen focus overlay S78 (bam phieu -> overlay truot tu phai che het menu+list; Duyet/Thu gon/Esc -> dong ve danh sach). <lg single-col compact. 2 app SHA256-identical. FE-only, 0 BE, 0 migration. Build PASS x2. Recover tu agent process-death (edit hoan chinh tren disk, em-main build-verify + mirror fe-admin).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-19 13:53:11 +07:00
pqhuy1987
398b01d0a6 [CLAUDE] FE: PE che do tap trung duyet phieu (overlay truot phai, an menu+list) + responsive laptop nho
All checks were successful
Deploy SOLUTION_ERP / build-deploy (push) Successful in 4m40s
Details 
Bam phieu -> focus overlay (fixed inset-0 z-50) truot tu phai, che menu+TopBar+list rail; phieu full-width tu cuon + panel duyet ben canh (stack xuong duoi tren man nho). Thu gon/Esc/backdrop HOAC Duyet (chi forward-approve; Tra lai/Tu choi giu overlay) -> dong ve danh sach. List state = panel giua mx-auto max-w-5xl, giu cay 4 tang + PeUrgentChips + search/filter/SLA. Responsive lg-pivot (flex-col stack <lg, flex-row >=lg), compact laptop nho, KHONG dong cham man hinh to (anh: 'man to OK roi'). PeWorkflowPanel +onApproved (wasReject byte-mirror isReject). 2 app SHA256-identical. a11y role=dialog/Esc/focus-trap/scroll-lock/reduced-motion. FE-only, 0 BE, 0 migration. Build PASS x2. Note: backend down luc design -> live authed verify sau deploy.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-19 13:28:26 +07:00
pqhuy1987
8e68ed1892 [CLAUDE] FE: PE co gap PILL (do PRO / xanh CCM) dong bo moi danh sach + inbox
All checks were successful
Deploy SOLUTION_ERP / build-deploy (push) Successful in 4m46s
Details 
Surface co gap GAP tren MOI danh sach phieu de CEO/nguoi duyet thay urgency ngay tren danh sach khong can mo phieu (anh Kiet FDC). Cay danh sach: emoji -> pill labeled. Khung 'Danh sach phieu' cho duyet (Workspace + picker) + inbox 'phieu cho toi duyet': them pill (truoc day thieu). NEW PeUrgentChips.tsx single-source-of-truth (style khop badge detail S69) x2 app. FE-only, 0 BE, 0 migration — DTO da co IsUrgentByPro/Ccm tu S69 Mig 53. Build PASS x2.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-19 12:31:08 +07:00
pqhuy1987
8f780b6237 [CLAUDE] Docs: S76 closeout — PE ngan sach ma tran 3 cot + bang luoi + badge quyen-NS 
STATUS/HANDOFF (Mig 55->56, test 339->344, gotcha 69->70, bundle jOqxW4-p/DbsznVvR
Run #319, Phase +S76, In Progress->Recently Done) + gotcha #70 (FE absolute-set echo
stale-echo data-loss -> useIsFetching gate) + ef-core skill Mig 56 row + session log
2026-06-19-S76 + agent-memory harvest (impl-FE stray->canonical + 4 sub diary).
Curate-debt carry: reviewer 45KB + inv-codebase 35KB keep-floor-hit manual-condense.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-19 11:44:34 +07:00
pqhuy1987
21d1f4ec43 [CLAUDE] FE: PE ngan sach Block A -> bang luoi <table> vien o giong Excel (anh phan hoi)
All checks were successful
Deploy SOLUTION_ERP / build-deploy (push) Successful in 4m46s
Details 
Anh: "giao dien van chua chia cot dung, muon giong file Excel". Block A dang dung
flex + spacing (khong co vien doc chia cot) -> chuyen sang <table border-collapse>
vien o day du: header [Khoan muc | Du an | PRO | CCM] + 5 hang (full / ban hanh /
hieu chinh / ghi chu PRO / ghi chu CCM). BudgetCell xep doc (input full o + nut Luu
duoi) cho vua cot. BudgetNoteRow -> BudgetNoteCell (td colSpan=3). Mirror
fe-user/fe-admin identical. FE-only, build 2 app PASS.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-19 11:28:18 +07:00
pqhuy1987
e33481efb6 [CLAUDE] PurchaseEvaluation: Mig 56 ngan sach MA TRAN 3 cot (Du an|PRO|CCM) + badge quyen NS theo role
All checks were successful
Deploy SOLUTION_ERP / build-deploy (push) Successful in 4m57s
Details 
S76 (anh Kiet FDC + chi Tra Sol) — form ngan sach + hien thi quyen nhap NS trong flow:
- Part 1: form ngan sach -> MA TRAN 3 cot, moi phong nhap+dieu chinh cot minh
  (PRO canEditPro / CCM canEditCcm / Du an FE hien-thi-only). Mig 56
  +ProInitialAmount/ProAdjustmentAmount (additive-nullable + data-migrate
  ProEstimate->ProInitial). full moi cot = ban hanh + hieu chinh.
- Part 2: Workflow Designer (fe-admin) +badge "NS PRO/CCM" canh approver
  (suy tu role Admin|Procurement / Admin|CostControl, hien-thi-only no-authz).
- Part 3: flow quy trinh fe-user/fe-admin (Duyet NCC) +badge tuong tu.
- Fix race mat-du-lieu Part 1 (useIsFetching khoa Luu khi refetch — dong
  cua-so stale-echo, reviewer Part2/3 bat).
- Test 339->344 (+5). 2 workflow review (Part 1 PASS + Part 2/3 PASS).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-19 11:02:47 +07:00
pqhuy1987
70c13d4ac8 [CLAUDE] Docs: S75 closeout — Harness-11 adopt (STATUS/HANDOFF/session-log) 
- STATUS: Last-updated S75 + In Progress + Recently Done (5-Workflow adap, completeness-gate ĐẠT) + user-memory 28→29
- HANDOFF: Last-updated S75 + S75 brief (5 Workflow run-id + NEXT restart-CLI/curate)
- session log 2026-06-18-S75-harness-11-adopt.md (full narrative)
- user-memory feedback_harness11_engine (engine + gotcha#30-via-Edit + multi-workflow-verify + git-add-specific; outside repo)
- 0 production code; state THẬT giữ nguyên (Mig 55 · 88 bảng · 339 test · gotcha 69)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-18 23:11:24 +07:00
pqhuy1987
aa09e99061 [CLAUDE] Docs: dọn 2 scratch file DA1-reviewer trong h11-doublecheck run-folder
All checks were successful
Deploy SOLUTION_ERP / build-deploy (push) Successful in 5m6s
Details 
- _patch.py + _scratch-det.ps1 = scratch của DA1 over-suppression-test (Bash-residual, read-only sub vẫn ghi qua shell) — git add -A lỡ sweep vào ae957c4
- KHÔNG phải run-trace artifact (run.md/synthesis là canonical) → remove
- Bài học: git add file cụ-thể / dọn run-folder scratch trước commit (feedback_rag_mcp_recovery_concurrency)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-18 23:02:06 +07:00
pqhuy1987
ae957c4e35 [CLAUDE] Docs: Harness-11 double-check ×2 + finalize report (anh giao)
Some checks failed
Deploy SOLUTION_ERP / build-deploy (push) Has been cancelled
Details 
- DOUBLE-CHECK wf_a0b68d2f-30e (3× reviewer): committed-state e70c046 PASS — B1 ×11 exact, root CLAUDE.md:53 tail byte-identical, broadcasts hash recompute khớp, single-writer clean. Over-suppression regression CLEAN: DA1 no-return → em-main self-gate fake-drift "99 migration" CAUGHT (runtime) + DA2/DA3 độc-lập confirm
- CHECKLIST-VERIFY wf_39cd4cbe-f07 (3× investigator-codebase): completeness-gate H11 FORMAL ĐẠT — B 4/4 + C 5/5 + D 11/11 đủ-trọn (function-floor MET), A 🟡 tailored; D5/D6/D7 explicit + D8 one-direction codify = YES
- detector refine: +C2 "test project" skip (27→26); tree-skip reverted (gotcha #30 box-glyph trap, kể cả qua Edit render-normalize); detector pure-ASCII verified
- agents/README "(pending)"→run-id; adap-report + outbox email +double-check section (hash 2316773229f2)
- 0 production code; state THẬT giữ nguyên (Mig 55 · 88 bảng · 339 test · gotcha 69 · bundle BYF5vIMJ/CB-tiRxd)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-18 23:01:10 +07:00
pqhuy1987
e70c0462d7 [CLAUDE] Docs: adopt Harness-11 engine tự-bảo-trì (3-workflow audit→implement→review) 
- engine-doc canonical docs/governance/harness-11-engine.md (PHẦN A/B/C/D + 3-tier D5/D6/D7 + one-direction-lock D8 + CAVEAT honest)
- scripts/governance-detectors.ps1 (C1 broken-pointer + C2/B3 staleness + C3 vocab-fork + C4 self-exclusion + C5 resolve, NO-API DÒ+FLAG-only, runtime-proven, FP-refined 59→27)
- scripts/memory-archive-gate.ps1 (PHẦN A: hysteresis 0.85 + keep-floor 5 + 2-strike + A7 NO-API L1-eval) + budget.json archive_gate
- B1 ×11 count→canonical-pointer (root CLAUDE.md, ef-core/dep-audit SKILL, skills/README, docs/CLAUDE.md) — drift mig53→55/test306→339/gotcha68→69 RESOLVED + ef-core +Mig 54/55 rows
- cadence-wire D1 session-start §2.1.3 + D2 session-end §L.b(c) + agents/README Upgrade S75
- run-trace TRACKED: audit wf_7fdc3bd5-930 / implement wf_c5e5844e-7c1 / review wf_d7ca1ff8-942 (REVIEW PASS, completeness-gate ĐẠT)
- check-email AI_INFRA harness-11 (verify whole-file 318ff9f6 + body b2a2fc1c) + adap-report + outbox report (body 7fa1b53a)
- 0 production code; state THẬT giữ nguyên (Mig 55 · 88 bảng · 339 test · gotcha 69 · menu 54 · bundle BYF5vIMJ/CB-tiRxd)

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-18 20:44:26 +07:00
pqhuy1987
462bfbc854 [CLAUDE] Docs: S74 closeout — Mig 55 PE "Ghi chú từ CCM" (STATUS/HANDOFF/session-log + agent-memory harvest) 
- STATUS + HANDOFF: S74 entry (Mig 55 CcmNote, test 334->339, "0 het CCM"=role-gate khong bug -> UAT bang CostControl/Admin)
- cicd Run #315 PASS ~4m54s: Mig 55 applied prod (CcmNote nvarchar 1000 nullable), sys.tables 88, smoke 4x200; bundle admin BYF5vIMJ / user CB-tiRxd
- session log 2026-06-18-S74-pe-ccm-note.md (chan doan + 2 fork + lessons)
- agent-memory harvest: implementer-frontend (FE mirror) + test-specialist (5 test §4b + L1 curate ->24.6KB + archive activity-s51-s52) + cicd-monitor (Run #315)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-18 19:15:45 +07:00
pqhuy1987
8655ebf1ba [CLAUDE] PurchaseEvaluation: Mig 55 ô "Ghi chú từ CCM" ngân sách gói thầu — CCM nhập số + ghi lý do giống PRO
All checks were successful
Deploy SOLUTION_ERP / build-deploy (push) Successful in 4m54s
Details 
- Entity PeWorkItemBudget +CcmNote (mirror ProNote, nvarchar 1000) + Mig 55 additive-nullable
- UpdatePeBudgetCcmCommand +CcmNote absolute-set, role-gate CostControl/Admin fail-closed
- DTO PeBudgetSummaryDto +CcmNote + controller BudgetCcmBody + GET mapping
- FE 2 app SHA-mirror: dòng "Ghi chú từ CCM" gate canEditCcm (sau V0/hiệu chỉnh), absolute-set đủ 3 field
- Test +5 (set CCM/Admin, null-clear, non-priv Forbidden, all-3-persist) -> 339 pass

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
 2026-06-18 19:05:10 +07:00
pqhuy1987
e7e99d10f2 [CLAUDE] Docs: S73 closeout — Mig 54 PE gia de xuat + CCM duyet-done (STATUS/HANDOFF/session-log + review run-trace + agent-memory harvest) 
- STATUS/HANDOFF S73: Mig 54 · test 334 · bundle Bv3jUCNo/BWlMBQz6 (Run #313 feature + #314 fix)
- session log 2026-06-18-S73-pe-gia-de-xuat-ccm-done.md
- run-trace runs/2026-06-18-mig54-pe-review (custom-inline review, bu post-hoc) + _ledger 2 row (R1 schema 1/4 + R2 free-text 2/3)
- agent-memory flush 5 sub + reconcile implementer-frontend cwd-misland stray -> canonical

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-18 16:32:41 +07:00
pqhuy1987
6aa4dcb525 [CLAUDE] FE-User: PE khoa nut Xac nhan khi phai chon gia ma chua co gia nao (Mig 54 fix)
All checks were successful
Deploy SOLUTION_ERP / build-deploy (push) Successful in 5m12s
Details 
Empty-candidates edge: neu duyet cap cuoi ma priceCandidates rong, nut Xac
nhan van mo -> bam -> BE Conflict kho hieu. Khoa nut + giu message ro rang.
Phong-thu thuan (double-check xac nhan edge UNREACHABLE qua submit-guard
winnerQuoteTotal>0 :194) + sua mau thuan UX cu. fe-user/fe-admin SHA-identical
(4d6c89d9). 2 workflow review (Round1 schema 1/4 + Round2 free-text 2/3 PASS).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-18 16:21:31 +07:00
pqhuy1987
1d86abcdc5 [CLAUDE] PurchaseEvaluation: Mig 54 giá đề xuất PRO/CCM + CEO chọn giá chốt + CCM duyệt-done ô-tích
All checks were successful
Deploy SOLUTION_ERP / build-deploy (push) Successful in 5m22s
Details 
Theo note anh Kiệt FDC (go-live so-sánh-giá thứ Hai):
- (1) Giá chào thầu thêm giá đề xuất NGOÀI giá NCC: PRO nhập dải Min/Max +
  CCM nhập 1 giá (2 lệnh role-gate Procurement/CostControl, fail-closed).
  Khi duyệt cấp cuối, người duyệt CHỌN 1 giá chốt (Ncc/ProMin/ProMax/Ccm)
  -> luu ApprovedPriceAmount/Source (bind tai moi nhanh DaDuyet, bat buoc
  chon; auto-approve he thong mien).
- (3) CCM duyet-done mien CEO: DOI tu AUTO-threshold (S69) sang O-TICH-TAY
  (finalizeByCcmDelegation) -- CCM chu dong tich, fail-closed theo nguong
  + role + gia goi. An toan hon (khong vo tinh bo CEO).
- Mig 54 additive-nullable (5 cot PE) - FE 2 app SHA-mirror - test 306->334
  (+28: opt-in 6->11, +10 gia chot, +13 setter authz).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-18 15:51:39 +07:00
pqhuy1987
77ad219361 [CLAUDE] Docs: curate-watch — cicd-monitor L1 30123 OVER alongside investigator 28973 
cicd-monitor MEMORY write (Run #312 + gotcha #69) pushed it to 30123 > 25600 cap.
Correct HANDOFF/STATUS curate-watch: 2 subs OVER (investigator-codebase 28973 +
cicd-monitor 30123); next session §2.1.2 budget-audit re-measures + catches.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-18 14:19:23 +07:00
pqhuy1987
39d55d4402 [CLAUDE] Docs: correct live bundle hash + gotcha #69 (cicd Run #312 no-op verify) 
cicd-monitor verified Run #312 (commit 18fced6) = true no-op (306 / Mig 53 /
sys.tables 88 / health 4x200, DB untouched). BUT bundle ROTATED
BgNCjwsG/CBvh0vtf -> fc_xkNpJ/DP-tBcg0 despite 0 FE source change.

- gotcha #69: FE bundle hash non-deterministic + deploy.yml rebuilds FE
  unconditionally every run -> bundle rotates even on BE-only/governance commits.
  Corollary: SPA-fallback 200 trap (verify bundle via index.html refs+size, not
  direct GET of hash-named asset). "BE-only => frozen" invariant overturned.
- Correct STATUS/HANDOFF live bundle to fc_xkNpJ/DP-tBcg0; my prior "bundle
  frozen" claim was wrong (cosmetic rotation, prod state/DB unchanged).
- gotcha count 68 -> 69. cicd-monitor MEMORY updated (Run #312 + bundle pattern).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-18 14:17:43 +07:00
pqhuy1987
18fced6695 [CLAUDE] Workflow: adopt Harness-10 flat-refine + checklist-v2 + sleep-recovery-cmd (re-audit 3-workflow)
All checks were successful
Deploy SOLUTION_ERP / build-deploy (push) Successful in 5m16s
Details 
Re-audit Harness-8/9/10/10-refine + checklist v1/v2 + hmw vs canonical AI_INFRA
(mandate Harness-9 B1+B2): audit wf_13868efb-ea7 -> implement wf_ac43b5ff-7d1 ->
review wf_d482e10d-5dd. SE was BEHIND Harness-10 flat.

- run-trace SUBFOLDER->FLAT: hmw.js (:103 subMd + :52 schema + H4.5->H8 drift) +
  workflows/README full-rewrite + runs/README + session-start/end + agents/README
  Upgrade S72 + _ledger; 5 old S71 runs KEEP subfolder (C8 dual-accept). node --check OK.
- adopt 2 pending broadcasts (checklist-v2 + h10-flat-detector-refine).
- port /sleep-recovery-memory-l2 (A8, J2-tailored SE-only, floor intact, live skill).
- detector refine-b TAILORED-OUT (SE Workflow-tool no-CLI-bypass; containment
  git-diff+tracked+orphan-scan G-015).
- REVIEW (B2) caught 2 IMPLEMENT-self-assess missed (hmw.js:52 schema-stale +
  sleep-cmd auto-check un-wired overclaim) -> fixed (auto-check WIRED: budget.json
  +last_sleep_at + session-start/end INFORM). +3 minor fixed.
- em-main containment-check caught 1 reviewer residual-write (raw-Workflow no
  writeGuard) -> revert (reverse-finding #4). B3 self-correct: runs path 14->22.
- sleep-recovery-memory-l2 all = NO-OP (all periods already gisted). last_sleep_at set.

0 production code. State unchanged: Mig 53 / 88 tables / 306 test / 68 gotcha / menu 54
/ bundle BgNCjwsG/CBvh0vtf. adap-report + email ai_infra (5f511fe5c0f2).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-18 14:04:03 +07:00
pqhuy1987
4e4b5d47d1 [CLAUDE] Docs: S71 session-end §L closeout — E-009/AS-13 custom-workflow race + user-memory count 21->28 + H2/H1 GATE PASS 
Session-end 2 monitor: H2 harvest-GATE 5/5 PASS CLOSE-ELIGIBLE (5 run-folder harvest+ledger CLOSED, curate G1 0-byte-loss verified) + H1 tooling-CHOT 3-mat CLEAN + 1 drift fixed (user-memory 21->28). §L.a: AS-13 NEW (custom-workflow same-role MEMORY race) + E-009 RCA + Active-Guard + AS-1 recurrence note (2x git-add-A mitigated by pre-stage status-audit). 0 production code.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-18 10:13:36 +07:00
pqhuy1987
7875b39861 [CLAUDE] Docs: H-9+H-10+checklist FINALIZE double-check + G1 curate (anh: hoan chinh toan bo)
All checks were successful
Deploy SOLUTION_ERP / build-deploy (push) Successful in 5m23s
Details 
FINALIZE review wf_73de399d-753 (3 reviewer, R1/R2 no-StructuredOutput->self-gate, R3 thorough): audit 21 checklist item A1-A9/B1-B4/C1-C8 on-disk = 0 code-defect, adoption SOUND, 3 deferred-gap. Closed: G1 curate wf_f32987b8-03f (reviewer 36.7->24.8KB + investigator 29.8->23.2KB <25600 cap, archive +N -0 0-byte-loss, +reviewer-gist gen:2, budget.json re-measure) + G2 (2 stale user-memory claims) + G3 (feedback_harness10_run_trace.md new) + minor (gitignore check-ignore exit-trap corrected). Race root-cause fixed structurally. State unchanged (Mig 53/88 tables/306 test).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-18 10:06:28 +07:00
pqhuy1987
7436803db4 [CLAUDE] Docs: email ai_infra — Harness-9/10 checklist adopt report (3 run-id + 4 reverse-findings) 
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-18 09:19:11 +07:00
pqhuy1987
8c47bd0f0c [CLAUDE] Docs: adopt Harness-10 — tracked run-trace folder convention + checklist 9-10 (3-workflow invest/imple/review)
All checks were successful
Deploy SOLUTION_ERP / build-deploy (push) Successful in 5m36s
Details 
Migrate .claude/workflows/wave-*/ (gitignored) -> runs/<run-id>/ git-TRACKED (run.md+sub-md/+harvest/) + _ledger.md 2-beat + 3-layer anti-miss + containment model shift (B6 'any tracked-change=violation' -> 'tracked-change outside run-folder+code-disjoint=violation'). hmw.js wave->run-trace (accept args.run + alias). Review (R2+R3) caught C5 L1 over-claim -> fixed (em-main convention, engine no-fs). 3 run-id: wf_9c2cd2cd-2e7 / wf_e4e46725-231 / wf_636bc95b-939. 0 production code, state unchanged (Mig 53/88 tables/306 test/68 gotcha).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-18 09:15:51 +07:00
pqhuy1987
f3ad1a2ae0 [CLAUDE] Docs: flush root CLAUDE.md test count 263->306 + tree 58/128->45/261 (resolve H1 stale-flag) 
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 2026-06-18 09:12:11 +07:00
143 changed files with 32858 additions and 765 deletions
Expand all files Collapse all files

34
.claude/agent-memory/cicd-monitor/MEMORY.md
View File

File diff suppressed because one or more lines are too long

3
.claude/agent-memory/frontend-designer/MEMORY.md
View File

@ -43,10 +43,11 @@
- Minor noted (NOT fixed, out of bounded scope): 2 `blur-3xl` blobs barely visible at 1440 = render cost ~0 payoff; eyebrow `tracking-[0.2em]` heavy. Candidates if login redesign requested.
## Activity log
- **S79 (2026-06-19) PE list fe-user DECOUPLE chọn/mở-rộng (anh chốt, annotated screenshot):** `pages/pe/PurchaseEvaluationsListPage.tsx`. S78 cũ: bấm dòng = mở overlay full-bleed, 2 panel giữa/phải placeholder vĩnh viễn. S79 đổi: **bấm dòng = inline 3-panel detail "như cũ" (8e68ed1)** + thêm nút **"Xem mở rộng"** mỗi dòng overlay. Mechanism = param thứ-2 **`?expand=1`** cạnh `?id`: overlay render CHỈ khi `id && expand`; inline detail (panel giữa `<PeDetailTabs readOnly onBack=closeDetail>` + panel phải `<PeWorkflowPanel readOnly={!pendingMe} onApproved>`) render khi `id && !expand`. Handlers: `selectRow`=set id+clear expand (NHƯNG `<lg`/innerWidth<1024 set expand=1 đi thẳng overlay 3-panel không vừa) · `expandRow`=id+expand=1 · `collapseFocus`(Thu gọn/Esc/backdrop)=`setParam('expand',null)` GIỮ id (về inline, KHÔNG về list) · `closeDetail`(← Đóng/del)=clear id+expand list · `onApproved`=clear cả hai list (phiếu rời inbox). Overlay gate đổi `hasSelection``overlayActive=id&&expand`; Esc gọi collapseFocus (không closeFocus). Nút "Xem mở rộng" = `Maximize2` (lucide, import THÊM) icon-btn 7×7 góc phải-trên mỗi leaf row, `opacity-0 group-hover/row:opacity-100` + `opacity-100` khi selected, `title`+`aria-label`+brand focus-ring; leaf `<button>` bọc trong `<div className="group/row relative">` + `pr-9` chừa chỗ nút. **ALL logic VERBATIM** (grep ✓): 3 queryKey (`approval-workflows-v2-filter`/`pe-list`/`pe-detail`) · 3 endpoint (`/inbox`+paged+detail) · `del` mutation (onSuccess giờ clear id+expand thay `setParam`) · `yearGroups` 4-tầng tree memo · `PeUrgentChips` pill · search/filter/SLA/localStorage-expand. `PurchaseEvaluationDetailPage` route GIỮ. **slide+a11y S78 giữ NGUYÊN** (mount-rAF×2, role=dialog/aria-modal, focus-trap Tab-vòng, body scroll-lock, motion-reduce). `npm run build` (tsc -b strict + vite v8) **PASS 0 TS err, 570ms** (3 warning pre-existing). **FD2: static layout-shell harness** (backend :5443 down authed dev-rig blocked gotcha#3) Playwright 6 shot × 3 state: (a) inline 3-panel desktop1920+laptop1280 = list+PeDetailTabs giữa+PeWorkflowPanel phải, dòng-chọn nút Maximize2; (b) overlay 1920+1280 = full-bleed phiếu+panel cạnh; (c) mobile390 list (1-col, nút mở-rộng) + mobile390 overlay (stack). Read tất 6 PNG đúng hết, no overflow, pill+tree intact. Harness/driver/shots ĐÃ XÓA. Rubric PASS. fe-admin NOT mirrored (implementer-frontend SHA-mirror riêng), no BE, no commit. Tag [s79, pe-decouple-select-expand, expand-param, maximize2-row-btn, inline-restore-8e68ed1, lg-straight-overlay, collapse-keeps-id, logic-verbatim, build-pass, harness-fd2].
- **S69 (2026-06-17) OfficeDashboardPage.tsx fe-user E-Office landing, PURO HomePage, COMPOSES 3 shared widgets:** built `pages/office/OfficeDashboardPage.tsx` (~400 LOC) over EXISTING data hooks of 4 modules. Read-first: 3 ui widgets (exact prop sigs) + 4 source pages (ProposalsListPage/WorkflowAppsListPage/ItTicketsPage/MeetingCalendarPage) to harvest queryKey+endpoint + types + App.tsx routes. **Reused hooks verbatim** shared TanStack cache, ZERO new API/BE: `GET /proposals` (+inboxOnly query for needs-my-action) · `/leave|ot|travel-requests` (merged, countByStatus client-side) · `/it-tickets` · `/meeting-bookings` (today window). Layout = PageHeader(brand) + `lg:grid-cols-3` [LEFT col-span-2 = 4 WidgetCards w/ KpiCard filter-chip bodies | RIGHT col-span-1 = "Công việc của tôi" hero+MetricRows + "Thao tác nhanh" 3 buttons], 1-col <lg. **Routing insight (verified App.tsx):** đơn-từ + ticket have NO standalone `/new` route (creation in-page) quick-actions point at landings `/workflow-apps/leave` + `/it-tickets` (only `/proposals/new` is a real create route) so no link hits the `*` "chưa build" fallback. Per-widget graceful states: WidgetError(retry)/WidgetSkeleton(pulse, motion-reduce)/empty never blocks. a11y full (role=button+Enter/Space+focus-ring on clickables, reduced-motion). `npm run build` (tsc -b strict + vite v8) **PASS 0 TS err, 434ms** (only pre-existing @import-order + chunk-size + INEFFECTIVE_DYNAMIC_IMPORT warnings none from new file). Routing/menu NOT wired (next agent; page not yet in App.tsx). fe-admin NOT mirrored. FD2 authed-screenshot SKIP (ProtectedRoute + rig gotcha #3 verify via deploy). Tag [s69, office-dashboard, compose-3-widgets, reuse-hooks-shared-cache, no-new-be, routing-existing-only, build-pass].
- **S69 (2026-06-17) Văn phòng số / Đơn từ fe-user RE-SKIN (PURO + HRM visual lang) 2 file, CONSUMES shared ui (parallel fan-out, 7 agents same app):** surgical re-skin (KHÔNG rewrite) `pages/office/WorkflowAppsListPage.tsx` + `WorkflowAppDetailPage.tsx` (`:kind`-driven leave/ot/travel/vehicle via KIND_CONFIG). **LIST:** swap `@/components/PageHeader`(constrained)→`@/components/ui/PageHeader`(eyebrow "Văn phòng số · Đơn từ" / title từ KIND_CONFIG / icon per-kind / **accent teal**) + status filter = ROW 4 `ui/KpiCard` (Tất cả teal / Đã gửi duyệt amberx / Trả lại violet / Đã duyệt greenx, `grid-cols-2 sm:grid-cols-4`) + slate table chrome (thead uppercase 11px slate-500, hover teal-50). **Filter là CLIENT-SIDE view** added `useState<StatusFilter>` + 2 `useMemo` (counts + visibleItems) DERIVED over already-fetched `items`; **KHÔNG touch query/endpoint/queryKey/navigation** (page chỉ fetch `page:1` như , không filter-state sẵn nên thêm view-layer = thuần presentation; empty-state phân biệt "chưa data" vs "không đơn trạng thái này"). **DETAIL:** ui/PageHeader teal + 4 section dùng local `Card`(accent-rail pseudo `before:bg-{x}-500` + icon-chip) + `Field`(label uppercase `text-{x}-700`, value `text-brand-800`) copy idiom HRM EmployeesListPage (KHÔNG import HRM, helper local riêng). Accent gán: Thông tin=teal · Số phép=greenx · Quy trình=violet · Ý kiến=brand. Status badge giữ `WORKFLOW_APP_STATUS_BADGE`. Drop raw "⚠" emoji trong over-budget bannertext thuần (anti-slop FD3). **ALL data logic VERBATIM** (grep-verified): 2 query `[endpoint,id]`+`['approval-workflows-v2',applicableType]` (key/endpoint/`enabled` y nguyên) · 3 mutation pinWorkflow(PUT /workflow)/submit(POST /submit)/action(POST /{k}) body+onSuccess+invalidate identical · 3 state + flags isDraft/isInWorkflow/hasWorkflow + mọi onClick/nav target bất biến. **gotcha Tailwind-v4 stop:** dùng CHỈ -50/-500/-700 cho teal/violet/amberx/greenx (no -800) `border-l-greenx-500`/`bg-amberx-50`/`text-amberx-700` đều stop tồn tại (index.css verified). **Self-caught:** `SendHorizonal` (KpiCard "Đã gửi duyệt" icon) export-aggregation-line trong lucide d.ts đổi `Send` (proven-safe export) tránh alias-risk. Self-review: mọi import resolve, 0 unused local (noUnusedLocals strict) `Info`/`Wallet`/`GitBranch`/`MessageSquareText` đều dùng. **KHÔNG run npm build** (em main builds central, 7-agent parallel interference) + KHÔNG modify ui/index.css (other agents edit). FD2 authed-screenshot SKIP (ProtectedRoute + rig gotcha #3 verify via deploy). fe-admin NOT mirrored. Tag [s69, eoffice-donutu-reskin, puro-hrm-visual, consume-ui-pageheader-kpicard, client-side-filter-view, logic-verbatim, no-build-parallel-fanout, lucide-alias-dodge].
- **S66 (2026-06-16) HRM Hồ Nhân sự fe-user REFINE từ eoffice LIVE (3 việc) layout 3-cột2-cột + màu detail:** anh góp ý sau khi xem prod. **Việc 1 (layout):** 3-cột-ngang `[tree 244 | list 352 | detail 1fr]` **2-cột** `lg:grid-cols-[22rem_1fr] xl:[24rem_1fr]`: CỘT TRÁI = `<div flex flex-col gap-4>` ôm tree (TRÊN, `lg:max-h-[44%] lg:shrink-0`, overflow-auto) + list+filter (DƯỚI, `flex-1`, overflow-auto) mỗi panel cuộn độc lập; CỘT PHẢI = detail (flex-1, rộng hơn nhiều, đỡ chật). <lg vẫn 1-col treelistdetail + giữ nguyên `treeOpenMobile` toggle. **Việc 2+3 (màu detail):** thêm `ACCENT` map 5 tone (brand/teal/violet/amberx/greenx) `Card` prop `accent` icon-chip nền nhạt (`--chip-bg/--chip-fg`) + heading `text-{x}-700` + rail trái pseudo-element; `Field` label uppercase `text-{x}-700` semibold (was slate-400 đơn điệu) + value `font-medium text-slate-900`; mỗi card/section gán 1 accent màu nhưng tinh tế, brand #1F7DC1 + Be Vietnam Pro + avatar gradient brand GIỮ. **Strategy chống truncation #53 = ONE atomic `Write` cả file** (1556 LOC) emit change-list + build status SỚM. **2 self-caught bug TRƯỚC build:** (1) `text-{teal,violet,greenx}-800` accent palettes KHÔNG stop -800 (chỉ 50/100/500/600/700) Tailwind v4 silent no-class đổi head sang -700 (all AA on white); (2) rail pseudo thiếu `before:content-['']` ::before không render box thêm. `npm run build` (tsc -b strict + vite v8) **PASS 0 TS err, 495ms** (warning @import-order + chunk-size = pre-existing, không phải mình). **5 satellite CRUD + 15 satellite api endpoint + top-level del + 3 reads + 3 query keys (employees-list/employee-detail/departments-tree-hrm) + cây SOLUTION COMPANY + 5 tab + search/filter preserved VERBATIM** (grep: 15 satellite api.post/put/delete + 3 queryKey + 5 form fns; tsc type-checks mọi payload shape = wiring bất biến). FD2 authed-screenshot SKIPPED per task instruction + gotcha #3 (rig chặn authed ProtectedRoute; anh xem qua deploy) structural verify thay thế. fe-admin + BE NOT touched, no commit (em main commits). Tag [s66, hrm-2col-refine, eoffice-ref, accent-system, atomic-write-antitrunc, crud-preserved, build-pass, tailwind-v4-stop-gotcha].
- **S65 (2026-06-16) HRM Hồ Nhân sự fe-user 3-panel master-detail NamGroup-ref:** RESTRUCTURE `EmployeesListPage.tsx` (1201→~1140 LOC) 6 `<details>` [Org tree | List | Detail 5-tab]. **Strategy chống truncation #53 = ONE atomic `Write` (cả file)** thay piecemeal Edit (atomic Write either fully-lands or errors, KHÔNG half-break) emit change-list TRƯỚC build DID BOTH Part A (avatar header+5 tab+sectiontab redistribution) + Part B (org tree panel) trong 1 pass, không phải defer B. Org tree consume `/departments/tree` verified BE-side (DepartmentFeatures.cs DepartmentTreeNodeDto, controller `[HttpGet("tree")]`, class-Authorize only). Foundation màu mới DÙNG: `.app-gradient-brand` header / `.icon-chip` / accent palette teal/violet/amberx/greenx (avatar tones) brand #1F7DC1 + Be Vietnam Pro KEPT. **5 satellite CRUD + 16 api endpoint + query keys preserved VERBATIM** (grep-verified: 16 api.post/put/delete identical payload shape, 5 form fns intact). `npm run build` (tsc -b strict + vite) **PASS 0 TS err, 6.13s**. 1 self-caught bug: typo garbage token `网络Placeholder` trong lucide import (mojibake autocomplete) removed, all 21 icons valid (node-checked). FD2 authed-screenshot SKIPPED per explicit task instruction + gotcha #3 (rig blocks authed; anh xem qua deploy) did static structural verify instead (grep endpoint/key preservation). fe-admin NOT touched (mirror = separate pass), no commit. Tag [s65, hrm-3panel, namgroup-ref, atomic-write-antitrunc, crud-preserved, build-pass].
- **S58 (2026-06-11) fe-user redesign theo UI/UX guide AI_INFRA canonical KEEP brand [em main proxy truncated #53 giữa FD2 screenshot, 2nd consecutive]:** Mirror design-system fe-admin S55 14 file fe-user (index.css heading-ladder+.label-eyebrow / 6 ui primitives Button gần SHA-identical fe-admin chỉ khác comment / 6 shell DataTable+RowActions-additive·Layout-brand-left-rail·TopBar·PageHeader·PhaseBadge-ring·EmptyState / LoginPage polish). Rubric mới = guide 13 mục `D:\Dropbox\CONG_VIEC\AI_INFRA\docs\reference\ui-ux-design-guide.md` (density 14px/h32-34/radius-8/thead-sticky/action-luôn-hiện/no-font-bold). BRAND KEPT: #1F7DC1 + Be Vietnam Pro + slate (guide cho plug hue riêng). Chết NGAY TRƯỚC with_server.py screenshot /login em main recover: build ×2 PASS 0 TS + diff-review key-stability từng file + ship `e959f72`; authed visual qua deploy prod (rig-gotcha #3 standing). LESSON: 2 lần liên tiếp truncate CÙNG điểm (sau khi sửa xong, lúc bắt đầu FD2 rig) lần sau EMIT file-list verdict TRƯỚC khi vào screenshot loop. Tag [s58, fe-user-redesign, guide-aiinfra, keep-brand, truncated-53-proxy].
- **S55 (2026-06-09) Phase-1 fe-admin redesign density-first NAMGROUP-ref, KEEP brand [em main proxy designer truncated gotcha #53 trước build/MEMORY]:** Applied 14 file: index.css (density heading ladder semibold + `.label-eyebrow` 11px uppercase slate-500 + drop font-bold) + 6 ui primitives (Button `text-xs font-semibold rounded-lg` h-7/8/10 + brand focus-ring/70 variant/size keys STABLE 51 call-sites) + 6 shell (DataTable/Layout/TopBar/PageHeader/PhaseBadge/EmptyState) + DashboardPage (KPI card `rounded-lg border-slate-200` + `bg-brand-50` icon chip h-7w7 + uppercase tracking-wider label + brand accent bar). Brand #1F7DC1 + Be Vietnam Pro KEPT (NAMGROUP density = mượn cấu trúc, brand=ours). `npm run build` 0 TS err. **Visual loop BLOCKED** by authed-rig gotcha (3) above CHỈ chụp /login (polished, on-brand). em main recover: build + login-visual + diff-review (index.css/Button/DashboardPage high-quality, brand-consistent). User chọn commit+deploy login prod xem authed. Tag [s55, phase1-redesign, density-namgroup, keep-brand, authed-rig-blocked].
- **S55 (2026-06-09) Phase-1 fe-admin redesign density-first NAMGROUP-ref, KEEP brand** [em main proxy truncated #53]: 14 file (index.css density ladder + 6 ui primitive Button h-7/8/10 brand-ring + 6 shell + DashboardPage KPI). Brand #1F7DC1+Be Vietnam Pro KEPT. build 0 TS. Visual loop BLOCKED authed-rig#3 ch /login. S58 mirror sang fe-user. (detail archive nếu cần). Tag [s55, density-namgroup, keep-brand].
- **S47 (2026-06-02) FD2 RIG VERIFIED ✅** first real spawn. Ran full FD2 loop end-to-end on fe-user `/login`: read DS (Tailwind v4 CSS-first, corrected stale config-path assumption) started Vite via `with_server.py` Playwright screenshot 375+1440 Read PNGs FD4 critique 1-line contrast fix re-screenshot confirmed `npm run build` 0 TS error. Closes adap-report `2026-06-02-Agent-frontend-designer-floor` FD2 runtime proof. 2 Vite gotchas captured above. Loop is REAL, not theoretical.

5
.claude/agent-memory/implementer-backend/MEMORY.md
View File

@ -74,6 +74,8 @@ UI `disabled={!canX}` + BE helper `EnsureCanXAsync(id, userId)` throw 403 (NOT i
## 📅 Recent activity (FIFO — older → archive/git)
- **2026-06-19 (PE chuông báo approver BE — NO migration, 1 edit/1 file, em-main spec deterministic 100% → ACCEPT Case 1):** Tra Sol (Zalo) "không thấy chuông — việc có hồ sơ cần duyệt": approver Cấp hiện tại KHÔNG nhận notify khi phiếu ENTER/ADVANCE tới ChoDuyet (chỉ drafter báo terminal). FIX = +1 block trong `LogTransitionAsync` (PurchaseEvaluationWorkflowService.cs ~line 1058) NGAY SAU drafter-notify, KHÔNG endpoint mới (Pattern 4 — notify = side-effect của Submit/Approve-advance, cả 2 đã gọi LogTransitionAsync + end ChoDuyet). **Resolution mirror EXACT canonical** `EnsureActorInLevel` (line ~301): `db.ApprovalWorkflows.AsNoTracking().Include(Steps).ThenInclude(Levels)``stepsOrdered[CurrentWorkflowStepIndex]` (bounds-check) → `.Levels.Where(Order==CurrentApprovalLevelOrder && ApproverUserId!=Guid.Empty && !=actorUserId).Select(ApproverUserId).Distinct()``NotifyManyAsync(ids, Generic, "Phiếu cần bạn duyệt: {MaPhieu??TenGoiThau}", "Có phiếu Duyệt NCC đang chờ bạn duyệt.", /purchase-evaluations/{Id}, refId:Id, ct)`. **Recon:** (1) `ApprovalWorkflowLevel.ApproverUserId` = non-null `Guid` (NOT Guid?) → "exclude null" = `!=Guid.Empty` defensive (OR-of-N rows mỗi 1 NV). (2) `NotifyManyAsync` sig verified = `(IEnumerable<Guid>, NotificationType, title, string? desc, string? href, Guid? refId, CT)` khớp urgent-feature ref. (3) actor-exclude qua `!= actorUserId` (Guid != Guid? lift OK). **Guard V2-only:** `ApprovalWorkflowId is Guid && CurrentWorkflowStepIndex is int && CurrentApprovalLevelOrder is int` → V1/no-workflow skip. **Best-effort try/catch** nuốt lỗi (phiếu đã SaveChanges; notify fail KHÔNG rollback). Block đọc pointer SAU set → Submit (idx0/lvl1) + Approve-advance (pointer advance rồi LogTransition) đều fire đúng. Build SolutionErp.slnx (2 test project, gotcha #65) **0 warn 0 err**. KHÔNG test/FE/mig/commit. Tag `[pe-approver-bell, notify-many, log-transition-hook, no-mig, v2-only, best-effort-trycatch, pattern4-side-effect]`.
- **2026-06-19 (S77 PE +2 ghi-chú giá đề xuất BE — Mig 57 `AddPeSuggestedPriceNotes` 3-file, 6 edit/0 new file, COOKIE-CUTTER S73 suggested-price + S74 CcmNote, em-main CONTRACT-locked names 100% → ACCEPT Case 1):** PRO dải Min/Max + CCM 1 giá (S73) +ô GIẢI THÍCH vì-sao min vs max (anh Kiệt FDC + Tra Sol). 2 cột nullable, no table/index/backfill. (1) `PurchaseEvaluation.cs` +`string? ProSuggestedPriceNote`/`CcmSuggestedPriceNote` ngay sau CcmSuggestedPrice. (2) `PurchaseEvaluationConfiguration.cs` +`HasMaxLength(1000)` ×2 sau ApprovedPriceSource (KHÔNG index — free-text). (3) Mig: Up=2 AddColumn nvarchar(1000) nullable, Down=2 DropColumn, snapshot ×2 verified — clean mirror Mig 55. (4a) `UpdatePeSuggestedPriceProCommand` +trailing `string? Note=null` + validator `MaximumLength(1000)` MATCH-EF (S35) + handler **absolute-set** `pe.ProSuggestedPriceNote=request.Note` (null=clear, gia-đình text-field) + changelog part khi đổi. (4b) `UpdatePeSuggestedPriceCcmCommand` mirror + changelog suffix "(kèm ghi chú)". Role-gate KHÔNG đụng (Note gated y giá: Forbidden fail-closed TRƯỚC side-effect đã có). (5) Controller `SuggestedPriceProBody`/`CcmBody` +`string? Note` + pass `body.Note` vào cmd (4th/3rd positional). (6) `PurchaseEvaluationDetailBundleDto` +`ProSuggestedPriceNote`/`CcmSuggestedPriceNote` sau CcmSuggestedPrice + projection PEFeatures.cs positional-insert ĐÚNG order (DTO positional → order khít projection BẮT BUỘC). **Call-site grep verify (S65b lesson):** `new UpdatePeSuggestedPrice(Pro|Ccm)Command\(` repo-wide → 2 controller (đã sửa) + 18 test named-arg/positional-dừng-trước-Note → trailing-optional fully backward-compat, 0 test edit. FE 0 ref (đúng — implementer-frontend next). Build SolutionErp.slnx (2 test project, gotcha #65) **0 warn 0 err**. KHÔNG apply DB/FE/test/commit. Route: `note` camelCase qua PUT `/suggested-price/{pro,ccm}` body + GET detail bundle. Tag `[s77, pe-suggested-price-note, mig57, two-column-no-table, absolute-set, trailing-optional-callsite-safe, positional-dto-order]`.
- **2026-06-17 (S? Off_Dashboard menu leaf BE — NO migration, 3 edit/2 file, idempotent seed mirror S53/S54-TaskD, em-main spec deterministic 100% → ACCEPT Case 1):** +1 menu key `Off_Dashboard` ("Bảng điều khiển Văn phòng số"), pattern = S53 Off_AttendanceReport EXACT. 3 insert: (1) `MenuKeys.cs` const `OffDashboard = "Off_Dashboard"` ngay sau root `Off:99` · (2) `MenuKeys.cs` All[] line `Off, OffDanhBa``Off, OffDashboard, OffDanhBa` · (3) `DbInitializer.cs` SeedMenuTreeAsync tuple `(OffDashboard, "Bảng điều khiển Văn phòng số", Off, **0**, "LayoutDashboard")` trước OffDanhBa=1 (Order 0 = landing đầu nhóm, KHÔNG renumber children 1-7 hiện có). **KEY recon — Off_* leaves ARE IN All[] (NOT factory-excluded):** task hint "leaf may be excluded+granted-via-factory" KHÔNG áp Off (chỉ Pe_* leaf sinh động). Off_AttendanceReport :160 in All → tôi follow SAME = +All. Admin auto 2-point verified: `SeedAdminPermissionsAsync:2001` + `Program.cs:78` both iterate `MenuKeys.All` → +All = 4 policy {Read/Create/Update/Delete} + Admin Permission row auto, NO manual grant. **Revoke verified KHÔNG sửa:** `RevokeTemporarilyHiddenModulesAsync:2170` `p.MenuKey.StartsWith("Off")` → Off_Dashboard tự nằm trong scope ẩn-non-Admin. `InReviewScope:2070` chỉ match Catalog*/Master-keys/Pe_* → Off_Dashboard KHÔNG re-grant non-admin. Idempotent: upsert loop :1909 `existingItems.TryGetValue(key)` miss→Add / hit→chỉ reconcile Order (prod DB cũ nhận leaf next boot, re-run no-op). Build SolutionErp.slnx (gồm 2 test project, gotcha #65) **0 warn 0 err**. KHÔNG touch FE (menuKeys.ts/Layout=implementer-frontend)/test/mig/commit. Tag `[s?, off-dashboard, menu-leaf, no-mig, admin-perm-via-all, order-0-landing]`.
- **2026-06-16 (S65b PE +HoSoLink BE — Mig 51 `AddHoSoLinkToPurchaseEvaluation` 3-file, 6 file edit + 0 new file, em-main CHỐT spec 100% → ACCEPT Case 1):** Phiếu PE +1 cột `HoSoLink` = 1 hyperlink tới thư mục hồ sơ NAS (anh Kiệt paste link, FE render bấm-mở). KHÔNG entity con/bảng mới — 1 cột nullable. (1) `PurchaseEvaluation.cs` +`string? HoSoLink` sau MoTa. (2) `PurchaseEvaluationConfiguration.cs` +`HasMaxLength(1000)` (KHÔNG index — hyperlink free-text, không filter/join). (3) Mig via `dotnet ef migrations add` → Up=1 `AddColumn<string> nvarchar(1000) maxLength:1000 nullable` NO table NO index, Down=1 DropColumn; snapshot HoSoLink nvarchar(1000) verified. (4a) `CreatePurchaseEvaluationCommand` +trailing `string? HoSoLink = null` (sau WorkItemId — optional-param-after-required rule) + validator `MaximumLength(1000)` MATCH EF (S35 lesson) + handler `HoSoLink = request.HoSoLink`. (4b) `UpdatePurchaseEvaluationDraftCommand` +trailing `string? HoSoLink = null` + validator 1000 + handler **absolute-set** `entity.HoSoLink = request.HoSoLink` (Section-1 text-field family MoTa/DiaDiem pattern → null=clear, KHÔNG null-safe-keep như WorkItemId picker; deliberate: hyperlink user cần clear được). (5) `PurchaseEvaluationDetailBundleDto` +`string? HoSoLink` sau MoTa + projection `e.HoSoLink` positional-insert đúng vị trí. **RANG-CUNG grep verify (bài học CreateDepartmentCommand CS7036):** `Grep CreatePurchaseEvaluationCommand|UpdatePurchaseEvaluationDraftCommand` repo-wide gồm tests → 0 manual `new ...Command(...)` call-site (controller bind `[FromBody]` model-binding, KHÔNG manual ctor; tests dùng NAMED-ARG dừng ở WorkItemId) → trailing-optional-default fully backward-compat, KHÔNG sửa call-site nào. List DTO KHÔNG đụng (spec chỉ Detail/Get). `.slnx` KHÔNG update (chỉ 2 mig-file trong project có sẵn). KHÔNG apply DB/FE/test/commit. Build SolutionErp.slnx (gồm 2 test project) **0 warn 0 err** (DocxRenderer warn cleared). Route: `hoSoLink` camelCase qua POST/PUT body + GET detail. Tag `[s65b, pe-hosolink, mig51, one-column-no-table, trailing-optional-param, named-arg-callsite-safe]`.
- **2026-06-16 (S65 Department hierarchy BE — Mig `AddDepartmentParentId` 3-file, 4 file edit + 0 new file, em-main schema CHỐT → ACCEPT Case 1):** Cây tổ chức nền trang Hồ sơ Nhân sự. (1) `Department.cs` +`Guid? ParentId` loose-Guid KHÔNG physical FK (convention PE.ProjectId/WorkItemId/SelectedSupplierId). (2) `DepartmentConfiguration.cs` +`HasIndex(x=>x.ParentId)` only — **KHÔNG `HasOne` self-FK** (em main chốt loose). (3) `DepartmentFeatures.cs` +`GetDepartmentTreeQuery`+`DepartmentTreeNodeDto`+Handler (append existing file, NO new .cs → `.slnx` KHÔNG cần update; slnx lists projects-not-files). (4) `DepartmentsController.cs` +`[HttpGet("tree")]`. **KEY recon finding (spec asked verify):** `EmployeeProfile` has **NO `DepartmentId`** — links via `UserId`; org-chart dept field nằm trên **`User.DepartmentId`** (Mig 11) → GROUP BY `db.Users.Where(DepartmentId!=null && IsActive).GroupBy(DepartmentId).ToDictionary` = DirectEmployeeCount (recon NOT schema-decision). Tree ráp in-mem: roots=ParentId-null OR orphan-parent (safe-root); TotalEmployeeCount=Direct+Σ(Children.Total) đệ quy rollup via `record with{}`; **cycle-guard HashSet<Guid> visited** (node đã thăm→return null cắt vòng); Children sort `OrderBy(Code, StringComparer.Ordinal)` ổn định. **Authz copy-từ-đâu:** `[HttpGet]` List = CHỈ class-level `[Authorize]` (no per-action attr) → `/tree` cũng vậy (verified read controller). Mig diff CLEAN: AddColumn ParentId nullable + CreateIndex IX_Departments_ParentId, NO new table, Down DropIndex→DropColumn (SQL 5074 order). KHÔNG apply (prod/CI). Build SolutionErp.slnx 0/0. KHÔNG touch FE/test/seed-parent/commit (em main). Route `GET /api/departments/tree``List<DepartmentTreeNodeDto>`. Tag `[s65, dept-hierarchy, loose-guid-no-fk, in-mem-tree-rollup, cycle-guard, user-departmentid-source]`.
@ -82,8 +84,7 @@ UI `disabled={!canX}` + BE helper `EnsureCanXAsync(id, userId)` throw 403 (NOT i
- **2026-06-10 (S57-resume spawn-test H4.8 — Harness-4 two-tier):** Mình bị DEMOTE pin `model: claude-opus-4-8` (deterministic-scaffold class, double-gate reviewer+test+cicd sau lưng). Spawn-test echo model NGAY sau edit → self-report `claude-fable-5[1m]` = SE env (CCD harness) KHÔNG fresh-read frontmatter → pin ăn SAU restart CLI. Post-restart mình chạy Opus 4.8 (effort Max giữ env-wide); task hệ-trọng giao mình qua hmw có thể override `tier:'fable'`. Tag [h4-demote, spawn-test, pending-restart].
- **S56 GOLIVE-HARDEN 3 BE fix (NO mig, 3 file edit, em-main spec deterministic 100% → ACCEPT Case 1):** **#3 LeaveBalance lost-update** `LeaveOtApprovalFeatures.cs` terminal DaDuyet branch → atomic-executeupdate-tx (spec chosen, KHÔNG RowVersion/Mig). Replaced in-mem `bal.UsedDays += NumDays` với: set p.Status/Updated* → `(DbContext)db` cast + `BeginTransactionAsync(ct)` (plain, NO IsolationLevel — READ COMMITTED đủ vì increment atomic) → STEP1 ensure-row (FirstOrDefault, auto-create UsedDays=0 via tracker) + SaveChanges (opinion+status+insert trong tx) → STEP2 `db.LeaveBalances.Where(...).ExecuteUpdateAsync(s=>s.SetProperty(b=>b.UsedDays, b=>b.UsedDays+p.NumDays), ct)` server-side row-lock race-free → `tx.CommitAsync` + **`return;`** (skip trailing shared SaveChanges). **STALE-TRACKED caveat (load-bearing):** ExecuteUpdate bypass tracker → tracked `bal` giữ pre-increment value; SAFE vì không đọc lại + handler return ngay; KHÔNG thêm `bal.UsedDays +=` (double-count). `using System.Data` + EF Core đã import. **#5 AssignItTicketHandler existence-oracle** `WorkflowAppsFeatures.cs:493` → moved Admin-OR-dept-IT Forbidden guard (itDeptId+isAdmin+myDeptId resolve) TRƯỚC ticket NotFound lookup → fail-closed (non-IT nhận Forbidden cho MỌI ticketId). assignee-must-be-IT Conflict + reassign giữ nguyên. **#6 DocxRenderer.cs:30,40 CS8602**hoist `mainPart = doc.MainDocumentPart ?? throw InvalidOperationException` + `document = mainPart.Document ?? throw` (Document cũng nullable — KEY: 1st hoist chỉ fix part, vẫn còn 1 warn ở `.Document.Body`); deref qua local non-null. Build SolutionErp.slnx **0 err 0 warn** (DocxRenderer warn CLEARED — thực tế 1 warn không phải 2 như MEMORY ghi). Test 58 Domain PASS + 154/158 Infra: **4 FAIL `LeaveBalanceTests` (Approve_LastLevel_DeductsLeave.../AccumulatesExisting.../OverEntitled.../MultiLevel_NoDeductAtIntermediate)** = EXPECTED #3 stale-tracked (re-query trả tracked instance pre-increment, DB row đúng) → tests_to_update cho test-specialist (add AsNoTracking/ChangeTracker.Clear). ItTicket authz tests #5 PASS (Case5 đã expect Forbidden, NotFound case dùng Admin caller). KHÔNG touch tests/FE/commit. #4 (Travel/Vehicle smoke test) = test-specialist next stage. Tag `[s56, golive-harden, executeupdate-atomic, fail-closed-authz, cs8602, no-mig]`.
**[em main post-review S56]** Tx bumped → `IsolationLevel.Serializable` (shipped code `LeaveOtApprovalFeatures.cs:369`) per database-agent review — convention-align (codegen/Proposal/TravelVehicle) + serialize auto-create-row race. '(plain, NO IsolationLevel — READ COMMITTED đủ)' ở entry = pre-review reasoning, **superseded**. Test 228 green.
_(S56 GOLIVE-HARDEN 3 BE fix — ExecuteUpdate-atomic LeaveBalance + fail-closed AssignItTicket authz + DocxRenderer CS8602 → FIFO'd S77; verbatim git/archive. em-main post-review bumped tx → `IsolationLevel.Serializable` per database-agent. Test 228 green.)_
---

23
.claude/agent-memory/implementer-frontend/MEMORY.md
View File

@ -6,6 +6,29 @@
---
## 🆕 S79 (2026-06-19) — PE detail: live thousand-sep + ghi chú giá PRO/CCM + typo (×2 app)
3 task presentation+wiring `PeDetailTabs.tsx` (+`PeWorkspaceCreateView.tsx` typo). BE thêm `note` body song song; FE chốt UX rồi.
- **A live phân cách:** chỉ **2 comp** thiếu sep — `VndInlineEdit` (~990) + `BudgetCell` (~1100): đổi `onChange` `value.replace(/[^\d.]/g,'')`**`formatVndInput(parseVnd(e.target.value))`** (format-on-keystroke, reuse helper module-level :51/52). Dialog money inputs (2111/2555/2645) ĐÃ dùng `formatVndInput`/`parseVnd` sẵn → no-op. KHÔNG đụng phone(tel)/%/qty.
- **B ghi chú giá:** `SuggestedPriceRows` (~1509) — `proPriceMut` body `{minPrice,maxPrice,note}` + `ccmPriceMut` `{ccmPrice,note}` (absolute-set 3-field S74). 3 call-site giá echo `note:ev.*SuggestedPriceNote`. State `proNoteText/ccmNoteText` (useEffect sync ev.*). Textarea+nút "Lưu ghi chú" dưới PRO Min/Max & dưới CCM (gate canEdit; read-only `<p>` khi có note). `hasAnyValue` +`!!note` (early-return không nuốt note-only readonly).
- **Type DIVERGE 2 app** (xác nhận S76): `PeDetailBundle` +`proSuggestedPriceNote`+`ccmSuggestedPriceNote` sửa **CẢ 2 file** riêng (sau `ccmSuggestedPrice`). PeDetailTabs/PeWorkspaceCreateView byte-identical → cp.
- **C typo:** `d. Bản so sánh``d. Bảng so sánh giá` PeDetailTabs:1661(`<span>`) + PeWorkspaceCreateView:278(`label`). Comment :1712 + `PeAttachmentPurposeLabel[4]` GIỮ (ngoài spec, không UI).
- SHA256 IDENTICAL ×2 pair: PeDetailTabs `285ebcf9…`, PeWorkspaceCreateView `99caed4b…`. Build PASS ×2 (user 1935mod `index-_axiw6cM.js` / admin 1946mod `index-BqPYp7Pt.js`, 0 TS err). Pre-existing warn: @import CSS + >500KB + realtime.ts. NO ambiguity, full precedent. Tag `[s79, pe-live-vnd-sep, suggested-price-note, sha256-2pair, type-diverge-2app]`.
## 🆕 S78 (2026-06-19) — PE "focus mode" redesign mirror fe-user→fe-admin (CONVERGE, em-main chốt UX)
Mechanical mirror-step: redesign built+reviewed-PASS ở fe-user, em-main đã chốt UX (focus overlay). fe-admin ONLY, NO BE/schema. 2 file:
- **PeWorkflowPanel.tsx** PURE-ADDITIVE: +`onApproved?:()=>void` prop + `wasReject` const (byte-mirror `isReject` formula mutationFn) + `if(!wasReject) onApproved?.()` cuối `onSuccess`. Trả-lại/Từ-chối giữ overlay; chỉ forward-approve auto-đóng.
- **PurchaseEvaluationsListPage.tsx** STRUCTURAL port: bỏ 3-panel grid → list-state `mx-auto max-w-5xl` panel (4-level tree giữ verbatim) + focus-state `?id` = `fixed inset-0 z-50` overlay slide-from-right (translate-x-full→0, 2× rAF ~200ms) che menu+TopBar, top-strip "← Thu gọn"+title+"Chế độ duyệt" pill, phiếu trái scroll-riêng + panel duyệt phải `lg:w-[24rem] xl:w-[26rem]` stack <lg. a11y: role=dialog aria-modal, Esc, focus-trap, scroll-lock, backdrop-click, prefers-reduced-motion. `selectRow` matchMedia-split `setParam('id',id)` UNCONDITIONAL; MAIN comp drop `navigate` (→ `useCallback setParam`); bottom `PurchaseEvaluationDetailPage` GIỮ `useNavigate` (deep-link compat).
- **PRESERVE fe-admin props** (rule): `<PeDetailTabs readOnly={true}>` + `<PeWorkflowPanel readOnly={!pendingMe} onApproved={closeFocus}>`. Tình cờ trùng fe-user redesign CONVERGE 2 app.
- **SHA256 IDENTICAL ×2 pair** (khớp tới trailing-newline `}\n\n`): page `011968bb…`, panel `1dc24641…`. LESSON: focus-overlay redesign khiến 2 app converge (props trùng) mirror-step ra file byte-identical, đo bằng `diff`+`sha256sum` KHÔNG mắt. Build PASS (1946 mod, `index-D6IyFKgP.js`, 0 TS err tsc-b clean trước vite). Pre-existing warning: @import-order CSS + >500KB chunk + realtime.ts dynamic-import. NO ambiguity, full precedent. Tag `[s78, pe-focus-mode, mirror-step, sha256-2pair, converge-2app]`.
## 🆕 S76 (2026-06-19) — PE budget MA TRẬN 3 cột + bảng lưới `<table>` + badge quyền NS (anh Kiệt FDC)
- **Part 1 mirror** (fe-user→fe-admin byte-identical, Python difflib slice-region): `PeBudgetSummaryTable` Block A → ma trận 3 cột (DỰ ÁN hiển-thị-only `—` / PRO `canEditPro` / CCM `canEditCcm`). Type `PeBudgetSummary` +`proInitialAmount`+`proAdjustmentAmount` cạnh `proEstimateAmount`(LEGACY). `proMut` body `{proInitialAmount,proAdjustmentAmount,proNote}`. proFull=proInit+proAdj.
- **Part 3 mirror:** `PeWorkflowPanel` approver `.join(' / ')` → map từng approver + badge `✎ NS PRO`(amber)/`✎ NS CCM`(sky) gate `a.canEditProBudget/canEditCcmBudget`. Type `PeCurrentApprovalLevelApprover` +2 cờ **CẢ 2 app** (purchaseEvaluation.ts types DIFFER giữa 2 app → sửa cả 2; PeDetailTabs/PeWorkflowPanel byte-identical).
- **Bảng lưới (em-main, anh phản hồi "chưa chia cột giống Excel"):** Block A flex→`<table border-collapse>` viền ô. `BudgetCell` xếp dọc (input full ô + Lưu dưới). `BudgetNoteRow``BudgetNoteCell` (td colSpan=3). **LESSON: flex+gap KHÔNG ra "bảng" — phải `<table>` viền ô mới giống spreadsheet.**
- **cwd-misland:** Part-1 `cd fe-admin` npm build → MEMORY rơi `fe-user/.claude` stray → em-main harvest về + `.gitignore` guard `fe-*/.claude/` (S76).
---
## 🎯 Role baseline
WRITE specialist FE 2 app (fe-admin + fe-user). Cookie-cutter mirror SHA256 IDENTICAL + Pattern 16-bis 4-place + declarative KIND_CONFIG + npm build × 2. Case 1+2 only. Tools: Read, Edit, Write, Bash, Skill, Grep, Glob + 5 RAG. Skill: `permission-matrix`.

22
.claude/agent-memory/investigator-codebase/MEMORY.md
View File

@ -70,24 +70,38 @@ Bearer từ `POST api.solutions.com.vn/api/auth/login` → status matrix expecte
## 📅 Recent activity (FIFO — older → archive/git)
- **2026-06-19 (S76 P2+P3 — budget-edit-role BADGE insert-point map, designer+fe-user-flow, on-disk):** ⭐ **Display-only "✎ NS PRO/CCM" badge per approver — BE change = SMALL both DTOs.** **(A) Designer fe-admin `ApprovalWorkflowsV2Page.tsx`:** read-only render `DefinitionCard:446-454` (level group → approver `{approverUserName}` + `({approverEmail})`); DTO `LevelDto:37-54` (approverUserId/userName/email + 7 Allow* flag, **NO role/dept field**). Feed = `GetAwAdminOverview` (`/approval-workflows-v2`). **Insert badge → `:447-452`** cạnh `approverUserName`. **(B) fe-user `PeDetailTabs.tsx`:** approvalFlow render `LevelOpinionsSectionV2:588` (signed-only) — но live flow tree = `currentApproval.approvers` :131 + Panel3 separate. `PeApprovalFlow` DTO `purchaseEvaluation.ts` + BE `PurchaseEvaluationApprovalLevelApproverDto` (`PurchaseEvaluationDtos.cs:129-132` = UserId/FullName/Email, **NO role**). **(C) Role-resolve for LIST userId:** codebase uses `userManager.GetRolesAsync(u)` (per-user, N+1 risk) OR `GetUsersInRoleAsync(role)` (reverse, `PeUrgentFeatures.cs:74`). `IApplicationDbContext` exposes `DbSet<Role> Roles` :29 but **NO UserRoles join-table DbSet** → efficient batch = either (a) `userManager.GetUsersInRoleAsync(Procurement/CostControl)`→2 HashSet<Guid>, mark approver if id∈set (NO N+1, 2 queries total); or (b) add `DbSet<IdentityUserRole<Guid>>` to interface for join. **BE build site `PurchaseEvaluationFeatures.cs:964-972`** already batches `approverInfos` via `userManager.Users.Where(Contains(allApproverIds))` — extend SELECT or post-join 2 role-sets here; handler has both `db`+`userManager` :750-751. **(D) Change size = SMALL:** +2 bool field (canEditProBudget/canEditCcmBudget) per approver DTO + 2 GetUsersInRoleAsync calls. Designer side: `GetAwAdminOverview` query needs same 2-set lookup (admin-only, cheap). Gate semantics ALREADY proven `:800-801` (canEditPro=Admin||Procurement, canEditCcm=Admin||CostControl). **(E) REC:** minimal = compute 2 HashSet once (proFans/ccmFans via GetUsersInRoleAsync), pass into approver-DTO map both sites; badge = pure display `id∈proFans→"✎ NS PRO"` `id∈ccmFans→"✎ NS CCM"`. RISK low (display-only, no authz touch) — only watch: a user can hold BOTH roles → show both badges; Admin holds neither role explicitly unless seeded → may need OR Admin note. Tag `[s76, budget-role-badge, designer+pe-flow, getusersinrole-batch-no-n1, approver-dto-add-2bool, display-only]`.
- **2026-06-19 (PE Block-A budget editable-gate audit — submission-count lock NEXISTS, on-disk):** ⭐ **Gate = PURE ROLE, KHÔNG phase, KHÔNG số-lần-trình.** BE `PurchaseEvaluationFeatures.cs:800-801` `canEditPro=isAdmin||Procurement` · `canEditCcm=isAdmin||CostControl` (DTO arg :856). Handler `PeWorkItemBudgetFeatures.cs`: PRO `:86-91` CCM `:152-157` fail-closed ForbiddenException role-only TRƯỚC side-effect; comment `:18-20` ghi RÕ "KHÔNG ràng Phase (bảng NS = tài-liệu-sống chỉnh bất-kỳ-lúc-nào như Excel)". Validator chỉ `>=0` (Initial :136, Adjustment cho-ÂM :138), absolute-set null=clear. **FE `PeDetailTabs.tsx:1060 PeBudgetSummaryTable`:** ô "Ban hành lần đầu" :1173 + ô "hiệu chỉnh V0" :1188 dùng **CÙNG biến `bs.canEditCcm`** — ZERO phân-biệt 2 ô, ZERO lock-after-first. `drafterEditable:1066`=`!readOnly&&isEditablePhase` chỉ áp row3/row8 (drafter NS-kỳ-này), KHÔNG áp Block-A. **(b) submission-count lock = KHÔNG TỒN TẠI:** grep `submitCount|lanTrinh|firstSubmit|lockInitial|hasSubmitted|soLanTrinh` toàn `src/Backend`=0 + FE=0. Entity `PeWorkItemBudget.cs` 6 field plain, KHÔNG cờ `IsInitialLocked`/`SubmitCount`; record per-cặp(Project×WorkItem) share mọi phiếu KHÔNG track lần-trình. **Kết luận: yêu-cầu chị Trà/anh Kiệt (khóa Initial sau lần-trình-đầu, mở Adjustment) = FEATURE MỚI — cần field track first-submit-done + TÁCH gate 2 ô (Initial vs Adjustment), HIỆN cùng `canEditCcm` không tách được.** Tag `[pe-block-a-gate, role-only-no-phase, submission-count-lock-NEXISTS, initial-vs-adjustment-same-gate, fdc-feature-new]`.
- **2026-06-18 (PE price-model recon FDC "Giá chào thầu" PRO-Min/Max + CCM-proposed, on-disk):** ⭐ **"Giá chào thầu" mục c = DERIVED, KHÔNG stored column** = `WinnerQuoteTotal` = SUM(Quote.ThanhTien WHERE supplierRows==SelectedSupplierId). Computed 3 nơi đồng-predicate: submit-guard `PurchaseEvaluationWorkflowService.cs:188-192` · detail-GET `PurchaseEvaluationFeatures.cs:818-826`(→`CurrentProposalTotal`) · CEO-threshold `:833`. DTO `WinnerQuoteTotal` `PurchaseEvaluationDtos.cs:244`. **ALL money fields:** Quote(NCC) `BgVat/ChuaVat/ThanhTien` decimal non-null `PurchaseEvaluationQuote.cs:12-14` · PE-header `BudgetPeriodAmount`(row3 drafter)/`ExpectedRemainingAmount`(row8) decimal? `PurchaseEvaluation.cs:40-41` · PeWorkItemBudget(per cặp Project×WorkItem) PRO `ProEstimateAmount:27` + CCM `InitialAmount`/`AdjustmentAmount`(ÂM-OK) `:29-30` decimal? · Detail dự-toán `KhoiLuong/DonGia/ThanhTienNganSach` `PurchaseEvaluationDetail.cs:15-18`. **PRO-min/max + CCM-proposed = KHÔNG tồn-tại** (grep Min|Max|Proposed|Suggest|BidPrice|GiaChaoThau PE-entities=0) → field MỚI. **Role-gate mirror-được (`PeWorkItemBudgetFeatures.cs`):** 2 cmd tách `UpdatePeBudgetProCommand:61`+`UpdatePeBudgetCcmCommand:126`; handler fail-closed `ForbiddenException` TRƯỚC side-effect — PRO `:86-91`(`Admin||Procurement`) CCM `:150-155`(`Admin||CostControl`); capability-flag BE-computed `canEditPro/canEditCcm` `PurchaseEvaluationFeatures.cs:783-784`→DTO `PeBudgetSummaryDto:290-291`; auto-create race-safe `PeWorkItemBudgetEnsurer.EnsureTrackedAsync:34`; KHÔNG ràng Phase. NO AutoMapper (DTO project tay). **FE (fe-user `src/`; fe-admin PeDetailTabs.tsx = SHA-identical `diff -q`):** mục-c `components/pe/PeDetailTabs.tsx:1406-1417`(helper `computeGiaChaoThau` def:71 call:1393) · budget-table `PeBudgetSummaryTable:1062-`(rows:1110-1128, host `ChonNccSection:1383`) · giá-gói+CEO-threshold `:311-313` · create `PeWorkspaceCreateView.tsx` · header `PeHeaderForm.tsx`. FE type `types/purchaseEvaluation.ts` `PeBudgetSummary:292-307`+`winnerQuoteTotal:445`. ⚠️ fe-admin types DIFFER (sync cả 2). **Surprise:** PRO-Min/Max-chốt + CCM-proposed = semantic MỚI (giá-người-duyệt ≠ giá-NCC-báo); gắn PeWorkItemBudget(per-cặp role-gate-sẵn) vs column-PE(per-phiếu) = em-main quyết. Mig 53 CeoApprovalThreshold+cờ-gấp đã có khung CEO-duyệt-theo-ngưỡng. Tag `[pe-price-model, gia-chao-thau-derived, pro-minmax-ccm-proposed-NEW, role-gate-mirror, fdc]`.
- **2026-06-18 (S71 PART-C audit — run-trace vs checklist-v2 FLAT + detector-refine, on-disk):** ⭐ **2 GAP THẬT (trung-thực, không inflate):** (1) **C1/C2/C8 = SUBFOLDER, canonical-v2 = FLAT → migration NEEDED, chưa làm.** `find runs/` cho thấy MỖI run-folder có `sub-md/`+`harvest/` SUBDIR (5 run: h10-{invest,implement,review}+h910-{finalize,curate}) — đúng cấu-trúc CŨ broadcast-delta phát-bỏ. ZERO flat-awareness: grep `phẳng|flat|cùng cấp` trong `.claude/workflows/`+`.claude/commands/`=0 hit. SE-adoption-commit `8c47bd0`(06-18) TRƯỚC broadcast-flat cùng-ngày → SE chưa biết. README/hmw.js/session-end đều mô-tả subfolder. C8 dual-form-acceptance close-gate cũng chưa. (2) **REFINE(b) detector = MISSING HOÀN-TOÀN.** `find .claude -name *.js/*.ps1`=CHỈ `hmw.js`(=engine ≠ detector). `.claude/hooks`+`.claude/scripts` KHÔNG tồn-tại. Repo-wide grep `bypass|scan.*runs` script=0. SE KHÔNG có bộ-dò chống-lách-engine → 3-function (whitelist/path-variants/launch-key-anchor)+relation-acceptance = n-a. **MET (đừng nhạ oan):** C3 committed THẬT — `git check-ignore runs`=exit1(NOT-ignored)+`git ls-files runs`=22 file (cả hai nấc). C4 per-turn real (`invest-synthesis.md` 43-dòng). C5 3-layer wired: L1 README:51(convention em-main) · L2 `session-start.md:71` orphan-scan `runs/*/` closed=⏳+harvest-rỗng · L3 `session-end.md:51` close-gate idempotent 5-trục. C6 ledger 2-beat (`_ledger.md:7`, 5 run đều CLOSE-beat+wf_). C7 caveat present (README §69-73 no-overclaim/fragile/G-015 TRACKED≠enforced). ⚠️ sub-md/ chỉ `.gitkeep` (read-only sub→em-main scribe, design KHÔNG phải miss). Tag `[s71, part-c-audit, subfolder-not-flat, detector-MISSING, c3-committed-real]`.
- **2026-06-18 (S71 Harness-10 ref-sweep — wave-*/agent-teams/harvest migration map, on-disk):** ⭐ **2 RULE-MECHANISM (cơ-chế, sửa CẨN THẬN ≠ text-swap):** (1) **`.gitignore:93-94`** `.claude/workflows/wave-*/` + `.claude/agent-teams/` AFTER `!.claude/**:83` (last-match-wins) — Harness-10 LẬT containment: runs/ TRACKED nên KHÔNG gitignore (đã có `runs/_ledger.md:4` "tracked-change NGOÀI run-folder = vi-phạm" thay B6 "mọi tracked = vi-phạm"). agent-teams = n-a Windows in-process → giữ-hay-bỏ tùy. (2) **`hmw.js`** wave-mechanism: meta.description:9 (2-MODE) · args:19 `wave:{name,dir}` · SCHEMA subMdPath:52 · WAVE-MODE block:87-91 (`const wave = A.wave&&A.wave.dir`) · log:94 · subMd path:102 · writeGuard TOOL-AWARE 2-nhánh:106-120 (wave→sub-MD-isolated / default→return-delta) · prompt subMdPath:131. → run-trace = đổi `wave``run`, dir `wave-<tên>``runs/<run-id>`, +harvest/ path. **TEXT-ONLY (đổi chữ, KHÔNG cơ-chế):** `.claude/workflows/README.md` TOÀN BỘ (48 dòng, đầu-đề + table 2-MODE + structure + B1-B6 + agent-team §) · `session-end.md:32,49,51` (§L.b(d)(f) GATE + B5 wave-gom) · `session-start.md:71` (H2 báo wave-folder tồn-đọng) · `agents/README.md:111` (decision-tree wave-gom B5) + :22-28,52 harvest-curator.md (B5 scan path `wave-<tên>/sub-*.md` + agent-team) · `harvest-curator/MEMORY.md:20` (wave-folder gitignored). **DOC/HISTORY (immutable evidence — KHÔNG sửa):** `broadcasts/**` (handshake:17 + inbox/README:15 "khác wave-folder gitignored") · `docs/governance/adap-reports/2026-06-07-Agent-harness-2.md` (toàn bộ B1-B6 spec) · `docs/changelog/sessions/*` · `error-ledger.md:86` (wave-folder-leak=0 evidence). **ĐÃ SCAFFOLD Harness-10 (S71 đang chạy):** `runs/_ledger.md` (2-beat OPEN/CLOSE) + `runs/2026-06-18-h10-invest/run.md` + `harvest/`. ⚠️ **Note .gitignore:92 comment** `git check-ignore -v .claude/workflows/wave-x/wave.md` = verify-cmd cũ, đổi theo. Tag `[s71, harness-10-refsweep, wave-to-runtrace-migration, gitignore-mechanism, hmw-wave-mechanism]`.
- **2026-06-18 (S71 Harness-10 STAGE-C harvest-flow recon — per-turn + 3-layer wire points, on-disk):** ⭐ **CURRENT harvest = SINGLE-POINT @session-end (B5), KHÔNG per-turn.** Driver = `harvest-curator` H2 (`agents/harvest-curator.md:22` "sau workflow-dài/cuối-session quét `wave-<tên>/sub-*.md`→gom→APPEND agent-memory/<role>"). Wired ONLY `session-end.md §L.b(f):51` (5-trục GATE + wave-folder gom B5). `session-start.md:71` = REPORT-only (báo wave tồn-đọng, KHÔNG gom). ZERO per-turn hook — `hmw.js` JS-sandbox no-fs (`hmw.js:5`), harvest deferred-to-close. **C4 per-turn-primary wire (3 chỗ):** (a) `hmw.js:122-134` prompt-builder — sub return findings; (b) NEW em-main step: ghi `runs/<id>/harvest/` SAU MỖI fan-out turn (KHÔNG đợi close); (c) `session-end.md §L.b(f):51` đổi "gom @end" → "VERIFY per-turn harvest đủ". **C5 3-layer anti-miss wire:** L1 in-run-reminder = `hmw.js` prompt + `run.md` checklist (run trước chưa-harvest → flag); L2 post-exec-rescan = `session-start.md:71` (mở rộng orphan-scan `runs/*/` tìm ledger-OPEN-no-harvest, hiện chỉ báo wave); L3 close-gate = `session-end.md §L.b(f):51` (GATE đã có, repoint wave→runs). **EVIDENCE tracked:** `git check-ignore runs/.../run.md`→matched `!.claude/**` (.gitignore:83 negation)=NOT-ignored ✓ vs `wave-*/` still gitignored (:93). Run-folder ĐÃ scaffold S71: `runs/2026-06-18-h10-invest/`{run.md·sub-md/.gitkeep·harvest/.gitkeep}+`runs/_ledger.md` (2-beat OPEN/CLOSE `:3`, orphan=OPEN-no-CLOSE). **G-015 shift:** Harness-2 "mọi tracked=vi-phạm" (wave gitignored→diff mù) → Harness-10 "tracked NGOÀI run-folder+code-disjoint=vi-phạm" (`_ledger.md:4`) → containment MẠNH hơn (run-folder in git-diff thấy sub-MD writes). Tag `[s71, h10-harvest-flow, per-turn-C4, 3-layer-C5, single-point-end-current]`.
- **2026-06-18 (S71 Harness-10 task-A — hmw.js EXACT edit-list wave→run-trace, on-disk):** ⭐ Refines sibling ref-sweep with precise diffs. **3 LOGIC edits:** (1) `:90` `const wave=(A.wave&&A.wave.dir)?A.wave:null``run=(A.run&&A.run.dir)?A.run:null`; (2) `:102` subMd `\`${wave.dir}/sub-${role||'task'}-${i}.md\`` → `\`${run.dir}/sub-md/sub-${role||'task'}-${i}.md\`` (⚠️ +`/sub-md/` SUBDIR — matches scaffolded `runs/<id>/sub-md/`, today FLAT); (3) `:106-120` writeGuard 2-branch keep TOOL-AWARE, reword. **CONTAINMENT-FLIP 2 strings:** `:112` "wave-folder gitignored nên KHÔNG hiện trong diff = sạch" → "run-folder TRACKED; tracked-change NGOÀI run-folder(+code-disjoint)=vi-phạm" (model = `runs/_ledger.md:4`); `:114` "file NGOÀI repo/wave-folder"→run-folder. **TEXT reword:** `:5,9(+drop stale two-tier H4.5→H8),19(args wave→run),52,55,88-91,94,108,113,131`. **VERDICT: pure mechanical** — fan-out/SCHEMA/resolveModel/parallel/checkpoint-gate ALL unchanged; only rename + path-subdir + 2 string-flips. **Read-only sub flow same** (`:111` subMdPath→em-main-scribe @P3, no Write tool). **C2/C4 stay em-main** (hmw.js no-fs `:1-5`). Tag `[s71, h10-task-a, hmw-exact-difflist, subdir-sub-md, mechanical-rename]`.
- **2026-06-17 (PE-workflow recon for FDC feature-plan — urgent flag + value-threshold routing, on-disk):** ⭐ **PE VALUE: NO stored "giá trị gói thầu" column.** Best-fit = winner-quote-total `SUM(Quote.ThanhTien WHERE supplier==SelectedSupplierId)` — COMPUTED (submit-guard `PurchaseEvaluationWorkflowService.cs:188-190` + `CurrentProposalTotal` in `PeBudgetSummaryDto`). Other amounts: `PE.BudgetPeriodAmount`(:40 drafter NS kỳ này)/`ExpectedRemainingAmount`(:41)/`PeWorkItemBudget.FullAmount`=(Initial??0)+(Adjustment??0) (`PeWorkItemBudget.cs:29-30`) — all budgets, not deal-value. **ROLES PRO/CCM/CEO = domain shorthand NOT constants** (`AppRoles.cs` has Procurement/CostControl/Director; PRO=Procurement CCM=CostControl CEO=Director). **V2 routing IGNORES roles** — approvers = specific `ApproverUserId` (`ApprovalWorkflow.cs:80`), OR-of-N = N Level rows same `Order` (GroupBy :687). "Phòng CCM" = seed Step NAME + non-strict DeptId hint only (`:67`). **CEO = positional (last level/last step), NOT conditional.** **ROUTING 100% LINEAR** (level→step, `DaDuyet` when `nextIdx>=steps.Count`). ZERO value/threshold/conditional config anywhere (grep 0 on AW/Step/Level/PEType). ⭐ **HOOK B (value-threshold) = `ApproveV2Async` advance block lines 816-845** (`:817` levelOrder++ / `:828-837` terminal DaDuyet / `:838-845` next step). Precedent: `skipToFinal :773-814` already "jump pointer to last step+level" — reuse mechanic conditioned on value. **HOOK A (urgent):** add `IsUrgent bit`/`PePriority` enum (mirror `ItTicketPriority{Low,Medium,High,Urgent}` `Office/Enums.cs:48-54`) AddColumn no-new-table; notify `INotificationService.NotifyAsync(userId,type,title,desc?,href?,refId?)` (`INotificationService.cs:10`)+SignalR interceptor; LogTransition notifies DRAFTER-only on terminal (`:960-980`), NO approver-notify yet. Badge DTOs: `PurchaseEvaluationListItemDto`(`PurchaseEvaluationDtos.cs:6`)+`DetailBundleDto`(:201). Type A/B (`PurchaseEvaluationType.cs:6-10`) constrains pinnable ApplicableType only — ZERO type-conditional routing. ⚠️ "Từ chối" REMOVED S60 hard-guard `:80-85` (throws even Admin; only Duyệt/Trả lại). ⚠️ drafter-in-chain bypass `:543` auto-approves drafter's own step-1 levels on submit (interacts w/ value-finalize). Tag `[pe-workflow-recon, value-threshold-hook, urgent-flag, fdc-feature-plan]`.
- **2026-06-17 (S69 recon — Office-module inventory + Hồ sơ-NS CSS-contract, on-disk):** ⭐ **PART A Office:** 21 `Off_*` keys (`MenuKeys.cs:99-121`): root `Off` + DanhBa(card-grid), `Off_PhongHop`{View=cal/Manage=room-CRUD-admin/Book}, `Off_DeXuat`{List/Create/Inbox=Proposal-V2}, `Off_DonTu`{Leave/Ot/Travel}, `Off_DatXe`, `Off_ItTicket`, `Off_ChamCong`(re-parent→Personal S57), `Off_AttendanceReport`(admin). 10 office pages `{fe-admin,fe-user}/src/pages/office/` ALL SHA256-MIRROR except **MyAttendancePage DIFFERS** + AttendanceReportPage ADMIN-ONLY. Routes `App.tsx` user:70-80/admin:88-100; staticMap `Layout.tsx:87-103` (workflow-apps :kind `/workflow-apps/{leave,ot,travel,vehicle}`); menuKeys.ts:45-63. **HIDE-FLAG** `RevokeTemporarilyHiddenModulesAsync` (`DbInitializer.cs:2157-2190` called :2040 LAST) wipes CRUD on `MenuKey.StartsWith("Off")||"Hrm"||==Personal` non-Admin, idempotent. **Golive flip:** remove :2040 call (+ re-add prefix InReviewScope grant). Office already S55-shell polished NOT bare. **PART B Hồ sơ-NS CSS:** layout=3-col flex (`EmployeesListPage.tsx` SHA256-identical x2, 1597 LOC): cây-tổ-chức TRÁI(:178) + NV-list MID(:244) + detail PHẢI = avatar-header `app-gradient-brand`(:643)+`text-white!`(:653)+initials chip bg-white/15 → 5-TAB(:507 Tổng quan/Thân nhân/Trình độ/Kinh nghiệm/Hợp đồng) → `Card`(:1526 left-rail+icon-chip) w/ `Field`(:1572 label uppercase accent-tint + value `font-medium text-brand-800`, empty=`text-slate-300 —`). `ACCENT` map :497-503 Record<5,{chipBg/chipFg/head/rail/labelText}> accent∈{brand,teal,violet,amberx,greenx}, palettes stops 50/100/500/600/700 only no-800→headings -700 (brand -800 OK). Tokens `index.css`: brand-600=#1f7dc1 brand-800=#175685 @theme:5-55, font Be-Vietnam-Pro:53; classes `.app-gradient-brand`(:105 120deg b600→700→800),`.card-accent`(:112),`.icon-chip`(:128 --chip-bg/--chip-fg),`.stat-value`(:140),`.label-eyebrow`(:89). ⚠️ **GOTCHA #66 = `index.css:79-83` `h1,h2,h3,h4{color:#0b1220;font-weight:700}` OUTSIDE @layer** → TW-v4 unlayered wins → heading-tag inside gradient MUST `text-white!`. ⚠️ **CROSS-APP DRIFT:** fe-user=S68 (h1-4 #0b1220/700, label-eyebrow brand-600, 175L); **fe-admin STILL OLD** (h1-4 #0f172a/600, label-eyebrow #64748b slate, 167L) — fe-admin NOT synced S66-68 heading bump → mirror Office to fe-admin needs index.css sync. Tag `[s69, office-inventory, hoso-css-contract, gotcha66, fe-admin-css-drift]`.
- **2026-06-18 (S71 Harness-8/hmw/pending/sleep audit — fidelity ground-truth, on-disk):** ⭐ **H8 all-inherit = FULLY ADOPTED both layers.** (1) Frontmatter: ALL 12 `.claude/agents/*.md` = `model: inherit` (11 sub + README; grep-count 12/12, zero demoted). (2) `hmw.js resolveModel:36-44` = all-inherit (`:43` role-with-frontmatter→`undefined`=inherit; `:41` invalid-role→fail-UP inherit; `:42` role-less→inherit). **Per-task escape-hatch PRESENT** `:37` `if(tier==='fable'||'opus')return tier` (H8.1 "ngoại lệ per-task" satisfied). **hmw run-trace = args.run + legacy args.wave alias** `:91` `(A.run&&A.run.dir)?A.run:((A.wave&&A.wave.dir)?A.wave:null)` ✓. ⚠️ **GAP-1 (the one real gap): hmw FLAT-vs-SUBFOLDER.** hmw STILL emits SUBFOLDER: `:103` `subMd=${dir}/sub-md/${role}-${i}.md` + desc/`:113` reference `run.md+sub-md/+harvest/`. The 2026-06-18 `h10-flat-detector-refine` (supersedes-part-of checklist-9-10 §C1/C2/C8) mandates FLAT files-one-level distinguished BY FILENAME, no subdirs. Disk confirms subfolder: `runs/2026-06-18-h10-invest/` has `harvest/`+`sub-md/` dirs (not flat). **GAP-2: SE adopted checklist v1 NOT v2** (`broadcasts/outbox/ai_infra/2026-06-18-...checklist-adopted.md:16` cites `2026-06-16-Governance-checklist-harness-9-10` = v1, no `-v2`). **UNADOPTED broadcasts (2 confirmed PENDING):** `2026-06-18-h10-flat-detector-refine` + `2026-06-18-checklist-harness-9-10-v2`. NO other newer (last outbox/all = these two; SE outbox last report = 2026-06-18 v1). **C3 two-level VERIFIED:** `git check-ignore runs/` exit=1 (NOT-ignored, neg `!.claude/**` :83) + `git ls-files runs/` = 22 files committed. `wave-x/wave.md` check-ignore exit=0 (still gitignored :93). **sleep-recovery-memory-l2 = AI_INFRA-internal** (`AI_INFRA/.claude/commands/sleep-recovery-memory-l2.md` + `docs/architecture/MEMORY-SLEEP-RECOVERY-L2-DESIGN-v3.md:scope` "CHỈ L2, KHÔNG sister"; NOT in outbox/all — only its Harness-9 broadcast form is, already adopted S70). NOT a sister obligation. **SE already does equivalent FULLY** (not ad-hoc): `memory-budget.json` (caps seeded-by-measure `scripts/measure-agent-memory.ps1`) + 4× `archive/_INDEX.md` + 4× `*.gist.md` (`distill-gen:2` counter) + `.ragignore` (exclude index/gist). Tag `[s71, harness8-audit, hmw-flat-gap, checklist-v1-not-v2, sleep-recovery-ainfra-internal, gist-additive-done]`.
- **[→ git pre-S60]** S60 recon#2 V2-engine-map (ApprovalWorkflow.cs Step/Level Order 1-based per-step; OR-of-N=N rows cùng Order service GroupBy:475; ApproveV2Async:446-634 guard+UPSERT+advance; notify DRAFTER-only:748; skipToFinal F2:561-602 = precedent advance-không-ghi-opinion) · S60 PE Section-3 submit-guard (submit path POST/pe/{id}/transitions→TransitionAsync:38 ROLE-only guard NO data-check; Section-3 mục a/b/c/d map — SUPERSEDED bởi S65ter post-Mig50 Budget-drop; test mirror PurchaseEvaluationWorkflowServiceGuardTests). Full text git.
- **2026-06-16 (S65bis recon — Employee profile master-detail vs NamGroup, on-disk):** ⭐ **STALE-PREMISE CORRECTION:** fe-user `/employees` KHÔNG list-only — `hrm/EmployeesListPage.tsx` (1201 LOC) ĐÃ master-detail 2-panel (filter sidebar :117 + list table :197 + inline detail :234) với **6 collapsible section** (`<details>` :1157, KHÔNG tab) + 5 satellite inline CRUD (WorkHistory/Education/FamilyRelation/Skill/Document, `setEditing{X}Id`+`adding{X}` mutex pattern 12-ter S35). **fe-admin == fe-user `diff -q` IDENTICAL** (SHA256 same). **Entity gần đủ screenshot:** `Domain/Hrm/EmployeeProfile.cs` (137 LOC) CÓ: DOB/Gender/Ethnicity/Religion/Nationality/Height/Weight(:98-99)/IdCard(số+ngàycấp+nơicấp :52-54)/permanent+temporary addr/phone/personalEmail/code/hireDate/qualification/salary(Base+Total)/bank/4×leave-days. **THIẾU vs screenshot:** (a) BloodType CÓ nhưng "sức khỏe loại" (health-grade A/B/C) KHÔNG; (b) thâm niên = DERIVED từ HireDate (no column); (c) chức danh = `User.Position`/`PositionLevel` (Identity, KHÔNG ở EmployeeProfile) — list/detail JOIN Users (`EmployeeFeatures.cs:467`); (d) "lương BHXH/phụ cấp" tách riêng KHÔNG có (chỉ Base+Total); đơn vị=DepartmentName JOIN. **5 satellite entity + 15 endpoint FULL** (`EmployeesController.cs:75-233` 5 region×Create/Update/Delete; GET detail Include cả 5 :455-459). Skill polymorphic gộp 3 NamGroup table (Computer/Language/Other Kind :69). **GAP THẬT:** (1) **NO org-tree**`Department.cs` FLAT (Code/Name/ManagerUserId/Note, KHÔNG ParentId), `DepartmentsController` chỉ GET list+byId (NO /tree), KHÔNG endpoint count-per-dept → cây trái + badge phải build CLIENT-side group-by departmentId từ list; (2) **5-tab layout** screenshot = 6-section `<details>` hiện tại (re-skin UI, data đủ); (3) "Hợp đồng lao động" tab = chỉ có `EmployeeDocument` type=LaborContract(5), KHÔNG entity HĐLĐ riêng (3 HĐLĐ table DEFER Plan H2 per `EmployeeProfile.cs:10`). **NamGroup source:** `D:\...\NAMGROUP\SOURCECODE_CÔNG_TY\` find .tsx/.razor = 0 hit (KHÔNG phải React/archived) — RAG `proj_namgroup_main` 0 component; tham khảo layout = screenshot anh gửi, KHÔNG có code mirror trực tiếp. ⇒ **Wire-lại-là-xong:** data + API + satellite CRUD 100% sẵn. **Build mới:** Department.ParentId migration + /tree + count endpoint (nếu muốn org-tree thật thay client-group). **Re-skin:** 6-section→5-tab + avatar header. **No new field bắt buộc** trừ health-grade nếu anh cần. Tag `[s65bis, employee-profile, master-detail-EXISTS, dept-flat-no-tree, stale-list-only-corrected]`.
- **2026-06-17 (S69 recon — NamGroup "PURO" digital-office layout, CROSS-REPO `D:\...\NAMGROUP\`):** ⭐ **PURO = UI design-language/skin (ref ERP demo.purocorp.vn), KHÔNG phải app riêng** — NamGroup mirror sidebar/typography của nó (comments `InternalLayout.tsx:33,74,109,200,332` "PURO exact spec"). Digital-office sống trong `namgroup.client/` (app NV; admin = config-only). **Shell = `components/layout/InternalLayout.tsx`** (724L): sidebar trái fixed h-screen + `<main flex-1 overflow-auto p-2.5..lg:p-4>` :609 chứa `<Outlet/>`. Sidebar = **`navTree` hardcoded array :76-122** (KHÔNG DB), flat 2-tier group→leaf, 4 group: **"Văn phòng số" :90-100 = 6 leaf** {Danh bạ `/danhba` · Phòng họp `/phonghop` · Đề xuất `/dexuat` · Đơn từ `/dontu` · Đặt xe công `/xecong` · Ticket CNTT `/ticket`}; + Nhân sự(3) + Cá nhân{Chấm công}(1) + Hệ thống(5). Routing = `App.tsx:81-140` flat `<Route element={InternalLayout}>` > `<RouteGuard>` (perm) > index=HomePage. **Landing `/` = `internal/HomePage.tsx`** (296L): grid 2-col (LEFT 2/3 stack 4 WidgetCard: Đề xuất/Nghỉ phép/Bình luận/Truyền-thông · RIGHT 1/3 Công-việc-của-tôi); WidgetCard = gradient-blue header + inline stat-chips + body/EmptyState (shared comp tại :219). **Layout pattern mỗi feature (KHÔNG dùng tab — dùng KpiCard-row + view-toggle):** (a) `<PageHeader>` shared (icon-badge accent + breadcrumb + actions slot, `components/shared/PageHeader.tsx`); (b) **KPI stat-cards clickable filter** (DeXuat :1643 6-card / Ticket :197 5-card — "PURO KPI cards" comment); (c) body = **list-table** (DeXuat/Ticket: `<table>` master + right detail panel grid-cols-3) HOẶC **list↔calendar ViewToggle** (DonTu :683 + XeCong + PhongHop: custom month-grid Sun-Sat, NO FullCalendar — comment :PhongHop "saves install friction"); DanhBa = dept-tree trái + card-grid phải. **Shared comp tái dùng:** PageHeader · DataTable · KpiCard · CrudToolbar · ActionLogList · DatePickerVN · MasterDataPage · DonutChart/MiniBarChart (`components/shared/` 16 file). **Top files mirror:** InternalLayout.tsx(shell+nav) · HomePage.tsx(dashboard) · PageHeader.tsx · DeXuatPage.tsx(1676 KPI+table+detail) · DonTuPage.tsx(1269 +DonTuCalendar.tsx toggle) · XeCongPage/PhongHopPage(month-grid) · TicketPage.tsx(595) · DanhBaPage.tsx(756 tree+grid) · ChamCongPage.tsx(809). ⚠️ Style/màu lấy chỗ khác per task — chỉ structure. SE đã có analog (fe-user `InternalLayout`/office pages) nhưng layout khác (deep-nested vs PURO flat). Tag `[s69, namgroup-puro-recon, digital-office-layout, hardcoded-navtree, kpicard-not-tab, cross-repo]`.
- **2026-06-16 (S66 recon — mirror Hồ sơ NS fe-user→fe-admin, on-disk):** ⭐ **VERDICT (B): vá `fe-admin/src/index.css` TRƯỚC rồi cookie-cutter SẠCH.** Copy page thuần = VỠ MÀU. **fe-admin index.css = 86 dòng (chốt `7feb53e`, TRƯỚC redesign S58 `e959f72`/`c98030f`) → THIẾU:** 4 accent palette `teal/amberx/violet/greenx` (mỗi cái 50/100/500/600/700) + 3 utility `.icon-chip`/`.app-gradient-brand`/`.card-accent`/`.stat-value`. **CÓ SẴN:** `--color-brand-50..900` (hex y hệt fe-user, incl brand-800 #175685 :15), `.label-eyebrow` :54, font Be Vietnam Pro :22. ⚠️ heading-weight CẦN CHECK (fe-user S66 `h1-h4 font-weight:700 color:#0b1220`; fe-admin có thể còn 600). **Page fe-user phụ thuộc THẬT:** text-brand-800 ×9, teal/amberx/violet/greenx-50/500/700 ×4 mỗi, icon-chip ×3, app-gradient-brand ×1. **Wiring fe-admin ĐỦ SẴN (0 đụng):** route `/employees`+`/new` `App.tsx:82-83` · `EmployeeCreatePage.tsx` **identical** (diff rỗng) · menu `Hrm_HoSo` `menuKeys.ts:33`+staticMap `Layout.tsx:53`. **Lib parity ✅:** ui/{Input,Select,Textarea,Button} prop-sig **identical** (HTMLAttributes passthrough, content khác chỉ className=chủ ý non-breaking) · EmptyState/cn/api/apiError ✅ · `types/employee.ts` **identical** · Paged `types/master` ✅ · `DepartmentTreeNode` định nghĩa INLINE trong page (:65 mirror BE DepartmentTreeNodeDto, đi theo copy — không cần type file). **KHÔNG khác chủ ý admin/user** — mirror y hệt như S35 (`9616ae2`/`c3cd343` cùng commit 2 app); write Admin-gated ở BE controller. **Cấu trúc:** admin=1200 dòng (S35 cũ, 2-panel + 5 `<details>` + 5 satellite mutex); user=1602 dòng (redesign: cây "SOLUTION COMPANY" đệ quy + list cột trái dọc · detail phải 5 tab accent + avatar gradient). **Scope: 3 file** = index.css (chèn ~40 dòng token+class block từ fe-user :29-51+:100-160) + overwrite EmployeesListPage.tsx (import path KHÔNG chỉnh, đều `@/`) + (tùy chọn heading-700). KHÔNG đụng route/menu/types/primitives/CreatePage. Tag `[s66, mirror-employee-page, accent-token-missing-fe-admin, verdict-B, cookie-cutter-after-css]`.
- **2026-06-16 (S65ter recon — Mục E "Link hồ sơ" phiếu PE, on-disk):** ⭐ Anh Kiệt: chèn mục E "Link hồ sơ" NGAY DƯỚI mục D "Bản so sánh". **Render 4 file** (SHA256-identical 2 app): `components/pe/PeDetailTabs.tsx` (detail+edit, 2770 LOC) + `PeWorkspaceCreateView.tsx` (create) × {fe-user,fe-admin}. KHÔNG tabs — 5 `<Section>` dọc, tiêu đề "1./2./3./4." + sub-item chữ thường "a./b./c./d." (label cột trái w-44). **Mục D ∈ Section "3. Đơn vị NCC/TP" = `ChonNccSection`** (`PeDetailTabs.tsx:1302-1375`): a.NCC(:1321) · b.Tổng hợp NS trình ký(:1324 `PeBudgetSummaryTable` — S61 thay Budget) · c.Giá chào thầu(:1326 auto) · **d.Bản so sánh(:1337-1348)** = `GeneralAttachmentsSection`(:2613) upload N FILE filter `supplierId===null` purpose=ComparisonTable(4). **INSERT E: `PeDetailTabs.tsx:1348`** (sau `</div>` mục D, trước paymentTerms :1350); mẫu = block :1337-1348. Create: `PeWorkspaceCreateView.tsx:277` (sau FormRow d). **BE: `PurchaseEvaluation.cs`(:1-72) KHÔNG có field URL** — DiaDiem/MoTa/PaymentTerms semantic khác. 1 link → `string? HoSoLink`(1000)+Mig AddColumn+cmd+DTO+validator; nhiều link → entity con `PurchaseEvaluationLink`+CREATE TABLE+CRUD (nặng). **Attachment KHÔNG reuse URL**`PurchaseEvaluationAttachmentFeatures.cs:18-55` IFormFile thuần (FileSize>0+ContentType whitelist+IFileStorage). Mục D multi-row → E nên multi-row đối xứng. ⚠️ Surprise: comment :1314 nói "purpose=ComparisonTable hoặc supplier-row null" SAI — filter thực :1315-17 CHỈ `supplierId===null`. Tag `[s65ter, pe-section-e-link, attachment-file-only, insert-1348]`.
- **2026-06-16 (S65 recon — public HRM module for all-role, on-disk):** ⭐ **Mục 6 CRITICAL (gotcha #44 family) RESOLVED-FAVORABLE:** `EmployeesController.cs:23-25` = class `[Authorize(Policy="Hrm_HoSo.Read")]` (NOT `Roles="Admin"`) + per-action `Hrm_HoSo.{Create/Update/Delete}` (:45/:54). Policy resolves THROUGH permission matrix (`MenuPermissionHandler.cs:40-52` baseQuery role×menuKey CanRead; Admin-bypass :27) → seed CanRead row = API ALSO unlocked, NO 403. `HrDashboardController.cs:8-11` = `[Authorize]` any-auth only (`/api/hr/dashboard`). GET list = `/api/employees` (:28). ⇒ **seed BE permission ĐỦ, không cần đụng controller.** **Menu keys dưới `Hrm` (prefix THẬT = `Hrm_`):** root `Hrm`="Nhân sự" parent=null Order=28 (`DbInitializer.cs:1805`); `Hrm_Dashboard`="Dashboard NS" parent=Hrm Order=1 (:1850); `Hrm_HoSo`="Hồ sơ Nhân sự" parent=Hrm Order=2 (:1806). Hrm_Config* (6 leaf: LeaveTypes/Holidays/Shifts/OtPolicies/Vehicles/Drivers) parent=**Master** Order=25 (S57 re-parent :1812 — KHÔNG dưới Hrm). **Revoke (Mục 2):** `RevokeTemporarilyHiddenModulesAsync` :2151 — match `StartsWith("Hrm")||StartsWith("Off")||==Personal` AND role!=Admin AND any-flag-true (:2162-67) → set 4 cờ CRUD=false. ⚠️ **THỨ TỰ: gọi CUỐI CÙNG `:2040` trong SeedAsync, SAU grant `:2033`** → revoke THẮNG mọi grant trước nó. Mở Hrm = phải (a) sửa revoke loại trừ Hrm_HoSo/Hrm_Dashboard HOẶC (b) thêm grant SAU :2040. **Pe pattern (Mục 3):** `SeedAllRolesReviewReadPermissionsAsync:2055``roleManager.Roles.ToListAsync():2090` loop ALL role × reviewKeys, upsert CanRead (+CanCreate cho Pe_*), additive idempotent (skip-existing non-Pe :2115). **Seed entity (Mục 4):** `Permission`(RoleId,MenuKey,4 CRUD); idempotent = app-level skip per (RoleId,MenuKey); **13 role** `AppRoles.All` (Admin/Drafter/DeptManager/ProjectManager/Procurement/CostControl/Finance/Accounting/Equipment/Director/AuthorizedSigner/HrAdmin/CatalogManager). `Hrm_HoSo`+`Hrm_Dashboard` ĐỀU ∈ `MenuKeys.All:153,160` (khác Pe_* leaf NOT in All). **FE (Mục 5):** menu-tree-API-driven via `GetMyMenuTreeQuery.cs` (`/api/menus/me`); Hrm NOT inherit-root (chỉ 4: Contracts/Workflows/Pe/PeWf :51-59) → MỖI leaf cần CanRead row riêng, NHƯNG root `Hrm` auto-hiện nếu child có access (`HasAccess:96` CanRead OR child). `Layout.tsx:145 USER_HIDDEN_KEYS`={System,Users,Roles,Permissions,Forms,Reports} — KHÔNG chứa Hrm → fe-user auto-render; `staticMap Hrm_HoSo→/employees :75`, `Hrm_Dashboard→/hr/dashboard :104`. NO PermissionGuard per-route fe-user. ⇒ **chỉ seed BE, FE tự hiện.** Tag `[s65-recon, public-hrm, policy-based-authz-not-roles, revoke-runs-last]`.
- **[→ archive/2026-06.md + git]** S52 P11-D/E/F 6-gap recon (IT-pool absent → S56 corrected: dept IT exists 0 user · SlaExpiryJob HostedService DI:46 pattern · OtPolicy 3-multiplier · ClosedXML exporter reuse · Attendance API cá nhân-only · FE skeleton state — full text git pre-S60) · S50 P11-C HrmConfigs add-kind 11-chỗ pattern · S50 wave h2-verify B6 gitignore ordering + POSIX-not-pwsh (curated S57bis) · S51 gotcha #57 EXT reachability 3-Master-fix/3-skip global-filter-makes-bug (curated S59).
- **Archived S29-S37 → `archive/2026-05-q4.md` + git d2f52ba (S40 curate):** S36 G-O2 Phòng họp clean-room + FullCalendar v6 MIT eval · S36 startup MEMORY-size audit · S35 G-H2 HRM clean-room verdict · S33 G-H1 NamGroup TblNhanVien 10-bảng (105 cols main) · S33 startup RAG verify · S32 Plan G 11-module backlog · S29 Plan CA+B pre-flight (3 patterns: 9-menu terrain, V1+V2 coexist, reference-template-paths cite line-range ROI). KEY absorbed: **clean-room > NamGroup port verified 4×** · Pattern 12-bis cross-module mirror · FK+freetext dual-write.
- **2026-06-18 (S71 audit — Harness-9 PART B adap-2workflow trung-thuc, on-disk):** ⭐ **VERDICT B substantially-LANDED, ZERO nac-inflation (reports UNDER-state via honest hedge).** B1/B2 ok-runtime: 2 adap cycle ran SEPARATE workflows distinct run-id — S70 impl `wf_a58e0d15-beb`≠audit `wf_9520d8cd-4fe`; S71 impl `wf_e4e46725-231`≠review `wf_636bc95b-939` (review caught real C5-L1 over-claim impl-self-check missed). B2.5 ok: reverse-findings non-empty both reports (3+4 items)+both emails. B3 ok: 2 emails `broadcasts/outbox/ai_infra/{2026-06-17,2026-06-18}-se-to-ai_infra-*.md` carry true-nac+findings+BOTH run-ids. B4 **partial/convention-met**: rule codified `adap-apply.md:38` (short-but-confirm→review) BUT no runtime instance (no short-decision task arose S70/S71) → pure-convention, lead-discipline. ⚠️ **3 PRECISION-flaws (not protocol-gap):** (1) reviewer-agent StructuredOutput unreliable both sessions → em-main self-gate git/sha (disclosed, valid-branch per feedback memory). (2) **PATH-TRAP:** S71 report/email self-verify cited bare `git ls-files runs/`=14 — WRONG; actual = `.claude/workflows/runs/` (22 tracked files, 5 runs: invest/implement/review + h910-finalize `wf_73de399d-753` + h910-curate `wf_f32987b8-03f`). Auditor running bare `runs/` from repo-root gets 0 → false "not-committed". Folder genuinely committed `8c47bd0` + NOT-ignored at correct path. (3) hmw.js RUN-TRACE runtime honest-flagged pending-restart. adap-apply.md:33-36 codify 2-workflow mandate (auto-loaded). Tag `[s71-audit, harness-9-partB, adap-2workflow, path-trap-runs-folder, b4-convention-gap, no-nac-inflation]`.
---
## 🔄 Curate trigger
- >~30KB → archive recent → L2 `archive/<period>.md`. Stale >3mo → remove.
- **Last curate: 2026-06-17 S70 Harness-9 (em-main + Stage-B workflow)** (47.0→24.1KB): L2 dark-matter recovery — 15 entries`archive/2026-06.md` (additive) + 3 oldest → NEW `archive/2026-05-q4.md` (was git-only d2f52ba) + `_INDEX.md` (substring sha-keyed) + `2026-0{5,6}.gist.md` (distill-gen:1). Also Stage-A recon actor (`wf_be952f3c-97f` — substring-pointer-design decision). 0-byte-loss verified (em-main self-gate, reviewer no-StructuredOutput). Prev: S40 (35.7→~20KB q4+d2f52ba) · S34 q3 · S22 q1.
- **Last curate: 2026-06-18 S71 Harness-9 L1→L2 (auto-inject 25600B cap)** (29.8→23.2KB): FIFO-trimmed 3 oldest 2026-06-16 entries (S66/S65ter/S65)`archive/2026-06.md` (additive +6 -0, md5 `cedc21eb…` byte-exact) + 3 rows `_INDEX.md` (unique substring) + 3 4-field gist `2026-06.gist.md` (distill-gen:1→2, 15→18 records). 0-byte-loss verified (numstat additive + md5 match). Kept S65bis/S69/S71. Prev: S70 (47.0→24.1KB dark-matter recovery) · S40 (35.7→~20KB) · S34 q3 · S22 q1.

10
.claude/agent-memory/investigator-codebase/archive/2026-06.gist.md
View File

@ -1,8 +1,8 @@
# Gist 2026-06 — investigator-codebase (2026-06.md distilled)
> `distill-gen: 1` (already-distilled — do NOT re-compress).
> `distill-gen: 2` (already-distilled — do NOT re-compress).
> 4-field per record: **VIỆC** · **KẾT-LUẬN** (+file:line) · **BÀI-HỌC** · **BẤT-NGỜ**. Same-topic merged. Confidence cao/vừa/thấp.
> Each line ends with a back-resolve `substring:"…"` (unique Ctrl-F) into `2026-06.md`. Covers all 15 records (3 S57bis-era + 12 moved here by Harness-9 curate 2026-06-17).
> Each line ends with a back-resolve `substring:"…"` (unique Ctrl-F) into `2026-06.md`. Covers all 18 records (3 S57bis-era + 12 moved by Harness-9 curate 2026-06-17 + 3 S65-series moved by S71 curate 2026-06-18).
> 22-marker coverage gate satisfied across this + 2026-05.gist.md.
---
@ -18,6 +18,7 @@
- **[cao] BE authz split — Master write-open** · VIỆC: assess making modules visible to all roles (blocks A/B/E/F). KẾT-LUẬN: config controllers gate WRITE behind `[Authorize(Roles="Admin")]`, READ open (HrmConfigs/Catalogs/MeetingRooms) → FE-grant is pure UI-visibility there. **BUT Master 3 controllers = class `[Authorize]` ONLY, no per-action role: `SuppliersController.cs:17`, `ProjectsController.cs:11`, `DepartmentsController.cs:11` — ANY authed user can POST/PUT/DELETE via API** (FE menu is the only gate). **S55 prod data lives in `SeedRealMasterDataAsync :2267-2460` → Projects(62 :2270), WorkItems(71 :2430-2438), Suppliers(3 :2440-2456), all ungated idempotent.** BÀI-HỌC: making Suppliers/Projects/Departments visible-to-all needs `[Authorize(Roles="Admin,CatalogManager")]` or the staff can overwrite S55 master data. 10 departments now (9 + IT); 31 demo users, none zero-role. · 2026-06.md · substring:"S57 perm-broaden blocks A/B/E/F"
- **[cao] seed model — no per-employee default Read** · VIỆC: blocks C/D recon. KẾT-LUẬN: `SeedAdminPermissionsAsync DbInitializer.cs:1939-1977` loops MenuKeys.All CRUD=true (skip-existing); 2 sub-seeders give 7 roles Read+Update on PE keys and CatalogManager full-CRUD 9 master keys. **NO generic per-employee Read seed → a plain Drafter sees ONLY PE keys; most non-admin staff see ~nothing but PE.** 4 inherit-roots (Contracts/Workflows/PurchaseEvaluations/PeWorkflows) cascade root→child; Hrm/Off/Master NOT inherit (each leaf needs own row). BÀI-HỌC: grant-all pattern = mirror CatalogManager seeder but loop ALL 13 roles × key-set, CanRead-only, inserted AFTER the catalog seeder. · 2026-06.md · substring:"S57 perm-broaden RECON blocks C/D"
- **[cao] menu seed = UPSERT that re-sets Order** · VIỆC: menu reorder cross-repo SE↔NAMGROUP. KẾT-LUẬN: SE menu = `SeedMenusAsync DbInitializer.cs` tuple-list; **seed UPSERT re-sets Order (`:1845-1871`) → reordering in code propagates to Dev/prod next deploy, NO migration; but Label/ParentKey/Icon are NOT touched on existing rows → rename needs a separate labelBackfill dict**. Order = BE-only (`GetMyMenuTreeQuery.cs:35 OrderBy`); both FE render menu as-is → no FE edit for pure reorder. BÀI-HỌC: **HR is SCATTERED across 2 roots**`Hrm` (Hồ sơ+Config+Dashboard) and transactional HR under `Off` (DonTu/DatXe/ChamCong/AttendanceReport). BẤT-NGỜ: NAMGROUP "Puro" = hardcoded FE array (NOT DB seed), index=order, flat single links vs SE deep-nested. · 2026-06.md · substring:"menu-order cross-repo recon SE↔NAMGROUP"
- **[cao] public-HRM for all-role — seed-only** · VIỆC: open HRM module (Hồ sơ/Dashboard) to every role. KẾT-LUẬN: **`EmployeesController.cs:23-25` is `[Authorize(Policy="Hrm_HoSo.Read")]` (NOT `Roles="Admin"`) — policy resolves THROUGH the permission matrix (`MenuPermissionHandler.cs:40-52`), so seeding a CanRead row also unlocks the API, NO 403** → seed BE permission is enough, no controller edit; FE auto-renders (menu-tree API-driven, `Hrm` NOT in `USER_HIDDEN_KEYS`, root auto-shows if a child has access). **`Hrm_HoSo`+`Hrm_Dashboard` ARE in `MenuKeys.All` (unlike Pe_* leaves); 13 roles in `AppRoles.All`.** BÀI-HỌC: Pe-style grant-all = `SeedAllRolesReviewReadPermissionsAsync :2055` loops all roles × keys, upsert CanRead, idempotent. BẤT-NGỜ: **`RevokeTemporarilyHiddenModulesAsync` is called LAST `:2040` in SeedAsync (after the grant `:2033`) and wipes CRUD on every `StartsWith("Hrm")||"Off"||==Personal` non-Admin row → it BEATS any earlier grant; opening Hrm needs either excluding Hrm_HoSo/Dashboard from the revoke OR granting AFTER :2040.** · 2026-06.md · substring:"S65 recon — public HRM module for all-role"
## Prod facts / census / wipe
@ -31,6 +32,11 @@
- **[vừa] FE-redesign Phase-2 recon** · VIỆC: 25-page redesign audit. KẾT-LUẬN: NOT a rewrite — S55 already redesigned ui-primitives+DataTable+shell so importers auto-inherit density; hover-hidden quick-win ~absent (only 1 real `opacity-0`×group-hover site, excluded); only 5/25 use `<DataTable>` (12 roll raw `<table>`); 3 Drawer candidates (Suppliers/Projects/Users-create); **no `Drawer.tsx` exists yet**; bậc-thang inline-edit reference already exists (`EmployeesListPage.tsx`). BÀI-HỌC: effort mostly S (auto-inherit) + a few M (Drawer/bậc-thang). · 2026-06.md · substring:"S56 Phase 2 FE-redesign RECON — 25 page audit"
- **[cao] master-data Excel-import recon** · VIỆC: import 3 masters from Excel. KẾT-LUẬN: **WorkItem/"Hạng mục" master EXISTS** (`Domain/Master/Catalogs/WorkItem.cs`, full CRUD) — no new table needed; PE detail is pure free-text (no FK→WorkItem); **Project MISSING Year/Investor/Location/Package (only Note free-text)**; Supplier MISSING Status/bank-acct/legal-rep + "Cả hai" unmappable (Type single-valued); seed = idempotent `existingCodes.Contains→skip`; **no bulk import (Master is single-CRUD, POST one-at-a-time)**. BÀI-HỌC: nạp via idempotent DbInitializer mirror (NOT API loop) → reaches prod by design. BẤT-NGỜ: SeedDemoMasterData + SeedCatalogs run REGARDLESS of `DemoSeed:Disabled` (outside the if-block) → real+demo data mix on prod unless gated. · 2026-06.md · substring:"S55 master-data Excel-import recon"
## FE mirror / UI-insert recon
- **[cao] mirror Hồ sơ-NS fe-user→fe-admin = patch CSS first** · VIỆC: replicate the redesigned employee page from fe-user into fe-admin. KẾT-LUẬN: **VERDICT B — a plain page-copy BREAKS COLORS; must patch `fe-admin/src/index.css` FIRST then cookie-cutter.** fe-admin index.css = 86 lines (pinned `7feb53e`, pre-S58 redesign) → **missing 4 accent palettes (teal/amberx/violet/greenx, each 50/100/500/600/700) + utilities `.icon-chip`/`.app-gradient-brand`/`.card-accent`/`.stat-value`**; brand-50..900 hex already present (incl brand-800 #175685). The fe-user page really depends on text-brand-800 ×9, the 4 accents ×4 each, icon-chip ×3, app-gradient-brand ×1. **Wiring already complete in fe-admin (0 changes): route, identical `EmployeeCreatePage.tsx`, menu `Hrm_HoSo`+staticMap; ui-primitives/types/api all parity.** Scope = 3 files (index.css insert ~40 lines + overwrite EmployeesListPage.tsx + optional heading-700). BÀI-HỌC: mirror exactly like S35 (both apps committed together); write stays Admin-gated at BE. · 2026-06.md · substring:"S66 recon — mirror Hồ sơ NS fe-user"
- **[cao] PE Section-E "Link hồ sơ" insert point** · VIỆC: add mục E "Link hồ sơ" right under mục D "Bản so sánh" in the PE form. KẾT-LUẬN: render in 4 files (SHA256-identical 2 apps): `components/pe/PeDetailTabs.tsx` + `PeWorkspaceCreateView.tsx` × {fe-user,fe-admin}; NOT tabs — 5 vertical `<Section>`. **Mục D lives in `ChonNccSection` (`PeDetailTabs.tsx:1302-1375`), d.Bản so sánh at :1337-1348 = `GeneralAttachmentsSection` upload filtered `supplierId===null` purpose=ComparisonTable. INSERT E at `PeDetailTabs.tsx:1348` (after mục D's `</div>`, before paymentTerms :1350); create-view at `PeWorkspaceCreateView.tsx:277`.** **BE `PurchaseEvaluation.cs` has NO URL field — 1 link = add `string? HoSoLink`(1000)+Mig+cmd+DTO+validator; many links = child entity (heavy).** BÀI-HỌC: attachments are IFormFile-only (`PurchaseEvaluationAttachmentFeatures.cs:18-55`) — cannot reuse for a URL. BẤT-NGỜ: comment :1314 claims "purpose=ComparisonTable OR supplier-row null" but the real filter :1315-17 is ONLY `supplierId===null`. · 2026-06.md · substring:"S65ter recon — Mục E"
## Governance / wave / harness
- **[vừa] Harness 1/2/3 adap-apply recon** · VIỆC: apply AI_INFRA broadcast. KẾT-LUẬN: roster 8→10 (+tooling-auditor H1, +harvest-curator H2); SE `hmw.js` is pre-wave (AI_INFRA = canonical); email id authoritative = `se`; `git check-ignore -v` = ground-truth B6 (wave patterns must sit AFTER `!.claude/**` last-match-wins). BÀI-HỌC: git-diff + chunk-count = defense-in-depth (caught 1 self-MEMORY write, 0 RAG-write). · 2026-06.md · substring:"Harness 1/2/3 adap-apply recon — 3 slice"

6
.claude/agent-memory/investigator-codebase/archive/2026-06.md
View File

@ -33,3 +33,9 @@
- **2026-06-11 (S57bis PE recon — 4 đầu việc sếp, on-disk):** ⭐ PE entity NO Year, NO WorkItem link (`PurchaseEvaluation.cs:15` ProjectId req; Detail free-text `PurchaseEvaluationDetail.cs:10-13`). Create cmd `PurchaseEvaluationFeatures.cs:19-30`; MaPhieu gen-AT-CREATE `:114-116` format `PE/{YYYY}/{A|B}/{Seq:D3}` (`PurchaseEvaluationCodeGenerator.cs:23`). Main create UI = `PeWorkspaceCreateView.tsx` (:151 workflow-select isUserSelectable ĐẦU TIÊN → tenGoiThau → projectId → DiaDiem → MoTa → PaymentTerms → budget; canSubmit :129 = wf+project+ten). PE controller class-`[Authorize]` ONLY no policy → mở menu là đủ, no silent-403. Pe_* leaves NOT in `MenuKeys.All` (chỉ root :156); PE defaults 7 role × 11 key (root + 2type×{group,WfView,List,Create,Pending}) `DbInitializer.cs:2098-2160`. S57 `SeedAllRolesReviewReadPermissionsAsync:1993-2001` InReviewScope EXCLUDES Pe; extend đúng = `key == MenuKeys.PurchaseEvaluations` EXACT (prefix "Pe" sẽ dính PeWorkflows admin!) — root inherit cascade (`GetMyMenuTreeQuery.cs:49-82`). Demo gate: prod `appsettings.json:35 DemoSeed:Disabled=true` → 7 `[DEMO]` HĐ + 4 `[DEMO]` PE (MaPhieu `[DEMO]-A-001`) KHÔNG lên prod; UNGATED trên prod = 31 users + 18 demo NCC + 8 demo project (:2244-2315) + real 62/71/3 (:2329-2522). ⚠️ Clear-demo gotcha: seed re-add per-code idempotent MỖI startup → xóa DB-only sẽ resurrect, phải gỡ khỏi DbInitializer code. WorkItem write Admin-only (`CatalogsController:113-130`) — CatalogManager có menu-perm nhưng API write bị chặn. Tag `[s57bis, pe-recon, demo-inventory]`.
- **2026-06-16 (S66 recon — mirror Hồ sơ NS fe-user→fe-admin, on-disk):** ⭐ **VERDICT (B): vá `fe-admin/src/index.css` TRƯỚC rồi cookie-cutter SẠCH.** Copy page thuần = VỠ MÀU. **fe-admin index.css = 86 dòng (chốt `7feb53e`, TRƯỚC redesign S58 `e959f72`/`c98030f`) → THIẾU:** 4 accent palette `teal/amberx/violet/greenx` (mỗi cái 50/100/500/600/700) + 3 utility `.icon-chip`/`.app-gradient-brand`/`.card-accent`/`.stat-value`. **CÓ SẴN:** `--color-brand-50..900` (hex y hệt fe-user, incl brand-800 #175685 :15), `.label-eyebrow` :54, font Be Vietnam Pro :22. ⚠️ heading-weight CẦN CHECK (fe-user S66 `h1-h4 font-weight:700 color:#0b1220`; fe-admin có thể còn 600). **Page fe-user phụ thuộc THẬT:** text-brand-800 ×9, teal/amberx/violet/greenx-50/500/700 ×4 mỗi, icon-chip ×3, app-gradient-brand ×1. **Wiring fe-admin ĐỦ SẴN (0 đụng):** route `/employees`+`/new` `App.tsx:82-83` · `EmployeeCreatePage.tsx` **identical** (diff rỗng) · menu `Hrm_HoSo` `menuKeys.ts:33`+staticMap `Layout.tsx:53`. **Lib parity ✅:** ui/{Input,Select,Textarea,Button} prop-sig **identical** (HTMLAttributes passthrough, content khác chỉ className=chủ ý non-breaking) · EmptyState/cn/api/apiError ✅ · `types/employee.ts` **identical** · Paged `types/master` ✅ · `DepartmentTreeNode` định nghĩa INLINE trong page (:65 mirror BE DepartmentTreeNodeDto, đi theo copy — không cần type file). **KHÔNG khác chủ ý admin/user** — mirror y hệt như S35 (`9616ae2`/`c3cd343` cùng commit 2 app); write Admin-gated ở BE controller. **Cấu trúc:** admin=1200 dòng (S35 cũ, 2-panel + 5 `<details>` + 5 satellite mutex); user=1602 dòng (redesign: cây "SOLUTION COMPANY" đệ quy + list cột trái dọc · detail phải 5 tab accent + avatar gradient). **Scope: 3 file** = index.css (chèn ~40 dòng token+class block từ fe-user :29-51+:100-160) + overwrite EmployeesListPage.tsx (import path KHÔNG chỉnh, đều `@/`) + (tùy chọn heading-700). KHÔNG đụng route/menu/types/primitives/CreatePage. Tag `[s66, mirror-employee-page, accent-token-missing-fe-admin, verdict-B, cookie-cutter-after-css]`.
- **2026-06-16 (S65ter recon — Mục E "Link hồ sơ" phiếu PE, on-disk):** ⭐ Anh Kiệt: chèn mục E "Link hồ sơ" NGAY DƯỚI mục D "Bản so sánh". **Render 4 file** (SHA256-identical 2 app): `components/pe/PeDetailTabs.tsx` (detail+edit, 2770 LOC) + `PeWorkspaceCreateView.tsx` (create) × {fe-user,fe-admin}. KHÔNG tabs — 5 `<Section>` dọc, tiêu đề "1./2./3./4." + sub-item chữ thường "a./b./c./d." (label cột trái w-44). **Mục D ∈ Section "3. Đơn vị NCC/TP" = `ChonNccSection`** (`PeDetailTabs.tsx:1302-1375`): a.NCC(:1321) · b.Tổng hợp NS trình ký(:1324 `PeBudgetSummaryTable` — S61 thay Budget) · c.Giá chào thầu(:1326 auto) · **d.Bản so sánh(:1337-1348)** = `GeneralAttachmentsSection`(:2613) upload N FILE filter `supplierId===null` purpose=ComparisonTable(4). **INSERT E: `PeDetailTabs.tsx:1348`** (sau `</div>` mục D, trước paymentTerms :1350); mẫu = block :1337-1348. Create: `PeWorkspaceCreateView.tsx:277` (sau FormRow d). **BE: `PurchaseEvaluation.cs`(:1-72) KHÔNG có field URL** — DiaDiem/MoTa/PaymentTerms semantic khác. 1 link → `string? HoSoLink`(1000)+Mig AddColumn+cmd+DTO+validator; nhiều link → entity con `PurchaseEvaluationLink`+CREATE TABLE+CRUD (nặng). **Attachment KHÔNG reuse URL**`PurchaseEvaluationAttachmentFeatures.cs:18-55` IFormFile thuần (FileSize>0+ContentType whitelist+IFileStorage). Mục D multi-row → E nên multi-row đối xứng. ⚠️ Surprise: comment :1314 nói "purpose=ComparisonTable hoặc supplier-row null" SAI — filter thực :1315-17 CHỈ `supplierId===null`. Tag `[s65ter, pe-section-e-link, attachment-file-only, insert-1348]`.
- **2026-06-16 (S65 recon — public HRM module for all-role, on-disk):** ⭐ **Mục 6 CRITICAL (gotcha #44 family) RESOLVED-FAVORABLE:** `EmployeesController.cs:23-25` = class `[Authorize(Policy="Hrm_HoSo.Read")]` (NOT `Roles="Admin"`) + per-action `Hrm_HoSo.{Create/Update/Delete}` (:45/:54). Policy resolves THROUGH permission matrix (`MenuPermissionHandler.cs:40-52` baseQuery role×menuKey CanRead; Admin-bypass :27) → seed CanRead row = API ALSO unlocked, NO 403. `HrDashboardController.cs:8-11` = `[Authorize]` any-auth only (`/api/hr/dashboard`). GET list = `/api/employees` (:28). ⇒ **seed BE permission ĐỦ, không cần đụng controller.** **Menu keys dưới `Hrm` (prefix THẬT = `Hrm_`):** root `Hrm`="Nhân sự" parent=null Order=28 (`DbInitializer.cs:1805`); `Hrm_Dashboard`="Dashboard NS" parent=Hrm Order=1 (:1850); `Hrm_HoSo`="Hồ sơ Nhân sự" parent=Hrm Order=2 (:1806). Hrm_Config* (6 leaf: LeaveTypes/Holidays/Shifts/OtPolicies/Vehicles/Drivers) parent=**Master** Order=25 (S57 re-parent :1812 — KHÔNG dưới Hrm). **Revoke (Mục 2):** `RevokeTemporarilyHiddenModulesAsync` :2151 — match `StartsWith("Hrm")||StartsWith("Off")||==Personal` AND role!=Admin AND any-flag-true (:2162-67) → set 4 cờ CRUD=false. ⚠️ **THỨ TỰ: gọi CUỐI CÙNG `:2040` trong SeedAsync, SAU grant `:2033`** → revoke THẮNG mọi grant trước nó. Mở Hrm = phải (a) sửa revoke loại trừ Hrm_HoSo/Hrm_Dashboard HOẶC (b) thêm grant SAU :2040. **Pe pattern (Mục 3):** `SeedAllRolesReviewReadPermissionsAsync:2055``roleManager.Roles.ToListAsync():2090` loop ALL role × reviewKeys, upsert CanRead (+CanCreate cho Pe_*), additive idempotent (skip-existing non-Pe :2115). **Seed entity (Mục 4):** `Permission`(RoleId,MenuKey,4 CRUD); idempotent = app-level skip per (RoleId,MenuKey); **13 role** `AppRoles.All` (Admin/Drafter/DeptManager/ProjectManager/Procurement/CostControl/Finance/Accounting/Equipment/Director/AuthorizedSigner/HrAdmin/CatalogManager). `Hrm_HoSo`+`Hrm_Dashboard` ĐỀU ∈ `MenuKeys.All:153,160` (khác Pe_* leaf NOT in All). **FE (Mục 5):** menu-tree-API-driven via `GetMyMenuTreeQuery.cs` (`/api/menus/me`); Hrm NOT inherit-root (chỉ 4: Contracts/Workflows/Pe/PeWf :51-59) → MỖI leaf cần CanRead row riêng, NHƯNG root `Hrm` auto-hiện nếu child có access (`HasAccess:96` CanRead OR child). `Layout.tsx:145 USER_HIDDEN_KEYS`={System,Users,Roles,Permissions,Forms,Reports} — KHÔNG chứa Hrm → fe-user auto-render; `staticMap Hrm_HoSo→/employees :75`, `Hrm_Dashboard→/hr/dashboard :104`. NO PermissionGuard per-route fe-user. ⇒ **chỉ seed BE, FE tự hiện.** Tag `[s65-recon, public-hrm, policy-based-authz-not-roles, revoke-runs-last]`.

5
.claude/agent-memory/investigator-codebase/archive/_INDEX.md
View File

@ -4,7 +4,7 @@
> **Pointer convention:** `substring:"…"` = a verbatim string that occurs EXACTLY ONCE in the named file (Ctrl-F / `grep -F`). Primary lookup = the substring. No line numbers (archives are append-only and line numbers drift). Fallback = the date + workType.
> **Archives are FROZEN + additive:** verbatim entry bytes are never edited; new entries are appended at end. This index + the `.gist.md` files are the only derived layers.
> **Sorted by DATE (ascending).** `[meta]` = curate/setup bookkeeping note (low signal). `[stub→git]` = FIFO-trim pointer whose full text lives in git, not on disk.
> **Files covered:** `2026-05-q1.md` (11) · `2026-05-q2.md` (4) · `2026-05-q3.md` (4) · `2026-05-q4.md` (3) · `2026-06.md` (15) = 37 records.
> **Files covered:** `2026-05-q1.md` (11) · `2026-05-q2.md` (4) · `2026-05-q3.md` (4) · `2026-05-q4.md` (3) · `2026-06.md` (18) = 40 records.
---
@ -54,3 +54,6 @@
| 2026-06-11 | prod-wipe recon | PE 10 active, Quotes→PE NO_ACTION (single DELETE OK); 20 real users batch 06-11; FE tree FE-only change | 2026-06.md · substring:"S59 recon — prod test-data wipe + PE tree" |
| 2026-06-11 | prod-user census | LockDemoSampleUsers no-op (dev-only pop); prod 34u all-active; pwd-policy env divergence (12 vs 11) silent-fail | 2026-06.md · substring:"S57bis lock no-op — prod user census" |
| 2026-06-11 | PE recon | PE no Year/no WorkItem link; MaPhieu gen-at-create; extend InReviewScope EXACT `==PurchaseEvaluations` not prefix | 2026-06.md · substring:"S57bis PE recon — 4 đầu việc sếp" |
| 2026-06-16 | public-HRM recon | EmployeesController policy-based authz (NOT Roles=Admin) → seed CanRead unlocks API; RevokeTemporarilyHiddenModules runs LAST :2040 beats all grants; 13 roles | 2026-06.md · substring:"S65 recon — public HRM module for all-role" |
| 2026-06-16 | PE Section-E recon | insert mục E "Link hồ sơ" at `PeDetailTabs.tsx:1348` (after mục D); BE PurchaseEvaluation.cs has NO URL field → add `HoSoLink` nvarchar(1000); attachments are IFormFile-only (no URL reuse) | 2026-06.md · substring:"S65ter recon — Mục E" |
| 2026-06-16 | FE-mirror recon | mirror Hồ sơ-NS fe-user→fe-admin = VERDICT B (patch `fe-admin/src/index.css` FIRST then cookie-cutter); fe-admin index.css 86-line missing 4 accent palettes + icon-chip/app-gradient-brand; scope 3 files | 2026-06.md · substring:"S66 recon — mirror Hồ sơ NS fe-user" |

19
.claude/agent-memory/memory-budget.json
View File

@ -1,6 +1,8 @@
{
"_note": "Harness-9 (S70, 2026-06-17) memory budget. Caps SEEDED BY MEASUREMENT (scripts/measure-agent-memory.ps1), NOT imagined headroom. Budget-audit @session-start (session-start.md §2.1.2): if curate-to-fit is dropping important markers, BUMP the relevant cap rather than cut markers. Re-measure with the script; never hand-edit measured_bytes.",
"seeded_date": "2026-06-17",
"seeded_date": "2026-06-18 (S71 re-measure after G1 curate — reviewer 36.7KB + investigator 29.8KB over-cap from S71 same-role race, curated L1->L2 back under auto-inject cap)",
"last_sleep_at": "2026-06-18",
"_last_sleep_at_note": "Harness-10b sleep-recovery (S72): timestamp lan cuoi chay /sleep-recovery-memory-l2. null = chua tung. session-start §2.1.2 + session-end §L.b(c) doc field nay -> INFORM goi-y nen L2 neu null hoac today-last_sleep_at>=7 ngay. Lead=single-writer (chi command sleep set field nay).",
"tiers": {
"l1_hot": {
"file": "MEMORY.md",
@ -27,11 +29,18 @@
"rule": "coverage-diff GATE: every surprise/guard/file:line/root-cause/gotcha# in verbatim must survive in gist (or marked N/A)"
}
},
"archive_gate": {
"_note": "Harness-11 PART-A (S73, 2026-06-18) params for scripts/memory-archive-gate.ps1 (DRY-RUN planner, NO-API, grep+measure only). ADDITIVE — does not touch measured/tiers/last_sleep_at. A4 hysteresis = drain to BELOW low_watermark (not just to the line). A5 = never auto-drain below keep_floor newest entries (WARN instead). A6 = only PROPOSE archive after strike_threshold consecutive over-cap runs (stateless script persists strikes in .claude/agent-memory/.archive-strikes.json).",
"autoinject_cap_bytes": 25600,
"low_watermark_ratio": 0.85,
"keep_floor_entries": 5,
"strike_threshold": 2
},
"measured": {
"cicd-monitor": { "l1_hot": 23226, "l2_verbatim": 178856, "l2_index": 16779, "l2_gist": 29737, "rollout": "done" },
"investigator-codebase": { "l1_hot": 24052, "l2_verbatim": 61997, "l2_index": 8363, "l2_gist": 23827, "rollout": "done" },
"reviewer": { "l1_hot": 24795, "l2_verbatim": 42194, "l2_index": 4847, "l2_gist": 17290, "rollout": "done" },
"implementer-backend": { "l1_hot": 17360, "l2_verbatim": 59233, "l2_index": 10105, "l2_gist": 23079, "rollout": "done" },
"cicd-monitor": { "l1_hot": 23653, "l2_verbatim": 178856, "l2_index": 16779, "l2_gist": 29737, "rollout": "done" },
"investigator-codebase": { "l1_hot": 23187, "l2_verbatim": 68612, "l2_index": 9234, "l2_gist": 27297, "rollout": "done (re-curated S71: moved 3 oldest, gist gen:2)" },
"reviewer": { "l1_hot": 24844, "l2_verbatim": 54901, "l2_index": 7370, "l2_gist": 19114, "rollout": "done (re-curated S71: moved 10 oldest, gist gen:2)" },
"implementer-backend": { "l1_hot": 17692, "l2_verbatim": 59233, "l2_index": 10105, "l2_gist": 23079, "rollout": "done" },
"frontend-designer": { "l1_hot": 24004, "l2_verbatim": 0, "l2_index": 0, "l2_gist": 0, "rollout": "n/a (no archive; watch L1 near cap)" },
"test-specialist": { "l1_hot": 23919, "l2_verbatim": 0, "l2_index": 0, "l2_gist": 0, "rollout": "n/a (no archive; watch L1 near cap)" },
"harvest-curator": { "l1_hot": 18952, "l2_verbatim": 0, "l2_index": 0, "l2_gist": 0, "rollout": "n/a (no archive)" },

30
.claude/agent-memory/reviewer/MEMORY.md
View File

@ -61,24 +61,28 @@ Adversarial pre-commit reviewer SOLUTION_ERP. Read-only verify + live curl prod
## 📅 Recent activity (FIFO — older → archive/git)
- **2026-06-19 (S76 Part2+3 PE budget-edit BADGE display-only — Lens-2 FE badges+render-safety, PASS, 0 blocker):** 2 cờ bool CanEditProBudget/CanEditCcmBudget vào 2 DTO approver (AwLevelDto designer + PurchaseEvaluationApprovalLevelApproverDto PE-flow), suy từ ROLE (KHÔNG đổi authz). Badge "✎ NS PRO" (amber) / "✎ NS CCM" (sky). **PASS Lens-2:** (1) **role-set KHỚP gate**`proBudgetEditors=GetUsersInRoleAsync(Procurement)Admin` / `ccmBudgetEditors=CostControlAdmin` (ApprovalWorkflowV2AdminFeatures.cs:155-157 + PurchaseEvaluationFeatures.cs:976-978) đảo-chiều set-lookup 3-query/req no-N+1; khớp 1:1 gate thật canEditPro/canEditCcm `:800-801`=isAdmin‖Procurement / isAdmin‖CostControl; AppRoles consts verified (`AppRoles.cs:5,9,10`). (2) **role-set DEFINE trước cả 2 site** — PE-flow define `:978` < approvalFlow `:1045` < currentApproval `:1064` (cùng V2-branch scope); designer define `:155` < ToDto `:184`. (3) **DTO flag flows CẢ flow+current** `PurchaseEvaluationApprovalFlowLevelDto.Approvers` (`:152`) + `PurchaseEvaluationCurrentApprovalDto`-path (`:145`) đều dùng `PurchaseEvaluationApprovalLevelApproverDto` badge hiện Panel-flow lẫn current. (4) **PeWorkflowPanel `.join('/')→map`** giữ separator "/" (`{i>0 && <span>/</span>}`), giữ case rỗng `length===0?'(chưa cấu hình)'`, key=`a.userId` SAFE (validator `HaveNoDuplicateApproverInSameLevel:289` chặn dup ApproverUserId trong 1 level no React key-collision). (5) **render-safety** designer wrapper `flex``flex flex-wrap` + panel `flex flex-wrap gap-x-1 gap-y-0.5` badge KHÔNG vỡ layout khi nhiều approver/badge. (6) **mirror 2-app PERFECT** PeWorkflowPanel fe-admin==fe-user byte-IDENTICAL cả base lẫn now (diff empty); types +2 cờ CẢ 2 app (admin:235-236/user:238-239), block diff-identical (chỉ pre-existing inline-comment `//0-based` lệch = noise KHÔNG do change này). (7) **FE typecheck CLEAN** cả 2 app (`tsc --noEmit` exit 0). no mock/alert/TODO. ** SPEC-vs-DIFF MISMATCH (em-main framing wrong, NOT a code bug):** spec nói "KHÔNG migration" nhưng diff BUNDLES S76 Part1 (migration `AddProBudgetSplitToPeWorkItemBudget` + PeWorkItemBudget domain + PeBudgetSummaryDto + PeDetailTabs 306-LOC matrix rewrite WIRED PUT /budget/pro). Part1 spot-check sound (mig 3-file OK pure-ASCII gotcha#30-respect, PUT wired real not-mock). **🟡 MAJOR race STILL PRESENT (carry-over Part1, line 64 entry):** PeDetailTabs 2 PRO cell (`:1283` proInitial + `:1305` proAdjust) cùng `proMut.mutate` echo sibling từ `bs` server-snapshot, `invalidate()` fire-and-forget (`:1161` không await) double-Save<refetch wipes sibling. Sev MAJOR data-loss tiềm ẩn, prob thấp. **LEARNED:** display-only capability-flag review = (a) confirm flag-compute KHỚP gate-thật bit-for-bit (đảo-chiều set-lookup must mirror the forward Roles.Contains check) + (b) confirm DEFINE-before-all-consumer-site trong cùng scope + (c) which DTO carries flag determines which UI surface shows badge (flow vs current both here). For `.join→map` refactor verify separator+empty-case preserved + key-uniqueness backed by a BE validator. SURPRISE: adversarial value here = catching the spec's "KHÔNG migration" claim is FALSE (diff is combined Part1+2+3) don't trust em-main's scope framing, read the actual changed-set. Tag [s76-part23, pe-budget-badge, display-only-capability-flag, role-set-mirrors-gate, join-to-map-separator-preserved, key-uniqueness-validator-backed, mirror-2app-byte-identical, spec-vs-diff-mismatch, major-race-carryover].
- **2026-06-19 (S76 Part1 PE budget MA-TRẬN 3 cột Mig 56 uncommitted, PASS w/ 1 MAJOR race + 2 MINOR):** Form ngân sách 1-cộtma-trận [Dự án|PRO|CCM]. Entity +ProInitialAmount/+ProAdjustmentAmount (cột PRO mirror CCM Initial/Adjustment); ProEstimateAmountLEGACY, Mig 56 Sql() UPDATE migrate idempotent (`WHERE ProEstimate NOT NULL AND ProInitial NULL` chạy-1-lần-safe). **PASS:** authz fail-closed Forbidden TRƯỚC side-effect 2 handler (PRO=Admin‖Procurement `:90`, CCM=Admin‖CostControl `:160`; Admin nhập cả 2 đúng ý; neither-role blocked); compute `fullAmount`=CCM nếu hasCcm else proFull(ProInit+ProAdj) `:852`, migrate-value flow đúng (legacy ProEstimateProInitialhasPro=true→fullAmount); `fullIsEstimate` `!hasCcm``!hasCcm&&hasPro` (improve, no badge khi empty); DTO 17-arg positional khớp def (2 new appended last, build-PASS compiler-checked); Block B 9-row dùng `full` authoritative INTACT; Mig 3-file OK (.cs+Designer+snapshot 18,2); FE 2-app SHA-twin `a93c8aa0`; 32 PeWorkItemBudget tests PASS (+5 S76: set-both-neg, validator neg-initial-fail/neg-adjust-pass, full-proFull-150, neg-proAdjust-70); no mock; anti-fiddle clean. **🟡 MAJOR race (pre-existing pattern, S76 WORSENS):** BudgetCell cross-field echo từ `bs` (server snapshot) KHÔNG local-state PRO "Ban hành" save gửi `proAdjustmentAmount: bs.proAdjustmentAmount`, "V0" save gửi `proInitialAmount: bs.proInitialAmount`. `invalidate()` fire-and-forget (`:1170` không await refetch). 2 PRO cell nay đồng-cột click Save cell-2 trong window [onSuccess fires (isPendingfalse, btn re-enabled) refetch lands] đè cell-1 về STALE (vd: lưu Ban-hành=100 ngay lưu V0=50 trước refetch Ban-hành WIPED null). Trước S76 PRO chỉ 1 số nên window này hại; ma-trận 2-cột-PRO làm reachable. Sev MAJOR (data-loss tài-chính tiềm ẩn) nhưng prob thấp (cần double-click <refetch-latency); fix gợi-ý: disable sibling-cell Save khi mut.isPending HOẶC onMutate optimistic-merge HOẶC await invalidate. **🔵 MINOR:** (a) `parseVnd` strip `.` "1.5"→15 (input cho `.` nhưng VND whole-number nên harmless); (b) stray `fe-user/.claude/agent-memory/implementer-frontend/MEMORY.md` NOT-gitignored (cwd-misland gotcha) em main ĐỪNG `git add -A`. **LEARNED:** cross-field echo-from-server an-toàn khi 1-field/cột; thành race khi N-field cùng-cột share 1 mutation + fire-and-forget invalidate window mở SAU isPending=false (btn enable) chứ không phải lúc in-flight; load-bearing = đếm field-cùng-cột share mutation + check invalidate awaited. Tag [s76, pe-budget-matrix, mig56-migrate-idempotent, cross-field-echo-race-worsened, fullIsEstimate-improve, cwd-misland-stray, parseVnd-dot-minor].
- **2026-06-18 (S72ter-WIRE Mig 54 cross-stack-wire + verify-fix lane uncommitted priceMissing, PASS no-new-deadlock):** Complement to S72ter-AUTHZ below (same fix, deadlock-lens). Fix = `priceMissing` old `length>0 && !source` new `(length===0 || !source)`, 2-app SHA-twin `4d6c89d9`. **No new deadlock — 4-fact:** (1) fix CHỈ THÊM disable-cond `length===0` lên branch đã unreachable-by-invariant (submit-guard `:194` hard-block winnerQuoteTotal<=0 ALL-paths Ncc candidate luôn 1 ChoDuyet) không sinh lockout mới; (2) giáchọnsource set`priceMissing=false`nút "Xác nhận" mởduyệt OK; (3) empty (giả định)→nút khoá + amber `:537` "nhập PRO/CCM hoặc chọn NCC" = lối-thoát , setter-path KHÔNG phase-gated (mirror-budget) cho nhập giá bất kỳ lúccandidate xuất hiệnmở lại (no hard-lock); (4) intermediate-approve `shouldPickPrice=false` (chỉ `currentIsFinalApprover||finalizeByCcm`)→nút mở bình thường, khớp BE ApplyApprovedPrice chỉ terminal `:885`+CCM-deleg `:853` (intermediate advance `:870/:893` không gọi). 7-layer threading 0-drop re-confirm (ctrl `:129/:337`cmd `:462`handler `:515`iface `:30`svc `:47`ApproveV2 `:822`). OR-of-N `currentIsFinalApprover` true mọi viewer cấp cuối (ComputeLevelStatus `:987` position-based) nhưng nút dialog `disabled=blockedByV2Level`+`!isDisabled&&setTarget` `:310/:320`non-approver không mởprice-selector hại. **LEARNED:** "fix tạo deadlock?" = THÊM-disable lên branch-unreachable-by-invariant không thể sinh lockout; verify lối-thoát = setter KHÔNG phase-gated (giá nhập-được bất kỳ lúc) + amber-message user luôn thoát empty-state. Tag [s72ter-wire, verify-fix, no-new-deadlock, escape-hatch-amber, 7layer-0drop].
- **2026-06-18 (S72ter Mig 54 AUTHZ+SECURITY lane double-check uncommitted priceMissing FE-fix + committed 1d86abc re-verify, PASS, 0 issue):** anh giao 3 lane laser (a setters / b CCM-finalize bypass / c controller authz) on commit 1d86abc (deployed Run #313) + 1 uncommitted FE-fix. **Uncommitted diff = 2 LOC product only** (`priceMissing` both apps, SHA-identical `4d6c89d9`) + memory/ledger noise em main đúng kỷ luật chỉ-touch-2-file. **(a) PASS** `PeSuggestedPriceFeatures.cs` cả 2 setter ForbiddenException TRƯỚC mọi mutate+SaveChanges (load+NotFoundrole-gate `:40-41`/`:109-110`mutate); role đúng PRO=Admin‖Procurement, CCM=Admin‖CostControl; AppRoles consts tồn tại (`:5,9,10`). Phase-guard cố-tình-thiếu, documented mirror-budget S61 (non-regression). **(b) PASS no-bypass 3 gate trực-giao chặn non-CostControl finalize-bỏ-CEO, TẤT CẢ throw TRƯỚC `Phase=DaDuyet`(:854):** (1) approver-match `:702-713` non-admin phải pendingLevel.ApproverUserId else Forbidden forged-caller-not-at-level KHÔNG tới được finalize block; (2) `finalizeByCcmDelegation:830-851` threshold-nullConflict / roleCostControlForbidden / `winnerQuoteTotal>=ceoThreshold` strict-`<`Conflict 3 throw trước set; (3) block `return` no-fallthrough. `winnerQuoteTotal` recompute server-side từ Suppliers+Quotes.ThanhTien của SelectedSupplier (`:839-847`) KHÔNG trust client; threshold từ DB `aw.CeoApprovalThreshold`. skipToFinal+finalizeByCcm combo safe (skipToFinal `:818` return non-last-slot HOẶC `:797` no-op fall-through last-slot finalize once, 3 guard vẫn áp). **(c) PASS** class `[Authorize]:14` 2 endpoint mới inherit any-auth, fine-grained handler Forbidden (gotcha#44-safe KHÔNG class-Policy-overstrict). **FE-fix sound strict-tightening:** old `length>0 && !source` để nút ENABLED khi candidates-empty click BE Conflict "Chọn 1 giá chốt"; new `(length===0 || !source)` disable nút khớp amber empty-state `:537` (trước fix message-hiện-cùng-nút-enabled = UX mâu thuẫn). `winnerQuoteTotal:number` non-null candidates-non-empty thực tế (submit-guard >0), fix thuần defensive nhưng đúng. **LEARNED:** "finalize-bypass?" load-bearing proof = đếm guard giữa caller-entry và state-mutation + xác nhận MỖI guard throw TRƯỚC mutation đầu tiên (đây Phase=DaDuyet) + recompute-vs-trust-client của giá-trị-so-ngưỡng (winnerQuoteTotal server-Sum, không nhận body) → 3 gate độc lập (approver-match ∩ role ∩ amount<threshold) mạnh hơn 1; client chỉ chọn-source-label, BE tự tính amount-vs-threshold. **SURPRISE:** uncommitted-fix chỉ edge defensive (candidates thực tế luôn 1 do submit-guard) nhưng vẫn đáng xoá UX-mâu-thuẫn enabled-button-cùng-amber-empty + chống regression nếu submit-guard nới sau này. Tag [s72ter, mig54-authz-lane, finalize-bypass-3gate-proof, server-recompute-not-trust-client, fe-fix-strict-tighten, phase9-uat-pass].
- **2026-06-18 (S72 Q2 phản-biện CONFIRM finding isReal=false / not-an-issue Mig 54 isSystem-exempt dead-branch):** anh giao bác-bỏ finding "isSystem miễn-chọn-giá AN TOÀN/dead-code". Cố refute ×3 angle, KHÔNG bác được finding ĐÚNG mọi điểm. (1) `IPurchaseEvaluationWorkflowService.TransitionAsync` = **DUY NHẤT 1 caller** backend-wide (`PurchaseEvaluationFeatures.cs:505` human handler, throws Unauthorized nếu UserId null `:499`, pass `currentUser.UserId` non-null `:508`) `isSystem` (`:54` cần actorUserId null) LUÔN false trên PE-path. (2) `SlaExpiryJob:63` inject `IContractWorkflowService` (KHÔNG PE) + query `db.Contracts` only caller AutoApprove duy nhất KHÔNG chạm PE. (3) `ApplyApprovedPriceOnFinalize` (`:908`) chỉ gọi từ `ApproveV2Async` (`:853,885`) reachable chỉ qua approve-block `:243` gate `decision==Approve`, còn isSystem cần `AutoApprove` mutually-exclusive ( do độc lập #2). (4) KHÔNG PE SLA hosted-service (chỉ SlaExpiryJob/Contract + ItTicketSlaJob). (5) non-admin AutoApprove tới ChoDuyet `throw Conflict :275` (no alt-finalize bypass price). Test header `PeApprovedPriceFinalizeTests.cs:27-31` tự-ghi OBSERVATION report-em-main KHÔNG-fix + reflection-invoke isolation. **Finding line# lệch** (cite 911-916/SlaExpiryJob 76,100, actual 908-923) nhưng substance khớp. Dead-branch harmless defensive-return. **LEARNED:** "dead-code an-toàn?" load-bearing proof = đếm CALLER của method chứa branch (grep `\.TransitionAsync\(` + verify mỗi caller's service-TYPE qua DI) single-human-caller + actorUserId-non-null-invariant kills isSystem độc lập với decision-gate; 2 do trực-giao mạnh hơn 1. Tag [s72, q2-phan-bien, isSystem-dead-branch, single-caller-proof, not-an-issue, confirm-finding].
- **2026-06-18 (S72bis Mig 54 RE-REVIEW commit 1d86abc anh 4 regression-Q a/b/c/d focus, PASS, 0 finding):** Independent 2nd pass on SAME commit as S72 entry below, anh asked 4 targeted Qs. **(a) AUTOOPT-IN regression in-flight + V1 SAFE:** S69 auto-finalize block REMOVED; in-flight V2 phiếu mid-ChoDuyet carry NO new flags (come from NEW request not stored state) intermediate levels advance normal (no ApplyApprovedPrice call line 870/894), terminal calls ApplyApprovedPrice final approver picks price (candidate guaranteed exist, see d). CCM below-threshold WITHOUT tick now advances to CEO (intended safer, no strand). **V1 legacy `ApproveV1LegacyAsync` signature does NOT receive new params + terminal line~990 does NOT call ApplyApprovedPrice** V1 finalize 100% unchanged, ApprovedPrice* stays null per entity comment. Tests cover: NoFlagadvance-CEO, AtLastSlot-no-double, all 3 fail-closed guards throw-before-mutate. **(b) Mig 54 safe:** 5-col additive-nullable, 0 backfill, 0 lock (AddColumn nullable=metadata-only SQL Server no rebuild); Down() drops all 5 reversible; 3-file rule OK (.cs+Designer+snapshot all 5 cols); EF config HasPrecision(18,2)×4 + HasMaxLength(20) match migration types. **(c) DTO positional OK:** 7 fields inserted between CeoApprovalThresholdApprovalWorkflowId in BOTH record def + construction, same order (ProMin/ProMax/Ccm/ApprovedAmount/ApprovedSource/canEditPro/canEditCcm), types match (5 nullable + 2 bool); build-PASS confirms compiler-checked positional. **(d) NO deadlock decisive:** submit-guard `PurchaseEvaluationWorkflowService.cs:174-216` enforces (ALL paths incl Admin/system) winnerQuoteTotal>0 (line194 "chưa có giá chào thầu" if<=0) → Ncc candidate `{amount:winnerQuoteTotal}` ALWAYS present+positive at final approval → `priceCandidates.length>=1` always → amber "Chưa có giá nào" (length===0) is DEAD UI unreachable → human always can pick ≥Ncc → priceMissing disables btn til pick → BE never gets null human-path → no Conflict-loop. `winnerQuoteTotal` BE `Sum()` over empty=0m (never null), FE type `number` non-null. **OR-of-N currentIsFinalApprover** = `lastFlowLevel.status==='Current'` true for EVERY viewer at last level (position-based BE ComputeLevelStatus:987), BUT approve buttons `disabled=blockedByV2Level` + onClick `!isDisabled&&setTarget` (line310-321) → non-approver can't open dialog → price-selector-for-all harmless. **FE mirror:** PeWorkflowPanel+PeDetailTabs byte-identical 2 apps (hash df2975a/ab08dad); type files differ pre-existing BUT Mig54 fields diff-identical. Setter handlers fail-closed Forbidden-before-side-effect, PRO Min<=Max validator, NO phase-guard (documented intentional mirror-budget S61). **LEARNED:** for "deadlock?" Q the load-bearing proof is tracing the SUBMIT-guard invariant (winnerQuoteTotal>0) forward to the finalize candidate-set — the FE dead-UI branch (length===0) is provably unreachable BECAUSE submit already rejected zero-price phiếu; never assess FE button-enable in isolation. **SURPRISE:** isSystem-exempt in ApplyApprovedPrice = dead via public ApproveV2Async (needs decision==AutoApprove + PE has no SLA-job) — test-specialist self-flagged OBSERVATION header, honest. Tag [s72bis, mig54-reReview, regression-Q-abcd, submit-guard-invariant-forward-trace, no-deadlock-proof, v1-untouched, or-of-n-safe].
- **2026-06-18 (S72 Mig 54 PE giá-đề-xuất + CCM-finalize OPT-IN — financial go-live review, PASS, 0 blocker):** Pre-commit uncommitted diff 17-file (+922/-102), DUYỆT TÀI CHÍNH go-live thứ Hai. 3 nhóm: ① giá đề xuất PRO(Min/Max)+CCM(1 giá) setter role-gate + người-duyệt-cuối chọn giá CHỐT (`ApplyApprovedPriceOnFinalize`); ③ CCM-finalize ĐỔI AUTO(S69)→OPT-IN ô-tích-tay `finalizeByCcmDelegation`. **Threading 7-lớp KHỚP** (body→Send→command→handler→interface→service→ApproveV2; controller `:129` + TransitionPeBody `:337-341` + command `:462-465` + handler `:515-517` + iface `:30-34` + svc sig `:47-49`) — 0 lớp drop param (bẫy "F1+F2 wire fail 2 ngày" né). **③ fail-closed order verified** (`PurchaseEvaluationWorkflowService.cs:830-867`): flag=false→skip finalize advance-CEO (test 1a, đổi-chính); flag=true check THEO THỨ TỰ threshold-null→Conflict(`:832`) / role≠CostControl→Forbidden(`:835`) / `winnerQuoteTotal>=ceoThreshold` strict-`<`→Conflict(`:849`) TRƯỚC set DaDuyet — 0 lỗ CCM/khác bỏ CEO. **① ApplyApprovedPriceOnFinalize gọi CẢ 2 nhánh DaDuyet** (terminal `:885` + CCM-deleg `:853`); human null-giá→Conflict, isSystem miễn, source∈{Ncc,ProMin,ProMax,Ccm} whitelist. **Setter authz** (`PeSuggestedPriceFeatures.cs`) Forbidden fail-closed TRƯỚC side-effect, đúng role (Pro=Procurement `:53`, Ccm=CostControl `:109`, Admin cả 2). **Cross-stack FE/BE field-name khớp** camelCase (finalizeByCcmDelegation/approvedPriceAmount/approvedPriceSource). **FE currentIsFinalApprover** = `lastFlowLevel.status==='Current'` (BE ComputeLevelStatus `:978-991` = pointer==last) — OR-of-N: group cấp cuối 1 entry → "Current" cho mọi viewer NHƯNG nút mở-dialog disable bởi `blockedByV2Level` (`:310,321`) khi actor∉approvers → người-không-phải-cuối KHÔNG thấy bộ chọn. priceMissing disable Xác nhận đúng. **Migration 3-file OK** (Mig 54 additive-nullable, Designer 5 col, snapshot). **Tests 334 PASS** (45 Dom+289 Infra, +28: PeCcm 6→11 + PeApprovedPrice 10 + PeSuggestedSetter 13). **3 MINOR non-block:** (a) `ApplyApprovedPriceOnFinalize` TRUST client `amount` — KHÔNG cross-check amount==stored-value-của-source (snapshot-semantic CHỦ ĐÍCH per comment; field display/audit-only, grep xác nhận KHÔNG drive Contract-from-PE value → low-sev); (b) edge winnerQuoteTotal==0 candidate amount=0 hợp lệ (submit-guard ép >0 nên unreachable thực tế); (c) **stray `fe-user/.claude/agent-memory/implementer-frontend/MEMORY.md` NOT-gitignored** (sub-agent cwd-misland gotcha) — em main ĐỪNG `git add -A` (chỉ add file cụ thể) + reconcile→canonical. **LEARNED:** combined-flag probe (skipToFinal+finalizeByCcmDelegation) SAFE — skipToFinal `return` (`:818`) trước finalize khi không-last-slot, last-slot no-op fall-through finalize-once (no double, guard vẫn full). For financial-approve review the 2 load-bearing proofs: (1) fail-closed guard order = throw TRƯỚC mọi set Phase=DaDuyet (reload-assert ChoDuyet trong test) + (2) trusted-client-amount chỉ MINOR khi field không feed downstream money (grep consumer = DTO-only). **SURPRISE:** isSystem-exempt branch trong ApplyApprovedPriceOnFinalize = defensive/dead qua public ApproveV2Async (approve-branch gate decision==Approve, isSystem cần AutoApprove; PE no SLA-job) — test-specialist tự ghi OBSERVATION header, honesty tốt. Tag [s72, mig54-pe-price, ccm-finalize-opt-in, fail-closed-order, trusted-client-amount-minor, currentIsFinalApprover-or-of-n, cwd-misland-stray, financial-golive-pass].
- **2026-06-18 (S71 FINALIZE double-check H9+H10+checklist — lens R3 cross-cutting+residuals, GAPS-FOUND, 3 completion-gap):** anh giao "hoàn chỉnh lại TOÀN BỘ" (not just Part C). Verdict GAPS-FOUND (no defect/no-bug — all gaps are deferred-incompleteness anh now wants closed). **PASS items:** (1) **Containment model đồng-bộ MỌI file** — 4 owning (`_ledger.md:4`/`hmw.js:89,113`/`workflows/README:38`/`runs/README:78`) + agents/README:162 + harvest-curator:52 + tooling-auditor + session-end/start ALL repoint Harness-10 "tracked-change NGOÀI run-folder+code-disjoint=vi-phạm". 0 file giữ old B6 operative. (agents/README:8 wave-mode = frozen 06-07 chronology, OK; harness_123 user-mem:13 = stale FE-ref noted below.) (2) **Frozen-evidence INTACT**`git diff --name-status f36aab8^..HEAD`: broadcasts/_index.md additive-2-rows + 2 outbox NEW (A), 0 modify; harness-2 adap-report/error-ledger/pre-S70 sessions NOT in changed-set. (3) **3 h10 run-folder** = run.md+harvest/ complete, sub-md/ only .gitkeep (EXPECTED — read-only subs scribed to harvest). ledger 2-beat all CLOSED, 0 orphan. (4) **gitignore** runs/=NOT-IGNORED, wave-*/agent-teams=IGNORED ✓. (5) **email content_sha256 e5f09d57c22e MATCH** body-lstrip, outward-VN full-grammar Cat-6 PASS. **🔴 3 COMPLETION-GAP (em-main fix to "hoàn chỉnh"):** (G1 HIGH) **over-cap curate-debt** — reviewer/MEMORY.md **33782B** (>30720 soft + >25600 auto-inject; spawn already truncated ~8KB HOT) + investigator-codebase **29819B** (>25600). memory-budget.json `measured` STALE (reviewer 24795/inv 24052 = S70 snapshot) → re-run `scripts/measure-agent-memory.ps1` + curate L1→L2 (additive, archive/ + _INDEX exist). (G2 MED) **stale memory claims** — Harness-9 user-mem line14 "cả 4 <25KB (đóng P1 curate-debt)" now FALSE post-S71; harness_123 user-mem:13 describes wave-mode as operative (superseded). (G3 MED) **NO Harness-10 user-memory** biggest structural change (wavetracked-runs + containment flip) has 0 feedback/project memory; 3 lessons uncaptured (engine-no-fsem-main-scaffold-fragile · custom-workflow-needs-delta-guard-race · check-ignore-exit-trap). **2 MINOR-info:** check-ignore exit-trap EXPLANATION imprecise in gitignore:96-98 + email#3 ("exit 0 for BOTH") plain `check-ignore` actually exits 1 for negation (only `-v --no-index` gives 0-for-both); the recommended COMMAND still works correct low-sev, email frozen. **Learned:** "complete the whole thing" audit must check budget.json measured_bytes vs DISK (snapshot drift re-accumulates after each over-cap session); honest-self-disclosure (STATUS+email both flag the over-cap) done disclosure is what anh asks to CLOSE. **surprise:** I am ADDING to the very curate-debt I'm flagging (this entry pushes reviewer further over-cap) G1 curate must run NOW. Tag [s71, finalize-r3, over-cap-curate-debt, stale-memory-claim, missing-h10-usermem, gaps-found].
- **2026-06-18 (S71 Harness-10 adap run-trace convention Stage-3 REVIEW lens R1 frozen-evidence+containment, PASS, 0 blocker):** Governance/infra-only (wave-folderrun-trace `.claude/workflows/runs/<run-id>/` TRACKED). 10 modified (8 H10 + investigator MEMORY residual + CLAUDE.md pre-existing) + 1 untracked `runs/`. NO product/test/csproj/package.json/migration test baseline 306 untouched, deps N/A. **Spec path trap:** spec said `runs/...` but actual `.claude/workflows/runs/...` (verify disk, không tin claim path). **R1 verify ALL PASS:** (1) **Frozen-evidence 0-touch** `git status --porcelain` on broadcasts/** · adap-reports/2026-06-07-harness-2 · error-ledger · sessions/* · STATUS · HANDOFF · `*/archive/*` ALL empty = none touched. (2) **Containment wording đồng-bộ 4 chỗ** `_ledger.md:4` `hmw.js:89/113` `workflows/README:38` `runs/README:78` ALL = "tracked-change NGOÀI run-folder + code-disjoint = vi-phạm" (model thay Harness-2 B6 "mọi tracked = vi-phạm"). (3) **gitignore exit-code-trap** `check-ignore runs/.../run.md && echo IGNORED || echo NOT`=NOT (re-included via `:83 !.claude/**`); `wave-x/wave.md`=IGNORED (legacy `:93` kept); trap-note PRESENT gitignore `:96-98`. No new ignore rule shadows runs/. **residuals verified as-claimed:** investigator MEMORY +6 (3 S71 diary, 29819B29.8KB over-cap, race artifact closeout); CLAUDE.md pure test-count 263306 flush. hmw.js `node --check`=PARSE-OK, `args.run` w/ legacy `args.wave` fallback `:91`, `sub-md/` subdir `:103`. harvest-curator DEDUP axis (sha/substring before APPEND); session-end idempotent VERIFY-not-re-APPEND; session-start orphan-scan. 6× `.gitkeep` present. **1 MINOR (non-block, actionable):** runs/ currently UNTRACKED (`git ls-files` empty, `?? runs/`) = tracked-ELIGIBLE not-yet-committed; docs say "TRACKED" = post-commit steady-state em main MUST `git add runs/` in SAME commit else run-trace invisible to git-diff audit model depends on. **Learned:** "TRACKED" containment = 2-level check-ignore NOT-IGNORED (eligible) vs `git ls-files` (committed); model only works after `git add`. **surprise:** internal var `const wave = (A.run&&A.run.dir)?A.run:...` keeps name `wave` but reads `A.run` first cosmetic-only, downstream identical (not bug). Verdict PASS safe commit (git-add-runs/ caveat). Tag [s71, harness-10-runtrace, frozen-evidence-clean, containment-wording-4file-sync, gitignore-exit-trap, tracked-eligible-vs-committed].
- **2026-06-17 (S69 GOLIVE Văn phòng số public-all-roles authz PASS, 0 blocker, gotcha #44-family CLEAN):** 1-file BE-only DbInitializer.cs (+81, new `SeedAllRolesOfficeModulePermissionsAsync` :2261 + call :2055 AFTER S65 HRM grant AFTER revoke :2042). NOT deployed (static + Dev-DB review, build PASS). Near-exact mirror of S65 HRM method, ONLY delta = `+CanCreate=true` (HRM was read-only). **8 verify ALL PASS:** (1) **Ordering** grant call sits after `RevokeTemporarilyHiddenModulesAsync` (:2042) + after S65 (:2048) grant wins revoke. (2) **Allow-list EXACTLY 16 Off keys** Off/Dashboard/DanhBa/PhongHop(+View+Book)/DeXuat(+List+Create+Inbox)/DonTu(+Leave+Ot+Travel)/DatXe/ItTicket; const names map correct values per MenuKeys.cs:99-120; NO PhongHopManage/AttendanceReport/ChamCong; array contains ZERO Hrm*/Personal/Pe*/Master key no leak. (3) **Upgrade-only correct** row existsonly flips CanRead/CanCreate falsetrue (`if(!row.CanRead)`+`if(!row.CanCreate)`), NEVER touches CanUpdate/CanDelete, never lowers; new rowread+create=true, update/delete=false (Permission.cs defaults false anyway). (4) **3 excluded keys STAY HIDDEN — decisive cascade check:** `Off` is NOT one of the 4 inherit-roots in GetMyMenuTreeQuery (:56-59,:70-73,:80-83 = Contracts/Workflows/PE/PeWorkflows ONLY) granting Off does NOT cascade to children; each Off child reads its OWN `resolved` flags (:65, falls to false-tuple if no row); PhongHop_Manage(parent=Off_PhongHop:1830)/AttendanceReport(parent=Off:1845) not-in-listrevoke-falsefiltered by HasAccess(:96); ChamCong re-parented to Personal(:1850/:1962) under hidden Personal root, not under Off, not grantedhidden. (5) **Admin unharmed** MenuPermissionHandler:27 Admin bypass; Dev DB: all 18 Off rows belong to Admin already read+create=true upgrade branch no-op. (6) **No real write-path opened — KEY for golive:** grep Controllers for Off menu keys = 0 matches; Office controllers gate writes by class-level `[Authorize]` (any-auth, self-service create) + per-action `[Authorize(Roles="Admin")]` for true admin writes (MeetingRoomsController Create/Update/Delete=Manage-rooms :26/34/43, Attendances :37/42, LeaveBalances :23/28) NOT by Off_*.Create policy. So broad CanCreate grant only drives FE menu+button (usePermission/PermissionGuard); API write-auth untouched, admin CRUD stays Admin-only regardless. (7) **No migration** seed-logic only; all 16 keys in MenuKeys.All:157-161 (seeded). (8) **Idempotent** 2nd run: rows already true0 change; SaveChanges gated `if(added>0||upgraded>0)`. **Dev DB baseline** (307 perms,13 roles): 0 non-admin Off rows existmethod takes add-branch for 12 non-admin roles (creates 16 read+create rows each, 3 excluded never added). build Infrastructure 0err/0warn. 0 rogue write (only cicd-monitor/MEMORY.md noise, read-only respected). **Learned:** for a public-grant golive the load-bearing security proof is TWO-fold (a) cascade-safety = confirm the granted root is NOT an inherit-root (else siblings leak, gotcha #44-family) AND trace excluded keys' ParentKey to a non-granted/hidden parent; (b) write-path-safety = grep that the broadly-granted menu key is NOT used as a controller `[Authorize(Policy=)]` (here Office uses class `[Authorize]`+per-action Roles=Admin, so CanCreate is FE-only granting it cannot escalate API writes). **surprise:** the "Manage rooms" admin function is double-protected excluded from allow-list (menu hidden) AND its API is `[Authorize(Roles=Admin)]`; menu-hide alone would've been insufficient but the controller gate makes the broad grant safe even if a key had slipped. Verdict PASS safe commit+deploy. Tag [s69, office-golive-authz, public-all-roles, inherit-root-no-cascade, off-not-policy-key-fe-only-grant, gotcha44-family-clean, admin-write-double-protected].
- **2026-06-17 (S69 Văn phòng số RE-SKIN static logic-preservation PASS, 0 blocker):** 10 pages presentation-only re-skin PURO PageHeader/KpiCard + Hồ sơ-NS idiom (9 fe-user office + 1 fe-admin AttendanceReport). NOT built yet, fe-admin not mirrored (em main next). **Strongest proof = exact API/queryKey diff OLD-vs-NEW byte-identical ALL 8 fe-user pages** (grep `api\.(get|post|put|delete)` + `queryKey:[...]` sorted -u, zero delta): proposals POST /submit + /{kind} · workflow-apps POST /{k}+/submit+PUT /workflow · meeting-bookings POST/DELETE+invalidate · it-tickets PUT /{id}/assign · directory/departments/attendance-report/excel-blob all UNCHANGED. Mutation side-effects (onSuccess/onError/invalidateQueries/setActionDialog/setComment/navigate) 1:1 (line-shift only). ProposalCreate validation `!title.trim()` throw + required + submit-disabled intact. AttendanceReport exportExcel blob (createObjectURLa.downloadclickrevoke) intact. **Cat2 orphans CLEAN:** 0 unused import flagged Users(=UsersIcon alias) + FormEvent/ReactNode (React.* namespace not named-import) + Accent(comment word) all FALSE-alarm verified. **Cat3 shared-comp contract:** PageHeader{eyebrow,title,subtitle,icon,accent,actions} + KpiCard{label,value,icon,accent,active,onClick} props all match real sig; KpiCard onClick wired to REAL filter state (ItTickets `setFilter`/WorkflowAppsList `setStatusFilter`/ProposalsList driving actual client `.filter()`), InternalDirectory 2 KpiCards INTENTIONALLY inert (no onClick=presentational counts, matches comp design NOT dummy). **Shared comps + index.css NOT modified** (git status -- ui/ + *.css EMPTY; sha256 identical fe-user==fe-admin per ls). **Cat4 color-trap CLEAN:** grep added lines for `(teal|violet|amberx|greenx)-(200|300|400|800|900)` = ZERO; index.css confirms accents ship only 50/100/500/600/700 (brand has full 50-900 so brand-800 valid); gotcha #66 0 gradient/dark-bg headings added (all headers on light surface use accent-ink text-brand-800/{accent}-700 via PageHeader). **Cat1 mock-markers:** 0 //Mock/alert/TODO-wire. **Client-side filter additions** (ItTickets filter/breached, WorkflowAppsList statusFilter useMemo) = presentation views over fetched items, NO new query/endpoint. **2 MINOR (non-block):** (a) ProposalDetail status badge now renders TWICE PageHeader actions slot + existing status-row (cosmetic dup, both presentation); (b) it-tickets/workflow-apps client-filter is view-only over a `pageSize:100/50` first-page fetch (pre-existing pagination limit, re-skin doesn't worsen). **Learned:** for pure re-skin, the decisive logic-preservation proof is `grep api-call + queryKey sorted -u` OLD-vs-NEW byte-equality across every page faster + more rigorous than reading each hunk; orphan-import heuristic (body-occ<=1) flags `X as Y` aliases + `React.X` namespace + comment-words as false-positives, always grep the actual usage line before flagging build-break. **surprise:** custom accent palettes (amberx/greenx/teal/violet) deliberately ship NO -800 stop so headings MUST use -700 (brand is the only -800-bearing accent) a -800 on a non-brand accent = silent no-class Tailwind v4, the re-skin respected this everywhere. Verdict PASS safe for em main to build+mirror. Tag [s69, office-reskin, presentation-only, api-querykey-byte-equal, color-trap-clean, kpicard-inert-vs-filter, gotcha66-clean].
- **2026-06-16 (S65 PE mục E HoSoLink review em-main PROXY, PE-Workflow reviewer-stage died-empty):** Review mục-E hyperlink render + HoSoLink BE wiring (`5a0aaa4`). Reviewer-stage trong Workflow `pe-hoso-link-rename-pro` return RỖNG em main self-gate evidence: Detail DTO `hoSoLink` present + `null` backward-compat phiếu thật (Run #293 GET 200); Create/Update +trailing-optional `HoSoLink=null` KHÔNG vỡ call-site (grep 0 manual ctor KHÁC CreateDepartmentCommand #291 CS7036 positional-required vs trailing-optional); mirror fe-user==fe-admin SHA256 IDENTICAL (PeDetailTabs+PeWorkspaceCreateView); hyperlink `<a target=_blank rel=noopener noreferrer>` no reverse-tabnabbing; rename "Dự trù PRO"→"Ngân sách PRO" CHỈ display (giữ "Ghi chú từ PRO" + field-code). LEARNED: hyperlink free-text = no server-side XSS (render-as-href client-only); absolute-set Update (null=clear) chủ đích. SURPRISE: reviewer-stage chết-rỗng trong fan-out = do verify-heavy task vẫn cần em-main self-gate Workflow (verdict `feedback_workflow_fanout_reliability`). Tag `[s65, pe-section-e-review, em-main-proxy-self-gate, hosolink-backward-compat, workflow-fanout]`.
- **2026-06-16 (S65 public Hồ NS read for all roles static pre-commit, PASS, 0 blocker, gotcha #44 family CLEAN):** 1-file change DbInitializer.cs (+66, call-site :2046 SAU revoke :2040 + new `SeedAllRolesHrmProfileReadPermissionsAsync` :2203). Prod NOT deployed (static review, build PASS đã claim). **7 verify ALL PASS:** (1) **Ordering** grant gọi SAU `RevokeTemporarilyHiddenModulesAsync` trong SeedAsync grant thắng (git diff confirms call sits immediately after revoke). (2) **Upgrade path prod-critical** method MUTATES existing row `if(!row.CanRead){row.CanRead=true;upgraded++}` (EF change-tracked SaveChanges persists); NOT skip-existing-noop. Correctly fixes S58-class bug (revoke set CanRead=false on prod rows upgrade flips true). (3) **Scope precise** `hrmKeys = new[]{MenuKeys.Hrm, MenuKeys.HrmHoSo}` EXACTLY 2; NO Hrm_Dashboard/Hrm_Config*/Off*/Personal. `Hrm` is NOT one of 4 inherit-roots (Contracts/Workflows/PE/PeWorkflows in GetMyMenuTree:56-59) so granting Hrm root does NOT cascade to Dashboard/Config children they keep own false flags filtered out by `HasAccess(n)=n.CanRead||Children.Any(HasAccess)`. Menu shows Hrm root Hồ NS leaf ONLY (HrmHoSo ParentKey=Hrm:1806, Dashboard sibling ParentKey=Hrm:1850 stays hidden). (4) **Read-only** add-path CanCreate/Update/Delete=false; upgrade-path touches ONLY CanRead. (5) **No regression** Admin bypass at MenuPermissionHandler:27 untouched; revoke unchanged; Off/Personal/Dashboard/Config stay hidden after full seed. (6) **Idempotent** 2nd run: row.CanRead already true `if(!row.CanRead)` false 0 change. (7) **No non-Admin write path** `MenuPermissionHandler` ReadAnyAsync(CanRead) is what GET checks; all 19 EmployeesController write actions (main+5 satellite) require Hrm_HoSo.Create/Update/Delete which grant leaves false 403. **surprise/monitor-note (NOT a defect, NOT introduced by this change):** HrDashboardController/HrmConfigsController/Attendances/LeaveBalances carry ONLY class-level `[Authorize]` (any-auth, NO per-action Hrm_*.Read policy) so their data was already reachable by direct URL pre+post S65 (menu-hide API-lock; S58 revoke comment DbInit:2153-2155 explicitly acknowledged this). S65 does NOT widen it (only touches perm matrix rows Hrm+Hrm_HoSo + menu filter). cicd-monitor must NOT assume "Dashboard hidden in menu"=="dashboard data unreachable". Spec comment said "6 catalog Hrm_Config*" but there are 6 config leaves + Hrm_Config subgroup = 7 keys cosmetic count, all stay hidden, not a code bug. **Learned:** for menu-key read-grant, verify the granted root is NOT an inherit-root (else cascade leaks siblings) + trace HasAccess filter + confirm leaf ParentKey chains to the visible root; upgrade-path correctness = grep that method MUTATES row (not skip-existing) when a prior revoke pre-set the flag false on prod. Verdict PASS safe commit. Tag [s65, public-hrm-hoso, upgrade-path-correct, inherit-root-no-cascade, gotcha44-family-clean, menu-only-not-api-lock-monitor-note].
- **2026-06-12 (S60 đợt1 PE submit-guard + drafter-bypass gate — KHÔNG DELIVER, die mid-run, on-behalf em main ghi hộ, H2-proposed):** Task: review `37122f0` cross-stack (BE TransitionAsync submit-guard đủ-4-thông-tin mục 3 + bypass người-soạn-trong-chuỗi V2 BƯỚC-ĐẦU-only + FE PeDetailTabs ×2 + 14 PeSubmitGuardAndBypassTests 240→254). Die mid-run #53-class (commit body tự khai "Reviewer die mid-run → em main self-gate evidence-checklist PASS 0 blocker") → ship Run #283 PASS prod-verified, bundle rotate both. LEARNED: self-gate em main đứng vững lần 2 (sau S57bis) — checklist deterministic (test gate + diff scope + prod smoke 401/404-control) đủ cho PE refinement cross-stack. SURPRISE: die lần 3 trong 2 ngày (S57bis die-0-byte ×2 + S60 mid-run) DÙ promote-tier inherit Fable 5 → model-tier KHÔNG phải nguyên nhân die (nghi resume-kill/harness class) — trend data cho Harness-4. Tag `[s60, die-mid-run-3rd, self-gate, on-behalf]`.
- **2026-06-11 (S57bis product gate — KHÔNG DELIVER, die-0-byte ×2, on-behalf em main ghi hộ, H2-proposed):** Cả 2 spawn (email-gate đầu + final gate) chết 0-byte output 0 return (resume-kill class #3, ref `feedback_agent_kill_recovery`) → em main SELF-GATE evidence-checklist: grep authz key-set + role-string vs AppRoles + Mig 49 Up/Down reversible + 240 test + Run #381 + prod smoke 401/404-control. LEARNED: output-file size=0 + im >5 phút = chết, KHÔNG đợi thêm; KHÔNG re-spawn >2 lần trong session có `--resume`. SURPRISE: khác S52 killed-with-partial — lần này 0-byte tuyệt đối (không gì recover được từ return). Tag `[s57bis, die-0-byte-x2, self-gate, on-behalf]`.
- **2026-06-07 (S49 Harness 1/2/3 adopt pre-commit — PASS all 3, no blocker):** Governance/infra adopt (no product code, no test impact). VERIFIED: H1/H2 = 2 sub scope-DISJOINT + tools `[Read,Grep,Glob,Bash+4RAG]` NO store_memory/Write (INFORM-only); genuinely **TAILORED not copy-paste** (SE 4-RAG vs AI_INFRA 2-RAG · dropped effort:max + agent-ops-monitor/sister · Fidelity→SE `reviewer`). H2 5-trục in harvest-curator.md + session-end §L.b(f). H2 wave-mode hmw.js mirror AI_INFRA + **B6 `git check-ignore` VERIFIED** (wave-*/+agent-teams/ ignored · hmw.js/README tracked). H3 self=`se` complete substitution · **SHA256 canonical formula byte-identical send==check** · 13 .gitkeep exact · adap-apply base-path `outbox\all\`. honest nấc executed-file/verified-runtime-PENDING. G-015 scan = 6 hits ALL negating ("KHÔNG enforced") = correct honesty. **1 MINOR (non-block):** README:11/18 "7-agent" ASCII diagram = **PRE-EXISTING** drift (git diff proved work này chỉ touch load-bearing title/decision-tree/tool-grant/matrix; diagram predates S47 frontend-designer) → tooling-auditor H1 designed-to-catch = self-validating adoption. **learned:** `git diff base..head` = discriminator introduced-defect vs pre-existing-drift (đừng đổ lỗi work mới cho drift cũ); name-collision tailor-verify = diff frontmatter AI_INFRA-canonical vs SE-instance. **surprise:** mojibake scan false-pos trên "ĐÃ" (U+00C3 = valid VN uppercase, KHÔNG double-encode → verify codepoint in-context trước flag); broadcast floor "12 .gitkeep" UNDERCOUNT (correct=13 incl `all/` adap-channel — em main đúng). Verdict PASS, safe commit + restart. Tag [s49, harness-adopt, governance, max-clean].
- **2026-05-30 (S43 P11-B LeaveBalance pre-commit — PASS, Max no-truncate):** 14 file (LeaveBalance entity+config+Mig42 + Features + Controller + deduction hook + Create/Update LeaveType guard + embed balance + FE×4 + tests). 154 PASS (130→154). **Deduction exactly-once VERIFIED** (terminal else only, guard Status!=DaGuiDuyet chặn re-approve; advance/reject/return no-deduct). **FK invariant fully closed** — grep 2 write site LeaveTypeId (Create + UpdateDraft) cả 2 guard AnyAsync→Conflict, bogus type không thể tới terminal FK insert. Embed balance = RequesterUserId (approver thấy đúng người tạo). admin `[Authorize(Roles=Admin)]`. **2 MINOR defer:** concurrency lost-update UsedDays (no RowVersion — human-sequential accept) · stale line-num comment. Verdict PASS. Tag `[s43, p11b-leavebalance, max-clean]`.
- **2026-05-28 (S35 G-H2 BE CRUD 16 endpoint pre-commit — PASS, Smart Friend 8× CLEAN):** 2 NEW file `HrmConfigFeatures.cs` 439 + Controller 137. build clean, 130/130 PASS. Cat1: 0 mock, 8 ConflictException (Holiday Update composite `(Year,Date)` BOTH fields). Cat3: class `[Authorize]` + 12 per-action `[Authorize(Roles="Admin")]`. Cat5: 8 Validator MaxLength MATCH EF source (Code=50 not spec 20). **2 MINOR defer:** ListHolidays no IsActive filter (inconsistent sibling) · OtPolicy "1 active unique" NOT enforced handler (G-P1 ambiguous nếu 2+ active). Verdict PASS. Tag `[s35, smart-friend-8x-clean]`.
- **2026-05-26 (S33 Plan B G-H1 Phase 2 pre-commit — PASS, Smart Friend 6× CLEAN):** 17 file (3 BE + 6 FE new + 6 mod + 2). SHA256 mirror 3 file IDENTICAL admin==user. 5 endpoint real mediator.Send 0 mock. Mig 34 `AddEmployeeProfiles` 7 table UNIQUE indexes + FK Cascade. SeedDemoEmployeeProfiles NOT gated DemoSeed (gotcha #51 ✓). gotcha #50 Layout staticMap mirror ✓. **3 MINOR defer:** EmployeeCode race SERIALIZABLE low-risk · Update 3 bool not nullable (partial reset) · Delete DateTime.UtcNow direct. Verdict PASS. Tag `[s33, hrm-mig34, smart-friend-6x]`.
- **Smart Friend cumulative 8× CLEAN:** (1) S22 #44 silent-403 · (2) S25 #48 SQLite tie-break · (3) S29 password ≥12 · (4) S29 ApplicableType cross-module · (5) S33 BW test · (6) S33 Plan B Phase 2 · (7) S35 FE forms · (8) S35 G-H2. Plus 9× G-O2 (S36, em không track ở đây). 2 MAJOR catches total (S29 password + S29 ApplicableType); rest clean với MINOR defer.
- **Archived S29-S33 detail + S32 startup → `archive/2026-05-q2.md` + git d2f52ba (S40 curate):** S33 Plan C B-Wrap 9/9 [Fact] verify · S33 startup drift audit (CLAUDE.md SEVERE → patched S40) · S32 wrap/startup standby · S29 wrap 2 MAJOR catch detail. KEY absorbed in bug patterns + Smart Friend cumulative above.
---
## 🔄 Curate trigger
- >~30KB → archive recent → L2 `archive/<period>.md`. Stale >3mo → remove.
- **Last curate: 2026-06-17 S70 (Harness-9, em-main + Stage-B workflow)** (42.5→24.8KB): moved 9 entries S51→S57 (byte-exact) → `archive/2026-06.md`; KEPT foundation + 6 newest (S69×2/S65×2/S60/S57bis) + S49/S43/S35/S33 tail + Smart-Friend-cumulative + archive-pointers. Built `archive/_INDEX.md` (substring sha-keyed) + `.gist.md` (4-field distill-gen:1). Also Stage-C audit actor (`wf_9520d8cd-4fe` — verify 0-byte-loss/pointer/coverage). No re-ground (additive-only). Prev: S40 (28.4→18KB) · S34 q2 · S22 q1.
- **Last curate: 2026-06-18 S71 (Harness-9 L1→L2, same-role race append over auto-inject cap)** (36.7→24.2KB): moved 10 entries (byte-exact) → `archive/2026-06.md` — oldest FIFO tail S33/S35/S43/S49 + Smart-Friend-cumulative + archive-pointer + die-meta S57bis/S60 + redundant bottom Harness-10 R2/R3 (dup of S71 H10 entries kept). KEPT foundation + newest cluster (S71×2/S69×3/S65×2). Verified 10/10 moved lines `grep -Fxf` present-once in archive; numstat archive +N -0. `_INDEX.md` +10 pointer lines (substring sha-keyed). gist NOT updated (skip — em-main distill later). Prev: S70 (42.5→24.8KB) · S40 (28.4→18KB).
- **Prev curate: 2026-06-17 S70 (Harness-9, em-main + Stage-B workflow)** (42.5→24.8KB): moved 9 entries S51→S57 (byte-exact) → `archive/2026-06.md`; KEPT foundation + 6 newest (S69×2/S65×2/S60/S57bis) + S49/S43/S35/S33 tail + Smart-Friend-cumulative + archive-pointers. Built `archive/_INDEX.md` (substring sha-keyed) + `.gist.md` (4-field distill-gen:1). Also Stage-C audit actor (`wf_9520d8cd-4fe` — verify 0-byte-loss/pointer/coverage). No re-ground (additive-only). Prev: S40 (28.4→18KB) · S34 q2 · S22 q1.
- **Prev curate: 2026-05-29 S40 em main proxy** (28.4→~18KB): archived S33 Plan C + S33 startup + S32×2 + S29 wrap detail → q2 + git d2f52ba; refreshed stale (81/111→130 test, 47→55 gotcha, 31→40 mig, ~146→211 endpoints). Foundation (bug patterns + 5-category + Smart Friend guard + cross-module security) preserved. Prev: S34 q2 · S22 q1.

8
.claude/agent-memory/reviewer/archive/2026-06.gist.md
View File

@ -24,3 +24,11 @@
- [cao] VIỆC: S56 pre-golive authz **live prod curl** 8 new endpoints — spawn. KẾT-LUẬN: PASS 0-blocker — **8/8 return 401 unauth; admin-authed hrm-configs/vehicles/drivers/leave-balances/attendances all 200 (xlsx 6797B); non-admin Drafter correctly 403 on 2 Admin-only**; **gotcha #44 silent-403 sweep CLEAN: GET /it-tickets/assignable-staff returns HTTP 200 `{canReassign:false,staff:[]}` for non-IT (NOT swallowed 403), handler returns flag không throw (`WorkflowAppsFeatures.cs:466`)**. 1 MINOR: PUT /it-tickets/{id}/assign checks NotFound BEFORE Forbidden (`:496-508`) = existence-oracle leak (mutation fail-closed, post-golive hardening). BÀI-HỌC: capability endpoint = flag-return không throw = đúng gotcha #44 fix. BẤT-NGỜ: NotFound-before-Forbidden ordering = minor info-leak defense-in-depth defer. substring:"S56 pre-golive authz live-curl" → 2026-06.md
- [cao] VIỆC: S57-resume Harness-4 two-tier adopt gate (governance pre-send + pre-commit, no product code) — spawn (self-report `claude-fable-5[1m]` = promote-list direct evidence). KẾT-LUẬN: **PASS-with-fixes 0-blocker** — re-verify ALL GREEN: frontmatter **7 pin `claude-opus-4-8` + 4 `inherit` + 0 `[1m]`-in-frontmatter** + 0 project-pin settings; **evidence track-record 8/8 REAL** vs HANDOFF/STATUS; **nấc G-011 đúng mọi chỗ load-bearing (demote=executed-file·pending-restart, 0 overclaim runtime)**. Fixes: hash PLACEHOLDER trước send + "SENT ✓" premature status-verb + count "(13)"vs"11" + invalid-role typo→rơi 'opus'. BÀI-HỌC: **gate adopt-governance = re-run MỌI grep claim + cross-check evidence vs HANDOFF nguyên văn; n=2 demoted spawn-test double-duty làm inherit-chain proof HỢP LỆ (registry cached=chạy config cũ) nhưng cần phrase rõ**. BẤT-NGỜ: CCD harness cache agent frontmatter → đổi agent .md phải restart CLI mới ăn. substring:"S57-resume Harness-4 two-tier adopt gate" → 2026-06.md
---
> **distill-gen: 2** (S71 curate — KHÔNG nén lại bản này). 10 record dời từ L1 @S71 (over-cap do same-role race). Phần lớn routine pre-commit gate (low-unique-marker) → nén gộp; deep-detail đọc verbatim `2026-06.md` qua `_INDEX.md`.
- [thấp] VIỆC: 6 routine pre-commit gate cũ S33-S49 (S33 Plan B G-H1 Mig 34 SF-6× · S35 G-H2 BE CRUD 16-endpoint SF-8× · Smart-Friend-cumulative-8×-CLEAN · S40 archive-pointer S29-S33 · S43 P11-B LeaveBalance Max-no-truncate · S49 Harness-1/2/3 governance Max-clean). KẾT-LUẬN: tất cả PASS/CLEAN, 0 unique gotcha#/root-cause mới (gate áp-dụng-lặp). BÀI-HỌC: foundation 5-category + Smart-Friend đã ở L1 — các gate này không sinh marker mới. BẤT-NGỜ: N/A (routine). substring:"S33 Plan B G-H1" / "S35 G-H2 BE CRUD" / "S43 P11-B LeaveBalance" / "S49 Harness 1/2/3" → 2026-06.md
- [vừa] VIỆC: 2 die-meta non-deliver (S57bis product-gate die-0-byte ×2 · S60 đợt1 PE submit-guard die mid-run 3rd). KẾT-LUẬN: reviewer chết giữa task → em-main on-behalf gate. BÀI-HỌC: recovery-path = [[feedback_agent_kill_recovery]] (canonical user-memory — marker survive ở đó). BẤT-NGỜ: die-0-byte ×2 cùng điểm. substring:"S57bis product gate" / "S60 đợt1 PE submit-guard" → 2026-06.md
- [vừa] VIỆC: 2 Harness-10 adap-review R2(hmw.js engine)/R3(floor C1-C8) — REDUNDANT (dupe S71 entry giữ L1-top). KẾT-LUẬN: cùng catch C5 L1 over-claim (doc nói hmw.js prompt-builder emit L1, engine no-fs → grep=0 → fixed em-main convention). BÀI-HỌC: marker survive ở L1 S71 + [[feedback_harness10_run_trace]]. BẤT-NGỜ: R2+R3 độc-lập cùng kết luận = high-conf. substring:"Harness-10 adap R2-lens hmw.js" / "Harness-10 adap run-trace folder R3-floor" → 2026-06.md

22
.claude/agent-memory/reviewer/archive/2026-06.md
View File

@ -27,3 +27,25 @@
- **2026-06-10 (S57-resume Harness-4 two-tier adopt gate PASS-with-fixes, 0 blocker):** Gate trước send-email + commit (governance, không product code). Self-report spawn: `claude-fable-5[1m]` (reviewer = promote-list inherit direct promote-tier evidence, em main cite được). Independent re-verify ALL GREEN: grep frontmatter = đúng 7 pin `claude-opus-4-8` + 4 `inherit` + 0 `[1m]`-in-frontmatter (2 body-text hits hợp lệ: database-agent.md:46 + README.md:9 MỚI adap-report "match duy nhất" stale-by-own-edit) + 0 project-pin settings. Evidence track-record **8/8 REAL** vs HANDOFF/STATUS/own-memory (S51 MAJOR · S54 QTV-decoy · S53 Mig46 · S56 H2-4.5/5 + dept-IT-0-user · S57 ×3 controller +5/+5/+5 `[Authorize(Roles="Admin,CatalogManager")]` working-tree). Nấc G-011 đúng mọi chỗ load-bearing (demote = executed-file·pending-restart, 0 overclaim runtime). Fixes: hash PLACEHOLDER trước send (`nac: sent` + "SENT ✓" premature = đúng status-verb class broadcast cảnh báo) · STATUS "(runtime resolve 1M)" thiếu attribution AI_INFRA-s20 · hmw.js:91 log "same-model inherit" stale + :9 "8-agent" vs 9 roles · adap-report "(13)" vs "11" count · invalid-role typo rơi 'opus' (fail-direction xuống vs H4.5 nghiêng-quality). **Learned:** gate adopt-governance = re-run MỌI grep claim + cross-check evidence vs HANDOFF nguyên văn; n=2 demoted spawn-test double-duty làm inherit-chain proof HỢP LỆ (registry cached = chạy config ) nhưng cần phrase kẻo đọc nhầm thành promote-list spawn-test. Tag [s57, harness-4, two-tier-gate, pre-send-gate, g011].
--- (S71 curate 2026-06-18 moved from L1 MEMORY.md: oldest FIFO tail S33S49 + die-meta S57bis/S60 + redundant bottom Harness-10 R2/R3. Byte-exact, additive-only.) ---
- **2026-05-26 (S33 Plan B G-H1 Phase 2 pre-commit PASS, Smart Friend 6× CLEAN):** 17 file (3 BE + 6 FE new + 6 mod + 2). SHA256 mirror 3 file IDENTICAL admin==user. 5 endpoint real mediator.Send 0 mock. Mig 34 `AddEmployeeProfiles` 7 table UNIQUE indexes + FK Cascade. SeedDemoEmployeeProfiles NOT gated DemoSeed (gotcha #51 ✓). gotcha #50 Layout staticMap mirror ✓. **3 MINOR defer:** EmployeeCode race SERIALIZABLE low-risk · Update 3 bool not nullable (partial reset) · Delete DateTime.UtcNow direct. Verdict PASS. Tag `[s33, hrm-mig34, smart-friend-6x]`.
- **2026-05-28 (S35 G-H2 BE CRUD 16 endpoint pre-commit PASS, Smart Friend 8× CLEAN):** 2 NEW file `HrmConfigFeatures.cs` 439 + Controller 137. build clean, 130/130 PASS. Cat1: 0 mock, 8 ConflictException (Holiday Update composite `(Year,Date)` BOTH fields). Cat3: class `[Authorize]` + 12 per-action `[Authorize(Roles="Admin")]`. Cat5: 8 Validator MaxLength MATCH EF source (Code=50 not spec 20). **2 MINOR defer:** ListHolidays no IsActive filter (inconsistent sibling) · OtPolicy "1 active unique" NOT enforced handler (G-P1 ambiguous nếu 2+ active). Verdict PASS. Tag `[s35, smart-friend-8x-clean]`.
- **2026-05-30 (S43 P11-B LeaveBalance pre-commit PASS, Max no-truncate):** 14 file (LeaveBalance entity+config+Mig42 + Features + Controller + deduction hook + Create/Update LeaveType guard + embed balance + FE×4 + tests). 154 PASS (130154). **Deduction exactly-once VERIFIED** (terminal else only, guard Status!=DaGuiDuyet chặn re-approve; advance/reject/return no-deduct). **FK invariant fully closed** grep 2 write site LeaveTypeId (Create + UpdateDraft) cả 2 guard AnyAsyncConflict, bogus type không thể tới terminal FK insert. Embed balance = RequesterUserId (approver thấy đúng người tạo). admin `[Authorize(Roles=Admin)]`. **2 MINOR defer:** concurrency lost-update UsedDays (no RowVersion human-sequential accept) · stale line-num comment. Verdict PASS. Tag `[s43, p11b-leavebalance, max-clean]`.
- **2026-06-07 (S49 Harness 1/2/3 adopt pre-commit PASS all 3, no blocker):** Governance/infra adopt (no product code, no test impact). VERIFIED: H1/H2 = 2 sub scope-DISJOINT + tools `[Read,Grep,Glob,Bash+4RAG]` NO store_memory/Write (INFORM-only); genuinely **TAILORED not copy-paste** (SE 4-RAG vs AI_INFRA 2-RAG · dropped effort:max + agent-ops-monitor/sister · FidelitySE `reviewer`). H2 5-trục in harvest-curator.md + session-end §L.b(f). H2 wave-mode hmw.js mirror AI_INFRA + **B6 `git check-ignore` VERIFIED** (wave-*/+agent-teams/ ignored · hmw.js/README tracked). H3 self=`se` complete substitution · **SHA256 canonical formula byte-identical send==check** · 13 .gitkeep exact · adap-apply base-path `outbox\all\`. honest nấc executed-file/verified-runtime-PENDING. G-015 scan = 6 hits ALL negating ("KHÔNG enforced") = correct honesty. **1 MINOR (non-block):** README:11/18 "7-agent" ASCII diagram = **PRE-EXISTING** drift (git diff proved work này chỉ touch load-bearing title/decision-tree/tool-grant/matrix; diagram predates S47 frontend-designer) tooling-auditor H1 designed-to-catch = self-validating adoption. **learned:** `git diff base..head` = discriminator introduced-defect vs pre-existing-drift (đừng đổ lỗi work mới cho drift ); name-collision tailor-verify = diff frontmatter AI_INFRA-canonical vs SE-instance. **surprise:** mojibake scan false-pos trên "ĐÃ" (U+00C3 = valid VN uppercase, KHÔNG double-encode verify codepoint in-context trước flag); broadcast floor "12 .gitkeep" UNDERCOUNT (correct=13 incl `all/` adap-channel em main đúng). Verdict PASS, safe commit + restart. Tag [s49, harness-adopt, governance, max-clean].
- **Smart Friend cumulative 8× CLEAN:** (1) S22 #44 silent-403 · (2) S25 #48 SQLite tie-break · (3) S29 password 12 · (4) S29 ApplicableType cross-module · (5) S33 BW test · (6) S33 Plan B Phase 2 · (7) S35 FE forms · (8) S35 G-H2. Plus 9× G-O2 (S36, em không track đây). 2 MAJOR catches total (S29 password + S29 ApplicableType); rest clean với MINOR defer.
- **Archived S29-S33 detail + S32 startup `archive/2026-05-q2.md` + git d2f52ba (S40 curate):** S33 Plan C B-Wrap 9/9 [Fact] verify · S33 startup drift audit (CLAUDE.md SEVERE patched S40) · S32 wrap/startup standby · S29 wrap 2 MAJOR catch detail. KEY absorbed in bug patterns + Smart Friend cumulative above.
- **2026-06-11 (S57bis product gate KHÔNG DELIVER, die-0-byte ×2, on-behalf em main ghi hộ, H2-proposed):** Cả 2 spawn (email-gate đầu + final gate) chết 0-byte output 0 return (resume-kill class #3, ref `feedback_agent_kill_recovery`) em main SELF-GATE evidence-checklist: grep authz key-set + role-string vs AppRoles + Mig 49 Up/Down reversible + 240 test + Run #381 + prod smoke 401/404-control. LEARNED: output-file size=0 + im >5 phút = chết, KHÔNG đợi thêm; KHÔNG re-spawn >2 lần trong session có `--resume`. SURPRISE: khác S52 killed-with-partial — lần này 0-byte tuyệt đối (không gì recover được từ return). Tag `[s57bis, die-0-byte-x2, self-gate, on-behalf]`.
- **2026-06-12 (S60 đợt1 PE submit-guard + drafter-bypass gate — KHÔNG DELIVER, die mid-run, on-behalf em main ghi hộ, H2-proposed):** Task: review `37122f0` cross-stack (BE TransitionAsync submit-guard đủ-4-thông-tin mục 3 + bypass người-soạn-trong-chuỗi V2 BƯỚC-ĐẦU-only + FE PeDetailTabs ×2 + 14 PeSubmitGuardAndBypassTests 240→254). Die mid-run #53-class (commit body tự khai "Reviewer die mid-run → em main self-gate evidence-checklist PASS 0 blocker") → ship Run #283 PASS prod-verified, bundle rotate both. LEARNED: self-gate em main đứng vững lần 2 (sau S57bis) — checklist deterministic (test gate + diff scope + prod smoke 401/404-control) đủ cho PE refinement cross-stack. SURPRISE: die lần 3 trong 2 ngày (S57bis die-0-byte ×2 + S60 mid-run) DÙ promote-tier inherit Fable 5 → model-tier KHÔNG phải nguyên nhân die (nghi resume-kill/harness class) — trend data cho Harness-4. Tag `[s60, die-mid-run-3rd, self-gate, on-behalf]`.
- **2026-06-18 (Harness-10 adap R2-lens hmw.js ENGINE integrity — CONCERN, confirms sibling L1 over-claim still live, pre-commit):** Lens = hmw.js engine integrity (em-main rename wave→run-trace). **Engine itself CLEAN — all 4 R2 checks PASS:** (1) structure valid — `const wave=(A.run&&A.run.dir)?A.run:((A.wave&&A.wave.dir)?A.wave:null)` :91 nested-ternary paren-balanced 3/3, accepts args.run primary + args.wave alias (additive, old callers OK), var `wave` internal-name kept consistent :91/:92/:95/:103/:107/:132; subMd path :103 `${wave.dir}/sub-md/${role||'task'}-${i}.md` matches spec; template-literals balanced (backtick 54 EVEN all-escaped, brace 56/56, paren 140/140, bracket 14/14). (2) zero operative WAVE-MODE — grep `WAVE-MODE`=0; all 6 wave refs contextualized (legacy-alias :19/:90/:91, "supersedes Harness 2 wave" :87/:109); :113 ISOLATION contains "tracked-change NGOÀI run-folder (runs/<run-id>/)+code-disjoint=vi-phạm" ✓. (3) fan-out logic UNCHANGED — `git diff -U0` hunks = ONLY :91 behavioral (alias-accept); resolveModel/SCHEMA/checkpointApproved-guard/parallel/results.filter untouched. (4) valid JS (balance + structural, NO node --check per top-level-await). **THE CATCH (CONCERN, intersects R2):** runs/README.md:51 documents L1 in-run-reminder as firing in "`hmw.js` prompt-builder" w/ exact text 'run đang OPEN—nhớ scaffold@P1'+'run trước OPEN-beat đã harvest chưa' → grep that in hmw.js = **0**. hmw.js writeGuard :114 emits ONLY C4 return-instruction ("Harvest per-turn primary (C4)..."), NO scaffold/OPEN orchestrator-reminder; :92 is a log() at mode-detect not prompt-injection + still lacks the promised text. **Plan-vs-applied gap proven:** invest-synthesis:17 PLANNED "C5 Layer1: thêm reminder vào prompt-builder"; implement-synthesis NEVER lists applying L1 to hmw.js (only L2 :71 + L3 :51 applied); yet README:51+C7:72 present L1 as live. Doc asserts engine-behavior grep proves absent = over-claim. **Sibling reviewer (same adap, prior run today) already CONCERN on this exact gap — I independently re-confirm UNFIXED.** **Cross-file PASS:** gitignore runs/ TRACKED via `!.claude/**`:83 (check-ignore -v confirms negation) + wave-*/ kept IGNORED; containment wording synced 4 files (_ledger:4↔hmw:89/113↔runs/README:78); frozen evidence (broadcasts/adap-harness-2/error-ledger/STATUS/HANDOFF/archive_INDEX/sessions) ALL empty-diff; 0 mojibake. **Residual (non-block, self-flagged):** investigator-codebase/MEMORY.md +6 (29819B ~just-under-cap) = 4 same-role INVEST agents race (concurrency risk #7 invest-synthesis flagged) → em-main reconcile @closeout; new :113 guard forbids sub agent-memory writes = prevents recurrence. **Learned:** narrow lens (hmw.js JS structure) ≠ excuse to wave a doc-asserts-engine over-claim — when README says a layer "fires in <engine-file>", grep the engine for the CLAIMED text not a sibling instruction; INVEST-plan ≠ IMPLEMENT-applied. **Surprise:** engine rename genuinely flawless (dual-alias/balance/logic-frozen) — ONLY defect is adjacent doc over-stating what the clean engine does; engine-perfect + doc-overclaim coexist in one adap. Smart-Friend held: did NOT downgrade to PASS despite narrow lens + clean engine + sibling already-flagged. Tag [harness10, r2-hmwjs-engine, engine-clean-doc-overclaim, c5-L1-overclaim-reconfirm, plan-vs-applied-gap, dual-alias-additive].
- **2026-06-18 (Harness-10 adap run-trace folder R3-floor review — CONCERN, 1 over-claim, pre-commit):** Reviewed adap thay wave-mode → `runs/<run-id>/` 3-part (run.md+sub-md/+harvest/) git-TRACKED. Floor C1-C8 disk-verified. **C1/C2 PASS** — all 3 runs (invest/implement/review) scaffolded full 3-part (`ls` confirm + .gitkeep placeholders). **C3 PASS correct-nấc (NO over-claim)**`git check-ignore runs/`=NOT-IGNORED (tracked-eligible via `!.claude/**` :83) AND `git ls-files runs/`=EMPTY=NOT-committed-yet; _ledger:4 + runs/README:80 + gitignore:89-99 document "tracked" correctly, NEVER falsely claim "committed". Nấc THẬT = tracked-ELIGIBLE pre-commit (must commit to realize — expected, not defect). **C4 PASS** — invest+implement synthesis present per-turn; review harvest empty=correct (in-progress). **C5 CONCERN (the catch)** — L2 (session-start:71 orphan scan `closed=⏳`+harvest-rỗng) + L3 (session-end:51 idempotent VERIFY-not-re-APPEND) genuinely wired. BUT **L1 OVER-CLAIM**: runs/README:51 documents L1 in-run reminder firing in "hmw.js prompt-builder" w/ exact text 'run đang OPEN—nhớ scaffold@P1'+'run trước...harvest chưa' → `grep -c` that text in hmw.js = **0**. hmw.js writeGuard only emits C4 return-instruction ("Harvest per-turn primary (C4)"), NO scaffold/OPEN reminder. INVEST planned it ("C5 Layer1: thêm reminder vào prompt-builder"), IMPLEMENT synthesis never mentions applying it, yet runs/README:51+C7:72 present L1 as live. Doc-vs-reality gap = over-claim. **C6 PASS** — _ledger OPEN+CLOSE beats (invest/implement CLOSED, review ⏳) + orphan def:3. **C7 PASS** — caveat genuinely honest (engine no-fs · C2 fragile · 3-layer=lưới-không-khóa · G-015 TRACKED≠read-only-enforced); strong. **C8 PASS** — wave→runs migration done (0 wave-*/ remain), wave-*/ kept IGNORED (verified). **Frozen evidence 0-byte-loss CONFIRMED** (broadcasts/·adap-harness-2·error-ledger·STATUS·HANDOFF all empty-diff vs HEAD). hmw.js `node --check`=OK, dual-alias A.run/A.wave intact. Containment wording synced 4 files (_ledger:4↔hmw:113↔workflows/README:38↔runs/README:78). **Learned:** for a multi-layer "anti-miss net" adap, the catch is grepping each layer's CLAIMED trigger-site against the actual engine file — a layer documented as "fires in hmw.js prompt-builder" must have backing text there, not just a sibling instruction; INVEST-plan ≠ IMPLEMENT-applied (cross-check synthesis-plan vs disk). **Surprise:** README's own C1-C7 section-numbering ≠ task's C1-C8 reviewer-axes (two schemes, NOT a defect — README documents convention, task axes evaluate it); don't conflate. Over-claim=CONCERN per task rule (would be PASS if README:51 softened L1 to "C4 return-instruction" matching reality, OR hmw.js actually added the scaffold reminder). Tag [harness10, run-trace-folder, c5-L1-overclaim, tracked-not-committed-correct-nac, frozen-evidence-clean, plan-vs-applied-gap].

10
.claude/agent-memory/reviewer/archive/_INDEX.md
View File

@ -20,6 +20,12 @@
2026-05-19 · em-main self-review · gotcha #48 SQLite frozen-clock tie-break; Cat5 ADD test-filter discriminator EntityType+Summary · substring:"S25 Plan AB + wrap" `2026-05-q2.md`
2026-05-21 · adversarial spawn review · PASS 12-check Plan AG nested useMemo + details/summary; commit 0bf6c7e mirror IDENTICAL 21001E90 · substring:"S26 Plan AG pre-commit + AG2-AG6" `2026-05-q2.md`
2026-05-22 · governance perspective (no product review) · Cat6 ADD Authority-boundary; ABANDONED "RAG-ghi-mọi-tương-tác" over-reach · substring:"S28 wrap Layer A governance Reviewer perspective" `2026-05-q2.md`
2026-05-26 · adversarial spawn review (Smart Friend 6×) · PASS Mig 34 AddEmployeeProfiles 7-table + SHA256 mirror 3-file identical; SeedDemoEmployeeProfiles ungated (gotcha #51) · substring:"S33 Plan B G-H1 Phase 2 pre-commit" `2026-06.md` [moved S71]
2026-05-28 · adversarial spawn review (Smart Friend 8×) · PASS HrmConfig 16 endpoint 8 ConflictException + class-[Authorize]+12 Roles=Admin; Validator MaxLength match EF · substring:"S35 G-H2 BE CRUD 16 endpoint pre-commit" `2026-06.md` [moved S71]
2026-05-28 · cumulative summary (no single review) · Smart Friend 8× CLEAN roster + 2 MAJOR catches total (S29 password + S29 ApplicableType) · substring:"Smart Friend cumulative 8× CLEAN" `2026-06.md` [moved S71]
2026-05-29 · archive-pointer (S40 curate) · S29-S33 detail + S32 startup `2026-05-q2.md`+git d2f52ba; key absorbed in bug-patterns · substring:"Archived S29-S33 detail + S32 startup" `2026-06.md` [moved S71]
2026-05-30 · adversarial spawn review (Max no-truncate) · PASS Mig 42 LeaveBalance deduction exactly-once + FK invariant 2-write-site guard; 130154 test · substring:"S43 P11-B LeaveBalance pre-commit" `2026-06.md` [moved S71]
2026-06-07 · governance/infra adopt (Max clean) · PASS all 3 Harness 1/2/3 tailored-not-copy; H2 wave-mode check-ignore verified; SHA256 send==check; pre-existing diagram-drift minor · substring:"S49 Harness 1/2/3 adopt pre-commit" `2026-06.md` [moved S71]
2026-06-08 · spawn review (em-main proxy, truncated) · PASS, 1 MAJOR caught Driver FE-optional vs BE-required contract mismatch; gotcha #57 · substring:"S51 P11-C Vehicle+Driver + gotcha #57" `2026-06.md`
2026-06-08 · spawn review · PASS AttendanceReport + MaTicket codegen; gotcha #44 role-string "Admin" literal disarmed · substring:"S52 P11-E AttendanceReport + P11-F MaTicket" `2026-06.md`
2026-06-08 · spawn review · PASS ItTicket admin-reassign + AttendanceReport menu-key 5-way mirror; gotcha #50 route-exists · substring:"S52-late Task C ItTicket admin reassign" `2026-06.md`
@ -29,3 +35,7 @@
2026-06-09 · spawn review · PASS 14-file FE visual redesign; Be-Vietnam-Pro KEPT (font-scare retracted); verdict-first survival · substring:"S55 Phase-1 FE visual redesign pre-commit" `2026-06.md`
2026-06-09 · live-curl prod review · PASS 8 endpoints 401/200/403; gotcha #44 sweep clean; NotFound-before-Forbidden minor · substring:"S56 pre-golive authz live-curl" `2026-06.md`
2026-06-10 · governance gate · PASS-with-fixes Harness-4 two-tier frontmatter (7 pin Opus / 4 inherit); evidence 8/8 real; nấc G-011 · substring:"S57-resume Harness-4 two-tier adopt gate" `2026-06.md`
2026-06-11 · spawn DID-NOT-DELIVER (die-0-byte ×2, on-behalf) · em-main self-gate evidence-checklist; Mig 49 reversible + 240 test + Run #381 + prod 401/404; resume-kill class #3 · substring:"S57bis product gate" `2026-06.md` [moved S71]
2026-06-12 · spawn DID-NOT-DELIVER (die mid-run 3rd, on-behalf) · em-main self-gate; PE submit-guard 4-info + drafter-bypass first-step-only; 240254 test, Run #283 · substring:"S60 đợt1 PE submit-guard" `2026-06.md` [moved S71]
2026-06-18 · adap review (Harness-10, R2-lens engine) · CONCERN hmw.js engine CLEAN (dual-alias additive) but runs/README:51 over-claims L1 reminder in engine (grep=0); planapplied · substring:"Harness-10 adap R2-lens hmw.js ENGINE integrity" `2026-06.md` [moved S71]
2026-06-18 · adap review (Harness-10, R3-floor) · CONCERN run-trace 3-part scaffolded; C3 tracked-not-committed correct-nấc; same L1 over-claim re-caught; frozen-evidence 0-loss · substring:"Harness-10 adap run-trace folder R3-floor review" `2026-06.md` [moved S71]

21
.claude/agent-memory/test-specialist/MEMORY.md
View File

File diff suppressed because one or more lines are too long

15
.claude/agent-memory/test-specialist/archive/activity-s51-s52.md Normal file
View File

@ -0,0 +1,15 @@
---
name: activity-s51-s52
description: L2 archive — Recent-activity FIFO entries S51-S52 (filtered-unique gotcha #57 RED, round-robin/SLA, codegen day-type) aged out of MEMORY.md HOT
metadata:
type: project
---
# L2 archive — activity S51-S52 (aged out of HOT FIFO 2026-06-18 S74)
Verbatim entries moved from `MEMORY.md` "Recent activity" to keep HOT index under cap. Recall via RAG `search_memory` or read here directly.
- **2026-06-08 (S52 P11-D Master gotcha #57 EXT) [test-before · 3 RED LIVE]:** +3 test `tests/.../Application/MasterCatalogFilteredUniqueTests.cs` (run `--filter MasterCatalogFilteredUnique` → Failed 3/Passed 0). Department+Project+Supplier `.IsUnique()` BARE (Dept cfg:18 / Proj:19 / Supp:24) chưa `[IsDeleted]=0` — cùng class gotcha #57. Mirror EXACT GROUP B HrmConfigFilteredUniqueTests: seed row `IsDeleted=true` slot Code="DUP1" → `Create{Dept|Project|Supplier}CommandHandler(db)` cùng Code → assert `NotThrowAsync` + active==1 + `IgnoreQueryFilters` all==2. **3 RED** = `DbUpdateException → SQLite Error 19 UNIQUE constraint failed: {Departments|Projects|Suppliers}.Code` (app-check `AnyAsync(Code==X)` chạy QUA HasQueryFilter → loại soft-deleted → PASS → Add+SaveChanges → DB UNIQUE bare đếm cả row xoá → throw). NOT test lỗi — REPORTED em main fix migration `.HasFilter` 3 config → flip GREEN. **⚠️ all-count PHẢI `IgnoreQueryFilters()`** (khác HRM ref dùng raw `Count(Code==X)` trên DbSet đã có HasQueryFilter → trả 1 not 2 = sai; tôi sửa = active-count plain DbSet, all-count IgnoreQueryFilters). 3 handler clean `(IApplicationDbContext db)` 1-dep. KHÔNG đụng Configuration/Domain/migration. Tag [s52, p11-d, gotcha-57, master-catalog, filtered-unique, test-before, RED].
- **2026-06-08 (S52 P11-D Wave2 round-robin + SLA-due) [proxy by em main: agent killed session-limit trước MEMORY step]:** +9 test `ItTicketAssignSlaTests.cs`**200 PASS** (Infra 133→142). **Round-robin:** seed Department Code="IT" + 2 user A/B `IsActive` trong IT + A có 1 ticket Open → Create → assign **B** (load 0<1); tie A=B `ThenBy(Id)`; edge no-dept-IT / no-user-IT unassigned; user ngoài IT hoặc `IsActive=false` KHÔNG assign. **SLA-due:** Priority Urgent→+4h / High→+8h / Medium→+24h / Low→+72h (assert `e.SlaDueAt==CreatedAt+SlaWindow[priority]`). **Regression P11-F:** create vẫn gen `^IT/\d{4}/\d{3}$`. `ItTicketSlaJob` BackgroundService SKIP unit-test (breach-query inline, khó test trực tiếp REPORTED). Baseline 191→**200** (58 Domain + 142 Infra). Tag [s52, p11-d, round-robin, sla-due, regression].
- **2026-06-08 (S52 P11-E + P11-F WorkflowApps/Attendance test-after):** +5 test **191 PASS** (Infra 128133). 2 file `tests/.../Application/`: **ItTicketCodeGenTests** (3 MaTicket regex `^IT/\d{4}/\d{3}$` + sequential 001002 cùng prefix `IT/{year}` LastSeq++ + per-year-prefix 2027 reset 001) + **AttendanceReportTests** (2 full aggregate day-type/weighted + DepartmentId filter). ** Serializable-on-SQLite GOTCHA = NON-ISSUE (confirmed):** `WorkflowAppCodeGen.GenerateMaDonTuAsync` dùng `BeginTransactionAsync(IsolationLevel.Serializable)` chạy SẠCH trên SQLite provider map isolation level gracefully (no throw), format+seq+per-year đều hold KHÔNG cần try/skip. Đã proven sẵn bởi WorkflowAppApproveV2Tests (DT/LR path). Handler `CreateItTicketHandler(db, cu, clock)` = 3 dep MediatR. **Day-type test pattern (P11-E core):** holiday check chạy TRƯỚC weekend/weekday seed 2026-06-01 (thứ Hai) vào holidaySet assert phân **Holiday** weekday (override day-of-week). Holiday.Date=DateOnly `BuildHoliday` dùng `DateOnly.FromDateTime`. OtWeighted = 2×1.5+3×2.0+1×3.0=12.0m. DepartmentId filter: seed 2 Department row + 2 user khác dept query deptA chỉ trả 1 row (handler join Users `u.DepartmentId==deptId`, userMeta dùng `DefaultIfEmpty` nên dept row optional nhưng seed cho DepartmentName assert). No prod bug. ** MSBuild OOM** chạy full parallel dùng `-maxcpucount:1 -p:BuildInParallel=false` (env resource, KHÔNG test fail). Tag [s52, p11-e, p11-f, codegen, day-type, serializable-sqlite-ok, test-after].
- **2026-06-08 (S51 P11-C HMW Wave2 filtered-unique gotcha #57):** +4 test `tests/.../Application/HrmConfigFilteredUniqueTests.cs` **185 total = 183 PASS + 2 RED** (Infra 123127). Mirror HolidayTests Case 7 (seed soft-deleted Code-slot Create same Code assert success + active==1 + all==2). **2 GREEN** Vehicle+Driver (Mig 44 config ĐÃ filtered 2 catalog mới đúng). **2 RED INTENTIONAL = gotcha #57 REPRODUCED** (test-before): `CreateLeaveType_OnSoftDeletedCodeSlot...` `SQLite Error 19 UNIQUE constraint failed: LeaveTypes.Code` + `CreateShift_OnSoftDeletedCodeSlot...` `ShiftPatterns.Code` (bare `.IsUnique()` đếm cả row soft-deleted; handler app-check `!IsDeleted` PASS Add+SaveChanges DbUpdateException). NOT test lỗi REPORTED em main fix Mig 45 `.HasFilter("[IsDeleted]=0")` cho 2 config flip GREEN. ** Soft-delete trong test (giống Holiday):** AuditingInterceptor (prod soft-delete DeletedModified+IsDeleted=true) KHÔNG wire trong SqliteDbFixture `Remove+SaveChanges` = HARD delete (không test được). PHẢI seed row `IsDeleted=true` thủ công để phỏng slot bị chiếm. Handlers chỉ cần IApplicationDbContext `new CreateXxxHandler(db)`. Tag [s51, p11-c, gotcha-57, filtered-unique, test-before].

6
.claude/agents/README.md
View File

@ -11,6 +11,8 @@
> **Upgrade S64 (2026-06-15 — Harness-7 writing-quality adopt):** sàn chất lượng viết **hướng ra ngoài** (email · broadcast · adap-report · tài-liệu-sister · **câu trả lời lead cho anh**) phải tiếng Việt rõ nghĩa, câu hoàn chỉnh, đủ dấu câu, đúng ngữ pháp (O1); nội bộ giữ lối nén §6.4/§6.5 (O2 — bất đối xứng); reviewer +**Category 6** writing-quality (O3, verified-pending-restart). Rule canonical `docs/rules.md §1.1`. adap-report `2026-06-15-Governance-harness-7-writing-quality.md`. body-hash `a4580ea9…` verified-MATCH (lesson gotcha #61: verify body-hash PHẢI đọc UTF-8 tường minh, PS5.1 default mis-decode tiếng Việt → false-mismatch).
> **Upgrade S66 (2026-06-16 — Harness-8 all-inherit + workflow-fastest adopt):** 🔴 BẮT BUỘC (anh-chốt, mọi sister; chất lượng trên chi phí). **H8.1** — toàn bộ 11 sub-agent có memory → `model: inherit` (ăn top-tier lead), **GỠ cơ chế demote two-tier của Harness-4** (7 sub pin `claude-opus-4-8` đã flip `inherit`: 2 implementer · test-specialist · cicd-monitor · investigator-api · frontend-designer · tooling-auditor; 4 đã-inherit giữ nguyên reviewer·investigator-codebase·database-agent·harvest-curator). SE KHÔNG có helper/gopher rẻ để chừa → cả 11 lên inherit. Escape-hatch per-task `tier:'opus'` (hmw.js) GIỮ cho sweep/cost. **H8.2** — chạy workflow nhanh nhất: **song song tối đa + xuất nhanh + lead auto-HMW** cho task substantive (theo H6) — "nhanh" = parallelism, **KHÔNG phải hạ model**. **Caveat (trung thực):** runtime HIỆN KHÔNG đổi (inherit = Opus 4.8 1M vì Fable suspended H5 — trùng two-tier đã collapse); khác biệt thật khi Fable về (cả đội tự lên Fable 5 không sửa frontmatter) + H5.6 restore gọn hơn (chỉ đổi lead). Frontmatter no hot-reload → **executed-file, VERIFIED-pending-restart**. `[1m]` cấm trong frontmatter `model` (gotcha #37). adap-report `2026-06-16-Governance-harness-8-all-inherit-workflow-fastest.md`.
> **Upgrade S70 (2026-06-17 — Harness-9 L2-recovery + adap 2-workflow adopt):** **(1) PROCESS-mandate 🔴 BẮT BUỘC (PART 2/3, áp MỌI adap từ nay):** mỗi adap 1 Harness = **2 workflow tách biệt** (IMPLEMENT + REVIEW double-check RIÊNG) + REPORT về AI_INFRA kèm **run-id** bằng chứng; task ngắn-nhưng-cần-confirm VẪN phải review-workflow. Codify `.claude/commands/adap-apply.md`. **(2) L2 dark-matter recovery (PART 1, tailored):** archive `agent-memory/<sub>/archive/*.md` KHÔNG vào RAG → build `archive/_INDEX.md` (mục-lục 1-dòng/bản-ghi + con-trỏ **substring** sha-keyed, fallback Ctrl-F, KHÔNG line-hint) + `<period>.gist.md` (nén 4-field ADDITIVE, `distill-gen` counter, verbatim FROZEN) + `memory-budget.json` (seed-by-measure qua `scripts/measure-agent-memory.ps1`) + budget-audit @session-start (§2.1.2) + `.ragignore` guard. Rollout S70 (đầy-đủ-nhất, stage investigate→implement→audit qua 3 Workflow run-id): 4 over-cap sub (cicd-monitor · investigator-codebase · reviewer · implementer-backend). adap-report `2026-06-17-Governance-harness-9-l2-recovery-and-adap-workflow.md`.
> **Upgrade S72 (2026-06-18 — Harness-10 flat-refine + checklist-v2 adopt):** run-trace SUBFOLDER→**FLAT** (file phẳng cùng cấp: `sub-<role>-<i>.md` raw + `<stage>-synthesis.md` verified, KHÔNG `sub-md/`/`harvest/` subdir) — `hmw.js` (`:103` subMd path) + `workflows/README` + `runs/README` + session-start/end + decision-tree (dòng dưới) repoint. **C8 migration:** 5 run cũ S71 GIỮ subfolder (đừng rewrite history); close-gate dual-accept cả hai dạng. **+`/sleep-recovery-memory-l2`** (đóng A8 — port §J2-tailored SE-only: sleep-compress L2 gist additive, INFORM-only ≥7d). **Anti-bypass detector (refine b): TAILORED-OUT** — SE dùng Anthropic Workflow tool (no CLI-launcher bypass-surface), containment = git-diff + run-folder TRACKED + ledger orphan-scan (G-015). 3 run-id bằng-chứng: audit `wf_13868efb-ea7` · implement `wf_ac43b5ff-7d1` · review (pending). adap-report `2026-06-18-Governance-harness-10-flat-refine-checklist-v2.md` (pending).
> **Upgrade S75 (2026-06-18 — Harness-11 engine bộ-nhớ-và-governance TỰ-BẢO-TRÌ adopt):** engine tự-DÒ toàn-diện (luôn tươi báo cờ) + AUTO chỉ semantic-null git-diff + **single-writer bar-KHÔNG-hạ (D9)** + đổi-luật owner-approve (D7). 🔑 Canonical → [`docs/governance/harness-11-engine.md`](../../docs/governance/harness-11-engine.md) (**KHÔNG copy luật ở đây — B1 dogfood**). Artifact MỚI: `scripts/governance-detectors.ps1` (C1 broken-pointer + C2/B3 staleness + C3 vocab-fork + C4 self-exclusion, NO-API DÒ+FLAG-only, **runtime-proven** bắt drift root CLAUDE.md mig53→55 + 0 self-match; số flag động → run-trace) + `scripts/memory-archive-gate.ps1` (PHẦN A hysteresis 0.85/keep-floor 5/2-strike/A7 NO-API L1-eval) + budget.json `archive_gate`. 3-tier D5(AUTO)/D6(DÒ+FLAG)/D7(owner-approve) + one-direction-lock D8 (canonical→derived) codify ở engine-doc. Cadence wired: D1 session-start §2.1.3 (chạy detector) · D2 session-end §L.b(c) (archive-gate). Áp qua workflow: audit `wf_7fdc3bd5-930` + implement `wf_c5e5844e-7c1` + review `wf_d7ca1ff8-942` + double-check `wf_a0b68d2f-30e`. adap-report `docs/governance/adap-reports/2026-06-18-Governance-harness-11.md`.
---
@ -108,7 +110,7 @@
├── @session-start/@session-end TOOLING-FRESHNESS audit (skill·sub-role·plugin·docs 4-mặt + drift)?
│ → tooling-auditor (H1 monitor, INFORM-only) — báo state+diff @start · chốt+new-alloc @end · em main APPEND
├── @session-end HARVEST-INTEGRITY gate (5-trục Coverage/Completeness/Fidelity/Placement/Corruption) / wave-folder gom (Harness 2 B5) / @session-start harvest mới?
├── @session-end HARVEST-INTEGRITY gate (5-trục Coverage/Completeness/Fidelity/Placement/Corruption) / run-folder harvest (`runs/<run-id>/<stage>-synthesis.md` ← `sub-<role>-<i>.md` phẳng, Harness-10 h10-refine; run cũ S71 `harvest/`←`sub-md/`) / @session-start harvest mới?
│ → harvest-curator (H2 monitor, INFORM-only) — propose delta · em main single-writer VERIFY→APPEND · Fidelity nghi → reviewer
├── Quick task < 30 min? → Em solo direct
@ -159,7 +161,7 @@
All 11 agent có **4 RAG-READ MCP**: `search_memory` + `search_code` (BM25, prefer over Read full file — tiết kiệm token) + `cross_project_search` + `list_projects`. Base tools per role (READ: Read/Grep/Glob/Bash [+WebFetch/Search cho api] · WRITE: +Edit/Write/Skill).
> **2 monitor sub (tooling-auditor H1 + harvest-curator H2 — 2026-06-07):** read-only toolset = `[Read, Grep, Glob, Bash, +4 RAG-read]`, **NO `store_memory`, NO Write/Edit** (mirror investigator read-set). INFORM-only — propose → em main single-writer VERIFY→APPEND (B3). 🔴 **G-015 accuracy:** đây KHÔNG = "read-only enforced" — sub vẫn giữ `Bash` (write-channel mở qua shell/curl). Containment thật = em main single-writer + **git-diff + chunk-count post-session** (defense-in-depth), KHÔNG allowlist đơn-độc.
> **2 monitor sub (tooling-auditor H1 + harvest-curator H2 — 2026-06-07):** read-only toolset = `[Read, Grep, Glob, Bash, +4 RAG-read]`, **NO `store_memory`, NO Write/Edit** (mirror investigator read-set). INFORM-only — propose → em main single-writer VERIFY→APPEND (B3). 🔴 **G-015 accuracy (Harness-10 run-trace model, `runs/_ledger.md:4`):** run-folder `runs/<run-id>/` được git **TRACKED** → mọi write HIỆN trong git-diff = audit trực-tiếp. Containment: tracked-change NGOÀI `runs/<run-id>/` VÀ NGOÀI code-disjoint đã giao = vi-phạm (thay model Harness-2 B6 "mọi tracked-change = vi-phạm"). G-015 no-overclaim: TRACKED ≠ read-only-enforced — sub vẫn giữ `Bash` (write-channel mở qua shell/curl) → containment THẬT = em main single-writer + git-diff(in-repo) + chunk-count (RAG), KHÔNG allowlist đơn-độc.
> ⚠️ **`store_memory` GỠ khỏi MỌI sub (2026-06-02 — AI_INFRA broadcast `Memory-store-memory-strip-global`, adap-report cùng id).** → **lead (em main) = sole RAG-writer** (mechanized failure-safe: sub vật-lý không gọi được `store_memory`). Sub tìm thấy finding/pattern mới → ghi **MEMORY.md** (file); lead + re-index đưa vào RAG. *Accuracy (G-015): đây KHÔNG = sub "read-only" — sub vẫn giữ `Bash` (+ vai write giữ `Write/Edit`); containment thật = defense-in-depth git-diff + Qdrant chunk-count, chưa phải allowlist đơn độc.*

32
.claude/agents/harvest-curator.md
View File

@ -1,7 +1,7 @@
---
name: harvest-curator
description: |
Read-only INFORM-only HARVEST-MD-INTEGRITY auditor cho SOLUTION_ERP (H2 — adopt AI_INFRA Harness 1, anh giao 2026-06-07; TÁCH BIỆT khỏi tooling-auditor H1 vì 2 việc hay quên+nhầm khi gộp). Verify HARVEST mỗi session ĐỦ + ĐÚNG: quét agent-memory mọi sub đã spawn + wave-folder workflow (Harness 2 B5) + agent-team → đề-xuất spawn-record 4-field + chạy harvest-integrity 5-trục (Coverage·Completeness·Fidelity-flag·Placement·Corruption). Lifecycle: @session-end HỖ TRỢ em main HARVEST (gom delta sub/wave/team → propose APPEND vào agent-memory sub tương-ứng + 5-trục GATE trước đóng + flag chore); @session-start BÁO harvest-MD MỚI + delta mồ-côi chưa-APPEND. Propose-only — em main single-writer (VERIFY→APPEND B3 no-overwrite-unverified). KHÔNG tooling/skill/plugin/docs-freshness (đó là tooling-auditor H1). KHÔNG store_memory. PHẢI dùng khi harvest agent-memory/wave-folder cuối session hoặc verify harvest-integrity.
Read-only INFORM-only HARVEST-MD-INTEGRITY auditor cho SOLUTION_ERP (H2 — adopt AI_INFRA Harness 1, anh giao 2026-06-07; TÁCH BIỆT khỏi tooling-auditor H1 vì 2 việc hay quên+nhầm khi gộp). Verify HARVEST mỗi session ĐỦ + ĐÚNG: quét agent-memory mọi sub đã spawn + run-folder `runs/<run-id>/sub-md/` (Harness-10 run-trace) + agent-team → đề-xuất spawn-record 4-field + chạy harvest-integrity 5-trục (Coverage·Completeness·Fidelity-flag·Placement·Corruption). Lifecycle: harvest per-turn = primary (C4); @session-end = backstop verify-idempotent HỖ TRỢ em main HARVEST (gom delta sub/run/team → propose APPEND vào agent-memory sub tương-ứng + 5-trục GATE trước đóng + flag chore); @session-start BÁO harvest-MD MỚI + delta mồ-côi chưa-APPEND. Propose-only — em main single-writer (VERIFY→APPEND B3 no-overwrite-unverified). KHÔNG tooling/skill/plugin/docs-freshness (đó là tooling-auditor H1). KHÔNG store_memory. PHẢI dùng khi harvest agent-memory/run-folder cuối session hoặc verify harvest-integrity.
model: inherit
tools: [Read, Grep, Glob, Bash, mcp__rag-unified__search_memory, mcp__rag-unified__search_code, mcp__rag-unified__cross_project_search, mcp__rag-unified__list_projects]
memory: project
@ -10,22 +10,22 @@ maxTurns: 18
# Harvest-Curator — SOLUTION_ERP (H2 harvest-MD integrity, read-only INFORM-only)
> Verify HARVEST mỗi session ĐỦ + ĐÚNG, hỗ trợ em main gom memory về sub-agent tương-ứng. **Read-only · propose-only.** Em main = single-writer. Adopt AI_INFRA Harness 1 (anh giao 2026-06-07) — TÁCH khỏi `tooling-auditor` (H1): H2≠H1, "hay quên+nhầm" → riêng-biệt. KHÔNG copy: tailor SE (4 RAG-read, roster 10, reviewer-escalate). Nền H2 đã có 1 phần ở `session-end.md` §L.b — sub này NÂNG thành 5-trục đầy-đủ + chuyên-trách.
> Verify HARVEST mỗi session ĐỦ + ĐÚNG, hỗ trợ em main gom memory về sub-agent tương-ứng. **Read-only · propose-only.** Em main = single-writer. Adopt AI_INFRA Harness 1 (anh giao 2026-06-07) — TÁCH khỏi `tooling-auditor` (H1): H2≠H1, "hay quên+nhầm" → riêng-biệt. KHÔNG copy: tailor SE (4 RAG-read, roster 10, reviewer-escalate). Nền H2 đã có 1 phần ở `session-end.md` §L.b — sub này NÂNG thành 5-trục đầy-đủ + chuyên-trách. **Harness-10:** scan-target wave-folder → run-folder `runs/<run-id>/` (git-tracked).
## 🎯 Role (1 câu)
Verify + gom **harvest-MD toàn session** (agent-memory sub · wave-folder workflow · agent-team) → @session-end đề-xuất harvest-delta + 5-trục integrity GATE; @session-start báo harvest mới. KHÔNG ghi, KHÔNG quyết, KHÔNG tooling-freshness (đó là tooling-auditor).
Verify + gom **harvest-MD toàn session** (agent-memory sub · run-folder `runs/<run-id>/sub-md/` · agent-team) → harvest per-turn primary + @session-end backstop đề-xuất harvest-delta + 5-trục integrity GATE; @session-start báo harvest mới. KHÔNG ghi, KHÔNG quyết, KHÔNG tooling-freshness (đó là tooling-auditor).
## ✅ SCOPE — ĐƯỢC làm (H2 harvest-integrity 5-trục)
**@session-end (HỖ TRỢ harvest — GATE trước đóng + Harness 2 B5):**
**@session-end (HỖ TRỢ harvest — GATE trước đóng + Harness-10 backstop verify-idempotent):**
- Quét `.claude/agent-memory/*/MEMORY.md` mọi sub đã spawn → đề-xuất spawn-record 4-field `{task·verdict·learned·surprise}` cho em main APPEND.
- **🌊 Wave-folder harvest (Harness 2 B5):** sau workflow-dài / cuối-session, quét `.claude/workflows/wave-<tên>/sub-*.md` (+ agent-team `.claude/agent-teams/<tên>/`) → gom delta → đề-xuất em main consolidate APPEND vào `agent-memory/<role>` sub tương-ứng (để sub-chính có đầy-đủ memory). Ghi `wave-<tên>/_harvest.md` propose (em main verify).
- Chạy **5-trục:** **Coverage** (0 silent-miss — mọi sub/wave/team đã-chạy đều harvest) · **Completeness** (đủ 4-field) · **Placement** (delta đúng nhà `agent-memory/X`, B2) · **Corruption** (mojibake / `$`-shell-expansion / encoding scan — phải dùng Write/Edit-tool, KHÔNG Bash-append-ẩu) · **Fidelity-FLAG** (nghi bịa / record on-behalf khớp việc-thật → escalate `reviewer`, KHÔNG tự phán).
- Flag chore-memory: agent-memory >30KB → archive L2 · wave-folder chưa-harvest tồn-đọng · delta mồ-côi · 0-byte memory (closeout-truncate gotcha #53).
- **🏃 Run-folder harvest (Harness-10 run-trace):** harvest **per-turn = primary (C4)** sau mỗi workflow run / cuối-session, quét `.claude/workflows/runs/<run-id>/sub-md/` (per-sub detail) → gom delta → đề-xuất em main consolidate APPEND vào `agent-memory/<role>` sub tương-ứng (để sub-chính có đầy-đủ memory). Ghi propose vào `runs/<run-id>/harvest/` (em main verify). **@session-end = backstop verify-idempotent** (rà run-folder còn delta mồ-côi chưa-APPEND, KHÔNG harvest lại cái đã gom). 🔴 **DEDUP:** vì harvest chạy CẢ per-turn LẪN close-gate, propose-APPEND PHẢI idempotent — đối-chiếu delta đã-có trong `agent-memory/<role>` (sha/substring) TRƯỚC khi đề-xuất, tránh double-APPEND cùng spawn-record.
- Chạy **5-trục:** **Coverage** (0 silent-miss — mọi sub/run/team đã-chạy đều harvest) · **Completeness** (đủ 4-field) · **Placement** (delta đúng nhà `agent-memory/X`, B2) · **Corruption** (mojibake / `$`-shell-expansion / encoding scan — phải dùng Write/Edit-tool, KHÔNG Bash-append-ẩu) · **Fidelity-FLAG** (nghi bịa / record on-behalf khớp việc-thật → escalate `reviewer`, KHÔNG tự phán).
- Flag chore-memory: agent-memory >30KB → archive L2 · run-folder `runs/<run-id>/sub-md/` chưa-harvest tồn-đọng · delta mồ-côi · 0-byte memory (closeout-truncate gotcha #53).
**@session-start (BÁO harvest mới):**
- **🌾 Harvest MD mới:** tổng hợp MD/memory MỚI từ workflow-wave · sub-agent · agent-team kể từ last-session (spawn-record mới · finding mới · **delta CHƯA APPEND** = mồ-côi cần em main xử-lý).
- Wave-folder tồn-đọng (workflow chạy mà chưa harvest) → flag.
- **🌾 Harvest MD mới:** tổng hợp MD/memory MỚI từ run-folder `runs/<run-id>/sub-md/` · sub-agent · agent-team kể từ last-session (spawn-record mới · finding mới · **delta CHƯA APPEND** = mồ-côi cần em main xử-lý).
- Run-folder tồn-đọng (run chạy mà chưa harvest — đối-chiếu `runs/_ledger.md` OPEN-beat chưa CLOSE) → flag.
## ❌ SCOPE — CẤM
- ❌ KHÔNG ghi/sửa BẤT KỲ file (em main single-writer — propose → VERIFY + APPEND B3 no-overwrite-unverified). KHÔNG `store_memory` (RAG single-writer = em main).
@ -35,20 +35,20 @@ Verify + gom **harvest-MD toàn session** (agent-memory sub · wave-folder workf
- ❌ KHÔNG fan-out repo khác (SOLUTION_ERP-self only).
## 🔗 Quan hệ (ranh giới tránh double-touch)
- vs **tooling-auditor (H1):** tooling = TOOLING-FRESHNESS (skill/role/plugin/docs). harvest = HARVEST-MEMORY (spawn-record · 5-trục · wave-gom). 🔴 TÁCH BIỆT (anh 06-07). Overlap = 0.
- vs **tooling-auditor (H1):** tooling = TOOLING-FRESHNESS (skill/role/plugin/docs). harvest = HARVEST-MEMORY (spawn-record · 5-trục · run-folder gom). 🔴 TÁCH BIỆT (anh 06-07). Overlap = 0.
- vs **reviewer:** reviewer = adversarial PASS/FAIL + Fidelity-escalation. harvest-curator = deterministic 4-trục (Coverage/Completeness/Placement/Corruption) + **FLAG** Fidelity (nghi → reviewer). Hybrid.
- vs **cicd-monitor:** cicd = corpus/RAG/eval/deploy. harvest-curator = agent-memory/wave harvest. Khác lãnh-địa.
- vs **cicd-monitor:** cicd = corpus/RAG/eval/deploy. harvest-curator = agent-memory/run-folder harvest. Khác lãnh-địa.
## 📤 OUTPUT contract
- @session-end: bảng harvest {sub/wave · spawn-record-đề-xuất · 5-trục verdict · flag} + wave-consolidate propose + chore-memory. Propose-delta cho em main APPEND.
- @session-start: harvest-mới report (delta mồ-côi + wave tồn-đọng) gọn cho Phase 2/3.
- @session-end: bảng harvest {sub/run · spawn-record-đề-xuất · 5-trục verdict · flag} + run-folder-consolidate propose (idempotent, đã DEDUP vs per-turn) + chore-memory. Propose-delta cho em main APPEND.
- @session-start: harvest-mới report (delta mồ-côi + run-folder tồn-đọng vs `runs/_ledger.md`) gọn cho Phase 2/3.
- ≤ vài K token. Mọi claim có ref (path / count). KHÔNG tự ghi.
## 💾 Memory
`.claude/agent-memory/harvest-curator/MEMORY.md` — harvest-trend · wave-harvest history · 5-trục verdict history · spawn-record 4-field. Tiered (L1 HOT ~30KB / L2 archive / L3 RAG-read).
`.claude/agent-memory/harvest-curator/MEMORY.md` — harvest-trend · run-folder-harvest history · 5-trục verdict history · spawn-record 4-field. Tiered (L1 HOT ~30KB / L2 archive / L3 RAG-read).
## 🔒 RULES + G-015 accuracy
- Read-only + propose-only. Output qua em main verify (em main re-Read ref trước APPEND).
- 🌊 **Harness 2 audit (B6):** khi gom wave-folder, VERIFY sub-workflow CHỈ ghi `wave-<tên>/` — phát-hiện sub ghi ra MD chính (`agent-memory/*` hay canonical) = **FLAG vi-phạm isolation** cho em main (git-diff evidence).
- 🔴 **G-015 KHÔNG overclaim:** sub này = propose-only. `store_memory` strip (RAG-write không-gọi-được) NHƯNG giữ `Bash` = write-channel mở → KHÔNG "read-only enforced". Containment = em main single-writer + git-diff + chunk-count post-session.
- 🏃 **Harness-10 run-trace audit (`runs/_ledger.md:4`):** run-folder `runs/<run-id>/` được git **TRACKED** → mọi write HIỆN trong git-diff. Khi gom run-folder, VERIFY sub-workflow CHỈ ghi trong `runs/<run-id>/` (sub-md) + code-disjoint đã giao — phát-hiện tracked-change NGOÀI 2 vùng đó (`agent-memory/*` hay canonical) = **FLAG vi-phạm containment** cho em main (git-diff evidence). (Thay model Harness-2 B6 "mọi tracked-change = vi-phạm" — run-folder giờ tracked nên diff KHÔNG blind.)
- 🔴 **G-015 KHÔNG overclaim:** sub này = propose-only. TRACKED ≠ read-only-enforced — `store_memory` strip (RAG-write không-gọi-được) NHƯNG giữ `Bash` = write-channel mở → KHÔNG "read-only enforced". Containment THẬT = em main single-writer + git-diff(in-repo) + chunk-count (RAG).
- KHÔNG tự ghi memory kênh nào (return delta → em main APPEND B3).

2
.claude/agents/tooling-auditor.md
View File

@ -37,7 +37,7 @@ Audit 4-mặt freshness tooling/docs SOLUTION_ERP → @session-start báo state+
- ❌ KHÔNG fan-out repo khác (SOLUTION_ERP-self only; `cross_project_search` = READ reference, KHÔNG audit repo bạn).
## 🔗 Quan hệ (ranh giới tránh double-touch)
- vs **harvest-curator (H2):** harvest = HARVEST-MEMORY (spawn-record · 5-trục · wave-gom). tooling = TOOLING-FRESHNESS (skill/role/plugin/docs). 🔴 TÁCH BIỆT (anh 06-07). Overlap = 0.
- vs **harvest-curator (H2):** harvest = HARVEST-MEMORY (spawn-record · 5-trục · run-harvest `runs/<run-id>/`). tooling = TOOLING-FRESHNESS (skill/role/plugin/docs). 🔴 TÁCH BIỆT (anh 06-07). Overlap = 0.
- vs **cicd-monitor:** cicd = post-deploy Gitea/bundle-hash/smoke + dependency CVE. tooling-auditor = MD/skill/plugin/docs/roster freshness. Khác lãnh-địa.
- vs **investigator-codebase:** inv-cb = audit code/SQL/schema theo task. tooling-auditor = audit META (tooling/docs/roster) theo lifecycle session.

6
.claude/commands/session-end.md
View File

@ -29,7 +29,7 @@ Em main PHẢI echo **TOÀN BỘ nội dung command body này** (đầy đủ Ph
- 🟥 **reviewer** — anti-patterns observed + Smart Friend catches + claim verification
- 🟢 **cicd-monitor** — Run verdict + bundle hash rotate + Mig prod + corpus drift
- 🟫 **tooling-auditor** (monitor H1) — CHỐT tooling/docs-freshness 4-mặt + new-alloc audit (chạy ở §L.b(g))
-**harvest-curator** (monitor H2) — GATE harvest-integrity 5-trục + wave-folder gom (chạy ở §L.b(d)(f))
-**harvest-curator** (monitor H2) — GATE harvest-integrity 5-trục + close-gate run-trace `runs/<id>/` (`*-synthesis.md` phẳng h10-refine; run cũ S71 `harvest/`) (chạy ở §L.b(d)(f))
2. Synthesize cross-agent learnings → integrate vào:
- User auto-memory `MEMORY.md` (index — append entry mới, KHÔNG rewrite)
@ -45,10 +45,10 @@ Em main PHẢI echo **TOÀN BỘ nội dung command body này** (đầy đủ Ph
**§L.b — 7-step auto-maintain (đủ 7, KHÔNG skip — thiếu = ledger thối). (d)(f) = H2 harvest-curator · (g) = H1 tooling-auditor (2026-06-07 Harness 1):**
- **(a) summary-index** += 1 dòng/session vào `STATUS.md` Recently Done (pointer, KHÔNG full-log).
- **(b) Active-Guards** (error-ledger): promote guard **2-strike** (episodic→procedural) · mark `verified` nếu held qua session · retire theo **net-effect** (hại>lợi → gỡ).
- **(c) chore-flag:** agent L1 >~30KB → archive L2 · error-ledger open-entry quá ngưỡng · **0-byte memory check (AS-8)**.
- **(c) chore-flag:** agent L1 >~30KB → archive L2 · error-ledger open-entry quá ngưỡng · **0-byte memory check (AS-8)** · **🌙 sleep-check (Harness-10b, S72):** `last_sleep_at` null hoặc ≥7d (`memory-budget.json`) → INFORM gợi-ý `/sleep-recovery-memory-l2` (KHÔNG auto-run) · **🗜️ Harness-11 A/D2 (S75):** chạy `powershell.exe -ExecutionPolicy Bypass -File scripts/memory-archive-gate.ps1` (DRY-RUN) → đề-xuất dồn-archive sub over-cap (A4 hysteresis 0.85 + A5 keep-floor 5 + A6 2-strike) + A7 NO-API L1-eval (pointer-resolve + byte-0-loss). Engine → [`docs/governance/harness-11-engine.md`](../../docs/governance/harness-11-engine.md). DRY-RUN báo kế-hoạch; MOVE thật do em-main (D5 AUTO semantic-null sau khi xem).
- **(d) flush agent-memory** mỗi sub đã spawn session này — **spawn-record 4-field** `{agent · task · nấc(agreed/executed/verified) · evidence}`. (0 sub spawn → "n-a".) → **⬜ harvest-curator (H2) HỖ TRỢ:** spawn → propose spawn-record cho mọi sub đã chạy → em main single-writer VERIFY → APPEND (B3 no-overwrite-unverified).
- **(e) pending-request audit:** request anh CHƯA-thực-thi đã log SPECIFICS chưa (KHÔNG placeholder).
- **(f) 🌾 harvest-integrity GATE (⬜ harvest-curator H2 — 5-trục, Harness 1+2):** verify spawn-record (d) đủ+đúng mọi sub TRƯỚC khi đóng — **Coverage** (0 silent-miss) · **Completeness** (đủ 4-field) · **Placement** (delta đúng `agent-memory/X`) · **Corruption** (moved-not-cut, no-mojibake/shell-baked) · **Fidelity-FLAG** (nghi bịa/on-behalf → escalate 🟥 reviewer, KHÔNG tự phán). + **🌊 wave-folder gom (Harness 2 B5):** nếu session chạy WAVE-MODE (tồn tại `.claude/workflows/wave-*/`) → quét `sub-*.md` → consolidate APPEND `agent-memory/<role>` + verify **B6 isolation** (git-diff: sub KHÔNG ghi ra MD chính; chunk-count: 0 RAG-write). GATE = chưa đủ 5-trục thì CHƯA đóng.
- **(f) 🌾 harvest-integrity GATE (⬜ harvest-curator H2 — 5-trục, Harness 1+2):** verify spawn-record (d) đủ+đúng mọi sub TRƯỚC khi đóng — **Coverage** (0 silent-miss) · **Completeness** (đủ 4-field) · **Placement** (delta đúng `agent-memory/X`) · **Corruption** (moved-not-cut, no-mojibake/shell-baked) · **Fidelity-FLAG** (nghi bịa/on-behalf → escalate 🟥 reviewer, KHÔNG tự phán). + **🌊 close-gate C5 Layer3 (Harness-10, thay B5 wave-gom):** với MỌI `runs/<run-id>/` của session → **VERIFY per-turn harvest đã xong** (em-main đã viết `runs/<run-id>/<stage>-synthesis.md` phẳng h10-refine — run cũ S71: `harvest/*.md` — NGAY sau mỗi fan-out turn = C4 Layer1) + `_ledger.md` mọi run đã CLOSE-beat (closed≠⏳). 🔴 **IDEMPOTENT — close-gate chỉ VERIFY, KHÔNG re-APPEND** (per-turn đã APPEND rồi → re-APPEND = DUPLICATE-HARVEST). 5-trục GATE giữ làm **backstop**. GATE = run còn `*-synthesis.md` vắng (run cũ S71: `harvest/` rỗng — C8 dual-accept) HOẶC chưa đủ 5-trục thì CHƯA đóng.
- **(g) 🔌 tooling-freshness CHỐT (🟫 tooling-auditor H1 — Harness 1):** spawn → chốt 4-mặt (skill·sub-role·plugin·docs) đổi gì session này + **new-alloc audit** (skill/plugin MỚI chưa phân-bổ → đề-xuất gán em main + sub phù-hợp vai) + flag doc-drift/roster-lệch/count-stale. Propose → em main APPEND/sửa doc (single-writer). 🔴 G-015: 2 monitor = propose-only, em main VERIFY trước APPEND (Bash residual → KHÔNG "read-only enforced").
## Phase 2 — WRITE (update MD/RAG)

11
.claude/commands/session-start.md
View File

@ -68,16 +68,25 @@ Em main xác nhận **lead model resolve được** đầu session. Lead SE = **
> Đầu session: 2 monitor sub BÁO LẠI trạng-thái + **diff vs session trước** (floor Harness 1 H1.2 + H2.2). INFORM-only — em main đọc + VERIFY→APPEND nếu có delta hợp-lệ (B3), KHÔNG sub tự sửa.
- **🟫 tooling-auditor (H1):** spawn → báo tooling-state 4-mặt (skill · sub-role · plugin · docs) + **DIFF vs last-session** (THÊM/ĐỔI/XÓA/stale). Bắt drift doc-vs-thực-tế ngay đầu session (vd roster/count lệch, skill stale, plugin pending).
- **⬜ harvest-curator (H2):** spawn → báo **harvest-MD mới** (workflow-wave / sub-agent / agent-team kể từ last) + **delta mồ-côi chưa-APPEND** + wave-folder tồn-đọng. Bắt 0-byte memory (gotcha #53) + delta chưa thu-hoạch.
- **⬜ harvest-curator (H2):** spawn → báo **harvest-MD mới** (run-trace `runs/<id>/` — file `sub-*`/`*-synthesis.md` phẳng h10-refine / sub-agent / agent-team kể từ last) + **delta mồ-côi chưa-APPEND** + **scan `runs/*/` tìm OPEN-beat (ledger `_ledger.md` cột closed=⏳) mà `*-synthesis.md` vắng (run cũ S71: `harvest/` rỗng) = orphan run** (C5 Layer2 post-exec rescan — bù khi C4 per-turn miss hoặc session trước chết giữa run). Bắt 0-byte memory (gotcha #53) + delta chưa thu-hoạch.
- Cơ-chế = báo-lại-diff đầu session (FORM tự do trình bày). 2 monitor spawn parallel OK. **Light session / hỏi-đáp → có thể skip; bug/feature/multi-agent/wave session → nên chạy.**
### 2.1.2 Memory L2 budget-audit (Harness-9 — 2026-06-17)
> Read-side "vật-chất-tối": archive `agent-memory/<sub>/archive/*.md` KHÔNG vào RAG. Inject **mục-lục** (`archive/_INDEX.md`), nội dung verbatim + `.gist.md` đọc-theo-nhu-cầu. "Inject tấm bản-đồ, KHÔNG inject lãnh-thổ."
- **🌙 Sleep-check (Harness-10b, S72):** trong lúc đọc `memory-budget.json` (cùng file budget-audit), lấy `last_sleep_at` → nếu `null` HOẶC `today last_sleep_at ≥ 7 ngày`**INFORM gợi-ý** chạy `/sleep-recovery-memory-l2 <agent|all>` (nén L2 verbatim→gist additive). 🔴 **KHÔNG auto-run** — anh consent mới chạy.
- Đọc `.claude/agent-memory/memory-budget.json` → so kích-thước THẬT `_INDEX.md` mỗi sub vs cap. Nếu cắt-cho-vừa-ngân-sách đang rớt dấu-mốc quan trọng → **bump budget** (chốt-chặn chống "quên chỉnh ngân sách"). Đo lại bằng `scripts/measure-agent-memory.ps1` (seed-by-measure — KHÔNG đặt cap bằng số tưởng tượng).
- L1 over-cap → curate L1→L2 (byte-exact additive) + build/refresh `_INDEX.md` (con-trỏ **substring** sha-keyed, fallback Ctrl-F) + `<period>.gist.md` (nén 4-field, `distill-gen` counter, verbatim FROZEN). Rollout đầu: 4 over-cap sub (S70).
### 2.1.3 Harness-11 D1 — DÒ+BÁO governance-detectors (2026-06-18 S75)
> Engine bộ-nhớ-và-governance tự-bảo-trì spec → [`docs/governance/harness-11-engine.md`](../../docs/governance/harness-11-engine.md) (canonical — KHÔNG copy luật ở đây, B1). DÒ tự-động; SỬA qua em-main single-writer (D6/D9).
- Chạy `powershell.exe -ExecutionPolicy Bypass -File scripts/governance-detectors.ps1` → báo cờ: **C1** con-trỏ-gãy (gotcha#/wikilink) · **C2/B3** derived-doc stale vs `docs/STATUS.md` canonical (mig#/test#/gotcha#/table#) · **C3** vocab-fork (1-khái-niệm-nhiều-tên). NO-API, **DÒ+NÊU-CỜ-only KHÔNG tự sửa** (D6 tầng). Cờ → em-main soạn bản sửa (gated B4).
- Nấc: detector = LƯỚI giảm-sót (khoảng-mù giữa 2 nhịp), count-token soft-net có false-pos (sev LOW khi |lệch|<10) đọc cờ bằng phán-đoán, KHÔNG auto-fix. **Light/hỏi-đáp session → có thể skip; governance/doc-heavy session → nên chạy.**
### 2.2 Skill registry (6 skill)
- Liệt kê: `contract-workflow` · `form-engine` · `permission-matrix` · `dependency-audit-erp` · `ef-core-migration` · `iis-deploy-runbook`
- Dùng skill khi task khớp (KHÔNG tự suy luận lại). Phân bổ per agent: xem README skill matrix.

117
.claude/commands/sleep-recovery-memory-l2.md Normal file
View File

@ -0,0 +1,117 @@
---
description: Nén verbatim L2 cũ (agent-memory archive/<period>.md) thành gist ADDITIVE (.gist.md file MỚI, KHÔNG đè). CHỈ P1 gist-compress — KHÔNG build index. SCOPE = repo SOLUTION_ERP-only.
argument-hint: <agent | all> (vd — implementer-backend · reviewer · all)
---
# /sleep-recovery-memory-l2 — Giấc ngủ L2 (sleep-compress, P1-only) · SE
> Trigger nén L2 dark-matter. **CHỈ** xử lý `.claude/agent-memory/<name>/archive/<period>.md` (verbatim cũ) → sinh `<period>.gist.md` (**FILE MỚI, additive**). KHÔNG đụng L1 (`MEMORY.md`) · KHÔNG đụng RAG/L3 · KHÔNG build `_INDEX.md` (đó = P2 archival-event, không nằm trong command này).
> 🔴 **Scope:** CHỈ repo **SOLUTION_ERP** (self=`se`). KHÔNG đụng repo khác / corpus federated.
> 🔴 **Phân-vai (Cách-B):** lead = em-main single-writer (B3) · `harvest-curator` PROPOSE-ONLY (charter cấm-ghi → substring:"KHÔNG ghi/sửa BẤT KỲ file") · `reviewer` gate Fidelity (lead KHÔNG tự chấm, G-001).
>
> 📌 **NOTE — provenance:** Command này **port từ AI_INFRA** `/sleep-recovery-memory-l2` (`D:/Dropbox/CONG_VIEC/AI_INFRA/.claude/commands/sleep-recovery-memory-l2.md`) + design (AI_INFRA repo — KHÔNG có bản SE-local) `D:/Dropbox/CONG_VIEC/AI_INFRA/docs/architecture/MEMORY-SLEEP-RECOVERY-L2-DESIGN-v3.md` §4 + §10-P1. Bản gốc gate **§J2 = AI_INFRA-only (no-sister)**; ở đây anh yêu-cầu port để **parity** → scope tailor thành **SE-repo-only** (KHÔNG đụng sister/corpus khác). KHUNG federated giữ nguyên (function-floor), CHỈ tailor form theo SE (roster · path · 4-field tiếng Việt · pointer-style · gotcha#).
**Tham số:** `$ARGUMENTS` — 1 agent (vd `implementer-backend`) HOẶC `all`. Trống → hỏi anh chọn, **KHÔNG mặc-định `all`**.
## 📋 BƯỚC 0 — Show command body (visibility, no wait)
Em main PHẢI echo **TOÀN BỘ nội dung command body này** (đầy đủ Phase 0-5 + tất cả guard rule) trong response đầu tiên ĐỂ ANH USER ĐỌC LẠI.
**Quy trình (KHÔNG wait confirm):**
1. Em echo full content command (raw markdown, KHÔNG tóm tắt, KHÔNG cắt)
2. Em proceed execute Phase 0 → 5 sequential ngay
3. Anh user điều chỉnh **cuối** nếu cần (KHÔNG mid-flow interrupt)
## 🎯 Mục đích (function-floor)
Nén **verbatim L2 cũ** thành **gist súc-tích** mà KHÔNG mất signal-quan-trọng:
- **ADDITIVE (B3/§F1/G-009):** gist = ghi ra **file MỚI** `archive/<period>.gist.md`. **KHÔNG đè** `<period>.md` (verbatim) → verbatim ở-lại-đĩa (git history giữ nguyên). Đây là cách giải B3-data-loss: nén KHÔNG phá nguồn.
- Kết quả: 1 verbatim file dài + 1 gist file ngắn cùng kỳ. Lookup sâu vẫn Read verbatim; đọc nhanh đọc gist.
- 🔴 **KHÔNG ép L1 nhỏ hơn 30KB** (design BỎ — rotation L1→L2 là function per-project; L1-cap-audit của SE đã sống ở `/session-start §2.1.2` + `memory-budget.json`, KHÔNG phải việc của command này).
## 👥 SE roster — target hợp-lệ
`all` = **9 sub có-ký-ức** của SE:
`investigator-codebase · investigator-api · implementer-backend · implementer-frontend · test-specialist · reviewer · cicd-monitor · frontend-designer · database-agent`.
> 🟡 **harvest-curator + tooling-auditor = INFORM-only monitor** (KHÔNG vào `all` mặc-định). CHỈ xử-lý nếu chúng **thật-sự có** `archive/<period>.md` verbatim (Phase 0.2 phát-hiện) — gọi tay đích-danh tên.
> Thực-tế hiện-tại (đo S71, `memory-budget.json`): chỉ **4/9** sub có archive-content — `cicd-monitor · implementer-backend · investigator-codebase · reviewer`. 5 sub còn-lại archive rỗng/chưa-có → `all` tự skip (Phase 0.2 guard-rỗng). Con-số này = báo-cáo runtime, KHÔNG hardcode: luôn quét đĩa thật.
## Trigger (2 đường)
| Đường | Cơ chế |
|---|---|
| **Tay** | Anh gõ `/sleep-recovery-memory-l2 <agent\|all>` bất kỳ lúc nào |
| **Auto-check (INFORM-only)** | `/session-start` + `/session-end` đọc `last_sleep_at` trong `.claude/agent-memory/memory-budget.json` → nếu `today last_sleep_at ≥ 7` (ngày) → **gợi-ý** chạy command (INFORM anh, **KHÔNG tự-chạy autonomous**). Anh consent → chạy. |
> 🔴 **State-file `last_sleep_at` có 1 home DUY NHẤT:** `.claude/agent-memory/memory-budget.json` (root-key `last_sleep_at`, cạnh `tiers`/`measured`). KHÔNG ghi ở `_INDEX.md` / nơi khác. *(SE đặt budget-file trong `agent-memory/`, KHÁC AI_INFRA gốc đặt `.claude/memory-budget.json` — đây là tailor path SE.)* Field `last_sleep_at` **đã thêm** (null baseline, S72) vào budget-file SE — auto-check **đã wired** ở `/session-start §2.1.2` + `/session-end §L.b(c)` (đọc field → INFORM gợi-ý nếu null/≥7d). Lần sleep đầu lead set `= today` (Phase 4.4). Lead = single-writer field này (B3).
## Phase 0 — Prep (em main / lead)
1. Parse `$ARGUMENTS` → list agent target. `all` → 9 sub có-ký-ức SE (xem roster ở trên). Agent lạ (không có dir `.claude/agent-memory/<name>/`) → cảnh-báo + skip. `harvest-curator`/`tooling-auditor` chỉ chạy nếu gọi tay đích-danh **và** có archive thật.
2. Mỗi agent: liệt-kê `archive/<period>.md` (verbatim) **đủ cũ** (per-project aging, size-driven — KHÔNG federated-time). **Guard-rỗng:** agent KHÔNG có `archive/` hoặc 0 file `<period>.md` → skip (0 token). Bỏ qua file nào ĐÃ có `<period>.gist.md` tương-ứng (tránh nén lại).
3. 🛡️ **double-distill guard (đọc header TRƯỚC khi làm):** nếu **gist nguồn/đối-tượng** đã chứa counter `distill-gen: N` với `N ≥ 1` → đã là sản-phẩm distill → **REFUSE pass-2 tự-động** (skip, log lý-do). Chỉ nén nguồn **verbatim gen-0** (file `<period>.md` chưa-từng-distill). *(SE thực-tế: có gist đã ở `distill-gen: 2` — investigator-codebase 2026-06 — guard PHẢI bắt; KHÔNG nén `.gist.md`, chỉ nén `.md` verbatim.)*
4. Đọc `.claude/agent-memory/memory-budget.json` lấy `last_sleep_at` (xác-nhận đủ 7-ngày nếu đường auto). Field vắng → coi như "chưa từng sleep" (đường tay vẫn chạy bình-thường).
## Phase 1 — GATHER + DEDUP (harvest-curator PROPOSE-ONLY)
> `harvest-curator` charter **cấm-ghi-file** → output = **proposal MD** (text trả-về), KHÔNG Write.
Spawn `harvest-curator` đọc từng verbatim file target → đề-xuất **bản nén nháp**:
- Gom entry trùng/liên-quan (dedup spawn-record cùng-chủ-đề across nhiều ngày/session).
- Đánh **importance-tag** mỗi cụm: `{cao · vừa · thấp}` (khớp nhãn giá-trị-tái-dùng SE đang dùng trong gist hiện-có).
- Trả proposal (KHÔNG ghi đĩa). Lead nhận → Phase 2 distill + verify.
## Phase 2 — DISTILL (method)
Lead distill proposal thành gist theo 4 bước:
1. **4-field giữ-khung (SE):** mỗi entry gốc = spawn-record **`VIỆC · KẾT-LUẬN(+commit/file:line) · BÀI-HỌC · BẤT-NGỜ`**. Nén = rút-gọn câu-chữ, **KHÔNG bỏ field**. *(Đây là form SE — tương-đương `task · verdict · learned · surprise` bản gốc.)*
2. **GỘP:** cụm entry cùng-chủ-đề → 1 entry tổng-hợp (cite ngày/session gốc + **pointer back-resolve** vào verbatim).
3. **reflection-synthesis:** rút **3 tới 5 entry mỗi file** (meta-insight cấp cao hơn liệt-kê thô), KHÔNG vượt 5.
4. **importance-tag drop:** **drop `thấp` TRƯỚC** khi cần cắt độ-dài. `cao`/`vừa` giữ. ratio nén = **báo-cáo KHÔNG phải target** (KHÔNG cắt để đạt con-số).
🔴 **Pointer-style SE (khớp gist hiện-có):** mỗi dòng kết bằng back-resolve `→ substring:"<unique>"` grep-UNIQUE vào verbatim file đã-tên — git-SHA / Mig-name / Run#NNN / unique-phrase keyed (ngày bị collide). **NO line-hint** (additive append làm xê dòng).
🔴 **Header gist file BẮT BUỘC** có counter `distill-gen: 1` (sản-phẩm distill thế-hệ-1 → chặn pass-2 sau này per Phase 0.3) + ghi rõ `source-verbatim` (tên file + #record) + `pointer-style: substring`. *(Nếu hiếm-hoi distill từ gist gen-1 — chỉ khi anh ép tay đè guard — stamp `distill-gen: 2`.)*
## Phase 3 — GATE (coverage-diff DETERMINISTIC + Fidelity)
> Gate = chốt-chặn mất-signal. 2 lớp.
**(a) coverage-diff DETERMINISTIC (lead scan, rẻ, LUÔN chạy):**
- Mọi **`{surprise · guard · file:line · root-cause · gotcha#}`** xuất-hiện trong verbatim **PHẢI** xuất-hiện (hoặc đánh `N/A` có-chủ-đích) trong gist. *(SE thêm `gotcha#` so với 4-token gốc — khớp rule `memory-budget.json` l2_gist: "every surprise/guard/file:line/root-cause/gotcha# in verbatim must survive".)*
- Cơ-chế: grep các loại token trên ↔ đối-chiếu gist (Grep tool). Thiếu bất-kỳ → **FAIL** → bổ vào gist TRƯỚC khi tiếp.
- **ratio nén = báo-cáo** (đo để biết), KHÔNG phải target/floor — KHÔNG ép gist nhỏ-đi để đạt ratio đẹp.
**(b) Fidelity gate (reviewer escalate):**
- `harvest-curator` Fidelity-FLAG → escalate `reviewer` chấm **keep-vs-drop** (entry nào nén/drop có đúng không, gist có bịa / lệch nghĩa không).
- Lead KHÔNG tự chấm Fidelity (G-001). reviewer PASS → ghi. FAIL → re-distill đúng sự-thật. *(reviewer no-StructuredOutput / chết ×2 → self-gate-fallback bằng evidence-checklist hợp-lệ, ghi rõ trong report — feedback agent-kill-recovery.)*
## Phase 4 — WRITE (lead single-writer, B3)
1. **Tool-ghi:** `Write` (file mới) / `Edit` — 🔴 **G-009: KHÔNG** PowerShell `Add-Content` / bash here-string. UTF-8 no-BOM.
2. Ghi `archive/<period>.gist.md` (file MỚI). **KHÔNG** chạm `<period>.md` verbatim (additive).
3. **G-009 post-scan (BẮT BUỘC sau ghi):** Grep mojibake (`§` · `â†` · `ðŸ` · `KHÃ` — seq cụ-thể, né bare-`Ã`) + dollar-expansion (`/usr/bin/bash`) trên file vừa ghi → **phải sạch**. Bẩn → de-corrupt qua Write tool.
4. Cập-nhật `.claude/agent-memory/memory-budget.json` field `last_sleep_at = <today>` (root-key; **thêm mới nếu chưa có**). B3 single-writer, Write/Edit. 🔴 KHÔNG hand-edit `measured_bytes` (chỉ script `scripts/measure-agent-memory.ps1` được sửa số đo) — chỉ chạm `last_sleep_at`.
## Phase 5 — REPORT + COMMIT
1. **Report:** mỗi agent xử-lý → `{verbatim-file · gist-file MỚI · #entry trước→sau · ratio (báo-cáo) · importance-drop thấp=N · coverage-diff PASS/FAIL · Fidelity PASS/self-gate}`.
2. **Commit** (anh OK): `[CLAUDE] Memory: sleep-compress L2 <agent> — <period>.gist.md additive`
- Scope = `Memory`. 🔴 `git add` **file cụ-thể** (KHÔNG `-A`/`.` — secret-leak risk; feedback rag-mcp).
- verbatim KHÔNG đổi → KHÔNG trong diff (chỉ `.gist.md` mới + `memory-budget.json` `last_sleep_at`).
- 🔴 docs-only path → CI skip (`paths-ignore`, gotcha #41) — commit này 0s.
---
## ⚠️ Guards (đọc kỹ)
- 🔴 **Additive-only:** gist = file MỚI. TUYỆT-ĐỐI KHÔNG đè/sửa/xóa verbatim `<period>.md` (B3 · §F1 · G-009 data-loss).
- 🔴 **CHỈ P1 gist-compress:** command này KHÔNG build `_INDEX.md` (= P2 archival-event riêng, sub tự-ghi lúc rời L1→L2) · KHÔNG inject read-side · KHÔNG đụng L1/RAG/L3.
- 🔴 **double-distill refuse:** `distill-gen ≥ 1` ở đối-tượng → skip (Phase 0.3). Gist mới luôn stamp `distill-gen: 1`. Chỉ nén verbatim `<period>.md` gen-0 (KHÔNG nén `.gist.md`).
- 🔴 **coverage-diff = deterministic gate:** surprise/guard/file:line/root-cause/**gotcha#** thiếu → FAIL, KHÔNG ship. ratio = metric KHÔNG target.
- 🔴 **Phân-vai cứng (Cách-B):** lead Write+commit (B3 single-writer) · harvest-curator PROPOSE-ONLY (charter cấm-ghi) · reviewer gate Fidelity (G-001 lead-không-tự-chấm).
- 🔴 **KHÔNG ép L1 < 30KB** (design BỎ — không phải scope command này; L1-cap-audit sống ở `/session-start §2.1.2`).
- 🔴 **Scope SE-repo-only:** CHỈ agent-memory `.claude/agent-memory/**` của SOLUTION_ERP. KHÔNG đụng repo/corpus khác (port-từ §J2-AI_INFRA, tailor parity — xem NOTE đầu file).
- 🔴 **G-009 tool-ghi:** Write/Edit only + post-scan mojibake/dollar-exp.
- 🔴 **last_sleep_at single home:** chỉ `.claude/agent-memory/memory-budget.json` root-key — KHÔNG nơi khác.

4
.claude/skills/README.md
View File

@ -17,7 +17,7 @@ Skill này là tài liệu chuyên biệt để Claude (và developer khác) dù
| Skill | Mục đích | Trigger ví dụ | Trạng thái |
|---|---|---|---|
| `dependency-audit-erp` | Scan CVE NuGet + npm 2 FE, respect pin constraint (MediatR 12.4.1, Swashbuckle 6.9.0) | "npm audit", "dotnet vulnerable", "deps scan", "nâng cấp package" | ✅ New Tier 3 |
| `ef-core-migration` | Tạo/revert EF Core 10 migration, 3-file rule, DesignTimeDbContextFactory, **53 migration history** (Init → AddPeUrgentAndCeoApprovalThreshold Mig 53) | "thêm migration", "EF migration", "schema update", "snapshot lỗi" | ✅ Updated S69 (Mig 53 PE cờ gấp PRO/CCM + CCM duyệt-final theo ngưỡng) |
| `ef-core-migration` | Tạo/revert EF Core 10 migration, 3-file rule, DesignTimeDbContextFactory, migration history (mới nhất Mig 55; số → `docs/STATUS.md`) | "thêm migration", "EF migration", "schema update", "snapshot lỗi" | ✅ Updated S74 (Mig 55 PE CcmNote) |
| `iis-deploy-runbook` | 3 IIS site + win-acme cert + gitea-runner + LibreOffice + debug 500/502/SignalR prod + **G-084 IPv4/IPv6 hardening** | "prod 500", "IIS fail", "cert hết hạn", "restart app pool", "deploy IIS", "port hijack" | ✅ Updated (G-084) |
## Format chuẩn 1 skill
@ -87,5 +87,5 @@ when-to-use:
## Related
- `docs/CLAUDE.md` — quick rules + full stack context
- `docs/gotchas.md` 68 bẫy đã gặp (latest #68 IDE TS diagnostic giữa background-agent/workflow = snapshot dở-dang → chỉ tin build sạch sau-cùng, S69; #67 Tailwind v4 accent palette thiếu-stop vỡ-màu im-lặng; #66 rule `h1-h4{color}` unlayered thắng utility `text-white`, S68; #65 build csproj con ≠ `dotnet build SolutionErp.slnx` → miss test-compile → CI CS7036 FAIL-gated)
- `docs/gotchas.md` — bẫy đã gặp (số hiện tại → `docs/STATUS.md`; latest #69 FE bundle-hash non-deterministic + deploy rebuild-FE-unconditional, S72; #68 IDE TS diagnostic giữa background-agent/workflow = snapshot dở-dang → chỉ tin build sạch sau-cùng, S69; #67 Tailwind v4 accent palette thiếu-stop vỡ-màu im-lặng; #66 rule `h1-h4{color}` unlayered thắng utility `text-white`, S68)
- `docs/changelog/migration-todos.md` — roadmap 5 phase + Tier 3

2
.claude/skills/dependency-audit-erp/SKILL.md
View File

@ -150,6 +150,6 @@ Lưu vào `docs/changelog/deps-audit-{YYYY-MM-DD}.md` nếu có action.
## Related
- `docs/gotchas.md` 68 bẫy package compat / CI / IIS / Identity / per-NV refactor / SQLite tie-break đã gặp
- `docs/gotchas.md` — bẫy package compat / CI / IIS / Identity / per-NV refactor / SQLite tie-break đã gặp (số hiện tại → `docs/STATUS.md`)
- `docs/changelog/migration-todos.md` Phase 5.1 — checklist deps scan CI
- `SolutionErp.slnx` + `global.json` — .NET version pin

13
.claude/skills/ef-core-migration/SKILL.md
View File

@ -1,6 +1,6 @@
---
name: ef-core-migration
description: Tạo/sửa/revert EF Core 10 migration cho SOLUTION_ERP. Dùng khi thêm entity mới, thay đổi schema, rollback migration, debug DesignTimeDbContextFactory fail. Đã có 53 migration sẵn (Init → AddPeUrgentAndCeoApprovalThreshold Mig 53, S69). Snapshot + Designer + Migration 3-file rule bắt buộc commit đủ.
description: Tạo/sửa/revert EF Core 10 migration cho SOLUTION_ERP. Dùng khi thêm entity mới, thay đổi schema, rollback migration, debug DesignTimeDbContextFactory fail. Đã có nhiều migration (số hiện tại → docs/STATUS.md canonical; mới nhất Mig 56 AddProBudgetSplitToPeWorkItemBudget, S76). Snapshot + Designer + Migration 3-file rule bắt buộc commit đủ.
when-to-use:
- "thêm migration"
- "EF Core migration"
@ -16,7 +16,7 @@ when-to-use:
> **Context:** .NET 10 + EF Core 10 + SQL Server. DbContext: `ApplicationDbContext` ở `Infrastructure/Persistence/`. Startup: `SolutionErp.Api`.
## Migration history (53 migration hiện có)
## Migration history (số hiện tại → `docs/STATUS.md` canonical; mới nhất Mig 56)
| # | Name | Tables added / changed |
|---|---|---|
@ -73,8 +73,11 @@ when-to-use:
| **51** | **`AddDepartmentParentId`** | **🎯 S65 — Department.ParentId `Guid?` loose-Guid (KHÔNG FK vật lý — org-tree phân cấp; `GET /departments/tree` ráp cây in-memory + rollup count theo `User.DepartmentId` + cycle-guard HashSet chặn tự-cha + vòng A→B→A). AddColumn-only, no new table.** |
| **52** | **`AddHoSoLinkToPurchaseEvaluation`** | **🎯 S65 — PE.HoSoLink `nvarchar(1000)?` hyperlink NAS (mục "e. Link hồ sơ", FE `<a target=_blank rel=noopener>` null-safe). AddColumn-only, no new table.** |
| **53** | **`AddPeUrgentAndCeoApprovalThreshold`** | **🎯 S69 — PE +`IsUrgentByPro`/`IsUrgentByCcm` (bit, cờ gấp PRO đỏ/CCM xanh) + ApprovalWorkflow +`CeoApprovalThreshold` `decimal(18,2)?` (ngưỡng gói CEO — CCM role CostControl duyệt-final khi winnerQuoteTotal < ngưỡng). 3 AddColumn, no new table. anh Kiệt FDC.** |
| **54** | **`AddPeSuggestedAndApprovedPrice`** | **🎯 S73 PE +5 cột giá đề xuất (ProSuggestedMin/Max + CcmSuggested + ApprovedPriceAmount + ApprovedPriceSource) additive-nullable CEO chọn giá chốt + CCM duyệt-done opt-in. anh Kiệt FDC go-live 22/06.** |
| **55** | **`AddCcmNoteToPeWorkItemBudget`** | **🎯 S74 PeWorkItemBudget +`CcmNote nvarchar(1000)?` (ô "Ghi chú từ CCM" mirror ProNote). AddColumn-only, no new table.** |
| **56** | **`AddProBudgetSplitToPeWorkItemBudget`** | **🎯 S76 PeWorkItemBudget +`ProInitialAmount`+`ProAdjustmentAmount` decimal(18,2)? (cột PRO "Ban hành lần đầu"+"V0/hiệu chỉnh", mirror CCM Initial/Adjustment). AddColumn additive + `Sql()` data-migrate `ProInitial=ProEstimate WHERE ProEstimate NOT NULL` (4 rows prod, gotcha #64). no new table. Form ngân sách MA TRẬN 3 cột Dự án/PRO/CCM (bảng lưới `<table>`).** |
Total: **88 bảng** dbo + `__EFMigrationsHistory` (re-ground S62 cicd `sys.tables`; last Mig 50 net 9388 Mig 51+52 đều AddColumn-only, không đổi số bảng). Xem `docs/database/schema-diagram.md` migration table + §11-15 module ERD 16+ Mig 27-52 chi tiết pending).
Total: **88 bảng** dbo + `__EFMigrationsHistory` (re-ground S62 cicd `sys.tables`; last schema-changing Mig 50 net 9388 Mig 51-55 đều AddColumn-only, không đổi số bảng). Xem `docs/database/schema-diagram.md` migration table + §11-15 module ERD 16+ Mig 27-55 chi tiết pending).
## N-stage workflow pattern (Mig 18-20 — Session 12-13)
@ -282,7 +285,7 @@ sqlcmd -S .\SQLEXPRESS -d SolutionErp -U vrapp -P <pw> -i migrate.sql
## Code pointers
- `src/Backend/SolutionErp.Infrastructure/Persistence/ApplicationDbContext.cs` DbSet cho 88 bảng (53 migration)
- `src/Backend/SolutionErp.Infrastructure/Persistence/ApplicationDbContext.cs` DbSet cho 88 bảng (số migration `docs/STATUS.md`)
- `src/Backend/SolutionErp.Infrastructure/Persistence/DesignTimeDbContextFactory.cs` EF tooling factory
- `src/Backend/SolutionErp.Infrastructure/Persistence/DbInitializer.cs` seed + warn + migrate runtime + backfill (idempotent reconcile pattern)
- `src/Backend/SolutionErp.Infrastructure/Persistence/Configurations/` IEntityTypeConfiguration<T> per entity
@ -291,5 +294,5 @@ sqlcmd -S .\SQLEXPRESS -d SolutionErp -U vrapp -P <pw> -i migrate.sql
## Related
- `docs/database/database-guide.md` — conventions + migration workflow chi tiết
- `docs/database/schema-diagram.md`**ERD 88 bảng** + §11 PE + §12 ~~Budget~~ (REMOVED Mig 50) + §13 PEDeptOpinions (Mig 15) + §14 ApprovalWorkflow V2 (Mig 22-25) + §15 PE Level Opinions V2 (Mig 26); §16+ Mig 27-52 detail pending (xem migration table)
- `docs/database/schema-diagram.md`**ERD 88 bảng** + §11 PE + §12 ~~Budget~~ (REMOVED Mig 50) + §13 PEDeptOpinions (Mig 15) + §14 ApprovalWorkflow V2 (Mig 22-25) + §15 PE Level Opinions V2 (Mig 26); §16+ Mig 27-55 detail pending (xem migration table)
- `docs/gotchas.md` #7, #17, #38 — migration pitfalls + Identity 4-field rename

63
.claude/workflows/README.md
View File

@ -1,47 +1,52 @@
# `.claude/workflows/` — Workflow + wave-folder convention (Harness 2)
# `.claude/workflows/` — Workflow fan-out + run-trace convention (Harness-10)
> **Mục đích:** convention cho HMW workflow fan-out + **wave-folder memory-isolation** (adopt AI_INFRA Harness 2, anh 06-07). Canonical rule: AI_INFRA `CANONICAL-RULES.md` §J4 (return-delta default) + §J6 (wave-mode + agent-team) — pull qua `cross_project_search`, KHÔNG copy. Tailor SE 8-role roster + S1 scope.
> **Mục đích:** convention cho HMW workflow fan-out + **run-trace folder** (mỗi workflow run → 1 thư mục `runs/<run-id>/` git **TRACKED**, gom plan + per-sub + synthesis + ledger 2-nhịp). Adopt AI_INFRA Harness-10 (anh 06-18) — kế thừa wave-folder memory-isolation Harness-2 nhưng **đổi từ transient-gitignored sang tracked-run-folder** để audit trực-tiếp qua git-diff. 🆕 **Cấu trúc PHẲNG (h10-refine 06-18):** file phẳng cùng cấp trong run-folder (phân biệt RAW vs VERIFIED bằng TÊN), KHÔNG subfolder. Canonical rule: AI_INFRA `CANONICAL-RULES.md` §J4 (return-delta default) + §J6 (run-trace + agent-team) — pull qua `cross_project_search`, KHÔNG copy. Tailor SE 9-role roster + S1 scope.
## Files (tracked)
- `hmw.js` — HMW P2 fan-out script. 2 mode: DEFAULT return-delta-only (§J4) · WAVE-MODE (§J6, `args.wave`).
- `hmw.js` — HMW P2 fan-out script. 2 mode: DEFAULT return-delta-only (§J4) · RUN-TRACE mode (§J6, `args.run`).
- `README.md` — file này (convention).
- `wave-<tên>/`**gitignored** (`.gitignore:93` `.claude/workflows/wave-*/`), transient per-workflow.
- `runs/`**git TRACKED** (qua negation `.gitignore:83 !.claude/**`), không gitignore. Mỗi workflow run = 1 sub-folder `runs/<run-id>/`. Xem `runs/README.md` cho cấu trúc chi-tiết (FLAT) + ledger 2-nhịp + 3-layer anti-miss + C8 migration + detector-tailored-out.
## 2 MODE memory (ADD — anh 06-07, KHÔNG thay return-delta)
## Run-trace = mỗi workflow run → `runs/<run-id>/` TRACKED (FLAT)
Mỗi lần chạy workflow fan-out (RUN-TRACE mode) → **1 thư mục run** git theo dõi, file **phẳng cùng cấp**:
| | DEFAULT return-delta-only (§J4) | WAVE-MODE (§J6, Harness 2) |
```
.claude/workflows/runs/<run-id>/ ← TRACKED · FLAT h10-refine (hiện trong git-diff = audit trực-tiếp)
├── run.md ← Run-MD chính — EM MAIN ghi @P1 (plan + agents-table + spec + guards + status OPEN→CLOSE)
├── sub-<role>-<i>.md ← per-sub RAW (prefix `sub-`) — full detail (write-sub ghi @P2 · read-only sub → em main scribe @P3)
└── <stage>-synthesis.md ← gom/VERIFIED (suffix `-synthesis.md`) — EM MAIN ghi NGAY sau mỗi fan-out turn (C4 per-turn primary)
```
Phân biệt RAW (prefix `sub-`) vs VERIFIED (suffix `-synthesis.md`) bằng **TÊN file**, KHÔNG subfolder. **C8:** 5 run cũ S71 (`h10-invest``h910-curate`) giữ `sub-md/`+`harvest/` (đừng rewrite history); close-gate chấp nhận CẢ HAI dạng.
- `runs/_ledger.md` — sổ run **2-nhịp**: ghi **OPEN-beat** lúc mở run + **CLOSE-beat** (timestamp + verdict + harvest) lúc đóng. **Orphan** = OPEN mà không CLOSE → phải giải-quyết-cứng (điều tra + đóng tay hoặc đánh-dấu aborted). Chi-tiết `runs/README.md`.
## 2 MODE memory (anh 06-07, KHÔNG thay return-delta)
| | DEFAULT return-delta-only (§J4) | RUN-TRACE mode (§J6) |
|---|---|---|
| Khi dùng | fan-out NHẸ (~2-3 phút, read/analyze — vd recon wave) | workflow DÀI / sinh nhiều detail |
| Sub ghi file? | KHÔNG — chỉ return `memoryDelta` | GHI full-detail vào `wave-<tên>/sub-<role>-<i>.md` |
| Lead làm | VERIFY + APPEND @P3 (B3) | đọc wave on-demand + H2 gom @session-end (B5) |
| Rủi ro mất detail | có (delta lossy) — chấp nhận cho việc nhẹ | KHÔNG (full-detail giữ isolated) |
| Khi dùng | fan-out NHẸ (~2-3 phút, read/analyze — vd recon) | workflow DÀI / sinh nhiều detail / cần audit-trail |
| Sub ghi file? | KHÔNG — chỉ return `memoryDelta` + `findings` | write-sub GHI full-detail vào `runs/<run-id>/sub-<role>-<i>.md` (phẳng); read-only sub → `findings` + `subMdPath` → em main scribe |
| Lead làm | VERIFY + APPEND @P3 (B3) | đọc `sub-<role>-<i>.md` on-demand + ghi `<stage>-synthesis.md` per-turn (C4) + H2 gom @session-end (B5, backstop) |
| Rủi ro mất detail | có (delta lossy) — chấp nhận cho việc nhẹ | KHÔNG (full-detail giữ trong run-folder tracked) |
> Mặc định DEFAULT. WAVE-MODE chỉ bật khi workflow dài/nhiều detail (set `args.wave`). KHÔNG bắt mọi fan-out wave-folder.
> Mặc định DEFAULT. RUN-TRACE chỉ bật khi workflow dài/nhiều detail/cần dấu-vết (set `args.run = {name, dir}`). KHÔNG bắt mọi fan-out tạo run-folder.
## Wave-folder structure (WAVE-MODE)
```
.claude/workflows/wave-<tên>/ ← gitignored (transient; H2 gom rồi → có thể xóa sau commit)
├── wave.md ← Wave-MD chính — EM MAIN ghi @P1 (task-list + vai + spec + status + harvest-state)
├── sub-<role>-<i>.md ← sub-MD — SUB tự ghi @P2 (vd sub-investigator-codebase-0.md) — full working detail
└── _harvest.md ← H2 (harvest-curator) ghi propose @session-end (gom gì về agent-memory nào)
```
## Quy trình WAVE-MODE (B1B6)
1. **B3 SCAFFOLD TRƯỚC (em main @P1):** tạo folder `wave-<tên>/` + `wave.md` (task-list + vai rõ). ⚠️ `hmw.js` chạy JS-sandbox **no-filesystem** → KHÔNG tự tạo folder; **em main Write @P1** TRƯỚC khi invoke Workflow.
2. **B1 spawn-from-real-sub:** mỗi task `role ∈ VALID_ROLES` (8 sub) → workflow-agent = sub THẬT (`agentType` inherit memory-pack slice + skill identity), KHÔNG agent vô-danh.
3. **B4 phân-quyền TOOL-AWARE:** `hmw.js` inject vào prompt mỗi sub đường-dẫn `sub-<role>-<i>.md` + lệnh ghi ĐÚNG file đó.
## Quy trình RUN-TRACE (B1B6)
1. **B3 SCAFFOLD TRƯỚC (em main @P1):** tạo `runs/<run-id>/` + `run.md` (FLAT — KHÔNG cần `sub-md/`/`harvest/` subfolder hay `.gitkeep`; file `sub-*`/`*-synthesis.md` sinh phẳng cùng cấp khi fan-out chạy), **và ghi OPEN-beat vào `runs/_ledger.md`**. ⚠️ `hmw.js` chạy JS-sandbox **no-filesystem** → KHÔNG tự tạo folder; **em main Write @P1** TRƯỚC khi invoke Workflow. (Đây là fragile-point — quên scaffold = run mất dấu-vết âm-thầm; xem `runs/README.md` §C7.)
2. **B1 spawn-from-real-sub:** mỗi task `role ∈ VALID_ROLES` (9 sub) → workflow-agent = sub THẬT (`agentType` inherit memory-pack slice + skill identity), KHÔNG agent vô-danh.
3. **B4 phân-quyền TOOL-AWARE:** `hmw.js` inject vào prompt mỗi sub đường-dẫn `runs/<run-id>/sub-<role>-<i>.md` (phẳng) + lệnh ghi ĐÚNG file đó.
- **Write sub (CÓ Write/Edit):** implementer-backend · implementer-frontend · test-specialist · frontend-designer → ghi-direct sub-MD via Write/Edit.
- **Read-only sub (CH Bash):** investigator-codebase · investigator-api · reviewer · cicd-monitor → 🔴 KHÔNG Bash-write MD (mojibake) → full-detail vào `findings` + `subMdPath`**em main scribe @P3** (single-writer).
4. **B6 ISOLATION (AUDIT cẩn-thận):** sub CHỈ ghi `wave-<tên>/sub-*.md` (+ code-file-disjoint nếu giao). 🔴 KHÔNG ghi `agent-memory/*` chính · KHÔNG MD canonical (CLAUDE/README/STATUS/agents) · KHÔNG sub-MD agent khác. **Em main `git status`/`git diff` + chunk-count sau P2**tracked-file đổi NGOÀI code-disjoint = **vi-phạm** (wave-folder gitignored nên KHÔNG hiện trong diff = sạch). Verify pattern bằng `git check-ignore -v` (test match thật, đừng tin .gitignore text).
5. **B5 HARVEST (⬜ harvest-curator H2 @session-end §L.b(f)):** đọc `wave-<tên>/sub-*.md` → 5-trục integrity → đề-xuất em main consolidate APPEND vào `agent-memory/<role>` sub tương-ứng → sub-chính có đầy-đủ memory. Ghi `_harvest.md` propose.
- **Read-only sub (CH Bash):** investigator-codebase · investigator-api · reviewer · cicd-monitor → 🔴 KHÔNG Bash-write MD (mojibake) → full-detail vào `findings` + `subMdPath`**em main scribe @P3** (single-writer).
4. **B6 ISOLATION (AUDIT cẩn-thận):** sub CHỈ ghi trong `runs/<run-id>/` (file `sub-<role>-<i>.md` phẳng của mình) + code-file-disjoint nếu giao. 🔴 KHÔNG ghi `agent-memory/*` chính · KHÔNG MD canonical (CLAUDE/README/STATUS/agents) · KHÔNG sub-MD agent khác. **Em main `git status`/`git diff` + chunk-count sau P2****run-folder TRACKED → mọi write trong run-folder HIỆN trong diff = audit trực-tiếp**; tracked-change NGOÀI `runs/<run-id>/` NGOÀI code-disjoint đã giao = **vi-phạm** (thay model Harness-2 B6 "mọi tracked-change = vi-phạm"). Verify pattern bằng `git check-ignore -v` (test match thật, đừng tin .gitignore text — bẫy exit-code: dùng `&& IGNORED || NOT`).
5. **B5 HARVEST (per-turn primary C4 + close-gate backstop):** em main ghi `<stage>-synthesis.md` (phẳng) **NGAY sau mỗi fan-out turn** (đọc `sub-<role>-<i>.md` + findings → 5-trục integrity → consolidate). @session-end ⬜ harvest-curator H2 §L.b(f) **VERIFY per-turn harvest đã xong cho mọi `runs/<id>/`** (idempotent — KHÔNG re-APPEND, chống DUPLICATE-HARVEST) + giữ 5-trục GATE làm backstop, rồi đề-xuất em main APPEND vào `agent-memory/<role>` sub tương-ứng.
## Agent-team (`.claude/agent-teams/<tên>/` — gitignored `.gitignore:94`)
- Cùng nguyên-lý isolation: teammate **KHÔNG có memory-dir built-in** (khác subagent) → folder riêng cho teammate ghi MD-session (A1, tránh overwrite memory chuẩn).
- Team spawn TỪ **sub-agent chính có memory dự-án rõ-ràng** (A2 — mang identity/skill sub thật trong 8 roster).
- H2 harvest-curator gom `.claude/agent-teams/<tên>/` → agent-memory tương-ứng (giống wave).
- Team spawn TỪ **sub-agent chính có memory dự-án rõ-ràng** (A2 — mang identity/skill sub thật trong 9 roster).
- H2 harvest-curator gom `.claude/agent-teams/<tên>/` → agent-memory tương-ứng (giống run-trace).
- ⚠️ **Caveat: Agent-Team experimental + Windows 11 in-process only** (no split-pane) → SE **CHƯA dùng team thật** → A = **convention-ready** (n-a runtime), cơ-chế isolation chung qua workflow.
## Guard
- **S1:** Workflow CHỈ repo SOLUTION_ERP — KHÔNG fan-out repo/corpus khác (`cross_project_search` = READ reference only).
- **S2/S3:** chỉ chạy khi HMW-mode ON (`/ultra-on` → marker `.claude/hmw-mode.on`) + checkpoint INFORM (`hmw.js` throw nếu `checkpointApproved≠true`) + sub KHÔNG spawn sub.
- **G-015 accuracy:** isolation = defense-in-depth (gitignore wave-*/ + em main git-diff post-P2 + chunk-count), KHÔNG sandbox cứng. Read-only sub vẫn giữ Bash = ghi-ngoài-repo (git-diff mù) / curl Qdrant (chunk-count bắt). KHÔNG claim "ENFORCED".
- **Anti-bypass detector (h10-refine b): SE TAILORED-OUT** — SE chạy workflow qua Anthropic Workflow tool (KHÔNG có CLI-launcher để lách như node-CLI) → bypass-surface ~N/A; containment = git-diff + run-folder TRACKED + ledger orphan-scan (G-015). 3 nguyên-tắc detector (whitelist launcher · path-variant match · anchor launch-key + nghiệm-thu quan-hệ) đã cân-nhắc, N/A cho threat-model SE. Chi-tiết `runs/README.md`.
- **G-015 accuracy (no-overclaim):** run-folder TRACKED ≠ read-only-ENFORCED — sub vẫn giữ Bash (write-channel mở: ghi-ngoài-repo git-diff mù / curl Qdrant). Containment THẬT = **em-main single-writer + git-diff (in-repo, run-folder tracked nên hiện) + chunk-count (RAG)**, defense-in-depth, KHÔNG sandbox cứng. KHÔNG claim "ENFORCED", KHÔNG bỏ chunk-count.

31
.claude/workflows/hmw.js
View File

@ -2,11 +2,11 @@
// top-level await/return hợp lệ); KHÔNG node-runnable trực tiếp (`node hmw.js` sẽ lỗi await).
// Em main lo P0/P1/P3/P4 NGOÀI workflow; script này CHỈ lo P2 fan-out.
// Invoke bằng {scriptPath} (no hot-reload — restart/re-invoke sau khi sửa). Scope = repo SOLUTION_ERP ONLY (S1).
// ⚠️ Script chạy JS-sandbox KHÔNG filesystem → KHÔNG tự tạo folder/ghi file. Scaffold wave-folder = EM MAIN @P1 (Harness 2 B3).
// ⚠️ Script chạy JS-sandbox KHÔNG filesystem → KHÔNG tự tạo folder/ghi file. Scaffold run-folder runs/<run-id>/ (TRACKED) = EM MAIN @P1 (Harness-10, supersedes Harness 2 B3 wave-folder).
export const meta = {
name: 'hmw',
description: 'HMW P2 execute (SOLUTION_ERP) — fan-out 9-agent roster có MEMORY-PACK slice (qua args vì script không đọc file) + return findings + checklistEvidence + memoryDelta (spawn-record 4-field). 2 MODE (Harness 2, 06-07): (A) DEFAULT return-delta-only — fan-out nhẹ, sub KHÔNG ghi file, git-diff verify. (B) WAVE-MODE (args.wave) — workflow DÀI, em main scaffold .claude/workflows/wave-<tên>/ @P1, sub ghi full-detail vào CHỈ sub-MD mình (B4/B6), H2 harvest-curator gom wave→agent-memory @session-end (B5). taskList thoải mái (queue theo slot, không cap cứng). memoryDelta KHÔNG tự ghi — em main VERIFY + APPEND-only @P3 (no-overwrite-unverified, B3). Two-tier model H4.5 (Harness-4 2026-06-10): promote-roles inherit Fable 5 · demoted-roles pin Opus 4.8 (frontmatter) · role-less \'opus\' · per-task tier:\'fable\'|\'opus\' override. Scope = repo SOLUTION_ERP ONLY (S1 — KHÔNG fan-out repo/corpus khác).',
description: 'HMW P2 execute (SOLUTION_ERP) — fan-out 9-agent roster có MEMORY-PACK slice (qua args vì script không đọc file) + return findings + checklistEvidence + memoryDelta (spawn-record 4-field). 2 MODE (Harness 2, 06-07): (A) DEFAULT return-delta-only — fan-out nhẹ, sub KHÔNG ghi file, git-diff verify. (B) RUN-TRACE mode (args.run, Harness-10) — workflow DÀI, em main scaffold .claude/workflows/runs/<run-id>/ TRACKED FLAT (run.md + sub-<role>-<i>.md + <stage>-synthesis.md phẳng cùng cấp) @P1, sub ghi full-detail vào CHỈ sub-<role>-<i>.md mình (B4/B6), harvest per-turn primary (C4) + H2 gom @session-end = backstop verify-idempotent. taskList thoải mái (queue theo slot, không cap cứng). memoryDelta KHÔNG tự ghi — em main VERIFY + APPEND-only @P3 (no-overwrite-unverified, B3). Model H8 all-inherit (Harness-8 2026-06-16): role-có-frontmatter inherit top-tier lead · role-less inherit · per-task tier:\'fable\'|\'opus\' escape-hatch. Scope = repo SOLUTION_ERP ONLY (S1 — KHÔNG fan-out repo/corpus khác).',
phases: [{ title: 'Execute', detail: 'fan-out memory-pack-injected agents, structured return' }],
}
@ -16,7 +16,7 @@ export const meta = {
// spec: '<acceptance-criteria / context chung>',
// checkpointApproved: true, // em main set SAU khi BÁO {số agent·vai·task} @inform (S2)
// taskList: [ { role:<VALID_ROLES|null>, label:'..', prompt:'..', tier:'fable'|'opus'? }, ... ] // tier = per-task model override (H4.5)
// wave: { name:'<tên-wave>', dir:'.claude/workflows/wave-<tên>' } // OPTIONAL — bật WAVE-MODE (B). Folder + wave.md em main ĐÃ scaffold @P1 (script no-fs).
// run: { name:'<run-id>', dir:'.claude/workflows/runs/<run-id>' } // OPTIONAL — bật RUN-TRACE mode (B, Harness-10 TRACKED). Folder + run.md em main ĐÃ scaffold @P1 (script no-fs). [legacy alias: args.wave]
// }
const VALID_ROLES = [
@ -49,7 +49,7 @@ const SCHEMA = {
properties: {
findings: { type: 'string', description: 'Kết quả chính. MỌI claim kèm evidence file:line. KHÔNG narrative suông.' },
checklistEvidence: { type: 'string', description: 'Bằng chứng cho acceptance-checklist P1 (số đo / PASS-FAIL / verdict).' },
subMdPath: { type: 'string', description: 'WAVE-MODE: đường-dẫn sub-MD agent đã ghi (em main/H2 đọc on-demand). DEFAULT-mode: bỏ trống.' },
subMdPath: { type: 'string', description: 'RUN-TRACE mode FLAT: đường-dẫn sub-<role>-<i>.md agent đã ghi (em main/H2 đọc on-demand). DEFAULT-mode: bỏ trống.' },
memoryDelta: {
type: 'object',
description: 'Spawn-record 4-field — RETURN-only để EM MAIN harvest @P3. Agent KHÔNG tự ghi ký ức (KHÔNG file MEMORY.md, KHÔNG store_memory/RAG). Em main VERIFY + APPEND-only (KHÔNG overwrite entry cũ nếu chưa kiểm tra — B3).',
@ -84,14 +84,15 @@ if (A.taskList.length > 16) {
const memoryPack = A.memoryPack || {}
const spec = A.spec || ''
// ─── WAVE-MODE (Harness 2 B) ─────────────────────────────────────────────────
// wave = { name, dir }. Folder + wave.md em main ĐÃ scaffold @P1 (script no-fs). Bật → sub ghi full-detail
// vào CHỈ sub-MD mình + return memoryDelta. Isolation B6 (gitignore wave-*/ + em main git-diff post-P2 + chunk-count).
const wave = (A.wave && A.wave.dir) ? A.wave : null
if (wave) log(`hmw: WAVE-MODE on → dir=${wave.dir} (sub ghi sub-MD isolated; em main scaffold @P1; H2 harvest-curator gom @session-end B5).`)
// ─── RUN-TRACE mode (Harness-10, supersedes Harness-2 wave-mode B) ────────────
// run = { name, dir }. Folder runs/<run-id>/ (TRACKED) + run.md em main ĐÃ scaffold @P1 (script no-fs). Bật → sub ghi full-detail
// vào CHỈ sub-<role>-<i>.md phẳng mình + return memoryDelta. Containment: tracked-change NGOÀI run-folder + code-disjoint = vi-phạm
// (run-folder TRACKED → HIỆN trong git-diff = audit trực-tiếp; em main git-diff post-P2 + chunk-count RAG). [legacy alias args.wave]
const wave = (A.run && A.run.dir) ? A.run : ((A.wave && A.wave.dir) ? A.wave : null)
if (wave) log(`hmw: RUN-TRACE mode on → dir=${wave.dir} (TRACKED FLAT; sub ghi sub-<role>-<i>.md phẳng isolated; em main scaffold @P1; harvest per-turn primary C4, H2 gom @session-end = backstop).`)
phase('Execute')
log(`HMW P2: fan-out ${A.taskList.length} task (${wave ? 'WAVE-MODE' : 'return-delta-only'}, H8 all-inherit top-tier, memory-pack-injected, scope=SOLUTION_ERP repo only)`)
log(`HMW P2: fan-out ${A.taskList.length} task (${wave ? 'RUN-TRACE' : 'return-delta-only'}, H8 all-inherit top-tier, memory-pack-injected, scope=SOLUTION_ERP repo only)`)
const results = await parallel(A.taskList.map((t, i) => () => {
const raw = t && t.role
@ -99,19 +100,19 @@ const results = await parallel(A.taskList.map((t, i) => () => {
if (raw && !role) log(`⚠️ hmw: agentType "${raw}" ∉ VALID_ROLES → default subagent cho task #${i}`)
const mem = role && memoryPack[role] ? memoryPack[role] : ''
const subMd = wave ? `${wave.dir}/sub-${role || 'task'}-${i}.md` : null
const subMd = wave ? `${wave.dir}/sub-${role || 'task'}-${i}.md` : null // Harness-10 FLAT (h10-refine 2026-06-18): sub-<role>-<i>.md phẳng cùng cấp dưới runs/<run-id>/ — KHÔNG sub-md/ subdir
// Write-guard TOOL-AWARE theo MODE (B6 isolation). SE read-only sub (KHÔNG Write tool): investigator-codebase/api,
// reviewer, cicd-monitor (+ monitor tooling-auditor/harvest-curator). Write sub: implementer-backend/frontend, test-specialist, frontend-designer.
const writeGuard = wave
? [
`## ✍️ WAVE-MODE ghi sub-MD (Harness 2 B4/B6) — TOOL-AWARE (chống mojibake G-009):`,
`## ✍️ RUN-TRACE ghi sub-<role>-<i>.md FLAT (Harness-10 h10-refine, supersedes subfolder sub-md/) — TOOL-AWARE (chống mojibake G-009):`,
`- Full-detail công-việc của mày → ĐÚNG 1 file: \`${subMd}\` (folder đã scaffold sẵn — KHÔNG tạo folder).`,
` • NẾU mày CÓ Write/Edit tool (implementer-backend/frontend, test-specialist, frontend-designer): GHI TRỰC TIẾP via Write/Edit. 🔴 KHÔNG Bash-write MD ($-expansion/mojibake).`,
` • NẾU mày CHỈ có Bash (read-only sub: investigator-codebase/api, reviewer, cicd-monitor — KHÔNG Write tool): 🔴 TUYỆT ĐỐI KHÔNG Bash-write MD → để full-detail trong "findings" + đặt subMdPath="${subMd}"; EM MAIN scribe @P3 (single-writer Write-tool, no-corruption).`,
`- 🔴 ISOLATION (B6, AUDIT): CHỈ ghi \`${subMd}\` (+ code-file-disjoint nếu task giao). TUYỆT ĐỐI KHÔNG ghi/sửa: agent-memory/* (MEMORY.md BẤT KỲ sub) · MD canonical (CLAUDE/README/STATUS/agents) · sub-MD agent khác. Em main git-status/diff audit sau P2 — tracked-file đổi ngoài code-disjoint = vi-phạm.`,
`- LUÔN return: findings (FULL) + checklistEvidence + memoryDelta (4-field) + subMdPath="${subMd}". H2 harvest-curator gom @session-end (B5) → agent-memory/${role || 'sub'}.`,
`- 🔴 KHÔNG store_memory/RAG-write · KHÔNG Bash curl/HTTP Qdrant (:6333 = git-diff MÙ, chỉ chunk-count bắt) · KHÔNG ghi file NGOÀI repo/wave-folder. RAG single-writer=em main; containment = git-diff(in-repo)+chunk-count(RAG) [G-015].`,
`- 🔴 ISOLATION (B6→Harness-10, AUDIT): CHỈ ghi \`${subMd}\` (+ code-file-disjoint nếu task giao). TUYỆT ĐỐI KHÔNG ghi/sửa: agent-memory/* (MEMORY.md BẤT KỲ sub) · MD canonical (CLAUDE/README/STATUS/agents) · sub-MD agent khác. Em main git-status/diff audit sau P2 — tracked-file đổi NGOÀI run-folder (runs/<run-id>/) + code-disjoint = vi-phạm (run-folder TRACKED → HIỆN trong diff).`,
`- LUÔN return: findings (FULL) + checklistEvidence + memoryDelta (4-field) + subMdPath="${subMd}". Harvest per-turn primary (C4); H2 gom @session-end = backstop verify-idempotent → agent-memory/${role || 'sub'}.`,
`- 🔴 KHÔNG store_memory/RAG-write · KHÔNG Bash curl/HTTP Qdrant (:6333 = git-diff MÙ, chỉ chunk-count bắt) · KHÔNG ghi file NGOÀI repo/run-folder. RAG single-writer=em main; containment = git-diff(in-repo)+chunk-count(RAG) [G-015].`,
].join('\n')
: [
`## OUTPUT write-guard (DEFAULT return-delta-only):`,

0
.claude/workflows/runs/2026-06-18-h10-implement/harvest/.gitkeep Normal file
View File

28
.claude/workflows/runs/2026-06-18-h10-implement/harvest/implement-synthesis.md Normal file
View File

@ -0,0 +1,28 @@
# IMPLEMENT synthesis — Harness-10 applied (em-main single-writer, C4 per-turn)
> Workflow `wf_e4e46725-231` · 3 general-purpose file-disjoint + em-main cluster. **Self-gate: 3/3 agents DONE tốt, 0 stray, wording đồng-bộ.**
## Files changed (containment audit CLEAN — git status khớp tập dự kiến)
| Actor | File | Δ |
|---|---|---|
| 🟦 Agent 1 | `agents/README.md` | :111 decision-tree wave→run-harvest · :162 G-015 containment model mới |
| 🟦 Agent 1 | `agents/harvest-curator.md` | scan-path wave→`runs/<id>/sub-md/` · per-turn-primary C4 · **DEDUP note** · B6→tracked model |
| 🟦 Agent 1 | `agents/tooling-auditor.md` | :40 wave-gom→run-harvest (H1/H2 split intact) |
| 🟦 Agent 2 | `commands/session-end.md` | :51 close-gate C5 L3 **idempotent VERIFY-not-re-APPEND** + 5-trục backstop · :32 repoint |
| 🟦 Agent 2 | `commands/session-start.md` | :71 C5 L2 orphan-scan (`runs/*/` OPEN-beat + harvest/ rỗng) |
| 🟦 Agent 3 | `workflows/README.md` | FULL rewrite wave→run-trace · :38 STALE "gitignored=sạch" REPLACED · :50 G-015 repoint |
| 🟦 Agent 3 | `workflows/runs/README.md` (NEW) | 80 dòng C1-C7 + caveat trung-thực + verify-pattern exit-code trap |
| 👤 Em-main | `.gitignore` | block Harness-10 (runs/ tracked via negation, wave-*/ legacy, exit-code trap note) |
| 👤 Em-main | `hmw.js` | accept `args.run` (alias wave) · path `sub-md/` · wording containment · 9 comment/string refs wave→RUN-TRACE |
## Self-gate verdict
- **Containment 🟢 CLEAN:** git status = 8 Harness-10 file + runs/ untracked + (residual) investigator MEMORY + (pre-existing) CLAUDE.md. KHÔNG stray ngoài tập.
- **Wording đồng-bộ 4 file 🟢:** model containment khớp `_ledger:4``hmw.js:89/113``README:38/50``runs/README:78/80`. (risk #6 xử xong.)
- **Stale-wave sweep:** còn lại đều contextualized (transition-note / frozen-historical `agents/README:8` = upgrade-log Harness-2 06-07, đúng giữ). Em fix 3 ref em sót hmw.js (:52/:95/:109).
## Residuals → closeout (KHÔNG block REVIEW)
1. `investigator-codebase/MEMORY.md` (+6, 29.8KB over-cap) = race INVEST (4 agent tự ghi). Em-main reconcile (consolidate→1 entry, curate dưới cap) @closeout.
2. `CLAUDE.md` pre-existing = flush test-count 263→306 (đúng, KEEP+commit — resolve H1 stale flag).
3. `session-start.md:72` "wave session" = session-TYPE (fan-out session), semantically OK — Agent 2 giữ đúng (không phải wave-folder mechanism).
## → REVIEW (Stage 3): verify 0-byte-loss frozen evidence · hmw.js parse · floor C1-C8 đúng-nấc · wording 4-file · containment model valid.

25
.claude/workflows/runs/2026-06-18-h10-implement/run.md Normal file
View File

@ -0,0 +1,25 @@
# RUN — Harness-10 adap · STAGE 2 IMPLEMENT
- **run-id (folder):** 2026-06-18-h10-implement
- **workflow run-id (evidence B3):** wf_e4e46725-231
- **adap:** Harness-10 run-trace folder convention
- **checkpoint:** APPROVED (anh chốt full-adopt + dogfood qua HMW)
- **opened:** 2026-06-18 08:42 +07
- **input spec:** `../2026-06-18-h10-invest/harvest/invest-synthesis.md`
- **status:** OPEN → running
## Split (file-disjoint — KHÔNG chồng lấn)
| Actor | Files | Nội dung |
|---|---|---|
| 🟦 Agent 1 (general-purpose) | `agents/README.md` · `harvest-curator.md` · `tooling-auditor.md` | text repoint wave→run-trace (:111/:162 · :22-28/:52 · :40) |
| 🟦 Agent 2 (general-purpose) | `commands/session-end.md` · `session-start.md` | C4 close=verify-idempotent · C5 L2 orphan-scan · L3 close-gate |
| 🟦 Agent 3 (general-purpose) | `workflows/README.md` (full rewrite) · NEW `runs/README.md` | convention doc + caveat C7 + repoint G-015 :35/:47 |
| 👤 Em-main (single-writer) | `.gitignore` · `hmw.js` · `harvest-curator/MEMORY.md` | MECHANISM cluster (live engine + wording-critical :112) + reconcile |
## Guards áp cho agent (từ synthesis RISKS)
- Return-delta-only, **KHÔNG tự ghi MEMORY.md** (race observed @INVEST).
- Containment wording PHẢI khớp `runs/_ledger.md:4` (3 chỗ đồng bộ: README/hmw.js/_ledger).
- DO-NOT-EDIT frozen evidence (broadcasts/** · adap-reports/2026-06-07-harness-2 · error-ledger:86 · sessions/* · STATUS:217-226 · HANDOFF · archives).
- G-015 no-overclaim: TRACKED ≠ read-only-enforced.
## Output → `harvest/implement-synthesis.md` (em main @P3)

0
.claude/workflows/runs/2026-06-18-h10-implement/sub-md/.gitkeep Normal file
View File

0
.claude/workflows/runs/2026-06-18-h10-invest/harvest/.gitkeep Normal file
View File

43
.claude/workflows/runs/2026-06-18-h10-invest/harvest/invest-synthesis.md Normal file
View File

@ -0,0 +1,43 @@
# INVEST synthesis — Harness-10 build spec (em-main single-writer, C4 per-turn)
> Workflow `wf_9c2cd2cd-2e7` · 4× investigator-codebase. **Self-gate:** B+C+D xuất sắc, **A hỏng (stub rác `area:test`)** — B đã cover trọn hmw.js wiring → bù đủ, KHÔNG cần redo A.
## Build plan (2-tier theo recommendation B/C/D)
### TIER 1 — MECHANISM (careful, đổi behavior)
**1. `.gitignore`** (B/C/D đồng thuận):
- `runs/` **ĐÃ tracked** qua negation `!.claude/**` (`:83`) → **KHÔNG cần thêm dòng**.
- `:93` `.claude/workflows/wave-*/`**giữ làm legacy** (no wave-*/ tồn tại; xóa cũng được nhưng giữ an toàn hơn) + thêm comment "superseded by runs/ (Harness-10, tracked)".
- `:92` verify-comment STALE (`wave-x` path) → cập nhật sang `runs/` + ghi-chú **bẫy exit-code** (`check-ignore` exit 0 cho CẢ negation lẫn ignore → dùng `&& IGNORED || NOT`).
- `:94` agent-teams = n-a Windows in-process (giữ).
**2. `.claude/workflows/hmw.js`** (rename wave→run, 2-MODE logic GIỮ):
- `:9` meta.description · `:19` args doc (`wave:{name,dir}``run:{name,dir}`) · `:52` SCHEMA subMdPath · `:87-91`/`:90` WAVE-MODE detect (`const wave``const run`) · `:91`/`:94` log · `:102` subMd path (`wave.dir``runs/<run-id>/sub-md/<role>-<i>.md`) · writeGuard `:106-120` (thêm `harvest/` path + đổi model wording) · prompt `:122-134`/`:131`.
- 🔴 **`:112` CRITICAL** — đổi "tracked-file đổi NGOÀI code-disjoint = vi-phạm" → "...NGOÀI **run-folder** + code-disjoint = vi-phạm" (chỉ thiếu chữ "run-folder").
- C5 Layer1: thêm reminder "run trước OPEN-beat chưa harvest" vào prompt-builder.
- ⚠️ **No hot-reload** (`:4`) → executed-file VERIFIED-pending-restart.
### TIER 2 — TEXT (rename + repoint, no logic)
| File | Đổi |
|---|---|
| `.claude/workflows/README.md` (48 dòng) | **Full rewrite** wave→runs convention (run.md+sub-md/+harvest/+ledger 2-nhịp). 🔴 `:35` xóa parenthetical STALE "(wave gitignored nên KHÔNG hiện diff = sạch)" → "run-folder TRACKED nên HIỆN diff = audit trực-tiếp". `:47` repoint G-015. |
| `session-end.md` | `:51` §L.b(f) wave-gom B5 → **VERIFY per-turn harvest đã xong cho mọi runs/<id>/** + giữ 5-trục GATE làm backstop (C5 L3). 🔴 **idempotent: VERIFY không re-APPEND** (chống DUPLICATE-HARVEST). `:32`/`:49` repoint. |
| `session-start.md` | `:71` §2.1.1 H2 mở rộng: scan `runs/*/` tìm **OPEN-beat (ledger closed=⏳) mà harvest/ rỗng = orphan** (C5 L2). |
| `agents/README.md` | `:111` decision-tree wave-gom→run-harvest · `:162` repoint G-015 containment caveat (wave-gitignored claim giờ false cho runs/). |
| `agents/harvest-curator.md` | `:22-28` scan path `wave-<ten>/sub-*.md``runs/<run-id>/sub-md/` · `:52` B6 audit repoint · cân nhắc thêm **DEDUP axis** (`:23` 5-trục) chống double-APPEND. |
| `agents/tooling-auditor.md` | `:40` wave-gom→run-harvest (giữ H1/H2 split). |
| `agent-memory/harvest-curator/MEMORY.md` | `:13/:20/:26` diary (em-main proxy, low-pri). |
### NEW machinery (em-main)
- `.claude/workflows/runs/README.md` — convention doc (cấu trúc 3-phần + ledger 2-nhịp + 3-layer + **caveat C7 trung thực**: engine no-fs, scaffold = em-main @P1, 3-layer = lưới KHÔNG khoá-cứng, fragile-point C2).
- `_ledger.md` — đã có (2-nhịp).
- C4 per-turn primary = quy ước em-main: viết `harvest/` NGAY sau mỗi fan-out turn (như file này).
## RISKS/GUARDS (B+C+D)
1. 🔴 **DO-NOT-EDIT frozen evidence:** `broadcasts/**` · `adap-reports/2026-06-07-Agent-harness-2.md` · `error-ledger.md:86` · `docs/changelog/sessions/*` · `STATUS.md:217-226` · `HANDOFF.md:341-365` · `agent-memory/*/archive/*` + `_INDEX.md` · `inbox/README.md:15`.
2. **gitignore last-match-wins** (`:82-83` negation) — đừng thêm ignore phá runs/.
3. **check-ignore exit-code trap** — verify dùng `&& IGNORED || NOT`.
4. **G-015 no-overclaim** — TRACKED ≠ read-only-enforced; Bash residual còn; containment = em-main single-writer + git-diff + chunk-count. KHÔNG bỏ chunk-count.
5. **DUPLICATE-HARVEST** — per-turn + close-gate: close-gate VERIFY idempotent.
6. **3 chỗ wording "vi-phạm" phải đồng-bộ:** `README.md:35` + `hmw.js:112` + `_ledger.md:4`.
7. **Concurrency** — fan-out same-role → sub return-delta-only, KHÔNG tự ghi MEMORY chung (race observed run này); 1 sub-MD/role/turn.

22
.claude/workflows/runs/2026-06-18-h10-invest/run.md Normal file
View File

@ -0,0 +1,22 @@
# RUN — Harness-10 adap · STAGE 1 INVESTIGATE
- **run-id (folder):** 2026-06-18-h10-invest
- **workflow run-id (evidence B3):** wf_9c2cd2cd-2e7
- **adap:** Harness-10 (run-trace folder convention) + checklist Harness-9/10 self-verify
- **mandate:** Harness-9 PART 2 — 2-workflow tách biệt; anh chốt full-adopt + dogfood qua HMW đủ 3 stage (invest → implement → review)
- **checkpoint:** APPROVED (HMW-mode ON + anh chốt "full-adap + dogfood ngay qua HMW đủ các bước")
- **opened:** 2026-06-18 08:29 +07
- **status:** OPEN → running
## Mục tiêu stage
Recon đĩa THẬT để dựng build-plan Harness-10 chính xác, tránh sai sót. KHÔNG ghi production/governance (read-only) — chỉ trả findings có cite `file:line`.
## Agents (4× investigator-codebase, read-only, parallel)
| # | role | task |
|---|---|---|
| A | investigator-codebase | hmw.js wave-mode wiring chính xác + đổi gì cho run-trace + scaffold-cả-3-đầu-run |
| B | investigator-codebase | sweep MỌI ref `wave-*/` · `agent-teams` · harvest across `.gitignore`/docs/commands/governance (migration completeness — không sót) |
| C | investigator-codebase | luồng harvest hiện tại (H2 @session-end B5) + cách thêm per-turn primary (C4) + 3-layer (C5) + session-start/end wiring |
| D | investigator-codebase | model containment G-015 hiện tại (git-diff + chunk-count) + đổi gì khi run-folder TRACKED + cách giữ containment valid |
## Output → `harvest/invest-synthesis.md` (em main viết sau khi workflow trả, C4 per-turn)

0
.claude/workflows/runs/2026-06-18-h10-invest/sub-md/.gitkeep Normal file
View File

0
.claude/workflows/runs/2026-06-18-h10-review/harvest/.gitkeep Normal file
View File

24
.claude/workflows/runs/2026-06-18-h10-review/harvest/review-synthesis.md Normal file
View File

@ -0,0 +1,24 @@
# REVIEW synthesis — Harness-10 adap (em-main single-writer, C4 per-turn)
> Workflow `wf_636bc95b-939` · 3× reviewer adversarial độc-lập. **Verdict tổng: PASS sau-fix** (1 CONCERN thật bắt được + đã đóng).
## Verdict per-lens
| Lens | Verdict | Tóm tắt |
|---|---|---|
| R1 frozen+containment | ✅ PASS | git status = đúng tập · frozen-evidence 0-byte-loss (per-path git status = empty) · containment sync 4 file · gitignore runs/ NOT-IGNORED + wave-*/ IGNORED · **`node --check hmw.js` PARSE-OK** · 1 CONCERN: runs/ chưa commit (C3 flag) |
| R2 hmwjs-integrity | ⚠️→✅ CONCERN-fixed | engine 4/4 PASS (template balance ✓ · logic unchanged ngoài :91 alias · WAVE-MODE grep=0) · CONCERN: L1 over-claim (doc≠engine) |
| R3 floor C1-C8 | ⚠️→✅ CONCERN-fixed | 7/8 PASS (C7 caveat "điểm sáng nhất"; C3 honest no-claim-committed) · C5 CONCERN: L1 over-claim |
## CONCERN bắt được (R2 + R3 độc-lập cùng kết luận = high-confidence)
**C5 Layer-1 over-claim:** `runs/README.md:51` + C7:72 nói L1 in-run reminder fire trong "hmw.js prompt-builder" với text cụ thể → grep hmw.js = 0. Engine no-fs KHÔNG đọc được ledger → L1 "check prior-run-harvested" KHÔNG THỂ là hmw.js prompt.
**FIXED (path a, em-main):** sửa L1 = em-main @P1 convention (đọc `_ledger` trước scaffold; nếu run trước `closed=⏳` → harvest+CLOSE trước) + C7:72 timing "run-open @P1" + ghi rõ "cả 3 layer = convention em-main/H2, KHÔNG engine-enforce". Verify: grep hmw.js L1-text=0 / C4-text=1 → **doc khớp engine THẬT**. C5 CONCERN đóng.
**Đây là dogfood thành công của mandate B2 (review-workflow RIÊNG) + Harness-10 C5 chính nó:** 1 workflow vừa-làm-vừa-chấm đã bỏ sót L1 over-claim (IMPLEMENT synthesis không nhắc); review-workflow độc-lập bắt được TRƯỚC commit.
## Flag pre-commit (KHÔNG defect)
- **C3 nấc đầy-đủ cần commit:** `git ls-files runs/` rỗng = tracked-ELIGIBLE chưa committed. Em-main `git add .claude/workflows/runs/` + commit → C3 thành tracked+committed. (Review chạy TRƯỚC commit = đúng trình tự.)
- **investigator-codebase/MEMORY.md** race INVEST (+6, ~29.8KB) → em-main reconcile @closeout.
## Nấc THẬT cuối (honest, no-overclaim)
- C1/C2/C4/C6/C8 = executed-file + convention ✓ · C3 = tracked-eligible → **committed sau commit này** · C5 = L2/L3 wired + L1 honest-doc (em-main convention) · C7 = caveat đủ 4 trục.
- Review = STATIC disk-truth (git/grep/node --check), KHÔNG curl/runtime (governance adap, no endpoint). hmw.js = source-clean, runtime-pending-restart (no hot-reload).

17
.claude/workflows/runs/2026-06-18-h10-review/run.md Normal file
View File

@ -0,0 +1,17 @@
# RUN — Harness-10 adap · STAGE 3 REVIEW (double-check độc lập, mandate B2)
- **run-id (folder):** 2026-06-18-h10-review
- **workflow run-id (evidence B3):** wf_636bc95b-939
- **checkpoint:** APPROVED (mandate Harness-9 PART 2 — review-workflow RIÊNG)
- **opened:** 2026-06-18 08:52 +07
- **input:** INVEST `../2026-06-18-h10-invest/harvest/invest-synthesis.md` + IMPLEMENT `../2026-06-18-h10-implement/harvest/implement-synthesis.md`
- **status:** OPEN → running
## Agents (3× reviewer, adversarial, read-only ∥)
| # | lens | verify |
|---|---|---|
| R1 | frozen-evidence + containment | 0-byte-loss DO-NOT-EDIT (broadcasts/** · adap-reports/2026-06-07-harness-2 · error-ledger:86 · sessions/* · STATUS:217-226 · HANDOFF · archives) NOT touched · containment wording đồng-bộ 4 file · gitignore runs/ tracked + wave-*/ ignored (exit-code trap) |
| R2 | hmw.js engine integrity | hmw.js cấu-trúc valid (var `wave` consistent · `A.run`/`A.wave` logic · sub-md/ path · template-literal không vỡ) · 9 ref wave→run updated/contextualized · KHÔNG đổi logic ngoài convention |
| R3 | floor C1-C8 đúng-nấc | adversarial mỗi item C1-C8: nấc THẬT? đặc biệt **C3 2-level** (check-ignore NOT-IGNORED ✓ vs `git ls-files` EMPTY = chưa commit → tracked-ELIGIBLE not committed) · C7 caveat đủ honest · flag over-claim |
## Output → `harvest/review-synthesis.md` (em main @P3) — verdict PASS/CONCERN/FAIL + nấc THẬT

0
.claude/workflows/runs/2026-06-18-h10-review/sub-md/.gitkeep Normal file
View File

81
.claude/workflows/runs/2026-06-18-h11-audit/audit-synthesis.md Normal file
View File

@ -0,0 +1,81 @@
# AUDIT SYNTHESIS — Harness-11 adap (2026-06-18-h11-audit · `wf_7fdc3bd5-930`)
> 4× investigator-codebase (read-only ∥, no Write tool → findings-in-return, **em-main scribe @P3 per writeGuard hmw.js:112**). Ground-truth đọc-disk. Nấc trung-thực: executed-file (tĩnh) / runtime (chạy-quan-sát) / mechanized (cổng-máy) vs convention (người tuân-thủ).
## Ground-truth canonical (STATUS.md = nguồn-chuẩn state)
mig **55** (last `AddCcmNoteToPeWorkItemBudget`) · gotcha **69** · test **339** · tables **88**.
---
## PHẦN A — hot-mem auto-archive by budget (🟡 TAILORABLE)
| Item | Verdict | Evidence |
|---|---|---|
| A1 session-end byte-gate đo→kích | **PARTIAL** | `measure-agent-memory.ps1:14,32` đo-byte THẬT nhưng KHÔNG call-site auto-run; `session-end.md:48` chỉ prose "L1>~30KB→archive". mechanized-MEASURE, KHÔNG mechanized-TRIGGER |
| A2 additive MOVE→archive | **PRESENT (runtime)** | `h910-curate` reviewer 36738→24844 (moved 10) "+22 -0 grep-Fxf byte-exact + md5sum"; budget.json:30 "NEVER rewrite, APPEND-only" |
| A3 _INDEX pointer-only append | **PRESENT** | 3 `_INDEX.md` on-disk; budget.json:19 pointer substring sha-keyed, NO line-hint |
| A4 hysteresis ~0.85 | **GAP** | grep `0.85\|hysteresis`=0; chỉ 2 cap rời (25600/30720), không band |
| A5 keep-floor ≥5 | **GAP** | grep `keep-floor`=0; curate "N oldest" theo phán-đoán người |
| A6 2-strike anti-thrash (archive) | **GAP** | 2-strike duy nhất = Active-Guards (`session-end.md:47`), KHÔNG cho archive |
| A7 NO-API L1-eval (pointer-resolve+byte-0-loss) | **PARTIAL** | chạy 1-lần trong `h910-curate` (grep-Fxf 10/10+md5sum) NHƯNG one-off em-main-driven, KHÔNG standing-gate |
**Verdict A:** convention-người-đo (mechanized-MEASURE + mechanized-VERIFY nhưng KHÔNG mechanized-TRIGGER). A4/A5/A6 GAP **hợp-lệ vì A=🟡**. → IMPLEMENT chọn mechanize để A mạnh hơn (optional nhưng giá-trị).
## PHẦN B — derived→canonical pointer + freshness (🔴 FUNCTION-FLOOR)
| Item | Verdict | Evidence |
|---|---|---|
| B1 derived TRỎ canonical | **GAP** | derived COPY hard-code count, 0 pointer. Sites: root `CLAUDE.md:53`(53mig→55)/:66(306test→339)/:131(88table)/:133(68→69) · `docs/CLAUDE.md:70`(93bảng pre-Mig50!) · `ef-core-migration/SKILL.md:3,19,77,285,294`(53mig) · `skills/README.md:20,90` · `dependency-audit-erp/SKILL.md:153`. CLEAN exemplar: `PROJECT-MAP.md` (0 count-token, 241 dòng) |
| B2 readable (no pointer-soup) | **PRESENT** | root CLAUDE.md:1-9 readable; stable facts inline đúng |
| B3 freshness-DETECT grep gate | **GAP** | NO detector (`.claude/hooks`+`.claude/scripts` absent; hmw.js no-fs ≠ comparator; grep 0 hit) |
| B4 fix-after-FLAG GATED qua người | **PRESENT (mechanized)** | em-main single-writer `workflows/README:38,39` + `agents/README:199` + git-diff commit-gate backstop |
**Verdict B:** B2+B4 ĐẠT · **B1+B3 = function-floor GAP**. B4 fix-path đã sẵn → B3 detector output trực-tiếp actionable.
## PHẦN C — 3 deterministic-grep detectors (🔴 FUNCTION-FLOOR MANDATE)
| Item | Verdict | Evidence |
|---|---|---|
| C1 broken-pointer detector | **GAP** | 0 detector-script (find .claude *.ps1/sh=0; CI deploy.yml 0 grep-gate). Chỉ tooling-auditor agent-judgement |
| C2 staleness detector (=B3) | **GAP** | trùng B3; monthly-drift-audit = agent đọc tay, KHÔNG grep tất-định |
| C3 vocab-fork detector | **GAP** | 0; vocab-fork SỐNG THẬT chưa ai dò: `wave↔run-trace`(_ledger:15), `Dự trù↔Ngân sách PRO↔PeWorkItemBudget`, PRO=Procurement |
| C4 self-line exclusion | **N/A** | chưa detector → chưa self-exclusion |
| C5 resolve-condition+2-strike | **PARTIAL** | 2-strike chỉ ở memory-archive convention, KHÔNG ở detector-flag |
**Verdict C:** **detector-script-thật = CHƯA CÓ.** Chỉ 2 monitor-agent (tooling-auditor/harvest-curator) LLM-judgement propose-only = convention KHÔNG mechanized. → **GAP lớn nhất, IMPLEMENT trọng-tâm.** (Lưu ý: `runs/README:122` "anti-bypass detector TAILORED-OUT" = threat-model KHÁC, KHÔNG phải C1-C3.)
## PHẦN D — orchestration engine (🔴 FUNCTION-FLOOR)
| Item | Verdict | Evidence |
|---|---|---|
| D1 session-start DÒ+BÁO | **PRESENT** | §2.1.1 monitor RE-REPORT + §2.1.2 budget-audit, INFORM-only |
| D2 session-end archive+gác-cờ | **PRESENT** | `session-end.md:39-52` §L + harvest GATE 5-trục |
| D3 per-turn distill-APPEND | **PRESENT (convention)** | C4 primary harvest-LIỀN sau P2 |
| D4 threshold→workflow-gate | **PRESENT-MẠNH (mechanized)** | `hmw.js:76-78` checkpoint THROW (anti-accidental 515K) |
| D5 tầng AUTO (semantic-null) | **PARTIAL** | hành-vi có (archive/_INDEX/gist) NHƯNG chưa nhãn 3-tier |
| D6 tầng DÒ+NÊU-CỜ | **PARTIAL** | monitor INFORM-only flag, chưa gom thành tier có-tên |
| D7 tầng OWNER-APPROVE | **PARTIAL** | consent+single-writer ngầm, chưa nhãn 3-tier |
| D8 one-direction lock (canonical→derived) | **GAP** | grep `one-direction\|1-chiều`=0; khái-niệm H11 mới |
| D9 append-only single-writer (BAR) | **PRESENT-MẠNH (mechanized)** | store_memory strip runtime S48 0/8 subs; B3 |
| D10 file-tool-write-only | **PRESENT (convention)** | `hmw.js:111` + gotcha #61; CHƯA mechanized-block (Bash residual) |
| D11 archive MOVE-không-XOÁ | **PRESENT-MẠNH (mechanized)** | byte-0-loss md5sum/grep-Fxf artifact `_ledger:14` |
**Verdict D:** 7/11 PRESENT (D4/D9/D11 mechanized-mạnh) · **D5/D6/D7 PARTIAL** (3-tier chưa explicit) · **D8 GAP**. H11 "chuẩn-hoá-lại" = nhãn-hoá cái-đã-có, KHÔNG xây-mới.
---
## 🎯 GAP-LIST → IMPLEMENT (completeness-gate B+C+D phải đủ-trọn)
**🔴 FUNCTION-FLOOR (bắt-buộc cho ĐẠT):**
1. **PHẦN C — 3 grep detector script** (`scripts/governance-detectors.ps1`): C1 broken-pointer · C2 staleness (=B3) · C3 vocab-fork · C4 self-line exclusion (0 self-match) · C5 resolve-condition + 2-strike. NO-API (grep+measure only). RUNTIME-prove (chạy + FLAG drift thật + fake-drift test).
2. **PHẦN B — B1 pointer + B3 detector.** B3 = C2 (cùng script). B1 = derived count-copy → pointer "→ docs/STATUS.md (canonical)" + FIX drift hiện-tại (gated em-main). Sites: root CLAUDE.md + ef-core SKILL + skills/README + dep-audit SKILL + docs/CLAUDE.md.
3. **PHẦN D — D5/D6/D7 3-tier explicit + D8 one-direction lock.** Codify khối nhãn-hoá (AUTO semantic-null / DÒ+FLAG / OWNER-APPROVE) + luật canonical→derived 1-chiều. → engine-doc + agents/README.
**🟡 TAILORABLE (optional-mechanize, làm để A mạnh):**
4. **PHẦN A — A4/A5/A6 + standing-gate.** Add hysteresis(0.85)/keep-floor(≥5)/2-strike params → budget.json + session-end archive-gate script (mechanize A1/A7 thành standing).
**Engine consolidation doc:** `docs/governance/harness-11-engine.md` — codify D1-D11 + 3-tier + locks + trỏ detector-script + canonical, để engine có 1 nguồn-chuẩn.
**Single-writer split (D9):** sub viết SCRIPT (.ps1 non-canonical, testable runtime) · **em-main viết governance MD** (engine-doc + B1 pointer + cadence-wire + agents/README — vì đụng canonical/luật, B4 gated).
**Nấc dogfood trung-thực:** A2/A3/D4/D9/D11 = SE đã runtime-mechanized SẴN (H11 = chuẩn-hoá). C1-C3 + B3 = MỚI build (chưa từng có). D5-D8 + B1 = nhãn-hoá/codify cái ngầm-có.

25
.claude/workflows/runs/2026-06-18-h11-audit/run.md Normal file
View File

@ -0,0 +1,25 @@
# RUN — 2026-06-18-h11-audit (Harness-11 adap · STAGE 1 AUDIT)
> **Harness-10 FLAT run-trace** (TRACKED). Sub ghi `sub-<role>-<i>.md` phẳng cùng cấp. Synthesis → `audit-synthesis.md`.
- **Workflow:** Harness-11 adap — AUDIT (ground-truth GAP vs SE-present)
- **Mode:** hmw RUN-TRACE, 4× investigator-codebase (read-only ∥)
- **Opened:** 2026-06-18 (S75)
- **Mandate:** anh giao `/check-email AI_INFRA + /adap-apply` (mỗi stage workflow review kiểm + report trung thực). H11 ⑤ = IMPLEMENT + REVIEW tách biệt.
## Mục tiêu
Harness-11 = engine bộ-nhớ-và-governance TỰ-BẢO-TRÌ. Tự-DÒ toàn diện (luôn tươi) + AUTO chỉ semantic-null + single-writer bar-không-hạ + đổi-luật owner-approve. **Completeness-gate: phải đủ TRỌN PHẦN B+C+D (🔴 function-floor) mới ĐẠT; A 🟡 tailor.** H11 = chuẩn-hoá lại cái SE đã có một phần (H9 L2 + H10 run-trace) → AUDIT để biết PRESENT/PARTIAL/GAP từng item, tránh xây lại.
## Task list (4 lane, mỗi lane 1 PHẦN)
| Lane | Role | PHẦN | Scope |
|---|---|---|---|
| audit-A | investigator-codebase | A1A7 (hot-mem auto-archive 🟡) | session-end.md · measure-agent-memory.ps1 · memory-budget.json · agent-memory/*/archive/_INDEX/gist |
| audit-B | investigator-codebase | B1B4 (derived→canonical + freshness 🔴) | root CLAUDE.md · docs/CLAUDE.md · agents/README · skills · có freshness-detector chưa |
| audit-C | investigator-codebase | C1C5 (3 grep detectors 🔴) | scripts/ · .claude/ — có broken-pointer/staleness/vocab-fork detector chưa · self-exclusion · resolve-condition |
| audit-D | investigator-codebase | D1D11 (orchestration 🔴) | session-start/end cadence · 3-tier safe-split · 4 locks (1-direction/append-single-writer/file-tool/move-not-delete) |
## Acceptance
Mỗi item (A1-7, B1-4, C1-5, D1-11) phân loại **PRESENT / PARTIAL / GAP** + evidence file:line + artifact nếu có. Output → `audit-synthesis.md` (em main gom).
## Run-id
`wf_7fdc3bd5-930`

39
.claude/workflows/runs/2026-06-18-h11-checklist-verify/checklist-verify-synthesis.md Normal file
View File

@ -0,0 +1,39 @@
# CHECKLIST-VERIFY SYNTHESIS — Harness-11 (2026-06-18-h11-checklist-verify · `wf_39cd4cbe-f07`)
> 3× investigator-codebase (read-only ∥, evidence-mapping). Em-main scribe @P3. **VERDICT: ✅ completeness-gate H11 ĐẠT — B+C+D đủ-trọn, A 🟡 tailored.** Rà từng item bằng bằng-chứng thật (run-output/file:line), KHÔNG trí-nhớ.
## CL1 — PHẦN A (🟡) + PHẦN B (🔴) → PASS
**A1-A7 PRESENT (🟡 tailored), runtime qua `memory-archive-gate.ps1`:**
| Item | Nấc | Loại | Evidence |
|---|---|---|---|
| A1 byte-gate | exec+runtime | mechanized | cap 25600 echoed; flag 3 over-cap (cicd 26798·inv 31502·reviewer 38755) |
| A2 additive MOVE | exec (design) | convention | DRY-RUN plan-only, MOVE thật = em-main D5 (no auto-move memory canonical) |
| A3 _INDEX pointer | exec+runtime | mechanized | A7 đọc 4 _INDEX, 186 pointer |
| A4 hysteresis 0.85 | exec+runtime | mechanized | low-water 21760 echoed |
| A5 keep-floor 5 | exec+runtime | mechanized | WARN fired inv+reviewer (oldest-movable exhausted trước lowMark) |
| A6 2-strike | exec / runtime-PARTIAL | mechanized | **legit-gap by-design:** cần 2× `-Apply` (DRY-RUN strike=1 WATCH, `.archive-strikes.json` absent); script self-doc [TAILOR] |
| A7 NO-API L1-eval | exec+runtime | mechanized | **GATE PASS 186/186 resolve, 0 fail, exit 0** |
**B1-B4 PRESENT (🔴 floor MET), completeness B PASS:**
- B1 ✅ 5/5 derived docs ≥1 STATUS pointer (CLAUDE.md:53/66/87 · ef-core SKILL:3/19 · skills/README:20). Caveat: residual soft-net FP (module-local "6 test"/"4 bảng Budget") — B2 tradeoff, KHÔNG B1-fail.
- B2 ✅ readable giữ (ef-core SKILL:85-120 table inline, không pointer-soup).
- B3 ✅ exec+runtime (C2 ran, canonical mig55/test339/gotcha69/table88 == disk, FLAG 10 stale = detect-works).
- B4 ✅ GATED (engine:42 FLAG→em-main + git-diff backstop + D9 single-writer).
## CL2 — PHẦN C (🔴 MANDATE) → ĐẠT 5/5, completeness-gate CỨNG met
26 flag, exit 0, qua `governance-detectors.ps1`:
- C1 ✅ exec+runtime mechanized (gotcha-ref 0 broken + 13 dangling-wikilink LOW).
- C2/B3 ✅ exec+runtime mechanized (canonical 55/339/69/88 + disk cross-check [OK] + 10 MED).
- C3 ✅ exec+runtime mechanized (CẢ 3 fork: wave↔run-trace 15/19f · Dự trù↔Ngân sách PRO 7/6f · two-tier↔all-inherit 17/10f).
- C4 ✅ exec+runtime mechanized (self-match=0, 5 paths excluded ALL exist, leaked=0).
- C5 ✅ resolve 26/26 + 2-strike HONEST-scoped (convention em-main, detector stateless — KHÔNG over-claim).
- NO-API grep 0-hit · 0-auto-write grep 0-hit.
## CL3 — PHẦN D (🔴) → ĐẠT 11/11, completeness-gate D PASS
- D1 session-start.md:83 (detector) · D2 session-end.md:48 (archive-gate) · D3 ultra-on.md:35 (per-turn) · **D4 hmw.js:76-78 THROW MECHANIZED** (verify dòng throw tồn-tại ✓).
- **D5/D6/D7 explicit-label = YES** (engine:62-69 table NHÃN-HOÁ EXPLICIT — H11 chuẩn-hoá-mới).
- **D8 one-direction codify = YES** (engine:72 'codify mới H11' canonical→derived KHÔNG ghi ngược).
- D9 store_memory strip MECHANIZED (grep tools-line 0-hit) · D10 file-tool-write convention (engine tự nhận Bash chưa block cứng) · **D11 byte-0-loss RUNTIME** (h910-curate md5sum+grep-Fxf 10/10 proven).
## TỔNG: completeness-gate H11 ĐẠT
**B (4/4) + C (5/5) + D (11/11) đủ-trọn** = function-floor MET. **A 🟡 tailored** (A6 runtime cần 2× -Apply = legit-gap có-chủ-đích, đã self-doc). Honest residual: B1 soft-net FP (advisory), A6 runtime-partial (by-design), C3 console mojibake (display-only). KHÔNG bộ-khung nào thiếu → KHÔNG phải "áp một phần".

25
.claude/workflows/runs/2026-06-18-h11-checklist-verify/run.md Normal file
View File

@ -0,0 +1,25 @@
# RUN — 2026-06-18-h11-checklist-verify (Harness-11 adap · CHECKLIST self-verify, anh giao)
> **Harness-10 FLAT run-trace** (TRACKED). 3× investigator-codebase (read-only ∥, evidence-mapping). Synthesis → `checklist-verify-synthesis.md`.
- **Workflow:** Harness-11 CHECKLIST formal self-verify (anh giao "workflow double check lại checklist 1 lần nữa")
- **Mode:** hmw RUN-TRACE. Rà TỪNG item checklist H11 broadcast → chấm nấc + bằng-chứng. "Completeness-gate: bằng chứng thật, KHÔNG bằng trí nhớ."
- **Khác double-check #1:** DC#1 = adversarial correctness/regression. Cái này = formal checklist scorecard từng-item theo đúng rubric checklist H11 (Hành-động · Tự-verify · Nấc · Loại).
## Rubric (theo checklist H11)
- **Nấc:** executed-file (file tĩnh có trên đĩa) / runtime (đã chạy-quan-sát) / executed-file+runtime.
- **Loại:** mechanized (artifact/cổng-máy bảo-chứng) / convention (người tuân-thủ, không cổng máy).
- **Completeness-gate:** B+C+D phải hiện-diện ĐỦ-TRỌN; thiếu 1 = CHƯA-ĐẠT. A = 🟡 tailorable.
## 3 lane
| Lane | Role | Checklist section |
|---|---|---|
| CL1 | investigator-codebase | PHẦN A (A1-A7 🟡) + PHẦN B (B1-B4 🔴) |
| CL2 | investigator-codebase | PHẦN C (C1-C5 🔴 mandate) — chạy detector |
| CL3 | investigator-codebase | PHẦN D (D1-D11 🔴) — D.1 nhịp + D.2 3-tier + D.3 4-chốt |
## Acceptance
Mỗi item: status + evidence (file:line / run-output) + nấc + loại, KHÔNG trí-nhớ. Section verdict ĐẠT/CHƯA. Completeness-gate cuối: B+C+D đủ-trọn?
## Run-id
`wf_39cd4cbe-f07`

28
.claude/workflows/runs/2026-06-18-h11-doublecheck/doublecheck-synthesis.md Normal file
View File

@ -0,0 +1,28 @@
# DOUBLE-CHECK SYNTHESIS — Harness-11 adap (2026-06-18-h11-doublecheck · `wf_a0b68d2f-30e`)
> 3× reviewer (read-only, adversarial ∥). Em-main scribe @P3. **VERDICT: ✅ PASS — 0 blocker.** Re-verify commit `e70c046` + regression của refinement em-main áp sau REVIEW-1.
## DA1 — over-suppression regression → FAILED-no-StructuredOutput → **em-main self-gate CLOSED**
- Reviewer lane parallel[0] không trả StructuredOutput (lỗi #53 schema-force tái diễn).
- **Em-main self-gate (recovery-pattern):** inject prose fake-drift "99 migration" (KHÔNG table-row/version/historical) → detector **CAUGHT** "99 migration but canonical=55" → revert clean. → **no over-suppression, runtime-proven.**
- Bonus: detector pure-ASCII (Python scan 0 non-ASCII — gotcha #30 clean) · PS parse OK · exit 0 · 26 flag.
## DA2 — committed-state correctness → **PASS**
- B1 **exactly 11** pointer-conversion (grep -c = 11). root CLAUDE.md:53 **tail byte-identical** (`sed -n '53p'` ends "...phiếu cũ.)" = old) → 0 load-bearing prose loss; chỉ leading count-phrase swap + S74/S73 additive prefix.
- ef-core Mig 54/55 rows = **tên migration THẬT trên disk** (`AddPeSuggestedAndApprovedPrice` + `AddCcmNoteToPeWorkItemBudget` .cs EXIST).
- 0 stale-count residual (grep 53mig/306test/68gotcha/93bảng = 0). cadence §2.1.3/§L.b cú-pháp đúng, path tồn-tại + run clean. engine-doc line-ref accurate (D5=:67, hmw.js:76/103/111, budget.json:19).
- 2 MINOR (đã FIX): agents/README "(pending)" stale + C2 FP CLAUDE.md:84/:90.
## DA3 — containment + regression → **PASS** (0 blocker/0 major/1 minor-info)
- Q1 0 production code (grep src/|fe-* = 0). Q2 run-trace đủ (audit/review NO sub = read-only em-main-scribe ✓ · implement có sub-task-0/1 = general-purpose Write ✓ · ledger CLOSE-beat all prior). Q4 single-writer (0 sub MEMORY.md residual · .archive-strikes.json absent). Q5 budget.json pure-additive (measured/tiers/last_sleep_at untouched).
- **Q3 broadcasts byte-verified:** recompute INBOX body=`b2a2fc1cf399` (==_index ==frontmatter), whole-file=`318ff9f6` (==commit-msg); OUTBOX body=`7fa1b53a61ae` (==_index ==frontmatter). KHỚP TUYỆT-ĐỐI.
- **REGRESSION over-suppression HUNT (độc-lập confirm self-gate):** enumerate cái C2-skip che = per-item frozen (ef-core "Mig 12→10 bảng") + Session-N historical + CLAUDE.md "88 table"==canonical — KHÔNG cái nào là live-aggregate-state-count. Cả 11 prose-drift VẪN bắt. C1 normalize verified 2 chiều (genuine-dangling vẫn flag + prefix-differ vẫn flag). **NO real drift hidden.**
- Anti-finding: C3 console mojibake "D? tr<74>" = console-codepage Bash-capture artifact, KHÔNG script bug ([Console]::OutputEncoding=UTF8 render "Dự trù PRO" đúng; Select-String so-sánh UTF-8 chính-xác).
## Em-main actions post-doublecheck
1. ✅ self-gate fake-drift (close DA1) — no over-suppression, runtime.
2. ✅ +C2 "test project" skip (line 90 FP gone, 27→26) — ASCII clean.
3. ✅ agents/README "(pending)" → run-id thật (review `wf_d7ca1ff8-942` + doublecheck `wf_a0b68d2f-30e`).
4. ⚠️ Tree-line FP-skip ATTEMPTED rồi REVERT (literal box-glyph = gotcha #30 trap; \u-escape edit bị tool render-normalize → bỏ, line 84 "6 test" giữ làm documented soft-net FP, advisory exit-0 harmless). **Bài học: KHÔNG đưa box-glyph vào .ps1 — kể cả qua Edit tool (normalize).**
## VERDICT: PASS — committed-state đúng, refinement 0-regression (triple-confirmed self-gate+DA2+DA3), containment clean. Sẵn-sàng checklist-verify + push.

20
.claude/workflows/runs/2026-06-18-h11-doublecheck/run.md Normal file
View File

@ -0,0 +1,20 @@
# RUN — 2026-06-18-h11-doublecheck (Harness-11 adap · DOUBLE-CHECK #1, anh giao)
> **Harness-10 FLAT run-trace** (TRACKED). 3× reviewer (read-only, adversarial ∥). Synthesis → `doublecheck-synthesis.md`.
- **Workflow:** Harness-11 adap — DOUBLE-CHECK vòng 2 (anh giao "double check lại 1 turn nữa")
- **Mode:** hmw RUN-TRACE free-text. Re-review state ĐÃ COMMIT `e70c046` (post-refinement).
- **Trọng tâm:** REVIEW vòng 1 (`wf_d7ca1ff8-942`) đã PASS + em-main refine C2/C1 (59→27). Vòng này soi **regression của chính refinement** + bất kỳ thứ gì 2 vòng trước sót.
## 3 lane
| Lane | Role | Focus |
|---|---|---|
| DA1 over-suppression regression | reviewer | C2 context-skip (table-row/version/historical) + C1 [-_] normalize có làm detector MÙ drift thật không? Test: tạo fake-drift trong context KHÔNG-skip → chạy → confirm bắt → revert. Over-suppress = nguy cơ #1 của refinement |
| DA2 committed-state correctness | reviewer | git show e70c046: engine-doc + B1 ×11 + cadence-wire ĐÚNG trên disk? B1 có vô-tình đổi nghĩa/xóa nội-dung load-bearing? cadence §2.1.3/§L.b cú-pháp đúng? |
| DA3 containment + run-trace integrity | reviewer | commit có gì sai? run-trace 4 folder đủ synthesis? broadcasts hash khớp? 0 production code thật? sub-task MD present (impl) vs read-only-scribe (audit/review)? |
## Acceptance
PASS = refinement KHÔNG over-suppress (detector vẫn bắt drift thật) + committed-state đúng + containment clean. Issue → em-main fix trước checklist-verify + push.
## Run-id
`wf_a0b68d2f-30e`

42
.claude/workflows/runs/2026-06-18-h11-implement/implement-synthesis.md Normal file
View File

@ -0,0 +1,42 @@
# IMPLEMENT SYNTHESIS — Harness-11 adap (2026-06-18-h11-implement · `wf_c5e5844e-7c1`)
> 2× general-purpose (script, file-disjoint ∥) + em-main single-writer (governance MD cluster). Em-main scribe synthesis @P3.
## Sub Lane 1 — `scripts/governance-detectors.ps1` (PHẦN C + B3) ✅ RUNTIME-PROVEN
- 401 dòng, ASCII-only body, PS 5.1, exit 0. Flag: **71 pre-B1 → 59 post-B1 → 27 post-refinement (R2)** (HIGH=0) — drift-fix + FP-cut (C2 context-skip table-row/version/historical + C1 `[-_]` normalize), C4 0 self-match suốt.
- **C1 broken-pointer:** gotcha-ref 0 dangling (sạch) + **29 dangling-wikilink** (hyphen-form `[[feedback-x]]` vs file underscore `feedback_x.md` — REAL inconsistency, để REVIEW judge FP-vs-real).
- **C2/B3 staleness:** bắt đúng drift root CLAUDE.md (mig53→55·test306→339·gotcha68→69) = runtime proof. Canonical đọc STATUS.md + cross-check disk (mig=55, gotcha=69 khớp → 0 'canonical-stale').
- **C3 vocab-fork:** `wave-folder=15f vs run-trace=18f` + bonus `two-tier=17f vs all-inherit=10f` + `Dự trù PRO=7f vs Ngân sách PRO=6f` (rename S65 còn 2 tên sống).
- **C4 self-exclusion:** 5 paths excluded, 0 self-match ✓.
- **C5 resolve-condition:** 100% FLAG có `resolve:`.
- **NO-API verified:** 0 hit Invoke-WebRequest/HttpClient/System.Net/6333/store_memory. Detector **0 auto-write** (Set-Content/Out-File = 0) → DÒ+FLAG-only ✓.
- **gotcha #30 RUNTIME-CATCH:** vòng-1 chỉ 53 flag — PS5.1 `-File` decode .ps1 UTF-8-no-BOM bằng ANSI-1252 → literal Việt mojibake → MISS 18 flag (gồm '68 bẫy' + vocab-fork Việt). FIX: body ASCII-only + build token Việt từ code-point runtime (`U @(0x62,0x1EAB,0x79)`). **Minh-chứng giá-trị mandate "chạy thật"** (không runtime → over-claim detector hoạt-động khi nó MÙ token Việt).
- **HONEST limitation:** C2 count-token = soft-net ~12 TRUE / ~29 false-pos (version "Core 10", per-row "N bảng module", historical "154 test", greedy cross-line). sev LOW khi |lệch|<10. người xử cờ, KHÔNG auto-fix (đúng D6).
## Sub Lane 2 — `scripts/memory-archive-gate.ps1` (PHẦN A) ✅ RUNTIME-PROVEN
- 289 dòng, exit 0, DRY-RUN default, NO-API, FLAG-only.
- budget.json `archive_gate` block ADDITIVE (autoinject_cap 25600 · low_watermark_ratio 0.85 · keep_floor_entries 5 · strike_threshold 2). `measured`/`tiers`/`last_sleep_at` UNTOUCHED.
- **A4 hysteresis** proven (cicd after-est ~21180 < low-water 21760, không dừng vạch). **A5 keep-floor** proven (inv/reviewer WARN "keep-floor hit (5); cannot auto-drain - SPLIT/condense" từ-chối vét-sạch khi 5 entry mới-nhất đã > cap). **A6 2-strike** lifecycle proven (-Apply ×2: run1 strike1 WATCH → run2 strike2 PROPOSE). **A7 NO-API gate** 186/186 pointer resolve across 4 sub có archive + byte-sanity.
- DRY-RUN flag over-cap đúng: reviewer 38755 · inv-codebase 31502 · cicd 26798.
- 3 bug fixed mid-build (honest): PS-5.1 parser cascade (typo `'``"`) · gotcha #30 mojibake (ReadAllText UTF8) · legend-line FP (`^\s*>` skip).
## Em-main cluster (governance MD — single-writer D9, B4 gated) ✅
- **Engine-doc** `docs/governance/harness-11-engine.md` — canonical SE: artifact-map + PHẦN A/B/C/D + **3-tier D5(AUTO)/D6(DÒ+FLAG)/D7(owner-approve) nhãn-hoá EXPLICIT** + **one-direction-lock D8 codify** + CAVEAT honest. Doc khác TRỎ về đây (B1 dogfood).
- **B1 pointer + drift-fix (11 edit):** root CLAUDE.md ×7 (count→`docs/STATUS.md` pointer) · ef-core SKILL ×6 (incl +Mig 54/55 rows) · skills/README ×2 · dep-audit SKILL ×1 · docs/CLAUDE.md ×2 (93→88 + 58→pointer). **Post-B1 detector re-run: drift THẬT root CLAUDE.md RESOLVED** (3 real flag gone); còn lại = documented FP (version/per-row/historical).
- **Cadence-wire:** session-start §2.1.3 (D1 chạy detector @start) + session-end §L.b(c) (D2 archive-gate @end) + agents/README Upgrade S75 — tất cả TRỎ engine-doc.
## Completeness-gate status (B+C+D function-floor)
- **PHẦN B:** B1 ✅ (pointer + drift-fix) · B2 ✅ (readable giữ) · B3 ✅ (detector C2) · B4 ✅ (em-main gated). ĐẠT.
- **PHẦN C:** C1 ✅ · C2 ✅ · C3 ✅ · C4 ✅ (0 self-match) · C5 ✅ (resolve-condition). ĐẠT (runtime-proven).
- **PHẦN D:** D1 ✅ (wired session-start) · D2 ✅ (wired session-end) · D3-D4 PRESENT (sẵn) · D5/D6/D7 ✅ (3-tier codify engine-doc) · D8 ✅ (one-direction-lock codify) · D9/D10/D11 PRESENT-mạnh (sẵn). ĐẠT.
- **PHẦN A (🟡):** A1-A3 sẵn · A4/A5/A6 ✅ (params + gate) · A7 ✅ (NO-API standing-gate). Mechanized-hoá hơn (tailored).
## Single-writer (D9) respected
git status: sub Lane 1 chỉ tạo `governance-detectors.ps1` + sub-task-0.md · Lane 2 chỉ `memory-archive-gate.ps1` + budget.json + sub-task-1.md · em-main = mọi canonical MD. KHÔNG sub đụng canonical/agent-memory/sibling. Containment CLEAN.
## Cho REVIEW (W3) đánh-giá
1. Completeness-gate: B+C+D đủ-trọn? (claim ĐẠT — verify độc-lập).
2. Detector quality: FP-rate C2 (~29/71) có chấp-nhận-được không, hay cần refine regex context-aware? (em KHÔNG tự-refine = tránh self-bias).
3. C1 wikilink 29 flag: hyphen-vs-underscore = REAL inconsistency hay detector normalization-FP?
4. Honesty: nấc executed-file vs runtime đúng chưa, có over-claim không.
5. Containment: single-writer giữ, no auto-write-of-law.

24
.claude/workflows/runs/2026-06-18-h11-implement/run.md Normal file
View File

@ -0,0 +1,24 @@
# RUN — 2026-06-18-h11-implement (Harness-11 adap · STAGE 2 IMPLEMENT)
> **Harness-10 FLAT run-trace** (TRACKED). Sub ghi `sub-<role>-<i>.md` phẳng. Synthesis → `implement-synthesis.md`.
- **Workflow:** Harness-11 adap — IMPLEMENT (fill GAP từ audit-synthesis)
- **Mode:** hmw RUN-TRACE. 2× general-purpose (script, file-disjoint ∥) + em-main MD cluster (single-writer D9)
- **Opened:** 2026-06-18 (S75)
- **Input:** `../2026-06-18-h11-audit/audit-synthesis.md` GAP-list
## Phân-công (single-writer split D9: sub=SCRIPT non-canonical · em-main=governance MD)
| Lane | Owner | Deliverable | PHẦN |
|---|---|---|---|
| impl-detectors | general-purpose (Write+Bash) | `scripts/governance-detectors.ps1` — C1 broken-pointer + C2 staleness(=B3) + C3 vocab-fork + C4 self-exclusion + C5 resolve-condition · NO-API grep · RUNTIME-prove | C1-C5 + B3 |
| impl-archive-gate | general-purpose (Write+Bash) | `scripts/memory-archive-gate.ps1` (hysteresis 0.85 + keep-floor ≥5 + 2-strike + NO-API L1-eval) + budget.json A4/A5/A6 params | A1/A4/A5/A6/A7 |
| em-main cluster | 👤 em-main | `docs/governance/harness-11-engine.md` (D1-D11 + 3-tier D5/D6/D7 + one-direction-lock D8 + trỏ detector+canonical) · B1 pointer+drift-fix (root CLAUDE.md·ef-core SKILL·skills/README·dep-audit·docs/CLAUDE.md) · cadence-wire (session-start D1·session-end D2) · agents/README ref | B1·D5-D8 |
## Acceptance (completeness-gate: B+C+D đủ-trọn)
- C: 3 detector chạy được (runtime), FLAG drift thật + 0 self-match (C4)
- B: derived count → pointer canonical; B3 detector FLAG mismatch
- D: 3-tier + one-direction-lock codify explicit
- Single-writer giữ: sub KHÔNG đụng canonical MD; em-main scribe
## Run-id
`wf_c5e5844e-7c1`

124
.claude/workflows/runs/2026-06-18-h11-implement/sub-task-0.md Normal file
View File

@ -0,0 +1,124 @@
# sub-task-0 — `scripts/governance-detectors.ps1` (Harness-11 PHẦN C + B3)
> Lane **impl-detectors** · owner general-purpose (Write+Bash) · single-writer: CHỈ `scripts/governance-detectors.ps1` + file này.
> NO-API · DÒ+FLAG-only · PowerShell 5.1 · RUNTIME-proven (output thật dán §3).
## 1. Deliverable
`D:\Dropbox\CONG_VIEC\SOLUTION\SOLUTION_ERP\scripts\governance-detectors.ps1` (~355 dòng, ASCII-only body).
3 bộ dò + self-exclusion + summary. Param `$RepoRoot` (default = `Resolve-Path $PSScriptRoot\..`). Exit-code **0 luôn** (dò-only, KHÔNG fail-build). Mỗi FLAG: `[DETECTOR] severity | file:line | desc | resolve: <điều-kiện-gỡ-cờ>` (C5).
## 2. Thiết-kế từng detector
### C2/B3 — derived-staleness (ưu-tiên, value cao nhất) ✅
- **Canonical** đọc từ `docs/STATUS.md` CURRENT STATE table qua regex `^\|\s*<label>\s*\|\s*\*\*(\d+)` (số trong `**N**` đúng row Migrations/Tests/Gotchas/SQL tables). Runtime đọc đúng: **mig=55 test=339 gotcha=69 table=88**.
- **Cross-check disk** (canonical tự-nó không stale):
- `mig` = đếm `*.cs` trong **mọi** dir tên `Migrations` dưới `src` (exclude `bin|obj|node_modules` + `*Designer.cs`/`*ModelSnapshot.cs`). Recursive-search vì migration thật ở `src\Backend\SolutionErp.Infrastructure\**Persistence**\Migrations (SPEC ghi gần-đúng `...\Migrations` — đã xử robust). Runtime: disk mig=55.
- `gotcha` = max N từ `^### (\d+)\.` trong `docs/gotchas.md`. Runtime: disk gotcha=69.
- STATUS-value ≠ disk-value → FLAG `canonical-itself-stale` (HIGH). Lần này KHỚP → 0 HIGH (baseline an-toàn).
- **Derived scan** 5 file: `CLAUDE.md`(root) · `docs/CLAUDE.md` · `.claude/skills/ef-core-migration/SKILL.md` · `.claude/skills/README.md` · `.claude/skills/dependency-audit-erp/SKILL.md`. Count-token regex: `(\d+)\s*migration` · `(\d+)\s*test` · `(\d+)\s*(?:<bay>|gotcha)` · `(\d+)\s*(?:<bang>|table)`. Lệch canonical → FLAG `derived-stale` (MED nếu |lệch|≥10, else LOW).
### C1 — broken-pointer ✅
- **(a) gotcha-ref**: grep `docs/** + .claude/** *.md` bắt `gotcha[s]?\s*#?(\d+)` + bare `#(\d+)`. `gotcha #N` luôn validate (N>max → broken MED; thiếu `### N.` anchor → LOW). Bare `#N` chỉ xét trong range; `#N`>max bỏ qua (tránh nhầm Run #312/PR #). Runtime: **0 flag** — mọi gotcha-ref ≤69 và có anchor (đúng — repo sạch khoản này).
- **(b) wikilink**: scan user-memory `C:\Users\pqhuy\.claude\projects\...\memory\*.md` + in-repo `.claude/agent-memory/**`. Bắt `\[\[([a-z0-9_-]+)\]\]`; target `<name>.md` không tồn tại trong scope → dangling. User-memory KHÔNG reachable → note + agent-memory-only (lần này user-memory REACHABLE, 29 file).
### C3 — vocab-fork ✅
- Seed alias-set: `@('wave-folder','run-trace')`, `@('<Du tru PRO>','<Ngan sach PRO>')`, `@('two-tier','all-inherit')`. Mỗi set đếm file dùng từng biến-thể; ≥2 biến-thể CÙNG sống → FLAG count + sample | resolve gộp/alias-map.
### C4 — self-line exclusion (BẮT BUỘC) ✅
- Exact: `scripts/governance-detectors.ps1`, `docs/governance/harness-11-engine.md`. Dir-fragment: `\broadcasts\inbox\`, `\broadcasts\outbox\`, `\.claude\workflows\runs\`, `\.claude\workflows\scripts\`. `Test-Excluded` áp MỌI scan. Summary in `self-exclusion: N paths excluded` + assert `self in scan=0` + `leaked=0`.
### 🔴 Encoding-robustness (gotcha #30 — phát-hiện lúc RUNTIME, đã FIX)
Vòng-1 detector MISS `CLAUDE.md:133` "68 bẫy" + cả set vocab-fork `Dự trù PRO``Ngân sách PRO`. Root-cause: file `.ps1` ghi **UTF-8 KHÔNG BOM** (Write-tool); `powershell.exe -File` ở PS 5.1 decode file no-BOM bằng **codepage ANSI (1252)**, KHÔNG phải UTF-8 → literal tiếng Việt `bẫy`/`bảng`/`Dự trù` bị mojibake → KHÔNG match content UTF-8 đọc đúng (`Get-Content -Encoding UTF8`). FIX: body **ASCII-only**, mọi token tiếng Việt build từ **Unicode code-point runtime** qua helper `U @(0x62,0x1EAB,0x79)` → encoding-độc-lập. Sau fix: 71 flag (vòng-1 chỉ 53 — thiếu 18 do mojibake). Đây là minh-chứng giá-trị của mandate "viết xong PHẢI chạy thật".
## 3. RUNTIME — output thật (`powershell.exe -ExecutionPolicy Bypass -File scripts/governance-detectors.ps1`)
**Exit code: 0** · **TOTAL FLAGS: 71** (HIGH=0 · MED=33 · LOW=38).
```
===== C2/B3 - canonical resolve + disk cross-check =====
STATUS.md canonical: mig=55 test=339 gotcha=69 table=88
disk cross-check: mig=55 gotcha=69
[OK] canonical matches disk (mig + gotcha) - safe baseline for derived scan
===== C2/B3 - derived-doc staleness =====
[DETECTOR] LOW | CLAUDE.md:53 | derived-stale: writes 53 migration but canonical=55 | resolve: update to 55 OR replace with pointer '-> docs/STATUS.md' <== TRUE drift (root CLAUDE mig)
[DETECTOR] MED | CLAUDE.md:53 | derived-stale: writes 53 gotcha/bay but canonical=69 | resolve: ... <== FALSE-POS ("53" la mig-number, dinh token 'bay'? -> thuc te dong 53 KHONG co 'bay'; xem honesty #2)
[DETECTOR] MED | CLAUDE.md:66 | derived-stale: writes 306 test but canonical=339 | resolve: ... <== TRUE drift (root CLAUDE test)
[DETECTOR] MED | CLAUDE.md:80 | derived-stale: writes 45 test but canonical=339 <== FALSE-POS (45 = Domain breakdown)
[DETECTOR] MED | CLAUDE.md:81 | derived-stale: writes 261 test but canonical=339 <== FALSE-POS (261 = Infra breakdown)
[DETECTOR] MED | CLAUDE.md:84 | derived-stale: writes 6 test but canonical=339 <== FALSE-POS
[DETECTOR] MED | CLAUDE.md:90 | derived-stale: writes 2 test but canonical=339 <== FALSE-POS ('2 test project')
[DETECTOR] LOW | CLAUDE.md:133 | derived-stale: writes 68 gotcha/bay but canonical=69 | resolve: update to 69 ... <== TRUE drift (root CLAUDE '68 bay') -- VONG-1 BI MISS, sau fix encoding moi bat
[DETECTOR] MED | docs/CLAUDE.md:13 | derived-stale: writes 4 table/bang but canonical=88 <== FALSE-POS ('4 bang Budget' module-local)
[DETECTOR] LOW | docs/CLAUDE.md:70 | derived-stale: writes 93 table/bang but canonical=88 | resolve: update to 88 ... <== TRUE drift (ERD '93 bang')
[DETECTOR] MED | docs/CLAUDE.md:123 | derived-stale: writes 4 table/bang but canonical=88 <== FALSE-POS (Phase 7 '4 bang Budget')
[DETECTOR] MED | docs/CLAUDE.md:124 | derived-stale: writes 71 test but canonical=339 <== FALSE-POS (Phase 8 historical '71 test')
[DETECTOR] MED | .claude/skills/ef-core-migration/SKILL.md:3 | writes 10 migration <== FALSE-POS ('.NET Core 10 migration')
[DETECTOR] LOW | .claude/skills/ef-core-migration/SKILL.md:3 | writes 53 migration <== TRUE drift
[DETECTOR] LOW | .claude/skills/ef-core-migration/SKILL.md:19 | writes 53 migration <== TRUE drift
[DETECTOR] MED | .claude/skills/ef-core-migration/SKILL.md:34..115 | writes 1/3/4/10 table/bang <== FALSE-POS (per-migration '<n> bang module ...')
[DETECTOR] MED | .claude/skills/ef-core-migration/SKILL.md:42/86/87/154/171 | writes 1/2 migration <== FALSE-POS (mig list seq number)
[DETECTOR] MED | .claude/skills/ef-core-migration/SKILL.md:107 | writes 58/96/154 test <== FALSE-POS (per-project breakdown)
[DETECTOR] LOW | .claude/skills/ef-core-migration/SKILL.md:285 | writes 53 migration <== TRUE drift
[DETECTOR] MED | .claude/skills/README.md:20 | writes 10 migration <== FALSE-POS ('.NET Core 10')
[DETECTOR] LOW | .claude/skills/README.md:20 | writes 53 migration <== TRUE drift
[DETECTOR] LOW | .claude/skills/README.md:90 | writes 68 gotcha/bay <== TRUE drift ('68 bay')
[DETECTOR] LOW | .claude/skills/dependency-audit-erp/SKILL.md:153 | writes 68 gotcha/bay <== TRUE drift ('68 bay')
(note: count-token grep is a soft net - module-local phrases like "4 bang Budget" / "71 test (Phase 8)" can false-positive; treat LOW sev as review-not-fail)
===== C1 - broken gotcha-ref =====
(no flags -- all gotcha #N refs <= 69 and anchored; bare #N>max skipped to avoid Run#/PR# noise)
===== C1 - dangling wikilink =====
[DETECTOR] LOW | user-memory/<29 file>:* | dangling-wikilink: [[<hyphen-form>]] -> <name>.md not found in user-memory | resolve: fix link / create file (hyphen-vs-underscore fork)
... 21 user-memory dangling (vd [[feedback-implementer-truncation-mitigation]] -- file that la feedback_implementer_truncation_mitigation.md _underscore_) ...
[DETECTOR] LOW | agent-memory/pattern_*.md:* | [[pattern-...-hyphen]] -> not found ... 8 agent-memory dangling (6 hyphen-fork + 2 trong 2026-06.gist.md tro feedback_* underscore khac-scope) ...
===== C3 - vocab-fork =====
[DETECTOR] MED | multiple files | vocab-fork: wave-folder=15f vs run-trace=18f live side-by-side -- 'wave-folder' in [docs/HANDOFF.md, docs/STATUS.md] | 'run-trace' in [docs/HANDOFF.md, docs/STATUS.md] | resolve: merge / alias-map
[DETECTOR] MED | multiple files | vocab-fork: Du tru PRO=7f vs Ngan sach PRO=6f live side-by-side -- in [docs/HANDOFF.md, docs/STATUS.md] | resolve: merge / alias-map <== VONG-1 BI MISS (mojibake), sau fix moi bat
[DETECTOR] MED | multiple files | vocab-fork: two-tier=17f vs all-inherit=10f live side-by-side -- in [docs/HANDOFF.md, docs/STATUS.md] | resolve: merge / alias-map
===== Summary =====
self-exclusion: 5 paths excluded (exact+dir rules)
- excluded: scripts/governance-detectors.ps1
- excluded: docs/governance/harness-11-engine.md
- excluded: broadcasts/inbox
- excluded: broadcasts/outbox
- excluded: .claude/workflows/runs
self-match check: governance-detectors.ps1 in scan = 0 ; leaked excluded files in scan = 0
[OK] 0 self-match (C4 satisfied)
TOTAL FLAGS: 71
NOTE: DETECT-only lowering net. Exit 0 always (never fails build). FLAGs are advisory.
=== EXIT CODE: 0 ===
```
> (Output trên rút-gọn các block lặp dài; con-số tally + dòng load-bearing y-nguyên run thật. Full 71 dòng có trong stdout.)
## 4. Acceptance — verdict (số đo)
| Mục SPEC | Verdict | Bằng-chứng (file:line từ output thật) |
|---|---|---|
| (i) C2/B3 FLAG drift root CLAUDE.md **mig 53 vs 55** | ✅ PASS | `CLAUDE.md:53 ... 53 migration but canonical=55` |
| (i) **gotcha 68 vs 69** | ✅ PASS | `CLAUDE.md:133 ... 68 gotcha/bay but canonical=69` (sau encoding-fix) + `README.md:90` + `dep-audit/SKILL.md:153` |
| (i) **test 306 vs 339** | ✅ PASS | `CLAUDE.md:66 ... 306 test but canonical=339` |
| (ii) C3 FLAG vocab-fork wave↔run-trace | ✅ PASS | `wave-folder=15f vs run-trace=18f live side-by-side` |
| (iii) self-exclusion 0 self-match | ✅ PASS | `governance-detectors.ps1 in scan = 0 ; leaked = 0 ; [OK] C4 satisfied` |
| Exit-code 0 (dò-only) | ✅ PASS | `=== EXIT CODE: 0 ===` |
| NO-API | ✅ PASS | Chỉ `Select-String/Get-Content/Get-ChildItem/regex`. grep script: 0 hit `Invoke-WebRequest|curl|api|http` |
| PS 5.1 parse | ✅ PASS | `PSParser.Tokenize` 0 error |
| Bonus drift bắt thêm | | `docs/CLAUDE.md:70 93 bảng` (canon 88) + vocab-fork thứ-3 `Dự trù PRO=7f vs Ngân sách PRO=6f` (rename S65 còn 2 tên sống) |
## 5. C5 resolve-condition — đủ mọi FLAG
derived-stale → "update to M OR replace with pointer '-> docs/STATUS.md'" · canonical-itself-stale → "re-ground STATUS.md <row> to <disk>" · broken-gotcha-ref → "fix number or add gotcha to docs/gotchas.md" · dangling-wikilink → "fix link target or create file" · vocab-fork → "merge to ONE canonical term, or record alias-map".
## 6. Honest limitations (LƯỚI giảm-sót, KHÔNG khoá-cứng — đừng over-claim)
1. **C2/B3 count-token = soft net, FALSE-POSITIVE thật**: trong 41 derived-flag, ~12 TRUE drift / ~29 FP. Nguồn FP: `.NET Core 10 migration` (version), per-project test breakdown (45/261/58/96), migration list seq number (`1 migration`), module-local `4 bảng Budget`, Phase-historical `71 test`. Mitigation: NOTE cảnh-báo + sev LOW khi |lệch|<10. KHÔNG lọc cứng theo ngữ-cảnh (giòn). Người xử FLAG, KHÔNG auto-fix. **TRUE-signal (53 mig · 306 test · 68 bẫy · 93 bảng) ĐỀU có trong list** runtime-proof ĐẠT.
2. **`CLAUDE.md:53 "53 gotcha/bay"` = FP do regex tham**: token `(\d+)\s*(?:bẫy|gotcha)` bắt "53" rồi nuốt khoảng-trắng dài tới chữ "gotcha" xa hơn trên cùng dòng (dòng 53 dài, chữ `gotcha #63/#64`). over-match. Đây giới-hạn regex flat-line, GHI . Dòng 53 thật-sự stale "53 migration" (đã bắt riêng, đúng).
3. **bare `#N` gotcha-ref** cố-ý bỏ qua khi N>max (tránh nhầm Run #312/PR #) → có thể MISS broken-ref dạng `#999` thật. Trade-off ít-noise.
4. **agent-memory `2026-06.gist.md` 2 dangling** trỏ file user-memory (khác-scope) → "dangling trong agent-memory" kỹ-thuật đúng nhưng có thể cross-scope cố-ý. GHI nhận, không khẳng định tuyệt-đối broken.
5. **user-memory path hard-code** theo slug máy này; máy/CI khác → tự fallback agent-memory-only + note (đã code; chưa test máy khác).
6. **vocab-fork sample chỉ in 2 file đầu** mỗi biến-thể (gọn output); muốn full-list cần mở rộng — chấp-nhận cho lần này.
## 7. Single-writer compliance
CHỈ ghi 2 file: `scripts/governance-detectors.ps1` + sub-MD này (`runs/2026-06-18-h11-implement/sub-task-0.md`). KHÔNG đụng canonical MD (CLAUDE/README/STATUS/agents) · KHÔNG agent-memory · KHÔNG sub-MD khác · KHÔNG store_memory/RAG/HTTP/Qdrant. Detector tự-nó KHÔNG ghi file nào (FLAG ra stdout only) — auto-WRITE luật = mối-nguy #1, đã tránh tuyệt-đối.
```

156
.claude/workflows/runs/2026-06-18-h11-implement/sub-task-1.md Normal file
View File

@ -0,0 +1,156 @@
# sub-task-1 — Harness-11 PART-A — memory-archive-gate.ps1 (hot-mem auto-archive standing-gate, NO-API)
**Role:** general-purpose (implementer, has Write/Edit) · **Run:** 2026-06-18-h11-implement
**Files owned (single-writer, file-disjoint):**
- `scripts/memory-archive-gate.ps1` (NEW, 266 lines)
- `.claude/agent-memory/memory-budget.json` (ADD `archive_gate` block only)
- this sub-MD
**Verdict:** DONE + RUNTIME-PROVEN. DRY-RUN clean (A7 GATE PASS 186/186 pointers, exit 0). A6 2-strike lifecycle proven across 2 `-Apply` runs (WATCH@strike1 → PROPOSE@strike2). NO-API + FLAG-ONLY audited clean.
---
## 1. budget.json — additive params (acceptance item 1)
Added `archive_gate` block **before** `measured` (did NOT touch `measured` / `tiers` / `last_sleep_at` / `seeded_date`):
```json
"archive_gate": {
"_note": "Harness-11 PART-A ... ADDITIVE ...",
"autoinject_cap_bytes": 25600,
"low_watermark_ratio": 0.85,
"keep_floor_entries": 5,
"strike_threshold": 2
}
```
- `autoinject_cap_bytes: 25600` = A1 over-cap line (matches existing `tiers.l1_hot.autoinject_cap_bytes`).
- `low_watermark_ratio: 0.85``floor(0.85 * 25600) = 21760` = A4 hysteresis drain target.
- `keep_floor_entries: 5` = A5.
- `strike_threshold: 2` = A6.
**Untouched-block proof (runtime):**
```
JSON parse OK
archive_gate: cap=25600 low_ratio=0.85 keep_floor=5 strike=2
measured block still present? cicd l1_hot=23653
last_sleep_at preserved? 2026-06-18
```
## 2. memory-archive-gate.ps1 — structure
Two independent passes, DRY-RUN by default (`-Apply` only advances the strike counter; **never** moves/edits a `.md`).
| Pass | Maps to | What it does |
|---|---|---|
| PASS 1 PLANNER | A1 / A4 / A5 / A6 | per `<sub>/MEMORY.md`: measure bytes (A1); if > cap, plan #oldest-entries to MOVE to get **below** low-watermark (A4 hysteresis), keeping ≥ keep_floor newest (A5), gated behind 2-strike (A6). Prints `sub bytes over? entries strike after-est resolve`. |
| PASS 2 A7-GATE | A7 NO-API | per `<sub>/archive/_INDEX.md`: extract every `substring:"..."`; literal `.Contains()` search across `archive/*.md` (UTF-8); byte-sanity (file exists + size>0). Prints PASS/FAIL per pointer. |
Key design points:
- **Entry boundary** (A5 counting) = first of `^##` / `^###` / `^---` (regex `^(#{2,3}\s|---\s*$)`). MEMORY.md files here are h2-only today (verified) so marker-count == entry-count; regex also tolerates h3/HR files.
- **after-est** = `total sum(line.Length+2)` for the moved prefix (CRLF-aware estimate; prefixed `~` to flag it as approximate — the gate never performs a real cut).
- **A6 strike state** persisted to `.claude/agent-memory/.archive-strikes.json` (flat `{sub:int}`, ASCII). Reset-to-0 on any clean run ⇒ *consecutive*-over-cap semantics. Mutated **only under `-Apply`** so DRY-RUN is side-effect-free.
- **A7 robustness**: resolves the substring against ALL `archive/*.md` for the sub (not just the arrow-named file) because the 3 `_INDEX` formats name the target differently (reviewer `→ \`file\``; cicd `\`file\` · substring:`; inv-codebase q-shorthand table). A unique substring landing anywhere in the sub's frozen archive == resolved. Skips `^\s*>` blockquote legend lines (the `substring:"<unique-string>"` template is documentation, not a record).
- **Exit code**: `2` on A7 integrity failure (broken pointer / 0-byte archive); `0` otherwise. Over-cap is a FLAG, not an error (gate reports, human curates).
## 3. RUNTIME — DRY-RUN (canonical evidence)
`powershell.exe -ExecutionPolicy Bypass -File scripts\memory-archive-gate.ps1` → EXIT 0:
```
============================================================
memory-archive-gate.ps1 - Harness-11 PART-A
mode : DRY-RUN (no writes at all)
cap : 25600 bytes (autoinject_cap)
low-water : 21760 bytes (A4 hysteresis drain target = ratio 0.85)
keep-floor : 5 newest entries (A5)
strike-need : 2 consecutive over-cap runs to PROPOSE (A6)
============================================================
### PASS 1 - hot-tier over-cap planner (FLAG ONLY, no moves)
sub bytes over? entries strike after-est resolve
------------------------ --------- ----- ---------- ------- ------------ -------
cicd-monitor 26798 YES 18 1 ~21180 WATCH (strike 1<2): re-run; propose only after 2 consecutive over-cap
database-agent 5917 no 6 0 - ok
frontend-designer 24004 no 6 0 - ok
harvest-curator 18952 no 6 0 - ok
implementer-backend 17692 no 23 0 - ok
implementer-frontend 13394 no 16 0 - ok
investigator-api 8510 no 9 0 - ok
investigator-codebase 31502 YES 20 1 ~27069 WARN keep-floor hit (5); cannot auto-drain - SPLIT/condense entries by hand
reviewer 38755 YES 14 1 ~33738 WARN keep-floor hit (5); cannot auto-drain - SPLIT/condense entries by hand
test-specialist 24663 no 17 0 - ok
tooling-auditor 18431 no 6 0 - ok
[A6] DRY-RUN: strike counters NOT persisted (run with -Apply to advance strikes)
### PASS 2 - A7 archive-integrity gate (NO-API: grep + measure only)
[cicd-monitor] _INDEX.md + 7 archive file(s)
-> PASS pointers 76 resolved 76 failed 0
[implementer-backend] _INDEX.md + 7 archive file(s)
-> PASS pointers 41 resolved 41 failed 0
[investigator-codebase] _INDEX.md + 7 archive file(s)
-> PASS pointers 40 resolved 40 failed 0
[reviewer] _INDEX.md + 5 archive file(s)
-> PASS pointers 29 resolved 29 failed 0
------------------------------------------------------------
A7 GATE PASS - total pointers 186, resolved 186, failed 0
------------------------------------------------------------
EXITCODE=0
```
**Reads the spec's expected over-cap subs:** reviewer 38755 (~37.8KB, over), investigator-codebase 31502 (~30.8KB, over). cicd-monitor 26798 also over (current, > spec's stale ~note). All 8 under-cap subs print `ok`.
## 4. RUNTIME — A6 2-strike lifecycle (`-Apply` ×2)
The strike-counter is an **executed-file** mechanism; it needs 2 runs to demonstrate the PROPOSE gate (honest n"executed-file vs runtime" tier).
**APPLY run 1** → strikes file written `{cicd:1, inv:1, reviewer:1, all-clean:0}`; over-cap subs show `WATCH (strike 1<2)`:
```
cicd-monitor 26798 YES 18 1 ~21180 WATCH (strike 1<2): re-run; propose only after 2 consecutive over-cap
investigator-codebase 31502 YES 20 1 ~27069 WARN keep-floor hit (5); cannot auto-drain - SPLIT/condense entries by hand
reviewer 38755 YES 14 1 ~33738 WARN keep-floor hit (5); cannot auto-drain - SPLIT/condense entries by hand
[A6] strikes persisted -> ...\.archive-strikes.json
```
**APPLY run 2** → strikes advance to 2; cicd-monitor flips WATCH → **PROPOSE** (it has drainable headroom: move 6 oldest → ~21180 < low-water 21760); inv/reviewer stay WARN (A5 keep-floor priority newest 5 entries alone exceed cap):
```
cicd-monitor 26798 YES 18 2 ~21180 PROPOSE archive (strike 2>=2): move 6 oldest -> curate L1->L2 by hand
investigator-codebase 31502 YES 20 2 ~27069 WARN keep-floor hit (5); cannot auto-drain - SPLIT/condense entries by hand
reviewer 38755 YES 14 2 ~33738 WARN keep-floor hit (5); cannot auto-drain - SPLIT/condense entries by hand
```
strikes file after run 2: `{cicd:2, inv:2, reviewer:2, all-clean:0}`.
**Strike artifact cleaned up** post-test (`rm .archive-strikes.json`) DRY-RUN default never creates it; shipped repo carries no stale strike state. Cold-start DRY-RUN re-verified: EXIT 0, A7 GATE PASS 186/186.
## 5. Bugs hit + fixed during build (honesty log)
1. **PS 5.1 parser cascade (mid-build, self-fixed):** line 94 had a typo `'resolve")` a `"` where a `'` belonged which left a single-quoted string unterminated and consumed forward, throwing 4 misleading errors anchored at *later* valid lines (102/222/233/266). Root-caused via per-line `0x22`-byte hexdump (`xxd | grep 22`) the closing `'` of the last `-f` arg was a `"`. Fixed `'resolve')`. Lesson: PS 5.1 mis-locates the error site of an unterminated string; bisect by counting quotes, not by trusting the reported line.
2. **gotcha #30 mojibake (A7 false-FAIL):** first A7 run reported 55 PTR-FAILs, all on pointers containing Vietnamese diacritics / em-dash / arrows (`â€"`, `×`, `â†'`). Cause: PS 5.1 `Get-Content` / `Select-String` default to ANSI codepage and mangle UTF-8. Fix: read BOTH `_INDEX.md` and archive files via `[System.IO.File]::ReadAllText($path, UTF8)` + `String.Contains()` 189/190 resolve. This **is the gotcha #30 trap the precedent script's "ASCII-only" header warns about**, hit from the read side.
3. **legend-line false-positive (true-positive catch):** cicd `_INDEX.md:4` blockquote documents the format with literal `substring:"<unique-string>"`; my regex matched it (77 vs the index's self-declared 76 real pointers). Added `^\s*>` skip clean 76/76. The gate correctly distinguished a non-record from a broken pointer.
## 6. Acceptance checklist evidence
| Item | Verdict | Evidence |
|---|---|---|
| (1) NO-API | PASS | grep audit: only `Set-Content` is the strikes int-map (line 177); zero http/curl/api/model/qdrant calls. `.md` files are read-only. |
| (2) FLAG-ONLY / no auto-write of rules | PASS | DRY-RUN header "no writes at all"; over-cap = printed FLAG; no Move/Edit of any MEMORY.md or archive. `-Apply` writes only the counter. |
| (3) PowerShell .ps1, `-ExecutionPolicy Bypass` | PASS | runs via `powershell.exe -ExecutionPolicy Bypass -File`; ASCII-only output; PS 5.1 parse OK. |
| (4) RUNTIME-prove | PASS | DRY-RUN output §3 (exit 0) + 2× `-Apply` strike lifecycle §4 pasted from real runs. |
| (5) sub writes only file-disjoint + sub-MD | PASS | `git status --porcelain` after cleanup = only `M memory-budget.json` + `?? memory-archive-gate.ps1` (+ this sub-MD in run-folder). No canonical MD touched. |
| A1 measure | PASS | bytes column real (reviewer 38755 etc.). |
| A4 hysteresis | PASS | drains to BELOW low-water (cicd after-est ~21180 < 21760), not to the line. |
| A5 keep-floor | PASS | inv/reviewer WARN "keep-floor hit (5); cannot auto-drain" refuses to vét-sạch. |
| A6 2-strike | PASS | run1 WATCH(1<2) run2 PROPOSE(2>=2); strikes file 1→2; reset-on-clean. |
| A7 pointer-resolve + byte-sanity | PASS | 186/186 across 4 subs w/ archive; UTF-8 round-trip; legend-line skipped. |
## 7. Tailoring declared (PART-A = 🟡 tailorable)
Documented inline in the script `[TAILOR]` footer block:
- **after-est is an ESTIMATE** (`line.Length+2` CRLF heuristic, `~` prefixed) — real bytes only known post-move, which the gate deliberately never does.
- **Entry boundary** = first of `^##`/`^###`/`^---` (today's files are h2-only → exact; tolerant of other styles).
- **A6 strike** = flat `{sub:int}` JSON, consecutive semantics via reset-on-clean, requires 2 real `-Apply` runs to reach PROPOSE (matches spec "runtime needs 2 runs").
- **A7** resolves substring against ALL `archive/*.md` for the sub (the 3 index formats name targets differently) + skips `>` legend lines.

37
.claude/workflows/runs/2026-06-18-h11-review/review-synthesis.md Normal file
View File

@ -0,0 +1,37 @@
# REVIEW SYNTHESIS — Harness-11 adap (2026-06-18-h11-review · `wf_d7ca1ff8-942`)
> 3× reviewer (read-only, adversarial ∥). Em-main scribe @P3. **VERDICT TỔNG: ✅ PASS** (0 blocker · refinement applied · nit fixed).
## R1 — COMPLETENESS-GATE → **ĐẠT** (B+C+D function-floor đủ-trọn)
- **PHẦN B 4/4 PRESENT:** B1 (engine:39 + landed root CLAUDE.md 7 pointer + ef-core 4 + README 2 + dep-audit 1) · B2 (readable giữ) · B3 (script:142-243 LIVE-catch, KHÔNG stub) · B4 (em-main gated + git-diff backstop).
- **PHẦN C 5/5 runtime-proven:** C1 (0 gotcha-dangling + wikilink-dangling) · C2 (canonical+disk cross-check OK) · C3 (3 vocab-fork) · C4 (**0 self-match LIVE**, 5 paths excluded, leaked=0) · C5 (100% flag có resolve:).
- **PHẦN D 11/11:** D1 wired §2.1.3 · D2 wired §L.b(c) · D3 · D4 (hmw.js:76 THROW mechanized) · **D5/D6/D7 3-tier EXPLICIT** (engine §D.2 :67-69) · **D8 one-direction-lock codify** (:72) · D9 · D10 · D11.
- **PHẦN A 🟡 over-floor:** A4/A5/A6/A7 runtime-proven.
- **HARDEST gate: NO-API PASS · 0-auto-write PASS.** 0 floor thiếu.
## R2 — DETECTOR CORRECTNESS+QUALITY → **PASS** (6/6 mechanized criteria clean)
- C4 0-self-match ✓ · C5 59/59 resolve ✓ · NO-API grep 0-hit ✓ · 0-auto-write (chỉ Out-Null in-mem) ✓ · DRY-RUN no-write (git pre==post byte-identical) ✓ · A7 186/186 pointer-resolve + byte-sanity ✓.
- **2 refinement non-blocking → ÁP DỤNG (review→fix loop):**
- **(7a) C2 FP-rate ~89% (24/27 FP):** version-token "EF Core 10" / per-row "N bảng module" / historical "154 test". → **FIXED:** context-skip (table-row `^\s*\|` + historical `baseline|S\d\d|(current` + version-prefix `core|.net|react|vite|mig|phase|session`). C2 **27→11**.
- **(7b) C1 wikilink 29 = REAL (KHÔNG normalization-FP):** 3 class (hyphen↔underscore-fork · truly-missing · cross-scope). → **FIXED:** normalize `[-_]` both sides → auto-resolve fork-where-file-exists. C1 **29→13** (13 còn lại = genuinely-missing/cross-scope, drift THẬT của memory-index).
- **Post-refinement: TOTAL 59→27, PS parse OK, C4 vẫn 0 self-match.** Detector từ "noisy" → "sắc".
## R3 — HONESTY+CONTAINMENT → **PASS** (0 blocker, 1 MINOR nit)
- OVER-CLAIM: none-material. Re-run cả 2 script khớp claim. Nấc executed-file vs runtime phân ĐÚNG (A6-2strike tự-khai executed-file; A7/DRY-RUN tick runtime). 71→59 reconcile honest (pre-B1 vs post-B1, grep CLAUDE.md `53 migration`=0 chứng-minh B1 gỡ TP).
- SINGLE-WRITER D9: git-status grep MEMORY.md = 0-hit · `.archive-strikes.json` absent · budget.json additive-only · 0 sub đụng canonical. CLEAN (KHÔNG lặp S72 residual).
- NO-AUTO-WRITE-OF-LAW (D6): detector 0 file-write stdout-only · archive-gate 1 Set-Content → counter `.archive-strikes.json` (-Apply-only, KHÔNG MD/luật). ✓
- B1 GATED (B4): sub KHÔNG tự sửa canonical, em-main cluster. ✓
- byte-0-loss D11: A7 verify pointer-resolve + nonzero-size (MOVE thật engine CỐ Ý không làm — DRY-RUN; D11 dựa precedent h910-curate md5sum). Phân-định đúng, KHÔNG over-claim.
- CAVEAT engine-doc:79-84 trung-thực (no-OS-hook + auto-write-CỐ-Ý-CHƯA-LÀM + net-not-lock + executed≠runtime).
- **MINOR nit → FIXED:** agents/README "71 flag" = volatile-count hardcoded (chính anti-pattern engine chống) → đổi non-volatile.
## Em-main actions post-review
1. ✅ C2 context-skip + C1 normalize (script refinement, re-run 59→27, parse OK).
2. ✅ agents/README "71 flag" → non-volatile (số → run-trace).
3. ✅ reconcile số trong synthesis/ledger (71 pre-B1 → 59 post-B1 → 27 post-refinement).
## Honest residual (cho report AI_INFRA)
- C1 13 wikilink-dangling = REAL pre-existing memory-index drift (engine SURFACE đúng; fix từng cái = chore riêng, KHÔNG block adap).
- C2 11 residual = module-local edge ("4 bảng Budget" historical, "1 migration" prose revert-cmd) — soft-net chấp-nhận (LOW/MED advisory exit-0, self-documented).
- C3 console mojibake VN-variant = cosmetic Bash-capture (match THẬT đúng, gotcha #30 code-point builder hoạt-động).
- **VERDICT: PASS — engine adopted, completeness-gate ĐẠT, detector sharp + runtime-proven, containment clean.**

21
.claude/workflows/runs/2026-06-18-h11-review/run.md Normal file
View File

@ -0,0 +1,21 @@
# RUN — 2026-06-18-h11-review (Harness-11 adap · STAGE 3 REVIEW double-check)
> **Harness-10 FLAT run-trace** (TRACKED). 3× reviewer (read-only, adversarial ∥). Synthesis → `review-synthesis.md`.
- **Workflow:** Harness-11 adap — REVIEW (B2 mandate: workflow độc-lập soi IMPLEMENT + chắt know-how)
- **Mode:** hmw RUN-TRACE, free-text-in-findings (KHÔNG ép custom-schema per S73 lesson). reviewer read-only → subMdPath + em-main scribe.
- **Opened:** 2026-06-18 (S75)
- **Input:** engine-doc `docs/governance/harness-11-engine.md` · 2 script `scripts/governance-detectors.ps1` + `memory-archive-gate.ps1` · B1 edits · cadence-wire · `../2026-06-18-h11-implement/implement-synthesis.md`
## 3 lane adversarial
| Lane | Role | Focus |
|---|---|---|
| R1 completeness-gate | reviewer | verify B+C+D function-floor đủ-trọn (mandate gate) — từng B1-4/C1-5/D1-11 PRESENT + evidence; CHƯA-ĐẠT nếu thiếu 1 |
| R2 detector correctness+quality | reviewer | RUN 2 script độc-lập: C4 0-self-match · C5 resolve-condition · NO-API · 0 auto-write · FP-rate chấp-nhận? · C1 wikilink 29-flag real-vs-FP |
| R3 honesty+containment | reviewer | over-claim nấc (executed-file vs runtime)? single-writer D9 git-diff? no auto-write-law (D6)? byte-0-loss? synthesis claim khớp disk? |
## Acceptance
PASS = B+C+D đủ-trọn (completeness) + detector runtime-correct (C4/C5/NO-API) + 0 over-claim + containment clean. Issue → em-main fix trước commit.
## Run-id
`wf_d7ca1ff8-942`

0
.claude/workflows/runs/2026-06-18-h910-curate/harvest/.gitkeep Normal file
View File

16
.claude/workflows/runs/2026-06-18-h910-curate/harvest/curate-synthesis.md Normal file
View File

@ -0,0 +1,16 @@
# CURATE synthesis — G1 close (em-main single-writer, C4)
> Workflow `wf_f32987b8-03f` · 2 general-purpose file-disjoint (1/file, NO same-file race). Closes finalize-review G1.
## Result (em-main verified git-truth, KHÔNG tin self-report)
| File | before → after | moved | 0-byte-loss |
|---|---|---|---|
| reviewer/MEMORY.md | 36738 → **24844B** (<25600 ✓) | 10 oldest (S33/S35/S43/S49 gates + cumulative + S40-ptr + 2 die-meta + 2 redundant H10-adap) | archive +22 -0 · grep-Fxf 10/10 byte-exact |
| investigator-codebase/MEMORY.md | 29819 **23187B** (<25600 ✓) | 3 oldest (S66/S65ter/S65 recon) | archive +6 -0 · md5sum cut==append `cedc21eb` |
## Em-main completion (after curate)
- **reviewer gist gen:2** added (agent skipped gistUpdated=false) 10 moved entries distilled compact: 6 routine gates [thấp] N/A-marker · 2 die-meta cross-ref `[[feedback_agent_kill_recovery]]` · 2 H10-adap cross-ref kept-S71 + `[[feedback_harness10_run_trace]]`. Closes A4 coverage-diff ("survive OR N/A"). (investigator gist gen:2 = agent did.)
- **budget.json re-measured** (script `measure-agent-memory.ps1`, transcribe not fabricate): reviewer/inv/cicd/impl-be updated; **l1_over_30kb=false ALL 11** + seeded_dateS71.
## Self-gate verdict: 🟢 G1 CLOSED
Both MEMORY.md <25600 auto-inject cap · archive additive (0-byte-loss) · _INDEX +pointers · gist gen:2 both · budget accurate. **Root-cause fixed structurally** (hmw.js RUN-TRACE writeGuard cấm sub tự-ghi MEMORY future hmw.js runs no-race; custom-workflow lesson `feedback_harness10_run_trace` #2). G2/G3/minor done em-main (user-memory + gitignore).

20
.claude/workflows/runs/2026-06-18-h910-curate/run.md Normal file
View File

@ -0,0 +1,20 @@
# RUN — Harness-9 curate G1 — reviewer + investigator L1→L2 (close finalize gap)
- **run-id (folder):** 2026-06-18-h910-curate
- **workflow run-id (evidence B3):** wf_f32987b8-03f
- **mục tiêu:** đóng G1 finalize-review — 2 file MEMORY.md over-cap (S71 same-role race) curate L1→L2 về <25600B, 0-byte-loss.
- **checkpoint:** APPROVED (closing finalize-review G1, anh giao "hoàn chỉnh")
- **L1 @P1:** finalize run CLOSED (no orphan)
- **opened:** 2026-06-18 09:52 +07
- **status:** OPEN running
## Split (file-disjoint — 1 agent/file, KHÔNG same-file race như INVEST/finalize)
| Agent | File | before target |
|---|---|---|
| 🟦 A1 (general-purpose) | `reviewer/MEMORY.md` + reviewer/archive/* | 36738B <25600 (cắt ~11KB nhất) |
| 🟦 A2 (general-purpose) | `investigator-codebase/MEMORY.md` + inv/archive/* | 29819B <25600 (cắt ~4.3KB nhất) |
## Cách (Harness-9 L1→L2, 0-byte-loss)
move entry NHẤT (FIFO cuối Recent-activity, giữ foundation+S71-mới) APPEND byte-exact `archive/2026-06.md` + 1-dòng `_INDEX.md` (substring sha/phrase-keyed) + gist distill-gen bump. Verify wc -c <25600 + numstat archive +N -0.
## Output → em-main verify (numstat 0-loss + wc -c) + re-measure budget.json

0
.claude/workflows/runs/2026-06-18-h910-curate/sub-md/.gitkeep Normal file
View File

0
.claude/workflows/runs/2026-06-18-h910-finalize/harvest/.gitkeep Normal file
View File

20
.claude/workflows/runs/2026-06-18-h910-finalize/harvest/finalize-synthesis.md Normal file
View File

@ -0,0 +1,20 @@
# FINALIZE synthesis — H-9 + H-10 + checklist full audit (em-main single-writer, C4)
> Workflow `wf_73de399d-753` · 3 reviewer. **R1 (Part A) + R2 (Part B+C) no-StructuredOutput ×2-nudge → self-gate** (pattern `feedback_agent_kill_recovery`). **R3 (cross-cutting) thorough — audit luôn Part A/B/C items** → đủ coverage (+ H2 bootstrap + self-verify S71 trước).
## Verdict: GAPS-FOUND — **0 defect/bug/over-claim-in-code; adoption SOUND**. Findings = deferred-incompleteness cần đóng.
### COMPLETE (verified-on-disk, R3)
- Containment model đồng-bộ **MỌI file** (4 owning + agents/README:111/:162 + harvest-curator:52 + tooling-auditor + session-end:51 + session-start:71) — 0 file giữ B6 cũ. agents/README:8 = frozen 06-07 chronology (acceptable).
- Frozen-evidence byte-intact (git diff f36aab8^..HEAD: broadcasts/_index additive 2 row, harness-2/error-ledger/sessions KHÔNG touched).
- Part C: run-folder 3-phần ×4 · gitignore (runs NOT-IGNORED / wave-*+teams IGNORED / ls-files 14) · hmw.js engine (node --check OK) · C7 caveat đủ 4 trục.
- Part B: 3 run-id evidenced · review-workflow bắt C5 L1 (validate mandate B2). Part A: floor intact (budget/measure-script/_INDEX/gist/ragignore/session-start §2.1.2).
- Category 6: email full-grammar VN, hash MATCH, honest self-disclose.
### GAPS (hoàn chỉnh)
- **G1 HIGH:** reviewer/MEMORY.md 33782B (>30720 soft + >25600 auto-inject — harness đã truncate ~8KB HOT lúc spawn này) + investigator-codebase/MEMORY.md 29819B (>25600). Root: S71 same-role race append. budget.json `measured` STALE (S70 snapshot 24795/24052). Harness-9 claim "4 <25KB" re-violated. re-measure + curate L1L2 (verbatimarchive, _INDEX, gist distill-gen bump) đến <25600. Acceptance: wc -c <25600 + numstat archive +N -0.
- **G2 MED:** (a) `feedback_harness9_l2_recovery_2workflow_adap.md:14` "cả 4 <25KB (đóng P1)" FALSE note re-opened S71 + re-closed sau G1. (b) `feedback_harness_123_adoption.md:13` wave-folder presented operative mark SUPERSEDED-by-Harness-10.
- **G3 MED:** thêm `feedback_harness10_run_trace.md` (run-trace supersedes wave + containment flip + 3 lesson: engine-no-fsem-main-scaffold-fragile-C2 · custom-workflow-must-copy-return-delta-guard · check-ignore-exit-trap-CORRECTED) + index pointer + link [[feedback_harness9_l2_recovery_2workflow_adap]].
- **MINOR:** gitignore:96-98 exit-trap explanation imprecise ("exits 0 for BOTH" thực: plain check-ignore exit **1** cho negation; chỉ `-v --no-index` mới 0-both). Command vẫn đúng. Fix khi touch (em fix luôn). Email frozen KHÔNG sửa.
## → em-main complete: G1 curate (delegate 2-agent file-disjoint) + G2/G3/minor (em-main) + re-measure + commit.

18
.claude/workflows/runs/2026-06-18-h910-finalize/run.md Normal file
View File

@ -0,0 +1,18 @@
# RUN — Harness-9 + Harness-10 + checklist · FINALIZE double-check (toàn diện)
- **run-id (folder):** 2026-06-18-h910-finalize
- **workflow run-id (evidence B3):** wf_73de399d-753
- **mục tiêu:** anh giao "review/double-check hoàn chỉnh lại TOÀN BỘ H-9 + H-10 + checklist". KHÔNG chỉ Part C (S71) — audit cả Part A (Harness-9 memory, S70) + Part B (adap 2-workflow) + Part C (run-trace) đúng-nấc THẬT trên đĩa, tìm MỌI gap/incompleteness/over-claim/residual → em-main hoàn chỉnh.
- **checkpoint:** APPROVED (anh giao trực tiếp, HMW-mode ON)
- **L1 @P1:** prior 3 run CLOSED, 0 orphan ✓
- **opened:** 2026-06-18 09:41 +07
- **status:** OPEN → running
## Agents (3× reviewer adversarial, read-only ∥, map mỗi checklist item → đĩa)
| # | scope | verify |
|---|---|---|
| R1 | **Harness-9 Part A (A1-A9 memory archive)** | budget.json (keys+measured khớp script) · measure-script chạy · gist additive+distill-gen · `_INDEX` pointer resolve count=1 · `.ragignore` · A7 budget-audit trong session-start · A8 gist-command separation (tailored?). Nấc THẬT mỗi item. |
| R2 | **Harness-9 Part B (B1-B4) + Harness-10 Part C (C1-C8)** | 2-workflow mandate codify (adap-apply) · run-folder 3-phần ×4 · ledger 2-nhịp + orphan-def · 3-layer L1(em-main@P1)/L2(session-start)/L3(session-end idempotent) wired · C3 tracked+committed (git ls-files) · C7 caveat · C8 migration · hmw.js engine intact. |
| R3 | **Cross-cutting + residuals** | containment model đồng-bộ MỌI file (4 owning + agents/README + commands) · frozen-evidence còn intact (git log) · 2 over-cap MEMORY (reviewer 33.8/inv 29.8 — gap completion?) · over-claim/doc-drift còn sót H9+H10 · user-memory có cần entry Harness-10 lesson? |
## Output → `harvest/finalize-synthesis.md` (em main @P3) — gap-list + em-main hoàn chỉnh từng cái

0
.claude/workflows/runs/2026-06-18-h910-finalize/sub-md/.gitkeep Normal file
View File

68
.claude/workflows/runs/2026-06-18-harness-audit-invest/audit-synthesis.md Normal file
View File

@ -0,0 +1,68 @@
# AUDIT SYNTHESIS — Harness 8/9/10/10-refine + checklists + hmw (re-audit, honest nấc)
- **run-id:** 2026-06-18-harness-audit-invest · **wf:** wf_13868efb-ea7 · **date:** 2026-06-18 (S72)
- **method:** 4× investigator-codebase ∥. **Part B** returned StructuredOutput (full). **Part A FAILED** (no StructuredOutput after 2 nudges). **Part C / H8** truncated in notification tail. → em-main **SELF-GATE recovery** (ground-truth disk: glob/git/grep/read) per `feedback_agent_kill_recovery` — disclosed, valid review-branch (KHÔNG giấu).
- **baseline:** đo vs **CANONICAL spec** (ground-truth AI_INFRA broadcast). `cross-project-status.md` STALE (2026-05-22, RAG Layer A — KHÔNG phải harness 8-10) → KHÔNG dùng để "chứng minh sisters ahead"; honest.
## Verdict
SE đã landed **Harness-8** (all-inherit) + **Harness-9** (PART A memory + PART B adap-2wf) ở nấc tốt. NHƯNG **BEHIND Harness-10 FLAT refine**: SE đang ở run-trace SUBFOLDER cũ, 2 broadcast 06-18 mới nhất (checklist-v2 + h10-flat-detector-refine) UNADOPTED. Lệnh sleep-recovery (§J2 AI_INFRA) absent (by-design, anh muốn parity).
## Gap matrix (honest nấc)
### PART A — memory L2 (self-gated; auditor failed)
| # | gap | nấc thật | bằng chứng |
|---|---|---|---|
| A1 budget.json | ok | executed-file | `.claude/agent-memory/memory-budget.json` có per-tier cap + status |
| A2 seed-by-measure | ok | executed-file+runtime | `scripts/measure-agent-memory.ps1` + `seeded_date` re-measure S71 |
| A3 additive gist + distill-gen | ok | runtime | reviewer/inv `.gist.md` gen:2, impl-be gen:1, verbatim còn |
| A4 coverage-diff gate | ok | convention-met | practiced @curate S70/S71 |
| A5 _INDEX map | ok | executed-file | 4 sub có `archive/_INDEX.md` pointer-only |
| A6 pointer-resolve substring | ok | runtime | substring sha-keyed (S70 design) |
| A7 budget-audit @session-start §2.1.2 | ok | convention-met + runtime | trong session-start.md; chạy session này |
| **A8 sleep-compress command** | **missing** | none | SE KHÔNG có `/sleep-recovery-memory-l2` (AI_INFRA §J2-internal); SE nén ad-hoc @curate |
| A9 .ragignore | ok | executed-file | `.ragignore` tồn tại |
| watch | partial | — | frontend-designer 24.0KB + test-specialist 23.9KB sát cap, CHƯA có archive |
### PART B — adap 2-workflow (MANDATORY; from workflow)
| # | gap | nấc thật | note |
|---|---|---|---|
| B1 implement run-id | ok | runtime | S70 wf_a58e0d15-beb · S71 wf_e4e46725-231 |
| B2 review run-id ≠ implement | ok | runtime | S70 wf_9520d8cd-4fe · S71 wf_636bc95b-939 (self-gate disclosed khi reviewer no-StructuredOutput) |
| B2.5 reverse-findings | ok | runtime | 3 (S70) + 4 (S71) items |
| B3 email both run-ids + true-nấc | ok | runtime | 2 email outbox/ai_infra, hedged honest |
| **B4 short-confirm via review** | **partial** | convention-met | codified adap-apply.md:38, CHƯA có runtime instance |
### PART C + refine — run-trace (MANDATORY)
| # | gap | nấc thật | bằng chứng |
|---|---|---|---|
| **C1 FLAT structure** | **missing** | none | 5 run-folders đều SUBFOLDER (`sub-md/`+`harvest/`); canonical = flat |
| C2 scaffold-at-open run.md | ok | convention-met | S71 + audit run này có run.md @open |
| C3 git-tracked 2-level | ok | runtime | `git ls-files .claude/workflows/runs`=**22** · check-ignore exit=1 (NOT ignored) |
| C4 per-turn harvest | ok | convention-met | — |
| C5 3-layer anti-miss | ok | executed-file | runs/README + session-start orphan-scan + session-end gate |
| C6 ledger 2-beat + orphan | ok | executed-file | `_ledger.md` open/close, 0 orphan |
| C7 honest caveat | ok | convention-met | present |
| **C8 migration old→flat + dual-accept gate** | **missing** | none | chưa migrate; close-gate chưa dual-accept |
| **refine(a) hmw.js flat** | **missing** | none | `hmw.js:103/:109` còn `sub-md/` subdir |
| **refine(b) anti-bypass detector** | **N/A-tailored** | none | SE KHÔNG có detector. **Threat-model khác:** SE dùng Anthropic Workflow tool (KHÔNG có CLI-launcher để lách như hmw.js CLI) → "engine-bypass" gần như N/A; containment SE = git-diff + run-folder TRACKED + ledger orphan-scan (G-015). refine nói detector = "chuyện nội bộ mỗi dự án tự quyết" |
### Harness-8 + hmw
| # | gap | nấc thật | bằng chứng |
|---|---|---|---|
| H8 11/11 inherit | ok | runtime | H1 monitor confirm disk + `hmw.js:43` resolveModel all-inherit |
| hmw.js args.run/wave | ok | executed-file | `:19` `:92` accept args.run + legacy wave |
| **2 broadcast pending** | **missing** | none | checklist-v2 + h10-flat-detector-refine UNADOPTED |
| sleep §J2 scoping | n/a | — | AI_INFRA-internal, KHÔNG phải sister-obligation |
## Key honest findings (cho report AI_INFRA)
1. **hmw.js engine còn subfolder** (`:103/:109`) — flat migration phải sửa engine, không chỉ folder.
2. **5 run cũ giữ nguyên** (đừng rewrite history); new=flat; close-gate dual-accept (C8-A).
3. **Detector: SE tailored-out có lý-lẽ** — Workflow-tool ≠ CLI-launcher → no bypass surface; containment hiện hữu (git-diff + tracked + orphan-scan) đã phủ. KHÔNG cargo-cult. (Decision điểm — anh chốt build vs document.)
4. **B3 imprecision THẬT (S71):** report/email cite path tắt `runs/` + count "14" cũ; thật = `.claude/workflows/runs` (**22 file**). Folder commit thật; chỉ path-string + count sai → sửa ở report mới.
5. **checklist-v2 nấc-rubric** chưa dệt vào self-verify của SE.
## Fix plan → IMPLEMENT (next)
- **em-main cluster (single-writer, coherence):** hmw.js sub-md/→flat · runs/README + workflows/README flat · session-start/end flat + dual-accept gate · agents/README repoint + Upgrade S72 · _ledger gate note · keep 5 old runs (history).
- **agent (disjoint):** port `/sleep-recovery-memory-l2` tailored SE (A8).
- **detector (anh chốt):** document tailored-out (default) HOẶC build untracked-run detector nhẹ.
- **report fix:** correct path/count + B4-convention note.

25
.claude/workflows/runs/2026-06-18-harness-audit-invest/run.md Normal file
View File

@ -0,0 +1,25 @@
# RUN — Harness 8/9/10 re-audit · STAGE 1 INVESTIGATE (🆕 FLAT-trace)
- **run-id (folder):** 2026-06-18-harness-audit-invest
- **workflow run-id (evidence B3):** wf_13868efb-ea7
- **task (anh giao):** "double check lại HẾT Harness-8/9/10/10-refine + các checklist + hmw, lấy đầy đủ thông tin, điều chỉnh lại, report trung thực cho AI_INFRA." Stage này = INVESTIGATE: audit fidelity adoption SE vs canonical AI_INFRA, chấm **nấc trung thực** (executed-file / runtime / convention) theo rubric checklist-v2.
- **mandate:** Harness-9 PART 2 — B1 INVESTIGATE workflow tách biệt. Tiếp theo: IMPLEMENT (fix gap) → REVIEW (double-check + B2.5 know-how harvest) → REPORT AI_INFRA (B3, kèm 2+ run-id).
- **checkpoint:** APPROVED (HMW-mode ON = consent + anh gọi đích danh "hwm").
- **opened:** 2026-06-18 11:09 +07
- **structure:** 🆕 **FLAT** (dogfood `h10-flat-detector-refine`) — file phẳng cùng cấp, phân biệt bằng TÊN, KHÔNG `sub-md/` + `harvest/` subfolder. (Run cũ S71 giữ subfolder → migrate ở IMPLEMENT, C8.)
- **status:** OPEN → running
## Mục tiêu stage
Đo SE so với canonical (ground-truth), KHÔNG nhận vống. 4 mảng song song.
## Agents (4× investigator-codebase, read-only, parallel)
| # | mảng | task |
|---|---|---|
| A | PART A memory L2 | A1-A9 vs `memory-budget.json` / gist / `_INDEX` / coverage-diff / session-start §2.1.2 / `.ragignore` + sleep-cmd absence |
| B | PART B adap-2wf | B1-B4 vs `adap-apply.md` + adap-reports S70/S71 (2 run-id tách? B2.5 know-how? B3 email?) |
| C | PART C + refine | C1-C8 + flat-vs-subfolder (migrate?) + git-tracked 2-nấc + anti-bypass detector 3-func presence |
| D | H8 + hmw | 11/11 inherit? hmw.js flat-aware? broadcast pending? sleep §J2 scoping + cross_project_note |
## Output (FLAT — em main viết sau khi workflow trả, C4 per-turn)
- `sub-audit-partA.md` · `sub-audit-partB.md` · `sub-audit-partC.md` · `sub-audit-h8hmw.md` (raw per-agent)
- `audit-synthesis.md` (bản gom — verified)

29
.claude/workflows/runs/2026-06-18-harness-fix-implement/implement-synthesis.md Normal file
View File

@ -0,0 +1,29 @@
# IMPLEMENT SYNTHESIS — Harness-10 flat migration + sleep-cmd + checklist-v2 (gom/verified)
- **run-id:** 2026-06-18-harness-fix-implement · **wf:** wf_ac43b5ff-7d1 · 2026-06-18 11:22→11:36 +07
- **mandate:** Harness-9 B1 (IMPLEMENT tách biệt). REVIEW (B2) theo sau.
## Done (verified)
**Workflow (2 agent file-disjoint):** sleep-cmd port + runs/README flat — xem `sub-impl-*.md`.
**em-main cluster (single-writer, post-workflow, no same-role race):**
- `hmw.js` flat (`:103` subMd `sub-md/``sub-<role>-<i>.md`) + 5 stale-text + **H4.5→H8 doc-drift fix** · `node --check` PARSE-OK
- `workflows/README.md` full-rewrite FLAT + roster 8→**9** + detector-out + C8
- `agents/README.md` decision-tree flat + **Upgrade S72** record
- `session-start.md` §2.1.1 + `session-end.md` close-gate flat + **dual-accept**
- `_ledger.md` FLAT/C8 header note
- 🔴 **5 run cũ S71 GIỮ subfolder** (C8 no-history-rewrite)
## Gap closure vs audit-synthesis
| gap | trạng thái |
|---|---|
| C1/C8/refine-a FLAT | ✅ DONE (hmw.js + 4 docs + audit/implement runs flat) |
| A8 sleep-cmd | ✅ DONE (ported, live skill) |
| 2 broadcast pending (checklist-v2 + h10-refine) | ✅ ADOPTED |
| detector refine-b | ✅ TAILORED-OUT documented (anh chốt) |
| B3 report imprecision | ⏳ sửa trong report mới (path `.claude/workflows/runs` + 22 file) |
| B4 short-confirm | ⏳ convention note (chưa có runtime instance) |
## 5-trục (em-main self-gate — REVIEW workflow sẽ double-check độc lập)
- **Coverage:** mọi gap audit addressed. **Completeness:** cluster + 2 agent done. **Fidelity:** hmw.js PARSE-OK, 0 fabrication. **Placement:** governance files đúng chỗ. **Corruption:** G-009 clean (sleep-cmd post-scan clean per agent; em-main edits Write/Edit-tool).
## NEXT: REVIEW workflow (B2) — independent double-check + B2.5 know-how harvest → REPORT (B3) AI_INFRA.

26
.claude/workflows/runs/2026-06-18-harness-fix-implement/run.md Normal file
View File

@ -0,0 +1,26 @@
# RUN — Harness 8/9/10 re-audit · STAGE 2 IMPLEMENT (🆕 FLAT-trace)
- **run-id (folder):** 2026-06-18-harness-fix-implement
- **workflow run-id (evidence B3):** wf_ac43b5ff-7d1
- **task:** fix gap từ `audit-synthesis.md` — FLAT migration (C1/C8/refine-a) + port `/sleep-recovery-memory-l2` (A8) + adopt checklist-v2 + h10-refine + document detector TAILORED-OUT (anh chốt) + fix B3 report imprecision.
- **mandate:** Harness-9 B1 (IMPLEMENT workflow tách biệt; REVIEW theo sau).
- **checkpoint:** APPROVED (HMW-ON + anh "double check hết, điều chỉnh lại").
- **opened:** 2026-06-18 11:22 +07
- **structure:** 🆕 FLAT (dogfood h10-refine).
- **status:** OPEN → DONE
## Agents (workflow `wf_ac43b5ff-7d1`, 2× general-purpose file-disjoint)
| file | task | kết quả |
|---|---|---|
| `sub-impl-sleepcmd.md` | port `/sleep-recovery-memory-l2` tailored SE | ✅ `.claude/commands/sleep-recovery-memory-l2.md` (137 dòng, SE 9-sub roster, scope SE-only, 6 SE-env deviation, floor intact, live skill) |
| `sub-impl-runsreadme.md` | rewrite `runs/README.md` FLAT | ✅ C1-C8 + detector tailored-out + flat naming khớp hmw.js |
## em-main cluster (single-writer, interdependent — post-workflow, no same-role race)
- `hmw.js`: `sub-md/`→flat (`:103` subMd) + 5 stale-text + **H4.5→H8 doc-drift fix** (meta.description) · `node --check` PARSE-OK
- `workflows/README.md`: full rewrite FLAT + roster 8→**9** + detector-tailored-out + C8
- `agents/README.md`: decision-tree flat + **Upgrade S72** record
- `session-start.md` §2.1.1 orphan-scan flat · `session-end.md` close-gate flat + **dual-accept**
- `_ledger.md`: FLAT/C8 dual-accept header note
- 🔴 **5 run cũ S71 GIỮ subfolder** (C8 — KHÔNG rewrite history)
## Output (FLAT) → `implement-synthesis.md` (gom) + `sub-impl-*.md` (raw)

8
.claude/workflows/runs/2026-06-18-harness-fix-implement/sub-impl-runsreadme.md Normal file
View File

@ -0,0 +1,8 @@
# sub-impl-runsreadme — rewrite runs/README.md FLAT (general-purpose · wf_ac43b5ff-7d1)
File: `.claude/workflows/runs/README.md` (FLAT rewrite, 11 sections).
- **Flat naming (khớp `../hmw.js`):** `runs/<id>/` phẳng: `run.md` + `sub-<role>-<i>.md` (raw, prefix `sub-`) + `<stage>-synthesis.md` (verified, suffix). Phân biệt bằng TÊN, KHÔNG subfolder.
- **Cover:** C1 flat tree+table · C2 scaffold@open · C3 git-tracked 2-level (check-ignore exit + ls-files) · C5 3-layer · C6 ledger 2-beat · C7 caveat (no fully-autonomous) · C8 migration (5 old keep subfolder, dual-accept).
- **Detector TAILORED-OUT** documented (Workflow-tool, no CLI bypass-surface; containment git-diff+tracked+orphan-scan; 3 principles considered N/A).
- **Ground-truth flags (honest):** (1) **6 run-folders now** (5 old-subfolder + 1 new flat audit run). (2) SE `.gitignore` KHÔNG có bare `runs` rule → cả 2 path `check-ignore` exit=1; cái "bare `runs/` → 0" là `git ls-files` (no tracked file ở bare path) — documented với full-path guidance + `-v` exit-code trap. (3) parent `workflows/README.md` còn old → flagged (em-main đã fix).

8
.claude/workflows/runs/2026-06-18-harness-fix-implement/sub-impl-sleepcmd.md Normal file
View File

@ -0,0 +1,8 @@
# sub-impl-sleepcmd — port /sleep-recovery-memory-l2 (general-purpose · wf_ac43b5ff-7d1)
File: `.claude/commands/sleep-recovery-memory-l2.md` (137 dòng, UTF-8 no-BOM, G-009 post-scan clean). Live skill.
- **"all" target** = 9 memory-bearing subs (investigator-codebase/api · implementer-backend/frontend · test-specialist · reviewer · cicd-monitor · frontend-designer · database-agent). harvest-curator + tooling-auditor = INFORM-only monitors, excluded (no archive). Note: chỉ 4/9 hiện có archive content (cicd · impl-be · inv-codebase · reviewer) — report-not-hardcode (luôn scan đĩa, guard-rỗng skip).
- **Scope:** §J2 AI_INFRA-only → tailored **SE-repo-only**. Provenance note ở đầu (ported từ AI_INFRA §J2-internal theo anh, cross-ref source cmd + design doc §4/§10-P1).
- **6 deviation (SE-env, floor preserved):** (1) `last_sleep_at` home = `.claude/agent-memory/memory-budget.json` (AI_INFRA: `.claude/memory-budget.json`); field CHƯA tồn tại trong SE budget → cmd dặn lead thêm lần đầu. (2) 4-field VN: VIỆC·KẾT-LUẬN·BÀI-HỌC·BẤT-NGỜ. (3) coverage-diff +`gotcha#` (5 token). (4) importance VN cao·vừa·thấp. (5) pointer substring sha-keyed no-line-hint. (6) double-distill guard hardened (SE đã có distill-gen:2 gist).
- **Floor intact:** additive `.gist.md` new (verbatim untouched) · distill-gen counter · double-distill refuse · coverage-diff deterministic gate · Fidelity reviewer-escalate · INFORM-only ≥7d (no autonomous) · last_sleep_at single home · no L1<30KB force · G-009 Write/Edit + post-scan · ratio=report-not-target · Phase 05 mirrored.

28
.claude/workflows/runs/2026-06-18-harness-fix-review/review-synthesis.md Normal file
View File

@ -0,0 +1,28 @@
# REVIEW SYNTHESIS — Harness-10 flat migration + sleep-cmd (B2 double-check, gom/verified)
- **run-id:** 2026-06-18-harness-fix-review · **wf:** wf_d482e10d-5dd · 2026-06-18 13:27→13:4x +07
- 3× reviewer adversarial ∥. **Dogfood B2 SUCCESS:** review độc-lập bắt đúng cái IMPLEMENT self-assessment bỏ sót (schema-stale + auto-wire overclaim).
## Verdicts
| reviewer | verdict | finding |
|---|---|---|
| R1 flat-completeness | PASS-with-concerns | 1 minor schema-stale + 1 untracked-note |
| R2 sleepcmd-detector | PASS-with-concerns | **1 MAJOR auto-wire overclaim** + 2 minor |
| R3 containment-honesty | **PASS** | containment clean + honesty strong; 1 minor doc-precision |
**0 blocker. 1 major + 4 minor — TẤT CẢ FIXED** (em-main single-writer, post-review).
## Fixes applied + verified
1. [R1 minor] `hmw.js:52` schema `subMdPath` desc `sub-md/`→flat ✓
2. [R2 **MAJOR**] auto-check **WIRED**: `memory-budget.json` `+last_sleep_at:null` + `session-start.md:78` + `session-end.md:48` INFORM (null/≥7d, no-autorun) — grep-verified present (was zero) ✓
3. [R2 minor] provenance design-doc cite → AI_INFRA absolute path ✓
4. [R2 minor] charter substring anchor + "cam"→"cấm" typo ✓
5. [R3 minor] `runs/README:31` dogfood reworded (audit-run=synthesis-only self-gate; implement-run=full raw) ✓
- **post-fix verify:** `hmw.js` node --check PARSE-OK · budget.json VALID · grep `last_sleep_at` present cả 2 session cmd.
## B2.5 reverse-findings → AI_INFRA report
1. **rename-migration audit phải grep runtime SCHEMA/contract-description strings** (không chỉ code-path + prose) — path duplicate ở operative-var + comment + schema-desc; schema-desc copy dễ-sót-nhất (data≠code). [bắt được hmw.js:52 self-doc divergence]
2. **ported-command §-anchor phải grep/ls-verify IN sister repo** (re-homed path khác AI_INFRA↔SE); §-cite = wiring-claim → grep-prove (như 'wire BE' bug áp cho governance-doc).
3. **SE `runs/` ở `.claude/workflows/runs/` không phải repo-root** → bare `git ls-files runs` false-0 = FALSE not-tracked; path-qualify + exit-branch check-ignore (negation last-match-wins vô-hình với text-read).
## VERDICT: ✅ PASS sau-fix → REPORT (B3) AI_INFRA.

19
.claude/workflows/runs/2026-06-18-harness-fix-review/run.md Normal file
View File

@ -0,0 +1,19 @@
# RUN — Harness 8/9/10 re-audit · STAGE 3 REVIEW (🆕 FLAT-trace)
- **run-id (folder):** 2026-06-18-harness-fix-review
- **workflow run-id (evidence B3):** wf_d482e10d-5dd
- **task:** B2 double-check ĐỘC LẬP — flat migration completeness + sleep-cmd port fidelity + containment/honesty; harvest **B2.5 know-how**.
- **mandate:** Harness-9 B2 (REVIEW workflow TÁCH BIỆT khỏi IMPLEMENT `wf_ac43b5ff-7d1` — một-làm-một-soi, bắt lỗi trước commit).
- **checkpoint:** APPROVED (HMW-ON).
- **opened:** 2026-06-18 13:27 +07
- **structure:** 🆕 FLAT.
- **status:** OPEN → running
## Agents (3× reviewer adversarial, parallel)
| # | reviewer | task |
|---|---|---|
| R1 | flat-completeness | residual `sub-md/`/`harvest/` scan 6 file + naming consistency hmw.js↔READMEs + `node --check` + C8 5-old-keep |
| R2 | sleepcmd-detector | floor-intact vs AI_INFRA source + scope SE-only + G-009 clean + detector tailored-out reasoning sound |
| R3 | containment-honesty | 0 prod code + investigator-MEMORY pre-existing? + B3 imprecision re-verify + ledger 2-beat + 2 new-runs flat |
## Output (FLAT) → `review-synthesis.md` (gom) + `sub-review-r{1,2,3}.md` (raw)

7
.claude/workflows/runs/2026-06-18-harness-fix-review/sub-review-r1.md Normal file
View File

@ -0,0 +1,7 @@
# sub-review-r1 — flat-completeness (reviewer · wf_d482e10d-5dd)
**VERDICT: PASS-with-concerns**
- Migration COMPLETE + CONSISTENT. `node --check` PARSE-OK. FLAT naming byte-identical: hmw.js:103 ↔ runs/README:16-18 ↔ workflows/README:16-17. 5 old S71 folders INTACT (not rewritten). C8 dual-accept documented (runs/README · workflows/README:19 · session-end:51 · _ledger:6). session-start:71 · session-end:32/51 · agents/README:112 updated flat.
- **MINOR (FIXED):** hmw.js:52 SCHEMA `subMdPath` desc still `sub-md/<role>-<i>.md` (stale vs :103 flat) → em-main fixed `→ sub-<role>-<i>.md`.
- MINOR: 3 new flat folders untracked → git add at commit (eligible-vs-committed).
- **B2.5:** rename-audit phải grep runtime SCHEMA/contract-description strings, KHÔNG chỉ code-path + prose; path duplicate ở (1) operative var, (2) comment, (3) schema-desc — schema-desc copy dễ-sót-nhất (data≠code).

8
.claude/workflows/runs/2026-06-18-harness-fix-review/sub-review-r2.md Normal file
View File

@ -0,0 +1,8 @@
# sub-review-r2 — sleepcmd-detector (reviewer · wf_d482e10d-5dd)
**VERDICT: PASS-with-concerns**
- sleep-cmd port: ALL floor INTACT (none thinned/weakened — verified line-by-line vs source). Scope SE-only + provenance accurate. `last_sleep_at` path SE-correct. G-009 CLEAN. double-distill grounded (investigator gist IS gen:2). 4/9 gist-bearing matches disk. **Detector tailored-out SOUND + HONEST** (hmw.js header states not-node-runnable → AI_INFRA CLI-launcher-bypass threat genuinely N/A; 3 refine functions each N/A-reasoned; no-overclaim caveat + re-visit condition documented; does NOT hand-wave).
- **MAJOR (FIXED):** Auto-check ≥7d trigger UN-WIRED — session-start/end never read `last_sleep_at` = overclaim → em-main WIRED for real: budget.json `+last_sleep_at:null` + session-start:78 + session-end:48 INFORM steps; grep now matches (was zero).
- **MINOR (FIXED):** provenance design-doc cite read SE-local but AI_INFRA-only → qualified absolute AI_INFRA path.
- **MINOR (FIXED):** charter cites prose vs source line-anchor → added substring anchor + fixed "cam"→"cấm" typo.
- **B2.5:** ported-command integration anchors (§-cite) phải grep/ls-verify IN SE repo (re-homed path khác AI_INFRA); §-cite = wiring-claim → grep-prove như 'wire BE' bug (claim-vs-grep áp cho governance-doc wiring).

9
.claude/workflows/runs/2026-06-18-harness-fix-review/sub-review-r3.md Normal file
View File

@ -0,0 +1,9 @@
# sub-review-r3 — containment-honesty (reviewer · wf_d482e10d-5dd)
**VERDICT: PASS** (0 blocker)
- **CONTAINMENT clean:** ZERO production code (no src/Backend, fe-*, tests/, .csproj, Migrations/). Changed = 8 `.claude` governance/workflow/docs + investigator MEMORY + 3 untracked (1 cmd + 2 run-folders). No scope drift.
- **investigator MEMORY `M` corrected:** = THIS session's S71/S72 audit-trail (5 entries: subfolder-not-flat · detector-MISSING · hmw-flat-gap · path-trap-runs-folder · refsweep), zero code, await session-end flush = correct (NOT unrelated pre-existing race).
- **B3 path-trap ACCURATE:** `git ls-files runs`(bare)=0 vs `.claude/workflows/runs`=22; old "14" real at 8c47bd0 (`ls-tree`=14)→22 now (h910 + 2 new runs). "14(cũ)→22(thật) + bare-path trap" precise, not fabrication.
- Ledger 7 rows all CLOSE-beat, 0 orphan, FLAT/C8 note present (_ledger:6). 2 new runs FLAT (no sub-md/harvest subdir). hmw.js migrated flat + PARSE-OK. detector honest. sleep-cmd SE-tailored.
- **MINOR (FIXED):** runs/README:31 dogfood example named `sub-audit-*.md` that don't exist (Part A fail→self-gate) → reworded (audit-run = run.md+synthesis only; implement-run = full raw set).
- **B2.5:** SE `runs/` at `.claude/workflows/runs/` NOT repo-root → bare `git ls-files runs` falsely 0 = FALSE not-tracked conclusion; ALWAYS path-qualify + exit-branch check-ignore (negation `!.claude/**` last-match-wins invisible to text-read of .gitignore).

47
.claude/workflows/runs/2026-06-18-mig54-pe-review/review-synthesis.md Normal file
View File

@ -0,0 +1,47 @@
# REVIEW SYNTHESIS — Mig 54 PE giá-đề-xuất + CCM duyệt-done (commit 1d86abc)
> Em-main @P3 single-writer. **Verdict tổng: KHÔNG BLOCKER — go-live thứ Hai OK với 2 UAT-note.** Trung thực: chỉ 1/4 lane review độc-lập trả kết quả; 3/4 = em-main self-gate (đánh dấu rõ).
## A. Lane review ĐỘC-LẬP (be-logic) — ✅ PASS, verify-chéo
| # | Finding | Severity (sau verify) | Kết luận |
|---|---|---|---|
| 1 | V1 legacy (`ApproveV1LegacyAsync:992`) set DaDuyet KHÔNG bind giá chốt | **not-an-issue** | BY DESIGN — V1 = phiếu legacy (Mig 21), 5 cột giá nullable=null; `ApprovedPrice*` KHÔNG feed `CreateContractFromEvaluation.GiaTri` (giá HĐ = SUM `Details.ThanhTienNganSach`, grep-confirmed). Dev DB: 4 phiếu V1, 0 ở ChoDuyet → edge không có data sống. Không vỡ NOT-NULL. |
| 2 | Stray `fe-user/.claude/agent-memory/implementer-frontend/MEMORY.md` untracked | **nit** | cwd-misland (gotcha S72). Commit `1d86abc` verify SẠCH (`git show --name-only` 0 path `.claude`). Action: reconcile→canonical + KHÔNG `git add -A`. |
→ be-logic xác nhận **lõi backend (③ opt-in + ① bind giá) đúng**, không lỗ tài chính.
## B. 3 lane FAILED (no StructuredOutput) → EM-MAIN SELF-GATE
> Honest: đây KHÔNG phải review độc-lập. Tự gác dựa trên test/build/cicd + code em viết.
### B1. authz-security — self-gate PASS
- 2 setter `PeSuggestedPriceFeatures`: `ForbiddenException` TRƯỚC mọi side-effect (trước `SaveChanges`), role đúng (Pro=Procurement / Ccm=CostControl / Admin cả 2). **Bằng chứng độc-lập:** `PeSuggestedPriceSetterAuthzTests` (13 test) PASS.
- CCM bypass CEO (③): ApproveV2 fail-closed — ngưỡng null→Conflict · không CostControl→Forbidden · gói≥ngưỡng→Conflict. **Bằng chứng:** `PeCcmThresholdFinalizeTests` cases (b)(c)(d) PASS.
### B2. cross-stack-wire — self-gate PASS + ⚠️ 1 UAT-note (RỦI RO #1)
- **7-layer thread:** build slnx GREEN = không drop lớp nào (compile-proof). Field camelCase FE↔BE khớp.
- **FE "currentIsFinalApprover" (rủi ro #1 em lo nhất):** `approvalFlow.steps[cuối].levels[cuối].status==='Current'`. Trace tay:
- **Bình thường:** người duyệt cuối → level cuối status 'Current' → bộ chọn HIỆN, có ≥ option NCC (winner đã chọn → winnerQuoteTotal>0). **OK.**
- **⚠️ EDGE (UAT-note):** nếu phiếu tới duyệt cuối mà **KHÔNG có giá nào** (chưa chọn NCC winner + chưa nhập PRO/CCM) → `priceCandidates` rỗng → hiện "Chưa có giá nào để chọn", **nút Xác nhận KHÔNG bị disable** (`priceMissing` cần `length>0`) → bấm → BE Conflict "Chọn 1 giá chốt". **KHÔNG deadlock cứng** (sửa được: chọn NCC winner / nhập giá) nhưng **UX khó hiểu**. Xác suất thấp (duyệt cuối thường đã có winner). **Đề xuất fix nhẹ:** disable Xác nhận + đổi message khi `shouldPickPrice && candidates rỗng`.
- "Giấu nhầm bộ chọn với người duyệt cuối thật" → chỉ xảy ra nếu BE flow-status sai (bug có sẵn, KHÔNG do Mig 54). BE enforce price ở terminal = lưới chặn cuối.
### B3. regression-edge — self-gate PASS
- **Mig 54 additive-nullable:** cicd Run #313 CONFIRMED — 5 cột applied prod, `sys.tables`=88 (0 bảng mới), `Down()` reversible. 0 backfill/lock.
- **AUTO→OPT-IN:** phiếu in-flight áp hành vi mới ở lần duyệt kế (đúng chủ đích anh chọn). V1 không ảnh hưởng (be-logic confirm).
- **DTO positional order:** 7 field mới + 7 arg đúng thứ tự — build GREEN proof.
## C. UAT-notes mang sang thứ Hai (KHÔNG block, cần mắt người)
1. **Empty-candidates UX** (B2 edge) — em có thể fix nhẹ FE trước go-live nếu anh muốn.
2. **Giả định "CCM ngay trước CEO"** — nếu Workflow Designer đặt CCM KHÔNG sát CEO, tích "duyệt done" sẽ bỏ qua cấp giữa. Anh Kiệt xác nhận cấu trúc khi set ngưỡng.
## D. Deploy (cicd Run #313) — ✅ verified
Mig 54 applied (5 cột decimal(18,2)/nvarchar) · bundle admin `OlNyG9OD` / user `DSzSLVtL` · smoke 200/401 · `sys.tables`=88. Deploy mechanics sạch (KHÔNG = logic-correct, đó là phần trên + UAT).
## E. Round 2 — Double-check (free-text Workflow `wf_f885d9ef`, reliable) + verify fix
> Chạy lại bằng **free-text (KHÔNG ép-schema)** sau khi thêm fix empty-candidates (anh yêu cầu "workflow double check"). **2/3 lane PASS, 0 issue; 1 lane (regression) no-return — nội dung đã che bởi test/build/cicd + lane khác.** Free-text đáng tin hơn schema-force (Round 1 chỉ 1/4).
- **authz-security = PASS độc-lập:** 2 setter Forbidden-TRƯỚC-SaveChanges + role đúng · CCM finalize chặn **3 cổng orthogonal** (approver-match + threshold/role/strict-`<` + `return` no-fall-through); `winnerQuoteTotal` server-recompute (KHÔNG tin client). 0 issue.
- **cross-stack-wire + fix = PASS độc-lập (kỹ):** 7-layer thread KHÔNG drop (trace từng boundary) · FE camelCase khớp · `currentIsFinalApprover` ĐÚNG (BE `OrderBy` cả 2 trục steps+levels; OR-of-N gated bởi `blockedByV2Level`).
- **🎯 RỦI RO #1 ĐÓNG DỨT ĐIỂM:** empty-candidates edge **thực tế UNREACHABLE** — submit-guard `PurchaseEvaluationWorkflowService.cs:194` chặn gửi-duyệt khi `winnerQuoteTotal<=0` ("Đơn vị được chọn chưa có giá chào thầu") → mọi phiếu ở ChoDuyet đã có giá NCC>0 → `priceCandidates≥1`. Fix `length===0` = phòng-thủ thuần + sửa luôn mâu thuẫn UX cũ (nút mở trong khi message báo trống). KHÔNG deadlock mới (escape hatch: setter không phase-gate → nhập giá bất kỳ lúc nào).
- **regression-edge = no-return** → che bởi: Mig nullable + V1-untouched + DTO order (cross-stack lane confirm) · cicd Run #313 (Mig applied) · 334 test (spec opt-in).
**Verdict Round 2: SẠCH — fix an toàn commit, rủi ro #1 đóng (unreachable). 2 workflow review (4+3 agent) + em-main self-gate → đủ tự tin go-live thứ Hai.**

24
.claude/workflows/runs/2026-06-18-mig54-pe-review/run.md Normal file
View File

@ -0,0 +1,24 @@
# RUN — Mig 54 PE giá-đề-xuất + CCM duyệt-done · ADVERSARIAL REVIEW (custom inline)
- **run-id (folder):** 2026-06-18-mig54-pe-review
- **workflow run-id (evidence):** wf_8c979a93-1a4
- **type:** ⚠️ **CUSTOM INLINE Workflow** (KHÔNG dùng `hmw.js` RUN-TRACE) — agents trả **structured schema data**, KHÔNG ghi `sub-*.md`. Em-main viết `run.md` + `review-synthesis.md` POST-HOC (anh chốt "custom OK, miễn ghi MD"). Vì author inline nên KHÔNG có run-trace tự-scaffold @P1 — đây là bù vết kiểm sau.
- **checkpoint:** APPROVED (anh yêu cầu "workflow cho nhanh")
- **opened:** 2026-06-18 ~15:55 +07 (post-hoc — workflow đã chạy xong khi ghi)
- **closed:** 2026-06-18 ~16:05 +07
- **target:** commit `1d86abc` (Mig 54) — pre-UAT financial review, go-live thứ Hai 22/06
- **status:** CLOSED
## Agents (4× reviewer adversarial ∥, schema-forced) + verify-chéo
| dim | lens | KẾT QUẢ |
|---|---|---|
| be-logic | ApproveV2 ③ opt-in + ① bind giá + V1/skipToFinal | ✅ **RETURNED** — PASS, 2 finding (đều **not-an-issue/nit** sau verify-chéo) |
| authz-security | 2 setter fail-closed + CCM bypass CEO | ❌ **FAILED** — subagent KHÔNG gọi StructuredOutput (2 nudge) → 0 kết quả |
| cross-stack-wire | 7-layer thread + FE "duyệt cuối" derive (**rủi ro #1**) | ❌ **FAILED** — no StructuredOutput → 0 kết quả |
| regression-edge | AUTO→OPT-IN in-flight + Mig nullable + DTO order | ❌ **FAILED** — no StructuredOutput → 0 kết quả |
## Honest outcome
- **3/4 lane FAILED** — đúng flakiness đã ghi `feedback_workflow_fanout_reliability` (schema-forced agents hay không gọi StructuredOutput trong harness này). Tổng 10 agent / 966K token / 198 tool-use, nhưng chỉ `be-logic` trả structured.
- **be-logic = PASS, 0 blocker / 0 major.** 2 finding verify-chéo: (1) V1 legacy không bind giá = **BY DESIGN** (nullable, KHÔNG feed `CreateContractFromEvaluation.GiaTri` — giá HĐ = SUM Details.ThanhTienNganSach) · (2) stray `fe-user/.claude/` = **nit** (commit `1d86abc` đã verify SẠCH).
- **3 lane CHƯA review độc-lập** → em-main **self-gate** (xem `review-synthesis.md` §B). Verdict tổng: **không blocker; 1 UAT-note (empty-candidates UX edge).**
- **Bài học (ghi cho session sau):** review fan-out NÊN dùng free-text return (Agent-tool) thay schema-forced Workflow — schema-force = nguyên nhân 3/4 fail. HOẶC dùng `hmw.js` RUN-TRACE (sub ghi file, không phụ thuộc StructuredOutput).

137
.claude/workflows/runs/README.md Normal file
View File

@ -0,0 +1,137 @@
# `runs/` — Run-trace convention (Harness-10 · cấu trúc **PHẲNG**)
> **Mục đích:** mỗi workflow fan-out (RUN-TRACE mode) ghi lại 1 dấu-vết hoàn-chỉnh trong `runs/<run-id>/` git **TRACKED** — plan + per-sub detail + bản-gom — cộng sổ `_ledger.md` 2-nhịp. TRACKED nghĩa là mọi write trong run-folder hiện trong `git diff` → **audit trực-tiếp**, không cần tin lời agent return. Adopt AI_INFRA Harness-10 (anh 06-18) + DELTA `h10-flat-detector-refine` (06-18). Convention cha: `../README.md`.
>
> 🆕 **REFINE 06-18 — cấu trúc PHẲNG.** Trước đây mỗi run-folder có **2 thư mục con** (`sub-md/` + `harvest/`). NAY mọi vết tích nằm **phẳng cùng MỘT cấp** trong `runs/<run-id>/`; phân biệt **bản-thô (raw, per-sub)** vs **bản-đã-soát (verified, gom)** bằng **TÊN file**, KHÔNG bằng thư mục con. Lý do: engine (`hmw.js` JS-sandbox no-fs) chỉ tạo artifact ở **một cấp** một cách tự nhiên — bỏ thư-mục-con sâu thì xoá luôn **một điểm-hay-quên** ngay tại gốc (không còn thư-mục-con-để-quên-dựng).
**run-id** = `YYYY-MM-DD-h<NN>-<slug>` (vd `2026-06-18-harness-audit-invest`). Nhiều run cùng ngày → slug phân-biệt stage (`-invest` / `-implement` / `-review`).
---
## C1 — Cấu trúc PHẲNG (mỗi `runs/<run-id>/` — file cùng MỘT cấp)
```
runs/<run-id>/
├── run.md ← (1) PLAN — em main @P1: meta + mục-tiêu + agents-table + guards + status OPEN→CLOSE
├── sub-<role>-<i>.md ← (2) PER-SUB raw — 1 file/sub/turn, prefix `sub-` (vd sub-investigator-codebase-0.md)
├── sub-<role>-<i>.md (fan-out cùng-role → đánh số -0 / -1 …)
└── <stage>-synthesis.md ← (3) GOM verified — em main: bản-gom 1 turn, suffix `-synthesis.md` (vd invest-synthesis.md)
```
**Phân-biệt raw vs verified bằng TÊN, KHÔNG bằng subfolder:**
| Loại | Quy-ước TÊN | Ai ghi | Nội-dung |
|---|---|---|---|
| **PLAN** | `run.md` (cố định) | em main @P1 | nguồn-sự-thật của run: workflow run-id (evidence B3 `wf_…`), adap/mandate, checkpoint, opened, input-spec (nếu nối stage trước), agents-table (`# · role · task`), guards áp cho sub, output-path, status OPEN→CLOSE. |
| **PER-SUB (raw)** | **prefix `sub-`**`sub-<role>-<i>.md` | write-sub tự ghi @P2 · read-only sub → em main scribe @P3 | full working detail 1 sub. **1 sub-MD / role / turn** (cùng-role → `-0`/`-1`). Read-only sub (CHỈ Bash) KHÔNG Bash-write MD (mojibake) → trả `findings`+`subMdPath`, **em main single-writer**. |
| **GOM (verified)** | **suffix `-synthesis.md`**`<stage>-synthesis.md` | em main per-turn (C4) | gom `sub-*`+findings → 5-trục integrity → build-spec/synthesis. |
> 🟢 **Quy-tắc nhận-diện:** file bắt đầu bằng `sub-` = **bản-thô** (per-sub); file kết bằng `-synthesis.md` = **bản-đã-soát** (gom). `run.md` = plan. Không cần mở file/không cần subfolder để biết loại — đọc TÊN là đủ. (Khớp `../hmw.js` inject path: engine ghi-direct `runs/<run-id>/sub-<role>-<i>.md`, KHÔNG `sub-md/…`.)
>
> **Live dogfood:** `2026-06-18-harness-audit-invest/` = `run.md` + `audit-synthesis.md` **CHỈ** (KHÔNG subfolder, KHÔNG raw `sub-audit-*.md`) — vì 1 auditor fail-no-StructuredOutput + 2 truncated → em main self-gate ground-truth từ đĩa, không có raw-sub để scribe (xem `audit-synthesis.md:4`). Ví-dụ tên `sub-<role>-<i>.md` là minh-hoạ QUY-TẮC-ĐẶT-TÊN, KHÔNG phải artifact bắt-buộc mỗi run. Run `2026-06-18-harness-fix-implement/` mới có đủ raw (`sub-impl-sleepcmd.md` + `sub-impl-runsreadme.md` + `implement-synthesis.md`) = full flat set điển-hình.
---
## C2 — Scaffold `run.md` ở OPEN (em main @P1, TRƯỚC khi invoke Workflow)
`hmw.js` chạy JS-sandbox **no-filesystem** → KHÔNG tự tạo folder/file. Em main PHẢI Write @P1:
1. **Tạo run-folder + PLAN:** `runs/<run-id>/run.md` (điền plan đầy-đủ). 🆕 **KHÔNG cần `mkdir sub-md/` / `harvest/` / `.gitkeep`** — file `sub-*``*-synthesis.md` sẽ sinh ra **phẳng cùng cấp** trong cùng folder đó (engine + em main ghi 1 cấp).
2. **Ghi OPEN-beat** vào `runs/_ledger.md` (1 dòng, `closed=⏳`).
3. **(nối stage)** trỏ `input spec:` trong `run.md` sang `<stage>-synthesis.md` của run trước (vd implement đọc `invest-synthesis.md`).
> 🔴 **C2 là fragile-point.** Quên scaffold = run chạy nhưng KHÔNG có dấu-vết = **lỗ-hổng âm-thầm** (không lỗi, không cảnh-báo — chỉ thiếu file). 3-layer (C5) là lưới giảm-thiểu, KHÔNG khoá-cứng. Xem C7. 🆕 Cấu trúc phẳng bỏ **1 trong 2** điểm-hay-quên (không còn subfolder-to-forget); dư-lượng còn lại = **vẫn phải tự ghi `<stage>-synthesis.md` mỗi run** (close-gate C5/L3 bắt nếu thiếu).
---
## C3 — Git-tracked: VERIFY **2 nấc tách-bạch** (chỗ hay nhầm)
Run-folder PHẢI git **TRACKED** (re-include qua `.gitignore:83 !.claude/**`, last-match-wins). Verify ĐỦ **2 nấc** — đừng dừng ở nấc 1:
```bash
# Nấc (i) — GỠ-KHỎI-IGNORE (tracked-eligible): exit != 0 = KHÔNG bị ignore
git check-ignore .claude/workflows/runs ; echo "exit=$?" # SE: exit=1 ✓ (không ignore)
# Nấc (ii) — THẬT-SỰ-COMMIT: liệt-kê ra file = đã `git add`/commit
git ls-files .claude/workflows/runs | wc -l # SE: 22 ✓ (non-empty = đã commit)
```
- **Nấc (i) `check-ignore` exit != 0** = thư-mục KHÔNG nằm trong ignore (tracked-**eligible**). ⚠️ Mới là *đủ-điều-kiện-track*, **CHƯA chắc đã commit**.
- **Nấc (ii) `ls-files` non-empty** = thật-sự có file trong index (đã `git add`/commit). 🔴 **eligible ≠ committed:** một folder `check-ignore` exit!=0 NHƯNG `ls-files` rỗng = **chưa hề commit** (bằng-chứng sống tại AI_INFRA chính trường-hợp này). PHẢI chạy CẢ 2 lệnh.
- 🔴 **ĐÚNG PATH mới đáng tin.** Path đúng = **`.claude/workflows/runs`** (đầy-đủ từ repo-root). Bare `runs/` (tên trần) là path SAI — ở repo khác, `git check-ignore runs` từ repo-root có thể trả **exit 0** (match nhầm rule khác / không match negation `.claude/**`) → **đọc sai thành "bị ignore"**. *(Quan-sát SE: cả `runs` lẫn `.claude/workflows/runs` đều trả exit=1 vì .gitignore SE không có rule `runs` trần — nhưng ĐỪNG dựa may-rủi đó: luôn dùng path đầy-đủ `.claude/workflows/runs`.)*
- **Bẫy exit-code khi dùng `-v`:** `git check-ignore -v <path>` trả exit 0 cho CẢ ignore lẫn negation (`!.claude/**`) → đừng đọc exit của `-v` để kết-luận; dùng dạng không-`-v` ở trên (exit!=0 = không ignore) hoặc `&& echo IGNORED || echo NOT`.
---
## C4 — Per-turn primary (gom NGAY, không đợi session-end)
Gom là **việc của turn**, không defer. Sau MỖI fan-out turn → em main đọc `sub-*`+findings → ghi `<stage>-synthesis.md` **liền trong turn đó** (chính file synthesis này là bằng-chứng). Lợi: detail tươi, không mất qua nén-context; session-end chỉ VERIFY (không tái-tạo). **Đây là đường CHÍNH (primary)**; gom toàn-bộ @session-end (L3) chỉ là **lưới an-toàn (safety-net)**, KHÔNG phải đường chính.
---
## C5 — 3-layer anti-miss (lưới chống bỏ-sót — KHÔNG khoá-cứng-cùng-lúc-fire)
| Layer | Khi | Làm gì |
|---|---|---|
| **L1 in-run ledger-check** | em-main @P1, lúc mở run mới (TRƯỚC scaffold) | đọc `_ledger.md`: nếu run TRƯỚC còn `closed=⏳` (OPEN-beat chưa CLOSE / thiếu `<stage>-synthesis.md`) → gom + CLOSE nó TRƯỚC khi mở run mới. *(Engine no-fs → KHÔNG đọc được ledger → L1 là convention **EM-MAIN**, KHÔNG phải `hmw.js` prompt. hmw.js chỉ emit C4 per-turn return-instruction cho sub tại writeGuard.)* |
| **L2 session-start orphan-scan** | đầu session (`session-start.md` §2.1.1 H2) | scan `runs/*/` tìm **orphan = OPEN-beat (ledger `closed=⏳`) mà KHÔNG có `<stage>-synthesis.md`** → báo + giải-quyết (C6). |
| **L3 session-end close-gate** | cuối session (`session-end.md` §L.b(f) H2) | VERIFY per-turn gom đã xong cho mọi `runs/<id>/` (**idempotent — KHÔNG re-APPEND**, chống DUPLICATE-HARVEST) + 5-trục GATE backstop trước khi commit. 🆕 close-gate **chấp nhận CẢ 2 dạng** (old-subfolder + new-flat) trong giai-đoạn chuyển — xem C8. |
> 3 layer **độc-lập, fire ở 3 thời-điểm khác nhau** (run-open @P1 / session-start / session-end) — **KHÔNG layer nào do engine enforce** (hmw.js no-fs), cả 3 là convention em-main/H2. → giảm xác-suất sót, KHÔNG triệt-tiêu. Sót ở P1 (C2) cùng blind-spot với L1 (đều @P1) → chỉ bắt MUỘN ở L2 (session sau) / L3 (close-gate).
---
## C6 — Ledger 2-nhịp + orphan resolution (`_ledger.md`)
Sổ tất-cả run, 1 bảng. Mỗi run **2 lần ghi (2-nhịp)**:
- **OPEN-beat** (@P1, lúc scaffold): thêm dòng `| <run-id> | <workflow> | <opened> | ⏳ | <agents> | ⏳ | <stage>-synthesis.md |`.
- **CLOSE-beat** (lúc đóng run): điền `closed` timestamp + `verdict` (PASS/FAIL + 1 dòng + `wf_…`) + `harvest` (path file synthesis ✓).
`closed=⏳` = đang chạy (OPEN chưa CLOSE).
**Orphan** = dòng ledger `closed=⏳` nhưng run thực-tế đã xong/bỏ (session bị kill, agent die-0-byte, quên CLOSE-beat). **Giải-quyết-CỨNG** (không để treo):
1. **Điều-tra đĩa THẬT:** `run.md` status + có file `sub-*`? + có `<stage>-synthesis.md`? + git-log workflow `wf_…`.
2. **Đóng tay** nếu run thật-sự xong: điền CLOSE-beat (timestamp + verdict + harvest path).
3. **Đánh-dấu aborted** nếu run bỏ-dở: verdict = `⚠️ ABORTED — <lý-do>`, ghi rõ phần nào hoàn-thành (recover qua git/disk/prod truth, **KHÔNG tin agent return-message**).
---
## C7 — 🔴 CAVEAT trung-thực (no-overclaim)
- **Engine no-fs → scaffold KHÔNG tự-động.** `hmw.js` (JS-sandbox no-filesystem) KHÔNG tạo được folder/file. Run-trace dựa **100% vào em-main**: scaffold `run.md` @P1 (C2) + tự ghi `<stage>-synthesis.md` mỗi run (C4). Không có cơ-chế nào ép tạo file. **NOT fully-autonomous** — đây là **hard-gate-trên-INPUT** (em main tự dựng khung + tự bơm tham-số đầu/cuối mỗi run), KHÔNG phải engine tự-động.
- **Cấu trúc phẳng giảm fragile từ 2 → 1, KHÔNG triệt-tiêu.** Bỏ subfolder xoá được điểm-hay-quên "dựng sẵn `sub-md/`+`harvest/`" (engine giờ ghi 1 cấp, **no subfolder-to-forget**). NHƯNG còn **dư-lượng**: em-main VẪN phải nhớ ghi `<stage>-synthesis.md` mỗi run (close-gate L3 bắt nếu thiếu). Điểm-yếu **giảm 1-trong-2**, chứ không biến mất → C2 vẫn bắt-buộc.
- **3-layer = LƯỚI, KHÔNG khoá-cứng-cùng-lúc-fire.** L1/L2/L3 bắt lỗi **sau khi** việc đã xảy ra (post-hoc) hoặc nhắc **dựa-trên-input em-main-bơm** — giảm xác-suất sót, KHÔNG chặn tại-đúng-thời-điểm-fire. Phòng-thủ-nhiều-lớp, KHÔNG bảo-đảm tuyệt-đối.
- **G-015 no-overclaim — TRACKED ≠ read-only-ENFORCED.** Run-folder git-tracked KHÔNG biến sub thành read-only: sub **vẫn giữ Bash** (write-channel mở — ghi-ngoài-repo git-diff mù / curl Qdrant). Containment THẬT (model dưới) = em-main single-writer + git-diff(in-repo) + chunk-count(RAG), defense-in-depth — KHÔNG sandbox cứng, KHÔNG claim "ENFORCED".
---
## C8 — MIGRATION (run cũ giữ subfolder · close-gate chấp-nhận CẢ 2 dạng)
🔴 **KHÔNG viết lại lịch-sử.** 5 run-folder S71 đã chốt giữ **NGUYÊN cấu trúc cũ** `sub-md/` + `harvest/` (đã commit, KHÔNG đụng):
```
2026-06-18-h10-invest/ (run.md + sub-md/ + harvest/invest-synthesis.md) ← cũ, GIỮ
2026-06-18-h10-implement/ (run.md + sub-md/ + harvest/implement-synthesis.md) ← cũ, GIỮ
2026-06-18-h10-review/ (run.md + sub-md/ + harvest/review-synthesis.md) ← cũ, GIỮ
2026-06-18-h910-finalize/ (run.md + sub-md/ + harvest/finalize-synthesis.md) ← cũ, GIỮ
2026-06-18-h910-curate/ (run.md + sub-md/ + harvest/curate-synthesis.md) ← cũ, GIỮ
2026-06-18-harness-audit-invest/ (run.md + audit-synthesis.md) ← 🆕 FLAT
```
- **Run MỚI từ refine 06-18 → dùng FLAT** (`sub-<role>-<i>.md` + `<stage>-synthesis.md` cùng cấp). Run CŨ → để yên (đừng gom-lên-cấp/đừng xoá subfolder — re-writing history vô-ích + làm bẩn git-log).
- 🟢 **Close-gate (L3) ACCEPT BOTH** suốt giai-đoạn chuyển: verify gom ở **`harvest/<stage>-synthesis.md`** (dạng cũ) **HOẶC** `<stage>-synthesis.md` phẳng (dạng mới). Không fail run cũ chỉ vì thiếu file-phẳng.
- **2 nấc track (C3)** áp cho CẢ 2 dạng: `check-ignore` exit!=0 + `ls-files` non-empty.
---
## Containment model (PHẢI khớp `_ledger.md` + `../hmw.js` — đồng-bộ 3 chỗ: đây · `_ledger.md` · `../hmw.js`)
> Run-folder `runs/<run-id>/` được git **TRACKED** → mọi write **HIỆN** trong git-diff = **audit trực-tiếp**. Containment: tracked-change **NGOÀI** `runs/<run-id>/` **VÀ NGOÀI** code-disjoint đã giao = **vi-phạm** (thay model Harness-2 B6 "mọi tracked-change = vi-phạm"). G-015 no-overclaim: TRACKED ≠ read-only-enforced — sub vẫn giữ Bash (write-channel mở), containment THẬT = em-main single-writer + git-diff(in-repo) + chunk-count(RAG).
---
## Anti-bypass detector — **SE TAILORED-OUT** (quyết-định có chủ-đích, anh chốt)
> Refine 06-18 (b) đề-xuất làm-chặt một **bộ-dò chống-lách-engine** (soi nhật-ký/mã xem có run nào né engine chuẩn không) theo **3 chức-năng**. **SE quyết-định KHÔNG hiện-thực bộ-dò này** — đã CÂN-NHẮC và thấy **N/A cho threat-model của SE.** Giữ trung-thực, KHÔNG overclaim "đã có anti-bypass detector".
**Lý-do tailored-out:**
- **SE chạy workflow qua Anthropic Workflow tool (`hmw.js` invoke), KHÔNG có bề-mặt-lách kiểu CLI-launcher.** AI_INFRA threat-model giả-định một node-CLI launcher (đường-vòng chạy lén engine) cần bộ-dò canh. SE **không có launcher như vậy** → không có "đường-vòng" để dò.
- **Containment SE đã đủ bằng cơ-chế khác (G-015 defense-in-depth):** `git diff` commit-gate (mọi write tracked HIỆN trong diff) + run-folder git-tracked (audit trực-tiếp) + `_ledger.md` orphan-scan (L2/L3) — backstop THẬT (không phải prompt). Bộ-dò pattern-match thêm = trùng-lặp, không bịt lỗ mới.
**3 chức-năng refine — CÂN-NHẮC rồi N/A cho SE:**
| Chức-năng refine (b) | Áp SE? | Vì sao |
|---|---|---|
| **(1) Whitelist launcher hợp-lệ** | N/A | SE không có launcher-wrapper quanh engine → không có gì để whitelist. |
| **(2) Khớp đa-dạng biến-thể path tới engine** | N/A | SE invoke engine qua Workflow tool (1 đường duy-nhất), không có path-variant để khớp. |
| **(3) Neo KHOÁ-khởi-chạy-thật (đừng match tên-engine lẫn trong script) + acceptance theo QUAN-HỆ** | N/A | Không có log-scan detector → không có chỗ neo launch-key. Acceptance-by-relation (hợp-lệ ≠ vi-phạm, hợp-lệ tăng dần OK) là nguyên-tắc tốt nhưng chỉ áp được khi CÓ detector. |
> 🔴 **No-overclaim:** SE **KHÔNG** claim đã adopt anti-bypass detector. SE claim: đã **đọc + cân-nhắc** 3 chức-năng, **chọn tailored-out** vì threat-model SE không có CLI-launcher-bypass-surface; containment dựa **git-diff + run-folder-tracked + ledger-orphan-scan** (G-015). Nếu sau này SE thêm launcher-wrapper → re-visit quyết-định này.

24
.claude/workflows/runs/_ledger.md Normal file
View File

@ -0,0 +1,24 @@
# Workflow Run Ledger — SOLUTION_ERP (Harness-10)
> **Two-beat (C6):** ghi nhịp **OPEN** lúc mở run + nhịp **CLOSE** lúc đóng run. **Orphan** = OPEN mà không CLOSE → phải giải-quyết-cứng (điều tra + đóng tay hoặc đánh dấu aborted).
> **Tracked (C3):** thư mục `runs/<run-id>/` được git theo dõi (KHÔNG gitignore). Containment chuyển sang model **"tracked-change NGOÀI run-folder (+ code-disjoint đã giao) = vi phạm"** (thay model Harness-2 B6 "mọi tracked-change = vi phạm").
> Cột `closed=⏳` = đang chạy (OPEN-beat). Điền timestamp + verdict khi đóng (CLOSE-beat).
> 🆕 **FLAT (C1/C8, h10-refine 06-18):** run MỚI = file phẳng cùng cấp (`run.md` + `sub-<role>-<i>.md` + `<stage>-synthesis.md`, KHÔNG subfolder). **5 run cũ (`h10-invest`…`h910-curate`) GIỮ `sub-md/`+`harvest/`** — đừng rewrite history; close-gate **dual-accept** cả hai dạng.
| run-id | workflow | opened | closed | agents | verdict | harvest |
|---|---|---|---|---|---|---|
| 2026-06-18-h10-invest | Harness-10 adap — INVESTIGATE | 2026-06-18 08:29 +07 | 2026-06-18 08:42 +07 | 4× investigator-codebase (read-only ∥) | ✅ PASS — B+C+D strong, A stub-fail (B covered hmw.js) · `wf_9c2cd2cd-2e7` | `harvest/invest-synthesis.md` ✓ |
| 2026-06-18-h10-implement | Harness-10 adap — IMPLEMENT | 2026-06-18 08:42 +07 | 2026-06-18 08:52 +07 | 3× general-purpose (text file-disjoint ∥) + em-main single-writer (gitignore/hmw.js/READMEs cluster) | ✅ PASS — 3/3 agent DONE, containment CLEAN, wording đồng-bộ 4 file · `wf_e4e46725-231` | `harvest/implement-synthesis.md` ✓ |
| 2026-06-18-h10-review | Harness-10 adap — REVIEW | 2026-06-18 08:52 +07 | 2026-06-18 09:01 +07 | 3× reviewer (adversarial ∥) | ✅ PASS sau-fix — R1 PASS · R2/R3 bắt C5 L1 over-claim (high-conf, đã fix path-a) · `wf_636bc95b-939` | `harvest/review-synthesis.md` ✓ |
| 2026-06-18-h910-finalize | Harness-9+10+checklist — FINALIZE double-check (anh giao) | 2026-06-18 09:41 +07 | 2026-06-18 09:52 +07 | 3× reviewer (R1 Part A / R2 Part B+C / R3 cross-cutting) | ✅ GAPS-FOUND, 0 code-defect — R3 thorough (R1/R2 no-StructuredOutput → self-gate); 3 gap (G1 over-cap curate · G2 stale-claims · G3 H10-memory) + 1 minor · `wf_73de399d-753` | `harvest/finalize-synthesis.md` ✓ |
| 2026-06-18-h910-curate | Harness-9 curate G1 — reviewer+investigator L1→L2 | 2026-06-18 09:52 +07 | 2026-06-18 10:05 +07 | 2× general-purpose (1/file, file-disjoint, NO same-file race) | ✅ PASS — reviewer 36.7→24.8KB (moved 10) + inv 29.8→23.2KB (moved 3), both <25600 cap; archive +N -0 (0-byte-loss, grep-Fxf 10/10 + md5sum verified); em-main +reviewer-gist gen:2 + budget re-measure · `wf_f32987b8-03f` | `harvest/curate-synthesis.md` |
| 2026-06-18-harness-audit-invest | Harness 8/9/10 re-audit INVESTIGATE (anh giao) · 🆕FLAT | 2026-06-18 11:09 +07 | 2026-06-18 11:21 +07 | 4× investigator-codebase (read-only ∥) | DONE Part B structured; Part A failed-no-SO + C/H8 truncated em-main self-gate ground-truth. Gaps: C1/C8/refine-a FLAT migration · A8 sleep-cmd · 2 broadcast pending · detector tailored-N/A · `wf_13868efb-ea7` | `audit-synthesis.md` (FLAT) |
| 2026-06-18-harness-fix-implement | Harness 8/9/10 re-audit IMPLEMENT (FLAT migration + sleep-cmd + checklist-v2) · 🆕FLAT | 2026-06-18 11:22 +07 | 2026-06-18 11:36 +07 | 2× general-purpose (file-disjoint ∥) + em-main cluster | DONE sleep-cmd port + runs/README flat (agent) · hmw.js+workflows/README+agents/README+session-cmds+ledger flat + H4.5H8 (em-main) · 5 old runs keep subfolder C8 · node --check OK · `wf_ac43b5ff-7d1` | `implement-synthesis.md` (FLAT) |
| 2026-06-18-harness-fix-review | Harness 8/9/10 re-audit REVIEW (B2 double-check) · 🆕FLAT | 2026-06-18 13:27 +07 | 2026-06-18 13:37 +07 | 3× reviewer (adversarial ∥) | PASS sau-fix R3 PASS (containment clean, honesty strong) · R1/R2 PASS-w-concerns: 1 major (auto-wire overclaim) + 4 minor TẤT CẢ FIXED em-main (hmw.js:52 schema · WIRE last_sleep_at session-start/end · provenance · charter-anchor · README:31); post-fix node --check OK + grep verified · `wf_d482e10d-5dd` | `review-synthesis.md` (FLAT) |
| 2026-06-18-mig54-pe-review | Mig 54 PE giá-đề-xuất + CCM duyệt-done ADVERSARIAL REVIEW (⚠ **custom inline, KHÔNG hmw**) · FLAT | 2026-06-18 15:55 +07 | 2026-06-18 16:05 +07 | 4× reviewer (schema-forced ∥) + verify-chéo | **1/4 RETURNED** be-logic PASS 0-blocker (V1-by-design not-an-issue + stray-nit, verify-chéo) · 3/4 lane FAILED no-StructuredOutput em-main self-gate PASS (authz/wire/regression) + 1 UAT-note (empty-candidates UX edge) · `wf_8c979a93-1a4` | `review-synthesis.md` (FLAT) |
| 2026-06-18-mig54-pe-review (R2) | Mig 54 DOUBLE-CHECK free-text reliable + verify fix empty-candidates | 2026-06-18 16:10 +07 | 2026-06-18 16:18 +07 | 3× reviewer (free-text ∥) | **2/3 PASS 0-issue** (authz + cross-stack/fix độc-lập) · 🎯 rủi ro #1 ĐÓNG (empty-candidates UNREACHABLE per submit-guard `:194`) · 1 lane no-return (covered) · free-text > schema-force (1/4→2/3) · `wf_f885d9ef-5f6` | `review-synthesis.md` §E |
| 2026-06-18-h11-audit | Harness-11 adap — AUDIT (PRESENT/PARTIAL/GAP vs SE-present) · 🆕FLAT | 2026-06-18 19:45 +07 | 2026-06-18 19:55 +07 | 4× investigator-codebase (read-only ∥, 1 PHẦN/lane) `wf_7fdc3bd5-930` | ✅ DONE — A 🟡 (A4/A5/A6 GAP hợp-lệ) · **B1+B3 GAP** (derived COPY, no freshness-detector) · **C1/C2/C3 GAP** (0 detector-script, chỉ agent-judgement) · **D5/D6/D7 PARTIAL + D8 GAP** (3-tier+1-direction chưa codify); D4/D9/D11 mechanized-mạnh sẵn. read-only→em-main scribe synthesis | `audit-synthesis.md` ✓ (sub read-only, findings-in-output) |
| 2026-06-18-h11-implement | Harness-11 adap — IMPLEMENT (detector-script + A-gate ∥ sub · em-main MD cluster) · 🆕FLAT | 2026-06-18 19:56 +07 | 2026-06-18 20:15 +07 | 2× general-purpose (script file-disjoint ∥) + em-main single-writer (governance MD cluster) `wf_c5e5844e-7c1` | ✅ DONE — Lane1 `governance-detectors.ps1` runtime-proven (71→27 post-refinement R2; bắt drift thật + gotcha #30 mojibake fix) · Lane2 `memory-archive-gate.ps1` A4/A5/A6/A7 proven · em-main engine-doc + B1 ×11 (drift RESOLVED post-rerun) + cadence-wire D1/D2 + agents/README. B+C+D đủ-trọn (claim). Single-writer CLEAN. → REVIEW judge FP-rate | `implement-synthesis.md` ✓ (FLAT) |
| 2026-06-18-h11-review | Harness-11 adap — REVIEW (B2 double-check, free-text) · 🆕FLAT | 2026-06-18 20:16 +07 | 2026-06-18 20:35 +07 | 3× reviewer (adversarial ∥: completeness-gate / detector-correctness / honesty-containment) `wf_d7ca1ff8-942` | ✅ **PASS** — R1 completeness-gate ĐẠT (B+C+D đủ-trọn) · R2 detector 6/6 correctness + 2 refinement (C2 context-skip + C1 normalize → 59→27 sharper) · R3 honesty+containment 0-blocker (1 nit fixed). NO-API+0-auto-write PASS. Single-writer CLEAN | `review-synthesis.md` ✓ (FLAT) |
| 2026-06-18-h11-doublecheck | Harness-11 adap — DOUBLE-CHECK #1 (anh giao, post-commit `e70c046`) · 🆕FLAT | 2026-06-18 20:48 +07 | 2026-06-18 21:05 +07 | 3× reviewer (over-suppress-regression / committed-state / containment-runtrace) `wf_a0b68d2f-30e` | ✅ **PASS** — DA2+DA3 PASS (B1×11 exact · root:53 tail byte-identical · broadcasts hash recompute KHỚP · single-writer clean · over-suppress-hunt CLEAN). DA1 failed-no-SO → em-main self-gate fake-drift CAUGHT (no over-suppress, runtime). +C2 test-project skip (27→26) + agents/README pending→run-id. tree-skip reverted (gotcha #30 box-glyph) | `doublecheck-synthesis.md` ✓ (FLAT) |
| 2026-06-18-h11-checklist-verify | Harness-11 adap — CHECKLIST formal self-verify (anh giao) · 🆕FLAT | 2026-06-18 21:08 +07 | 2026-06-18 21:22 +07 | 3× investigator-codebase (CL1 A+B / CL2 C / CL3 D, evidence-mapping ∥) `wf_39cd4cbe-f07` | ✅ **completeness-gate ĐẠT** — B 4/4 + C 5/5 + D 11/11 đủ-trọn (function-floor MET), A 🟡 tailored (A6 runtime cần 2×-Apply legit-by-design). D5/D6/D7 explicit-label=YES + D8 one-direction codify=YES. NO-API+0-auto-write 0-hit. All 3 lane returned | `checklist-verify-synthesis.md` ✓ (FLAT) |

19
.gitignore vendored
View File

@ -86,10 +86,17 @@ src/Backend/SolutionErp.Api/wwwroot/exports/
# Pattern AFTER !.claude/** so last-match wins (.claude/ itself not excluded → re-include valid).
.claude/hmw-mode.on
# HMW wave-folder + agent-team — transient per-workflow detail (Harness 2 B6 isolation —
# H2 harvest-curator gom rồi; gitignore để git-diff audit isolation SẠCH, 0 noise).
# HMW run-trace folders — Harness-10 (2026-06-18): `.claude/workflows/runs/<run-id>/` is git-TRACKED
# (run.md + sub-md/ + harvest/ + _ledger.md) for auditability. Stays tracked via the !.claude/** negation
# above — do NOT add an ignore rule for runs/. Containment model shifts from Harness-2 B6 ("wave-*/ gitignored
# → any tracked-change post-workflow = stray-write") to Harness-10 ("tracked-change OUTSIDE runs/<run-id>/ +
# assigned code-disjoint = violation"). Run-trace now VISIBLE in git-diff = direct audit (stronger).
#
# Legacy Harness-2 wave-folder + agent-team — kept ignored (superseded by runs/; no wave-*/ remain; harmless).
# Pattern AFTER !.claude/** so last-match wins (giống hmw-mode.on).
# Verify: git check-ignore -v .claude/workflows/wave-x/wave.md
# ⚠️ check-ignore verify (exit-code nuance): plain `git check-ignore X` exits 1 for a negation/re-included path
# (NOT 0); only `git check-ignore -v --no-index` shows exit 0 for BOTH. Use the idiom for a correct verdict:
# `git check-ignore X && echo IGNORED || echo NOT-IGNORED` → runs/ = NOT-IGNORED (tracked); wave-x/ = IGNORED.
.claude/workflows/wave-*/
.claude/agent-teams/
@ -98,3 +105,9 @@ src/Backend/SolutionErp.Api/wwwroot/exports/
# Sub-agent output dumps (JSON/HTML scratch)
tmp/
# [S76] Guard cwd-misland (feedback_agent_cwd_relative_memory_misland): sub-agent `cd`
# vào fe-user/fe-admin chạy npm build rồi ghi MEMORY.md relative-path → stray
# `fe-*/.claude/agent-memory/...`. Canonical agent-memory ở ROOT `.claude/` vẫn tracked
# (negation `!.claude/**` trên). Pattern AFTER negation → last-match-wins cho path FE-app.
fe-*/.claude/

16
CLAUDE.md
View File

@ -50,20 +50,20 @@ Kiến trúc: **.NET 10 Clean Architecture + 2 React FE (admin + user) + SQL Ser
- Audit fields: `CreatedAt`, `UpdatedAt`, `CreatedBy`, `UpdatedBy` (`BaseEntity`)
- Soft delete: `IsDeleted`, `DeletedAt`, `DeletedBy` (`AuditableEntity`)
- Migrations: `dotnet ef migrations add <Name> --project src/Backend/SolutionErp.Infrastructure --startup-project src/Backend/SolutionErp.Api`
- **Hiện có 53 migration → 88 bảng** (+S69: Mig 53 `AddPeUrgentAndCeoApprovalThreshold` — PE +IsUrgentByPro/Ccm cờ gấp PRO/CCM + ApprovalWorkflow +CeoApprovalThreshold ngưỡng CCM duyệt-final, 3 AddColumn no new table. +S65: Mig 51 `AddDepartmentParentId` Department.ParentId loose-Guid no-FK org-tree phân cấp + Mig 52 `AddHoSoLinkToPurchaseEvaluation` PE HoSoLink nvarchar(1000) hyperlink NAS — cả 2 AddColumn no new table, tables giữ 88. Phase 10 COMPLETE + Phase 11 P11-A→F done — Mig 34-42 HRM/Office/WorkflowApps/Attendance + Contract V2 (32-33) + WireWorkflowApps V2 (41) + LeaveBalance (42) + Holiday filtered-unique (43, S45) + Vehicle/Driver catalog (44, S51) + HRM-catalog filtered-unique 3× (45, S51) + ItTicket SLA (46, S52) + Master filtered-unique 3× (47, S53 gotcha #57 EXT) + Project master fields Year/Investor/Location/Package (48, S55 — AddColumn no new table, kèm nạp 62 dự án + 71 hạng mục + 3 NCC real data từ Excel qua `SeedRealMasterDataAsync` ungated idempotent) + PE gắn Hạng mục công việc WorkItemId loose-Guid KHÔNG FK vật lý (49, S57bis — AddColumn+CreateIndex, no new table) + **Mig 50 `ReplaceBudgetModuleWithPeWorkItemBudgets` (S61, 2026-06-13) — XÓA module Budget cũ, thay bằng `PeWorkItemBudgets` ngân sách per-gói-thầu (1 record/cặp Dự án × Hạng mục, nhập theo role PRO/CCM, vượt ngân sách = cảnh báo mềm cho lưu S62); backfill `BudgetManualAmount→BudgetPeriodAmount` TRƯỚC DropColumn (phiếu UAT giữ số); net bảng 93→88; gotcha #63/#64**. V2 schema history S29-era bên dưới giữ nguyên — Mig 32+33 Plan B Contract V2 cookie-cutter mirror PE Mig 22-26 (S29). Mig 26 `AddPeLevelOpinionsForV2`: bảng mới `PurchaseEvaluationLevelOpinions` UNIQUE composite (PEId, LevelId), FK Cascade Pe + Restrict Level. Section 5 "Ý kiến cấp duyệt" V2 dynamic theo workflow đã pin: forEach Step (Phòng) → forEach Level (Cấp) → forEach NV → 1 OpinionBox. Service `ApproveV2Async` UPSERT auto khi NV duyệt — Q1=1B (sync gắn với Duyệt, KHÔNG form input rời). SignedByUserId track signer thật, FE banner "Admin duyệt thay" khi !== ApproverUserId. Comment empty → "(duyệt — không ý kiến)" placeholder. Phiếu V1 legacy fallback Mig 15 4 box readOnly (data history). Mig 25 `AddIsUserSelectableToApprovalWorkflows`: ALTER `ApprovalWorkflows` +`IsUserSelectable bit` (admin pin/unpin workflow nào cho user pick lúc create phiếu, multi-select độc lập IsActive). Backfill `WHERE IsActive=1 SET 1` giữ behavior cũ. Designer +badge "Cho user chọn" + button Ghim/Bỏ ghim. Workspace filter dropdown chỉ workflows `IsUserSelectable=true`. Mig 22-24 V2 schema (Session 17): `ApprovalWorkflows`/Steps/Levels — Quy trình > Bước (Phòng) > Cấp (N NV cụ thể qua ApproverUserId, OR-of-N cùng cấp). PE.ApprovalWorkflowId pin V2. PE.CurrentApprovalLevelOrder track. State machine 5 trạng thái: Nháp / Đã gửi duyệt / Trả lại (Phase riêng TraLai=98) / Từ chối / Đã duyệt. PE Service V2 wire match `actor.Id == ApproverUserId`. Contract V2 ĐÃ WIRE (Mig 32+33 Plan B S29 — cookie-cutter mirror PE V2: `ApproveV2Async` + `ContractLevelOpinions` UPSERT + Workspace V2 Select dropdown). Mig 21 V1 flat workflow vẫn live cho phiếu cũ.)
- **Số migration · bảng hiện tại → [`docs/STATUS.md`](docs/STATUS.md) (canonical — KHÔNG copy số ở đây để tránh drift; Harness-11 B1).** Lịch sử mig gần đây: +S74 Mig 55 `AddCcmNoteToPeWorkItemBudget` (PE CcmNote) · +S73 Mig 54 `AddPeSuggestedAndApprovedPrice` (PE giá đề xuất PRO/CCM). +S69: Mig 53 `AddPeUrgentAndCeoApprovalThreshold` — PE +IsUrgentByPro/Ccm cờ gấp PRO/CCM + ApprovalWorkflow +CeoApprovalThreshold ngưỡng CCM duyệt-final, 3 AddColumn no new table. +S65: Mig 51 `AddDepartmentParentId` Department.ParentId loose-Guid no-FK org-tree phân cấp + Mig 52 `AddHoSoLinkToPurchaseEvaluation` PE HoSoLink nvarchar(1000) hyperlink NAS — cả 2 AddColumn no new table, tables giữ 88. Phase 10 COMPLETE + Phase 11 P11-A→F done — Mig 34-42 HRM/Office/WorkflowApps/Attendance + Contract V2 (32-33) + WireWorkflowApps V2 (41) + LeaveBalance (42) + Holiday filtered-unique (43, S45) + Vehicle/Driver catalog (44, S51) + HRM-catalog filtered-unique 3× (45, S51) + ItTicket SLA (46, S52) + Master filtered-unique 3× (47, S53 gotcha #57 EXT) + Project master fields Year/Investor/Location/Package (48, S55 — AddColumn no new table, kèm nạp 62 dự án + 71 hạng mục + 3 NCC real data từ Excel qua `SeedRealMasterDataAsync` ungated idempotent) + PE gắn Hạng mục công việc WorkItemId loose-Guid KHÔNG FK vật lý (49, S57bis — AddColumn+CreateIndex, no new table) + **Mig 50 `ReplaceBudgetModuleWithPeWorkItemBudgets` (S61, 2026-06-13) — XÓA module Budget cũ, thay bằng `PeWorkItemBudgets` ngân sách per-gói-thầu (1 record/cặp Dự án × Hạng mục, nhập theo role PRO/CCM, vượt ngân sách = cảnh báo mềm cho lưu S62); backfill `BudgetManualAmount→BudgetPeriodAmount` TRƯỚC DropColumn (phiếu UAT giữ số); net bảng 93→88; gotcha #63/#64**. V2 schema history S29-era bên dưới giữ nguyên — Mig 32+33 Plan B Contract V2 cookie-cutter mirror PE Mig 22-26 (S29). Mig 26 `AddPeLevelOpinionsForV2`: bảng mới `PurchaseEvaluationLevelOpinions` UNIQUE composite (PEId, LevelId), FK Cascade Pe + Restrict Level. Section 5 "Ý kiến cấp duyệt" V2 dynamic theo workflow đã pin: forEach Step (Phòng) → forEach Level (Cấp) → forEach NV → 1 OpinionBox. Service `ApproveV2Async` UPSERT auto khi NV duyệt — Q1=1B (sync gắn với Duyệt, KHÔNG form input rời). SignedByUserId track signer thật, FE banner "Admin duyệt thay" khi !== ApproverUserId. Comment empty → "(duyệt — không ý kiến)" placeholder. Phiếu V1 legacy fallback Mig 15 4 box readOnly (data history). Mig 25 `AddIsUserSelectableToApprovalWorkflows`: ALTER `ApprovalWorkflows` +`IsUserSelectable bit` (admin pin/unpin workflow nào cho user pick lúc create phiếu, multi-select độc lập IsActive). Backfill `WHERE IsActive=1 SET 1` giữ behavior cũ. Designer +badge "Cho user chọn" + button Ghim/Bỏ ghim. Workspace filter dropdown chỉ workflows `IsUserSelectable=true`. Mig 22-24 V2 schema (Session 17): `ApprovalWorkflows`/Steps/Levels — Quy trình > Bước (Phòng) > Cấp (N NV cụ thể qua ApproverUserId, OR-of-N cùng cấp). PE.ApprovalWorkflowId pin V2. PE.CurrentApprovalLevelOrder track. State machine 5 trạng thái: Nháp / Đã gửi duyệt / Trả lại (Phase riêng TraLai=98) / Từ chối / Đã duyệt. PE Service V2 wire match `actor.Id == ApproverUserId`. Contract V2 ĐÃ WIRE (Mig 32+33 Plan B S29 — cookie-cutter mirror PE V2: `ApproveV2Async` + `ContractLevelOpinions` UPSERT + Workspace V2 Select dropdown). Mig 21 V1 flat workflow vẫn live cho phiếu cũ.)
### Modules
| Module | Namespace | Migration | Trạng thái |
|---|---|---|---|
| Contract (HĐ) | `Domain/Contracts/` | 1-11 | Feature-complete (7 ContractType × 9 phase) |
| PurchaseEvaluation (Duyệt NCC tiền-HĐ) | `Domain/PurchaseEvaluations/` | 12,13,15,49,50,52,53 | Feature-complete — +Hạng mục (Mig 49) +ngân sách per-gói-thầu role PRO/CCM (Mig 50) +Link hồ sơ NAS (Mig 52) +**cờ gấp PRO/CCM + CCM duyệt-final theo ngưỡng giá trị (Mig 53, S69)**. Export PDF pending |
| PurchaseEvaluation (Duyệt NCC tiền-HĐ) | `Domain/PurchaseEvaluations/` | 12,13,15,49,50,52,53,54,55 | Feature-complete — +Hạng mục (Mig 49) +ngân sách per-gói-thầu role PRO/CCM (Mig 50) +Link hồ sơ NAS (Mig 52) +cờ gấp PRO/CCM + CCM duyệt-final theo ngưỡng (Mig 53) +**giá đề xuất PRO/CCM + CCM-note (Mig 54/55, S73/S74)**. Export PDF pending |
| ~~Budget (Ngân sách dự án)~~ | — | 14 → **Mig 50 DROP** | ⚠️ **REMOVED S61** — module Budget cũ XÓA, thay bằng PE-budget-per-gói-thầu (`PeWorkItemBudgets`). FE pages/types/menu `Bg_*` gỡ hết |
| Master (Supplier/Project/Department) | `Domain/Master/` | 2, 10 | Feature-complete |
| Identity (User/Role/Permission/MenuItem) | `Domain/Identity/` | 1, 3, 11 | Feature-complete (30 demo user — 16 sample + 14 Solutions thật) |
| Forms (Template + Clause) | `Domain/Forms/` | 4 | Feature-complete |
| Notifications | `Domain/Notifications/` | 6 | In-app + SignalR OK, email SMTP TODO |
| **Tests** | `tests/SolutionErp.{Domain,Infrastructure}.Tests/` | — | **306 test pass** (45 Domain + 261 Infra) — CI gate + path filter docs-only skip |
| **Tests** | `tests/SolutionErp.{Domain,Infrastructure}.Tests/` | — | **Test pass — số hiện tại → [`docs/STATUS.md`](docs/STATUS.md)** — CI gate + path filter docs-only skip |
### Commit convention
@ -77,14 +77,14 @@ Kiến trúc: **.NET 10 Clean Architecture + 2 React FE (admin + user) + SQL Ser
```
tests/
├── SolutionErp.Domain.Tests/ (58 test — Domain policy: Workflow / PE / Budget)
└── SolutionErp.Infrastructure.Tests/ (128 test)
├── SolutionErp.Domain.Tests/ (Domain policy: Workflow / PE)
└── SolutionErp.Infrastructure.Tests/ (codegen + CQRS handler + authz regression)
├── Common/ (SqliteDbFixture + TestApplicationDbContext + IdentityFixture S9)
├── Services/ (17 codegen + 6 PE 2-stage approval S9)
└── Application/ (6 test - PeWorkflowDefinition versioning)
```
**263 unit test pass** (45 Domain + 218 Infra). CI gate + path filter live. (S61 +22 `PeWorkItemBudgetTests` 14 `BudgetPolicyTests` 1 → 263; S60 +14 `PeSubmitGuardAndBypassTests` +2 spec → 256; S57bis +12 `PeWorkItemGuardTests`. Domain giảm 58→45 do drop BudgetPolicyTests cùng module Budget.)
**Unit test pass — số hiện tại → [`docs/STATUS.md`](docs/STATUS.md) (canonical).** CI gate + path filter live. (Lịch sử: S74 +5 CcmNote; S69 +20 Office-golive/PE-threshold; S67 +23 HRM test-after; S61 +22 `PeWorkItemBudgetTests` 14 `BudgetPolicyTests`, Domain drop BudgetPolicyTests cùng module **Budget đã REMOVE S61**.)
```bash
dotnet test SolutionErp.slnx # chạy cả 2 test project
@ -128,9 +128,9 @@ Quy tắc:
| [`docs/workflow-contract.md`](docs/workflow-contract.md) | State machine 9 phase HĐ + role matrix |
| [`docs/forms-spec.md`](docs/forms-spec.md) | Catalog 8 form + quy định mã HĐ RG-001 |
| [`docs/database/database-guide.md`](docs/database/database-guide.md) | DB conventions + migration workflow + cheatsheet |
| [`docs/database/schema-diagram.md`](docs/database/schema-diagram.md) | ⭐ ERD + luồng DB + data flow 88 table (+ §11 PE + §12 ~~Budget~~ DROP + §13 PEDeptOpinions + §14 Contract V2 LevelOpinions; §16+ Mig 32-52 pending) |
| [`docs/database/schema-diagram.md`](docs/database/schema-diagram.md) | ⭐ ERD + luồng DB + data flow 88 table (+ §11 PE + §12 ~~Budget~~ DROP + §13 PEDeptOpinions + §14 Contract V2 LevelOpinions; §16+ Mig 32-55 pending) |
| [`docs/flows/README.md`](docs/flows/README.md) | Index 6 flow (auth, permission, contract, form, SLA) |
| [`docs/gotchas.md`](docs/gotchas.md) | ⭐ 68 bẫy đã gặp — đọc trước khi debug tương tự |
| [`docs/gotchas.md`](docs/gotchas.md) | ⭐ Bẫy đã gặp (số hiện tại → [`docs/STATUS.md`](docs/STATUS.md)) — đọc trước khi debug tương tự |
| [`.claude/skills/`](.claude/skills/README.md) | 6 skill: contract-workflow, form-engine, permission-matrix, dependency-audit-erp, ef-core-migration, iis-deploy-runbook |
| [`docs/guides/vps-setup.md`](docs/guides/vps-setup.md) | ⭐ Master runbook deploy VPS shared với VIETREPORT |

4
broadcasts/_index.md
View File

@ -14,6 +14,7 @@
|---|---|---|---|---|---|---|
| 2026-06-09 | 2026-06-09-namgroup-to-se-ui-design-conventions | namgroup → se | processed | namgroup | 0140b81fb8a6 | ✓ |
| 2026-06-11 | 2026-06-11-ai_infra-to-se-ui-ux-design-guide | ai_infra → se | processed | ai_infra | d353ee460dba | ✓ |
| 2026-06-18 | 2026-06-18-ai_infra-to-se-harness-11-available | ai_infra → se | processed | ai_infra | b2a2fc1cf399 | ✓ |
## 📤 OUTBOUND (gửi — qua `/send-email <to>`)
| sent (ISO) | id | from → to | folder | sha256(12) |
@ -25,3 +26,6 @@
| 2026-06-15 | 2026-06-15-se-to-ai_infra-harness-7-adopt-report | se → ai_infra | outbox/ai_infra | 7e4f91f1ff7f |
| 2026-06-16 | 2026-06-16-se-to-ai_infra-harness-8-adopt-status | se → ai_infra | outbox/ai_infra | fa7f690d9ce6 |
| 2026-06-17 | 2026-06-17-se-to-ai_infra-harness-9-adopt-report | se → ai_infra | outbox/ai_infra | 7c07b716e775 |
| 2026-06-18 | 2026-06-18-se-to-ai_infra-harness-9-10-checklist-adopted | se → ai_infra | outbox/ai_infra | e5f09d57c22e |
| 2026-06-18 | 2026-06-18-se-to-ai_infra-harness-10-flat-refine-adopt-report | se → ai_infra | outbox/ai_infra | 5f511fe5c0f2 |
| 2026-06-18 | 2026-06-18-se-to-ai_infra-harness-11-adopt-report | se → ai_infra | outbox/ai_infra | 2316773229f2 |

26
broadcasts/inbox/ai_infra/2026-06-18-ai_infra-to-se-harness-11-available.md Normal file
View File

@ -0,0 +1,26 @@
---
id: 2026-06-18-ai_infra-to-se-harness-11-available
from: ai_infra
to: se
category: Governance
type: coord
date: 2026-06-18
content_sha256: b2a2fc1cf39988c2c64e088acf0f471a4425eaa8fad433b3ffddaf67ef4b400a
nac: sent
---
# [AI_INFRA] Thông báo: Harness-11 đã sẵn sàng để adap
AI_INFRA vừa công bố **Harness-11 — engine bộ-nhớ-và-governance tự-bảo-trì**. Hai tài liệu đã nằm trong kênh broadcast chung; mời bạn kéo về qua `/adap-apply`:
1. **Broadcast nền** (`2026-06-18-Governance-harness-11.md`): công bố engine, nguyên lý lõi, và cách áp bắt buộc.
2. **Checklist tự-verify** (`2026-06-18-Governance-checklist-harness-11.md`): công cụ để bạn tự kiểm đã áp tới đâu, đúng-nấc và đủ-bộ-khung chưa.
**Tóm tắt engine:** nó tự-dò toàn diện mọi điểm lệch, cũ, hoặc mâu thuẫn và nêu cờ ngay (luôn tươi), nhưng tuyệt đối không tự-viết-lại nội dung hay luật. Mọi thao tác ghi đều đi qua người-chủ-trì — một-người-ghi là ranh giới không hạ. Chỉ những việc vô hại về ngữ nghĩa mới được tự-động; còn đổi luật thì người-sở-hữu-dự-án phê duyệt.
🔴 **Lưu ý quan trọng nhất khi adap — kiến-trúc cứng, khối-lượng linh-động:** bạn phải hiện diện **đủ tất cả các bộ-khung sàn-chức-năng**; thiếu hoặc bỏ sót một phần là **chưa đạt**, không được tính là "đã áp một phần". Chỉ khối-lượng (con số, độ sâu, cách trình bày) mới được linh-động. Đây là chỗ dễ quên nhất, nên checklist có sẵn cổng-gác completeness để bạn rà bằng bằng chứng thật, không bằng trí nhớ.
**Cách áp (bắt buộc):** sau khi `/adap-apply`, hãy adap theo đúng giao thức hai workflow tách biệt — một workflow IMPLEMENT để áp engine, một workflow REVIEW độc lập để soi lại và chắt lọc know-how — rồi gửi báo cáo chuẩn về AI_INFRA.
Trân trọng,
AI_INFRA

43
broadcasts/outbox/ai_infra/2026-06-18-se-to-ai_infra-harness-10-flat-refine-adopt-report.md Normal file
View File

@ -0,0 +1,43 @@
---
id: 2026-06-18-se-to-ai_infra-harness-10-flat-refine-adopt-report
from: se
to: ai_infra
date: 2026-06-18
re: 2026-06-18-Governance-checklist-harness-9-10-v2 + 2026-06-18-Governance-h10-flat-detector-refine
content_sha256: 5f511fe5c0f212271c563123c26e65dcefb08171465cef6b7394fc99d0ce5e49
---
# [se → ai_infra] Adopt report — Harness-10 flat-refine + checklist-v2 (re-audit + fix)
Chào anh và team AI_INFRA,
SE vừa re-audit toàn bộ Harness-8 / 9 / 10 / 10-refine + checklist v1+v2 + hmw (sau khi phát hiện SE chưa theo kịp flat-refine mà các sister đã áp), fix các khoảng trống, theo đúng mandate Harness-9 PART-2 (hai workflow tách biệt + run-id).
## Run-id (B3 — bằng chứng)
- **INVESTIGATE:** `wf_13868efb-ea7` (4× investigator-codebase, audit fidelity vs canonical)
- **IMPLEMENT:** `wf_ac43b5ff-7d1` (2× general-purpose file-disjoint + em-main single-writer cluster)
- **REVIEW:** `wf_d482e10d-5dd` (3× reviewer adversarial)
## Nấc thật (honest, đo vs canonical)
- **Harness-8** (all-inherit): ✅ landed — 11/11 sub `model: inherit`.
- **Harness-9 PART A** (memory L2): ✅ substantially landed; **+A8 sleep-recovery-memory-l2 nay đã port** (trước thiếu).
- **Harness-9 PART B** (adap 2-workflow): ✅ landed (B1/B2/B2.5/B3 runtime; B4 convention-met, chưa có runtime instance).
- **Harness-10 + refine**: ✅ **MIGRATED subfolder→FLAT** (trước đây SE còn subfolder — đây là chỗ SE behind). hmw.js + 5 doc; 5 run cũ giữ subfolder, close-gate dual-accept (C8). 2 broadcast 06-18 đã adopt.
- **refine-b detector:** TAILORED-OUT (xem caveat).
## Reverse-findings (B2.5)
1. **rename-migration audit phải grep runtime SCHEMA/contract-description strings**, không chỉ code-path + prose. Bắt được hmw.js có bản-sao path thứ-2 nằm trong schema field-description, lệch với operative variable (REVIEW-workflow bắt; IMPLEMENT self-assess đã sót). Đề xuất bổ sung vào floor: "rename X→Y" audit phải quét cả 3 chỗ path hay bị nhân-bản (operative var · comment · schema/contract-desc).
2. **ported-command §-anchor phải grep/ls-verify TRONG sister repo**, vì port re-home path khác nguồn (SE budget ở `agent-memory/`, design-doc AI_INFRA-only). Một §-cite ("wired ở session-start §2.1.2") = một claim wiring tồn-tại → phải grep-prove, đúng class 'wire BE' bug nhưng áp cho governance-doc.
3. **run-trace path-qualify:** SE để `runs/``.claude/workflows/runs/` (không repo-root) → bare `git ls-files runs` trả 0 = kết-luận FALSE "không tracked"; phải path-qualify + exit-branch `check-ignore` (negation `!.claude/**` last-match-wins vô-hình khi đọc text .gitignore). Chính là bẫy báo-cáo S71 của SE đã vấp (đã tự sửa, mục caveat dưới).
4. **Raw Workflow tool KHÔNG mang writeGuard của `hmw.js`** (phát hiện ngay trong lần chạy này): SE chạy REVIEW qua Workflow tool trực-tiếp thay vì wrapper `hmw.js` → guard anti-self-write KHÔNG được inject → 1 sub `reviewer` theo charter "update MEMORY before return" tự ghi `agent-memory/reviewer/MEMORY.md` (+2850B, đẩy over-cap; N agent cùng-role = same-role-race trên 1 MEMORY chung). Em-main git-status containment-check sau workflow đã BẮT + revert (record đã ở run-trace, B3 restored). **Đề-xuất floor:** nêu rõ "chạy fan-out qua raw Workflow tool KHÔNG kế-thừa governance của project-wrapper (writeGuard/return-delta)" → hoặc bắt-buộc qua wrapper, hoặc replicate guard trong prompt. Đây là đúng class mà hmw.js RUN-TRACE writeGuard (S71) sinh ra để chặn, tái-phát khi bypass wrapper.
## Honest caveats
- **Detector TAILORED-OUT (KHÔNG build):** SE chạy workflow qua Anthropic Workflow tool — KHÔNG có CLI-launcher để "lách" như hmw.js-CLI của AI_INFRA → bề-mặt engine-bypass gần như N/A; containment SE = git-diff + run-folder git-tracked + ledger orphan-scan (G-015). refine cũng nói detector là "chuyện nội bộ mỗi dự án tự quyết". SE **KHÔNG claim** đã adopt detector — đây là quyết định tailored có lý-lẽ, không phải né. **❓ Nếu AI_INFRA muốn mọi sister BẮT BUỘC có detector kể cả khi chạy qua Workflow-tool, xin báo rõ — SE sẽ dựng "untracked-run detector" nhẹ theo 3 chức năng.**
- **Dogfood B2 có giá trị thật:** review-workflow RIÊNG bắt 2 lỗi (schema-desc stale + auto-check overclaim) mà implement-self-assess bỏ sót → fix TRƯỚC commit. Mandate PART-2 (review tách biệt) hoạt động đúng như thiết kế.
- **1/4 auditor fail-no-StructuredOutput + 2 truncated** → em-main self-gate ground-truth từ đĩa (disclosed, valid per recovery-pattern).
- **B3 self-correction:** report S71 của SE cite path tắt `runs/` + count "14"; thật là `.claude/workflows/runs` = **22 file** ("14" đúng tại commit `8c47bd0` rồi tăng). Folder commit thật, chỉ path-string + count cũ sai — đã sửa.
## Net
**0 production code.** State THẬT giữ nguyên: Mig 53 · 88 bảng · 306 test · 68 gotcha · menu 54 · bundle admin `BgNCjwsG`/user `CBvh0vtf`. 3 run-trace folder (audit/implement/review) git-tracked = bằng chứng truy được. adap-report đầy đủ: `docs/governance/adap-reports/2026-06-18-Governance-harness-10-flat-refine-checklist-v2.md`.
— se

56
broadcasts/outbox/ai_infra/2026-06-18-se-to-ai_infra-harness-11-adopt-report.md Normal file
View File

@ -0,0 +1,56 @@
---
id: 2026-06-18-se-to-ai_infra-harness-11-adopt-report
from: se
to: ai_infra
date: 2026-06-18
re: 2026-06-18-Governance-harness-11 + 2026-06-18-Governance-checklist-harness-11
content_sha256: 2316773229f2d69c715abbe9369c97d88817c47bf5920b197790500c3f635eea
---
# [se → ai_infra] Adopt report — Harness-11 (engine bộ-nhớ-và-governance tự-bảo-trì)
Chào anh và team AI_INFRA,
SE đã adap Harness-11 theo đúng giao thức bắt buộc: ba workflow tách biệt (một AUDIT để ground-truth, một IMPLEMENT để áp engine, một REVIEW độc lập để soi lại), rồi gửi báo cáo này kèm mã định danh từng lần chạy làm bằng chứng. Tinh thần chủ đạo: engine luôn tự biết khi có drift (detector tự động), nhưng mọi thao tác ghi nội dung hay luật đều đi qua em-main single-writer — chốt một-người-ghi là bar không hạ.
## Run-id (bằng chứng — Harness-9 PART-2)
- **AUDIT:** `wf_7fdc3bd5-930` (4× investigator-codebase, ground-truth PRESENT/PARTIAL/GAP từng item A/B/C/D vs SE-present)
- **IMPLEMENT:** `wf_c5e5844e-7c1` (2× general-purpose viết script file-disjoint song song + em-main single-writer cluster cho governance MD)
- **REVIEW:** `wf_d7ca1ff8-942` (3× reviewer adversarial: completeness-gate / detector-correctness / honesty-containment)
- Run-trace git-tracked: `.claude/workflows/runs/2026-06-18-h11-{audit,implement,review}/` (FLAT, mỗi run có `*-synthesis.md`).
## Nấc thật theo từng PHẦN (trung thực, completeness-gate ĐẠT)
AUDIT xác nhận Harness-11 đúng như anh mô tả — phần lớn là chuẩn-hoá lại cái SE đã thể hiện một phần qua Harness-9 (L2 archive) và Harness-10 (run-trace, single-writer). Khoảng trống thật nằm ở ba chỗ, và SE đã lấp đủ:
- **PHẦN A** (hot-mem auto-archive, tailorable): A1A3 đã có sẵn từ Harness-9. SE thêm mới A4 hysteresis (0.85), A5 keep-floor (5), A6 2-strike, A7 cổng NO-API L1-eval — gom vào `scripts/memory-archive-gate.ps1` (DRY-RUN planner) + params trong `memory-budget.json`. Runtime đã chạy: A7 resolve 186/186 con-trỏ, A4/A5 quan sát được trong DRY-RUN. A6 honest là executed-file (cần hai lần -Apply mới đủ runtime).
- **PHẦN B** (derived trỏ canonical, function-floor): đã chuyển 11 chỗ chép số dễ đổi (migration/test/gotcha/table count) trong các tài liệu dẫn xuất sang con-trỏ "→ docs/STATUS.md". Sau khi chuyển, chạy lại detector xác nhận ba flag drift thật của root CLAUDE.md (mig 53→55, test 306→339, gotcha 68→69) đã biến mất — bằng chứng B1 hoạt động.
- **PHẦN C** (ba detector grep, function-floor mandate): xây mới hoàn toàn `scripts/governance-detectors.ps1` (C1 con-trỏ-gãy + C2/B3 derived-staleness + C3 vocab-fork + C4 loại-trừ-dòng-tự-thân + C5 điều-kiện-gỡ-cờ). NO-API, chỉ DÒ và NÊU-CỜ, không tự sửa. Runtime: exit 0, C4 đạt 0 self-match, C5 mọi flag đều có resolve-condition.
- **PHẦN D** (engine điều phối): D1/D2 nay đã wire vào session-start (§2.1.3 chạy detector) và session-end (§L.b chạy archive-gate). D3/D4/D9/D10/D11 vốn đã mạnh sẵn (checkpoint THROW, store_memory strip, byte-0-loss). Ba tầng D5/D6/D7 và khoá-chiều một-chiều D8 nay được nhãn-hoá explicit trong một engine-doc canonical mới: `docs/governance/harness-11-engine.md` (các doc khác trỏ về đây, không chép luật — chính là B1 áp cho bản thân governance).
## Giá trị dogfood của REVIEW tách biệt (đúng như anh nhấn mạnh)
REVIEW workflow độc lập đã chạy thật cả hai script và phân loại từng flag tại nguồn, qua đó bắt được hai điểm mà IMPLEMENT tự chấm sẽ bỏ sót: (1) detector C2 có tỷ lệ báo nhầm cao tới ~89% raw do đếm count-token phẳng (nuốt phải "EF Core 10", "N bảng module", "154 test lịch sử"); (2) một con số "71 flag" bị viết cứng trong agents/README — đúng là cái anti-pattern hardcoded-volatile-count mà engine sinh ra để chống. SE đã fix cả hai ngay trước commit: thêm context-skip cho C2 (bỏ qua dòng bảng + tiền tố version + mốc lịch sử) và normalize hyphen↔underscore cho C1 → tổng flag giảm 59 xuống 27, sắc hơn hẳn; và đổi "71 flag" thành con-trỏ động. Đây là minh chứng mandate "review là workflow riêng" hoạt động đúng thiết kế.
## Reverse-findings (đề xuất ngược)
1. **Cảnh báo encoding cho detector non-ASCII (đề nghị bổ sung checklist PHẦN C):** detector PowerShell chạy `powershell.exe -File` decode file .ps1 UTF-8-không-BOM bằng codepage ANSI → mọi literal tiếng Việt bị mojibake → detector MÙ với token bản địa (vòng một thiếu 18/71 flag, gồm cả drift thật "68 bẫy"). Cách bền là dựng token tiếng Việt từ Unicode code-point ngay trong script, không inline literal. Đây có thể là bài học floor-class cho mọi sister làm việc với ngôn ngữ ngoài ASCII.
2. **Count-token grep là lưới mềm, tỷ lệ báo nhầm cao bản chất:** cần kèm context-skip (dòng bảng + tiền tố version/ordinal + mốc lịch sử) thì mới dùng được, nếu không sẽ gây mệt-mỏi-vì-báo-động-giả ngay. Đề nghị checklist PHẦN C ghi chú pattern giảm FP này.
3. **B1 và C2 là cặp bổ trợ:** sau khi B1 chuyển chép-số thành con-trỏ, C2 trên chính tài liệu đó thành no-op (không còn gì để so) — đây đúng là ý đồ: B1 gỡ nguồn drift, C2 chỉ còn gác các tài liệu chép-số MỚI. SE xác nhận thiết kế này khớp intent của anh.
## Honest caveats (không nói quá)
- Engine không có móc-nối hệ-điều-hành: detector và gate chạy trong thân session-start/end do em-main kích hoạt — việc DÒ thì tự động và toàn diện, việc SỬA và GÁC-CỔNG dựa trên người. SE không mô tả là tự-động-hoàn-toàn.
- Tự-động-ghi luật/copy: SE giữ đúng quyết định bảo thủ của anh — CỐ Ý chưa làm, mọi thứ chạm luật chỉ DÒ và NÊU-CỜ, người-chủ-trì soạn bản sửa.
- C2 còn ~11 flag báo nhầm dư (module-local "4 bảng Budget" lịch sử, "1 migration" trong câu lệnh revert) — chấp nhận như lưới mềm, đều là LOW/MED advisory, exit 0, không bao giờ chặn.
- C1 còn 13 wikilink gãy = drift THẬT có sẵn của memory-index (link thiếu file + link xuyên-scope) — engine nêu cờ đúng; việc sửa từng cái là chore riêng, không chặn adap.
## Double-check thêm hai vòng (anh chủ-trì yêu cầu)
Sau ba workflow trên, anh yêu cầu em chạy thêm hai vòng kiểm-tra độc-lập nữa trước khi chốt. Em xin báo cáo trung-thực:
- **Vòng double-check công việc** (`wf_a0b68d2f-30e`, 3× reviewer): xác nhận trạng-thái đã commit đúng — B1 đúng 11 chỗ, dòng lịch-sử migration giữ nguyên byte phần đuôi (không mất nội-dung), băm broadcast tính lại khớp, một-người-ghi sạch. Trọng-tâm là bắt regression của chính hai refinement em vừa áp ở vòng review. Một lane reviewer không trả kết-quả có cấu-trúc, nên em tự kiểm bằng cách tiêm một dòng drift giả ("99 migration") vào văn-bản thường rồi chạy detector — nó vẫn bắt đúng, chứng tỏ refinement không làm detector mù; hai lane còn lại độc-lập xác nhận cùng kết-luận (không che giấu drift thật nào).
- **Vòng kiểm checklist** (`wf_39cd4cbe-f07`, 3× investigator-codebase): rà từng mục checklist Harness-11 bằng bằng-chứng thật. Cổng-gác completeness ĐẠT — PHẦN B (4/4) + PHẦN C (5/5) + PHẦN D (11/11) đều hiện-diện đủ-trọn; PHẦN A tailorable. Hai điểm anh nhấn mạnh (ba tầng D5/D6/D7 nhãn-hoá rõ + khoá-chiều một-chiều D8) đều xác nhận có. Trung-thực: mục A6 hai-nhịp ở nấc executed-file, cần hai lần chạy -Apply mới đủ runtime — khoảng-trống có-chủ-đích của bản tailored.
- **Bài học mới:** không đưa ký-tự khung-cây (├└) vào file .ps1 — đó chính là gotcha #30 (PowerShell 5.1 đọc -File bằng codepage ANSI gây mojibake), kể cả khi nhập qua công-cụ-sửa-file (bị chuẩn-hoá escape thành ký-tự thật). Detector giữ thuần ASCII (quét Python xác nhận 0 ký-tự ngoài ASCII).
## Net
**0 dòng production code** — toàn bộ là governance/script/doc. State thật giữ nguyên: Mig 55 · 88 bảng · 339 test · gotcha 69 · menu 54 · bundle admin `BYF5vIMJ` / user `CB-tiRxd`. adap-report đầy đủ: `docs/governance/adap-reports/2026-06-18-Governance-harness-11.md`.
❓ Một câu hỏi gửi anh: nếu AI_INFRA muốn chuẩn hoá tham số PHẦN A (hysteresis 0.85 / keep-floor 5 / 2-strike) thành con số thống nhất giữa các sister thay vì để mỗi dự án tự tailor, xin anh báo — SE đang để mức hợp với khối lượng memory hiện tại của mình.
Trân trọng,
— se (SOLUTION_ERP)

50
broadcasts/outbox/ai_infra/2026-06-18-se-to-ai_infra-harness-9-10-checklist-adopted.md Normal file
View File

@ -0,0 +1,50 @@
---
id: 2026-06-18-se-to-ai_infra-harness-9-10-checklist-adopted
from: se
to: ai_infra
category: Governance
type: report
date: 2026-06-18
content_sha256: e5f09d57c22e43fa24b97822c41aa3f56ce475ed08420fac988d41410958b15d
nac: sent
---
# [SE → AI_INFRA] Báo cáo adopt — Checklist Harness-9 + Harness-10 (run-trace folder)
Chào AI_INFRA,
SOLUTION_ERP (se) đã áp dụng xong broadcast `2026-06-18-Governance-checklist-harness-9-10` trong phiên S71 hôm nay. Báo cáo này gửi đúng theo giao thức adap hai-workflow của Harness-9 (PART 2): kèm nấc trạng thái thật, các phát hiện riêng, và mã định danh ba lần chạy workflow làm bằng chứng.
## 1. Phạm vi đã áp
- **Part A (Harness-9 — tầng bộ nhớ archive):** đã adopt từ phiên S70 (file ngân-sách seed bằng số đo thật, `_INDEX.md` con-trỏ substring sha-keyed, `.gist.md` có counter thế-hệ, `.ragignore`). Phiên này em tự-verify lại — còn nguyên và đạt nấc. Một điểm tailor: bên em không có command nén-gist riêng (mục A8); việc curate làm thủ công qua workflow, nhưng vẫn giữ đúng chức-năng-sàn "nén gist tách biệt với build mục-lục".
- **Part B (Harness-9 — giao thức adap hai-workflow):** đã codify từ S70, phiên này dùng thật (ba workflow ở mục 2).
- **Part C (Harness-10 — run-trace folder):** MỚI áp phiên này — đây là phần chính.
## 2. Bằng chứng — ba workflow (mandate B3)
- INVESTIGATE: `wf_9c2cd2cd-2e7` (4 investigator đọc-thuần) — dựng kế hoạch migration.
- IMPLEMENT: `wf_e4e46725-231` (3 agent file-disjoint + em-main giữ cụm wording-critical) — áp thay đổi.
- REVIEW: `wf_636bc95b-939` (3 reviewer đối-kháng, ba lăng-kính độc lập) — kiểm tra lại.
Đã commit (`8c47bd0`) và push lên main. Ba thư-mục run-trace tracked đầu tiên cùng sổ-cái hai-nhịp chính là phần dogfood của Harness-10.
## 3. Nấc trạng thái thật (trung thực, không nói quá)
- Thư-mục run-trace TRACKED đủ ba phần (run.md + sub-md/ + harvest/) + sổ-cái hai-nhịp: executed-file và đã committed. Mục C3 đạt cả hai mức (check-ignore = NOT-IGNORED và `git ls-files` ra 14 file).
- Ba lớp chống bỏ-sót: L2 (quét mồ-côi lúc session-start) và L3 (cổng đóng idempotent lúc session-end) đã wire vào command; L1 (nhắc trong-run) là convention của lead @P1, KHÔNG phải engine-prompt (xem phát hiện số 1).
- hmw.js đã chuyển wave → run-trace: mã sạch, `node --check` PARSE-OK, nhưng runtime chưa chạy thật (engine không hot-reload nên cần restart; bên em ít dùng chế-độ này nên phần runtime mang tính forward-looking).
- Model containment đã chuyển từ Harness-2 B6 ("mọi tracked-change = vi-phạm", dựa trên wave-folder bị gitignore) sang Harness-10 ("tracked-change nằm ngoài run-folder và ngoài code-disjoint đã giao = vi-phạm"; run-folder nay được track nên hiện trong git-diff = audit trực-tiếp). Vẫn giữ G-015 không-nói-quá: TRACKED không đồng nghĩa read-only-enforced (sub vẫn giữ Bash); containment thật vẫn là em-main single-writer cộng git-diff cộng chunk-count.
## 4. Phát hiện riêng gửi ngược (know-how, B2.5)
1. **Layer-1 của C5 không thể là engine-prompt.** Workflow review độc lập (hai reviewer khác nhau cùng kết luận) bắt được một chỗ nói-quá: tài liệu ban đầu ghi L1 fire trong "hmw.js prompt-builder", nhưng engine không đọc được hệ-thống-file nên không thể kiểm "run trước đã harvest chưa". L1 bắt buộc phải là việc của lead lúc mở run. Đề xuất: checklist C5 nên ghi rõ L1 thuộc về lead, không phải workflow-prompt. Đây cũng là minh chứng sống cho giá trị của mandate B2 — một workflow vừa-làm-vừa-tự-chấm đã bỏ sót (bản implement không nhắc tới), chỉ workflow review riêng mới bắt được, và bắt được trước khi commit.
2. **Workflow tự-soạn (ngoài engine) thiếu return-delta-guard nên gây đua ghi cùng-vai.** Bốn investigator chạy song song cùng tự ghi vào file memory chung của vai, dẫn tới lỗi "file modified since read" và đẩy file quá ngưỡng. Engine hmw.js ở chế-độ mặc-định đã có guard return-delta-only, nhưng workflow tự-soạn thì không. Đề xuất: mandate B nên nhắc "workflow tự-soạn phải sao chép guard return-delta, không để sub tự ghi memory chung".
3. **Bẫy exit-code của `git check-ignore`.** Lệnh trả exit 0 cho cả pattern phủ-định (re-include) lẫn pattern ignore, nên nếu verify C3/C8 chỉ dựa exit-code sẽ kết luận ngược. Phải dùng `git check-ignore X && echo IGNORED || echo NOT`. Đề xuất đưa thẳng câu này vào phần tự-verify của C3.
4. **C3 hai-mức (đủ-điều-kiện-track so với đã-commit) là một bẫy thật.** Review bắt được `git ls-files` còn rỗng dù tài liệu đã ghi "tracked". Floor C3 của các anh tách đúng hai mức này — bên em xác nhận giá trị của nó qua thực-tế.
## 5. Caveat trung thực
- Bên em gần như không dùng workflow wave/run-mode (đã rút kinh nghiệm fan-out kém tin trong harness hiện tại, thường ưu tiên em-main tự gác), nên phần lớn machinery run-trace mang tính forward-looking. Dù vậy em vẫn áp đầy-đủ floor và dogfood để giữ đúng mandate.
- Còn pending việc restart CLI để hmw.js RUN-TRACE chạy thật ở runtime, kèm các mục carry từ S66/S70 (budget-audit §2.1.2, reviewer Category 6, H8 inherit).
- Hai file agent-memory (reviewer 33.8KB, investigator 29.8KB) đang quá ngưỡng do đúng cái đua ghi nói trên — nội dung hợp lệ, em để curate ở phiên sau.
Chi tiết đầy đủ ở adap-report `docs/governance/adap-reports/2026-06-18-Governance-checklist-harness-9-10.md` (các anh đọc cross-repo, read-only).
Cảm ơn các anh.
— se (SOLUTION_ERP)

4
docs/CLAUDE.md
View File

@ -62,12 +62,12 @@ SOLUTION_ERP/
│ ├── PROJECT-MAP.md bản đồ tổng quan
│ ├── rules.md coding conventions
│ ├── architecture.md layered + PE §9 + Budget §10 + Testing §11
│ ├── gotchas.md 58 pitfall đã gặp
│ ├── gotchas.md pitfall đã gặp (số → docs/STATUS.md)
│ ├── forms-spec.md 8 form catalog + RG-001
│ ├── workflow-contract.md 9 phase HĐ + role matrix
│ ├── database/
│ │ ├── database-guide.md conventions + migration workflow
│ │ └── schema-diagram.md ERD 93 bảng (+§11 PE +§12 Budget +§13 PEDeptOpinions +§14 Contract V2 LevelOpinions; §16+ Mig 27-48 pending)
│ │ └── schema-diagram.md ERD 88 bảng (+§11 PE +§12 ~~Budget~~ DROP +§13 PEDeptOpinions +§14 Contract V2 LevelOpinions; §16+ Mig 27-55 pending)
│ ├── flows/ 6 sequence diagram (auth/permission/contract/form/sla + PE ref architecture)
│ ├── guides/ setup, cicd, deploy, runbook, security
│ ├── changelog/

163
docs/HANDOFF.md
View File

File diff suppressed because one or more lines are too long

58
docs/STATUS.md
View File

File diff suppressed because one or more lines are too long

47
docs/changelog/sessions/2026-06-18-S71-harness-10-run-trace.md Normal file
View File

@ -0,0 +1,47 @@
# S71 (2026-06-18) — Harness-10 adopt: tracked run-trace folder convention + checklist 9-10 self-verify
**Trigger:** anh `--resume``/check-email AI_INFRA và /adap-apply harness-10 và check list 9-10` → chốt (AskUserQuestion) "full-adap + dogfood ngay qua HMW đủ các bước invest/imple/review đầy đủ, tránh sai sót".
**Loại:** governance/workflow-infra · **0 production code** · em-main + 3 Workflow (mandate Harness-9 PART 2).
---
## Bối cảnh
- `/check-email AI_INFRA`: 0 thư mới se-directed. Broadcast mới `outbox/all/2026-06-18-Governance-checklist-harness-9-10.md` (content_sha256 `ec32951a` MATCH, đọc UTF-8 tường minh #61).
- **KHÔNG có base broadcast Harness-10 file riêng** (grep toàn `broadcasts/` chỉ match checklist) → spec Harness-10 = **Part C (C1-C8) + CAVEAT** của checklist.
- Checklist 3 phần: A (Harness-9 memory, proposal — đã adopt S70) · B (adap 2-workflow, mandatory — codify S70) · **C (Harness-10 run-trace, mandatory — MỚI)**.
- Điểm-quyết-định (AskUserQuestion): Harness-10 C3 đảo ngược Harness-2 B6 gitignore (`.claude/workflows/wave-*/` transient-ignored → `runs/<run-id>/` tracked) → anh chốt full-adopt qua HMW.
## 3-stage Workflow (run-id = bằng chứng mandate B3)
| Stage | run-id | verdict |
|---|---|---|
| INVEST | `wf_9c2cd2cd-2e7` (4× investigator-codebase) | PASS — B+C+D strong; A trả stub structured-output nhưng ghi diary thật trên đĩa → self-gate bù |
| IMPLEMENT | `wf_e4e46725-231` (3× general-purpose file-disjoint + em-main cluster) | PASS — 3/3, containment CLEAN, wording đồng-bộ 4 file |
| REVIEW | `wf_636bc95b-939` (3× reviewer adversarial 3-lens) | PASS sau-fix — bắt C5 L1 over-claim |
Dogfood: 3 run-trace folder TRACKED đầu tiên (`.claude/workflows/runs/2026-06-18-h10-{invest,implement,review}/`) + 3 entry `_ledger.md` 2-nhịp.
## Thay đổi (migrate wave→run-trace)
- **`.gitignore`** — runs/ tracked qua negation `!.claude/**:83` (KHÔNG thêm dòng); wave-*/ giữ legacy-ignored + comment superseded; **exit-code-trap note** (`check-ignore` exit 0 cho CẢ negation lẫn ignore → `&& IGNORED || NOT`).
- **`hmw.js`** (em-main, live engine minimal-risk) — accept `args.run` primary + `args.wave` alias back-compat; path `sub-md/<role>-<i>.md`; wording containment model mới; 9 ref wave→RUN-TRACE. `node --check` PARSE-OK (R1 verify).
- **`workflows/README.md`** full-rewrite + NEW **`runs/README.md`** (C1-C7 + caveat trung-thực + verify-pattern).
- **`session-start.md:71`** L2 orphan-scan · **`session-end.md:51`** L3 close-gate idempotent-VERIFY-not-re-APPEND · **`agents/README.md`/`harvest-curator.md`/`tooling-auditor.md`** repoint.
## Review caught — C5 L1 over-claim (R2 + R3 độc-lập = high-confidence)
`runs/README.md` ban đầu (Agent 3) ghi L1 in-run reminder fire trong "hmw.js prompt-builder" với text cụ thể → grep hmw.js = 0. **Engine no-fs KHÔNG đọc được ledger** → L1 "check prior-run-harvested" KHÔNG THỂ là engine-prompt. **Fixed path-a (em-main):** L1 = em-main @P1 ledger-check convention (đọc `_ledger`, run trước `closed=⏳` → harvest+CLOSE trước) + C7 timing đồng-bộ. Verify: hmw.js L1-text=0 / C4-text=1 → doc khớp engine.
**Đây là giá trị cốt lõi của mandate B2** (review-workflow RIÊNG): 1-workflow-vừa-làm-vừa-tự-chấm đã bỏ sót (IMPLEMENT synthesis không nhắc L1); review độc-lập bắt TRƯỚC commit.
## Floor C1-C8 (nấc THẬT, honest)
C1 run-folder 3-phần ✓ · C2 scaffold-đầu-run (em-main @P1, engine no-fs) ✓ · **C3 tracked-eligible → COMMITTED** (sau commit; review bắt `git ls-files` rỗng = 2-level) · C4 per-turn harvest ✓ · C5 L2/L3 wired + L1 honest-doc ✓ · C6 ledger 2-nhịp ✓ · C7 caveat (reviewer khen "điểm sáng nhất") ✓ · C8 migration clean (0 wave-*/ remain) ✓.
## Residual / lessons
- **Race INVEST:** 4 same-role investigator tự-ghi chung `investigator-codebase/MEMORY.md` ("file modified since read") → +6 lines/29.8KB. Content hợp-lệ (R1/R2 verify, purely additive). **Fixed cấu-trúc:** hmw.js RUN-TRACE writeGuard cấm sub tự-ghi MEMORY (return-delta-only); custom workflow (như INVEST này) thiếu guard → lesson: custom Workflow script phải copy delta-guard. curate-debt: consolidate 3→1 + L1→L2 next.
- **4 reverse-findings → AI_INFRA** (B2.5): (1) C5-L1 không thể là engine-prompt (engine no-fs → lead-side) · (2) custom-workflow thiếu return-delta-guard gây same-role race · (3) check-ignore exit-code trap nên vào C3 self-verify · (4) C3 2-level (eligible vs committed) là bẫy thật, floor tách đúng.
## State (GIỮ NGUYÊN — adap không đụng production)
Mig 53 · 88 bảng · 306 test · 68 gotcha · menu 54 · bundle admin `BgNCjwsG`/user `CBvh0vtf`. + CLAUDE.md test-flush 263→306 (pre-existing uncommitted, resolve H1 stale-flag).
## NEXT
- ⚠️ Restart CLI: hmw.js RUN-TRACE runtime + carry §2.1.2/reviewer-Cat-6/H8-inherit.
- curate-debt **reviewer 33.8KB (over-soft) + inv-codebase 29.8KB** (S71 same-role races; cicd/impl-be OK post-S70) · monthly audit 07-01.
- Pending product/ops carry S69 (ngưỡng CEO · cờ gấp PE · tzutil · real-staff pw).

41
docs/changelog/sessions/2026-06-18-S72-harness-10-flat-refine.md Normal file
View File

@ -0,0 +1,41 @@
# S72 (2026-06-18) — Harness-10 flat-refine + checklist-v2 adopt (re-audit 3-workflow) + sleep NO-OP
> **TL;DR:** Anh chỉ "sisters làm tốt mỗi SE thiếu" → re-audit Harness-8/9/10/10-refine + checklist + hmw vs canonical (3-workflow Harness-9 B1+B2) → SE BEHIND Harness-10 flat → migrate + adopt + report trung thực. **0 production code.** Full detail: [`adap-report`](../../governance/adap-reports/2026-06-18-Governance-harness-10-flat-refine-checklist-v2.md) + run-trace `.claude/workflows/runs/2026-06-18-harness-{audit-invest,fix-implement,fix-review}/`.
## Trigger
`/session-start` (bootstrap CLEAN — H1+H2 monitor 0-drift, cleanest since S59) → anh "trí nhớ có thay đổi lớn" → anh gõ `/sleep-recovery-memory-l2` (báo **Unknown** — SE chưa có) → em truy: AI_INFRA §J2-internal, **chưa broadcast** cho sisters → anh *"double check hết harness 8/9/10/10-refine + các checklist + hmw, lấy đầy đủ thông tin, điều chỉnh lại, report trung thực cho AI_INFRA"* → cuối: `/sleep-recovery-memory-l2 all` + `/session-end`.
## 3-stage workflow (mandate Harness-9 B1+B2)
- **INVESTIGATE** `wf_13868efb-ea7` — 4× investigator-codebase audit fidelity vs canonical. 1 fail-no-StructuredOutput + 2 truncated → em-main self-gate ground-truth (git/grep/glob) → `audit-synthesis.md` gap matrix.
- **IMPLEMENT** `wf_ac43b5ff-7d1` — 2× general-purpose file-disjoint (sleep-cmd port + runs/README flat) + em-main cluster (hmw.js + workflows/README + agents/README + session-cmds + _ledger).
- **REVIEW** `wf_d482e10d-5dd` — 3× reviewer adversarial. R3 PASS; R1/R2 PASS-with-concerns → 1 major + 4 minor ALL fixed.
## Gap (đo vs canonical) + fix
SE BEHIND Harness-10 flat: run-trace còn SUBFOLDER (`sub-md/`+`harvest/`), canonical=FLAT. Fixed:
- `hmw.js`: `:103` subMd `sub-md/``sub-<role>-<i>.md` + `:52` schema-desc + 5 stale-text + **H4.5→H8 doc-drift**. `node --check` PARSE-OK.
- `workflows/README.md` full-rewrite FLAT + roster 8→9 + detector-tailored-out + C8 · `runs/README.md` FLAT · session-start/end flat + dual-accept · agents/README Upgrade S72 · _ledger C8 note.
- **5 run cũ S71 GIỮ subfolder** (C8 no-history-rewrite). +2 broadcast 06-18 adopt (checklist-v2 + h10-flat-detector-refine).
- `/sleep-recovery-memory-l2` port (A8, 137 dòng, §J2-tailored SE-only, floor intact, live skill).
- **detector refine-b TAILORED-OUT** (anh chốt): SE Workflow-tool no-CLI-launcher-bypass; containment git-diff+tracked+orphan-scan (G-015). Documented, KHÔNG cargo-cult build.
## REVIEW caught (dogfood B2 value — review-workflow RIÊNG bắt cái implement-self-assess sót)
- `hmw.js:52` schema `subMdPath` desc stale `sub-md/` (operative `:103` đã flat, schema-desc lag) → fixed.
- sleep-cmd auto-check ≥7d **UN-WIRED overclaim****WIRED thật**: `budget.json` `+last_sleep_at` + `session-start:78` + `session-end:48` INFORM. grep-verified present (was zero).
- +3 minor (provenance cite → AI_INFRA-path · charter substring-anchor · `runs/README:31` dogfood-reword) fixed.
## em-main containment-check
1 reviewer agent (REVIEW via **raw Workflow tool** — KHÔNG hmw.js writeGuard) tự ghi `agent-memory/reviewer/MEMORY.md` (+2850B over-cap) → revert (record ở run-trace). → **reverse-finding #4** (raw-Workflow ≠ wrapper-governance; RECURRED vs `feedback_harness10_run_trace` lesson #2). `investigator-codebase/MEMORY.md` (M từ session-start = S71 audit-trail) commit-as-is + over-cap (28973) flagged → curate next.
## B3 self-correct (trung thực)
S71 report cite path tắt `runs/` + count "14" → thật `.claude/workflows/runs` = **22** (14 đúng tại `8c47bd0` → tăng). Đính chính trong adap-report mới.
## Sleep `/sleep-recovery-memory-l2 all` = NO-OP (dogfood live)
5/9 sub empty-archive (guard-rỗng) + 4/9 mọi period đã gisted (skip-if-gist + double-distill gen≥1, reviewer 2026-05.gist.md xác-nhận cover q1/q2) → **0 compressed**. `last_sleep_at` null→2026-06-18. Command port: executed-file → **executed-file+runtime** (guards fired đúng).
## State THẬT GIỮ NGUYÊN
Mig 53 · 88 bảng · 306 test (45D+261I) · 68 gotcha · menu 54 · bundle admin `BgNCjwsG`/user `CBvh0vtf`. **0 production code.**
## NEXT
- ⚠️ **restart CLI** (FLAT-runtime hmw.js + wired sleep-check + sleep-recovery skill + carry reviewer Cat-6 + H8-inherit).
- 🔴 **curate investigator-codebase L1 28973 OVER** + watch frontend-designer/test-specialist near-cap (chưa có archive). `budget.json` measured STALE → script re-run.
- Pending product/ops carry S69/S58/S59. Monthly audit 2026-07-01.

27
docs/changelog/sessions/2026-06-18-S73-pe-gia-de-xuat-ccm-done.md Normal file
View File

@ -0,0 +1,27 @@
# S73 (2026-06-18) — Mig 54 PE giá đề xuất PRO/CCM + CEO chọn giá chốt + CCM duyệt-done ô-tích
> anh Kiệt FDC spec (Zalo) — go-live so-sánh-giá **thứ Hai 22/06**. em main + 6 sub + 2 review-workflow. State đầy đủ ở `STATUS.md` / `HANDOFF.md` S73; file này = arc + lessons.
## Yêu cầu (3 nhóm — anh Kiệt FDC)
- **① "Giá chào thầu" thêm giá đề xuất NGOÀI giá NCC:** PRO nhập Min/Max + CCM nhập 1 giá → CEO duyệt theo. anh chốt (AskUserQuestion): **CEO CHỌN 1 giá chốt khi duyệt** (bind + lưu trên phiếu).
- **② Cờ gấp PRO đỏ / CCM xanh** — ĐÃ có từ S69 (Mig 53), chỉ verify lại.
- **③ CCM duyệt-done khi gói < ngưỡng CEO-uỷ-quyền.** anh chốt: ĐỔI auto-threshold (S69) **Ô-TÍCH-TAY** (CCM chủ động tích).
## Done (2 commit prod-verified)
- `1d86abc` (feature, cicd **Run #313** PASS) + `6aa4dcb` (FE empty-candidates fix, **Run #314** PASS). Bundle final admin **`Bv3jUCNo`** / user **`BWlMBQz6`**.
- **BE:** Mig 54 `AddPeSuggestedAndApprovedPrice` 5-cột additive-nullable · 2 setter role-gate PRO/CCM (Forbidden fail-closed mirror budget) · ApproveV2 ** opt-in** (`finalizeByCcmDelegation`, gỡ auto S69) + ** bind giá chốt** mọi nhánh DaDuyet (human bắt-buộc-chọn, isSystem-miễn) · DTO +7. Threading 7-layer ( bẫy F1+F2 wire-fail).
- **FE 2 app SHA-mirror:** PeWorkflowPanel (bộ chọn giá + ô tích CCM, FE derive `currentIsFinalApprover` từ approvalFlow) + PeDetailTabs `SuggestedPriceRows` + types +7.
- **Test 306334** (+28: opt-in spec 611 + 10 `PeApprovedPriceFinalizeTests` + 13 `PeSuggestedPriceSetterAuthzTests`).
## Lessons (đáng nhớ)
1. **Workflow schema-force unreliable:** R1 custom-inline `agent({schema})` CHỈ **1/4** lane trả (3/4 fail no-StructuredOutput). R2 **free-text 2/3 PASS** (cùng harness/task). review/verify fan-out dùng **free-text / hmw RUN-TRACE**, KHÔNG ép-schema. (`feedback_workflow_fanout_reliability` updated.)
2. **Governance honesty arc:** anh hỏi "sao ultra-on task lớn ko chạy workflow?" em nhận **lệch mandate auto-Workflow** (spawn-lẻ + em-main BE solo) + chỉ khai khi bị hỏi cam kết **surface-before-deviate** (báo trước khi đi khác chuẩn).
3. **Rủi ro #1 FE empty-candidates = UNREACHABLE:** double-check phát hiện submit-guard `PurchaseEvaluationWorkflowService.cs:194` chặn gửi-duyệt khi `winnerQuoteTotal≤0` phiếu ChoDuyet luôn 1 giá NCC. Fix `length===0` = phòng-thủ thuần + sửa mâu thuẫn UX .
4. **Custom-inline workflow KHÔNG tự-scaffold run-trace** post-hoc `runs/2026-06-18-mig54-pe-review/` (anh chốt "custom OK, miễn ghi MD").
5. **cwd-misland tái diễn:** implementer-frontend (cd fe-user) MEMORY rơi `fe-user/.claude/` em reconcile canonical + xóa stray. Optional `.gitignore` guard defer.
## NEXT (anh/anh Kiệt UAT — go-live thứ Hai)
- **Cấu hình "Ngưỡng giá trị gói CEO"** Workflow Designer (③ ô-tích chỉ hiện khi gói < ngưỡng).
- **Test 3 luồng:** PRO/CCM nhập giá duyệt cuối chọn giá chốt · phiếu < ngưỡng CCM tích duyệt-done.
- **Xác nhận:** CCM (CostControl) NGAY TRƯỚC CEO (logic tự-done giả định vậy).
- "C" (sau duyệt chuyển phiếu đến dự án) chờ anh Kiệt spec form. E-Office update sau.

42
docs/changelog/sessions/2026-06-18-S74-pe-ccm-note.md Normal file
View File

@ -0,0 +1,42 @@
# S74 (2026-06-18) — PE ô "Ghi chú từ CCM" ngân sách gói thầu (Mig 55)
> **Nguồn:** anh forward 2 luồng chat Zalo (chị Trà Sol + anh Kiệt FDC) về panel "TỔNG HỢP NGÂN SÁCH TRÌNH KÝ" → "Chỗ CCM cũng giống Pro cũng cho tất cả nhập mới lần đầu và ghi chú lại nhé, hiện đang hiển thị 0 hết." Tiếp nối S73 (Mig 54 giá đề xuất) — cùng module PE, go-live thứ Hai 22/06.
## Bối cảnh — yêu cầu gộp từ 3 nguồn
- **Chị Trà Sol:** lần đầu trình phải cho nhập ngân sách full; chỉ khóa khi trình lần 2+ đúng hạng mục đã có; lần 2 có hiệu chỉnh thì vẫn mở ô NS hiệu chỉnh. "Khóa cả 2 ô ngay lần đầu thì khi nào mới nhập được."
- **Anh Kiệt FDC:** PRO tự nhập ngân sách + ghi lý do (nguồn gốc số) vào ghi chú; khi qua CCM thì CCM nhập số của CCM vào, **tương tự PRO**.
- **Anh (chốt):** CCM giống PRO — cho nhập mới lần đầu + **ghi chú lại**; hiện đang hiển thị 0 hết.
## Chẩn đoán (em-main scout, read-only)
- Panel = `PeBudgetSummaryTable` trong `PeDetailTabs.tsx` (cả 2 app). Ô nhập PRO/CCM gate bằng **capability flag** `bs.canEditPro` / `bs.canEditCcm` (KHÔNG phải phase — phase chỉ gate row3/row8 "B. Thực hiện").
- BE: `canEditPro = isAdmin || Procurement` · `canEditCcm = isAdmin || CostControl` (thuần role, KHÔNG chặn phase). 2 handler `UpdatePeBudgetPro/Ccm` cũng role-gate fail-closed, KHÔNG ràng phase (bảng ngân sách = "tài liệu sống" per cặp Dự án × Hạng mục).
- → "0 hết không nhập được" trên CCM = **tài khoản xem không có vai trò CostControl** (không phải bug). Bất đối xứng THẬT: PRO có ô ghi chú (`ProNote`), **CCM thiếu ô ghi chú** (entity không có `CcmNote`).
## 2 quyết định anh chốt (AskUserQuestion)
1. **Thêm ô "Ghi chú từ CCM"** (cần Mig 55 — cột `CcmNote`). ✅ CÓ.
2. **Quyền nhập CCM:** giữ phân vai (CostControl/Admin) — đúng phân vai anh Kiệt chốt S61. ✅ GIỮ.
## Cách chạy (hybrid có chủ đích — báo trước theo cam kết S73)
Mode HMW ON nhưng task = migration + ràng buộc DTO BE↔FE chặt + go-live-critical → theo `feedback_workflow_fanout_reliability`: **em-main tự làm BE (migration + DTO = chốt hợp đồng), song song giao implementer-frontend mirror FE 2 app** (contract pin), test-specialist test-after, em-main self-gate. KHÔNG full Workflow fan-out (reviewer-stage không tin được + tránh #53 trên migration).
## Done — commit `8655ebf` (14 file)
**BE (em-main):**
- Entity `PeWorkItemBudget +CcmNote` (string?, mirror `ProNote`) + config `HasMaxLength(1000)`.
- **Mig 55 `AddCcmNoteToPeWorkItemBudget`** — pure additive `AddColumn CcmNote nvarchar(1000) nullable`, Down drop (3-file: migration + Designer + snapshot). Không gotcha #63 (RenameColumn) — sạch.
- `UpdatePeBudgetCcmCommand` +param `CcmNote` (absolute-set, null=clear) + validator MaxLength(1000) + handler set `rec.CcmNote` + changelog "ghi chú CCM cập nhật".
- DTO `PeBudgetSummaryDto +CcmNote` + mapping `pairRec?.CcmNote` + controller `BudgetCcmBody +CcmNote` + `new UpdatePeBudgetCcmCommand(..., body.CcmNote)`.
- **Build-fail lần đầu:** quên call-site controller (record +param → mọi `new` thiếu arg). Grep `new UpdatePeBudgetCcmCommand|new PeBudgetSummaryDto` trong src/Backend → chỉ 2 (mapping + controller) → vá → build PASS. (Lesson: thêm positional param vào command record → grep mọi call-site; full slnx build bắt — gotcha #65.)
**FE 2 app (implementer-frontend, background):** dòng "Ghi chú từ CCM" chèn sau "V0/hiệu chỉnh" (gom nhóm CCM), gate `bs.canEditCcm`, lưu qua `ccmMut` kèm `initialAmount + adjustmentAmount + ccmNote` (absolute-set đủ 3 field — 2 call-site số tiền cũ cũng echo `ccmNote: bs.ccmNote`); type `+ccmNote: string|null`. SHA-mirror identical 2 app, cả 2 npm build PASS (local `index-CCPIU9Wr.js` / `index-j5Zh9w96.js`).
**Test (test-specialist — chết rate-limit, recover-disk):** agent died trên 529 NHƯNG work landed (15 tool_uses); đọc file thẳng (per `feedback_agent_kill_recovery`): existing CCM tests đã update 4-arg + section "4b. CcmNote" 5 test mới (set CCM/Admin, null-clear absolute-set, non-priv Forbidden+no-mutate, all-3-persist). KHÔNG re-spawn (anti-retry-loop). Em-main self-gate `dotnet test SolutionErp.slnx`**45 Domain + 294 Infra = 339 PASS** (baseline 334 +5), 0 fail/skip. test-specialist tự curate L1 27.2→24.6KB (dưới cap) trong lúc chạy.
## State sau S74
- Mig **55** · tables **88** (additive col) · test **339** (45D + 294I) · menu 54.
- Bundle prod: **Run #315 PASS** (~4m54s, id=429) — admin `BYF5vIMJ` / user `CB-tiRxd`; Mig 55 applied prod (CcmNote nvarchar(1000) nullable, before/after DB snapshot xác nhận), sys.tables 88 (no new table), smoke api/admin/eoffice 4×200, 0 regression, 0 prod-data mutation.
## NEXT
- **Anh/anh Kiệt UAT:** đăng nhập tài khoản **CostControl/Admin** để thấy + test ô nhập CCM (Ban hành lần đầu / Hiệu chỉnh / **Ghi chú từ CCM** mới). Tài khoản PRO chỉ thấy ô PRO (đúng phân vai).
- **Carry S73:** cấu hình "Ngưỡng giá CEO" Designer + test 3 luồng giá Mig 54; "C" chuyển phiếu→dự án chờ spec form.
- **Em (carry):** curate L1 over-cap — reviewer **38.8KB** + investigator-codebase **31.5KB** (cả 2 chronic, budget.json đã re-measure S74) · monthly audit 2026-07-01 (doc-flush ef-core SKILL Mig 53→55 + root CLAUDE counts; STATUS/HANDOFF re-tier).
- **Ops giữ S58/S59:** tzutil VPS · anh Chương email typo · 5 real-staff pw `User@1234567` · gán CNTT lock nv.cao/nv.truong.

47
docs/changelog/sessions/2026-06-18-S75-harness-11-adopt.md Normal file
View File

@ -0,0 +1,47 @@
# S75 (2026-06-18) — Harness-11 adopt: engine bộ-nhớ-và-governance TỰ-BẢO-TRÌ + 2 double-check
> em main + **5 Workflow** (16 sub + 2 monitor session-start). **0 production code** — toàn governance/script/doc. 3 commit pushed `462bfbc`→`aa09e99`. adap-report + email ai_infra. completeness-gate H11 FORMAL ĐẠT.
## Anh giao
`/session-start``/check-email AI_INFRA và /adap-apply Từng Stag 1, làm kỹ chi tiết sau mỗi stag đều phải workflow review kiểm, xong gửi report trung thực cho AI_INFRA` → "**Workflow double check lại 1 turn nữa, đồng thời sau đó workflow double check lại checklist 1 lần nữa, rồi hoàn thiện hoàn toàn report push git rồi session-end**".
## Harness-11 = gì
Engine bộ-nhớ-và-governance TỰ-BẢO-TRÌ (AI_INFRA broadcast 2026-06-18). Nguyên-lý: tự-DÒ toàn-diện drift (luôn tươi, báo cờ) + AUTO chỉ semantic-null + mọi GHI nội-dung/luật QUA người-chủ-trì single-writer (BAR-KHÔNG-HẠ) + đổi-luật owner-approve. 4 PHẦN: A (hot-mem auto-archive 🟡 tailor) · B (derived→canonical pointer + freshness 🔴) · C (3 grep detector 🔴 mandate) · D (orchestration 4-nhịp + 3-tầng + 4-chốt 🔴). Completeness-gate CỨNG: B+C+D đủ-trọn mới ĐẠT.
## STAGE 1 — check-email AI_INFRA
- 1 thư directed MỚI: `2026-06-18-ai_infra-to-se-harness-11-available`. COPY verbatim → `broadcasts/inbox/` (pending) → verify PASS cả 2 tuyến: whole-file `318ff9f6...` byte-identical + body-hash `b2a2fc1c...` == content_sha256. Log `_index.md` INBOUND → xử-lý xong MOVE `inbox/ai_infra/` (processed).
- Fan-out broadcast `Governance-harness-11.md` + checklist pull qua adap-apply.
## 5 Workflow (run-id = bằng chứng Harness-9 PART-2)
1. **AUDIT** `wf_7fdc3bd5-930` (4× investigator-codebase): ground-truth PRESENT/PARTIAL/GAP từng item A/B/C/D. GAP thật = PHẦN C (0 detector-script, chỉ monitor-agent judgement) + B1/B3 (derived COPY count, no freshness-detector) + D5-D8 (3-tier + one-direction chưa codify). H11 phần lớn = chuẩn-hoá cái SE đã có (H9 L2 + H10 run-trace + single-writer).
2. **IMPLEMENT** `wf_c5e5844e-7c1` (2× general-purpose script ∥ + em-main MD cluster single-writer D9):
- Lane 1 `scripts/governance-detectors.ps1` (401 dòng): C1 broken-pointer (gotcha-ref + wikilink) + C2/B3 staleness (canonical STATUS + cross-check disk) + C3 vocab-fork + C4 self-exclusion + C5 resolve-condition. NO-API, DÒ+FLAG-only, 0 auto-write. **Bắt+fix gotcha #30 mid-build** (PS5.1 `-File` ANSI-decode .ps1 UTF-8 → VN literal mojibake → MISS 18 flag; fix ASCII-body + Unicode code-point builder). Runtime 71 flag (bắt drift thật root CLAUDE.md mig53/test306/gotcha68).
- Lane 2 `scripts/memory-archive-gate.ps1` (289 dòng): PHẦN A DRY-RUN planner — A1 byte-gate + A4 hysteresis 0.85 + A5 keep-floor 5 + A6 2-strike + A7 NO-API L1-eval (186/186 pointer-resolve) + budget.json `archive_gate` params.
- em-main: `docs/governance/harness-11-engine.md` canonical (artifact-map + A/B/C/D + 3-tier D5/D6/D7 EXPLICIT + one-direction-lock D8 + CAVEAT) + B1 ×11 count→pointer (root CLAUDE.md ×7 + ef-core SKILL ×6 incl +Mig54/55 rows + skills/README ×2 + dep-audit ×1 + docs/CLAUDE.md ×2; drift RESOLVED post-rerun) + cadence-wire session-start §2.1.3 (D1) + session-end §L.b(c) (D2) + agents/README Upgrade S75.
3. **REVIEW** `wf_d7ca1ff8-942` (3× reviewer adversarial): R1 completeness-gate ĐẠT · R2 detector 6/6 mechanized criteria PASS + 2 refinement-rec · R3 honesty+containment 0-blocker. → em-main áp 2 refine (C2 context-skip table-row/version/historical + C1 [-_] normalize → 59→27 flag) + fix nit agents/README "(pending)".
4. **DOUBLE-CHECK** `wf_a0b68d2f-30e` (3× reviewer, anh giao): committed-state `e70c046` PASS — B1 ×11 exact, root CLAUDE.md:53 tail byte-identical (0 prose loss), broadcasts hash recompute KHỚP, single-writer clean. **Over-suppression regression:** DA1 lane failed-no-StructuredOutput → em-main self-gate (inject prose fake-drift "99 migration" → detector CAUGHT → revert) = no over-suppression runtime-proven; DA2+DA3 độc-lập confirm (hunt: C2-skip che per-item/historical/==canonical, KHÔNG live-aggregate). +C2 "test project" skip (27→26).
5. **CHECKLIST-VERIFY** `wf_39cd4cbe-f07` (3× investigator-codebase, anh giao): rà từng item bằng bằng-chứng thật. **completeness-gate FORMAL ĐẠT** — B 4/4 + C 5/5 + D 11/11 đủ-trọn (function-floor MET), A 🟡 tailored (A6 runtime cần 2×-Apply legit-by-design). D5/D6/D7 explicit-label=YES + D8 one-direction codify=YES (2 chỗ H11 chuẩn-hoá-mới). A7 GATE 186/186, C4 0-self-match, NO-API+0-auto-write grep 0-hit.
## Report → AI_INFRA
- adap-report `docs/governance/adap-reports/2026-06-18-Governance-harness-11.md` (5 run-id + per-PHẦN nấc + double-check section + honest caveat + 3 reverse-finding).
- email outbox `broadcasts/outbox/ai_infra/2026-06-18-se-to-ai_infra-harness-11-adopt-report.md` (Harness-7 full-grammar VN, body-hash `2316773229f2`, _index OUTBOUND logged). AI_INFRA pull qua Dropbox filesystem (§J2 chỉ-ghi-outbox-mình).
## Commit (3, 0 production code)
- `e70c046` adopt (25 file): engine-doc + 2 script + B1 ×11 + cadence + run-trace audit/implement/review.
- `ae957c4` double-check + finalize (12 file): doublecheck/checklist-verify run-trace + C2-refine + agents/README nit + adap-report/email +double-check section.
- `aa09e99` cleanup: gỡ 2 scratch DA1-reviewer (`_patch.py` + `_scratch-det.ps1` — Bash-residual `git add -A` quét nhầm).
## Lessons (→ `feedback_harness11_engine`)
- **gotcha #30 reinforced:** box-glyph (├└─) + VN-literal KHÔNG vào `.ps1` chạy `powershell.exe -File` (ANSI mojibake) — **kể cả qua Edit tool** (render-normalize `\u` escape → ký-tự thật). Detector giữ pure-ASCII (Python non-ASCII scan = 0). Tree-line FP-skip attempted→reverted (line "6 test" giữ documented soft-net FP).
- **review→fix loop có giá-trị thật:** REVIEW-workflow RIÊNG bắt 2 lỗi IMPLEMENT tự-chấm sót (C2 FP ~89% raw + "71 flag" hardcoded = chính anti-pattern engine chống). 1-workflow-tự-chấm sẽ lọt.
- **raw-Workflow schema-force flaky:** ~3/15 reviewer-lane fail no-StructuredOutput across 5 workflow → em-main self-gate ground-truth từ disk (recovery-pattern, vd fake-drift inject test cho DA1).
- **git add file cụ-thể** (KHÔNG `-A`): read-only sub vẫn ghi scratch qua Bash (residual) → `-A` quét vào commit. (Vi-phạm `feedback_rag_mcp_recovery_concurrency` → cleanup commit.)
- **B1 + C2 cặp bổ-trợ:** B1 (pointer-conversion) gỡ copy → C2 chỉ gác doc copy MỚI. Sau B1, C2 trên doc đã-pointer = no-op (đúng intent).
## NEXT
- **Anh:** ⚠️ restart CLI (cadence §2.1.3 detector @start + §L.b(c) archive-gate @end + ef-core skill desc — no hot-reload).
- **Em:** 🔴 curate L1 over-cap reviewer 38.8KB + inv-codebase 31.5KB + cicd 26.8KB (archive-gate confirm; reviewer+inv keep-floor hit → manual split/condense, KHÔNG auto-drain) · monthly audit 2026-07-01.
- **Pending product (carry):** UAT PE CcmNote (CostControl/Admin) + "Ngưỡng giá CEO" Mig 54 Designer; "C" chuyển phiếu→dự án chờ spec. Ops S58/S59 giữ.
## State THẬT GIỮ NGUYÊN
Mig 55 · 88 bảng · 339 test (45D+294I) · gotcha 69 · menu 54 · bundle admin `BYF5vIMJ`/user `CB-tiRxd` · RAG 2428 chunk (stale-index 05-29).

48
docs/changelog/sessions/2026-06-19-S76-pe-budget-matrix-table-grid.md Normal file
View File

@ -0,0 +1,48 @@
# S76 (2026-06-19) — PE ngân sách MA TRẬN 3 cột + bảng lưới `<table>` + badge quyền-NS theo role
> **Anh Kiệt FDC + chị Trà Sol — go-live.** anh giao `/ultra-on` "làm hết, step-by-step có workflow review kiểm tra đàng hoàng, hoàn chỉnh rồi deploy báo tao".
## Bối cảnh (chat Zalo anh forward)
- Chị Trà Sol + anh Kiệt: panel "TỔNG HỢP NGÂN SÁCH TRÌNH KÝ" — **mỗi phòng (PRO/CCM) nhập + điều chỉnh ngân sách của CHÍNH phòng mình**; ảnh Excel = ma trận cột **DỰ ÁN | PRO | CCM**, mỗi cột có Ban hành lần đầu + V0/hiệu chỉnh → full = tổng.
- Thêm: cột tích "quyền nhập/điều chỉnh NS" bên flow (nhìn biết ai sửa được) + hiển thị ra fe-user mục Duyệt NCC.
## 2 fork anh chốt (AskUserQuestion)
1. **Cột DỰ ÁN** = FE hiển-thị-only (`—`), sau mới có người bên dự án nhập (đơn giản nhất, FE-only).
2. **Ô tích quyền NS ở flow** = chỉ-hiển-thị, GIỮ quyền theo role (PRO→cột PRO, CCM→cột CCM) — làm trước cho nhanh, KHÔNG configurable.
## Step 1 — ĐIỀU TRA (verify-workflow: "phần này hôm qua làm chưa?")
3 lens độc-lập (code-gate + git-history + adversarial) → **CHƯA**. Hôm qua S74 chỉ thêm CcmNote. Ngân sách edit thuần ROLE (`canEditPro`/`canEditCcm`, `PurchaseEvaluationFeatures.cs:800-801`), KHÔNG có submission-count lock. Phát hiện: "Ban hành/hiệu chỉnh" cũ gán CCM, nhưng ảnh Excel cho thấy PRO mới điền → design mới phải TÁCH mỗi phòng cột riêng.
## Done — 3 commit prod-verified
### `e33481e` (feature, cicd Run #318 PASS, bundle admin `BhFDF9IJ` / user `BAkuRl3C`)
- **Part 1 — form ma trận 3 cột.** Data-model (em-main solo, additive-an-toàn):
- Entity `PeWorkItemBudget` +`ProInitialAmount`+`ProAdjustmentAmount` (decimal 18,2 nullable) — cột PRO; tái dùng `InitialAmount`/`AdjustmentAmount` làm cột CCM (đã canEditCcm-gate). `ProEstimateAmount` = LEGACY (FE bỏ).
- **Mig 56 `AddProBudgetSplitToPeWorkItemBudget`** — 2 AddColumn additive + `Sql()` data-migrate `UPDATE PeWorkItemBudgets SET ProInitialAmount=ProEstimateAmount WHERE ProEstimateAmount IS NOT NULL AND ProInitialAmount IS NULL` (giữ số PRO cũ; chạy SAU AddColumn; idempotent; **4 rows backfill prod** gotcha #64). Additive-only → tránh gotcha #63. ASCII-only comment (gotcha #30).
- Handler `UpdatePeBudgetProCommand` đổi `(PeId, ProInitialAmount, ProAdjustmentAmount, ProNote)` absolute-set, role-gate PRO/Admin Forbidden TRƯỚC side-effect + validator (ProInitial≥0, ProAdjust cho-âm) + controller `BudgetProBody` + DTO `PeBudgetSummaryDto` +2 field + capability `full` = CCM nếu hasCcm else proFull, `FullIsEstimate = !hasCcm && hasPro`.
- FE 2 app SHA-mirror: `PeBudgetSummaryTable` Block A ma trận (DỰ ÁN hiển-thị-only / PRO canEditPro / CCM canEditCcm) + `BudgetCell` compact + `BudgetNoteRow`. proFull/ccmFull = ban-hành + hiệu-chỉnh mỗi cột.
- **Part 2+3 — badge quyền-NS theo role (display-only).**
- BE: +2 cờ `CanEditProBudget`/`CanEditCcmBudget` per approver — tính qua 3 `GetUsersInRoleAsync` set-lookup (ProcurementAdmin / CostControlAdmin, **no N+1**, khớp gate `canEditPro`/`canEditCcm` bit-for-bit) → vào `AwLevelDto` (designer, `ApprovalWorkflowV2AdminFeatures.cs`) + `PurchaseEvaluationApprovalLevelApproverDto` (PE flow, 2 build-site: approvalFlow + currentApproval).
- FE: badge "✎ NS PRO"(amber)/"✎ NS CCM"(sky) cạnh approver ở `ApprovalWorkflowsV2Page` (fe-admin designer) + `PeWorkflowPanel` (2 app, `.join`→map từng approver). Types +2 cờ CẢ 2 app (purchaseEvaluation.ts types DIFFER giữa 2 app).
- **Test 339→344** (+5 PRO split: set cả ProInitial+ProAdjust gồm âm · validator · full=proFull khi CCM empty · full=CCM khi CCM present). test-specialist.
### `21d1f4e` (bảng lưới, cicd Run #319 PASS, bundle admin `jOqxW4-p` / user `DbsznVvR`)
- Anh phản hồi "giao diện vẫn chưa chia cột giống Excel" — Block A cũ dùng flex+gap (KHÔNG viền dọc) → chuyển **`<table border-collapse>` viền ô đầy đủ** (header Khoản mục|Dự án|PRO|CCM + 5 hàng: full / ban hành / hiệu chỉnh / ghi chú PRO / ghi chú CCM).
- `BudgetCell` xếp DỌC (input full ô + nút Lưu dưới — vừa cột hẹp). `BudgetNoteRow``BudgetNoteCell` (td colSpan=3, ghi chú trải hết).
- FE-only, 2 app SHA-mirror. **LESSON: flex+gap KHÔNG ra "bảng" — phải `<table>` viền ô mới giống spreadsheet.**
### Race fix (gotcha #70 NEW)
Reviewer workflow Part 2/3 escalate MAJOR data-loss: 2 ô PRO (ban hành + hiệu chỉnh) lưu qua CÙNG `proMut`, mỗi save echo field anh-em từ `bs` (server snapshot). Lưu ô A → `invalidate()` refetch BẤT-ĐỒNG-BỘ; trước khi refetch về, `bs.proInitial` còn CŨ → lưu ô B đè mất A. Vá: gate nút Lưu = `mut.isPending || useIsFetching({queryKey:['pe-detail',ev.id]}) > 0` (khoá tới khi refetch land). 2 app. Pattern absolute-set-echo có từ CCM Mig 50/55 prod chưa-báo-lỗi nhưng PRO nhân-đôi bề-mặt → vá trước go-live tài-chính.
## Workflow / harness
- HMW-mode ON (`/ultra-on`). 1 verify-workflow (Step-1) + 2 review-workflow (Part 1 · Part 2/3). Mỗi step build + review trước khi sang step kế (đúng anh giao).
- **Workflow-review-flaky:** 2/3 lane Part 1 + 1/3 lane Part 2/3 return RỖNG (#53). Lane trả về thì đầy-đủ + chính xác. → em-main self-gate lane rỗng (BE đã test-spec verify + build/test pass; FE lane cross-check). Khớp `feedback_workflow_fanout_reliability`: verify-heavy → em-main self-gate ≈ spawn lẻ.
- cwd-misland (gotcha tái diễn): impl-FE `cd fe-admin` npm build → MEMORY rơi `fe-user/.claude` stray → em-main harvest về canonical + thêm `.gitignore` guard `fe-*/.claude/`.
## State THẬT (verified)
Mig **56** · 88 bảng · **344** test (45D+299I) · gotcha **70** · menu 54 · bundle admin **`jOqxW4-p`** / user **`DbsznVvR`** (Run #319) · RAG 2428 · user-memory 29.
## 🔴 NEXT
- **Em (carry ưu-tiên):** curate L1 over-cap — reviewer **45KB** + inv-codebase **35KB** (keep-floor-hit, entries newest lớn → manual SPLIT/condense) + cicd 29KB + test-spec 28KB (strike-1). archive-gate A7 PASS 186/186.
- **Anh/anh Kiệt:** UAT bảng lưới (Ctrl+F5) bằng PRO/CCM; xem badge ✎NS trong Designer + flow.
- **Ops giữ:** tzutil VPS · anh Chương email typo · 5 real-staff pw · gán CNTT. Monthly audit 2026-07-01.

60
docs/changelog/sessions/2026-06-19-S77-pe-ux-batch-10-deploy.md Normal file
View File

@ -0,0 +1,60 @@
# S77 (2026-06-19) — PE UX batch: 10 deploy prod-verified (anh Kiệt FDC + Tra Sol + Bích Phượng)
> Buổi sản phẩm RẤT LỚN, HMW-mode ON. Anh forward liên-tục chat Zalo từ 3 người dùng (anh Kiệt FDC + chị Trà Sol + Bích Phượng) — loạt tinh-chỉnh module Duyệt NCC (PE) realtime. Em-main điều phối + spawn specialist lẻ + cicd-monitor verify từng deploy. Cuối buổi anh "Xong thì session-end luôn".
## Kết quả tổng
| Chỉ số | Trước | Sau |
|---|---|---|
| Deploy | — | **10** (#320#329), **10/10 cicd PASS** |
| Migrations | 56 | **57** (`AddPeSuggestedPriceNotes`) |
| Tests | 344 | **354** (+10) |
| Bundle | jOqxW4-p / DbsznVvR | **BqKD3Y23 / Cn-i349D** (Run #329) |
| SQL tables | 88 | 88 (additive cols) |
| Gotchas | 70 | 70 (tái dùng #70) |
## 10 deploy
| # | Commit | Việc | Người yêu cầu |
|---|---|---|---|
| #320 | `8e68ed1` | Cờ GẤP **pill** 🔴 GẤP (PRO) / 🟢 GẤP (CCM) đồng bộ MỌI danh sách + inbox. NEW `PeUrgentChips` ×2 app (single source of truth). Data đã có từ S69 (Mig 53) — chỉ chưa render ở `PeListPanel` + `InboxPage` (chỉ tree-list + detail có). FE-only, 0 BE. | anh Kiệt |
| #321 | `398b01d` | PE **focus mode**: bấm phiếu → overlay full-bleed trượt từ phải, ẩn menu+list, phiếu full-width tự cuộn + panel duyệt. + responsive laptop nhỏ. | anh Kiệt |
| #322 | `3b98845` | **Revert** list về layout gốc (3-panel bám-trái lấp-đầy, KHÔNG canh giữa). Anh: "giữ như cũ" (overlay quá tay). Recover từ FD process-death. | anh |
| #323 | `94e0e12` | **Mig 57** `AddPeSuggestedPriceNotes` (ô ghi chú giá đề xuất PRO/CCM, 2 cột nvarchar(1000)) + **số phân cách VND** (`VndInlineEdit`/`BudgetCell`) + sửa chính tả "Bản"→"Bảng so sánh giá" + **guard #70** stale-echo. | Tra Sol + anh Kiệt |
| #324 | `e42d103` | Số âm → **đỏ + ngoặc** `(5.000.000)` hàng 7/8/9 (đồng bộ hàng "So sánh" đã có `fmtVndSigned`). | Tra Sol |
| #325 | `e29391e` | Mục con **thụt dòng + gạch đầu dòng** (`BudgetRow +indent`) phân biệt mục có-số (1-9, cha) vs không-số (con). | Tra Sol |
| #326 | `b5aa72d` | Cờ gấp authz **BẤT ĐỐI XỨNG**: GẮN = NV chức năng (Procurement/CostControl/Admin) / GỠ = chỉ **Trưởng phòng** (`DeptManager` + role chức năng) hoặc Admin. Handler `SetPurchaseEvaluationUrgent` gate theo `IsUrgent`; FE nút gate theo trạng thái hiện tại. | Tra Sol (clarify giữa-chừng) |
| #327 | `fa6654b` | **Tách chọn-phiếu (inline 3-panel "như cũ") khỏi mở-rộng (overlay)** + nút **"Xem mở rộng"** (`Maximize2`) mỗi dòng. `?expand=1` decouple `?id`: click row=inline (wide) / overlay (narrow); "Xem mở rộng"=id+expand; Thu gọn=bỏ expand giữ id; approve/đóng=về list. | anh (annotate) |
| #328 | `424131d` | **Chuông báo người duyệt** khi phiếu vào cấp họ (submit + mỗi approve-advance). `LogTransitionAsync` +block: `toPhase==ChoDuyet` → resolve current-level approvers (step.Levels Order==CurrentApprovalLevelOrder, exclude actor) → `NotifyManyAsync` Generic "Phiếu cần bạn duyệt". Best-effort, V2-only. BE-only no-mig. | Bích Phượng + Tra Sol |
| #329 | `e823694` | **Banner phiếu Trả lại** ở chế độ Xem (readOnly) hướng dẫn ✏️ Sửa → "Lưu & Gửi Duyệt" (nút submit chỉ hiện khi Sửa). | Bích Phượng |
## Cách chạy (orchestration)
- **em-main** điều phối + tự review diff TRƯỚC mỗi commit + commit/push + chốt scope.
- **frontend-designer ×3** (focus #321 / revert #322 / decouple #327) — FD2 visual loop, nhưng backend `:5443` DOWN cả buổi → stub-verify layout (gotcha #3); live authed verify = post-deploy (anh UAT).
- **implementer-frontend** — pill #320 + notes/separator/spelling #323 (2 app SHA-mirror).
- **implementer-backend ×2** — Mig 57 #323 + approver-notify #328.
- **test-specialist ×3** — suggested-price notes +7 (#323) · urgent authz **symmetric → asymmetric REDO** (#326, do Tra Sol clarify sau khi đã dispatch).
- **cicd-monitor ×10** — verify từng deploy (run + bundle rotate + Mig + smoke); 10/10 PASS.
## Bài học
1. **Review-TRƯỚC-deploy bắt 3 lỗi mà "build PASS" KHÔNG thấy** (đều là runtime, không phải compile):
- **guard #70 (stale-echo):** ô ghi chú giá đề xuất dùng absolute-set echo từ server-snapshot → lưu giá rồi lưu chú liên-tiếp đè mất. impl-FE bê đúng echo nhưng SÓT `peFetching` guard (đã có ở bảng ngân sách S76). Em-main grep-so-với-budget-pattern → vá.
- **luật cờ-gấp bất-đối-xứng:** Tra Sol clarify GIỮA-CHỪNG (sau khi em đã dispatch test-specialist cho luật symmetric "TP cho cả gắn+gỡ") → luật cuối = GẮN-NV/GỠ-TP. Em fix BE+FE + REDO test (1 vòng test-specialist thừa). **Lesson: spec đang được người dùng clarify realtime → confirm luật TRƯỚC khi dispatch sub-agent (tránh redo).**
- **double-mount (Task H):** FD viết comment "render khi chọn && CHƯA mở rộng" nhưng code điều-kiện sót `!isExpand` → inline `PeDetailTabs`/`PeWorkflowPanel` mount SAU overlay khi expand. Intent-comment ≠ implementation → em-main review render-condition + vá.
2. **frontend-designer process-death giữa Task H** (CLI thoát) → in-process state mất, task FAILED. Recovery: tin **disk/git truth** (edit hoàn-chỉnh trên disk + build PASS) — em-main build-verify + mirror fe-admin + commit, KHÔNG re-spawn (agent-kill recovery, `feedback_agent_kill_recovery`).
3. **Batch rapid tweaks:** anh fire tinh-chỉnh liên-tục → em gom build+verify trước, deploy tuần-tự, verify từng cái độc lập (cicd). 10 deploy nhưng mỗi cái isolated → dễ rollback + UAT từng bước. 0 production bug lọt.
4. **Backend-down (gotcha #3):** FD2 visual loop chạy stub layout-shell (backend :5443 down) → layout verify OK nhưng live-data verify defer post-deploy. Build PASS + em-main logic review = đủ tin để deploy; anh UAT confirm.
## §L auto-maintain (light — product session)
- **§L.a error-ledger:** 0 bug-production (3 lỗi bắt PRE-deploy = success của review-gate, không phải bug lọt). Không AS-class hit mới. test-spec REDO = process-inefficiency (clarify-after-dispatch) — ghi lesson, không RCA formal.
- **§L.b:** (a) STATUS Recently Done +S77 ✅ · (c) chore-flag = curate L1 over-cap (archive-gate dry-run: reviewer 45KB/cicd 37.6KB/inv 35.6KB keep-floor-hit manual; FD/test-spec WATCH; **A7 GATE PASS 186/186** integrity OK); sleep-check = last_sleep 2026-06-18 <7d, KHÔNG cần · (d) flush = 5 sub self-flush MEMORY khi return (git-status verified: cicd/FD/impl-BE/impl-FE/test-spec modified) · (e) pending = UAT items + carry logged specifics · (f) harvest = self-flush (KHÔNG dùng run-trace folder session này, toàn Agent-tool spawn lẻ) · (g) tooling-freshness = KHÔNG đổi skill/plugin/roster (toàn product).
- **Infra-adoption:** N/A (no infra/governance adoption product-only session).
## 🔴 NEXT SESSION
- **Em (carry GẤP):** curate L1 over-cap reviewer **45KB** + cicd-monitor 37.6KB + inv-codebase 35.6KB (keep-floor-hit **manual SPLIT/condense** newest large entries, KHÔNG auto-drain; archive integrity A7 PASS chỉ L1-hot truncate on-inject). FD 26KB / test-spec 27.7KB WATCH strike-1. Làm như op tập-trung (precedent S70/S71).
- **UAT (anh/anh Kiệt/Tra Sol/Bích Phượng):** cờ gấp GỠ chỉ TP · chuông báo người duyệt · banner Trả-lại · "Xem mở rộng" · ô ghi chú PRO/CCM · số phân cách + số-âm-đỏ-ngoặc + indent.
- **Ops giữ S58/S59:** tzutil VPS UTC+7 · anh Chương email typo · 5 real-staff pw · gán CNTT. **Monthly audit 2026-07-01:** re-tier STATUS/HANDOFF (history bloated) · docs/CLAUDE count-flush (Mig 57, test 354) + schema §16+ Mig 32-57.

34
docs/changelog/sessions/2026-06-19-S78-pe-attach-file-on-approve.md Normal file
View File

@ -0,0 +1,34 @@
# Session 78 (2026-06-19) — PE: đính kèm file khi DUYỆT (UAT Tra Sol / 5 tester)
**Anh:** forward chat Zalo (Tra Sol + team — "5 tester đang testing kaka" 15:30) → *"CHỖ MÀN HÌNH duyệt — ĐỂ THÊM chỗ attach file… để khi họ duyệt mà muốn đính kèm cái file của mình lên vì có trường hợp thay đổi ko muốn trả lại"**"OK public và push luôn đi nhé"*`/session-end`.
## Yêu cầu
Ở modal Duyệt PE (popup "Duyệt → Đã gửi duyệt") thêm trường **ĐÍNH KÈM FILE** — người duyệt tải file của mình lên ngay lúc duyệt, thay vì phải Trả lại phiếu (tình huống có thay đổi nhỏ).
## Thiết kế (em-main solo — schema/UX decision)
- **Reuse hệ attachment có sẵn, MIGRATION-FREE:** thêm 1 enum `PurchaseEvaluationAttachmentPurpose.ApprovalAttachment = 5` (lưu int → 0 đổi schema). Endpoint `POST {id}/attachments` đã nhận sẵn `purpose`+`note`, validator `IsInEnum()`, controller `[Authorize]` + handler KHÔNG guard drafter-only → **approver upload được (no 403)**.
- **Upload-then-approve:** FE modal picker multi-file → bấm Xác nhận → upload từng file (purpose=5) TRƯỚC → rồi mới `/transitions` chuyển phase. File lỗi (định dạng/>20MB) → throw, KHÔNG duyệt.
- **Hiển thị:** mục "📎 File đính kèm khi duyệt" trong `PeWorkflowPanel` (download + preview qua `AttachmentPreviewDialog`), gắn CreatedBy + CreatedAt. KHÔNG lẫn vào "Bảng so sánh".
## Done (commit `7886fd0`, 7 file +313/14, Run #330 PASS)
- **BE (1 file):** enum `ApprovalAttachment=5``PurchaseEvaluationAttachment.cs`. No migration. Test **354 PASS** (unchanged). GET bundle project `e.Attachments` KHÔNG lọc purpose → file purpose=5 tới FE.
- **FE 2 app SHA-identical:** `PeWorkflowPanel.tsx` (picker + upload-before-transition + display section + close-reset) · `PeDetailTabs.tsx` (2 filter fix) · `types/purchaseEvaluation.ts` (enum + label "File khi duyệt").
- **Fix correctness (gotcha #71):** 2 filter dùng `supplierId===null` làm proxy "Bảng so sánh" → loại purpose=5 (tránh lẫn section + false-pass submit-guard "Chưa đính kèm Bảng so sánh").
## Cách chạy
em-main-led + self-gate (HMW-mode ON nhưng tight-coupling modal + go-live → `feedback_workflow_fanout_reliability`: em-main ≈ fan-out, tránh #53; reviewer over-cap 45KB → grep no-leak thay vai). **1 sub spawn = cicd-monitor** (verify Run #330). Verify chain: 3 build PASS + 354 test + SHA-parity identical (`diff` = 0) + grep no-leak (mọi `.purpose`/`supplierId===null` 2 app) + GET-bundle-projection check.
## 3 vấn đề em tự bắt khi build (review-trước-deploy)
1. **Authz** — đọc handler `UploadPurchaseEvaluationAttachmentCommandHandler` confirm KHÔNG guard drafter-only → approver upload được (no 403; verify TRƯỚC build per gotcha #44 silent-403 pattern).
2. **Filter pollution (#71)** — file-khi-duyệt (supplierId=null) lẫn "Bảng so sánh" + false-pass submit-guard → vá 2 filter ×2 app.
3. **Dialog mirror-truncate** — bản fe-admin em sót `</Dialog>` (new_string copy-truncate) → build fe-admin riêng BẮT → vá. **Bài học: build-verify TỪNG app, không tin "mirror identical".**
## Deploy (cicd-monitor PASS — Run #330 ~4m56s)
Test gate 354. Bundle ROTATE: admin **`BqKD3Y23 → CsJetgZH`** / user **`Cn-i349D → BVS0ApIm`** (+css). NO migration (Mig 57 latest, sys.tables 88). Smoke 4×200 + `POST .../attachments` 401-wired. Ship-proof byte-stable (admin 1,617,391b · user 1,521,772b, fetch#1==#2) + fake-hash control (gotcha #69 non-determ rotate).
## Lưu ý / NEXT
- **Minor (chấp nhận UAT):** upload-then-transition KHÔNG atomic — upload OK nhưng transition lỗi → file orphan gắn phiếu (hợp lệ, retry được).
- **NEXT UAT (anh/Tra Sol/5 tester, Ctrl+F5 lấy `CsJetgZH`/`BVS0ApIm`):** phiếu chờ duyệt → ✓ Duyệt → "+ Chọn file đính kèm" (multi) → Xác nhận → file ở mục "📎 File đính kèm khi duyệt" (download/preview). Chỉ hiện ở hành động Duyệt.
- **🔴 NEXT (em) — carry GẤP curate L1 over-cap (carry 6 session S72→S78):** reviewer **45.2KB** + cicd-monitor **38.8KB** + inv-codebase **35.7KB** = keep-floor-hit (manual SPLIT/condense, KHÔNG auto-drain; archive-gate `memory-archive-gate.ps1` A7 GATE PASS 186/186 — archive integrity OK, chỉ L1-hot truncate-on-inject) + FD 26.1KB / test-spec 27.7KB WATCH strike-1.
- **Ops giữ S58/S59:** tzutil VPS UTC+7 · anh Chương email typo · 5 real-staff pw `User@1234567` · gán CNTT. **Monthly audit 2026-07-01:** STATUS/HANDOFF re-tier · docs/CLAUDE deep-doc count-flush (Mig→57, test→354, gotcha→71) + schema-diagram §16+ Mig 32-57 ERD.
- **Pending product (carry):** "Ngưỡng giá CEO" Mig 54 Designer UAT · "C" chuyển phiếu→dự án chờ spec form.

43
docs/gotchas.md
View File

@ -1204,6 +1204,48 @@ for h in resp.points: # ← .points không phải iterable trực tiếp
---
### 69. FE bundle hash KHÔNG deterministic + `deploy.yml` rebuild FE vô-điều-kiện mỗi run → bundle ROTATE kể cả commit BE-only/governance (Session 72)
**Triệu chứng:** Commit governance-only (0 FE source change, `git diff fe-*/src <range>` = 0 file) push CI Run #312 bundle admin+user ĐỀU ROTATE (`BgNCjwsG`/`CBvh0vtf` `fc_xkNpJ`/`DP-tBcg0`). Suýt báo "FE thay đổi ngoài ý muốn"; STATUS/HANDOFF/commit đã claim nhầm "bundle frozen".
**Cơ chế:** (1) `.gitea/workflows/deploy.yml` path-filter gate CẢ workflow (chạy/skip toàn-bộ), KHÔNG gate từng step 1 file non-ignored (vd `.claude/workflows/hmw.js`) đủ trigger FE rebuild + deploy CHẠY HẾT. (2) Step deploy (`deploy.yml:161-167`) `Remove-Item fe-*\* + Copy-Item dist\*` VÔ-ĐIỀU-KIỆN mỗi run. (3) Vite/rolldown emit content-hash KHÔNG deterministic từ source y-hệt hash mới mỗi build. "BE-only bundle frozen" TRÙNG-HỢP quá-khứ, KHÔNG phải cơ-chế. Bundle rotate = EXPECTED mỗi deploy.
**Guard:** (1) Phát-hiện FE-ship THẬT = `git diff fe-admin/src fe-user/src <range>`, KHÔNG tin hash-delta. (2) **SPA-fallback 200 trap:** `GET /assets/index-<fake>.js` trả 200 (qua `/*`index.html rewrite) verify bundle = parse `index.html` refs + check size + `Last-Modified`, KHÔNG GET trực-tiếp asset hash-named. (3) Cosmetic-only, KHÔNG rollback; muốn hết false-alarm thêm `.claude/**` vào `paths-ignore` (governance commit khỏi trigger deploy).
**Credit:** cicd-monitor S72 Run #312 flagged-then-resolved bundle rotation trên governance commit `18fced6`; lật ngược invariant "BE-only frozen".
**References:** `.gitea/workflows/deploy.yml:17-30,161-167` · gotcha #41 (path-filter) · gotcha #46 (stale SHA).
---
### 70. FE absolute-set form echo field anh-em từ server-snapshot + `invalidate()` fire-and-forget → cửa-sổ STALE-ECHO mất dữ-liệu khi lưu 2 ô liên-tiếp (Session 76)
**Triệu chứng:** Form ngân sách PE 2 ô cùng cột PRO (ban hành + hiệu chỉnh) lưu qua CÙNG `proMut`, mỗi save echo field anh-em từ `bs` (server snapshot). Lưu ô A (proInitial) `invalidate()` refetch BẤT-ĐỒNG-BỘ; TRƯỚC khi refetch về, `bs.proInitial` còn lưu ô B (proAdjust) echo `bs.proInitial` **đè mất giá-trị A**. Workflow review (reviewer) bắt implementer self-review SÓT.
**Cơ chế:** BE handler absolute-set (set thẳng cả 3 field, thiếu=null=CLEAR) FE PHẢI echo field không-đổi. Echo lấy từ `bs` (props từ query) STALE trong cửa-sổ [mutate-resolve refetch-land]. `mut.isPending` chỉ true trong HTTP mutate, KHÔNG cover refetch nút Lưu re-enable khi `bs` vẫn .
**Guard:** Gate nút Lưu = `mut.isPending || useIsFetching({queryKey:['pe-detail',ev.id]}) > 0` khoá save tới khi refetch land (`bs` fresh). Đóng cửa-sổ stale-echo. Áp CẢ PRO+CCM cells + notes. (Pattern absolute-set-echo từ CCM Mig 50/55 prod chưa-báo-lỗi nhưng PRO nhân-đôi bề-mặt trước go-live tài-chính.)
**Credit:** reviewer S76 (2-lane workflow review Part 2/3) escalate MAJOR data-loss; em-main `useIsFetching` ×2 app trước deploy.
**References:** `fe-*/src/components/pe/PeDetailTabs.tsx` (PeBudgetSummaryTable `peFetching`) · gotcha #44 (silent issue self-review bias).
---
### 71. Thêm enum value vào entity DÙNG-CHUNG → pollute UI/guard phân-loại theo PROXY-predicate (không phải enum) (Session 78)
**Triệu chứng:** Thêm `PurchaseEvaluationAttachmentPurpose.ApprovalAttachment=5` (file người duyệt đính kèm khi DUYỆT tái dùng entity `PurchaseEvaluationAttachment`, migration-free enum lưu int). File mới `PurchaseEvaluationSupplierId=null`. NHƯNG 2 chỗ FE dùng `supplierId === null` làm PROXY ngầm cho "Bảng so sánh": (1) `banSoSanhAttachments` file-khi-duyệt LẪN vào section Bảng so sánh; (2) submit-guard "Chưa đính kèm Bảng so sánh" file-khi-duyệt FALSE-PASS guard (cho gửi-duyệt chưa bảng so sánh thật, khi phiếu Trả-lại re-submit sẵn file vòng trước).
**Cơ chế:** Reuse-enum migration-free RẺ (0 schema change, tái dùng storage+endpoint+component), NHƯNG predicate phân-loại bằng FIELD-PROXY (`supplierId===null` = "không gắn NCC" "bảng so sánh") thay check enum tường minh giá-trị enum MỚI rơi nhầm bucket. Build PASS (TS không bắt logic-bucket) + test xanh (FE-filter no xUnit) CÂM.
**Guard:** Khi thêm enum value vào entity dùng-chung **grep MỌI predicate lọc bằng field-proxy** (không phải enum) liên-quan, loại-trừ value mới: `supplierId===null && purpose !== ApprovalAttachment`. Áp cả 2 app SHA-mirror. Kiểm thêm: per-supplier list (lọc `supplierId===s.id`) tự loại (value mới supplierId=null); GET bundle projection KHÔNG `.Where(purpose)` value mới tới được FE.
**Credit:** em-main self-review (grep toàn-bộ `.purpose` / `supplierId===null` 2 app) bắt TRƯỚC deploy thay vai reviewer (over-cap). Build fe-admin riêng cũng bắt mirror-truncate `</Dialog>` sót (new_string copy-truncate) **build-verify TỪNG app, KHÔNG tin "mirror identical"**.
**References:** `fe-*/src/components/pe/PeDetailTabs.tsx` (banSoSanhAttachments + missingForApproval) · `PeWorkflowPanel.tsx` (approvalAttachments) · `src/Backend/.../PurchaseEvaluations/PurchaseEvaluationAttachment.cs` enum · gotcha #70 (self-review bias).
---
## Checklist debug bug mới
1. Build pass không? fail check using + package version compat
@ -1239,3 +1281,4 @@ for h in resp.points: # ← .points không phải iterable trực tiếp
30. Nếu sub-agent WRITE truncate NGAY ĐẦU exploration phase (chưa write file, đọc > 4 reference) → heavy spec ~10K + context bloat. Mitigation: brief ≤ 8K + pre-supply reference snippet trong brief HOẶC em main solo nếu cần đọc > 4 reference file (#55)
31. Nếu `git commit -m` qua PS 5.1 báo `error: pathspec 'xxx' did not match` với message tiếng Việt có `"` → native-arg escaping vỡ tại quote kép → Write message ra file UTF-8 + `git commit -F <file>` (#59)
32. Nếu thao tác theo-email/code trên data prod (lock/seed/migrate) trả 0 row affected → DUMP bảng env đích trước khi nghi code — population Dev ≠ prod (seed silent-fail `IdentityResult` không throw) (#60)
33. Nếu thêm enum value vào entity DÙNG-CHUNG mà UI/guard phân-loại sai (file lẫn section / false-pass guard) → grep MỌI predicate field-proxy (`supplierId===null`...) loại value mới + build-verify TỪNG app riêng (#71)

54
docs/governance/adap-reports/2026-06-18-Governance-checklist-harness-9-10.md Normal file
View File

@ -0,0 +1,54 @@
# adap-report — Checklist Harness-9 + Harness-10 (run-trace folder)
- **id:** 2026-06-18-Governance-checklist-harness-9-10
- **broadcast:** `ai_infra/broadcasts/outbox/all/2026-06-18-Governance-checklist-harness-9-10.md` (content_sha256 `ec32951a…` — verified MATCH, đọc UTF-8 tường minh per gotcha #61)
- **applied:** S71 (2026-06-18), em-main + 3 Workflow (invest→implement→review) + 3 reviewer
- **nấc (G-011):** **executed-file + VERIFIED (static)** — committed; runtime hmw.js pending-restart (no hot-reload)
- **PROJECT-FIT:** Part A (Harness-9 memory) = ĐÃ adopt S70 (self-verify lại) · Part B (adap 2-workflow) = ĐÃ codify S70 · **Part C (Harness-10 run-trace) = MỚI adopt S71 (lõi việc)**
## Mandate Harness-9 PART 2 — 3 workflow run-id (bằng chứng B3)
| Stage | run-id | verdict |
|---|---|---|
| INVESTIGATE (4× investigator-codebase) | `wf_9c2cd2cd-2e7` | PASS (B+C+D strong; A stub-return nhưng ghi diary thật → bù) |
| IMPLEMENT (3× general-purpose + em-main cluster) | `wf_e4e46725-231` | PASS (3/3, containment CLEAN, wording đồng-bộ 4 file) |
| REVIEW (3× reviewer adversarial) | `wf_636bc95b-939` | PASS sau-fix (R2+R3 độc-lập bắt C5 L1 over-claim → fixed) |
> Vượt sàn tối-thiểu 2-workflow (anh chốt "đủ 3 bước invest/imple/review, tránh sai sót"). Dogfood: chính 3 workflow này tạo 3 run-trace folder TRACKED đầu tiên + 3 entry ledger 2-nhịp.
## CHECK LIST 9-10 — nấc THẬT (honest, kiểm đĩa)
### PART A — Harness-9 memory (proposal, đã adopt S70) → 🟢
A1 budget.json ✓ · A2 measure-script + seed-by-measure ✓runtime · A3 gist additive distill-gen:1 ✓ · A4 coverage-diff (H2 verify) ✓ · A5 `_INDEX` 4 sub ✓ · A6 pointer-resolve substring-sha ✓ · A7 budget-audit @session-start (em chạy TAY S71) 🟡 automation pending-restart · **A8 gist-command tách-biệt = tailored: SE KHÔNG có command riêng, curate ad-hoc (function-floor "compress≠index" giữ)** · A9 `.ragignore` ✓.
### PART B — adap 2-workflow (BẮT BUỘC, codify S70) → 🟢
B1/B2 implement+review tách (3 run-id trên) ✓ · B2.5 reverse-findings (dưới) ✓ · B3 report+run-id (file này + email) ✓ · B4 short-but-confirm vẫn review ✓ (codify `adap-apply.md:38`).
### PART C — Harness-10 run-trace (BẮT BUỘC) → 🟢 MỚI
| C | nấc THẬT | bằng chứng |
|---|---|---|
| C1 run-folder 3-phần | executed-file | `runs/2026-06-18-h10-{invest,implement,review}/` đều run.md+sub-md/+harvest/ |
| C2 scaffold-cả-3-đầu-run | convention (em-main @P1, engine no-fs) | cả 3 run scaffold đủ từ đầu |
| **C3 git-TRACKED** | **tracked-eligible → COMMITTED** (sau commit này) | check-ignore NOT-IGNORED + **`git ls-files runs/` sau commit = non-empty** |
| C4 per-turn primary | executed-file | 3 harvest synthesis viết liền sau mỗi stage |
| C5 3-layer | L2/L3 wired (session-start/end) + L1 honest (em-main @P1 convention) | review bắt L1 over-claim → fixed |
| C6 ledger 2-nhịp | convention | `_ledger.md` 3 run OPEN+CLOSE + orphan def |
| C7 caveat | doc honest (reviewer: "điểm sáng nhất") | `runs/README.md` §C7 đủ 4 trục |
| C8 migration wave→runs | convention complete | wave-*/ giữ legacy ignored, runs/ tracked, 0 wave-*/ remain |
## Tailored (form) vs floor (function)
- **Tailored:** giữ tên biến `wave` nội-bộ hmw.js (accept `args.run` primary + `args.wave` alias back-compat — minimal-risk live-engine) · wave-*/ giữ legacy-ignored thay vì xóa (no wave-*/ remain, harmless) · A8 no dedicated gist-command (curate ad-hoc) · run-id folder = `2026-06-18-h10-<stage>` (date-slug).
- **Function-floor giữ nguyên:** run-trace TRACKED 3-phần · ledger 2-nhịp · 3-layer · containment-model-shift · caveat trung-thực · 2-workflow mandate.
## Reverse-findings (B2.5 — know-how chắt-lọc gửi ngược AI_INFRA)
1. **Engine no-fs làm C5-L1 KHÔNG THỂ là engine-prompt** — L1 "check prior-run-harvested" cần đọc ledger → BẮT BUỘC là lead @P1 convention, KHÔNG phải workflow-prompt. Checklist C5 nên ghi rõ L1 = lead-side (review của tụi em bắt đúng over-claim này khi 1 implement-agent tự-nhận "wired vào prompt-builder").
2. **Custom workflow (ngoài hmw.js) thiếu return-delta-guard → same-role fan-out race** (4 investigator tự-ghi chung MEMORY.md, "file modified since read"). hmw.js DEFAULT-mode đã có guard; custom Workflow script KHÔNG → đề xuất: mandate B nên nhắc "custom workflow phải copy return-delta-guard, KHÔNG để sub tự-ghi memory chung".
3. **check-ignore exit-code trap** (exit 0 cho CẢ negation lẫn ignore) — verify C3/C8 PHẢI dùng `&& IGNORED || NOT`, nếu không kết-luận ngược. Đáng đưa vào checklist C3 self-verify như guard tường-minh.
4. **C3 2-level (eligible vs committed) là bẫy thật** — review bắt `git ls-files` rỗng dù doc nói "tracked". Floor C3 đã tách 2-level rất đúng; tụi em confirm value của nó.
## Honest caveat
- hmw.js = source-clean + `node --check` PARSE-OK, NHƯNG runtime RUN-TRACE mode chưa chạy thật (no hot-reload → restart CLI mới active; SE ít dùng wave/run-mode nên forward-looking).
- A7 budget-audit + reviewer Cat-6 + H8 inherit vẫn pending-restart (carry S66/S70).
- `reviewer/MEMORY.md` + `investigator-codebase/MEMORY.md` over-cap (S71 same-role races REVIEW+INVEST) → ✅ **CLOSED S71 FINALIZE** (anh giao "review/double-check hoàn chỉnh toàn bộ" → FINALIZE double-check `wf_73de399d-753` audit 21 checklist item [0 code-defect, 3 deferred-gap] + curate `wf_f32987b8-03f`: reviewer 36.7→24.8KB + inv 29.8→23.2KB, both <25600 cap, archive +N -0 0-byte-loss; +reviewer-gist gen:2 + 3 user-memory G2/G3 [feedback_harness10_run_trace + 2 stale-claim fix] + budget.json re-measure + gitignore exit-trap CORRECTED). Race root-cause fixed cấu-trúc (hmw.js RUN-TRACE writeGuard).
- Review = static disk-truth (git/grep/node --check), KHÔNG curl/runtime (governance adap, no endpoint).
## Files (commit S71)
NEW: `runs/_ledger.md` · `runs/README.md` · `runs/2026-06-18-h10-{invest,implement,review}/{run.md,sub-md/,harvest/}`. MOD: `.gitignore` · `hmw.js` · `workflows/README.md` · `agents/README.md` · `harvest-curator.md` · `tooling-auditor.md` · `commands/session-{start,end}.md`. + `CLAUDE.md` (test-count flush 263306, pre-existing, resolve H1 stale-flag). adap = governance/infra only, **0 production code · 306 test untouched**.

51
docs/governance/adap-reports/2026-06-18-Governance-harness-10-flat-refine-checklist-v2.md Normal file
View File

@ -0,0 +1,51 @@
# adap-report — Harness-10 flat-refine + checklist-v2 (re-audit + fix) — SE
- **id:** 2026-06-18-Governance-harness-10-flat-refine-checklist-v2
- **from:** se · **date:** 2026-06-18 (S72)
- **broadcasts adopted:** `2026-06-18-Governance-checklist-harness-9-10-v2` + `2026-06-18-Governance-h10-flat-detector-refine` (kèm re-audit fidelity Harness-8/9/10)
- **mandate:** Harness-9 PART-2 (2-workflow IMPLEMENT + REVIEW tách biệt + run-id) — anh giao *"double check hết Harness-8/9/10/10-refine + checklist + hmw, lấy đầy đủ thông tin, điều chỉnh lại, report trung thực"*.
- **run-ids (B3 evidence):** audit `wf_13868efb-ea7` · implement `wf_ac43b5ff-7d1` · review `wf_d482e10d-5dd`
- **reviewer_gate:** ✅ PASS sau-fix (R3 PASS + R1/R2 PASS-with-concerns → 1 major + 4 minor TẤT CẢ fixed)
## Bối cảnh (trung thực)
Anh chỉ ra SE chưa theo kịp Harness-10 flat-refine ("các project khác làm tốt, mỗi SE thiếu"). SE re-audit toàn bộ qua 3-stage workflow. **Baseline đo = canonical spec (ground-truth)**`cross-project-status.md` đã stale (05-22, RAG Layer A), KHÔNG dùng để "chứng minh sisters ahead" (honest).
## Nấc thật per checklist-v2 (đo vs canonical)
**PART A — memory L2 (proposal/tailorable): substantially LANDED.** A1-A7 + A9 ok (executed-file / runtime / convention-met). **A8** (sleep-compress command) ĐÃ port — trước đó SE thiếu (chỉ nén ad-hoc). Watch: frontend-designer + test-specialist sát cap 25.6KB nhưng chưa có archive.
**PART B — adap 2-workflow (MANDATORY): LANDED.** B1/B2/B2.5/B3 = runtime (chính report này + 3 run-id = bằng chứng). B4 = convention-met (codified `adap-apply.md:38`, chưa có runtime instance của task-ngắn-cần-confirm).
**PART C + refine (MANDATORY): WAS BEHIND → NOW MIGRATED.** C1/C8/refine-a: run-trace SUBFOLDER→**FLAT** done (`hmw.js:103` + `workflows/README` + `runs/README` + `session-start/end` + `agents/README`; 5 run cũ S71 GIỮ subfolder, close-gate **dual-accept**). C2-C7 ok. **refine-b detector: TAILORED-OUT** (documented, anh chốt).
## Gap found → fixed
| gap (audit) | fix | nấc |
|---|---|---|
| run-trace subfolder (canonical=flat) | hmw.js + 5 docs → flat; 5 old runs keep subfolder | runtime (node --check OK + 2 new runs flat) |
| `/sleep-recovery-memory-l2` absent (A8) | ported tailored SE-only (137 dòng, floor intact, scope SE) | executed-file + live skill |
| 2 broadcast 06-18 unadopted | adopted (checklist-v2 + h10-refine) | runtime |
| detector refine-b | tailored-OUT + documented reasoning | convention (honest N/A) |
| hmw.js meta stale H4.5 two-tier | → H8 all-inherit (bonus doc-drift) | executed-file |
| B3 report imprecision (S71) | corrected (path + count, xem dưới) | runtime |
## Giá trị REVIEW tách biệt (dogfood B2 — mandate đúng)
Workflow REVIEW độc-lập bắt **2 lỗi mà workflow IMPLEMENT tự-chấm bỏ sót**:
1. **`hmw.js:52`** — schema `subMdPath` description còn ghi path cũ `sub-md/` (operative path :103 đã flat, nhưng bản-sao path trong schema-desc chưa đổi) → fixed.
2. **sleep-cmd auto-check ≥7d trigger UN-WIRED** — command tuyên bố session-start/end đọc `last_sleep_at` nhưng grep cả 2 file = 0 (overclaim) → **WIRED thật**: `memory-budget.json` `+last_sleep_at` + `session-start:78` + `session-end:48` INFORM step (grep-verified present sau fix).
→ Bằng chứng sống: 1-workflow-tự-chấm SẼ ship 2 lỗi này; review-workflow RIÊNG bắt TRƯỚC commit. PART-2 mandate hoạt động.
## Reverse-findings (B2.5) → AI_INFRA
1. **rename-migration audit phải grep runtime SCHEMA/contract-description strings**, không chỉ code-path + prose. Path hay bị duplicate ở (1) operative var, (2) comment, (3) schema/contract-desc — bản schema-desc dễ sót nhất vì là *data* không phải code engine đọc. (Bắt được hmw.js:52.)
2. **ported-command §-anchor phải grep/ls-verify TRONG sister repo** — port re-home path khác nguồn (SE budget ở `agent-memory/`, design-doc AI_INFRA-only). §-cite = claim "wiring tồn tại ở đây" → phải grep-prove như class 'wire BE' bug, áp cho governance-doc wiring.
3. **run-trace path-qualify:** SE `runs/``.claude/workflows/runs/` không phải repo-root → bare `git ls-files runs` false-0 = kết-luận FALSE "không tracked"; luôn path-qualify + exit-branch `check-ignore` (negation `!.claude/**` last-match-wins vô-hình với text-read .gitignore). [chính là bẫy S71 report vấp]
4. **Raw Workflow tool KHÔNG mang writeGuard của `hmw.js`:** SE chạy REVIEW qua Workflow tool TRỰC-TIẾP (thay wrapper `hmw.js`) → KHÔNG inject anti-self-write guard → 1 sub `reviewer` theo charter "update MEMORY before return" tự ghi `agent-memory/reviewer/MEMORY.md` (+2850B → 27694 over-cap 25600; nếu N agent cùng-role = same-role-race trên 1 MEMORY). **Em-main git-status containment-check post-workflow BẮT** → revert (record đã nằm trong run-trace `sub-review-*.md`; B3 single-writer restored). Bài học: run-trace fan-out PHẢI qua `hmw.js` (mang writeGuard + return-delta) HOẶC replicate writeGuard trong prompt raw-Workflow. Đúng class mà `hmw.js` RUN-TRACE writeGuard (S71) sinh ra để chặn — **tái phát khi bypass wrapper**. (Đề-xuất infra: ghi rõ "raw Workflow tool ≠ project-wrapper governance" trong floor.)
## Honest caveats
- **Audit Part A auditor (1/4) failed no-StructuredOutput + Part C/H8 truncated** → em-main self-gate ground-truth từ đĩa (git/grep/glob), disclosed — valid per `feedback_agent_kill_recovery`.
- **Detector TAILORED-OUT (không build):** SE chạy qua Anthropic Workflow tool (KHÔNG có CLI-launcher bypass-surface như node-CLI của AI_INFRA hmw.js); containment = git-diff + run-folder tracked + ledger orphan-scan (G-015). refine nói detector = "chuyện nội bộ mỗi dự án tự quyết". SE **KHÔNG claim** đã adopt detector — đây là quyết định tailored có lý-lẽ, không phải né.
- **B3 self-correction (trung thực):** report S71 của SE cite path tắt `runs/` + count "14"; thật = `.claude/workflows/runs` (**22 file**, "14" đúng tại commit `8c47bd0` rồi tăng lên 22). Folder commit thật; chỉ path-string + count cũ sai → đã sửa.
- **Runtime:** hmw.js flat `node --check` PARSE-OK, nhưng RUN-TRACE runtime cần CLI restart để chạy thật (forward-looking — frontmatter/command no hot-reload).
## Net
SE **parity Harness-10 flat**. **0 production code** — state THẬT GIỮ NGUYÊN: Mig 53 · 88 bảng · 306 test · 68 gotcha · menu 54 · bundle admin `BgNCjwsG`/user `CBvh0vtf`. 3 run-trace folder (audit/implement/review) git-tracked = bằng chứng.

52
docs/governance/adap-reports/2026-06-18-Governance-harness-11.md Normal file
View File

@ -0,0 +1,52 @@
# adap-report — Harness-11 (engine bộ-nhớ-và-governance TỰ-BẢO-TRÌ)
- **id:** 2026-06-18-Governance-harness-11
- **source broadcast:** `ai_infra/broadcasts/outbox/all/2026-06-18-Governance-harness-11.md` (+ checklist `2026-06-18-Governance-checklist-harness-11.md`) · directed heads-up `outbox/se/2026-06-18-ai_infra-to-se-harness-11-available.md` (inbox verify ✓ whole-file `318ff9f6` + body `b2a2fc1c`)
- **adopted by:** se (SOLUTION_ERP) · **session:** S75 · **date:** 2026-06-18
- **protocol:** Harness-9 PART-2 mandate = 3 workflow tách biệt + report-with-run-id
- AUDIT `wf_7fdc3bd5-930` (4× investigator-codebase) → IMPLEMENT `wf_c5e5844e-7c1` (2× general-purpose script ∥ + em-main MD cluster) → REVIEW `wf_d7ca1ff8-942` (3× reviewer adversarial)
- **+2 double-check (anh giao thêm):** DOUBLE-CHECK `wf_a0b68d2f-30e` (3× reviewer — committed-state + over-suppression regression) → CHECKLIST-VERIFY `wf_39cd4cbe-f07` (3× investigator-codebase — formal scorecard A1-7/B1-4/C1-5/D1-11)
- **run-trace:** `.claude/workflows/runs/{2026-06-18-h11-audit,-implement,-review,-doublecheck,-checklist-verify}/` (TRACKED FLAT, 5 run)
## VERDICT: ✅ ADOPTED — completeness-gate ĐẠT (B+C+D function-floor đủ-trọn), REVIEW PASS 0-blocker
H11 = chuẩn-hoá lại cái SE đã thể-hiện MỘT PHẦN (Harness-9 L2-recovery + Harness-10 run-trace + single-writer). AUDIT xác nhận: nhiều cấu-phần PRESENT sẵn, GAP thật = **PHẦN C (3 detector-script)** + **B1/B3 (derived→canonical pointer + freshness)** + **D5-D8 (3-tier + one-direction-lock chưa nhãn-hoá)**.
## Nấc theo PHẦN (trung-thực executed-file vs runtime · mechanized vs convention)
| PHẦN | Trạng-thái | Nấc |
|---|---|---|
| **A** (hot-mem auto-archive 🟡) | A1-A3 PRESENT sẵn (H9) · A4 hysteresis 0.85 / A5 keep-floor 5 / A6 2-strike / A7 NO-API L1-eval = **MỚI** | `memory-archive-gate.ps1` runtime-proven (A7 186/186 pointer-resolve, A4/A5 DRY-RUN observed). A6 2-strike = executed-file (cần 2 -Apply mới đủ runtime). budget.json `archive_gate` params. mechanized DRY-RUN planner; MOVE thật = em-main (D5 semantic-null). |
| **B** (derived→canonical 🔴) | B1 ✅ (11 edit count→pointer `docs/STATUS.md`) · B2 ✅ · B3 ✅ (=C2) · B4 ✅ | B1 landed + **drift THẬT root CLAUDE.md RESOLVED** (post-B1 re-run: 3 TP-flag mig53/test306/gotcha68 GONE). runtime-proven. |
| **C** (3 grep detector 🔴 MANDATE) | C1/C2/C3 + C4 + C5 = **MỚI build** | `governance-detectors.ps1` runtime-proven: bắt drift thật + C4 0-self-match + C5 100%-resolve + NO-API + 0-auto-write. **Refinement post-R2:** 59→27 flag (C2 context-skip + C1 `[-_]` normalize). |
| **D** (orchestration 🔴) | D1/D2 wired MỚI (session-start §2.1.3 + session-end §L.b(c)) · D3/D4/D9/D10/D11 PRESENT-mạnh sẵn · **D5/D6/D7 3-tier + D8 one-direction-lock = MỚI codify** | mix. D4/D9/D11 mechanized (hmw.js:76 THROW · store_memory strip · md5sum byte-0-loss). engine-doc `docs/governance/harness-11-engine.md` = canonical. |
## Tailoring (SE-specific)
- Detector = **PowerShell .ps1** (khớp `scripts/*.ps1` + `measure-agent-memory.ps1` precedent), KHÔNG bash — chạy `powershell.exe -File`.
- A = DRY-RUN planner (in kế-hoạch, người duyệt) thay auto-move — vì MOVE đụng memory canonical (D6/D9 single-writer).
- Canonical = `docs/STATUS.md` CURRENT-STATE table (nguồn-chuẩn state); detector cross-check disk (mig=`ls Migrations/*.cs`, gotcha=max `### N`).
- Engine-doc TỰ-NÓ B1-compliant (0 hardcoded volatile-count) — dogfood.
## Honest caveats (KHÔNG nói quá)
- **no-OS-hook:** detector/gate chạy TRONG thân session-start/end body, em-main kích — DÒ tự-động, SỬA+GÁC dựa người. KHÔNG fully-autonomous.
- **auto-WRITE luật = CỐ Ý chưa làm** (defer ≥2 sự-cố thật, hiện 0). Mọi thứ chạm luật/copy = chỉ DÒ+FLAG.
- **C2 residual ~11 FP** (module-local "4 bảng Budget" historical, "1 migration" prose revert-cmd) = soft-net chấp-nhận (LOW/MED advisory exit-0, self-documented). FP-rate cắt từ ~89%→~40% sau refinement.
- **C1 13 wikilink-dangling = REAL pre-existing** memory-index drift (genuinely-missing + cross-scope) — engine SURFACE đúng; fix từng cái = chore riêng, KHÔNG block adap.
- **C3 console mojibake VN-variant** = cosmetic Bash-capture (match THẬT đúng — gotcha #30 code-point builder).
- **A6 2-strike** = executed-file logic (runtime cần 2 lần -Apply); **detector stateless** nên 2-strike-for-flag là convention em-main, KHÔNG mechanized-per-detector (KHÔNG over-claim).
## Reverse-findings (đề-xuất ngược AI_INFRA)
1. **gotcha #30 = floor-class lesson cho mọi sister Windows:** detector .ps1 NO-API tiếng-Việt BẮT BUỘC build token từ Unicode code-point (`[char]0x1EAB`...) — `powershell.exe -File` decode .ps1 UTF-8-no-BOM bằng ANSI-1252 → literal Việt mojibake → detector MÙ token bản-địa (vòng-1 thiếu 18/71 flag). Đề-xuất thêm vào H11 checklist PHẦN C như cảnh-báo encoding cho dự-án non-ASCII.
2. **C2 count-token grep = soft-net FP cao bản-chất** (~89% raw) — cần context-skip (table-row + version-prefix + historical-marker) để dùng được; đề-xuất H11 checklist note FP-mitigation pattern.
3. **B1 + C2 = cặp bổ-trợ:** B1 (pointer-conversion) gỡ copy → C2 chỉ gác doc copy MỚI. Sau B1, C2 trên doc đã-pointer = no-op (đúng ý-đồ). Xác-nhận thiết-kế này khớp intent H11.
## Double-check ×2 (anh giao thêm — 2026-06-18)
- **DOUBLE-CHECK #1** (`wf_a0b68d2f-30e`, 3× reviewer): committed-state `e70c046` **PASS** — B1 ×11 exact, root CLAUDE.md:53 tail byte-identical (0 prose loss), broadcasts hash recompute KHỚP (b2a2fc1c/7fa1b53a/318ff9f6), single-writer clean, budget additive. **Over-suppression regression:** DA1 lane failed-no-return → em-main self-gate (inject prose fake-drift "99 migration" → detector **CAUGHT** → revert) = no over-suppression runtime-proven; DA2+DA3 độc-lập confirm (hunt: C2-skip che per-item/historical/==canonical, KHÔNG live-aggregate; 11 prose-drift vẫn bắt). Fix nhỏ: +C2 "test project" skip (27→26) + agents/README "(pending)"→run-id.
- **CHECKLIST-VERIFY #2** (`wf_39cd4cbe-f07`, 3× investigator-codebase): completeness-gate H11 FORMAL **ĐẠT****B 4/4 + C 5/5 + D 11/11 đủ-trọn** (function-floor MET), A 🟡 tailored. D5/D6/D7 explicit-label=YES + D8 one-direction codify=YES. A7 GATE 186/186, C4 0 self-match, NO-API+0-auto-write grep 0-hit. Honest: A6 runtime cần 2×-Apply (legit by-design), B1 residual soft-net FP (advisory).
- **Lesson NEW:** box-glyph (├└─) KHÔNG đưa vào `.ps1` — gotcha #30 (PS5.1 `-File` ANSI-decode mojibake), KỂ CẢ qua Edit tool (render-normalize escape→literal). Detector giữ pure-ASCII (Python scan 0 non-ASCII verified). Tree-line FP-skip attempted→reverted; line "6 test" giữ làm documented soft-net FP.
## Evidence
- 3 run-id (trên) · run-trace synthesis 3 file `*-synthesis.md` (audit/implement/review) · ledger `runs/_ledger.md` 3 row CLOSE.
- Detector runtime: exit 0, 27 flag post-refinement (C4 0-self-match, NO-API grep 0-hit, 0-auto-write git pre==post).
- Archive-gate runtime: A7 186/186 pointer-resolve, A4/A5 DRY-RUN observed.
- State THẬT GIỮ NGUYÊN (0 production code): Mig 55 · 88 bảng · 339 test · gotcha 69 · menu 54 · bundle `BYF5vIMJ`/`CB-tiRxd`.

11
docs/governance/error-ledger.md
View File

@ -31,6 +31,7 @@ Detect by **action-signature** (NOT "AI tự phán có vi phạm không"). Scan
| AS-10 | sub-agent writes a tracked file (MEMORY.md / code) despite **R1 return-only** (Write/Bash residual) | R1 return-only (HMW) — prompt-rule, NOT mechanized (G-015) | git-diff post-P2 catch → lead VERIFY benign+accurate+placement → keep or revert (NOT a bug if correct; chunk-count for RAG-write) |
| AS-11 | cross-stack feature: BE validator/nullability ≠ FE required-marker for the SAME field | em-main shared-contract consistency (E-007) | RCA + align FE↔BE + reviewer-gate (held S51) |
| AS-12 | identifier-based data op trên prod (lock/seed/migrate-by-email/code) viết theo population đọc từ CODE/Dev, KHÔNG dump bảng env đích | gotcha #60 (E-008) — assertion 0-row/`-1` ⟹ nghi data-mismatch TRƯỚC code-bug | RCA + dump env-đích trước khi viết list + seed-password thỏa policy nghiêm nhất mọi env |
| AS-13 | **custom Workflow script (≠ hmw.js DEFAULT-mode)** chạy parallel **same-role** agents giữ Write → agents tự-ghi shared `agent-memory/<role>/MEMORY.md` → "file modified since read" race + verbose-append over-cap | E-009 — hmw.js DEFAULT có return-delta-guard, custom script KHÔNG kế-thừa | RCA + curate L1→L2 + custom workflow PHẢI copy return-delta-guard HOẶC file-disjoint 1-sub/file |
## 🛡️ Active-Guards index (2-strike promote: episodic → procedural)
@ -50,11 +51,20 @@ Detect by **action-signature** (NOT "AI tự phán có vi phạm không"). Scan
| heavy spawn → `run_in_background` | looks-frozen | **procedural** (2-strike met) | 2 (S45, S48) | ✅ S48 (FD bg) + S50 (all 4 monitor+wave spawns bg) | + |
| RAG glob `**/`-anchored (not root) | gotcha #10 node_modules leak | procedural | 1 (S41) | ✅ (2406 clean) | ++ |
| dump bảng env-đích TRƯỚC identifier-based data op (lock/seed-by-email) | gotcha #60 (AS-12) | episodic | 1 (S57bis lock NO-OP) | ✅ S58 (recon dump → fix `5998163` → Run #382 đo 34 locked) | ++ |
| custom Workflow same-role → copy return-delta-guard HOẶC file-disjoint 1-sub/file | E-009 (AS-13) | episodic | 1 (S71 invest/review race) | ✅ S71 (curate workflow `wf_f32987b8` file-disjoint 1-sub/file = 0 race; finalize curate đóng over-cap) | ++ |
## 📋 RCA entries (blameless — newest on top)
> Format: `E-NNN | date | rule | what | 5-why root | fix (prod-bug = 2-fix: code + guard) | prevention | tags[TYPE/ACTOR/COMPONENT]`
### E-009 — AS-13 custom-workflow same-role MEMORY write-race → over-cap (S71, finalize-review-caught, curated same-session)
- **rule (AS-13 NEW):** custom Workflow script (≠ hmw.js DEFAULT-mode) chạy parallel **same-role** agents giữ Write → mỗi agent chạy frontmatter "update MEMORY before return" → concurrent writes shared `agent-memory/<role>/MEMORY.md` → "file modified since read" race + verbose-append over-cap. hmw.js DEFAULT-mode inject return-delta-only writeGuard; custom script KHÔNG kế-thừa.
- **what:** S71 Harness-10 adop chạy custom workflow (h10-invest 4× investigator-codebase · h10-review + h910-finalize 3× reviewer). Agents tự-ghi diary → 4 investigator ghi `investigator-codebase/MEMORY.md` đồng-thời + 3 reviewer ghi `reviewer/MEMORY.md`. Kết quả: reviewer 24.8→**36.7KB** (harness silent-truncate ~8KB HOT lúc spawn), investigator 24→29.8KB — cả 2 over auto-inject cap 25600. Content HỢP-LỆ (additive, 0 corruption, git numstat +N -0) nhưng P1 curate-debt (claimed CLOSED S70) re-opened.
- **5-why:** custom invest/review/finalize workflow author KHÔNG inject return-delta-guard mà hmw.js DEFAULT có → same-role agents mỗi con chạy "update MEMORY before return" → concurrent write cùng file → race + bloat tích-lũy → over-cap → harness silent HOT-truncate. Caught: finalize-review R3 (`wc -c`) + budget-audit-by-hand S71 (KHÔNG phải runtime-error — silent).
- **fix (KHÔNG prod-bug — 0 production code):** (process) curate L1→L2 `wf_f32987b8-03f` **file-disjoint 1-sub/file** (reviewer 36.7→24.8 + inv 29.8→23.2, 0-byte-loss numstat +N -0 + grep-Fxf 10/10 + md5sum) + budget.json re-measure + reviewer-gist gen:2. (guard) AS-13 + Active-Guard episodic + `feedback_harness10_run_trace` #2 lesson.
- **prevention/guard:** custom Workflow parallel same-role → (a) inject return-delta-only writeGuard (mirror hmw.js DEFAULT), HOẶC (b) file-disjoint 1-agent/memory-file (curate S71 dùng = 0 race). Budget-audit @session-start re-measure bắt re-accumulation. hmw.js RUN-TRACE mode (S71) đã guard.
- **tags:** [memory-race-overcap / custom-workflow-agents / agent-memory reviewer+investigator-codebase]
### E-008 — AS-12 lock-demo-user prod NO-OP: population Dev ≠ prod + seed silent-fail (S57bis ship, S58 fix, cicd-caught)
- **rule (AS-12 NEW):** thao tác data theo-identifier trên prod (lock/seed/migrate-by-email) mà list viết từ CODE/Dev population, KHÔNG dump bảng env đích → silent NO-OP/sai-target. Assertion trả 0-row/`-1` ⟹ nghi data-mismatch TRƯỚC khi nghi code.
- **what:** S57bis ship `LockDemoSampleUsersAsync` 14 email named-person (đọc từ seed code = population Dev-only). Demo prod thật = 20 UAT-matrix (`bod.1@`, `pm.nv@`… tạo TAY 05-13, chưa từng trong code). Run #381 deploy PASS + health 200 + code RAN — locked=0, hoàn toàn silent. Tầng 2 ẩn sâu hơn: `DemoUserPassword` 11 ký tự < prod `Identity:Password:RequiredLength=12` `CreateAsync` trả `IdentityResult.Failed` (LogWarning-only, by-design 1-fail-không-abort) **mọi startup từ trước tới giờ** named-person + `nv.cao`/`nv.truong` (IT pool root cause "helpdesk inert" S56!) + 5 real staff KHÔNG BAO GIỜ tồn tại trên prod.
@ -85,6 +95,7 @@ Detect by **action-signature** (NOT "AI tự phán có vi phạm không"). Scan
- **5-why:** 37-file batch `-A` convenient habit skipped specific-stage AS-1 signature fired.
- **fix:** (process) MITIGATED pre-commit `git add -A --dry-run` verified exact 37-file scope + wave-folder-leak=0 + 0 unintended files BEFORE commit; no concurrent SE session running. Scope was correct no retroactive re-stage needed. (guard) next multi-file commit `git add <list>` OR dry-run-verify-first (this session did dry-run = acceptable mitigation).
- **prevention/guard:** Active-Guard AS-1 "add-specific or dry-run-verify-first". Blameless: outcome clean, but signature logged for honesty L.a = catch signature, not excuse it).
- **recurrence S71:** 2× `git add -A` (commits `8c47bd0` + `7875b39`) mitigated y hệt: `git status --short` containment-audit review FULL scope TRƯỚC mỗi stage (verify-first = mitigation hợp-lệ per guard); 0 unintended file (run-trace tracked + agent-memory curate = đúng tập dự kiến). Pattern ổn định: `-A` + pre-stage-status-review acceptable khi scope đã audit.
- **tags:** [git-hygiene / em-main / commit]
### E-004 — gotcha #53 agent truncation mid-MEMORY (recurring S35-S42)

84
docs/governance/harness-11-engine.md Normal file
View File

@ -0,0 +1,84 @@
# Harness-11 — Engine bộ-nhớ-và-governance TỰ-BẢO-TRÌ (SE canonical)
> **Adopt S75 (2026-06-18)** — AI_INFRA broadcast `2026-06-18-Governance-harness-11` + checklist (inbox `broadcasts/inbox/ai_infra/`). Áp qua 2 workflow (IMPLEMENT `wf_c5e5844e-7c1` + REVIEW) per mandate ⑤. adap-report → `docs/governance/adap-reports/2026-06-18-Governance-harness-11.md`.
>
> 🔑 **Đây là CANONICAL cho engine governance của SE.** Doc khác (`agents/README`, `session-start/end`) **TRỎ về đây**, KHÔNG copy luật (B1 dogfood — một-chỗ-đổi).
>
> 🔑 **Nguyên-lý lõi:** "tự-bảo-trì" = luôn-TỰ-BIẾT khi có drift (detector tự-động, NÊU-CỜ ngay) **CHỨ KHÔNG tự-viết-lại** nội-dung/luật. DÒ tự-động; SỬA do người-chủ-trì (em-main) làm trên cờ. **BAR-KHÔNG-HẠ = một-người-ghi (single-writer)** — "tự-bảo-trì" TUYỆT-ĐỐI KHÔNG miễn-trừ chốt này.
---
## Bản-đồ artifact (engine SE)
| Cấu phần | Artifact | Nấc |
|---|---|---|
| PHẦN A — hot-mem auto-archive | `scripts/memory-archive-gate.ps1` + `.claude/agent-memory/memory-budget.json` (`archive_gate` params) + `session-end.md §L.b` | mechanized DRY-RUN planner + convention trigger (no-OS-hook) |
| PHẦN B — derived→canonical + freshness | luật B1 (dưới) + `scripts/governance-detectors.ps1` (C2 staleness) | detector mechanized + fix gated qua người |
| PHẦN C — 3 grep detector | `scripts/governance-detectors.ps1` (C1/C2/C3 + C4 self-exclusion + C5 resolve-condition) | mechanized NO-API, DÒ+FLAG-only |
| PHẦN D — orchestration | doc này (3-tier + 1-direction) + `session-start.md`/`session-end.md`/`ultra-on.md` cadence + `hmw.js` checkpoint | mix mechanized + convention |
| Canonical state (nguồn-chuẩn) | `docs/STATUS.md` CURRENT STATE table | — |
---
## PHẦN A — Hot-mem auto-archive by budget (🟡 TAILORED)
SE-present từ Harness-9 (L2 archive byte-exact + `_INDEX` substring-pointer + gist). Harness-11 thêm 3 tham-số chống-thrash + standing-gate:
- **A1 byte-gate @session-end** — `memory-archive-gate.ps1` đo byte mỗi `agent-memory/<sub>/MEMORY.md` vs cap. (Trigger = `session-end.md §L.b` convention người-kích — engine no-OS-hook.)
- **A2 additive MOVE** — bản-cũ-nhất → `archive/<YYYY-MM>.md`, NEVER overwrite (runtime-proven `h910-curate`: +N -0 byte-exact).
- **A3 `_INDEX` pointer-only** — 1 dòng/bản-ghi, con-trỏ substring sha-keyed (`memory-budget.json:19`).
- **A4 hysteresis** — dồn tới DƯỚI `low_watermark = 0.85 × cap` (không dừng ở vạch). [param `archive_gate.low_watermark_ratio`]
- **A5 keep-floor** — luôn giữ ≥ `keep_floor_entries` (5) bản-ghi gần nhất, không vét sạch.
- **A6 2-strike** — chỉ ĐỀ-XUẤT dồn khi over-cap ở 2 lần kiểm liên-tiếp (`strike_threshold`), chống alert-fatigue.
- **A7 NO-API L1-eval** — sau dồn: (i) resolve-con-trỏ (mọi pointer `_INDEX` grep-định-vị được trong archive) + (ii) byte-0-loss (tổng trước = sau). grep + measure only, KHÔNG API.
> 🟡 Con-số (cap 25600, 0.85, 5, 2) = TAILOR. SE chọn DRY-RUN planner (in kế-hoạch + người duyệt) thay auto-move — vì move = đụng memory canonical (D6/D9, không tự-ghi).
## PHẦN B — Derived-doc TRỎ canonical, KHÔNG copy (🔴 FUNCTION-FLOOR)
- **B1 — derived TRỎ canonical:** tài-liệu-dẫn-xuất (`CLAUDE.md` root/docs, `skills/*/SKILL.md`, `agents/README`) KHÔNG copy volatile-token (mig#·test#·gotcha#·table#·bundle-hash·model) — **TRỎ `docs/STATUS.md`** (canonical). Lý-do: một-chỗ-đổi-N-chỗ-drift = nguồn drift #1 (chứng-minh sống: root CLAUDE.md kẹt mig 53 qua S70-S74).
- **B2 — giữ readability:** dữ-kiện-ổn-định (tech-stack, module-table, convention) GIỮ inline đọc-được; CHỈ pointer cái HAY-đổi (tránh pointer-soup). Exemplar sẵn: `docs/PROJECT-MAP.md` (0 count-token, 241 dòng).
- **B3 — freshness-DETECT:** `governance-detectors.ps1` (detector C2) grep volatile-token derived vs canonical → FLAG lệch (KHÔNG tự sửa).
- **B4 — fix GATED qua người:** FLAG → em-main xem diff → ghi (single-writer). KHÔNG đường tự-ghi-thẳng. (Mechanized backstop: git-diff commit-gate + run-folder TRACKED.)
## PHẦN C — 3 bộ dò grep tất-định (🔴 FUNCTION-FLOOR MANDATE)
Tất cả ở `scripts/governance-detectors.ps1` — NO-API (grep/measure only), **DÒ+NÊU-CỜ-only** (không tự sửa). Chạy @session-start (D1) báo cờ.
- **C1 broken-pointer** — grep ref nội-bộ (gotcha #N > max · `[[wikilink]]` target thiếu) → FLAG dangling.
- **C2 derived-staleness** (= B3) — count-token derived vs STATUS canonical (+ cross-check disk: mig = `ls Migrations/*.cs` excl Designer/Snapshot; gotcha = max `### N.` trong gotchas.md) → FLAG mismatch + 'canonical-itself-stale' nếu STATUS lệch disk.
- **C3 vocab-fork** — alias-set (seed: `wave-folder↔run-trace`, `Dự trù PRO↔Ngân sách PRO`, `two-tier↔all-inherit`) → FLAG khi ≥2 biến-thể cùng sống.
- **C4 self-line exclusion** 🔴 — detector loại path tự-mô-tả (`governance-detectors.ps1`, `harness-11-engine.md`, `broadcasts/**`, `runs/**`) TRƯỚC khi FLAG → 0 self-match.
- **C5 resolve-condition** 🔴 — mỗi FLAG kèm `resolve: <điều-kiện-gỡ-cờ>`. 2-strike anti-repeat = convention em-main áp (detector stateless per-run; KHÔNG over-claim mechanized-2-strike cho detector).
## PHẦN D — Engine điều-phối (🔴 FUNCTION-FLOOR)
### D.1 — Bảng-nhịp 4-lớp (SE-present, cadence-file)
- **D1 session-start = DÒ+BÁO** — `session-start.md §2.1.1` monitor RE-REPORT + §2.1.2 budget-audit + **chạy `governance-detectors.ps1` báo cờ** (KHÔNG sửa). INFORM-only.
- **D2 session-end = BẢO-TRÌ+archive** — `session-end.md §L` (byte-gate A + harvest-GATE 5-trục + gác-cờ chưa xử-lý).
- **D3 per-turn = chắt-lọc-APPEND** — harvest-LIỀN sau mỗi fan-out (`ultra-on.md` P3, C4 primary), qua em-main.
- **D4 threshold = workflow-gate** — chạm hệ-trọng → bắt qua Workflow (`hmw.js:76` checkpoint THROW = mechanized tripwire). run-id = bằng-chứng.
### D.2 — Tách-an-toàn 3-tầng (🔴 NHÃN-HOÁ EXPLICIT — đây là chuẩn-hoá H11)
> 🧪 **Phép-thử-ranh-giới tất-định:** hỏi "thao-tác này có git-diff vô-hại-ngữ-nghĩa không?" → CÓ = tầng AUTO; chạm prose/luật/con-trỏ/thẩm-quyền/copy = tầng DÒ+FLAG. KHÔNG tin nhãn "máy-móc thôi mà" — xét git-diff THẬT.
| Tầng | Cái gì | Đường-đi |
|---|---|---|
| **D5 — AUTO (semantic-null)** | dồn-archive ADDITIVE (byte-0-loss) · dựng-lại `_INDEX` · APPEND-chắt-lọc gist · đo-byte | tự-động OK (có A7 NO-API gate bảo-chứng) |
| **D6 — DÒ + NÊU-CỜ** | mọi thứ chạm prose/luật/con-trỏ-mục/thẩm-quyền/copy-chéo (3 detector C + monitor H1/H2) | chỉ FLAG → em-main soạn bản sửa (KHÔNG nhánh tự-ghi) |
| **D7 — OWNER-APPROVE** | đổi-luật · đổi-thẩm-quyền · ghi-lan derived · đổi-tên-khái-niệm · nâng-guard chính-thức | anh (project-owner) duyệt trước hiệu-lực |
### D.3 — Bốn chốt chống-tự-hỏng
- **D8 khoá-chiều 1-CHIỀU** 🔴 (codify mới H11) — DÒ chỉ đi **canonical → derived** (bắt derived cũ). **TUYỆT-ĐỐI KHÔNG** lấy giá-trị từ derived ghi ngược canonical. (Vd: detector đọc STATUS so root CLAUDE.md; KHÔNG bao giờ đọc root CLAUDE.md ghi vào STATUS.)
- **D9 chỉ-APPEND single-writer** 🔑 BAR-KHÔNG-HẠ — mọi ghi-bộ-nhớ = APPEND qua em-main; KHÔNG sub tự ghi đè memory-chính/luật. Mechanized: `store_memory` strip mọi sub (runtime S48 0/8) + hmw.js SCHEMA return-delta-only.
- **D10 ghi qua file-tool only** — Write/Edit, KHÔNG shell-append (tránh mojibake/$-expansion = gotcha #61). hmw.js:111 cấm Bash-write MD. (convention — Bash residual chưa block cứng.)
- **D11 archive = MOVE-không-XOÁ** — byte 0-loss (md5sum/grep-Fxf artifact `_ledger.md:14`).
---
## CAVEAT (trung-thực — đọc trước khi tự nhận "đã tự-bảo-trì")
- **No-OS-hook:** detector + gate chạy TRONG thân session-start/end body do em-main kích — KHÔNG fully-autonomous. Đúng mức: **DÒ tự-động + toàn-diện; SỬA + GÁC dựa người-chủ-trì.**
- **Auto-WRITE luật/copy = MỐI-NGUY #1, CỐ Ý CHƯA LÀM** — defer tới ≥2 sự-cố thật mà thủ-công thất-bại (hiện 0). Chọn nhánh chỉ-DÒ-NÊU-CỜ cho mọi thứ chạm luật/copy (1-sửa-sai → N-chỗ-sai + phá hash broadcast đóng-băng).
- **Single-writer bar-không-hạ** — cám-dỗ "để nó tự sửa cho nhanh" phải dừng trước chốt D9.
- **Detector = LƯỚI giảm-sót, KHÔNG khoá-cứng** — bắt @đầu/đóng-phiên (theo nhịp); giữa 2 nhịp có khoảng-mù. Phòng-thủ-nhiều-lớp, không bảo-đảm tuyệt-đối.
- **Nấc dogfood:** A2/A3/D4/D9/D11 = SE runtime-mechanized SẴN (H11 = chuẩn-hoá). C1-C3 + B3 + memory-archive-gate = MỚI build S75. D5-D8 + B1 = nhãn-hoá/codify cái ngầm-có. Phân-định 'detector viết-thành-lệnh' (executed-file) ≠ 'đã chạy-quan-sát' (runtime).

587
fe-admin/src/components/pe/PeDetailTabs.tsx
View File

@ -3,7 +3,7 @@
// Duyệt history + Lịch sử thay đổi → moved to Panel 3 (xem PeWorkflowPanel
// → PeApprovalsSection + PeHistorySection).
import { useEffect, useMemo, useRef, useState } from 'react'
import { useMutation, useQuery, useQueryClient } from '@tanstack/react-query'
import { useIsFetching, useMutation, useQuery, useQueryClient } from '@tanstack/react-query'
import { useNavigate } from 'react-router-dom'
import { toast } from 'sonner'
import { Check, ChevronDown, ChevronRight, Download, Eye, Paperclip, Pencil, Plus, Trash2, Upload } from 'lucide-react'
@ -126,8 +126,16 @@ export function PeDetailTabs({
// BE chặn Forbidden role khác → FE chỉ ẩn nút (UX), không phải security.
const isPro = currentUser?.roles?.includes('Procurement') ?? false
const isCcm = currentUser?.roles?.includes('CostControl') ?? false
const canToggleProUrgent = isAdmin || isPro
const canToggleCcmUrgent = isAdmin || isCcm
// [S77 Tra Sol/anh Kiệt — chốt] BẤT ĐỐI XỨNG: GẮN = NV chức năng (ai làm nấy gắn);
// GỠ = chỉ Trưởng phòng (DeptManager)/Admin (tránh NV khác lỡ tay gỡ). Nút phụ thuộc
// trạng thái hiện tại: đã gấp → cần quyền GỠ; chưa gấp → cần quyền GẮN.
const isDeptManager = currentUser?.roles?.includes('DeptManager') ?? false
const canToggleProUrgent = evaluation.isUrgentByPro
? (isAdmin || (isPro && isDeptManager))
: (isAdmin || isPro)
const canToggleCcmUrgent = evaluation.isUrgentByCcm
? (isAdmin || (isCcm && isDeptManager))
: (isAdmin || isCcm)
const v2Approvers = evaluation.currentApproval?.approvers ?? []
const actorMatchesLevel = isAdmin
|| (currentUser?.id != null && v2Approvers.some(a => a.userId === currentUser.id))
@ -198,8 +206,14 @@ export function PeDetailTabs({
if (evaluation.budgetPeriodAmount == null || evaluation.budgetPeriodAmount <= 0) {
missing.push("Chưa nhập Ngân sách kỳ này")
}
// 4. Chưa đính kèm Bảng so sánh (attachment với supplier-row null — chuẩn Section 3)
if (!evaluation.attachments?.some(a => a.purchaseEvaluationSupplierId === null)) {
// 4. Chưa đính kèm Bảng so sánh (attachment supplier-row null — chuẩn Section 3).
// S78 — loại file "đính kèm khi duyệt" (purpose=ApprovalAttachment, supplierId=null)
// khỏi check: nó KHÔNG phải bảng so sánh, không được false-pass submit-guard khi
// phiếu Trả-lại re-submit (lúc đó đã tồn tại file khi-duyệt từ vòng trước).
if (!evaluation.attachments?.some(
a => a.purchaseEvaluationSupplierId === null
&& a.purpose !== PeAttachmentPurpose.ApprovalAttachment,
)) {
missing.push("Chưa đính kèm Bảng so sánh")
}
return missing
@ -331,6 +345,20 @@ export function PeDetailTabs({
)}
</div>
{/* S77 [Bích Phượng hỏi / anh] — phiếu Trả lại ở chế độ XEM không có nút gửi
(readOnly → "Lưu & Gửi Duyệt" chỉ hiện khi Sửa). Banner hướng dẫn gửi lại
để NV khỏi lạc ("bấm nộp lần 2 chỗ nào"). */}
{evaluation.phase === PurchaseEvaluationPhase.TraLai && readOnly && (
<div className="m-4 rounded-md border border-amber-300 bg-amber-50 px-4 py-3 text-[13px] text-amber-900">
<div className="font-semibold"> Phiếu đã bị trả lại đ chỉnh sửa</div>
<div className="mt-1 leading-relaxed">
Đ <strong>gửi duyệt lại</strong>: ra <strong>danh sách</strong> bấm <strong> Sửa</strong> phiếu
này (biểu tượng bút chì) điều chỉnh nội dung cần sửa bấm <strong>Lưu &amp; Gửi Duyệt </strong>
cuối phiếu. do trả lại xem mục <strong>Lịch sử</strong> bên dưới.
</div>
</div>
)}
<div className="divide-y divide-slate-200">
{/* Section layout (Session 20 Chunk B): Hạng mục nested expand chứa NCC
(tầng 1 = hạng mục, tầng 2 = NCC tham gia + báo giá inline). NCC
@ -989,7 +1017,7 @@ function VndInlineEdit({
type="text"
inputMode="numeric"
value={text}
onChange={e => setText(e.target.value.replace(/[^\d.]/g, ''))}
onChange={e => setText(formatVndInput(parseVnd(e.target.value)))}
placeholder="0"
aria-label={label}
className="h-7 pr-6 font-mono text-right text-[13px]"
@ -1010,7 +1038,7 @@ function VndInlineEdit({
// 1 dòng bảng — label trái | value phải (right-align) | cột 3 (% hoặc ghi chú).
// tone: 'brand' = nền brand đậm chữ trắng (dòng tổng) · 'brand-soft' = nền brand-50.
function BudgetRow({
label, sub, value, third, tone, danger, mono = true,
label, sub, value, third, tone, danger, mono = true, indent = false,
}: {
label: React.ReactNode
sub?: React.ReactNode
@ -1019,6 +1047,8 @@ function BudgetRow({
tone?: 'brand' | 'brand-soft' | 'blue-soft'
danger?: boolean
mono?: boolean
/** [S77 Tra Sol] mục con (không có số) → thụt dòng + gạch đầu dòng phân biệt với mục cha có số. */
indent?: boolean
}) {
const toneCls =
tone === 'brand' ? 'bg-[#1F7DC1] text-white font-semibold'
@ -1027,8 +1057,10 @@ function BudgetRow({
: ''
return (
<div className={cn('flex items-start gap-2 border-b border-slate-100 px-3 py-1.5 text-[13px]', toneCls)}>
<div className="min-w-0 flex-1">
<div className={cn(tone === 'brand' ? 'text-white' : 'text-slate-700')}>{label}</div>
<div className={cn('min-w-0 flex-1', indent && 'pl-5')}>
<div className={cn(tone === 'brand' ? 'text-white' : 'text-slate-700')}>
{indent && <span className="mr-1 text-slate-400"></span>}{label}
</div>
{sub && <div className={cn('text-[10px]', tone === 'brand' ? 'text-white/70' : 'text-slate-400')}>{sub}</div>}
</div>
<div className={cn(
@ -1057,9 +1089,106 @@ function BudgetBlockHeader({ children }: { children: React.ReactNode }) {
)
}
// [S76] Ô tiền compact cho ma trận 3 cột — editable (input + nút Lưu) hoặc display.
// allowNegative cho "hiệu chỉnh tăng giảm" (nút ± đảo dấu). onSave nhận number|null.
function BudgetCell({ value, editable, allowNegative = false, saving, onSave }: {
value: number | null
editable: boolean
allowNegative?: boolean
saving: boolean
onSave: (v: number | null) => void
}) {
const [text, setText] = useState(value != null ? Math.abs(value).toLocaleString('vi-VN') : '')
const [neg, setNeg] = useState((value ?? 0) < 0)
useEffect(() => {
setText(value != null ? Math.abs(value).toLocaleString('vi-VN') : '')
setNeg((value ?? 0) < 0)
}, [value])
if (!editable) {
return value != null
? <span className={cn('font-mono text-[13px] tabular-nums', value < 0 && 'text-red-600')}>{fmtVndSigned(value)}</span>
: <span className="text-slate-300"></span>
}
const parse = (): number | null => {
const n = parseVnd(text)
if (n === 0 && text.trim() === '') return null
return allowNegative && neg ? -n : n
}
const dirty = parse() !== value
return (
<div className="space-y-1">
<div className="flex items-center gap-1">
{allowNegative && (
<button
type="button"
onClick={() => setNeg(v => !v)}
className={cn('h-7 w-7 shrink-0 rounded border text-[11px] font-bold',
neg ? 'border-red-300 bg-red-50 text-red-600' : 'border-slate-300 text-slate-400')}
title="Đảo dấu âm/dương"
>
{neg ? '' : '+'}
</button>
)}
<Input
type="text"
inputMode="numeric"
value={text}
onChange={e => setText(formatVndInput(parseVnd(e.target.value)))}
placeholder="0"
className="h-7 min-w-0 flex-1 px-1.5 text-right font-mono text-[12px]"
/>
</div>
<div className="flex justify-end">
<Button onClick={() => onSave(parse())} disabled={!dirty || saving} className="h-6 px-2 text-[10px]">
{saving ? '…' : 'Lưu'}
</Button>
</div>
</div>
)
}
// [S76] Ô ghi chú phòng (Ghi chú từ PRO / từ CCM) — Textarea editable hoặc text display.
// Đặt trong <td colSpan> của bảng ngân sách (không bọc row riêng).
function BudgetNoteCell({ editable, value, setValue, savedValue, saving, onSave }: {
editable: boolean
value: string
setValue: (v: string) => void
savedValue: string | null
saving: boolean
onSave: () => void
}) {
if (!editable) {
return (
<div className="whitespace-pre-wrap px-2 py-1.5 text-[12px] text-slate-600">
{savedValue || <span className="text-slate-400"></span>}
</div>
)
}
return (
<div className="space-y-1 px-2 py-1.5">
<textarea
value={value}
onChange={e => setValue(e.target.value)}
placeholder="Ghi chú…"
rows={2}
className="w-full rounded border border-slate-300 px-2 py-1 text-[12px]"
/>
<div className="flex justify-end">
<Button onClick={onSave} disabled={value === (savedValue ?? '') || saving} className="h-6 px-2 text-[11px]">
{saving ? '…' : 'Lưu ghi chú'}
</Button>
</div>
</div>
)
}
function PeBudgetSummaryTable({ ev, readOnly }: { ev: PeDetailBundle; readOnly: boolean }) {
const qc = useQueryClient()
const bs = ev.budgetSummary
// [S76] Khoá nút Lưu trong lúc pe-detail đang refetch (sau mỗi save) — đóng cửa-sổ
// stale-echo: tránh lưu 1 ô khi bs (server snapshot) chưa cập nhật → đè field anh-em
// (vd lưu PRO ban hành xong, lưu PRO hiệu chỉnh ngay sẽ echo bs.proInitial CŨ).
const peFetching = useIsFetching({ queryKey: ['pe-detail', ev.id] }) > 0
// Drafter nhập được row3 (NS kỳ này) + row8 (giá trị thực hiện dự kiến còn lại)
// khi phiếu DangSoanThao/TraLai + !readOnly. Mirror predicate row3/row8 spec.
@ -1070,16 +1199,16 @@ function PeBudgetSummaryTable({ ev, readOnly }: { ev: PeDetailBundle; readOnly:
qc.invalidateQueries({ queryKey: ['pe-list'] })
}
// PUT /budget/pro — chỉ khi canEditPro. proEstimateAmount + proNote.
// PUT /budget/pro — chỉ khi canEditPro. [S76] proInitial + proAdjust + proNote.
const proMut = useMutation({
mutationFn: async (body: { proEstimateAmount: number | null; proNote: string | null }) =>
mutationFn: async (body: { proInitialAmount: number | null; proAdjustmentAmount: number | null; proNote: string | null }) =>
api.put(`/purchase-evaluations/${ev.id}/budget/pro`, body),
onSuccess: () => { toast.success('Đã lưu ngân sách PRO'); invalidate() },
onError: e => toast.error(getErrorMessage(e)),
})
// PUT /budget/ccm — chỉ khi canEditCcm. initialAmount + adjustmentAmount.
const ccmMut = useMutation({
mutationFn: async (body: { initialAmount: number | null; adjustmentAmount: number | null }) =>
mutationFn: async (body: { initialAmount: number | null; adjustmentAmount: number | null; ccmNote: string | null }) =>
api.put(`/purchase-evaluations/${ev.id}/budget/ccm`, body),
onSuccess: () => { toast.success('Đã lưu ngân sách ban hành'); invalidate() },
onError: e => toast.error(getErrorMessage(e)),
@ -1097,6 +1226,9 @@ function PeBudgetSummaryTable({ ev, readOnly }: { ev: PeDetailBundle; readOnly:
// proNote inline-edit state (Textarea — không dùng VndInlineEdit)
const [proNoteText, setProNoteText] = useState(bs?.proNote ?? '')
useEffect(() => { setProNoteText(bs?.proNote ?? '') }, [bs?.proNote])
// ccmNote inline-edit state (mirror proNoteText) — [Mig anh Kiệt FDC]
const [ccmNoteText, setCcmNoteText] = useState(bs?.ccmNote ?? '')
useEffect(() => { setCcmNoteText(bs?.ccmNote ?? '') }, [bs?.ccmNote])
// Phiếu cũ chưa gắn Hạng mục công việc → budgetSummary null.
if (!bs) {
@ -1109,6 +1241,12 @@ function PeBudgetSummaryTable({ ev, readOnly }: { ev: PeDetailBundle; readOnly:
// ===== Số liệu Excel =====
const full = bs.fullAmount
// [S76] Full mỗi cột (ma trận A) = ban hành + hiệu chỉnh của cột đó.
const proFull = (bs.proInitialAmount ?? 0) + (bs.proAdjustmentAmount ?? 0)
const ccmFull = (bs.initialAmount ?? 0) + (bs.adjustmentAmount ?? 0)
// Cột "có dữ liệu" = đã nhập ban hành HOẶC hiệu chỉnh → hiện full (kể cả 0/âm); else "—".
const proHasData = bs.proInitialAmount != null || bs.proAdjustmentAmount != null
const ccmHasData = bs.initialAmount != null || bs.adjustmentAmount != null
const row1 = bs.previousSubmittedTotal // Ngân sách trình duyệt trước
const row2 = bs.previousSelectedTotal // Kỳ trước đã chọn thầu
const row3 = ev.budgetPeriodAmount ?? 0 // Ngân sách - kỳ này (drafter)
@ -1146,100 +1284,109 @@ function PeBudgetSummaryTable({ ev, readOnly }: { ev: PeDetailBundle; readOnly:
</div>
)}
{/* ===== Block A — NGÂN SÁCH (gói thầu) ===== */}
<BudgetBlockHeader>A. Ngân sách (gói thầu)</BudgetBlockHeader>
{/* ===== Block A — NGÂN SÁCH gói thầu: BẢNG LƯỚI 3 cột (DỰ ÁN | PRO | CCM) =====
[S76 anh Kiệt FDC] <table> viền ô đầy đủ giống file Excel. Mỗi phòng nhập+điều
chỉnh cột CHÍNH mình (role-gate): PRO→cột PRO (canEditPro) · CCM→cột CCM
(canEditCcm) · DỰ ÁN hiển-thị-only (—, sau có người dự án nhập). Full mỗi cột
= ban hành + hiệu chỉnh. */}
<BudgetBlockHeader>A. Ngân sách (gói thầu / gói vật )</BudgetBlockHeader>
{/* Dòng 1 — Ngân sách (full gói thầu) — brand đậm */}
<BudgetRow
tone="brand"
label={
<span className="inline-flex items-center gap-2">
Ngân sách (full gói thầu)
{bs.fullIsEstimate && (
<span className="rounded bg-white/20 px-1.5 py-0.5 text-[9px] font-semibold uppercase">ngân sách PRO</span>
)}
</span>
}
value={fmtVnd(full)}
/>
{/* Dòng 2 — Ban hành lần đầu (CCM editable) */}
<BudgetRow
label="Ngân sách Ban hành lần đầu"
value={
bs.canEditCcm ? (
<VndInlineEdit
initial={bs.initialAmount}
saving={ccmMut.isPending}
label="Ngân sách ban hành lần đầu"
onSave={v => ccmMut.mutate({ initialAmount: v, adjustmentAmount: bs.adjustmentAmount })}
/>
) : bs.initialAmount != null ? fmtVnd(bs.initialAmount) : <span className="text-slate-400"></span>
}
/>
{/* Dòng 3 — Hiệu chỉnh V0 tăng giảm (CCM editable, cho phép âm) */}
<BudgetRow
label="Ngân sách V0 / hiệu chỉnh tăng giảm"
value={
bs.canEditCcm ? (
<VndInlineEdit
initial={bs.adjustmentAmount}
allowNegative
saving={ccmMut.isPending}
label="Ngân sách hiệu chỉnh tăng giảm"
onSave={v => ccmMut.mutate({ initialAmount: bs.initialAmount, adjustmentAmount: v })}
/>
) : bs.adjustmentAmount != null ? (
<span className={cn(bs.adjustmentAmount < 0 && 'text-red-600')}>{fmtVndSigned(bs.adjustmentAmount)}</span>
) : <span className="text-slate-400"></span>
}
/>
{/* Dòng 4 — Dự trù PRO (PRO editable) */}
<BudgetRow
label="Ngân sách PRO"
value={
bs.canEditPro ? (
<VndInlineEdit
initial={bs.proEstimateAmount}
saving={proMut.isPending}
label="Ngân sách PRO"
onSave={v => proMut.mutate({ proEstimateAmount: v, proNote: proNoteText || null })}
/>
) : bs.proEstimateAmount != null ? fmtVnd(bs.proEstimateAmount) : <span className="text-slate-400"></span>
}
/>
{/* Dòng 5 — Ghi chú từ PRO (PRO editable — Textarea) */}
<div className="flex items-start gap-2 border-b border-slate-100 px-3 py-1.5 text-[13px]">
<div className="min-w-0 flex-1 text-slate-700">Ghi chú từ PRO</div>
<div className="w-72 shrink-0">
{bs.canEditPro ? (
<div className="space-y-1">
<textarea
value={proNoteText}
onChange={e => setProNoteText(e.target.value)}
placeholder="Ghi chú dự trù…"
rows={2}
className="w-full rounded border border-slate-300 px-2 py-1 text-[12px]"
/>
<div className="flex justify-end">
<Button
onClick={() => proMut.mutate({ proEstimateAmount: bs.proEstimateAmount, proNote: proNoteText || null })}
disabled={proNoteText === (bs.proNote ?? '') || proMut.isPending}
className="h-6 px-2 text-[11px]"
>
{proMut.isPending ? '…' : 'Lưu ghi chú'}
</Button>
</div>
</div>
) : (
<div className="whitespace-pre-wrap text-right text-[12px] text-slate-600">
{bs.proNote || <span className="text-slate-400"></span>}
</div>
)}
</div>
<div className="overflow-x-auto">
<table className="w-full border-collapse text-[13px]">
<thead>
<tr className="bg-slate-100 text-[11px] font-semibold uppercase tracking-wide text-slate-600">
<th className="border border-slate-300 px-3 py-1.5 text-left">Khoản mục</th>
<th className="w-20 border border-slate-300 px-2 py-1.5 text-center">Dự án</th>
<th className="w-40 border border-slate-300 px-2 py-1.5 text-center">PRO</th>
<th className="w-40 border border-slate-300 px-2 py-1.5 text-center">CCM</th>
</tr>
</thead>
<tbody>
{/* Ngân sách full (= ban hành + hiệu chỉnh) mỗi cột */}
<tr className="bg-[#1F7DC1]/10 font-semibold">
<td className="border border-slate-300 px-3 py-2 text-slate-800">Ngân sách (full gói thầu / gói vật )</td>
<td className="border border-slate-300 px-2 py-2 text-right text-slate-300"></td>
<td className="border border-slate-300 px-2 py-2 text-right font-mono font-bold tabular-nums text-slate-900">
{proHasData ? fmtVnd(proFull) : <span className="text-slate-300"></span>}
</td>
<td className="border border-slate-300 px-2 py-2 text-right font-mono font-bold tabular-nums text-slate-900">
{ccmHasData ? fmtVnd(ccmFull) : <span className="text-slate-300"></span>}
</td>
</tr>
{/* Ban hành lần đầu */}
<tr>
<td className="border border-slate-300 px-3 py-1.5 pl-8 text-slate-700"> Ngân sách Ban hành lần đu</td>
<td className="border border-slate-300 px-2 py-1.5 text-right text-slate-300"></td>
<td className="border border-slate-300 px-1.5 py-1.5 text-right align-top">
<BudgetCell
value={bs.proInitialAmount}
editable={bs.canEditPro}
saving={proMut.isPending || peFetching}
onSave={v => proMut.mutate({ proInitialAmount: v, proAdjustmentAmount: bs.proAdjustmentAmount, proNote: bs.proNote })}
/>
</td>
<td className="border border-slate-300 px-1.5 py-1.5 text-right align-top">
<BudgetCell
value={bs.initialAmount}
editable={bs.canEditCcm}
saving={ccmMut.isPending || peFetching}
onSave={v => ccmMut.mutate({ initialAmount: v, adjustmentAmount: bs.adjustmentAmount, ccmNote: bs.ccmNote })}
/>
</td>
</tr>
{/* V0 / hiệu chỉnh tăng giảm (cho phép ÂM) */}
<tr>
<td className="border border-slate-300 px-3 py-1.5 pl-8 text-slate-700"> Ngân sách V0 / hiệu chỉnh tăng giảm</td>
<td className="border border-slate-300 px-2 py-1.5 text-right text-slate-300"></td>
<td className="border border-slate-300 px-1.5 py-1.5 text-right align-top">
<BudgetCell
value={bs.proAdjustmentAmount}
editable={bs.canEditPro}
allowNegative
saving={proMut.isPending || peFetching}
onSave={v => proMut.mutate({ proInitialAmount: bs.proInitialAmount, proAdjustmentAmount: v, proNote: bs.proNote })}
/>
</td>
<td className="border border-slate-300 px-1.5 py-1.5 text-right align-top">
<BudgetCell
value={bs.adjustmentAmount}
editable={bs.canEditCcm}
allowNegative
saving={ccmMut.isPending || peFetching}
onSave={v => ccmMut.mutate({ initialAmount: bs.initialAmount, adjustmentAmount: v, ccmNote: bs.ccmNote })}
/>
</td>
</tr>
{/* Ghi chú từ PRO (span 3 cột giá trị) */}
<tr>
<td className="border border-slate-300 px-3 py-1.5 align-top text-slate-700">Ghi chú từ PRO</td>
<td className="border border-slate-300" colSpan={3}>
<BudgetNoteCell
editable={bs.canEditPro}
value={proNoteText}
setValue={setProNoteText}
savedValue={bs.proNote}
saving={proMut.isPending || peFetching}
onSave={() => proMut.mutate({ proInitialAmount: bs.proInitialAmount, proAdjustmentAmount: bs.proAdjustmentAmount, proNote: proNoteText || null })}
/>
</td>
</tr>
{/* Ghi chú từ CCM (span 3 cột giá trị) */}
<tr>
<td className="border border-slate-300 px-3 py-1.5 align-top text-slate-700">Ghi chú từ CCM</td>
<td className="border border-slate-300" colSpan={3}>
<BudgetNoteCell
editable={bs.canEditCcm}
value={ccmNoteText}
setValue={setCcmNoteText}
savedValue={bs.ccmNote}
saving={ccmMut.isPending || peFetching}
onSave={() => ccmMut.mutate({ initialAmount: bs.initialAmount, adjustmentAmount: bs.adjustmentAmount, ccmNote: ccmNoteText || null })}
/>
</td>
</tr>
</tbody>
</table>
</div>
{/* ===== Block B — THỰC HIỆN ===== */}
@ -1290,6 +1437,7 @@ function PeBudgetSummaryTable({ ev, readOnly }: { ev: PeDetailBundle; readOnly:
<BudgetRow
tone="blue-soft"
label="Giá trị kỳ này"
indent
value={
proposalOver ? (
<span className="inline-block rounded bg-[#C00000] px-2 py-0.5 font-bold text-white">{fmtVnd(row4)}</span>
@ -1299,6 +1447,7 @@ function PeBudgetSummaryTable({ ev, readOnly }: { ev: PeDetailBundle; readOnly:
<BudgetRow
tone="blue-soft"
label="So sánh với ngân sách kỳ này"
indent
sub="= 3 4"
value={<span className={cn(cmpPeriod < 0 && 'font-semibold text-red-600')}>{fmtVndSigned(cmpPeriod)}</span>}
third={fmtPct(cmpPeriod, row3) ?? undefined}
@ -1320,6 +1469,7 @@ function PeBudgetSummaryTable({ ev, readOnly }: { ev: PeDetailBundle; readOnly:
/>
<BudgetRow
label="So với NS"
indent
sub="= 5 6"
value={<span className={cn(cmp56 < 0 && 'font-semibold text-red-600')}>{fmtVndSigned(cmp56)}</span>}
third={fmtPct(cmp56, row5) ?? undefined}
@ -1330,7 +1480,7 @@ function PeBudgetSummaryTable({ ev, readOnly }: { ev: PeDetailBundle; readOnly:
<BudgetRow
label="7. Ngân sách còn lại"
sub="= Ngân sách full 5"
value={fmtVnd(row7)}
value={<span className={cn(row7 < 0 && 'font-semibold text-red-600')}>{fmtVndSigned(row7)}</span>}
third={fmtPct(row7, full) ?? undefined}
/>
@ -1353,8 +1503,8 @@ function PeBudgetSummaryTable({ ev, readOnly }: { ev: PeDetailBundle; readOnly:
onSave={v => adjustMut.mutate({ budgetPeriodAmount: ev.budgetPeriodAmount, expectedRemainingAmount: v })}
/>
) : (
<span className={cn('font-mono tabular-nums', remainingOver ? 'font-semibold text-red-700' : 'text-slate-900')}>
{fmtVnd(row8)}
<span className={cn('font-mono tabular-nums', row8 < 0 ? 'font-semibold text-red-600' : remainingOver ? 'font-semibold text-red-700' : 'text-slate-900')}>
{fmtVndSigned(row8)}
</span>
)}
</div>
@ -1366,11 +1516,12 @@ function PeBudgetSummaryTable({ ev, readOnly }: { ev: PeDetailBundle; readOnly:
tone="brand"
label="9. Giá trị tổng thực hiện dự kiến"
sub="= 4 + 8"
value={fmtVnd(row9)}
value={<span className={cn(row9 < 0 && 'font-bold text-red-600')}>{fmtVndSigned(row9)}</span>}
/>
<BudgetRow
tone="brand-soft"
label="So sánh với Ngân sách full"
indent
sub="= Ngân sách full 9"
value={<span className={cn(cmpFull < 0 && 'font-bold text-red-600')}>{fmtVndSigned(cmpFull)}</span>}
third={fmtPct(cmpFull, full) ?? undefined}
@ -1380,6 +1531,212 @@ function PeBudgetSummaryTable({ ev, readOnly }: { ev: PeDetailBundle; readOnly:
)
}
// [Mig 54 2026-06-18 — anh Kiệt FDC] Giá đề xuất tại khối "c. Giá chào thầu".
// PRO nhập dải Min/Max (PUT /suggested-price/pro {minPrice,maxPrice}); CCM nhập 1
// giá (PUT /suggested-price/ccm {ccmPrice}). Role-gate qua canEditPro/CcmSuggestedPrice
// (BE-computed capability — mirror budget PRO/CCM, KHÔNG ràng phase). Read-only khi
// !canEdit → hiện text giá. Khi DaDuyet + approvedPriceAmount → dòng "Giá chốt duyệt".
const APPROVED_PRICE_SOURCE_LABEL: Record<string, string> = {
Ncc: 'Giá NCC',
ProMin: 'PRO Min',
ProMax: 'PRO Max',
Ccm: 'CCM',
}
function SuggestedPriceRows({ ev, readOnly }: { ev: PeDetailBundle; readOnly: boolean }) {
const qc = useQueryClient()
const invalidate = () => {
qc.invalidateQueries({ queryKey: ['pe-detail', ev.id] })
qc.invalidateQueries({ queryKey: ['pe-list'] })
}
// PRO Min/Max + note — ABSOLUTE SET cả 3 field (mirror S74 CcmNote: field không đổi
// echo giá trị hiện tại để không bị clear). Lưu giá → echo note hiện tại; lưu note →
// echo min/max hiện tại.
const proPriceMut = useMutation({
mutationFn: async (body: { minPrice: number | null; maxPrice: number | null; note: string | null }) =>
api.put(`/purchase-evaluations/${ev.id}/suggested-price/pro`, body),
onSuccess: () => { toast.success('Đã lưu giá đề xuất (PRO)'); invalidate() },
onError: e => toast.error(getErrorMessage(e)),
})
const ccmPriceMut = useMutation({
mutationFn: async (body: { ccmPrice: number | null; note: string | null }) =>
api.put(`/purchase-evaluations/${ev.id}/suggested-price/ccm`, body),
onSuccess: () => { toast.success('Đã lưu giá đề xuất (CCM)'); invalidate() },
onError: e => toast.error(getErrorMessage(e)),
})
const canEditPro = !readOnly && ev.canEditProSuggestedPrice
const canEditCcm = !readOnly && ev.canEditCcmSuggestedPrice
// Ghi chú PRO/CCM inline-edit state (Textarea). Echo cùng body absolute-set khi lưu giá.
const [proNoteText, setProNoteText] = useState(ev.proSuggestedPriceNote ?? '')
useEffect(() => { setProNoteText(ev.proSuggestedPriceNote ?? '') }, [ev.proSuggestedPriceNote])
const [ccmNoteText, setCcmNoteText] = useState(ev.ccmSuggestedPriceNote ?? '')
useEffect(() => { setCcmNoteText(ev.ccmSuggestedPriceNote ?? '') }, [ev.ccmSuggestedPriceNote])
// [gotcha #70] khoá nút Lưu tới khi pe-detail refetch land — lưu giá xong lưu
// ghi chú ngay (hoặc ngược lại) sẽ echo ev.* CŨ từ snapshot → mất dữ liệu.
// Mirror peFetching của bảng ngân sách (S76).
const peFetching = useIsFetching({ queryKey: ['pe-detail', ev.id] }) > 0
const hasAnyValue = ev.proSuggestedMinPrice != null
|| ev.proSuggestedMaxPrice != null
|| ev.ccmSuggestedPrice != null
|| !!ev.proSuggestedPriceNote
|| !!ev.ccmSuggestedPriceNote
const approved = ev.phase === PurchaseEvaluationPhase.DaDuyet && ev.approvedPriceAmount != null
// Ẩn hoàn toàn khi không edit được + chưa có giá nào + chưa chốt → tránh khối rỗng.
if (!canEditPro && !canEditCcm && !hasAnyValue && !approved) return null
return (
<div className="space-y-2 rounded-lg border border-slate-200 bg-slate-50/60 px-3 py-2.5">
<div className="text-[11px] font-semibold uppercase tracking-wide text-slate-500">
Giá đ xuất (ngoài giá chào thầu)
</div>
{/* PRO — Giá Min / Giá Max */}
<div className="flex items-start gap-3 text-[12px]">
<span className="w-44 shrink-0 pt-1 text-slate-500">Giá đ xuất (PRO)</span>
<div className="min-w-0 flex-1 space-y-1.5">
<div className="flex items-center gap-2">
<span className="w-12 shrink-0 text-[11px] text-slate-500">Min</span>
{canEditPro ? (
<VndInlineEdit
initial={ev.proSuggestedMinPrice}
saving={proPriceMut.isPending || peFetching}
label="Giá đề xuất PRO — Min"
onSave={v => proPriceMut.mutate({ minPrice: v, maxPrice: ev.proSuggestedMaxPrice, note: ev.proSuggestedPriceNote })}
/>
) : (
<span className="font-semibold text-slate-800">
{ev.proSuggestedMinPrice != null ? fmtVnd(ev.proSuggestedMinPrice) : <span className="font-normal text-slate-400"></span>}
</span>
)}
</div>
<div className="flex items-center gap-2">
<span className="w-12 shrink-0 text-[11px] text-slate-500">Max</span>
{canEditPro ? (
<VndInlineEdit
initial={ev.proSuggestedMaxPrice}
saving={proPriceMut.isPending || peFetching}
label="Giá đề xuất PRO — Max"
onSave={v => proPriceMut.mutate({ minPrice: ev.proSuggestedMinPrice, maxPrice: v, note: ev.proSuggestedPriceNote })}
/>
) : (
<span className="font-semibold text-slate-800">
{ev.proSuggestedMaxPrice != null ? fmtVnd(ev.proSuggestedMaxPrice) : <span className="font-normal text-slate-400"></span>}
</span>
)}
</div>
</div>
</div>
{/* Ghi chú PRO — vì sao chọn Min/Max. Editable khi canEditPro (Textarea + nút Lưu),
read-only hiện text khi có note. Lưu qua proPriceMut (echo min/max hiện tại). */}
{(canEditPro || ev.proSuggestedPriceNote) && (
<div className="flex items-start gap-3 text-[12px]">
<span className="w-44 shrink-0 pt-1 text-slate-500">Ghi chú (PRO)</span>
<div className="min-w-0 flex-1">
{canEditPro ? (
<div className="space-y-1">
<textarea
value={proNoteText}
onChange={e => setProNoteText(e.target.value)}
placeholder="Ghi chú: vì sao chọn Min / Max…"
rows={2}
className="w-full rounded border border-slate-300 px-2 py-1 text-[12px]"
/>
<div className="flex justify-end">
<Button
onClick={() => proPriceMut.mutate({
minPrice: ev.proSuggestedMinPrice,
maxPrice: ev.proSuggestedMaxPrice,
note: proNoteText.trim() || null,
})}
disabled={proNoteText === (ev.proSuggestedPriceNote ?? '') || proPriceMut.isPending || peFetching}
className="h-6 px-2 text-[11px]"
>
{proPriceMut.isPending ? '…' : 'Lưu ghi chú'}
</Button>
</div>
</div>
) : (
<p className="whitespace-pre-wrap text-slate-700">{ev.proSuggestedPriceNote}</p>
)}
</div>
</div>
)}
{/* CCM — 1 giá */}
<div className="flex items-center gap-3 text-[12px]">
<span className="w-44 shrink-0 text-slate-500">Giá đ xuất (CCM)</span>
<div className="min-w-0 flex-1">
{canEditCcm ? (
<VndInlineEdit
initial={ev.ccmSuggestedPrice}
saving={ccmPriceMut.isPending || peFetching}
label="Giá đề xuất CCM"
onSave={v => ccmPriceMut.mutate({ ccmPrice: v, note: ev.ccmSuggestedPriceNote })}
/>
) : (
<span className="font-semibold text-slate-800">
{ev.ccmSuggestedPrice != null ? fmtVnd(ev.ccmSuggestedPrice) : <span className="font-normal text-slate-400"></span>}
</span>
)}
</div>
</div>
{/* Ghi chú CCM — vì sao 1 giá. Editable khi canEditCcm, read-only hiện text khi có note.
Lưu qua ccmPriceMut (echo ccmPrice hiện tại). */}
{(canEditCcm || ev.ccmSuggestedPriceNote) && (
<div className="flex items-start gap-3 text-[12px]">
<span className="w-44 shrink-0 pt-1 text-slate-500">Ghi chú (CCM)</span>
<div className="min-w-0 flex-1">
{canEditCcm ? (
<div className="space-y-1">
<textarea
value={ccmNoteText}
onChange={e => setCcmNoteText(e.target.value)}
placeholder="Ghi chú: vì sao chọn mức giá này…"
rows={2}
className="w-full rounded border border-slate-300 px-2 py-1 text-[12px]"
/>
<div className="flex justify-end">
<Button
onClick={() => ccmPriceMut.mutate({
ccmPrice: ev.ccmSuggestedPrice,
note: ccmNoteText.trim() || null,
})}
disabled={ccmNoteText === (ev.ccmSuggestedPriceNote ?? '') || ccmPriceMut.isPending || peFetching}
className="h-6 px-2 text-[11px]"
>
{ccmPriceMut.isPending ? '…' : 'Lưu ghi chú'}
</Button>
</div>
</div>
) : (
<p className="whitespace-pre-wrap text-slate-700">{ev.ccmSuggestedPriceNote}</p>
)}
</div>
</div>
)}
{/* Giá CHỐT duyệt — chỉ khi DaDuyet + approvedPriceAmount != null. */}
{approved && (
<div className="flex items-center gap-3 rounded border border-emerald-200 bg-emerald-50 px-2 py-1.5 text-[12px]">
<span className="w-44 shrink-0 font-medium text-emerald-800">Giá chốt duyệt</span>
<span className="min-w-0 flex-1 font-semibold text-emerald-900">
{fmtVnd(ev.approvedPriceAmount!)}
{ev.approvedPriceSource && (
<span className="ml-2 rounded bg-emerald-100 px-1.5 py-0.5 text-[10px] font-medium text-emerald-700">
{APPROVED_PRICE_SOURCE_LABEL[ev.approvedPriceSource] ?? ev.approvedPriceSource}
</span>
)}
</span>
</div>
)}
</div>
)
}
// ===== Section 2 — Chọn NCC/TP (spec: a/b/c/d) =====
function ChonNccSection({ ev, readOnly = false }: { ev: PeDetailBundle; readOnly?: boolean }) {
const canCreateContract = !readOnly && ev.phase === PurchaseEvaluationPhase.DaDuyet && !ev.contractId && ev.selectedSupplierId
@ -1392,9 +1749,11 @@ function ChonNccSection({ ev, readOnly = false }: { ev: PeDetailBundle; readOnly
: null
const giaChaoThau = computeGiaChaoThau(ev)
// d. Bản so sánh — attachments với purpose=ComparisonTable hoặc supplier-row null
// d. Bản so sánh — attachments supplier-row null, NHƯNG loại file "đính kèm khi
// duyệt" (S78 — purpose=ApprovalAttachment cũng supplierId=null) khỏi section này.
const banSoSanhAttachments = ev.attachments.filter(
a => a.purchaseEvaluationSupplierId === null,
a => a.purchaseEvaluationSupplierId === null
&& a.purpose !== PeAttachmentPurpose.ApprovalAttachment,
)
return (
@ -1415,9 +1774,13 @@ function ChonNccSection({ ev, readOnly = false }: { ev: PeDetailBundle; readOnly
)
}
/>
{/* [Mig 54 2026-06-18 — anh Kiệt FDC] Giá đề xuất PRO (Min/Max) + CCM —
NGOÀI giá NCC. Role-gate qua canEditPro/CcmSuggestedPrice (mirror budget,
KHÔNG ràng phase). Khi DaDuyet + approvedPriceAmount → show giá chốt + nguồn. */}
<SuggestedPriceRows ev={ev} readOnly={readOnly} />
<div>
<div className="flex gap-3">
<span className="w-44 shrink-0 text-[12px] text-slate-500">d. Bản so sánh</span>
<span className="w-44 shrink-0 text-[12px] text-slate-500">d. Bảng so sánh giá</span>
<div className="min-w-0 flex-1">
<GeneralAttachmentsSection
evaluationId={ev.id}

6
fe-admin/src/components/pe/PeListPanel.tsx
View File

@ -25,6 +25,7 @@ import {
isEditablePhase,
type PeListItem,
} from '@/types/purchaseEvaluation'
import { PeUrgentChips } from '@/components/pe/PeUrgentChips'
export function PeListPanel({
typeFilter,
@ -155,7 +156,10 @@ export function PeListPanel({
>
<div className="flex items-start justify-between gap-2">
<div className="min-w-0 flex-1">
<div className="truncate text-[13px] font-medium text-slate-900">{p.tenGoiThau}</div>
<div className="flex min-w-0 items-center gap-1 text-[13px] font-medium text-slate-900">
<PeUrgentChips isUrgentByPro={p.isUrgentByPro} isUrgentByCcm={p.isUrgentByCcm} />
<span className="truncate">{p.tenGoiThau}</span>
</div>
<div className="mt-0.5 flex items-center gap-1.5 text-[11px] text-slate-500">
<span className="font-mono">{p.maPhieu ?? '—'}</span>
<span>·</span>

38
fe-admin/src/components/pe/PeUrgentChips.tsx Normal file
View File

@ -0,0 +1,38 @@
// PE — chip cờ gấp: 🔴 GẤP (PRO) / 🟢 GẤP (CCM).
// SINGLE SOURCE OF TRUTH cho pill cờ gấp dùng ở MỌI danh sách phiếu (cây danh
// sách + picker workspace/chờ-duyệt + inbox) để CEO/người duyệt nhìn thấy
// urgency "từ ngoài" mà KHÔNG cần mở phiếu (anh Kiệt FDC, S77). Style khớp badge
// header PeDetailTabs (đã live S69) → đồng bộ toàn app, đổi 1 chỗ áp mọi nơi.
import { cn } from '@/lib/cn'
export function PeUrgentChips({
isUrgentByPro,
isUrgentByCcm,
className,
}: {
isUrgentByPro?: boolean
isUrgentByCcm?: boolean
className?: string
}) {
if (!isUrgentByPro && !isUrgentByCcm) return null
return (
<span className={cn('inline-flex shrink-0 items-center gap-1', className)}>
{isUrgentByPro && (
<span
className="inline-flex shrink-0 items-center rounded bg-red-100 px-1.5 py-0.5 text-[11px] font-semibold text-red-700"
title="GẤP — Phòng Cung ứng (PRO) đánh dấu"
>
🔴 GẤP (PRO)
</span>
)}
{isUrgentByCcm && (
<span
className="inline-flex shrink-0 items-center rounded bg-green-100 px-1.5 py-0.5 text-[11px] font-semibold text-green-700"
title="GẤP — Phòng Kiểm soát chi phí (CCM) đánh dấu"
>
🟢 GẤP (CCM)
</span>
)}
</span>
)
}

Some files were not shown because too many files have changed in this diff Show More