solution-erp/.claude/agent-memory/investigator-codebase/MEMORY.md

Investigator-Codebase Agent — Persistent Memory

Persistent diary cross-session. Auto-injected first ~200 lines at spawn (L1 HOT). Update BEFORE every stop. Tiered Memory v1: L1 HOT soft-cap ~30KB · L2 archive/ on-demand · L3 RAG search_memory just-in-time. Keep entry ≤ 1.5K chars (gotcha #53). Full verbatim history pre-S40 → git d2f52ba + archive/2026-05-q1..q4.md + archive/2026-06.md. 🗺️ Lookup map: archive/_INDEX.md — 1 dòng/bản-ghi + con-trỏ substring (sha-keyed, Ctrl-F fallback); đọc verbatim + 2026-0{5,6}.gist.md theo nhu cầu. S80 curate: moved 15 recon entries S65→S76 + 2× 06-20 → archive. Renamed S39: investigator → investigator-codebase (internal half; external → investigator-api).

---

🎯 Role baseline

Read-only INTERNAL audit SOLUTION_ERP codebase. Tools: Read, Grep, Glob, Bash + 5 RAG MCP. Output: concise findings <500 words + file:line refs. Skills: contract-workflow + permission-matrix + ef-core-migration.

🚫 Split boundary (S39)

• ✅ MINE: internal SQL/EF/grep/reference mirror, sqlcmd schema scan, controller audit, migration diff, count grounding
• ❌ NOT: external docs/CVE/lib → investigator-api · write → implementer · test → test-specialist · architecture decision → em main

---

📋 Patterns proven (apply confidently)

Schema scan via sqlcmd

sqlcmd -S "(localdb)\MSSQLLocalDB" -d SolutionErp_Dev -Q "..."     # runtime API (primary)
sqlcmd -S "(localdb)\MSSQLLocalDB" -d SolutionErp_Design -Q "..."  # ef tooling
ssh vietreport-vps "sqlcmd -S .\SQLEXPRESS -d SolutionErp -U vrapp -P '...' -Q '...'"  # prod

Queries: sys.columns, sys.triggers, __EFMigrationsHistory, COUNT(*), sys.indexes. Gotcha 2 LocalDB distinct (feedback_designtime_runtime_db): _Dev=runtime (appsettings.Development), _Design=dotnet ef default. Prod password fallback C:\inetpub\solution-erp\api\appsettings.Production.json khi $env:PROD_DB_PASSWORD empty.

Controller / wire-claim audit

• Grep \[Route\("api/[a-z]+"\)\] enumerate controllers · \[Authorize(Policy = "..." per-action policy (gotcha #44 silent 403 class-level quá strict)
• Grep // Mock / alert( / setEditing(null) // close UI — wire claim bugs · IActionResult vs ActionResult<T>

Smoke verify catalog

Bearer từ POST api.solutions.com.vn/api/auth/login → status matrix expected vs actual + file:line evidence.

Memory cross-reference

30 user-memory tại C:\Users\pqhuy\.claude\projects\D--...\memory\MEMORY.md (index). Key: per_chunk_commit · uat_skip_verify · designtime_runtime_db · per_nv_permission_scope · ef_migration_backfill_reorder · workflow_fanout_reliability · canonical_spec_over_broadcast (S79).

External research → DEFER investigator-api (split S39)

---

⚠️ Anti-patterns

❌ Skip MEMORY update · ❌ Vague "seems like/probably" · ❌ Missing file:line · ❌ >500 words · ❌ Scope drift to architecture recommendation (em main decides)

---

🧠 SOLUTION_ERP context essentials (S80 verified — re-ground từ docs/STATUS.md canonical)

• DB: Dev SolutionErp_Dev · Design SolutionErp_Design (distinct) · Prod .\SQLEXPRESS/SolutionErp/vrapp via SSH vietreport-vps
• Migration path: src/Backend/SolutionErp.Infrastructure/Persistence/Migrations/*.cs (⚠️ NOT root /Migrations/). 57 mig, last AddPeSuggestedPriceNotes.
• Counts S80 (canonical docs/STATUS.md): 57 mig · 88 SQL tables (count .ToTable() ModelSnapshot NOT DbSet) · ~253 endpoints · 68 FE pages · 54 menu keys (BE MenuKeys const) · 354 test (45 Domain + 309 Infra) · 71 gotchas (format ### N.) · 30 user-memory · 6 skills · 11 sub-agents (all-inherit H8)
• Tech: .NET 10 Clean Arch (Api→Application←Domain + Infra) + CQRS MediatR + EF Core 10 + 2 React 19 Vite 8 TS 6 (fe-admin :8082 + fe-user :8080) + SQL Server + Gitea CI + IIS
• Prod: api/admin/eoffice.solutions.com.vn · Gitea git.baocaogiaoduc.vn/vietreport-admin/solution-erp (Actions API /api/v1/repos/.../actions/tasks NOT /runs 404, cache stale ~2min gotcha #46 — cross-check VPS mtime). Bundle live admin CsJetgZH/user BVS0ApIm (Run #330).
• Auth: admin@solutions.com.vn/Admin@123456 (full) / nv.test@solutions.com.vn/TestUser@123456 (Drafter). Response accessToken+refreshToken+user. Password ≥12 chars.

---

🔄 Active workflow schemas (V1 + V2 coexist post-S17)

• V1 Mig 21 flat — WorkflowDefinition pin PE/Contract cũ. Match Dept+PositionLevel.
• V2 Mig 22-31 — ApprovalWorkflow pin PE/Contract mới, match ApproverUserId 1-1 OR-of-N cùng Cấp. Steps (Phòng) > Levels (Cấp). PE + Contract đã wire V2 (Mig 32+33 S29). Proposal V2 (Mig 38). WorkflowApps skeleton (Mig 39).
  • Mig 25 IsUserSelectable · Mig 26 PE LevelOpinions UPSERT · Mig 29 Allow* per-NV · Mig 30 F4 AllowApproverEditBudget · Mig 31 SkipToFinal→ApproverLevel · Mig 53 cờ-gấp+CeoApprovalThreshold · Mig 54 giá-đề-xuất PRO/CCM+giá-chốt · Mig 56 ProInitial/ProAdjust · Mig 57 ghi-chú-giá.
• State machine PE 5 trạng thái: Nháp / Đã gửi duyệt / Trả lại (TraLai=98) / Từ chối (REMOVED-S60 hard-guard) / Đã duyệt
• Mode Trả lại 4 option per-Level: OneLevel (lùi 1 Cấp) / OneStep (lùi Bước trước) / Assignee (pick NV đã ký) / Drafter (Phase=TraLai). 3 mode đầu giữ ChoDuyet lùi pointer. Admin bypass level.Allow*.

---

📅 Recent activity (compressed — full verbatim → archive/2026-06.md via archive/_INDEX.md)

• 2026-06-20 governance-landing map (RC-sig + User-Mark H12/13 + objective-criteria): ⭐ WHERE-to-land 3 AI_INFRA gov broadcasts. harness-11-engine.md = CANONICAL engine (D5/D6/D7 safety-tier + D8 one-direction-lock + D9 single-writer + D10 Bash-residual + CAVEAT no-OS-hook). error-ledger.md = §L.a AS-1..13 + §L.b 7-step. adap-report FORMAT richest = 2026-06-18-Governance-harness-11.md. rules.md §6.6 = objective-criteria. report-before-stamp ⊂ D7 (extend, đừng duplicate → C3 vocab-fork). → _INDEX.
• 2026-06-20 Harness-14 Eval/Budget/Outcome audit: ⭐ H-14 = time/age/recency-decay KHÔNG được làm căn-cứ cắt feature. (1) BUDGET aligned: memory-budget.json 0 decay/TTL/age hit; keep_floor=5=newest-protection (drains OLDEST), cap seed-by-MEASURE. (2) detectors = canonical-anchor-vs-STATUS + disk-cross-check, ZERO age-window. (3) EVAL genuine: eval/golden-set-solution_erp.jsonl (14q) + evaluator.md recall@5≥0.7 — weekly-manual no-automation. (4) anti-downgrade = Harness-8 "all-inherit chất-lượng>chi-phí" PARTIAL (no generic rule in rules.md, grep 0). → _INDEX.
• PE recon cluster (S69→S76, → _INDEX): "Giá chào thầu" mục-c = WinnerQuoteTotal=SUM(Quote.ThanhTien WHERE supplier==Selected) DERIVED (3 nơi đồng-predicate) — PRO-Min/Max+CCM-proposed = Mig 54 NEW field. Budget gate = PURE ROLE no-phase (canEditPro=Admin||Procurement/canEditCcm=Admin||CostControl PurchaseEvaluationFeatures.cs:800-801; comment "bảng NS=tài-liệu-sống như Excel"); submission-count-lock NEXISTS (grep 0) → "khóa Initial sau lần-trình-đầu" = feature-MỚI. Value-threshold HOOK B = ApproveV2Async advance :816-845 (reuse skipToFinal mechanic); urgent flag = AddColumn mirror ItTicketPriority. Badge ✎NS = +2 bool DTO via GetUsersInRoleAsync batch (no-N+1) both sites. PRO/CCM/CEO = Procurement/CostControl/Director (domain-shorthand NOT constants); V2 routing IGNORES roles (= specific ApproverUserId), 100% LINEAR no value/threshold config.
• Office/HRM recon cluster (S65→S69, → _INDEX): 21 Off_* keys, 10 office pages {fe-admin,fe-user}/src/pages/office/ SHA256-mirror (except MyAttendance + AttendanceReport admin-only); golive-flip = remove RevokeTemporarilyHiddenModulesAsync call DbInitializer.cs:2040. Employee master-detail EXISTS (not list-only), Dept FLAT no-tree (pre-Mig51), 5 satellite 15-endpoint full. NamGroup PURO = UI-skin (ref demo.purocorp.vn) hardcoded-navTree, KpiCard-not-tab, shared PageHeader/WidgetCard. gotcha #66: index.css h1-4{color:#0b1220} OUTSIDE @layer → TW-v4 unlayered wins → heading-in-gradient MUST text-white!.
• Governance/Harness recon cluster (S71, → _INDEX): H8 all-inherit FULLY adopted both layers (12/12 frontmatter + hmw.js resolveModel); run-trace "TRACKED" = 2-level (git check-ignore eligible vs git ls-files committed — model works only post git add); G-015 containment shift (Harness-2 "mọi tracked=vi-phạm" → H10 "tracked NGOÀI run-folder+code-disjoint=vi-phạm"). path-trap: bare runs/ from repo-root = 0 → actual .claude/workflows/runs/ (22 tracked). detector refine(b) = .claude/hooks/.claude/scripts not-exist (now S75 has scripts/governance-detectors.ps1).
• [→ git pre-S60] S60 recon#2 V2-engine-map (ApproveV2Async:446-634 guard+UPSERT+advance; skipToFinal F2:561-602 precedent) · S60 PE Section-3 submit-guard ROLE-only. Full text git.
• [→ archive/2026-06.md + git] S52 P11-D/E/F 6-gap recon · S50 HrmConfigs add-kind 11-spot · S51 gotcha #57 EXT reachability (curated S59).
• [→ archive/2026-05-q4.md + git d2f52ba] S29-S37: clean-room > NamGroup-port verified 4× · Pattern 12-bis cross-module mirror · FK+freetext dual-write.

---

🔄 Curate trigger

• ~30KB → archive recent → L2 archive/<period>.md (byte-exact append) + _INDEX.md substring pointer. Stale >3mo → remove.

• Last curate: 2026-06-20 S80 (em-main, archive-gate keep-floor-hit → manual) (39.8→~14KB): moved 15 recon entries (lines 73-105 byte-exact via sed) → archive/2026-06.md (33→67KB) + _INDEX.md +15 table-row pointers (all verified count=1). KEPT foundation + 2 newest 06-20 + compressed recon-clusters + 3 git-stubs; UPDATED stale counts (40→57 mig, 84→88 tables, 130→354 test, 55→71 gotcha, 7→11 sub). gist NOT updated (em-main distill later).
• Prev curate: 2026-06-18 S71 (29.8→23.2KB FIFO-trim 3 + gist gen:2). Prev S70 (47.0→24.1KB dark-matter recovery + built _INDEX/gist). Prev S40 (35.7→~20KB).