Skip to content

RECON-FOUNDATION-LENS-01

Status: Canonical. Type: Reconnaissance pass (new artefact class — see §0). Governance position: Derivative canonical (see §0 — proposed position between ADR doc and briefs in the governance hierarchy). Date: 2026-05-27 Authors: Tim, with Claude as drafting partner. Anchored against: client-spine.md v2 (2026-05-26, 417 lines), architecture-decisions.md v4 (2026-05-26, 646 lines, ADRs 001–019), standing-rules.md (2026-05-26, post-governance-hierarchy update, 615 lines), Alex's Time Machine for Claude (2026-05-26, 271 lines), cartography v1 (2026-05-26).

§0. What this document is

This is a reconnaissance pass — a new artefact class for RTOpacks. It is distinct from a brief, an ADR, a Time Machine, or a module spec. It is produced when the canonical foundation moves significantly enough that the queue of substrate work needs to be re-evaluated against the new foundation rather than continuing forward against the old one.

The recon answers three questions across every substrate domain:

  1. What IS — the canonical target state, as articulated by the current foundation
  2. What's IN BETWEEN — the current substrate state, what's right (already aligned) and what's wrong (misaligned)
  3. What NEEDS TO BE done — the gap, expressed as work, classified by whether existing briefs already cover it

Output: a gap inventory (§4), a re-sequenced queue (§5), and a delta document (§6).

Why this is its own artefact class

  • It is bigger than a brief — it produces briefs rather than executing one
  • It is smaller than the canonical foundation — it derives from the foundation, doesn't define it
  • It is not a Time Machine — it is forward-looking work product, not session handover
  • It is not an ADR — it doesn't make new architectural decisions, it walks existing ones against substrate state

Governance position — derivative canonical

The recon document sits between the ADR doc (governance position 4) and briefs (position 8). It is canonical at its own resolution: the gap analysis it produces is load-bearing for queue sequencing. But it does not override anything above it in the hierarchy. It is an auditable record of how the substrate was walked against a foundation state at a point in time.

Proposed addition to standing-rules.md governance hierarchy:

1. Client Spine
2. WS-PRODUCT-01
3. Standing Rules
4. Architecture Decisions
4b. Reconnaissance passes (recon documents)  ← new
5. Design Foundation
6. Glossary
7. Module specs
8. Briefs

The "4b" notation captures that recon documents derive from the ADR layer; they are not above it but they are above briefs. The hierarchy decision is itself worth a small standing-rules update once this pass validates the artefact class.

When this artefact class gets re-run

Three triggers:

  1. Foundation shift — a load-bearing canonical doc moves significantly (as it did 2026-05-26)
  2. Substrate shift — a major substrate change lands that invalidates assumptions in the queue
  3. Queue drift — the brief queue accumulates enough filed-but-not-executed work that its assumptions need re-validation

Candidate standing rule: RECON-PASS-ON-FOUNDATION-SHIFT — when a canonical foundation doc moves significantly, a recon pass precedes resumption of substrate work. Worth pinning after this pass validates the method.

§1. The lens — load-bearing commitments the foundation establishes

This section names the load-bearing commitments from the current foundation. Not re-deriving them; naming them so the rest of the recon has a single reference point.

The five composing principles

  1. The closed loop is the product (ADR-001, spine §2). Five phases: Sense, Decide, Execute, Deliver-and-Assess, Evidence. Every substrate decision evaluated against whether it extends the loop or fragments it.

  2. The substrate is the moat (ADR-002, spine §4). Ingested data is the primary competitive asset. Hoover-mentality on ingestion (ADR-003); pristine-source on Layer 1 (ADR-004); recompute-as-needed on derived layers (ADR-005). Product surfaces are derived presentations of substrate.

  3. Modular consolidation (ADR-016, spine §9). Second instance of a pattern triggers modularisation; third instance must consume the shared module. Applies to external service integration, internal patterns, operational machinery.

  4. The bus pattern (ADR-017, spine §9). Every flow has a named, traceable path through known infrastructure. Inbound, outbound, internal, scheduled buses. Findability, observability, replaceability.

  5. Architectural cartography (ADR-018, spine §9). The substrate documents itself via canonical Mermaid maps with explicit naming convention. Modules produce nameable units; buses produce traceable flows; cartography makes both legible.

The naming convention (ADR-018 v4)

Structure: <scope-prefix>-<domain-or-module>-<function>-<artefact-type>-<environment> — five segments, each distinct semantic role.

Determination test:

  • Q1 — Is the name fully self-describing? If yes → Q1b. If no → Q2.
  • Q1b — Is the behaviour environment-neutral? If yes → utility (no scope prefix). If no → Q2.
  • Q2 — Does the function reach a client outcome directly? If yes → rto-* prefix. If no → Q3.
  • Q3 — Otherwise → rtopacks-* prefix.

Vocabulary: module, bus, wrapper, proxy, queue, db, kv, r2, worker, surface, connector.

Environment: prod, dev, staging (full word).

Anti-escape-hatch discipline: utility is architecturally earned, not name-given.

Asymmetric rename cost: Workers renamable (cheap); D1 databases not renamable (must be created-new-and-data-migrated). Phased conformance sequencing per ADR-018.

Mandarin enforcement (ADR-019)

Wrapper code is environment-neutral; environment selection happens at credential-loading time. Four enforcement layers: DNS (different TLDs), substrate (CF-secret scoping), admin surface (visual broadcasting + credential cartography), operator discipline (secondary safety net). The admin surface is first-class enforcement infrastructure.

ADR-019 is what makes ADR-018's Q1b test architecturally achievable.

External wrapper pattern (ADR-015)

External service integrations wrap the provider's full published API surface. Composes with ADR-016 (consolidation as general principle), ADR-017 (buses layer on top of wrappers), ADR-019 (wrapper code is environment-neutral).

Customer types and provenance (ADR-011, spine §3)

Three customer types: Type 1 (registered RTO), Type 2 (pre-registration), Type 3 (non-RTO content creator). Every field in the client file carries a provenance marker: regulator-verified, self-reported, derived, or RTOpacks-created. Provenance is a load-bearing schema property.

Cloudflare-first for identity (ADR-006)

Cloudflare is evaluated first for all new capability including identity. External providers entertained only for gaps Cloudflare structurally cannot close. Multiple targeted providers may fill different gaps; not a single IDP replacement.

User-and-credential separation (ADR-007, spine §7)

User entity (roles, actions, client attachment) and credential entity (authentication artefact) are separated at the schema level. Credential management is outsourced.

Client-file attachments are deliberate (ADR-009)

Every attachment to the client file answers four substrate questions: what does it know, where does it live, who sees it, how does it fail. No attachment built without those four answers.

Cellcast as SMS provider (ADR-014)

Cellcast (AU-native, ISO 27001) is the canonical SMS provider. SMS module is the canonical first instance of the full-API-wrapper pattern (ADR-015) applied to a new integration.

Export-portable output is first-class (ADR-010)

SCORM, print, and other exportable formats are first-class workflows, not special-case features. Native delivery (InstaLearn) and export are both first-class paths. Closed loop is intentionally open at Deliver-and-Assess for export-using clients.

Governance hierarchy (standing-rules.md)

Eight levels (highest to lowest):

  1. Client Spine
  2. WS-PRODUCT-01
  3. Standing Rules
  4. Architecture Decisions
  5. Design Foundation
  6. Glossary
  7. Module specs
  8. Briefs

CANONICAL-DECISION DISCIPLINE: load-bearing decisions written to ADRs at the moment of making them. SPINE-AND-ADR-AS-GOVERNANCE: these docs are canonical governance artefacts.

What's deliberately NOT in the lens

Spine §9's "current implementation note" explicitly states these principles describe target state, not current state. The recon's job is to make the gap between target and current legible. The lens is the target.

§2. The substrate domains

The substrate decomposes into 12 domains. Each receives the IS / CURRENT / GAP treatment in §3.

# Domain One-line scope
1 Naming convention Component, worker, database, KV, R2, secret, route names — and conformance to ADR-018 v4
2 Data taxonomy Pith / Sync-output / Peel / Intake classification; three-layer architecture conformance
3 Environment separation (Mandarin) ADR-019's four enforcement layers against current substrate
4 Credential cartography External integrations × credentials × admin-surface visibility × rotation
5 Identity model User vs credential separation; org membership; auth flow; three customer types
6 External wrapper pattern ADR-015 + ADR-019 conformance across every external integration
7 Bus pattern implementation ADR-017's four bus types mapped to CF primitives; flow conformance
8 Modular consolidation Recurring patterns; second/third instance triggers; consolidation state
9 Module surfaces Studio, People, Record, Radar, Documents, InstaLearn alignment with WS-PRODUCT-01 + specs
10 Cartography conformance v1 map vs ADR-018 v4 convention; substrate-state-side of naming
11 Observability / IRSL Run-status logging consistency; bus-level vs per-worker; IRSL coverage
12 Ingested corpora TGA, yourcareer, ABS, funding/tender data — freshness, completeness, audit posture

Domains 1 and 10 are intentionally separate. Naming is the rule (what should things be called); cartography conformance is the substrate state (how many things actually conform).

§3. Per-domain assessment

For each domain: IS (target state from foundation) / CURRENT (substrate state) / GAP (right / wrong / unknown).

CURRENT entries marked "needs Alex confirmation" are substrate-state items only Alex can ground from inside the substrate. Path (a): Claude drafts as far as project-file knowledge allows; Tim walks confirmation items past Alex via close-report cadence.

§3.1 Domain — NAMING CONVENTION

IS

Per ADR-018 v4, every named substrate component carries a name following <scope-prefix>-<domain-or-module>-<function>-<artefact-type>-<environment>.

Determination test resolves scope-prefix deterministically via Q1 → Q1b → Q2 → Q3. Vocabulary closed: module, bus, wrapper, proxy, queue, db, kv, r2, worker, surface, connector. Environment full-word: prod, dev, staging.

Utility category small and anti-escape-hatched. Asymmetric rename cost canonical (Workers renamable, D1 not).

Pre-existing cloudflare-naming-canon.md (9 principles, 179 lines) has four documented tensions with ADR-018 v4 — see Alex's Time Machine §8.

CURRENT

  • Cartography v1 exists at docs/docs/ops/cartography/v1-system-map.md (261 lines) with 10,000-foot Mermaid + working names per ADR-018. 7 naming-convention reservations documented alongside.
  • 36 CF Workers deployed. Conformance count to ADR-018 v4: needs Alex confirmation.
  • 17 D1 databases. Conformance count: needs Alex confirmation.
  • Pre-existing cloudflare-naming-canon.md at docs/docs/infrastructure/cloudflare-naming-canon.md (Alex's §8).
  • Apps-layer naming (apps/site, apps/workspace) uses Next.js convention.
  • -oc- suffix legacy on some DBs (subsumed by WORKER-AND-DB-NAMING-CONFORMANCE-01).

GAP

# Item Status Brief Action
1.1 ADR-018 v4 canonical Right No work.
1.2 Spine §9 four-segment vs ADR-018 v4 five-segment Wrong — canonical-doc drift NEW. SPINE-SECTION-9-NAMING-CONVENTION-ALIGN-01. Fold into canon reconciliation or 15-min standalone.
1.3 Canon vs ADR-018 four tensions Wrong (foundation contradicts itself) CANON-VS-ADR-018-RECONCILIATION-01 Tomorrow's first substrate work.
1.4 Asymmetric rename cost canonical Right No work.
1.5 Worker conformance to convention Wrong at scale WORKER-AND-DB-NAMING-CONFORMANCE-01 Phase 1 After canon reconciliation.
1.6 DB conformance to convention Wrong at scale, asymmetric cost WORKER-AND-DB-NAMING-CONFORMANCE-01 Phase 2 + 3 Phase 2 opportunistic; Phase 3 deferred.
1.7 Borderline cases (qb-reconcile, stripe-*) Resolved by ADR-018 worked examples EXTERNAL-WRAPPER-CONFORMANCE-01 Wrapper conformance handles naming.
1.8 Apps-layer scope (apps/site, apps/workspace) Unknown — boundary not explicit NEW. APPS-AND-ROUTE-NAMING-SCOPE-DECISION-01. Half-hour decision brief.
1.9 Internal route naming scope Unknown NEW. Folds into 1.8.
1.10 Secret naming convention Partially in vocabulary; not explicit NEW. Folds into 1.8 or canon reconciliation.
1.11 Cartography v1 → v2 v1 working names; v2 convention-conforming CARTOGRAPHY-V2-CONVENTION-CONFORMING-01 After first substrate-changing brief.
1.12 Module-level drilldown Future CARTOGRAPHY-MODULE-DRILLDOWN-01 Deferred.

New briefs surfaced: SPINE-SECTION-9-NAMING-CONVENTION-ALIGN-01, APPS-AND-ROUTE-NAMING-SCOPE-DECISION-01.

§3.2 Domain — DATA TAXONOMY

IS

Per spine §4 ("The three-layer data architecture") and ADR-004/005:

  • Layer 1 — Ingested raw. All upstream data sources held pristine and immutable. TGA, yourcareer, ABS, funding/tender. Refreshed via sync; never modified.
  • Layer 2 — Derived and computed. Joins, aggregations, model outputs. Recomputable from Layer 1; not precious.
  • Layer 3 — Client and operational state. Client files, corrections, audit trails, generated outputs.

Pith / Sync-output / Peel / Intake taxonomy (from prior memory work and OPS-DB-CONTENT-AUDIT-01) classifies the 17 D1 databases against the three layers and against client-facing vs operator-facing roles. MANDARIN enforcement (ADR-019) requires per-environment separation in addition to taxonomy.

CURRENT

  • 17 D1 databases (Alex's §10).
  • Three-layer architecture partially mixed in current ops-db substrate (spine §4 current implementation note: "Layer 2 and Layer 3 are partially mixed").
  • OPS-DB-CONTENT-AUDIT-01 closed this morning (Alex's §1). Surfaced "substantial ad-hoc attachment" (spine §9 current implementation note).
  • OPS-DB split shape decision held downstream (Alex's §10): Shape A / B / C choices not yet made.
  • MANDARIN finishing work estimated 70-75% complete from prior memory; needs Alex confirmation against current substrate state.
  • Closed work: MANDARIN-VIOLATION-01a (per prior memory).

GAP

# Item Status Brief Action
2.1 Three-layer architecture as principle Right No work.
2.2 Layer 2 / Layer 3 mixing in ops-db Wrong (acknowledged in spine) OPS-DB split (Shape A/B/C decision held) Decision brief on shape needed before split execution.
2.3 Pith/Sync-output/Peel/Intake taxonomy applied Partially right — needs full inventory INGESTED-SUBSTRATE-INVENTORY-01 (filed per Alex's §7) Inventory produces canonical taxonomy assignment.
2.4 MANDARIN finishing Wrong at ~25-30% of substrate MANDARIN-VIOLATION-01b, 01c (per prior memory) Continue per existing sequence.
2.5 OPS-DB-STAGING-IRSL-SCHEMA-PARITY Wrong (gap identified) OPS-DB-STAGING-IRSL-SCHEMA-PARITY-01 (Alex's §7, ~5 min) Small; can land opportunistically.
2.6 KN-15128 sacred rule conformance needs Alex confirmation — sacred is sacred but verify no incidental writes Audit if any doubt; otherwise no work.
2.7 OPS-DB split shape decision Unknown — held NEW. OPS-DB-SPLIT-SHAPE-DECISION-01. Decision brief; prerequisite to execution briefs.
2.8 Layer 2 derivation logic in version control needs Alex confirmation — ADR-005 requires this Audit if not already verified.

New brief surfaced: OPS-DB-SPLIT-SHAPE-DECISION-01.

§3.3 Domain — ENVIRONMENT SEPARATION (MANDARIN)

IS

Per ADR-019, four enforcement layers (strongest to weakest):

  1. DNS-leveladmin.rtopacks.dev vs admin.rtopacks.com.au (different TLDs).
  2. Substrate-level — CF Workers Secrets scoped per environment; cross-side access structurally impossible.
  3. Admin-surface-level — visual broadcasting via UI cues + URL distinction.
  4. Operator discipline — secondary safety net only.

Wrapper code is environment-neutral. Environment selection at credential-loading time, not code-branch time.

CURRENT

  • DNS layer: rtopacks.dev and rtopacks.com.au both exist (per prior memory). needs Alex confirmation whether admin. subdomains are configured on both TLDs.
  • Substrate layer: CF Workers Secrets exist and are used. Per-environment scoping discipline: needs Alex confirmation that every external-integration secret is correctly scoped (not just present).
  • Admin-surface layer: Current admin surface exists but does not yet broadcast credential cartography per ADR-019's specification. Visual broadcasting (banner colour, header treatment, persistent UI indicators): needs Alex confirmation on current state.
  • Operator discipline: Sole-operator state (Tim, with possible future Jimmy) holds while pre-revenue.

GAP

# Item Status Brief Action
3.1 DNS-level enforcement (TLD separation) needs Alex confirmation Audit; document in admin-auth brief.
3.2 Substrate-level secret scoping needs Alex confirmation Audit; folds into ADMIN-AUTH-MODEL-RECONCILIATION-01.
3.3 Admin-surface credential cartography Wrong — current admin not yet designed for this ADMIN-AUTH-MODEL-RECONCILIATION-01 (scope expanded per ADR-019) Major design work; first-class.
3.4 Wrapper code environment-neutrality Wrong — Stripe + QB have per-environment branches (Alex's §5) EXTERNAL-WRAPPER-CONFORMANCE-01 (scope expanded per ADR-019) Retroactive refactor.
3.5 Audit trail of credential changes Future ADR-019 names this as future operational discipline; not blocking.
3.6 Dev vs prod admin surface UX differentiation Wrong — not yet designed ADMIN-AUTH-MODEL-RECONCILIATION-01 Asymmetric optimisation per ADR-019.

No new briefs surfaced. Existing briefs cover the work; scope expansions are already captured in Alex's Time Machine.

§3.4 Domain — CREDENTIAL CARTOGRAPHY

IS

Per ADR-019, the admin surface for each side is canonical external-integration cartography:

  • Per-environment inventory of every external service that side connects to
  • State visibility: current token, last-rotated timestamp, expiry, who rotated
  • Rotation guidance per integration
  • Operational frequency awareness — dev optimised for quick rotation, prod for careful rotation with confirmation + audit trail

Substrate-derived inventory (new wrapper deployment → new entry; wrapper removal → entry removed). Not maintained by hand.

CURRENT

  • Current admin surface exists but does not implement credential cartography as designed by ADR-019.
  • External integrations in substrate (per ADR mentions and prior memory): Cellcast (planned, not yet built per ADR-014), Stripe (partial wrapper), QuickBooks (partial wrapper), Resend (email), Twilio scaffolding (to be superseded by Cellcast per ADR-014), TGA upstream (mirror), yourcareer ingest, ABS data, government tender APIs, geocoder.
  • Credential state visibility: needs Alex confirmation on whether token timestamps, last-rotated, expiry are tracked anywhere structured.
  • Rotation discipline: needs Alex confirmation on current per-integration rotation patterns.

GAP

# Item Status Brief Action
4.1 Admin-surface-as-credential-cartography Wrong — not implemented ADMIN-AUTH-MODEL-RECONCILIATION-01 First-class design work per ADR-019.
4.2 Substrate-derived integration inventory Wrong — not implemented ADMIN-AUTH-MODEL-RECONCILIATION-01 Design + implementation.
4.3 Token state visibility (last-rotated, expiry) needs Alex confirmation Audit current state; informs admin brief.
4.4 Per-integration rotation guidance Wrong — not surfaced ADMIN-AUTH-MODEL-RECONCILIATION-01 Documentation discipline.
4.5 CREDENTIAL-PROVIDER-DECISION-01 Pending — prerequisite for several downstream identity briefs CREDENTIAL-PROVIDER-DECISION-01 Evaluates CF identity primitives against three-customer-type requirements per ADR-006.
4.6 Audit trail of credential changes Future per ADR-019 Not blocking; revisit when first paying customer comes online.

No new briefs surfaced. ADMIN-AUTH-MODEL-RECONCILIATION-01 is the umbrella brief; its scope is already expanded per ADR-019.

§3.5 Domain — IDENTITY MODEL

IS

Per ADR-007 + ADR-011 + ADR-012 + spine §7 + §8:

  • User and credential separated at schema level. User entity (roles, actions, client attachment). Credential entity (type, identifier, validity window, parent-user reference).
  • Credential management is outsourced (ADR-006 + ADR-007). RTOpacks holds references, not credentials.
  • Three customer types (ADR-011): Type 1 (registered RTO), Type 2 (pre-registration), Type 3 (non-RTO content creator). Different signup flows; different product surfaces; different provenance posture.
  • Provenance markers on every client-file field: regulator-verified, self-reported, derived, RTOpacks-created.
  • Signup-and-admin-authority separation (ADR-012): account creation open via TGA-mirror-matched email + SMS; admin authority asynchronous via CEO notification.
  • Federation as future credential type (ADR-006 + spine §7), not separate user system.

CURRENT

  • Four identity conventions currently in the database (spine §7 "Pending identity work"): email-keyed, UUID-keyed, prefix-keyed, randomblob-keyed. Hard prerequisite for any identity-related database migration.
  • passkey_credentials table is placeholder, not prototype (ADR-007 refinement). OPS-DB-CONTENT-AUDIT-01 found sign_count=0 on both enrolled rows — verification has never succeeded against the table.
  • CF Access is the practical admin auth path (per prior memory + Alex's §7 ADMIN-AUTH-MODEL-RECONCILIATION-01 framing).
  • Cross-DB duplicates exist: users / products / passkey_credentials (per Alex's §7 CROSS-DB-DUPLICATE-CONSOLIDATION-01).
  • Orgs has 2 rows for same UCCA RTO (Alex's §7 ORGS-DUPLICATE-UCCA-RECORD-CLEANUP-01).
  • Signup flow not yet built as canonical Type 1/2/3 implementation.
  • Provenance markers in client file: needs Alex confirmation on current schema state.

GAP

# Item Status Brief Action
5.1 User/credential separation as principle Right No work.
5.2 Four identity conventions in DB Wrong (acknowledged) IDENTITY-MODEL-RATIONALISATION-01 (filed; Step 0 prerequisite) High priority — blocks OPS-DB split.
5.3 passkey_credentials state Wrong (placeholder, not real) ADMIN-AUTH-MODEL-RECONCILIATION-01 (subsumed by CREDENTIAL-PROVIDER-DECISION-01) Decide: graduate / drop / replace.
5.4 Cross-DB user/product/passkey duplicates Wrong CROSS-DB-DUPLICATE-CONSOLIDATION-01 (3 sub-briefs per Alex's §7) After IDENTITY-MODEL-RATIONALISATION-01.
5.5 Orgs duplicate UCCA record Wrong ORGS-DUPLICATE-UCCA-RECORD-CLEANUP-01 (Alex's §7) Small cleanup; can land opportunistically.
5.6 Three customer types in product Partially right; needs Alex confirmation on signup flow state Existing signup work Type-aware signup flow design.
5.7 Provenance markers in schema needs Alex confirmation Audit; design brief if not in place.
5.8 CEO notification flow (ADR-012) needs Alex confirmation — likely not yet built Implementation brief at appropriate time.
5.9 Federation scaffold (future) Right (future per spine §7) Deferred until enterprise contract justifies.
5.10 REGULATORY-EVENTS-TENANT-ISOLATION-01 (post-revenue) Wrong (acknowledged future) REGULATORY-EVENTS-TENANT-ISOLATION-01 (filed per Alex's §7) Post-revenue.

No new briefs surfaced. Identity work is well-covered by existing queue. The sequencing is load-bearing: IDENTITY-MODEL-RATIONALISATION-01 is Step 0 for several downstream briefs.

§3.6 Domain — EXTERNAL WRAPPER PATTERN

IS

Per ADR-015 + ADR-019 + ADR-014:

  • Every external service integration wraps the provider's full published API surface, not only currently-consumed endpoints.
  • Wrapper code is environment-neutral (ADR-019). Asymmetry lives in credential and configuration loading, not in code paths.
  • Wrapper sits inside a shared internal module that consumers route through (ADR-014's Cellcast pattern as canonical first instance).
  • EXT-API RULE (standing-rules.md): reference doc in docs/ops/ required before deploy. Reference covers endpoint inventory, auth model, rate limits, known quirks, sandbox vs production posture, example requests.

CURRENT

External integrations in substrate:

  • Cellcast (SMS) — ADR-014 canonical first instance. Not yet built. Twilio scaffolding to be superseded.
  • Stripe (billing) — partial wrapper exists. Per-environment code branches present (Alex's §5 implication). Needs retroactive ADR-015 + ADR-019 conformance.
  • QuickBooks (accounting) — partial wrapper. Same posture as Stripe.
  • Resend (email) — wrapper state needs Alex confirmation.
  • Twilio scaffolding (SMS) — to be removed per ADR-014.
  • TGA upstream (mirror) — extensive integration via Swagger. Wrapper conformance state needs Alex confirmation.
  • yourcareer ingest — wrapper state needs Alex confirmation.
  • ABS data ingest — wrapper state needs Alex confirmation.
  • Government tender APIs (AusTender) — wrapper state needs Alex confirmation.
  • Geocoder — wrapper exists; per ADR-018 worked examples, qualifies as utility (Q1 + Q1b pass).
  • Cellcast OpenAPI spec available at developer.cellcast.com/cellcast-api.swagger.yaml.

Per Alex's §7: SMS-CURRENT-STATE-AUDIT-01 is filed (audit Twilio scaffolding before Cellcast module brief).

GAP

# Item Status Brief Action
6.1 Cellcast wrapper / SMS module Not built — canonical first instance (Future SMS module brief; SMS-CURRENT-STATE-AUDIT-01 first) Audit, then build.
6.2 Stripe ADR-015 conformance Wrong (partial wrapper) EXTERNAL-WRAPPER-CONFORMANCE-01 Retroactive refactor.
6.3 Stripe ADR-019 conformance (env-neutral code) Wrong (per-env branches) EXTERNAL-WRAPPER-CONFORMANCE-01 (scope extended per ADR-019) Retroactive refactor.
6.4 QuickBooks ADR-015 conformance Wrong EXTERNAL-WRAPPER-CONFORMANCE-01 Retroactive refactor.
6.5 QuickBooks ADR-019 conformance Wrong EXTERNAL-WRAPPER-CONFORMANCE-01 Retroactive refactor.
6.6 Resend wrapper conformance needs Alex confirmation Audit; folds into EXTERNAL-WRAPPER-CONFORMANCE-01 if non-conformant.
6.7 Twilio scaffolding removal Wrong — superseded by Cellcast SMS-CURRENT-STATE-AUDIT-01 → SMS module brief After audit.
6.8 TGA upstream wrapper conformance needs Alex confirmation Audit; likely covered by INGESTED-SUBSTRATE-INVENTORY-01.
6.9 yourcareer / ABS / tender wrapper conformance needs Alex confirmation Audit; folds into ingested-corpora work.
6.10 Geocoder utility status Right (per ADR-018 worked examples) No work.
6.11 EXT-API RULE compliance (reference docs) needs Alex confirmation per integration Audit; missing docs are filed as gaps per integration.
6.12 Cellcast reference doc Required per EXT-API RULE before SMS module deploys (SMS module brief includes this scope) Built with module.
6.13 BILLING-VENDOR-RECONCILIATION-01 Wrong (post-CF-migration verify) BILLING-VENDOR-RECONCILIATION-01 (filed per Alex's §7) Prereq to any billing migration.

One new gap surfaced: EXT-API-RULE-COMPLIANCE-AUDIT-01 (or similar) — audit which integrations have reference docs in docs/ops/ and which don't. Small audit brief.

§3.7 Domain — BUS PATTERN IMPLEMENTATION

IS

Per ADR-017, every flow passes through a known, named, observable structure:

  • Inbound buses — webhooks, scheduled triggers, external pushes
  • Outbound buses — external API calls (layered on top of per-provider wrappers from ADR-015)
  • Internal buses — worker-to-worker communication
  • Scheduled buses — cron-driven and time-triggered firings (consistent run-status logging per IRSL pattern)

Buses not necessarily literal message queues. Required: named, traceable path through known infrastructure with consistent instrumentation properties applied uniformly. Findability + observability + replaceability.

CURRENT

  • Many flows do not yet route through named buses (ADR-017 "Current implementation note"). Bringing flows under bus discipline is per-brief-as-flows-are-touched, not mass refactor.
  • The IRSL pattern is the canonical scheduled-bus implementation for cron-driven sync workers (_ingest_runs tables across rto-nrt-db, rto-ops-db, rto-radar-db, engine-db-oc per Alex's §11).
  • Queue-based chain dispatch is established per standing-rules.md ("Queue-based chain dispatch is the standard pattern") for self-dispatch within a worker.
  • Webhook handlers exist for Stripe, QuickBooks (per ADR-019 examples and prior memory) but may not yet be unified into a named inbound-webhook-bus.
  • Bus pattern CF-primitive mapping unresolved (Alex's §7 BUS-PATTERN-CF-IMPLEMENTATION-DECISION-01).

GAP

# Item Status Brief Action
7.1 Bus pattern as principle Right No work.
7.2 CF-primitive mapping for four bus types Wrong (decision held) BUS-PATTERN-CF-IMPLEMENTATION-DECISION-01 (filed per Alex's §7) Decision brief; prereq for implementation.
7.3 IRSL pattern coverage (scheduled bus) Mostly right — 8 _ingest_runs tables; needs Alex confirmation on completeness See §3.11.
7.4 Inbound webhook bus needs Alex confirmation — webhook handlers scattered? Audit; design brief if non-conformant.
7.5 Outbound bus (over wrappers) Wrong — not yet implemented as named bus (Implementation brief after #7.2) Designs depend on CF-primitive mapping decision.
7.6 Internal bus (worker-to-worker) needs Alex confirmation — Service Bindings used per prior memory Audit current patterns; consolidate if recurring.
7.7 Naming conformance of existing buses Wrong — pre-ADR-018 names WORKER-AND-DB-NAMING-CONFORMANCE-01 + CARTOGRAPHY-V2-CONVENTION-CONFORMING-01 Handled by naming work.

One new gap surfaced: INBOUND-WEBHOOK-BUS-AUDIT-01 — audit how webhook handlers are currently structured before designing the canonical bus. Small audit brief.

§3.8 Domain — MODULAR CONSOLIDATION

IS

Per ADR-016: second instance of a pattern triggers consolidation; third instance must consume the shared module. Applies to:

  • External service integration (Cellcast SMS, future providers)
  • Internal patterns (IRSL for sync logging, user-credential separation, three-layer data architecture)
  • Operational machinery generally

Briefs that introduce a second instance include consolidation as part of scope, not deferred follow-up. Over-modularising explicitly accepted as a risk; two-instance threshold protects against it.

CURRENT

  • IRSL pattern — canonical first consolidation example for sync logging. Operational across 8 _ingest_runs tables.
  • Three-layer data architecture (Layer 1/2/3) — implicit consolidation per ADR-004/005.
  • Cellcast as canonical first wrapper instance — sets pattern for future external services.
  • OPS-DB-CONTENT-AUDIT-01 surfaced "substantial ad-hoc attachment" (spine §9). Specific second-instance patterns identified by audit: needs Alex confirmation on which patterns are surfaced.
  • Twilio scaffolding being superseded by Cellcast module is a consolidation instance (replacing scattered Twilio references with shared module).
  • Stripe + QuickBooks wrappers are first instances each of their providers; the wrapper-conformance brief is consolidation into ADR-015 + ADR-019-conformant shapes.

GAP

# Item Status Brief Action
8.1 ADR-016 as principle Right No work.
8.2 IRSL pattern as instance Right No work; maintain.
8.3 SMS consolidation (Twilio → Cellcast) Pending (SMS module brief) Per Alex's §7.
8.4 Wrapper consolidation (Stripe + QB into ADR-015 shape) Pending EXTERNAL-WRAPPER-CONFORMANCE-01 Retroactive consolidation.
8.5 Second-instance patterns from OPS-DB audit needs Alex confirmation Specific patterns from audit close report; may surface new consolidation briefs.
8.6 Client-file attachment patterns (ADR-009) Partially right; needs Alex confirmation on recurring shapes Audit if attachment patterns recurring.
8.7 Over-modularising failure mode Right (acknowledged in ADR-016) Discipline check at each consolidation brief.

Potential new gap (requires Alex confirmation): SECOND-INSTANCE-PATTERN-AUDIT-01 — extract from OPS-DB-CONTENT-AUDIT-01 close report which specific patterns are at second-instance threshold and need consolidation briefs filed. Probably already implicit in audit close; needs surfacing.

§3.9 Domain — MODULE SURFACES

IS

Per WS-PRODUCT-01 + spine §6 + individual module specs:

The six current modules and their alignment to streams:

  • Studio (compliant execution stream) — STUDIO-SPEC-01 v0.6 — content production
  • People (compliant execution stream) — PC-SPEC-01 v0.2 — workforce compliance
  • Record (compliant execution stream) — RECORD-SPEC-01 v0.2 — evidence layer
  • Radar / Field Observer (strategic intelligence stream) — RADAR-SPEC-01 v0.2 — RTO intelligence
  • Documents (compliant execution stream) — DOC-SPEC-01 v0.1 — to be merged with Record per project brief
  • InstaLearn (compliant execution stream) — IL-SPEC-01 v0.1 — credential issuance

Two-stream framing (ADR-013): strategic intelligence + compliant execution composing into closed loop (ADR-001). Export-portable output is first-class (ADR-010).

CURRENT

  • Studio deployed. Phase 1 / v0.6.
  • People deployed (Phase 1).
  • Record specced, not yet built.
  • Radar deployed.
  • Documents specced, marked for merge with Record.
  • InstaLearn specced, deployment state needs Alex confirmation.
  • Studio session-completion gap — filed as STUDIO-SESSION-COMPLETION-PATH-AUDIT-01 (from prior memory). setup_complete=1 has never been written in any environment. Flagged as requiring elevated visibility before any product demonstration.
  • Public surface strategy — Tim's recent product decision: curated showcase (~20 real qualifications) rather than full corpus. Funnel architecture: public search surface with populated qualification detail pages, blurred members-only sections. "Built on facts" positioning.
  • APPS-SITE-PRODUCT-SURFACE-DECISION-01 — open decision brief (per prior memory): is apps/site marketing or dual customer-product surface?
  • NRT-SEARCH-RESPONSE-SEPARATION-01 — closed (per prior memory).
  • MANDARIN-VIOLATION-01a, 01b — closed (per prior memory).

GAP

# Item Status Brief Action
9.1 Two-stream framing Right (ADR-013) No work.
9.2 Studio session-completion path Wrong — setup_complete=1 never written STUDIO-SESSION-COMPLETION-PATH-AUDIT-01 (filed) Elevated visibility per prior memory. Must resolve before product demonstration.
9.3 Documents-into-Record merge Pending (Future Record-build brief subsumes Documents) Sequenced with Record build.
9.4 InstaLearn deployment needs Alex confirmation If not deployed, plan; if deployed, audit conformance.
9.5 Public surface strategy (curated showcase) Pending — Tim decision made, implementation queued Brief shape: PUBLIC-CURATED-SHOWCASE-IMPLEMENTATION-01 (or similar).
9.6 APPS-SITE-PRODUCT-SURFACE-DECISION-01 Open decision APPS-SITE-PRODUCT-SURFACE-DECISION-01 (filed) Resolves apps/site role; informs above.
9.7 Module spec versions (v0.x) needs Alex confirmation all module specs current Audit; refresh stale ones.
9.8 WS-PRODUCT-01 vs module spec coherence needs Alex confirmation Audit during recon-pass equivalent for module work.
9.9 Export-portable output (ADR-010) Right — first-class capability No work; maintain.

New brief surfaced: PUBLIC-CURATED-SHOWCASE-IMPLEMENTATION-01 (or naming-conformant variant). Public surface strategy implementation work.

§3.10 Domain — CARTOGRAPHY CONFORMANCE

IS

Per ADR-018 v4:

  • Canonical map at canonical repo path, rendering into docs.rtopacks.com.au
  • Hierarchical: 10,000-foot system level → module level → component level
  • Mermaid as primary tool
  • Living document — updates in same commit as substrate changes
  • Names per the determination test (Q1 → Q1b → Q2 → Q3)

CURRENT

  • Cartography v1 exists at docs/docs/ops/cartography/v1-system-map.md (261 lines, per Alex's §3).
  • Resolution: 10,000-foot system view only.
  • Naming on v1: working names per ADR-018 as it was when v1 was drawn — but ADR-018 was refined three times after v1 landed (the v1 reservations produced those refinements per Alex's §6). So v1 names predate v4 convention in some places.
  • No module-level or component-level maps yet.
  • v1's 7 reservations + 7 doesn't-fit-cleanly flags + 7 ad-hoc-attachment flags documented alongside.

GAP

# Item Status Brief Action
10.1 Cartography as principle Right No work.
10.2 v1 system-level map exists Right No work.
10.3 v1 names predate ADR-018 v4 Wrong CARTOGRAPHY-V2-CONVENTION-CONFORMING-01 (filed) Runs after first substrate-changing brief.
10.4 Module-level maps Not yet drawn CARTOGRAPHY-MODULE-DRILLDOWN-01 (filed) Deferred.
10.5 Component-level maps Not yet drawn (Future modular work) Deferred until module-level lands.
10.6 Map updates in same commit as substrate changes needs Alex confirmation — discipline check Discipline reinforced by METADATA-RECONCILIATION-AT-COMMIT (candidate standing rule).
10.7 Map rendering at docs.rtopacks.com.au needs Alex confirmation Confirm rendering pipeline; small if broken.
10.8 v1 doesn't-fit-cleanly flags Pending (Folded into v2 work or substrate consolidation briefs) Per Alex's §3.

No new briefs surfaced. Cartography work is well-named.

§3.11 Domain — OBSERVABILITY / IRSL

IS

Per ADR-017 (bus pattern's scheduled-bus subtype) + standing-rules.md (queue-based chain dispatch) + IRSL pattern:

  • Every cron-driven sync worker writes to its _ingest_runs table per the IRSL pattern
  • Run-status logging consistent across workers (cron / queue / atm run types)
  • Bus-level instrumentation (per ADR-017): metrics, logging, error reporting applied at bus level, propagating to consumers

CURRENT

  • IRSL pattern operational across 8 _ingest_runs tables in rto-nrt-db, rto-ops-db, rto-radar-db, engine-db-oc (Alex's §11).
  • Watch carry-forwards from Alex's §11 — 7 specific cron firings to verify across 2026-05-26 to 2026-06-01 windows.
  • Sync email notifications: Sunday tga-sync, Monday cricos-sync per standing-rules.md ("Sync notification emails").
  • Observatory drawer on admin dashboard surfaces packaging pipeline status (standing-rules.md).
  • OPS-DB-STAGING-IRSL-SCHEMA-PARITY-01 — staging IRSL schemas not mirrored from prod yet (Alex's §7, ~5 min brief).
  • TELEMETRY-SURFACE-01 — filed (per prior memory).
  • Enrichment coverage — 99.4% of RTOs unenriched (per standing-rules.md). BACKFILL-01 is the fix.

GAP

# Item Status Brief Action
11.1 IRSL pattern as principle Right No work.
11.2 IRSL coverage across sync workers Right (8 tables) Maintain.
11.3 Staging IRSL schema parity Wrong OPS-DB-STAGING-IRSL-SCHEMA-PARITY-01 (~5 min) Quick win.
11.4 Bus-level instrumentation (per ADR-017) Wrong — not yet implemented (After BUS-PATTERN-CF-IMPLEMENTATION-DECISION-01) Implementation depends on bus decision.
11.5 Telemetry surface Pending TELEMETRY-SURFACE-01 (filed) Per existing queue.
11.6 Enrichment backfill Wrong (99.4% unenriched) BACKFILL-01 (per standing-rules.md) One-shot script via /api/enrich.
11.7 Watch carry-forwards (7 cron firings) Pending verification Verify per Alex's §11 windows; surface findings.
11.8 Observatory drawer (packaging pipeline) Right Maintain.
11.9 Cross-flow telemetry (bus pattern dependent) Wrong (not yet possible) (Bus pattern implementation) After bus work.

No new briefs surfaced. Observability is well-covered by existing queue; the limiting factor is bus pattern implementation.

§3.12 Domain — INGESTED CORPORA

IS

Per ADR-002 + ADR-003 + ADR-004 + ADR-005 + spine §4:

  • Substrate is the moat. Ingestion is foundational work, not feature support.
  • Hoover-mentality on ingestion — calibrated to access-window availability, not current-feature need.
  • Pristine-source on Layer 1 — never modified.
  • Recompute-as-needed on Layer 2.
  • Four moats: operational, continuity, historical, analytical.
  • TGA Swagger as apex source. Hoover beyond what TGA's published reports surface.
  • Sources mirrored: TGA, yourcareer, ABS (OSL + IVI), funding/tender data, others opportunistic.

CURRENT

  • TGA mirror operational with hoover-mentality completeness. Substrate likely holds more than TGA's published reports surface (spine §4).
  • yourcareer ingest — state needs Alex confirmation (freshness, completeness).
  • ABS OSL feed — sync state per standing-rules.md cron table.
  • ABS IVI feed — sync state per standing-rules.md cron table.
  • Government tender data (AusTender)rto-tender-sync cron at 08:00 UTC daily (Alex's §11).
  • KN-15128 sacred rule — 15,128 enriched rows immutable.
  • Enrichment coverage — 99.4% of RTOs currently unenriched (BACKFILL-01 fix).
  • TGA upstream intelligence capture — pending (Alex's §7 TGA-UPSTREAM-INTELLIGENCE-CAPTURE-01).
  • TGA Swagger vs reports delta — pending audit (Alex's §7 TGA-SWAGGER-VS-REPORTS-DELTA-AUDIT-01).
  • INGESTED-SUBSTRATE-INVENTORY-01 — canonical inventory pending (Alex's §7).

GAP

# Item Status Brief Action
12.1 Hoover-mentality / pristine-source / recompute as principles Right No work.
12.2 TGA mirror integrity Right TGA-MIRROR-CORPUS-AUDIT-01 (filed per Alex's §7) Audit confirms; maintenance only.
12.3 TGA Swagger vs reports delta Unknown TGA-SWAGGER-VS-REPORTS-DELTA-AUDIT-01 (filed) Audit.
12.4 TGA upstream intelligence capture Pending TGA-UPSTREAM-INTELLIGENCE-CAPTURE-01 (filed) Per queue.
12.5 yourcareer freshness/completeness needs Alex confirmation Folds into INGESTED-SUBSTRATE-INVENTORY-01.
12.6 ABS OSL/IVI freshness needs Alex confirmation + cron watch Per Alex's §11 watches.
12.7 Tender data freshness Per Alex's §11 watch (08:00 daily) Confirm via watch.
12.8 KN-15128 immutability Right (sacred) No work; sacred.
12.9 Enrichment backfill Wrong (99.4% gap) BACKFILL-01 One-shot.
12.10 Canonical ingested substrate inventory Pending INGESTED-SUBSTRATE-INVENTORY-01 (filed) Per queue.
12.11 Other opportunistic sources (per spine §4) needs Alex confirmation which other sources are ingested Folds into inventory brief.

No new briefs surfaced. Ingestion work is well-named; the inventory brief is the load-bearing next step.

§4. Gap inventory

Collapsed from §3 GAP tables across all 12 domains. Classified by status:

  • A — Already queued (existing brief covers cleanly)
  • B — Partially queued (existing brief covers part; needs re-scoping)
  • C — Not queued (new brief surfaced by recon)
  • D — Resolved by canonical work (was a gap; foundation now answers it)
  • E — Unknown (audit needed before classifying)

Category A — Already queued (existing briefs cover cleanly)

# Item Brief
A1 Canon vs ADR-018 four tensions CANON-VS-ADR-018-RECONCILIATION-01
A2 Worker naming conformance WORKER-AND-DB-NAMING-CONFORMANCE-01 Phase 1
A3 DB naming conformance (asymmetric cost) WORKER-AND-DB-NAMING-CONFORMANCE-01 Phase 2 + 3
A4 Cartography v1 → v2 CARTOGRAPHY-V2-CONVENTION-CONFORMING-01
A5 Module-level cartography CARTOGRAPHY-MODULE-DRILLDOWN-01
A6 MANDARIN finishing MANDARIN-VIOLATION-01b, 01c
A7 OPS-DB staging IRSL parity OPS-DB-STAGING-IRSL-SCHEMA-PARITY-01
A8 Four identity conventions IDENTITY-MODEL-RATIONALISATION-01
A9 Cross-DB user/product/passkey dupes CROSS-DB-DUPLICATE-CONSOLIDATION-01
A10 Orgs UCCA duplicate ORGS-DUPLICATE-UCCA-RECORD-CLEANUP-01
A11 REGULATORY-EVENTS-TENANT-ISOLATION REGULATORY-EVENTS-TENANT-ISOLATION-01
A12 Stripe + QB ADR-015 + ADR-019 conformance EXTERNAL-WRAPPER-CONFORMANCE-01
A13 SMS audit (Twilio scaffolding) SMS-CURRENT-STATE-AUDIT-01
A14 Billing vendor reconciliation BILLING-VENDOR-RECONCILIATION-01
A15 Bus pattern CF-primitive decision BUS-PATTERN-CF-IMPLEMENTATION-DECISION-01
A16 Studio session-completion gap STUDIO-SESSION-COMPLETION-PATH-AUDIT-01
A17 apps/site product surface decision APPS-SITE-PRODUCT-SURFACE-DECISION-01
A18 TGA mirror corpus audit TGA-MIRROR-CORPUS-AUDIT-01
A19 TGA upstream intelligence capture TGA-UPSTREAM-INTELLIGENCE-CAPTURE-01
A20 TGA Swagger vs reports delta TGA-SWAGGER-VS-REPORTS-DELTA-AUDIT-01
A21 Ingested substrate inventory INGESTED-SUBSTRATE-INVENTORY-01
A22 Credential provider decision CREDENTIAL-PROVIDER-DECISION-01
A23 Telemetry surface TELEMETRY-SURFACE-01
A24 Enrichment backfill BACKFILL-01
A25 Terraform v5 reconciliation TERRAFORM-V5-RECONCILIATION-01 (per prior memory)
A26 Recovery model reconciliation RECOVERY-MODEL-RECONCILIATION-01 (per prior memory)
A27 Terraform import rebase pattern TERRAFORM-IMPORT-REBASE-PATTERN-01 (per prior memory)

Category B — Partially queued (scope expansion already captured in foundation)

# Item Brief Scope note
B1 Admin auth model + credential cartography ADMIN-AUTH-MODEL-RECONCILIATION-01 Scope expanded per ADR-019 to include credential-cartography surface design
B2 Wrapper conformance + env-neutrality EXTERNAL-WRAPPER-CONFORMANCE-01 Scope extended per ADR-019 to enforce environment-neutral wrapper code

Category C — Not queued (new briefs surfaced by recon)

# Item Proposed brief Size
C1 Spine §9 four-vs-five segment drift SPINE-SECTION-9-NAMING-CONVENTION-ALIGN-01 15 min — fold into A1 (canon reconciliation) if scope permits
C2 Apps-layer + route + secret naming scope APPS-AND-ROUTE-NAMING-SCOPE-DECISION-01 30 min decision brief
C3 OPS-DB split shape decision OPS-DB-SPLIT-SHAPE-DECISION-01 Decision brief; prereq to execution briefs
C4 EXT-API RULE compliance audit EXT-API-RULE-COMPLIANCE-AUDIT-01 Audit which integrations have docs/ops/ reference docs
C5 Inbound webhook bus audit INBOUND-WEBHOOK-BUS-AUDIT-01 Audit before designing canonical bus
C6 Public curated showcase implementation PUBLIC-CURATED-SHOWCASE-IMPLEMENTATION-01 Tim's recent product decision needs brief shape
C7 Second-instance pattern audit from OPS-DB-CONTENT-AUDIT-01 close SECOND-INSTANCE-PATTERN-AUDIT-01 Extract from audit close report; may surface additional consolidation briefs
C8 Recon-pass-on-foundation-shift standing rule (Standing rule update, not brief) Add RECON-PASS-ON-FOUNDATION-SHIFT to standing-rules.md
C9 METADATA-RECONCILIATION-AT-COMMIT standing rule (Standing rule update, not brief) Concrete evidence from C1 supports the rule
C10 Governance position for recon docs (Standing-rules update) Add position 4b for recon documents

Category D — Resolved by canonical work

# Item Resolution
D1 Asymmetric rename cost verification Canonical in ADR-018 §"The rename has asymmetric substrate cost"
D2 qb-reconcile, stripe-* classification Resolved by ADR-018 worked examples
D3 Geocoder utility status Confirmed by ADR-018 worked examples
D4 Cellcast as canonical first wrapper Captured in ADR-014
D5 Federation as future credential type Captured in spine §7 + ADR-006

Category E — Unknown (audit needed)

# Item Resolution path
E1 Worker/DB conformance counts Path (a): Alex confirmation via close-report cadence
E2 KN-15128 incidental write audit If any doubt, small audit; otherwise trust sacred discipline
E3 Layer 2 derivation logic in version control Audit if not already verified
E4 DNS-level admin. configuration on both TLDs Quick check
E5 Substrate-level secret scoping completeness Folds into ADMIN-AUTH-MODEL-RECONCILIATION-01
E6 Visual admin-surface broadcasting current state Folds into ADMIN-AUTH-MODEL-RECONCILIATION-01
E7 Token state visibility (timestamps, expiry) Folds into ADMIN-AUTH-MODEL-RECONCILIATION-01
E8 Resend wrapper conformance Folds into EXTERNAL-WRAPPER-CONFORMANCE-01
E9 TGA / yourcareer / ABS / tender wrapper conformance Folds into INGESTED-SUBSTRATE-INVENTORY-01
E10 EXT-API RULE compliance per integration Folds into C4 (EXT-API-RULE-COMPLIANCE-AUDIT-01)
E11 Provenance markers in client file schema Audit; may surface design brief
E12 Signup flow current state (Type 1/2/3) Audit before signup design work
E13 CEO notification flow (ADR-012) Audit; likely implementation brief
E14 Webhook handler current structure Folds into C5 (INBOUND-WEBHOOK-BUS-AUDIT-01)
E15 Internal bus (worker-to-worker) patterns Audit; consolidate if recurring
E16 InstaLearn deployment state Quick check
E17 Module spec versions current Audit; refresh stale
E18 WS-PRODUCT-01 vs module spec coherence Audit during module-work recon
E19 Map updates in same commit as substrate Discipline check; reinforced by C9
E20 Map rendering at docs.rtopacks.com.au Quick check
E21 yourcareer / ABS freshness state Folds into INGESTED-SUBSTRATE-INVENTORY-01
E22 Other opportunistic ingested sources Folds into INGESTED-SUBSTRATE-INVENTORY-01

Inventory totals

  • A (already queued): 27 items
  • B (partially queued — scope expansion): 2 items
  • C (new briefs surfaced): 10 items (7 briefs + 3 standing-rules updates)
  • D (resolved by canonical work): 5 items
  • E (audit needed): 22 items (most fold into existing briefs as confirmation steps)

The ratio is informative: existing queue covers most of the work cleanly (A = 27). The recon's value is in surfacing 7 new briefs + 3 standing-rules updates, resolving 5 prior unknowns, and identifying 22 audit-confirmation items that path (a) processes via Alex's close-report cadence.

§5. Re-sequenced queue

Ordered traversal of the gap inventory, driven by:

  1. Foundation-prerequisite work — unblocks everything downstream
  2. Structural unblockers — unblocks multiple downstream briefs
  3. Substrate stability — should land while touched substrate is well-understood
  4. Opportunistic — small clean briefs without strong dependencies
  5. Deferred — correctly queued but not yet sequenced

Tier 1 — Foundation work (immediate)

Order Brief Why first Source
1 CANON-VS-ADR-018-RECONCILIATION-01 Unblocks all naming-touching work Alex's §8 (tomorrow's first substrate work)
2 SPINE-SECTION-9-NAMING-CONVENTION-ALIGN-01 Fold into #1 or run alongside C1
3 METADATA-RECONCILIATION-AT-COMMIT standing rule Locks in discipline that prevents drift like #2 from accumulating C9
4 RECON-PASS-ON-FOUNDATION-SHIFT standing rule Codifies this recon's method C8
5 Recon document governance position 4b in standing-rules Places recon documents in governance hierarchy C10

Tier 2 — Structural unblockers (after Tier 1)

Order Brief Why Source
6 IDENTITY-MODEL-RATIONALISATION-01 Step 0 for OPS-DB split; blocks several downstream identity briefs Alex's §7
7 BUS-PATTERN-CF-IMPLEMENTATION-DECISION-01 Decision; unblocks bus implementation work Alex's §7
8 OPS-DB-SPLIT-SHAPE-DECISION-01 Decision; unblocks split execution C3
9 CREDENTIAL-PROVIDER-DECISION-01 Unblocks ADMIN-AUTH-MODEL-RECONCILIATION-01 Spine §7
10 APPS-AND-ROUTE-NAMING-SCOPE-DECISION-01 Names boundary of ADR-018 scope C2

Tier 3 — Substrate stability work (after Tier 2)

Order Brief Why Source
11 ADMIN-AUTH-MODEL-RECONCILIATION-01 Major design work; requires CREDENTIAL-PROVIDER-DECISION-01 first A/B1
12 EXTERNAL-WRAPPER-CONFORMANCE-01 Retroactive conformance for Stripe + QB A12/B2
13 WORKER-AND-DB-NAMING-CONFORMANCE-01 Phase 1 Worker renames; cheap; after canon reconciliation Alex's §7
14 EXT-API-RULE-COMPLIANCE-AUDIT-01 Audit reference docs per integration C4
15 INBOUND-WEBHOOK-BUS-AUDIT-01 Audit before bus design C5
16 SECOND-INSTANCE-PATTERN-AUDIT-01 Extract from OPS-DB audit close; may surface additional consolidation work C7
17 SMS-CURRENT-STATE-AUDIT-01 Twilio scaffolding audit before Cellcast module A13

Tier 4 — Module + product work (concurrent with Tier 3)

Order Brief Why Source
18 STUDIO-SESSION-COMPLETION-PATH-AUDIT-01 Elevated priority — must resolve before product demonstration A16
19 APPS-SITE-PRODUCT-SURFACE-DECISION-01 Open decision; informs public surface implementation A17
20 PUBLIC-CURATED-SHOWCASE-IMPLEMENTATION-01 After #19 C6
21 (SMS module brief) After SMS-CURRENT-STATE-AUDIT-01 Implied by Alex's §7

Tier 5 — Opportunistic small briefs

Order Brief Why Source
22 OPS-DB-STAGING-IRSL-SCHEMA-PARITY-01 ~5 min; quick win Alex's §7
23 ORGS-DUPLICATE-UCCA-RECORD-CLEANUP-01 Small cleanup Alex's §7
24 BACKFILL-01 One-shot script Standing-rules.md
25 BILLING-VENDOR-RECONCILIATION-01 Prereq to billing migration Alex's §7

Tier 6 — Ingested corpora work

Order Brief Why Source
26 INGESTED-SUBSTRATE-INVENTORY-01 Canonical inventory; informs subsequent corpora work Alex's §7
27 TGA-MIRROR-CORPUS-AUDIT-01 Confirm integrity Alex's §7
28 TGA-SWAGGER-VS-REPORTS-DELTA-AUDIT-01 Audit delta Alex's §7
29 TGA-UPSTREAM-INTELLIGENCE-CAPTURE-01 Per queue Alex's §7

Tier 7 — Naming + cartography completion (after Tier 3)

Order Brief Why Source
30 WORKER-AND-DB-NAMING-CONFORMANCE-01 Phase 2 Opportunistic DB renames; bundles with OPS-DB split Alex's §7
31 CARTOGRAPHY-V2-CONVENTION-CONFORMING-01 After first substrate-changing brief Alex's §7
32 WORKER-AND-DB-NAMING-CONFORMANCE-01 Phase 3 Deliberate remaining DB renames Alex's §7
33 CARTOGRAPHY-MODULE-DRILLDOWN-01 Module-level cartography Alex's §7

Tier 8 — Post-foundation cleanup + identity

Order Brief Why Source
34 CROSS-DB-DUPLICATE-CONSOLIDATION-01 (3 sub-briefs) After IDENTITY-MODEL-RATIONALISATION-01 Alex's §7
35 MANDARIN-VIOLATION-01b Continue MANDARIN finishing Prior memory
36 MANDARIN-VIOLATION-01c Continue MANDARIN finishing Prior memory
37 TELEMETRY-SURFACE-01 After bus pattern implementation begins Prior memory

Tier 9 — Infrastructure reconciliation

Order Brief Why Source
38 TERRAFORM-V5-RECONCILIATION-01 78 held writes Prior memory
39 TERRAFORM-IMPORT-REBASE-PATTERN-01 Future major-version upgrades Prior memory
40 RECOVERY-MODEL-RECONCILIATION-01 Consolidate four-tier recovery model Prior memory

Deferred (post-revenue)

Order Brief Why deferred
REGULATORY-EVENTS-TENANT-ISOLATION-01 Cross-tenant query patterns; post-revenue priority
Audit-trail-of-credential-changes brief Per ADR-019; not blocking for current operations

Sequencing notes

  • The Tim/Alex/Claude drip rate determines actual throughput. Brief drip rule remains in force; one brief in flight at a time.
  • Tiers can be partially concurrent. Tier 1 + Tier 4 (Studio session-completion audit) could run alongside. Tier 5 (opportunistic small) can interleave anywhere.
  • STUDIO-SESSION-COMPLETION-PATH-AUDIT-01 has elevated priority per prior memory — must resolve before product demonstration. May want to bring forward into Tier 1 if a demo is on the horizon.
  • The "Cellcast SMS module" brief is implied but not formally named. Worth naming once SMS-CURRENT-STATE-AUDIT-01 closes.
  • Recon-pass-on-foundation-shift standing rule (Tier 1) locks in this method for future foundation shifts.

§6. Delta document

The auditable record of what changed between yesterday's implicit queue and today's explicit queue.

Collapsed

None. No briefs in the existing queue were rendered redundant by the new foundation. The foundation tightened the lens but did not collapse work.

Re-scoped

Brief Scope change Source
ADMIN-AUTH-MODEL-RECONCILIATION-01 Expanded to include credential-cartography surface design Per ADR-019; captured in Alex's §5
EXTERNAL-WRAPPER-CONFORMANCE-01 Extended to enforce environment-neutral wrapper code Per ADR-019; captured in Alex's §5
WORKER-AND-DB-NAMING-CONFORMANCE-01 Three-phase structure formalised (workers immediate, DB opportunistic, deliberate remainder) Per ADR-018 v4 asymmetric-cost recognition; captured in Alex's §6
DB-NAMING-LEGACY-oc-suffix-01 Subsumed into WORKER-AND-DB-NAMING-CONFORMANCE-01 Per Alex's §7

Added (new briefs surfaced by recon)

Brief Source
SPINE-SECTION-9-NAMING-CONVENTION-ALIGN-01 C1 — spine §9 four-vs-five segment drift
APPS-AND-ROUTE-NAMING-SCOPE-DECISION-01 C2 — boundary of ADR-018 scope
OPS-DB-SPLIT-SHAPE-DECISION-01 C3 — decision held; needs brief shape
EXT-API-RULE-COMPLIANCE-AUDIT-01 C4 — reference doc audit per integration
INBOUND-WEBHOOK-BUS-AUDIT-01 C5 — audit before canonical bus design
PUBLIC-CURATED-SHOWCASE-IMPLEMENTATION-01 C6 — Tim's product decision needs brief shape
SECOND-INSTANCE-PATTERN-AUDIT-01 C7 — extract from OPS-DB audit close report

Added (standing-rules updates)

Item Source
METADATA-RECONCILIATION-AT-COMMIT (rule) C9 — concrete evidence from spine §9 drift
RECON-PASS-ON-FOUNDATION-SHIFT (rule) C8 — codifies this recon's method
Recon documents at governance position 4b C10 — places artefact class in hierarchy

Confirmed (existing briefs validated against new foundation)

All 27 Category A briefs from §4 confirmed against the new foundation. The existing queue is largely well-scoped; the new foundation tightened the lens without requiring re-scoping of most work.

Unknown items pending path (a) confirmation

22 Category E items from §4. Path (a) processes these via Alex's close-report cadence as work proceeds.

Resolved by canonical work (no longer gaps)

5 Category D items from §4. Foundation now answers what was previously unknown.

Net inventory shift

  • Before recon: ~30+ briefs in implicit queue with mixed scope-state and pre-foundation assumptions
  • After recon: 27 Category A confirmed + 2 Category B with explicit scope expansion + 7 new briefs added + 3 standing-rules updates + 22 path-(a) confirmation items

The queue grew by 7 briefs and 3 rule updates, tightened scope on 2 existing briefs, and surfaced 22 confirmation items. No briefs collapsed.

§7. Discipline observations from the recon

Four observations worth carrying forward, surfaced by the act of running the recon itself.

7.1 Canonical-doc drift is real and silent

The spine §9 four-segment vs ADR-018 v4 five-segment finding (item 1.2 / C1) is concrete evidence that canonical docs can drift from each other even when refined the same day. The METADATA-RECONCILIATION-AT-COMMIT candidate standing rule directly addresses this failure mode. The recon strengthens the case for codifying it.

7.2 The recon validates the canonical foundation as well as the queue

By forcing a domain-by-domain walk through the foundation, the recon surfaced one canonical-doc drift item (spine §9) and confirmed coherence across the rest of the foundation. The act of running the recon is itself a discipline check on the canonical state, not just on the queue.

7.3 Path (a) for Alex confirmation works structurally

22 Category E items are absorbed by path (a) without disrupting any single brief's cadence. Each item routes to the natural close-report touchpoint of an existing or new brief. The recon does not need a separate Alex-confirmation cycle; the items distribute across the brief queue.

7.4 Most of the existing queue holds up under the new foundation

27 Category A items vs 7 Category C items is roughly 4:1 confirmation-to-new ratio. The existing queue was well-scoped at filing time. The recon's value is not "the queue was wrong" — it is "validate the queue against a new foundation and surface the small handful of items that the new foundation creates or resolves."

This ratio is itself a useful diagnostic: if a future recon produces a 1:1 or worse ratio of new-to-existing, that signals either the foundation moved more substantially than this one or the queue was filed less rigorously than this one.

§8. Open questions and follow-ups

  1. Tim review of full recon before any briefs drip. Specific items to validate: Tier 1 sequencing (does canon reconciliation truly come first vs spine §9 alignment or standing-rules updates first); Tier 4 elevated-priority decision on Studio session-completion (does it pull forward into Tier 1 or sit in Tier 4); whether STUDIO-SESSION-COMPLETION-PATH-AUDIT-01 needs to pull forward depending on demo timeline.

  2. Alex pressure-test of CURRENT and GAP entries marked "needs Alex confirmation" — via path (a) close-report cadence rather than batch review.

  3. METADATA-RECONCILIATION-AT-COMMIT conversation — codify as standing rule. Spine §9 drift is the concrete evidence supporting it.

  4. Recon governance position decision — confirm position 4b for recon documents, update standing-rules.md accordingly.

  5. The "Cellcast SMS module" brief is implied but not formally filed. Worth filing once SMS-CURRENT-STATE-AUDIT-01 closes.

  6. Tier 1 vs Tier 4 trade-off: foundation work (standing-rules updates, naming alignments) vs product work (Studio session-completion audit). Depends on product-demonstration timeline. Tim's call.

§9. Recommendation

The recon validates that the existing brief queue is largely well-scoped against the new canonical foundation. The recon also surfaces a small set of new work (7 briefs + 3 standing-rules updates) that should be incorporated.

Recommended next actions, in order:

  1. Tim reviews this recon for sequencing validation and Tier 1 vs Tier 4 priority call.
  2. Recon goes to canonical location at docs/docs/ops/recon/RECON-FOUNDATION-LENS-01.md once validated.
  3. Recon goes to Alex for substrate-state pressure-testing via path (a). Confirmation items resolve through close-report cadence.
  4. First brief drips: CANON-VS-ADR-018-RECONCILIATION-01 per Alex's §8 (Tim's pre-existing decision). SPINE-SECTION-9-NAMING-CONVENTION-ALIGN-01 folds in or runs alongside.
  5. Standing-rules updates land at the appropriate moment — likely after canon reconciliation closes, since it touches naming convention directly.
  6. Tier 2 structural unblockers drip per the order in §5.

This re-sequenced queue is the working brief queue from this point forward. Briefs filed before this recon are validated; briefs filed by this recon are added; briefs not in this recon's queue are either deferred or require re-evaluation against the lens before filing.

Changelog

  • v1 (2026-05-27 morning) — initial draft. Anchored against stale project-files content (ADRs 1-13, pre-v2 spine, pre-governance-hierarchy standing-rules). Method shape sound but specifics thin. Preserved at RECON-FOUNDATION-LENS-01-v1-stale.md as evidence of the corpus-discipline failure (working from stale docs).
  • v2 (2026-05-27, this version) — full recon pass. Re-anchored against current canonical foundation: client-spine v2 (417 lines), architecture-decisions v4 (646 lines, ADRs 1-19), standing-rules post-governance-hierarchy (615 lines), Alex's Time Machine for Claude (271 lines). All 12 domains walked. §4 gap inventory assembled. §5 re-sequenced queue produced. §6 delta document recorded.

End of RECON-FOUNDATION-LENS-01. Method validated by Tim review; recon validated by Alex via path (a) close-report cadence; first brief drips per §5 Tier 1.