Generate Runtime · Planning

Context

Phase 12F เปิด SUB-1 "Generated Assets Navigator" · B ทำ registry + checklist + promotion path เก็บไว้. A ต้อง build runtime: review queue UI · reviewer assignment · sign-off capture · promotion action ที่ write back to B-owned registry via approval-gated API · filter UI (<300ms) · diff view. เน้น: no AI-authored artefact becomes T1 (founder-authored only) · promotion T5→T4/T3/T2 เท่านั้น.

docs/kb/data/generated_assets.jsonRegistry · 8 categories · 8 review statuses · 4-stage promotion path

docs/kb/data/generated_assets_checklist.jsonPer-asset checklist items · post-gen recovery guide

docs/kb/data/approval_matrix.jsonRole + gate rules · dual-approval rules · sensitive markers

Scope

Review queue UI: list of AI-generated assets awaiting review · filter + sort + assign
Reviewer assignment: drag-to-assign or auto-route by category · notify via alerting_model
Sign-off capture: reviewer identity + decision + rationale + timestamp + signature (JWT-anchored)
Promotion action: approval-gated API that updates review_status + authority_tier on the asset record
Diff view: side-by-side before/after on promotion + history timeline
Filter UI: by category · confidence · tier · review_status · impact_area · phase · <300ms response
Promotion path validator: enforce rules from promotion_path_stages (T5→T4/T3/T2 only · T1 forbidden)
Audit trail: every promotion written to WORM log
Integration with B registry: read via asset_entries[] · write-back NOT direct — via A-held approval-gated API only

Field Mapping — Asset Entry B asset_entries[*] → A runtime

Source: generated_assets.asset_entries[*] (B registry).

B Field	B Type	A Runtime Target	A Owner	Approval Gate	Binding	Notes
id	string	Queue item PK · URL `/app/generate/{id}`	Backend + FE	none	mapped-not-bound	Read-only mirror of B registry
path	string	Link to the actual artefact file (usually `docs/kb/...`)	Frontend	none	mapped-not-bound	Open in side panel · do not edit (B-owned)
category	enum(8)	Queue filter chip · routing to reviewer pool	Backend + FE	none	mapped-not-bound	8 cats: docs-created/updated · ui-routes · data-contracts · subsystem-artifacts · pending-handoff · tenant-only · reusable-shared
phase	string	Filter + group header · "Phase 12E · 12F · ..."	Frontend	none	mapped-not-bound	—
confidence	enum	Confidence badge on card	Frontend	none	mapped-not-bound	high/medium/low/requires_human_review
authority_tier	enum T1..T5	Tier badge · determines promotion eligibility	Backend	gate-promotion	mapped-not-bound	Start at T5 · T1 forever forbidden for AI-authored
review_status	enum(8)	Status chip · drives queue partition	Backend	gate-status-transition	mapped-not-bound	unreviewed → drafter-self → peer → governance → dual → sensitive-dual → promoted / rejected
impact_area	enum	Impact filter · drives reviewer role	Backend	none	mapped-not-bound	e.g., sensitive-surface → sensitive reviewer required
source_basis	string	Source annotation on detail view	Frontend	none	mapped-not-bound	Where Claude got the evidence from
promotion_path	array	Timeline view · next-step hint	Frontend	none	mapped-not-bound	Per-asset tracked path from T5 toward target tier

Field Mapping — Review Status Transitions

Source: generated_assets.review_status_enum (8 states) + promotion_path_stages (4 transitions).

B Status	A UI State	Transition Trigger	Approval Gate	Binding	Notes
rev-unreviewed	"New" queue	mapped-not-bound	Auto on ingest	none	Default for all AI assets
rev-drafter-self	Drafter review	mapped-not-bound	Drafter sign-off	gate-self	First eyes-on
rev-peer	Peer review	mapped-not-bound	1 peer signature	gate-peer	Required for T5→T4 promotion
rev-governance	Governance review	mapped-not-bound	Governance role signature	gate-governance	Required for T5→T3
rev-dual	Dual-approved	mapped-not-bound	2 distinct reviewers · DEC seal	gate-dual	Required for T5→T2 (canonical spec)
rev-sensitive-dual	Sensitive-dual	mapped-not-bound	2 distinct + domain expert	gate-sensitive-dual	For sensitive-surface assets
rev-promoted	Promoted (shown w/ tier)	mapped-not-bound	Transition API call (gated)	gate-promotion	Writes back to B via A's audit-wrapped API
rev-rejected	Rejected (proposal archive)	mapped-not-bound	Reviewer rejection + reason	gate-rejection	Kept as proposal · never deleted

A-owned Runtime Boundary ขอบเขต A vs B

B owns (read-only for A)

Contract JSON (all fields listed in "Context" block above)
Trilingual label parity
honest_note + requires_human_review flags
Contract evolution (schema-versioned)

A owns (this runtime)

All tables + indexes for entities in ER diagram below
API endpoints in API Sketch block
Frontend components + chart/form rendering
Cache + feature flag integration
Auth + sign-off capture
Audit trail

ER Diagram A-owned tables · Generate · registry + signatures

Generate · registry + signatures

API Sketch FastAPI endpoints

GET/api/generate/assets?status=rev-unreviewed&category=cat-docs-created

List assets by filter · 300ms target

POST/api/generate/assets/{id}/assign

Assign reviewer · SLA timer starts

POST/api/generate/assets/{id}/sign

Capture reviewer decision + JWT signature

POST/api/generate/assets/{id}/promote

Promote T5 → T4/T3/T2 · gated by approval_refs · T1 forbidden

GET/api/generate/assets/{id}/diff

Diff before/after promotion · hash-verifiable

Sequence Flow T5 → T3 promotion · governance gate

T5 → T3 promotion · governance gate

Dependencies

Upstream

Auth + JWT tier (reviewer identity)
Approval matrix (dual-approval rules)
Audit trail (WORM)
Feature flag generate.runtime_v1

Downstream

Tier migration of canonical docs (T5→T4/T3/T2)
Knowledge Base consuming promoted assets

Human Approval Gates

gate-self Drafter signs own review
gate-peer 1 peer reviewer
gate-governance Governance role
gate-dual 2 distinct reviewers + DEC seal (for T5→T2)
gate-sensitive-dual 2 reviewers + domain expert (sensitive surface)
gate-promotion Final write to registry via A's approval-gated API
gate-rejection Rejection reason + audit log

Risks

Promotion bypasses B-owned registry

High

Only A-held approval-gated API can write · direct DB writes blocked · audit log WORM

AI-authored content promoted to T1 (founder tier)

High

Hard rule: T1 target tier REJECTED at API layer for AI assets · founder manual write only

Reviewer self-approves (reviewer = drafter)

Med

API enforces reviewer ≠ drafter for peer/governance/dual gates

Sensitive asset missed sensitive-dual path

High

impact_area flag enforced at ingest · cannot promote without sensitive-dual if flagged

Rejection loses provenance

Low

rev-rejected = kept as proposal · never deleted · searchable

Filter UI slow on large registry (>1000 assets)

Med

Indexed view + client-side debounce + virtualised list · 300ms p95 target

Definition of Done

Registry read-mirror renders all 8 categories + 8 statuses correctly
Review queue UI operational with assignment + SLA timer
Sign-off capture records identity + signature JWT-anchored
All 4 promotion transitions (T5→T4/T3/T2) gated and testable
T5→T1 blocked with clear error message at API
Filter UI responds <300ms p95 on 5000-asset dataset
Diff view shows asset before/after promotion
WORM audit log of every promotion action
All 7 approval gates signed off
Feature flag generate.runtime_v1 staged rollout + rollback drilled

Deferred

Auto-promotion (always requires human sign-off)
Reviewer gamification / leaderboard (later phase)
Auto-reviewer routing by ML (v2 after baseline)
External reviewer integration (legal · compliance third party) — out of scope
Bulk promotion tools (safer to do one-at-a-time initially)

Generate Runtime 03 · แกลเลอรี AI · audit + promotion · ไม่ใช่เครื่องสร้างใหม่

Context

Scope

Field Mapping — Asset Entry B asset_entries[*] → A runtime

Field Mapping — Review Status Transitions

A-owned Runtime Boundary ขอบเขต A vs B

B owns (read-only for A)

A owns (this runtime)

ER Diagram A-owned tables · Generate · registry + signatures

API Sketch FastAPI endpoints

Sequence Flow T5 → T3 promotion · governance gate

Dependencies

Upstream

Downstream

Human Approval Gates

Risks

Definition of Done

Deferred