Skip to content

Documentation Integrity Report

FieldValue
Protocol/docs-verify
Date (local)2026-07-11
ModeCORPUS
Scope pathsdocs/**/*.md (excl. node_modules, .vitepress)
Repos consultedvtrc-api, cu-central-api, centralize-api, vtrc-web, vtrc-rc-backoffice
Files in scope205
Files trap-sweptAll volume-* + audit (mandatory traps T1–T14)
Overall verdictCONDITIONAL PASS
Evidence standardStatic code + config re-measured this run (no e2e)
Prior auditsLeads only — docs-verify-2026-07-11-corpus-pass.md, DELTA, A.8

1. Executive Verdict

English: VitePress volumes clear all P0 trap classes against code re-measured in this run (live bridge = cu-central, ports layered in Vol 0/3/5/10/16, KBANK = กสิกรไทย, OTP in MariaDB, statusKcash ids 6–10, cron gating, Vol 6/7 inventories, A.4↔Vol 14). Verdict is CONDITIONAL PASS because Volume 2 still oversimplifies cu-central as “port 8082” without CODE_DEFAULT 8080 classification (P1 PARTIAL), and superseded docs/audit/* bodies remain partially stale under banners (P2).

ไทย: คู่มือ VitePress ผ่านเกณฑ์ P0 หลังวัดโค้ดใหม่ในรอบนี้ — แต่สถานะรวมเป็น CONDITIONAL PASS เพราะ Volume 2 ยังเขียนพอร์ต 8082 แบบไม่แยกชั้นกับ CODE_DEFAULT 8080 (P1) และเนื้อหา docs/audit เก่ายังอยู่ใต้ป้าย SUPERSEDED (P2)


2. Canonical Truths (verified this run)

FactValueEvidence
Live GraphQL bridgenew GraphQLClient(END_POINT_CENTRALIZE)vtrc-api/api/src/centralize/controllers/graphql.js:3,21,84
Live auth${END_POINT_CENTRALIZE_AUTH}/signin (+ bypass/signout/token)auth.js:28,52,75,98
CLIENT_TARGET examplehttp://localhost:8082/api/graphqlvtrc-api/api/.env.example:36-37
cu-central CODE_DEFAULTAPP_PORT = 8080cu-central-api/main-api/src/config.js:20
vtrc-api CODE_DEFAULTAPP_PORT = 8081vtrc-api/api/src/config.js:5
NestJS hrPaySlip@Post()hrpayslip.controller.ts:18
NestJS employee GET / total HTTP14 / 17decorator counts this run
NBC MSSQL namedbHRMI_Center_NBC (no bare dbHRMI_NBC in NestJS src)unique dbHRMI_* grep
statusKcash SUCCESSid '9'status: 'SUCCESS'config.js:508-511
KBANK copyกสิกรไทยconfig.js:389
vtrc crons APP_NOonly fund-rate gated; delegate+statLog ungatedcrons.js:14-27
cu-central crons APP_NOentire block gatedcron.js:9-30
OTPModels.Otp.create; TTL default 3 minsendOtp.model.js:14; config.js:74
Device key comparevalue.key === apiKeyindex.js:34
Session Redis key`${sessionPrefix.name}:${userUid}_${sessionId}`sess:…session.js:18-19
syncModels active79model.js
Web GraphQL exports138 / 41export default keys
components/user/ folders36filesystem
BO axios files15filesystem
BO ApollocreateUploadLink + apiKeyNewsapollo.js:4,10,39
BO Docker runtimenginx:1.24.0Dockerfile:13
Web checkLinkURLorigin → URI via window.location.hrefvtrc-web/.../apollo.js:17-34
A.4 SEC-6/7/8/10trustCert / axois / PII / rate limitmatches Vol 14.2

3. Findings (non-CORRECT)

IDDocClassClaim (short)VerdictSevCode evidenceCorrection
F-001volume-02-architecture/01-system-context.md (+ 02, 03, 04)C2END_POINT_CENTRALIZE → cu-central “(port 8082)” without CODE_DEFAULT 8080PARTIALP1CODE_DEFAULT 8080; CLIENT_TARGET example 8082Align wording with Vol 3 port classification
F-002volume-02-architecture/01-system-context.mdC8Cite graphql.js:90 as primary apiKey evidenceSTALEP2Header setup :17-22; :90 is request log pathUpdate citation
F-003volume-02-architecture/02-topology.mdC8config.js:28 as END_POINT evidenceSTALEP2Confirm current line of END_POINT_CENTRALIZE destructuring (near top of config)Refresh line
F-004docs/audit/04-business-logic.md, 05-tech-debt-register.mdC1/C9Bodies may retain pre-remediation narrativePARTIALP2SUPERSEDED banners present on all audit filesOptional full rewrite; do not use for ops
F-005Historical A.8 2026-07-10 changelog textC2Older “port 8082 = cu-central” phrasingSTALEP2Superseded by later Wave entriesLeave as history or annotate

No P0 WRONG / P0 PARTIAL / P0 CONFLICT found in VitePress trap sweeps this run.


4. Cross-Document Conflicts

IDDoc ADoc BTopicResolution
X-001Vol 2 “port 8082” shorthandVol 0/3/5/10/16 layered portscu-central port classCode: CODE_DEFAULT 8080; CLIENT_TARGET may be 8082 — Vol 2 should match Vol 3
X-002A.4 SEC IDsVol 14.2Debt titlesAligned this run

5. UNVERIFIED Register

IDClaimBlockerHow to unlock
U-001NestJS centralize-api production callerNo client in workspace (E-08)Obtain caller config/repo
U-002Production TLS cipher suiteHost nginx not fully auditable (E-02)Ops sslscan
U-003Exact production listen port behind nginxMultiple layers (8080/8082/8000)Deployed env + upstream
U-004Exhaustive sentence-level claim extraction of all 205 filesTime; trap-based CORPUS usedPer-volume FILE passes
U-005npm/yarn audit CVE currency vs Vol 14Network audit not run this session (E-01)Run audits

6. Correction Checklist

P0

  • [x] None open in VitePress trap classes (this run)

P1

  • [ ] F-001 — Qualify all Vol 2 “port 8082” mentions with CODE_DEFAULT / CLIENT_TARGET language (match Vol 3.4)

P2

  • [ ] F-002/F-003 — Refresh Vol 2 file:line citations
  • [ ] F-004 — Optional full rewrite of superseded audit bodies 04–05
  • [ ] F-005 — Optional annotate historical changelog port wording

7. Coverage & Limitations

AreaCoverage
Traps T1–T14Re-verified vs code + doc greps this run
Vol 0/1/3/5/6/7/9/11/12/13/14/16 key claimsSpot-checked against measurements
Vol 2Identified remaining port shorthand (F-001)
Every pedagogical sentence in all 205 filesNot fully extracted (U-004)
Runtime / e2eNone

  1. Short /docs patch on Volume 2 only (F-001) → expect PASS on next DELTA.
  2. Keep using VitePress volumes as SoT; treat docs/audit/* as historical.

9. Sign-off

CheckStatus
No CORRECT without evidence (canonical table)
P0 dual evidence for trap classes
Cross-doc sweeps done
UNVERIFIED not hidden
Verdict consistent with findingsCONDITIONAL PASS (P0 clear; P1 Vol 2 port shorthand open)

Relation to prior reports

ReportVerdict
docs-verify-2026-07-11-corpus.mdFAIL (pre-remediation)
docs-verify-2026-07-11-delta.mdCONDITIONAL PASS (post Wave 1–2)
docs-verify-2026-07-11-corpus-pass.mdPASS (post Wave 3 — optimistic; did not flag Vol 2 port shorthand)
This reportCONDITIONAL PASS (independent re-audit; Vol 2 P1 remains)