feat(submissions): Composer Slice C — building blocks library (m/paliad#141)

Per the design at docs/design-submission-generator-v2-2026-05-26.md §8
and the Q2 / Q9 ratifications:

- Q2 (m, 2026-05-26): building blocks are plain text paste sources.
  No building_block_id reference is stored on submission_sections.
- Q9 (m, 2026-05-26): four visibility tiers — private / team / firm
  / global.

Schema (mig 149):

- paliad.submission_building_blocks — library catalog. Columns: slug,
  firm (NULL = cross-firm), section_key (binds to one section kind),
  proceeding_family (NULL = any), title_de/_en + description_de/_en
  + content_md_de/_en, author_id, visibility (CHECK in 4-tier set),
  is_published, created_at, updated_at, deleted_at (soft delete).
  RLS: coarse-grained SELECT — every authenticated user sees
  non-deleted non-private rows + own private rows. Tier-specific
  predicate (private/team/firm/global) applied in Go-layer service so
  semantics evolve without RLS migrations. Mutations admin-only (no
  RLS write paths).

- paliad.submission_building_block_admin_versions — append-only
  history per block, retention=20. Admin-side only; NOT referenced
  from submission_sections (per Q2's plain-text-paste model). Exists
  so accidental delete / overwrite are recoverable.

Backend:

- internal/services/submission_building_block_service.go (~510 LoC):
  BuildingBlockService. ListVisible applies tier predicate at query
  time (private = author_id match; firm = firm column NULL OR matches
  branding.Name; team = author shares a project_team with caller via
  paliad.project_teams self-join; global = open). ListAllForAdmin
  drops the predicate. Create + Update + SoftDelete + RestoreVersion
  all transactional; appendVersionTx writes one audit row +
  GC-deletes anything past the retention=20 horizon in the same tx.
  InsertIntoSection (the paste mechanic) clones content_md_<lang>
  into the section row with a "\n\n" separator if section already has
  content. NO building_block_id stamped per Q2.

- internal/handlers/submission_building_blocks.go (~480 LoC): nine
  handlers split between the lawyer-facing picker (list, insert) and
  the admin editor (list, get, create, update, delete, list-versions,
  restore-version, page). buildingBlockUpdateInput uses presence-
  tracking UnmarshalJSON for the four nullable fields (firm,
  proceeding_family, description_de/_en) so PATCH can distinguish
  "no change" from "set to null".

- Routes registered: lawyer-facing under /api/submission-building-blocks,
  admin-gated under /api/admin/submission-building-blocks/* and
  /admin/submission-building-blocks (page).

- Wiring: handlers.Services + dbServices + cmd/server/main.go all
  gain SubmissionBuildingBlock. NewBuildingBlockService takes the
  branding.Name firm hint for the visibility predicate.

Frontend:

- frontend/src/admin-submission-building-blocks.tsx (~85 LoC):
  three-pane admin shell (list / editor / version log) registered
  in build.ts.

- frontend/src/client/admin-submission-building-blocks.ts (~370
  LoC): admin client — list paint, edit form (slug + firm +
  section_key + proceeding_family + title/desc/content per lang +
  visibility radio + is_published toggle), per-block version log
  with restore button. Bilingual labels.

- frontend/src/client/submission-draft.ts: per-section "+ Baustein"
  button on the Composer editor toolbar (Slice B substrate gets one
  more affordance). openBlockPicker opens a modal filtered to the
  section's section_key, 200ms-debounced search by free text against
  title/description/content. Click a hit → POST insert-into-section
  → section row's content_md_<lang> gains the block's content
  appended at the end (Q2's plain-text paste semantic, no lineage).

- ~240 LoC of CSS: modal overlay + picker rows with tier-colored
  visibility chips + admin editor 3-pane grid + form rows + version
  list.

- 12 new i18n keys × 2 langs (admin.building_blocks.*).

Tests:
- TestValidVisibility (8 cases including case-sensitivity + empty).
- TestAppendBlockContent (8 cases covering empty-existing / empty-
  addition / whitespace-only / trailing newline collapse).
- TestBuildingBlockVisibilityConstants pins the 4 string literals
  against drift (RLS predicate + DB CHECK depend on them).

Build hygiene: go build/vet/test -short clean; bun run build clean
(2906 i18n keys, data-i18n scan clean).

Hard rules per ratifications honoured:
- Q2: no building_block_id lineage on sections (paste is plain text).
- Q9: 4 visibility tiers (private/team/firm/global).
- NO behavior change for pre-Composer drafts (the picker just doesn't
  show — section list is hidden for base_id NULL drafts).
- {{rule.X}} aliases preserved (block content goes through the same
  v1 placeholder pass on export as section prose).

NOT in scope per Slice C brief:
- User-authored private blocks (Slice C ships admin curation only;
  any-user create is a follow-up).
- Tier promotion review workflow (admin sets tier directly today).
- Per-section "where is this block used" reverse lookup (no lineage
  to query).
- Slice D's rich-prose features (headings, lists, blockquote) still
  Slice D's job; this Slice doesn't extend the MD walker.

t-paliad-315 Slice C

cmd/server/main.go

@@ -12,6 +12,7 @@ import (
 	"strconv"
 	"strings"
 	"syscall"
+	"time"
 
 	// Embed Go's IANA tz database into the binary so time.LoadLocation works
 	// without OS tzdata. The runtime image (alpine) doesn't ship /usr/share/
@@ -172,6 +173,8 @@ func main() {
 		// the {{rule.X}} alias contract stays preserved inside the
 		// composed body.
 		submissionComposerSvc := services.NewSubmissionComposer(submissionRenderer)
+		// t-paliad-315 Slice C — building-block library.
+		submissionBuildingBlockSvc := services.NewBuildingBlockService(pool, branding.Name)
 		// t-paliad-225 Slice A — user-authored checklist templates.
 		// Slice B adds checklist_shares grants + admin promotion.
 		checklistCatalogSvc := services.NewChecklistCatalogService(pool)
@@ -183,10 +186,11 @@ func main() {
 			Team:           teamSvc,
 			PartnerUnit:    partnerUnitSvc,
 			Party:          partySvc,
-			SubmissionDraft:    submissionDraftSvc,
-			SubmissionBase:     submissionBaseSvc,
-			SubmissionSection:  submissionSectionSvc,
-			SubmissionComposer: submissionComposerSvc,
+			SubmissionDraft:         submissionDraftSvc,
+			SubmissionBase:          submissionBaseSvc,
+			SubmissionSection:       submissionSectionSvc,
+			SubmissionComposer:      submissionComposerSvc,
+			SubmissionBuildingBlock: submissionBuildingBlockSvc,
 			Deadline:       deadlineSvc,
 			Appointment:    appointmentSvc,
 			CalDAV:         caldavSvc,
@@ -355,11 +359,13 @@ func main() {
 			log.Printf("CalDAV start: %v", err)
 		}
 		reminderSvc.Start(bgCtx)
-		// Slice B.4 (mig 140, t-paliad-305): legacy paliad.deadline_rules
-		// dropped. The B.2 dual-write drift-check loop is retired — the
-		// procedural_events / sequencing_rules / legal_sources tables
-		// are now the source of truth and there is no parallel side to
-		// compare against. Pre-drop drift was verified clean in mig 140.
+		// Slice B.2 dual-write drift check (t-paliad-305 / m/paliad#93).
+		// Runs every 6 h while the new procedural_events / sequencing_rules /
+		// legal_sources tables shadow the legacy paliad.deadline_rules
+		// table. A clean run logs at INFO; drift logs at WARN with the
+		// full report so a broken dual-write surfaces before the next
+		// deploy.
+		services.StartDualWriteDriftCheckLoop(bgCtx, pool, 6*time.Hour)
 		go func() {
 			<-bgCtx.Done()
 			log.Println("background services: shutdown signal received")

frontend/build.ts

@@ -40,6 +40,7 @@ import { renderAdminTeam } from "./src/admin-team";
 import { renderAdminAuditLog } from "./src/admin-audit-log";
 import { renderAdminPartnerUnits } from "./src/admin-partner-units";
 import { renderAdminEmailTemplates } from "./src/admin-email-templates";
+import { renderAdminSubmissionBuildingBlocks } from "./src/admin-submission-building-blocks";
 import { renderAdminEmailTemplatesEdit } from "./src/admin-email-templates-edit";
 import { renderAdminEventTypes } from "./src/admin-event-types";
 import { renderAdminApprovalPolicies } from "./src/admin-approval-policies";
@@ -278,6 +279,7 @@ async function build() {
       join(import.meta.dir, "src/client/admin-partner-units.ts"),
       join(import.meta.dir, "src/client/admin-email-templates.ts"),
       join(import.meta.dir, "src/client/admin-email-templates-edit.ts"),
+      join(import.meta.dir, "src/client/admin-submission-building-blocks.ts"),
       join(import.meta.dir, "src/client/admin-event-types.ts"),
       join(import.meta.dir, "src/client/admin-approval-policies.ts"),
       join(import.meta.dir, "src/client/admin-broadcasts.ts"),
@@ -409,6 +411,7 @@ async function build() {
   await Bun.write(join(DIST, "admin-partner-units.html"), renderAdminPartnerUnits());
   await Bun.write(join(DIST, "admin-email-templates.html"), renderAdminEmailTemplates());
   await Bun.write(join(DIST, "admin-email-templates-edit.html"), renderAdminEmailTemplatesEdit());
+  await Bun.write(join(DIST, "admin-submission-building-blocks.html"), renderAdminSubmissionBuildingBlocks());
   await Bun.write(join(DIST, "admin-event-types.html"), renderAdminEventTypes());
   await Bun.write(join(DIST, "admin-approval-policies.html"), renderAdminApprovalPolicies());
   await Bun.write(join(DIST, "admin-broadcasts.html"), renderAdminBroadcasts());

frontend/src/admin-submission-building-blocks.tsx

@@ -0,0 +1,77 @@
+import { h } from "./jsx";
+import { Sidebar } from "./components/Sidebar";
+import { PaliadinWidget } from "./components/PaliadinWidget";
+import { BottomNav } from "./components/BottomNav";
+import { Footer } from "./components/Footer";
+import { PWAHead } from "./components/PWAHead";
+
+// /admin/submission-building-blocks — Composer building-blocks library
+// editor (t-paliad-315 Slice C). Three-pane layout: list on the left,
+// edit form in the middle, version log on the right. Hydrated by
+// client/admin-submission-building-blocks.ts from
+// GET /api/admin/submission-building-blocks.
+
+export function renderAdminSubmissionBuildingBlocks(): string {
+  return "<!DOCTYPE html>" + (
+    <html lang="de">
+      <head>
+        <meta charset="UTF-8" />
+        <meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover" />
+        <meta name="theme-color" content="#BFF355" />
+        <meta name="apple-mobile-web-app-capable" content="yes" />
+        <meta name="apple-mobile-web-app-status-bar-style" content="default" />
+        <PWAHead />
+        <title data-i18n="admin.building_blocks.title">Bausteine &mdash; Paliad</title>
+        <link rel="stylesheet" href="/assets/global.css" />
+      </head>
+      <body className="has-sidebar">
+        <Sidebar currentPath="/admin/submission-building-blocks" />
+        <BottomNav currentPath="/admin/submission-building-blocks" />
+
+        <main>
+          <section className="tool-page">
+            <div className="container">
+              <div className="tool-header">
+                <div>
+                  <h1 data-i18n="admin.building_blocks.heading">Bausteine</h1>
+                  <p className="tool-subtitle" data-i18n="admin.building_blocks.subtitle">
+                    Wiederverwendbare Textbausteine f&uuml;r Composer-Abschnitte.
+                  </p>
+                </div>
+                <div className="tool-header-actions">
+                  <button
+                    type="button"
+                    id="admin-bb-new-btn"
+                    className="btn-primary btn-cta-lime"
+                    data-i18n="admin.building_blocks.action.new">
+                    + Neuer Baustein
+                  </button>
+                </div>
+              </div>
+
+              <div id="admin-bb-feedback" className="form-msg" style="display:none" />
+
+              <div className="admin-bb-layout">
+                <aside className="admin-bb-list" id="admin-bb-list">
+                  <div className="admin-bb-loading" data-i18n="admin.building_blocks.loading">L&auml;dt&hellip;</div>
+                </aside>
+
+                <section className="admin-bb-editor" id="admin-bb-editor">
+                  <p className="admin-bb-empty" data-i18n="admin.building_blocks.editor.empty">
+                    W&auml;hlen Sie einen Baustein aus der Liste &mdash; oder erstellen Sie einen neuen.
+                  </p>
+                </section>
+
+                <aside className="admin-bb-versions" id="admin-bb-versions" />
+              </div>
+            </div>
+          </section>
+        </main>
+
+        <Footer />
+        <PaliadinWidget />
+        <script src="/assets/admin-submission-building-blocks.js"></script>
+      </body>
+    </html>
+  );
+}

frontend/src/client/admin-submission-building-blocks.ts

@@ -0,0 +1,429 @@
+import { initI18n, t, getLang } from "./i18n";
+import { initSidebar } from "./sidebar";
+
+function isEN(): boolean { return getLang() === "en"; }
+
+// /admin/submission-building-blocks — Composer building-blocks admin
+// editor (t-paliad-315 Slice C). Three-pane layout: list → editor →
+// version log. CRUD via /api/admin/submission-building-blocks/*.
+//
+// Per Q2 ratification (m, 2026-05-26): building blocks are plain text
+// paste sources. The editor here is curator-only — no per-section
+// lineage to surface, no "where is this block used" view.
+
+interface BuildingBlockJSON {
+  id: string;
+  slug: string;
+  firm?: string | null;
+  section_key: string;
+  proceeding_family?: string | null;
+  title_de: string;
+  title_en: string;
+  description_de?: string | null;
+  description_en?: string | null;
+  content_md_de: string;
+  content_md_en: string;
+  author_id?: string | null;
+  visibility: string;
+  is_published: boolean;
+  created_at: string;
+  updated_at: string;
+}
+
+interface VersionJSON {
+  id: string;
+  building_block_id: string;
+  content_md_de: string;
+  content_md_en: string;
+  title_de: string;
+  title_en: string;
+  edited_by?: string | null;
+  note?: string | null;
+  created_at: string;
+}
+
+const VISIBILITIES = ["private", "team", "firm", "global"];
+
+// Section keys must match what the Composer base spec declares for
+// each section (see internal/db/migrations/146_submission_bases.up.sql).
+const SECTION_KEYS = [
+  "letterhead", "caption", "introduction", "requests",
+  "facts", "legal_argument", "evidence", "exhibits",
+  "closing", "signature",
+];
+
+const state = {
+  blocks: [] as BuildingBlockJSON[],
+  selectedID: null as string | null,
+  versions: [] as VersionJSON[],
+  dirty: false,
+};
+
+async function boot(): Promise<void> {
+  initI18n();
+  initSidebar();
+  await loadList();
+  document.getElementById("admin-bb-new-btn")?.addEventListener("click", onNew);
+}
+
+async function loadList(): Promise<void> {
+  try {
+    const res = await fetch("/api/admin/submission-building-blocks", { credentials: "include" });
+    if (!res.ok) {
+      feedback(`HTTP ${res.status}`, true);
+      return;
+    }
+    const body = await res.json() as { blocks?: BuildingBlockJSON[] };
+    state.blocks = body.blocks ?? [];
+    paintList();
+  } catch (err) {
+    feedback(String(err), true);
+  }
+}
+
+function paintList(): void {
+  const host = document.getElementById("admin-bb-list");
+  if (!host) return;
+  host.innerHTML = "";
+  if (state.blocks.length === 0) {
+    const empty = document.createElement("p");
+    empty.className = "admin-bb-empty";
+    empty.textContent = isEN() ? "No blocks yet." : "Noch keine Bausteine.";
+    host.appendChild(empty);
+    return;
+  }
+  for (const b of state.blocks) {
+    const row = document.createElement("button");
+    row.type = "button";
+    row.className = "admin-bb-list-row";
+    if (b.id === state.selectedID) row.classList.add("admin-bb-list-row--active");
+    const title = isEN() ? b.title_en : b.title_de;
+    row.innerHTML = `
+      <span class="admin-bb-list-title">${escapeHTML(title || b.slug)}</span>
+      <span class="admin-bb-list-meta">
+        <span class="admin-bb-list-section">${escapeHTML(b.section_key)}</span>
+        <span class="admin-bb-list-vis admin-bb-list-vis--${escapeHTML(b.visibility)}">${escapeHTML(b.visibility)}</span>
+        ${b.is_published ? "" : `<span class="admin-bb-list-draft">${isEN() ? "draft" : "Entwurf"}</span>`}
+      </span>`;
+    row.addEventListener("click", () => onSelect(b.id));
+    host.appendChild(row);
+  }
+}
+
+async function onSelect(id: string): Promise<void> {
+  state.selectedID = id;
+  state.dirty = false;
+  paintList();
+  const b = state.blocks.find(x => x.id === id);
+  if (!b) return;
+  paintEditor(b);
+  await loadVersions(id);
+}
+
+function onNew(): void {
+  state.selectedID = null;
+  state.versions = [];
+  state.dirty = false;
+  paintList();
+  paintEditor(null);
+  paintVersions();
+}
+
+function paintEditor(b: BuildingBlockJSON | null): void {
+  const host = document.getElementById("admin-bb-editor");
+  if (!host) return;
+  const isNew = b === null;
+  const data = b ?? {
+    id: "",
+    slug: "",
+    firm: "",
+    section_key: "requests",
+    proceeding_family: "",
+    title_de: "",
+    title_en: "",
+    description_de: "",
+    description_en: "",
+    content_md_de: "",
+    content_md_en: "",
+    visibility: "firm",
+    is_published: false,
+  } as Partial<BuildingBlockJSON>;
+
+  host.innerHTML = "";
+  const form = document.createElement("form");
+  form.className = "admin-bb-form";
+  form.addEventListener("submit", (e) => { e.preventDefault(); onSave(isNew); });
+
+  form.appendChild(textField("slug", isEN() ? "Slug" : "Slug", data.slug ?? "", true));
+  form.appendChild(textField("firm", "Firm", data.firm ?? "", false, isEN() ? "leer = firmenagnostisch" : "leer = firmenagnostisch"));
+  form.appendChild(selectField("section_key", isEN() ? "Section key" : "Abschnitts-Slug", data.section_key ?? "requests", SECTION_KEYS, false));
+  form.appendChild(textField("proceeding_family", isEN() ? "Proceeding family" : "Verfahrensfamilie", data.proceeding_family ?? "", false, "z. B. de.inf.lg"));
+  form.appendChild(textField("title_de", "Titel (DE)", data.title_de ?? "", true));
+  form.appendChild(textField("title_en", "Title (EN)", data.title_en ?? "", true));
+  form.appendChild(textareaField("description_de", "Beschreibung (DE)", data.description_de ?? "", 2));
+  form.appendChild(textareaField("description_en", "Description (EN)", data.description_en ?? "", 2));
+  form.appendChild(textareaField("content_md_de", isEN() ? "Content (DE Markdown)" : "Inhalt (DE Markdown)", data.content_md_de ?? "", 10));
+  form.appendChild(textareaField("content_md_en", isEN() ? "Content (EN Markdown)" : "Inhalt (EN Markdown)", data.content_md_en ?? "", 10));
+  form.appendChild(selectField("visibility", isEN() ? "Visibility" : "Sichtbarkeit", data.visibility ?? "firm", VISIBILITIES, false));
+  form.appendChild(checkboxField("is_published", isEN() ? "Published" : "Veröffentlicht", Boolean(data.is_published)));
+
+  if (!isNew) {
+    form.appendChild(textField("note", isEN() ? "Save note (optional)" : "Speicher-Notiz (optional)", "", false));
+  }
+
+  const actions = document.createElement("div");
+  actions.className = "admin-bb-form-actions";
+
+  const save = document.createElement("button");
+  save.type = "submit";
+  save.className = "btn-primary btn-cta-lime";
+  save.textContent = isEN() ? "Save" : "Speichern";
+  actions.appendChild(save);
+
+  if (!isNew) {
+    const del = document.createElement("button");
+    del.type = "button";
+    del.className = "btn-link-danger";
+    del.textContent = isEN() ? "Delete" : "Löschen";
+    del.addEventListener("click", () => onDelete());
+    actions.appendChild(del);
+  }
+  form.appendChild(actions);
+  host.appendChild(form);
+}
+
+function textField(name: string, label: string, value: string, required: boolean, hint?: string): HTMLElement {
+  const wrap = document.createElement("label");
+  wrap.className = "admin-bb-form-row";
+  const lab = document.createElement("span");
+  lab.textContent = label + (required ? " *" : "");
+  wrap.appendChild(lab);
+  const input = document.createElement("input");
+  input.type = "text";
+  input.name = name;
+  input.className = "entity-form-input";
+  input.value = value;
+  if (required) input.required = true;
+  wrap.appendChild(input);
+  if (hint) {
+    const h = document.createElement("small");
+    h.className = "admin-bb-form-hint";
+    h.textContent = hint;
+    wrap.appendChild(h);
+  }
+  return wrap;
+}
+
+function textareaField(name: string, label: string, value: string, rows: number): HTMLElement {
+  const wrap = document.createElement("label");
+  wrap.className = "admin-bb-form-row";
+  const lab = document.createElement("span");
+  lab.textContent = label;
+  wrap.appendChild(lab);
+  const ta = document.createElement("textarea");
+  ta.name = name;
+  ta.className = "entity-form-input";
+  ta.rows = rows;
+  ta.value = value;
+  wrap.appendChild(ta);
+  return wrap;
+}
+
+function selectField(name: string, label: string, value: string, options: string[], required: boolean): HTMLElement {
+  const wrap = document.createElement("label");
+  wrap.className = "admin-bb-form-row";
+  const lab = document.createElement("span");
+  lab.textContent = label + (required ? " *" : "");
+  wrap.appendChild(lab);
+  const sel = document.createElement("select");
+  sel.name = name;
+  sel.className = "entity-form-input";
+  for (const opt of options) {
+    const o = document.createElement("option");
+    o.value = opt;
+    o.textContent = opt;
+    if (opt === value) o.selected = true;
+    sel.appendChild(o);
+  }
+  wrap.appendChild(sel);
+  return wrap;
+}
+
+function checkboxField(name: string, label: string, value: boolean): HTMLElement {
+  const wrap = document.createElement("label");
+  wrap.className = "admin-bb-form-row admin-bb-form-row--checkbox";
+  const input = document.createElement("input");
+  input.type = "checkbox";
+  input.name = name;
+  input.checked = value;
+  wrap.appendChild(input);
+  const lab = document.createElement("span");
+  lab.textContent = label;
+  wrap.appendChild(lab);
+  return wrap;
+}
+
+async function onSave(isNew: boolean): Promise<void> {
+  const form = document.querySelector(".admin-bb-form") as HTMLFormElement | null;
+  if (!form) return;
+  const data = new FormData(form);
+  const payload: Record<string, unknown> = {};
+  for (const key of ["slug", "section_key", "title_de", "title_en", "content_md_de", "content_md_en", "visibility"]) {
+    const v = data.get(key);
+    if (v !== null) payload[key] = String(v);
+  }
+  for (const key of ["firm", "proceeding_family", "description_de", "description_en"]) {
+    const v = data.get(key);
+    if (v !== null) {
+      const s = String(v).trim();
+      payload[key] = s === "" ? null : s;
+    }
+  }
+  payload.is_published = (data.get("is_published") === "on");
+  if (!isNew) {
+    const note = data.get("note");
+    if (note) payload.note = String(note);
+  }
+  try {
+    const url = isNew
+      ? "/api/admin/submission-building-blocks"
+      : `/api/admin/submission-building-blocks/${state.selectedID}`;
+    const method = isNew ? "POST" : "PATCH";
+    const res = await fetch(url, {
+      method,
+      credentials: "include",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify(payload),
+    });
+    if (!res.ok) {
+      const body = await res.json().catch(() => ({} as { error?: string }));
+      feedback(body.error ?? `HTTP ${res.status}`, true);
+      return;
+    }
+    const saved = await res.json() as BuildingBlockJSON;
+    feedback(isEN() ? "Saved." : "Gespeichert.", false);
+    await loadList();
+    state.selectedID = saved.id;
+    paintList();
+    paintEditor(saved);
+    await loadVersions(saved.id);
+  } catch (err) {
+    feedback(String(err), true);
+  }
+}
+
+async function onDelete(): Promise<void> {
+  if (!state.selectedID) return;
+  const sure = confirm(isEN() ? "Delete this block?" : "Diesen Baustein löschen?");
+  if (!sure) return;
+  try {
+    const res = await fetch(`/api/admin/submission-building-blocks/${state.selectedID}`, {
+      method: "DELETE",
+      credentials: "include",
+    });
+    if (!res.ok && res.status !== 204) {
+      feedback(`HTTP ${res.status}`, true);
+      return;
+    }
+    feedback(isEN() ? "Deleted." : "Gelöscht.", false);
+    state.selectedID = null;
+    await loadList();
+    paintEditor(null);
+    state.versions = [];
+    paintVersions();
+  } catch (err) {
+    feedback(String(err), true);
+  }
+}
+
+async function loadVersions(blockID: string): Promise<void> {
+  try {
+    const res = await fetch(`/api/admin/submission-building-blocks/${blockID}/versions`, { credentials: "include" });
+    if (!res.ok) {
+      state.versions = [];
+      paintVersions();
+      return;
+    }
+    const body = await res.json() as { versions?: VersionJSON[] };
+    state.versions = body.versions ?? [];
+    paintVersions();
+  } catch {
+    state.versions = [];
+    paintVersions();
+  }
+}
+
+function paintVersions(): void {
+  const host = document.getElementById("admin-bb-versions");
+  if (!host) return;
+  host.innerHTML = "";
+  if (state.versions.length === 0) return;
+  const h = document.createElement("h3");
+  h.textContent = isEN() ? "History" : "Verlauf";
+  host.appendChild(h);
+  for (const v of state.versions) {
+    const row = document.createElement("div");
+    row.className = "admin-bb-version-row";
+    const date = new Date(v.created_at).toLocaleString();
+    row.innerHTML = `
+      <div class="admin-bb-version-meta">${escapeHTML(date)} — ${escapeHTML(v.note ?? "")}</div>`;
+    const btn = document.createElement("button");
+    btn.type = "button";
+    btn.className = "btn-small btn-secondary";
+    btn.textContent = isEN() ? "Restore" : "Wiederherstellen";
+    btn.addEventListener("click", () => onRestore(v.id));
+    row.appendChild(btn);
+    host.appendChild(row);
+  }
+}
+
+async function onRestore(versionID: string): Promise<void> {
+  if (!state.selectedID) return;
+  try {
+    const res = await fetch(
+      `/api/admin/submission-building-blocks/${state.selectedID}/restore/${versionID}`,
+      { method: "POST", credentials: "include" },
+    );
+    if (!res.ok) {
+      feedback(`HTTP ${res.status}`, true);
+      return;
+    }
+    const restored = await res.json() as BuildingBlockJSON;
+    feedback(isEN() ? "Restored." : "Wiederhergestellt.", false);
+    paintEditor(restored);
+    await loadVersions(restored.id);
+    await loadList();
+  } catch (err) {
+    feedback(String(err), true);
+  }
+}
+
+function feedback(msg: string, isError: boolean): void {
+  const host = document.getElementById("admin-bb-feedback");
+  if (!host) return;
+  host.style.display = "";
+  host.className = "form-msg " + (isError ? "form-msg--error" : "form-msg--ok");
+  host.textContent = msg;
+  if (!isError) {
+    setTimeout(() => { host.style.display = "none"; }, 3000);
+  }
+}
+
+function escapeHTML(s: string): string {
+  return s
+    .replace(/&/g, "&amp;")
+    .replace(/</g, "&lt;")
+    .replace(/>/g, "&gt;")
+    .replace(/"/g, "&quot;")
+    .replace(/'/g, "&#39;");
+}
+
+// Silence unused-import warning when t() isn't called directly — i18n
+// is initialised so data-i18n attrs render on first paint.
+void t;
+
+if (document.readyState === "loading") {
+  document.addEventListener("DOMContentLoaded", boot);
+} else {
+  void boot();
+}

frontend/src/client/i18n.ts

@@ -1525,6 +1525,13 @@ const translations: Record<Lang, Record<string, string>> = {
     "submissions.draft.base.hint": "Steuert Schriftarten, Briefkopf und Abschnitts-Defaults.",
     "submissions.draft.sections.title": "Abschnitte",
     "submissions.draft.sections.hint": "Inhalt pro Abschnitt — Autosave nach 500 ms. Letztes Layout in Word.",
+    // t-paliad-315 (m/paliad#141) Composer Slice C — building blocks admin.
+    "admin.building_blocks.title": "Bausteine — Paliad",
+    "admin.building_blocks.heading": "Bausteine",
+    "admin.building_blocks.subtitle": "Wiederverwendbare Textbausteine für Composer-Abschnitte.",
+    "admin.building_blocks.loading": "Lädt…",
+    "admin.building_blocks.action.new": "+ Neuer Baustein",
+    "admin.building_blocks.editor.empty": "Wählen Sie einen Baustein aus der Liste — oder erstellen Sie einen neuen.",
     // t-paliad-240 — global Schriftsätze drafts index page.
     "submissions.index.title": "Schriftsätze — Paliad",
     "submissions.index.heading": "Schriftsätze",
@@ -4606,6 +4613,13 @@ const translations: Record<Lang, Record<string, string>> = {
     "submissions.draft.base.hint": "Drives fonts, letterhead, and section defaults.",
     "submissions.draft.sections.title": "Sections",
     "submissions.draft.sections.hint": "Edit per section — autosaves after 500ms. Final layout in Word.",
+    // t-paliad-315 (m/paliad#141) Composer Slice C — building blocks admin.
+    "admin.building_blocks.title": "Building blocks — Paliad",
+    "admin.building_blocks.heading": "Building blocks",
+    "admin.building_blocks.subtitle": "Reusable text snippets for Composer sections.",
+    "admin.building_blocks.loading": "Loading…",
+    "admin.building_blocks.action.new": "+ New block",
+    "admin.building_blocks.editor.empty": "Pick a block from the list — or create a new one.",
     // t-paliad-240 — global submissions drafts index page.
     "submissions.index.title": "Submissions — Paliad",
     "submissions.index.heading": "Submissions",

frontend/src/client/submission-draft.ts

@@ -1364,6 +1364,16 @@ function renderSectionRow(sec: SubmissionSectionJSON, lang: string, isActive: bo
   toolbar.className = "submission-draft-section-toolbar";
   toolbar.appendChild(makeToolbarButton("B", isEN() ? "Bold" : "Fett", "bold"));
   toolbar.appendChild(makeToolbarButton("I", isEN() ? "Italic" : "Kursiv", "italic"));
+  // t-paliad-315 Slice C — building-block insert button. Opens a
+  // picker modal filtered to this section's section_key. Paste is
+  // plain-text per Q2 (no lineage stamped).
+  const bbBtn = document.createElement("button");
+  bbBtn.type = "button";
+  bbBtn.className = "btn-small btn-secondary submission-draft-section-bb-btn";
+  bbBtn.textContent = isEN() ? "+ Block" : "+ Baustein";
+  bbBtn.title = isEN() ? "Insert a saved building block" : "Baustein einfügen";
+  bbBtn.addEventListener("click", () => openBlockPicker(sec));
+  toolbar.appendChild(bbBtn);
   li.appendChild(toolbar);
 
   const md = (lang === "en" ? sec.content_md_en : sec.content_md_de) || "";
@@ -1513,6 +1523,162 @@ async function onSectionToggleIncluded(sec: SubmissionSectionJSON): Promise<void
   await patchSection(sec.id, { included: !sec.included });
 }
 
+// ─────────────────────────────────────────────────────────────────────
+// t-paliad-315 Slice C — building-block picker modal
+// ─────────────────────────────────────────────────────────────────────
+
+interface BuildingBlockPickJSON {
+  id: string;
+  slug: string;
+  section_key: string;
+  proceeding_family?: string | null;
+  title_de: string;
+  title_en: string;
+  description_de?: string | null;
+  description_en?: string | null;
+  content_md_de: string;
+  content_md_en: string;
+  visibility: string;
+}
+
+let blockPickerSearchTimer: number | null = null;
+
+function openBlockPicker(sec: SubmissionSectionJSON): void {
+  // Remove any prior picker.
+  document.getElementById("submission-bb-picker")?.remove();
+
+  const overlay = document.createElement("div");
+  overlay.id = "submission-bb-picker";
+  overlay.className = "submission-bb-picker-overlay";
+  overlay.addEventListener("click", (ev) => {
+    if (ev.target === overlay) overlay.remove();
+  });
+
+  const modal = document.createElement("div");
+  modal.className = "submission-bb-picker";
+
+  const head = document.createElement("header");
+  head.className = "submission-bb-picker-head";
+  const title = document.createElement("h2");
+  title.textContent = isEN() ? "Insert building block" : "Baustein einfügen";
+  head.appendChild(title);
+  const close = document.createElement("button");
+  close.type = "button";
+  close.className = "btn-small btn-secondary";
+  close.textContent = isEN() ? "Close" : "Schließen";
+  close.addEventListener("click", () => overlay.remove());
+  head.appendChild(close);
+  modal.appendChild(head);
+
+  const search = document.createElement("input");
+  search.type = "search";
+  search.placeholder = isEN() ? "Search blocks…" : "Bausteine suchen…";
+  search.className = "entity-form-input submission-bb-picker-search";
+  modal.appendChild(search);
+
+  const sectionInfo = document.createElement("p");
+  sectionInfo.className = "submission-bb-picker-sectioninfo";
+  sectionInfo.textContent = (isEN() ? "Section: " : "Abschnitt: ") + sec.section_key;
+  modal.appendChild(sectionInfo);
+
+  const list = document.createElement("div");
+  list.className = "submission-bb-picker-list";
+  list.textContent = isEN() ? "Loading…" : "Lädt…";
+  modal.appendChild(list);
+
+  overlay.appendChild(modal);
+  document.body.appendChild(overlay);
+
+  const fetchBlocks = async (q: string) => {
+    const params = new URLSearchParams();
+    params.set("section_key", sec.section_key);
+    if (q) params.set("q", q);
+    try {
+      const res = await fetch(`/api/submission-building-blocks?${params.toString()}`, { credentials: "include" });
+      if (!res.ok) {
+        list.textContent = `HTTP ${res.status}`;
+        return;
+      }
+      const body = await res.json() as { blocks?: BuildingBlockPickJSON[] };
+      paintPickerList(list, body.blocks ?? [], sec, overlay);
+    } catch (err) {
+      list.textContent = String(err);
+    }
+  };
+
+  search.addEventListener("input", () => {
+    if (blockPickerSearchTimer) clearTimeout(blockPickerSearchTimer);
+    blockPickerSearchTimer = window.setTimeout(() => {
+      void fetchBlocks(search.value.trim());
+    }, 200);
+  });
+
+  void fetchBlocks("");
+  setTimeout(() => search.focus(), 0);
+}
+
+function paintPickerList(host: HTMLElement, blocks: BuildingBlockPickJSON[], sec: SubmissionSectionJSON, overlay: HTMLElement): void {
+  host.innerHTML = "";
+  if (blocks.length === 0) {
+    const empty = document.createElement("p");
+    empty.className = "submission-bb-picker-empty";
+    empty.textContent = isEN() ? "No blocks match." : "Keine passenden Bausteine.";
+    host.appendChild(empty);
+    return;
+  }
+  const lang = state.view?.draft.language || "de";
+  for (const b of blocks) {
+    const row = document.createElement("button");
+    row.type = "button";
+    row.className = "submission-bb-picker-row";
+    const title = (lang === "en" ? b.title_en : b.title_de) || b.slug;
+    const desc = (lang === "en" ? b.description_en : b.description_de) || "";
+    const preview = ((lang === "en" ? b.content_md_en : b.content_md_de) || "").slice(0, 200);
+    row.innerHTML = `
+      <div class="submission-bb-picker-row-head">
+        <strong>${escapeHTML(title)}</strong>
+        <span class="submission-bb-picker-vis submission-bb-picker-vis--${escapeHTML(b.visibility)}">${escapeHTML(b.visibility)}</span>
+      </div>
+      ${desc ? `<div class="submission-bb-picker-row-desc">${escapeHTML(desc)}</div>` : ""}
+      <pre class="submission-bb-picker-row-preview">${escapeHTML(preview)}${preview.length === 200 ? "…" : ""}</pre>`;
+    row.addEventListener("click", () => {
+      void insertBlockIntoSection(b.id, sec.id, overlay);
+    });
+    host.appendChild(row);
+  }
+}
+
+async function insertBlockIntoSection(blockID: string, sectionID: string, overlay: HTMLElement): Promise<void> {
+  try {
+    const res = await fetch(
+      `/api/submission-building-blocks/${blockID}/insert-into/${sectionID}`,
+      { method: "POST", credentials: "include" },
+    );
+    if (!res.ok) {
+      console.warn("insert-into PATCH failed", res.status);
+      return;
+    }
+    const updated = await res.json() as SubmissionSectionJSON;
+    if (state.view && state.view.sections) {
+      const idx = state.view.sections.findIndex(s => s.id === sectionID);
+      if (idx >= 0) state.view.sections[idx] = updated;
+    }
+    paintSectionList();
+    overlay.remove();
+  } catch (err) {
+    console.warn("insert block error", err);
+  }
+}
+
+function escapeHTML(s: string): string {
+  return s
+    .replace(/&/g, "&amp;")
+    .replace(/</g, "&lt;")
+    .replace(/>/g, "&gt;")
+    .replace(/"/g, "&quot;")
+    .replace(/'/g, "&#39;");
+}
+
 async function patchSection(sectionID: string, payload: Record<string, unknown>): Promise<void> {
   try {
     const draftID = state.view?.draft.id;

frontend/src/i18n-keys.ts

@@ -125,6 +125,12 @@ export type I18nKey =
   | "admin.broadcasts.loading"
   | "admin.broadcasts.subtitle"
   | "admin.broadcasts.title"
+  | "admin.building_blocks.action.new"
+  | "admin.building_blocks.editor.empty"
+  | "admin.building_blocks.heading"
+  | "admin.building_blocks.loading"
+  | "admin.building_blocks.subtitle"
+  | "admin.building_blocks.title"
   | "admin.card.approval_policies.desc"
   | "admin.card.approval_policies.title"
   | "admin.card.audit.desc"

frontend/src/styles/global.css

@@ -6294,6 +6294,244 @@ dialog.modal::backdrop {
     background: var(--color-bg-elev-2, var(--color-bg-elev-1));
 }
 
+/* t-paliad-315 Slice C — building-block picker modal */
+.submission-draft-section-bb-btn {
+    margin-left: auto;
+}
+
+.submission-bb-picker-overlay {
+    position: fixed;
+    inset: 0;
+    background: rgba(0,0,0,0.4);
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    z-index: 1000;
+}
+
+.submission-bb-picker {
+    background: var(--color-bg, white);
+    border-radius: 6px;
+    padding: 1rem;
+    width: min(720px, 92vw);
+    max-height: 86vh;
+    display: flex;
+    flex-direction: column;
+    gap: 0.6rem;
+    box-shadow: 0 8px 32px rgba(0,0,0,0.25);
+}
+
+.submission-bb-picker-head {
+    display: flex;
+    align-items: center;
+    justify-content: space-between;
+}
+
+.submission-bb-picker-head h2 {
+    margin: 0;
+    font-size: 1.1em;
+}
+
+.submission-bb-picker-search {
+    width: 100%;
+}
+
+.submission-bb-picker-sectioninfo {
+    margin: 0;
+    font-size: 0.85em;
+    color: var(--color-text-muted);
+}
+
+.submission-bb-picker-list {
+    overflow-y: auto;
+    display: flex;
+    flex-direction: column;
+    gap: 0.5rem;
+}
+
+.submission-bb-picker-row {
+    display: block;
+    width: 100%;
+    text-align: left;
+    padding: 0.6rem 0.8rem;
+    border: 1px solid var(--color-border);
+    border-radius: 4px;
+    background: var(--color-bg-elev-1);
+    cursor: pointer;
+}
+
+.submission-bb-picker-row:hover {
+    background: var(--color-bg-lime-tint, var(--color-bg-elev-2));
+}
+
+.submission-bb-picker-row-head {
+    display: flex;
+    align-items: baseline;
+    justify-content: space-between;
+    gap: 0.5rem;
+}
+
+.submission-bb-picker-row-desc {
+    margin: 0.25rem 0;
+    font-size: 0.85em;
+    color: var(--color-text-muted);
+}
+
+.submission-bb-picker-row-preview {
+    margin: 0.25rem 0 0 0;
+    padding: 0;
+    font-family: inherit;
+    font-size: 0.8em;
+    color: var(--color-text-muted);
+    white-space: pre-wrap;
+    max-height: 4em;
+    overflow: hidden;
+}
+
+.submission-bb-picker-vis {
+    font-size: 0.7em;
+    padding: 0.1rem 0.35rem;
+    border-radius: 3px;
+    background: var(--color-bg-subtle, transparent);
+    color: var(--color-text-muted);
+    text-transform: uppercase;
+    letter-spacing: 0.05em;
+}
+
+.submission-bb-picker-vis--private { background: #fde2e2; color: #8a2a2a; }
+.submission-bb-picker-vis--team    { background: #fff4d6; color: #7a5d12; }
+.submission-bb-picker-vis--firm    { background: #def5e2; color: #266e34; }
+.submission-bb-picker-vis--global  { background: #dce8fb; color: #1f437a; }
+
+.submission-bb-picker-empty {
+    text-align: center;
+    color: var(--color-text-muted);
+    padding: 1rem;
+}
+
+/* t-paliad-315 Slice C — /admin/submission-building-blocks editor */
+.admin-bb-layout {
+    display: grid;
+    grid-template-columns: minmax(220px, 280px) 1fr minmax(180px, 240px);
+    gap: 1rem;
+}
+
+.admin-bb-list {
+    display: flex;
+    flex-direction: column;
+    gap: 0.4rem;
+    max-height: 70vh;
+    overflow-y: auto;
+}
+
+.admin-bb-list-row {
+    display: flex;
+    flex-direction: column;
+    gap: 0.2rem;
+    padding: 0.5rem 0.7rem;
+    text-align: left;
+    border: 1px solid var(--color-border);
+    border-radius: 4px;
+    background: var(--color-bg-elev-1);
+    cursor: pointer;
+}
+
+.admin-bb-list-row--active {
+    background: var(--color-bg-lime-tint, var(--color-bg-elev-2));
+    border-color: var(--color-accent-fg, var(--color-text));
+}
+
+.admin-bb-list-title {
+    font-weight: 600;
+    font-size: 0.95em;
+}
+
+.admin-bb-list-meta {
+    display: flex;
+    gap: 0.3rem;
+    font-size: 0.7em;
+    color: var(--color-text-muted);
+}
+
+.admin-bb-list-section {
+    background: var(--color-bg-subtle, transparent);
+    padding: 0.05rem 0.35rem;
+    border-radius: 3px;
+}
+
+.admin-bb-list-vis {
+    padding: 0.05rem 0.35rem;
+    border-radius: 3px;
+}
+
+.admin-bb-list-vis--private { background: #fde2e2; color: #8a2a2a; }
+.admin-bb-list-vis--team    { background: #fff4d6; color: #7a5d12; }
+.admin-bb-list-vis--firm    { background: #def5e2; color: #266e34; }
+.admin-bb-list-vis--global  { background: #dce8fb; color: #1f437a; }
+
+.admin-bb-list-draft {
+    font-style: italic;
+    color: var(--color-text-muted);
+}
+
+.admin-bb-form {
+    display: flex;
+    flex-direction: column;
+    gap: 0.6rem;
+}
+
+.admin-bb-form-row {
+    display: flex;
+    flex-direction: column;
+    gap: 0.2rem;
+}
+
+.admin-bb-form-row--checkbox {
+    flex-direction: row;
+    align-items: center;
+    gap: 0.4rem;
+}
+
+.admin-bb-form-row > span {
+    font-size: 0.85em;
+    color: var(--color-text-muted);
+}
+
+.admin-bb-form-hint {
+    font-size: 0.75em;
+    color: var(--color-text-muted);
+}
+
+.admin-bb-form-actions {
+    display: flex;
+    gap: 0.5rem;
+    margin-top: 0.5rem;
+}
+
+.admin-bb-versions {
+    display: flex;
+    flex-direction: column;
+    gap: 0.4rem;
+    max-height: 70vh;
+    overflow-y: auto;
+}
+
+.admin-bb-version-row {
+    border: 1px solid var(--color-border);
+    border-radius: 4px;
+    padding: 0.4rem 0.55rem;
+    font-size: 0.78em;
+}
+
+.admin-bb-version-meta {
+    color: var(--color-text-muted);
+    margin-bottom: 0.25rem;
+}
+
+.admin-bb-empty {
+    color: var(--color-text-muted);
+}
+
 .submission-draft-language-row {
     display: flex;
     align-items: center;

internal/db/migrations/140_drop_deadline_rules.down.sql

@@ -1,47 +0,0 @@
--- 140_drop_deadline_rules (down) — Slice B.4, t-paliad-305
---
--- Best-effort recovery from the deadline_rules_pre_140 snapshot. The
--- original triggers (mig 079 audit), indexes, CHECK constraints (mig
--- 135 primary_party), and FK constraints on the new tables are NOT
--- recreated here — restoring the working state requires replaying
--- migrations 078/079/091/095/098/122/128/134/135 against the restored
--- table.
---
--- Use this only for catastrophic recovery. The normal revert path
--- for B.4 is to re-deploy the previous container image (which still
--- writes via the dual-write helper to a paliad.deadline_rules that no
--- longer exists) — that would crash on first write, so true revert
--- requires this down + a code revert + a snapshot restore.
-
--- Drop the INSTEAD OF triggers + functions
-DROP TRIGGER IF EXISTS deadline_rules_unified_insert ON paliad.deadline_rules_unified;
-DROP TRIGGER IF EXISTS deadline_rules_unified_update ON paliad.deadline_rules_unified;
-DROP FUNCTION IF EXISTS paliad.deadline_rules_unified_insert_trigger();
-DROP FUNCTION IF EXISTS paliad.deadline_rules_unified_update_trigger();
-
--- Recreate paliad.deadline_rules from snapshot.
-CREATE TABLE paliad.deadline_rules AS TABLE paliad.deadline_rules_pre_140;
-
--- Re-add the PK constraint (CREATE TABLE AS doesn't carry constraints).
-ALTER TABLE paliad.deadline_rules ADD PRIMARY KEY (id);
-
--- Re-point the FKs back to deadline_rules.
-ALTER TABLE paliad.appointments
-    DROP CONSTRAINT IF EXISTS appointments_deadline_rule_id_fkey;
-ALTER TABLE paliad.appointments
-    ADD CONSTRAINT appointments_deadline_rule_id_fkey
-        FOREIGN KEY (deadline_rule_id) REFERENCES paliad.deadline_rules(id);
-
-ALTER TABLE paliad.deadline_rule_backfill_orphans
-    DROP CONSTRAINT IF EXISTS deadline_rule_backfill_orphans_resolved_rule_id_fkey;
-ALTER TABLE paliad.deadline_rule_backfill_orphans
-    ADD CONSTRAINT deadline_rule_backfill_orphans_resolved_rule_id_fkey
-        FOREIGN KEY (resolved_rule_id) REFERENCES paliad.deadline_rules(id);
-
--- Re-add deadlines.rule_id from the snapshot's data (via sequencing_rule_id
--- which inherited deadline_rules.id during mig 136).
-ALTER TABLE paliad.deadlines ADD COLUMN rule_id uuid;
-UPDATE paliad.deadlines SET rule_id = sequencing_rule_id WHERE sequencing_rule_id IS NOT NULL;
-ALTER TABLE paliad.deadlines
-    ADD CONSTRAINT fristen_rule_id_fkey
-        FOREIGN KEY (rule_id) REFERENCES paliad.deadline_rules(id);

internal/db/migrations/140_drop_deadline_rules.up.sql

@@ -1,334 +0,0 @@
--- 140_drop_deadline_rules — Slice B.4 destructive drop (t-paliad-305 / m/paliad#93)
---
--- HARD STOPS:
---   * Audit-first: snapshot paliad.deadline_rules → paliad.deadline_rules_pre_140
---     in the SAME TRANSACTION as the DROP, per m's snapshot policy
---     (precedent migs 091/093/095/098). The whole .up.sql runs inside a
---     single transaction because the migration runner wraps it; if any
---     statement fails, the snapshot CREATE TABLE rolls back with the
---     destructive DROP.
---   * No data loss: paliad.deadline_rules has been a write-side shadow
---     since B.3 (B.2 dual-write keeps sequencing_rules + procedural_events
---     + legal_sources current). Drift verified clean before this slice
---     (deadline_rules=231, sequencing_rules=231, 0 mismatches across
---     counts/FKs/lifecycle/is_active).
---
--- What this migration does:
---   1. Snapshot deadline_rules → deadline_rules_pre_140 (preserves audit
---      trail of the table's final state for forensic + revert paths).
---   2. Final reconciliation: catch any deadlines whose
---      sequencing_rule_id/procedural_event_id columns drifted from the
---      legacy rule_id (no live drift today — defensive).
---   3. Drop the audit trigger on deadline_rules (it can't fire on a
---      gone table; the trigger function itself stays for the historical
---      paliad.deadline_rule_audit reads).
---   4. Re-point FKs that currently target deadline_rules.id over to
---      sequencing_rules.id. The id values are identical (sequencing_rules
---      inherited deadline_rules.id during mig 136 backfill), so no data
---      migration is needed — just the constraint swap. Affects:
---      - paliad.appointments.deadline_rule_id
---      - paliad.deadline_rule_backfill_orphans.resolved_rule_id
---   5. Drop paliad.deadlines.rule_id column. Per design §5.4 step 16:
---      "DROP COLUMN paliad.deadlines.rule_id (keep rule_code +
---      custom_rule_text as the human-readable denormalized columns —
---      they're the safety net for orphaned deadlines per t-paliad-258)."
---      The new sequencing_rule_id + procedural_event_id columns from
---      mig 136 are the FK back-links from B.4 forward.
---   6. DROP TABLE paliad.deadline_rules.
---   7. INSTEAD OF triggers on paliad.deadline_rules_unified that route
---      INSERTs/UPDATEs to the underlying sr+pe+ls tables. Lets the
---      RuleEditorService keep its existing SQL shape (one INSERT, one
---      UPDATE per write method) with only a table-name swap. The
---      triggers project the legacy column shape back to the three new
---      tables exactly as the dual-write helper did in B.2.
---
--- Down: best-effort restore from the snapshot. The original triggers,
--- indexes, and FKs are NOT recreated — operator must replay historical
--- migrations 078/079/091/095/098/122 to bring the table back to a
--- working shape. The down path is for catastrophic recovery, not casual
--- revert.
-
--- ---------------------------------------------------------------
--- 1. Snapshot — must precede the destructive ops (same TX).
--- ---------------------------------------------------------------
-
-CREATE TABLE paliad.deadline_rules_pre_140 AS TABLE paliad.deadline_rules;
-
-COMMENT ON TABLE paliad.deadline_rules_pre_140 IS
-    'Snapshot of paliad.deadline_rules taken in mig 140 (Slice B.4, '
-    't-paliad-305) before the destructive DROP. Mirrors precedent '
-    'pre_091/093/095/098. Read-only forensic + revert source.';
-
--- ---------------------------------------------------------------
--- 2. Final reconciliation — should be a no-op (drift was 0 going
---    into this slice). Belt-and-braces against a write that snuck
---    in between drift-check and this migration.
--- ---------------------------------------------------------------
-
-UPDATE paliad.deadlines d
-   SET sequencing_rule_id  = d.rule_id,
-       procedural_event_id = sr.procedural_event_id
-  FROM paliad.sequencing_rules sr
- WHERE sr.id = d.rule_id
-   AND d.rule_id IS NOT NULL
-   AND (d.sequencing_rule_id IS DISTINCT FROM d.rule_id
-        OR d.procedural_event_id IS DISTINCT FROM sr.procedural_event_id);
-
--- ---------------------------------------------------------------
--- 3. Drop the deadline_rules audit trigger. The trigger function
---    (paliad.deadline_rule_audit_trigger) stays defined for any
---    historical references; mig 079 created it.
--- ---------------------------------------------------------------
-
-DROP TRIGGER IF EXISTS deadline_rules_audit_aiud ON paliad.deadline_rules;
-
--- ---------------------------------------------------------------
--- 4. Re-point FKs from deadline_rules → sequencing_rules.
--- ---------------------------------------------------------------
-
-ALTER TABLE paliad.appointments
-    DROP CONSTRAINT IF EXISTS appointments_deadline_rule_id_fkey;
-ALTER TABLE paliad.appointments
-    ADD CONSTRAINT appointments_deadline_rule_id_fkey
-        FOREIGN KEY (deadline_rule_id) REFERENCES paliad.sequencing_rules(id);
-
-ALTER TABLE paliad.deadline_rule_backfill_orphans
-    DROP CONSTRAINT IF EXISTS deadline_rule_backfill_orphans_resolved_rule_id_fkey;
-ALTER TABLE paliad.deadline_rule_backfill_orphans
-    ADD CONSTRAINT deadline_rule_backfill_orphans_resolved_rule_id_fkey
-        FOREIGN KEY (resolved_rule_id) REFERENCES paliad.sequencing_rules(id);
-
--- Drop the deadlines→deadline_rules FK before we drop the column.
-ALTER TABLE paliad.deadlines
-    DROP CONSTRAINT IF EXISTS fristen_rule_id_fkey;
-
--- ---------------------------------------------------------------
--- 5. Drop paliad.deadlines.rule_id (column + remaining indexes).
--- ---------------------------------------------------------------
-
-ALTER TABLE paliad.deadlines
-    DROP COLUMN IF EXISTS rule_id;
-
--- ---------------------------------------------------------------
--- 6. DROP TABLE paliad.deadline_rules. Now that:
---    - dependent FKs are re-pointed to sequencing_rules,
---    - the audit trigger is dropped,
---    - deadlines.rule_id is gone,
---    nothing references the table anymore. The self-FKs
---    (deadline_rules.parent_id, .draft_of) drop with the table.
--- ---------------------------------------------------------------
-
-DROP TABLE paliad.deadline_rules;
-
--- ---------------------------------------------------------------
--- 7. INSTEAD OF triggers on the view — routes writes to sr+pe+ls.
--- ---------------------------------------------------------------
-
-CREATE OR REPLACE FUNCTION paliad.deadline_rules_unified_insert_trigger()
-RETURNS TRIGGER LANGUAGE plpgsql AS $fn$
-DECLARE
-    v_legal_source_id uuid;
-    v_pe_id           uuid;
-    v_code            text;
-BEGIN
-    -- legal_sources upsert (no-op if NEW.legal_source is NULL)
-    IF NEW.legal_source IS NOT NULL THEN
-        INSERT INTO paliad.legal_sources (citation, jurisdiction)
-        VALUES (NEW.legal_source,
-                COALESCE(NULLIF(split_part(NEW.legal_source, '.', 1), ''), 'other'))
-        ON CONFLICT (citation) DO NOTHING;
-        SELECT id INTO v_legal_source_id
-          FROM paliad.legal_sources
-         WHERE citation = NEW.legal_source;
-    END IF;
-
-    -- Mint synthetic code when submission_code is NULL — same recipe
-    -- as mig 136 + B.2 dual-write helper. Stays byte-identical.
-    v_code := COALESCE(NEW.submission_code,
-                       'null.' || substring(replace(NEW.id::text, '-', ''), 1, 8));
-
-    -- procedural_events upsert. ON CONFLICT (code) deliberately leaves
-    -- lifecycle_state / published_at / is_active alone — those track
-    -- the procedural-event concept's own lifecycle, not the inserting
-    -- sequencing-rule's lifecycle (e.g. a CloneAsDraft of a published
-    -- rule creates a draft sr that shares the published PE; the PE
-    -- should stay 'published'). Identity columns DO update so an
-    -- admin editing a draft's name still flips the lawyer-visible
-    -- label (1:1 today; revisit when 1:N becomes a real pattern).
-    INSERT INTO paliad.procedural_events
-        (code, name, name_en, description, event_kind, primary_party_default,
-         legal_source_id, concept_id, lifecycle_state, published_at, is_active)
-    VALUES
-        (v_code, NEW.name, NEW.name_en, NEW.description, NEW.event_type,
-         NEW.primary_party, v_legal_source_id, NEW.concept_id,
-         COALESCE(NEW.lifecycle_state, 'draft'), NEW.published_at,
-         COALESCE(NEW.is_active, true))
-    ON CONFLICT (code) DO UPDATE SET
-        name                  = EXCLUDED.name,
-        name_en               = EXCLUDED.name_en,
-        description           = EXCLUDED.description,
-        event_kind            = EXCLUDED.event_kind,
-        primary_party_default = EXCLUDED.primary_party_default,
-        legal_source_id       = EXCLUDED.legal_source_id,
-        concept_id            = EXCLUDED.concept_id,
-        -- lifecycle_state / published_at / is_active deliberately omitted
-        updated_at            = now()
-    RETURNING id INTO v_pe_id;
-
-    -- sequencing_rules insert. id is the caller-supplied NEW.id so
-    -- existing FK back-links (deadlines.sequencing_rule_id) resolve.
-    INSERT INTO paliad.sequencing_rules
-        (id, procedural_event_id, proceeding_type_id, parent_id, trigger_event_id,
-         duration_value, duration_unit, timing,
-         alt_duration_value, alt_duration_unit, alt_rule_code, anchor_alt,
-         combine_op, condition_expr, primary_party, sequence_order,
-         is_spawn, spawn_label, spawn_proceeding_type_id,
-         is_bilateral, is_court_set, priority,
-         rule_code, rule_codes, deadline_notes, deadline_notes_en,
-         choices_offered, applies_to_target,
-         lifecycle_state, draft_of, published_at, is_active,
-         created_at, updated_at)
-    VALUES
-        (NEW.id, v_pe_id, NEW.proceeding_type_id, NEW.parent_id, NEW.trigger_event_id,
-         COALESCE(NEW.duration_value, 0), COALESCE(NEW.duration_unit, 'months'),
-         COALESCE(NEW.timing, 'after'),
-         NEW.alt_duration_value, NEW.alt_duration_unit, NEW.alt_rule_code, NEW.anchor_alt,
-         NEW.combine_op, NEW.condition_expr, NEW.primary_party,
-         COALESCE(NEW.sequence_order, 0),
-         COALESCE(NEW.is_spawn, false), NEW.spawn_label, NEW.spawn_proceeding_type_id,
-         COALESCE(NEW.is_bilateral, false), COALESCE(NEW.is_court_set, false),
-         COALESCE(NEW.priority, 'mandatory'),
-         NEW.rule_code, NEW.rule_codes, NEW.deadline_notes, NEW.deadline_notes_en,
-         NEW.choices_offered, NEW.applies_to_target,
-         COALESCE(NEW.lifecycle_state, 'draft'), NEW.draft_of,
-         NEW.published_at, COALESCE(NEW.is_active, true),
-         COALESCE(NEW.created_at, now()), COALESCE(NEW.updated_at, now()));
-
-    RETURN NEW;
-END $fn$;
-
-CREATE TRIGGER deadline_rules_unified_insert
-    INSTEAD OF INSERT ON paliad.deadline_rules_unified
-    FOR EACH ROW EXECUTE FUNCTION paliad.deadline_rules_unified_insert_trigger();
-
-
-CREATE OR REPLACE FUNCTION paliad.deadline_rules_unified_update_trigger()
-RETURNS TRIGGER LANGUAGE plpgsql AS $fn$
-DECLARE
-    v_legal_source_id uuid;
-    v_code            text;
-BEGIN
-    -- legal_sources upsert (only if NEW.legal_source is non-NULL).
-    -- A change FROM non-NULL TO NULL clears legal_source_id on the
-    -- procedural_event below — same shape as mig 136 / B.2 behaviour.
-    IF NEW.legal_source IS NOT NULL THEN
-        INSERT INTO paliad.legal_sources (citation, jurisdiction)
-        VALUES (NEW.legal_source,
-                COALESCE(NULLIF(split_part(NEW.legal_source, '.', 1), ''), 'other'))
-        ON CONFLICT (citation) DO NOTHING;
-        SELECT id INTO v_legal_source_id
-          FROM paliad.legal_sources
-         WHERE citation = NEW.legal_source;
-    END IF;
-
-    v_code := COALESCE(NEW.submission_code,
-                       'null.' || substring(replace(NEW.id::text, '-', ''), 1, 8));
-
-    -- Update procedural_events keyed by the existing PE link on
-    -- sequencing_rules. lifecycle_state / published_at / is_active on
-    -- PE are NOT mirrored from the per-sequencing-rule UPDATE — see
-    -- the INSERT trigger comment for the rationale (a draft sr that
-    -- shares its PE with a published peer must not flip the PE to
-    -- draft). Identity columns DO mirror so editing name/code from
-    -- the admin UI continues to reach the lawyer-visible label.
-    UPDATE paliad.procedural_events
-       SET code                  = v_code,
-           name                  = NEW.name,
-           name_en               = NEW.name_en,
-           description           = NEW.description,
-           event_kind            = NEW.event_type,
-           primary_party_default = NEW.primary_party,
-           legal_source_id       = v_legal_source_id,
-           concept_id            = NEW.concept_id,
-           updated_at            = now()
-     WHERE id = (SELECT procedural_event_id
-                   FROM paliad.sequencing_rules
-                  WHERE id = NEW.id);
-
-    -- Update sequencing_rules (1:1 by id).
-    UPDATE paliad.sequencing_rules
-       SET proceeding_type_id       = NEW.proceeding_type_id,
-           parent_id                = NEW.parent_id,
-           trigger_event_id         = NEW.trigger_event_id,
-           duration_value           = NEW.duration_value,
-           duration_unit            = NEW.duration_unit,
-           timing                   = NEW.timing,
-           alt_duration_value       = NEW.alt_duration_value,
-           alt_duration_unit        = NEW.alt_duration_unit,
-           alt_rule_code            = NEW.alt_rule_code,
-           anchor_alt               = NEW.anchor_alt,
-           combine_op               = NEW.combine_op,
-           condition_expr           = NEW.condition_expr,
-           primary_party            = NEW.primary_party,
-           sequence_order           = NEW.sequence_order,
-           is_spawn                 = NEW.is_spawn,
-           spawn_label              = NEW.spawn_label,
-           spawn_proceeding_type_id = NEW.spawn_proceeding_type_id,
-           is_bilateral             = NEW.is_bilateral,
-           is_court_set             = NEW.is_court_set,
-           priority                 = NEW.priority,
-           rule_code                = NEW.rule_code,
-           rule_codes               = NEW.rule_codes,
-           deadline_notes           = NEW.deadline_notes,
-           deadline_notes_en        = NEW.deadline_notes_en,
-           choices_offered          = NEW.choices_offered,
-           applies_to_target        = NEW.applies_to_target,
-           lifecycle_state          = NEW.lifecycle_state,
-           draft_of                 = NEW.draft_of,
-           published_at             = NEW.published_at,
-           is_active                = NEW.is_active,
-           updated_at               = now()
-     WHERE id = NEW.id;
-
-    RETURN NEW;
-END $fn$;
-
-CREATE TRIGGER deadline_rules_unified_update
-    INSTEAD OF UPDATE ON paliad.deadline_rules_unified
-    FOR EACH ROW EXECUTE FUNCTION paliad.deadline_rules_unified_update_trigger();
-
--- ---------------------------------------------------------------
--- 8. POST assertions.
--- ---------------------------------------------------------------
-
-DO $$
-DECLARE
-    v_snapshot_count   int;
-    v_view_count       int;
-    v_dr_table_exists  int;
-    v_rule_id_col      int;
-BEGIN
-    SELECT COUNT(*) INTO v_snapshot_count FROM paliad.deadline_rules_pre_140;
-    SELECT COUNT(*) INTO v_view_count     FROM paliad.deadline_rules_unified;
-    IF v_snapshot_count <> v_view_count THEN
-        RAISE EXCEPTION '[mig 140] FAILED POST: snapshot has % rows, view has % rows — drift between final state and snapshot',
-            v_snapshot_count, v_view_count;
-    END IF;
-
-    SELECT COUNT(*) INTO v_dr_table_exists
-      FROM information_schema.tables
-     WHERE table_schema = 'paliad' AND table_name = 'deadline_rules';
-    IF v_dr_table_exists > 0 THEN
-        RAISE EXCEPTION '[mig 140] FAILED POST: paliad.deadline_rules table still exists after DROP';
-    END IF;
-
-    SELECT COUNT(*) INTO v_rule_id_col
-      FROM information_schema.columns
-     WHERE table_schema = 'paliad' AND table_name = 'deadlines' AND column_name = 'rule_id';
-    IF v_rule_id_col > 0 THEN
-        RAISE EXCEPTION '[mig 140] FAILED POST: paliad.deadlines.rule_id column still exists after DROP';
-    END IF;
-
-    RAISE NOTICE '[mig 140] OK — deadline_rules dropped, snapshot=% rows, view=% rows, INSTEAD OF triggers active',
-        v_snapshot_count, v_view_count;
-END $$;

internal/db/migrations/149_submission_building_blocks.down.sql

@@ -0,0 +1,4 @@
+-- t-paliad-315: revert building blocks library.
+
+DROP TABLE IF EXISTS paliad.submission_building_block_admin_versions;
+DROP TABLE IF EXISTS paliad.submission_building_blocks;

internal/db/migrations/149_submission_building_blocks.up.sql

@@ -0,0 +1,118 @@
+-- t-paliad-315 (m/paliad#141): Composer Slice C — building blocks library.
+--
+-- Per the design at docs/design-submission-generator-v2-2026-05-26.md §4.4
+-- and the Q2 / Q9 ratifications:
+--
+--   Q2 (m, 2026-05-26): building blocks are plain text paste sources.
+--     No building_block_id reference is stored on submission_sections —
+--     insertion is a one-way copy of content_md_<lang> into the section.
+--     This table records the library; submission_sections doesn't know
+--     where its content came from.
+--
+--   Q9 (m, 2026-05-26): four visibility tiers — private / team / firm
+--     / global. Picker filtering and RLS SELECT predicate both honour
+--     the tier. Tier upgrades (private → team/firm/global) go through
+--     admin moderation in later slices; Slice C starts with admin-only
+--     mutations (no user-initiated rows yet).
+--
+-- The _admin_versions companion table mirrors the email-templates
+-- retention=20 audit history. It is INTERNAL to the admin editor —
+-- not referenced from submission_sections, not exposed to the lawyer.
+-- It exists so accidental delete + accidental overwrite are
+-- recoverable.
+
+CREATE TABLE IF NOT EXISTS paliad.submission_building_blocks (
+    id                uuid PRIMARY KEY DEFAULT gen_random_uuid(),
+    slug              text NOT NULL,
+    firm              text,                       -- e.g. 'HLC', NULL = cross-firm
+    section_key       text NOT NULL,              -- which section kind this block fits
+    proceeding_family text,                       -- 'de.inf.lg', NULL = any family
+    title_de          text NOT NULL,
+    title_en          text NOT NULL,
+    description_de    text,
+    description_en    text,
+    content_md_de     text NOT NULL DEFAULT '',
+    content_md_en     text NOT NULL DEFAULT '',
+    author_id         uuid REFERENCES paliad.users(id) ON DELETE SET NULL,
+    visibility        text NOT NULL,              -- 'private' | 'team' | 'firm' | 'global'
+    is_published      bool NOT NULL DEFAULT false,
+    created_at        timestamptz NOT NULL DEFAULT now(),
+    updated_at        timestamptz NOT NULL DEFAULT now(),
+    deleted_at        timestamptz,
+
+    CONSTRAINT submission_building_blocks_visibility_check
+        CHECK (visibility IN ('private', 'team', 'firm', 'global')),
+    CONSTRAINT submission_building_blocks_unique_slug_per_firm
+        UNIQUE (slug, firm)
+);
+
+CREATE INDEX IF NOT EXISTS submission_building_blocks_section_visibility_idx
+    ON paliad.submission_building_blocks (section_key, visibility, firm, proceeding_family)
+    WHERE deleted_at IS NULL AND is_published;
+
+CREATE INDEX IF NOT EXISTS submission_building_blocks_author_idx
+    ON paliad.submission_building_blocks (author_id)
+    WHERE deleted_at IS NULL;
+
+ALTER TABLE paliad.submission_building_blocks ENABLE ROW LEVEL SECURITY;
+
+-- SELECT policy: coarse-grained RLS that admits every non-deleted
+-- block to any authenticated user. The Go-side BuildingBlockService
+-- applies the fine-grained tier predicate (private / team / firm /
+-- global) using branding.Name + team-membership joins. This split
+-- keeps the SQL simple and lets the tier semantics evolve in code
+-- without RLS migrations.
+--
+-- The exception below is 'private': only the author sees their own
+-- private rows. That's the hard line where a tier upgrade is
+-- substantive enough to warrant DB-level enforcement.
+DROP POLICY IF EXISTS submission_building_blocks_select ON paliad.submission_building_blocks;
+CREATE POLICY submission_building_blocks_select
+    ON paliad.submission_building_blocks FOR SELECT TO authenticated
+    USING (
+        deleted_at IS NULL
+        AND (
+            visibility <> 'private'
+            OR author_id = auth.uid()
+        )
+    );
+
+-- INSERT / UPDATE / DELETE intentionally absent — admin mutations
+-- happen at the Go handler layer with explicit adminGate. RLS without
+-- mutation policies denies them by default.
+
+DROP TRIGGER IF EXISTS submission_building_blocks_set_updated_at ON paliad.submission_building_blocks;
+CREATE TRIGGER submission_building_blocks_set_updated_at
+    BEFORE UPDATE ON paliad.submission_building_blocks
+    FOR EACH ROW EXECUTE FUNCTION paliad.tg_set_updated_at();
+
+COMMENT ON TABLE paliad.submission_building_blocks IS
+    't-paliad-315: Composer building-block library. Plain text paste sources for section content (no lineage tracked on sections per Q2 ratification). 4-tier visibility per Q9.';
+
+
+-- _admin_versions: append-only history per block. Admin-side only;
+-- not referenced from submission_sections. Retention 20 per block,
+-- GCed in the same transaction as the Save (mirrors email-templates).
+CREATE TABLE IF NOT EXISTS paliad.submission_building_block_admin_versions (
+    id                uuid PRIMARY KEY DEFAULT gen_random_uuid(),
+    building_block_id uuid NOT NULL REFERENCES paliad.submission_building_blocks(id) ON DELETE CASCADE,
+    content_md_de     text NOT NULL,
+    content_md_en     text NOT NULL,
+    title_de          text NOT NULL,
+    title_en          text NOT NULL,
+    edited_by         uuid REFERENCES paliad.users(id) ON DELETE SET NULL,
+    note              text,
+    created_at        timestamptz NOT NULL DEFAULT now()
+);
+
+CREATE INDEX IF NOT EXISTS submission_building_block_admin_versions_block_idx
+    ON paliad.submission_building_block_admin_versions (building_block_id, created_at DESC);
+
+ALTER TABLE paliad.submission_building_block_admin_versions ENABLE ROW LEVEL SECURITY;
+
+-- Admin-only audit; the handler layer gates this via adminGate and
+-- writes via SECURITY DEFINER paths or admin-role SQL. No RLS SELECT
+-- policy exists, so non-admin users get an empty result set.
+
+COMMENT ON TABLE paliad.submission_building_block_admin_versions IS
+    't-paliad-315: append-only history per building block. Admin-side only; retention 20 rows per block, GCed at Save time.';

internal/handlers/admin_rules.go

@@ -8,7 +8,6 @@ import (
 
 	"github.com/google/uuid"
 
-	"mgit.msbls.de/m/paliad/internal/models"
 	"mgit.msbls.de/m/paliad/internal/services"
 )
 
@@ -26,60 +25,6 @@ import (
 // is mapped to 409 Conflict so the editor UI can show a clear "must
 // clone first" hint.
 
-// Slice B.5 (t-paliad-305) JSON envelope renames:
-//
-//   - submission_code → code           (procedural-event identifier)
-//   - event_type      → event_kind     (procedural-event taxonomy)
-//
-// Wire compatibility: every response emits BOTH the legacy and the
-// canonical keys for one slice (see Deprecation HTTP header on the
-// response). Input bodies accept either name on the request; the
-// canonical key wins when both are present.
-//
-// adminRuleResponse wraps models.DeadlineRule (= litigationplanner.Rule)
-// to add the canonical `code` + `event_kind` fields alongside the
-// historical `submission_code` + `event_type` already on Rule's tags.
-// The embedded *models.DeadlineRule carries every existing tag through
-// json.Marshal unchanged; the wrapper only ADDS the two new keys.
-type adminRuleResponse struct {
-	*models.DeadlineRule
-	Code      *string `json:"code,omitempty"`
-	EventKind *string `json:"event_kind,omitempty"`
-}
-
-// wrapRuleResponse builds the dual-emit wrapper from a service result.
-// Same values, two keys per concept — no semantic change.
-func wrapRuleResponse(r *models.DeadlineRule) adminRuleResponse {
-	if r == nil {
-		return adminRuleResponse{}
-	}
-	return adminRuleResponse{
-		DeadlineRule: r,
-		Code:         r.SubmissionCode,
-		EventKind:    r.EventType,
-	}
-}
-
-// wrapRuleListResponse maps a slice of service results into the
-// dual-emit wrapper. Used by the LIST endpoint.
-func wrapRuleListResponse(rows []models.DeadlineRule) []adminRuleResponse {
-	out := make([]adminRuleResponse, len(rows))
-	for i := range rows {
-		out[i] = wrapRuleResponse(&rows[i])
-	}
-	return out
-}
-
-// adminRuleDeprecationHeaders writes the IETF "Deprecation" + "Sunset"
-// HTTP headers signaling that the legacy `submission_code` /
-// `event_type` JSON keys are being retired in favour of `code` /
-// `event_kind`. RFC 8594 (Sunset) + draft-ietf-httpapi-deprecation-header.
-// Clients should migrate within one slice cycle.
-func adminRuleDeprecationHeaders(w http.ResponseWriter) {
-	w.Header().Set("Deprecation", `true; key="submission_code,event_type"`)
-	w.Header().Set("Link", `<https://mgit.msbls.de/m/paliad/issues/93>; rel="deprecation"`)
-}
-
 // GET /admin/api/rules — paginated list with filters.
 func handleAdminListRules(w http.ResponseWriter, r *http.Request) {
 	if dbSvc == nil || dbSvc.ruleEditor == nil {
@@ -128,8 +73,7 @@ func handleAdminListRules(w http.ResponseWriter, r *http.Request) {
 		writeRuleEditorError(w, err)
 		return
 	}
-	adminRuleDeprecationHeaders(w)
-	writeJSON(w, http.StatusOK, wrapRuleListResponse(rows))
+	writeJSON(w, http.StatusOK, rows)
 }
 
 // GET /admin/api/rules/{id}
@@ -147,8 +91,7 @@ func handleAdminGetRule(w http.ResponseWriter, r *http.Request) {
 		writeRuleEditorError(w, err)
 		return
 	}
-	adminRuleDeprecationHeaders(w)
-	writeJSON(w, http.StatusOK, wrapRuleResponse(row))
+	writeJSON(w, http.StatusOK, row)
 }
 
 // POST /admin/api/rules — create draft.
@@ -165,15 +108,12 @@ func handleAdminCreateRule(w http.ResponseWriter, r *http.Request) {
 		writeJSON(w, http.StatusBadRequest, map[string]string{"error": "invalid JSON"})
 		return
 	}
-	// Slice B.5 (t-paliad-305): accept both legacy + canonical JSON keys.
-	body.CreateRuleInput.CoalesceCanonicalKeys()
 	row, err := dbSvc.ruleEditor.Create(r.Context(), body.CreateRuleInput, body.Reason)
 	if err != nil {
 		writeRuleEditorError(w, err)
 		return
 	}
-	adminRuleDeprecationHeaders(w)
-	writeJSON(w, http.StatusCreated, wrapRuleResponse(row))
+	writeJSON(w, http.StatusCreated, row)
 }
 
 // PATCH /admin/api/rules/{id} — partial update of a draft.
@@ -194,15 +134,12 @@ func handleAdminPatchRule(w http.ResponseWriter, r *http.Request) {
 		writeJSON(w, http.StatusBadRequest, map[string]string{"error": "invalid JSON"})
 		return
 	}
-	// Slice B.5 (t-paliad-305): accept both legacy + canonical JSON keys.
-	body.RulePatch.CoalesceCanonicalKeys()
 	row, err := dbSvc.ruleEditor.UpdateDraft(r.Context(), id, body.RulePatch, body.Reason)
 	if err != nil {
 		writeRuleEditorError(w, err)
 		return
 	}
-	adminRuleDeprecationHeaders(w)
-	writeJSON(w, http.StatusOK, wrapRuleResponse(row))
+	writeJSON(w, http.StatusOK, row)
 }
 
 // POST /admin/api/rules/{id}/clone-as-draft
@@ -224,8 +161,7 @@ func handleAdminCloneAsDraft(w http.ResponseWriter, r *http.Request) {
 		writeRuleEditorError(w, err)
 		return
 	}
-	adminRuleDeprecationHeaders(w)
-	writeJSON(w, http.StatusCreated, wrapRuleResponse(row))
+	writeJSON(w, http.StatusCreated, row)
 }
 
 // POST /admin/api/rules/{id}/publish
@@ -247,8 +183,7 @@ func handleAdminPublishRule(w http.ResponseWriter, r *http.Request) {
 		writeRuleEditorError(w, err)
 		return
 	}
-	adminRuleDeprecationHeaders(w)
-	writeJSON(w, http.StatusOK, wrapRuleResponse(row))
+	writeJSON(w, http.StatusOK, row)
 }
 
 // POST /admin/api/rules/{id}/archive
@@ -270,8 +205,7 @@ func handleAdminArchiveRule(w http.ResponseWriter, r *http.Request) {
 		writeRuleEditorError(w, err)
 		return
 	}
-	adminRuleDeprecationHeaders(w)
-	writeJSON(w, http.StatusOK, wrapRuleResponse(row))
+	writeJSON(w, http.StatusOK, row)
 }
 
 // POST /admin/api/rules/{id}/restore
@@ -293,8 +227,7 @@ func handleAdminRestoreRule(w http.ResponseWriter, r *http.Request) {
 		writeRuleEditorError(w, err)
 		return
 	}
-	adminRuleDeprecationHeaders(w)
-	writeJSON(w, http.StatusOK, wrapRuleResponse(row))
+	writeJSON(w, http.StatusOK, row)
 }
 
 // GET /admin/api/rules/{id}/audit?offset=N&limit=M

internal/handlers/handlers.go

@@ -124,6 +124,10 @@ type Services struct {
 	SubmissionSection  *services.SectionService
 	SubmissionComposer *services.SubmissionComposer
 
+	// t-paliad-315 Composer Slice C — building-block library + admin
+	// editor. Per Q2: paste sources only, no lineage on sections.
+	SubmissionBuildingBlock *services.BuildingBlockService
+
 	// t-paliad-265 / m/paliad#96 — per-event-card optional choices on
 	// the Verfahrensablauf timeline.
 	EventChoice *services.EventChoiceService
@@ -195,10 +199,11 @@ func Register(mux *http.ServeMux, client *auth.Client, giteaAPIToken string, svc
 			projection:      svc.Projection,
 			export:          svc.Export,
 			backup:          svc.Backup,
-			submissionDraft:    svc.SubmissionDraft,
-			submissionBase:     svc.SubmissionBase,
-			submissionSection:  svc.SubmissionSection,
-			submissionComposer: svc.SubmissionComposer,
+			submissionDraft:         svc.SubmissionDraft,
+			submissionBase:          svc.SubmissionBase,
+			submissionSection:       svc.SubmissionSection,
+			submissionComposer:      svc.SubmissionComposer,
+			submissionBuildingBlock: svc.SubmissionBuildingBlock,
 			eventChoice:       svc.EventChoice,
 			scenario:          svc.Scenario,
 		}
@@ -427,6 +432,10 @@ func Register(mux *http.ServeMux, client *auth.Client, giteaAPIToken string, svc
 	// for inline editor autosave. URL keyed on draft_id + section_id;
 	// owner-scoped via SubmissionDraftService.Get.
 	protected.HandleFunc("PATCH /api/submission-drafts/{draft_id}/sections/{section_id}", handlePatchSubmissionSection)
+	// t-paliad-315 (m/paliad#141) Composer Slice C — building blocks
+	// library. Lawyer-facing picker + paste mechanic.
+	protected.HandleFunc("GET /api/submission-building-blocks", handleListBuildingBlocks)
+	protected.HandleFunc("POST /api/submission-building-blocks/{block_id}/insert-into/{section_id}", handleInsertBlockIntoSection)
 	// t-paliad-277 / m/paliad#109 — refresh project-derived variables on
 	// the draft. Strips overrides for project.* / parties.* / deadline.*
 	// / procedural_event.* / rule.* prefixes and bumps last_imported_at.
@@ -691,6 +700,16 @@ func Register(mux *http.ServeMux, client *auth.Client, giteaAPIToken string, svc
 		protected.HandleFunc("DELETE /api/admin/firm-dashboard-default", adminGate(users, handleDeleteFirmDashboardDefault))
 		protected.HandleFunc("POST /api/me/dashboard-layout/promote", adminGate(users, handlePromoteDashboardLayoutToFirmDefault))
 
+		// t-paliad-315 (m/paliad#141) Composer Slice C — admin building blocks editor.
+		protected.HandleFunc("GET /admin/submission-building-blocks", adminGate(users, gateOnboarded(handleAdminBuildingBlocksPage)))
+		protected.HandleFunc("GET /api/admin/submission-building-blocks", adminGate(users, handleAdminListBuildingBlocks))
+		protected.HandleFunc("POST /api/admin/submission-building-blocks", adminGate(users, handleAdminCreateBuildingBlock))
+		protected.HandleFunc("GET /api/admin/submission-building-blocks/{block_id}", adminGate(users, handleAdminGetBuildingBlock))
+		protected.HandleFunc("PATCH /api/admin/submission-building-blocks/{block_id}", adminGate(users, handleAdminUpdateBuildingBlock))
+		protected.HandleFunc("DELETE /api/admin/submission-building-blocks/{block_id}", adminGate(users, handleAdminDeleteBuildingBlock))
+		protected.HandleFunc("GET /api/admin/submission-building-blocks/{block_id}/versions", adminGate(users, handleAdminListBuildingBlockVersions))
+		protected.HandleFunc("POST /api/admin/submission-building-blocks/{block_id}/restore/{version_id}", adminGate(users, handleAdminRestoreBuildingBlockVersion))
+
 		protected.HandleFunc("GET /api/admin/email-templates", adminGate(users, handleAdminListEmailTemplates))
 		protected.HandleFunc("GET /api/admin/email-templates/{key}/variables", adminGate(users, handleAdminEmailTemplateVariables))
 		protected.HandleFunc("GET /api/admin/email-templates/{key}/{lang}", adminGate(users, handleAdminGetEmailTemplate))

internal/handlers/projects.go

@@ -71,10 +71,11 @@ type dbServices struct {
 
 	// t-paliad-313 — Composer base catalog + per-draft sections +
 	// (Slice B) the render pipeline assembling base + sections into a
-	// final .docx.
-	submissionBase     *services.BaseService
-	submissionSection  *services.SectionService
-	submissionComposer *services.SubmissionComposer
+	// final .docx + (Slice C) building-block library.
+	submissionBase          *services.BaseService
+	submissionSection       *services.SectionService
+	submissionComposer      *services.SubmissionComposer
+	submissionBuildingBlock *services.BuildingBlockService
 
 	// t-paliad-265 — per-event-card optional choices.
 	eventChoice *services.EventChoiceService

internal/handlers/submission_building_blocks.go

@@ -0,0 +1,482 @@
+package handlers
+
+// Composer building-block handlers — t-paliad-315 Slice C.
+//
+// Two surfaces:
+//
+//  1. Lawyer-facing picker (any authenticated user):
+//       GET  /api/submission-building-blocks?section_key=…&proceeding_family=…&q=…
+//       POST /api/submission-building-blocks/{block_id}/insert-into/{section_id}
+//
+//     The picker list is visibility-tier-filtered (private/team/firm/
+//     global) at the service layer. Insert is the paste mechanic
+//     ratified by Q2 (m, 2026-05-26): plain text copy of
+//     content_md_<lang> into submission_sections.content_md_<lang>.
+//     No lineage stamped on the section.
+//
+//  2. Admin editor (adminGate via auth.RequireAdminFunc):
+//       GET    /api/admin/submission-building-blocks
+//       POST   /api/admin/submission-building-blocks
+//       GET    /api/admin/submission-building-blocks/{block_id}
+//       PATCH  /api/admin/submission-building-blocks/{block_id}
+//       DELETE /api/admin/submission-building-blocks/{block_id}
+//       GET    /api/admin/submission-building-blocks/{block_id}/versions
+//       POST   /api/admin/submission-building-blocks/{block_id}/restore/{version_id}
+//
+//     Plus the page route /admin/submission-building-blocks (list +
+//     edit shell, hydrated client-side).
+
+import (
+	"context"
+	"encoding/json"
+	"errors"
+	"net/http"
+	"strings"
+	"time"
+
+	"github.com/google/uuid"
+
+	"mgit.msbls.de/m/paliad/internal/services"
+)
+
+// blockJSON is the on-the-wire shape for both the picker and admin
+// surfaces.
+type buildingBlockJSON struct {
+	ID               uuid.UUID  `json:"id"`
+	Slug             string     `json:"slug"`
+	Firm             *string    `json:"firm,omitempty"`
+	SectionKey       string     `json:"section_key"`
+	ProceedingFamily *string    `json:"proceeding_family,omitempty"`
+	TitleDE          string     `json:"title_de"`
+	TitleEN          string     `json:"title_en"`
+	DescriptionDE    *string    `json:"description_de,omitempty"`
+	DescriptionEN    *string    `json:"description_en,omitempty"`
+	ContentMDDE      string     `json:"content_md_de"`
+	ContentMDEN      string     `json:"content_md_en"`
+	AuthorID         *uuid.UUID `json:"author_id,omitempty"`
+	Visibility       string     `json:"visibility"`
+	IsPublished      bool       `json:"is_published"`
+	CreatedAt        time.Time  `json:"created_at"`
+	UpdatedAt        time.Time  `json:"updated_at"`
+}
+
+type buildingBlockListResponse struct {
+	Blocks []buildingBlockJSON `json:"blocks"`
+}
+
+// blockJSONFromService projects services.BuildingBlock into the wire shape.
+func blockJSONFromService(b *services.BuildingBlock) buildingBlockJSON {
+	return buildingBlockJSON{
+		ID:               b.ID,
+		Slug:             b.Slug,
+		Firm:             b.Firm,
+		SectionKey:       b.SectionKey,
+		ProceedingFamily: b.ProceedingFamily,
+		TitleDE:          b.TitleDE,
+		TitleEN:          b.TitleEN,
+		DescriptionDE:    b.DescriptionDE,
+		DescriptionEN:    b.DescriptionEN,
+		ContentMDDE:      b.ContentMDDE,
+		ContentMDEN:      b.ContentMDEN,
+		AuthorID:         b.AuthorID,
+		Visibility:       b.Visibility,
+		IsPublished:      b.IsPublished,
+		CreatedAt:        b.CreatedAt,
+		UpdatedAt:        b.UpdatedAt,
+	}
+}
+
+// ─────────────────────────────────────────────────────────────────────
+// Lawyer-facing picker
+// ─────────────────────────────────────────────────────────────────────
+
+func handleListBuildingBlocks(w http.ResponseWriter, r *http.Request) {
+	if !requireDB(w) {
+		return
+	}
+	uid, ok := requireUser(w, r)
+	if !ok {
+		return
+	}
+	if dbSvc.submissionBuildingBlock == nil {
+		writeJSON(w, http.StatusServiceUnavailable, map[string]string{"error": "building blocks not configured"})
+		return
+	}
+	q := r.URL.Query()
+	filter := services.BlockListFilter{
+		SectionKey:       strings.TrimSpace(q.Get("section_key")),
+		ProceedingFamily: strings.TrimSpace(q.Get("proceeding_family")),
+		Search:           strings.TrimSpace(q.Get("q")),
+	}
+	ctx, cancel := context.WithTimeout(r.Context(), 5*time.Second)
+	defer cancel()
+
+	rows, err := dbSvc.submissionBuildingBlock.ListVisible(ctx, uid, filter)
+	if err != nil {
+		writeServiceError(w, err)
+		return
+	}
+	out := make([]buildingBlockJSON, 0, len(rows))
+	for i := range rows {
+		out = append(out, blockJSONFromService(&rows[i]))
+	}
+	writeJSON(w, http.StatusOK, buildingBlockListResponse{Blocks: out})
+}
+
+func handleInsertBlockIntoSection(w http.ResponseWriter, r *http.Request) {
+	if !requireDB(w) {
+		return
+	}
+	uid, ok := requireUser(w, r)
+	if !ok {
+		return
+	}
+	if dbSvc.submissionBuildingBlock == nil || dbSvc.submissionSection == nil || dbSvc.submissionDraft == nil {
+		writeJSON(w, http.StatusServiceUnavailable, map[string]string{"error": "building blocks not configured"})
+		return
+	}
+	blockID, ok := parseUUIDPath(w, r, "block_id", "block id")
+	if !ok {
+		return
+	}
+	sectionID, ok := parseUUIDPath(w, r, "section_id", "section id")
+	if !ok {
+		return
+	}
+
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+
+	// Visibility on the section: section.draft_id must point to a
+	// draft the caller owns. Composer Slice B's same owner gate.
+	sec, err := dbSvc.submissionSection.Get(ctx, sectionID)
+	if err != nil {
+		if errors.Is(err, services.ErrSubmissionSectionNotFound) {
+			writeJSON(w, http.StatusNotFound, map[string]string{"error": "section not found"})
+			return
+		}
+		writeServiceError(w, err)
+		return
+	}
+	if _, err := dbSvc.submissionDraft.Get(ctx, uid, sec.DraftID); err != nil {
+		writeSubmissionDraftServiceError(w, err)
+		return
+	}
+
+	updated, err := dbSvc.submissionBuildingBlock.InsertIntoSection(ctx, uid, blockID, sectionID, dbSvc.submissionSection)
+	if err != nil {
+		if errors.Is(err, services.ErrBuildingBlockNotFound) {
+			writeJSON(w, http.StatusNotFound, map[string]string{"error": "block not found"})
+			return
+		}
+		if errors.Is(err, services.ErrSubmissionSectionNotFound) {
+			writeJSON(w, http.StatusNotFound, map[string]string{"error": "section not found"})
+			return
+		}
+		writeServiceError(w, err)
+		return
+	}
+	writeJSON(w, http.StatusOK, sectionJSONFromService(updated))
+}
+
+// ─────────────────────────────────────────────────────────────────────
+// Admin editor
+// ─────────────────────────────────────────────────────────────────────
+
+func handleAdminListBuildingBlocks(w http.ResponseWriter, r *http.Request) {
+	if !requireDB(w) {
+		return
+	}
+	if dbSvc.submissionBuildingBlock == nil {
+		writeJSON(w, http.StatusServiceUnavailable, map[string]string{"error": "building blocks not configured"})
+		return
+	}
+	ctx, cancel := context.WithTimeout(r.Context(), 5*time.Second)
+	defer cancel()
+	rows, err := dbSvc.submissionBuildingBlock.ListAllForAdmin(ctx)
+	if err != nil {
+		writeServiceError(w, err)
+		return
+	}
+	out := make([]buildingBlockJSON, 0, len(rows))
+	for i := range rows {
+		out = append(out, blockJSONFromService(&rows[i]))
+	}
+	writeJSON(w, http.StatusOK, buildingBlockListResponse{Blocks: out})
+}
+
+func handleAdminGetBuildingBlock(w http.ResponseWriter, r *http.Request) {
+	if !requireDB(w) {
+		return
+	}
+	if dbSvc.submissionBuildingBlock == nil {
+		writeJSON(w, http.StatusServiceUnavailable, map[string]string{"error": "building blocks not configured"})
+		return
+	}
+	blockID, ok := parseUUIDPath(w, r, "block_id", "block id")
+	if !ok {
+		return
+	}
+	ctx, cancel := context.WithTimeout(r.Context(), 5*time.Second)
+	defer cancel()
+	b, err := dbSvc.submissionBuildingBlock.GetForAdmin(ctx, blockID)
+	if err != nil {
+		if errors.Is(err, services.ErrBuildingBlockNotFound) {
+			writeJSON(w, http.StatusNotFound, map[string]string{"error": "block not found"})
+			return
+		}
+		writeServiceError(w, err)
+		return
+	}
+	writeJSON(w, http.StatusOK, blockJSONFromService(b))
+}
+
+type buildingBlockCreateInput struct {
+	Slug             string  `json:"slug"`
+	Firm             *string `json:"firm,omitempty"`
+	SectionKey       string  `json:"section_key"`
+	ProceedingFamily *string `json:"proceeding_family,omitempty"`
+	TitleDE          string  `json:"title_de"`
+	TitleEN          string  `json:"title_en"`
+	DescriptionDE    *string `json:"description_de,omitempty"`
+	DescriptionEN    *string `json:"description_en,omitempty"`
+	ContentMDDE      string  `json:"content_md_de"`
+	ContentMDEN      string  `json:"content_md_en"`
+	Visibility       string  `json:"visibility"`
+	IsPublished      bool    `json:"is_published"`
+}
+
+func handleAdminCreateBuildingBlock(w http.ResponseWriter, r *http.Request) {
+	if !requireDB(w) {
+		return
+	}
+	uid, ok := requireUser(w, r)
+	if !ok {
+		return
+	}
+	if dbSvc.submissionBuildingBlock == nil {
+		writeJSON(w, http.StatusServiceUnavailable, map[string]string{"error": "building blocks not configured"})
+		return
+	}
+	var in buildingBlockCreateInput
+	if err := json.NewDecoder(r.Body).Decode(&in); err != nil {
+		writeJSON(w, http.StatusBadRequest, map[string]string{"error": "invalid JSON"})
+		return
+	}
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+	b, err := dbSvc.submissionBuildingBlock.Create(ctx, uid, services.CreateInput{
+		Slug:             in.Slug,
+		Firm:             in.Firm,
+		SectionKey:       in.SectionKey,
+		ProceedingFamily: in.ProceedingFamily,
+		TitleDE:          in.TitleDE,
+		TitleEN:          in.TitleEN,
+		DescriptionDE:    in.DescriptionDE,
+		DescriptionEN:    in.DescriptionEN,
+		ContentMDDE:      in.ContentMDDE,
+		ContentMDEN:      in.ContentMDEN,
+		Visibility:       in.Visibility,
+		IsPublished:      in.IsPublished,
+	})
+	if err != nil {
+		if errors.Is(err, services.ErrInvalidInput) || errors.Is(err, services.ErrBuildingBlockInvalidVisibility) {
+			writeJSON(w, http.StatusBadRequest, map[string]string{"error": err.Error()})
+			return
+		}
+		writeServiceError(w, err)
+		return
+	}
+	writeJSON(w, http.StatusCreated, blockJSONFromService(b))
+}
+
+type buildingBlockUpdateInput struct {
+	Slug             *string `json:"slug,omitempty"`
+	Firm             *string `json:"firm,omitempty"`
+	FirmSet          bool    `json:"-"`
+	SectionKey       *string `json:"section_key,omitempty"`
+	ProceedingFamily *string `json:"proceeding_family,omitempty"`
+	ProceedingFamilySet bool `json:"-"`
+	TitleDE          *string `json:"title_de,omitempty"`
+	TitleEN          *string `json:"title_en,omitempty"`
+	DescriptionDE    *string `json:"description_de,omitempty"`
+	DescriptionDESet bool    `json:"-"`
+	DescriptionEN    *string `json:"description_en,omitempty"`
+	DescriptionENSet bool    `json:"-"`
+	ContentMDDE      *string `json:"content_md_de,omitempty"`
+	ContentMDEN      *string `json:"content_md_en,omitempty"`
+	Visibility       *string `json:"visibility,omitempty"`
+	IsPublished      *bool   `json:"is_published,omitempty"`
+	Note             *string `json:"note,omitempty"`
+}
+
+func (u *buildingBlockUpdateInput) UnmarshalJSON(data []byte) error {
+	type alias buildingBlockUpdateInput
+	var a alias
+	if err := json.Unmarshal(data, &a); err != nil {
+		return err
+	}
+	*u = buildingBlockUpdateInput(a)
+	raw := map[string]json.RawMessage{}
+	if err := json.Unmarshal(data, &raw); err != nil {
+		return err
+	}
+	_, u.FirmSet = raw["firm"]
+	_, u.ProceedingFamilySet = raw["proceeding_family"]
+	_, u.DescriptionDESet = raw["description_de"]
+	_, u.DescriptionENSet = raw["description_en"]
+	return nil
+}
+
+func handleAdminUpdateBuildingBlock(w http.ResponseWriter, r *http.Request) {
+	if !requireDB(w) {
+		return
+	}
+	uid, ok := requireUser(w, r)
+	if !ok {
+		return
+	}
+	if dbSvc.submissionBuildingBlock == nil {
+		writeJSON(w, http.StatusServiceUnavailable, map[string]string{"error": "building blocks not configured"})
+		return
+	}
+	blockID, ok := parseUUIDPath(w, r, "block_id", "block id")
+	if !ok {
+		return
+	}
+	var in buildingBlockUpdateInput
+	if err := json.NewDecoder(r.Body).Decode(&in); err != nil {
+		writeJSON(w, http.StatusBadRequest, map[string]string{"error": "invalid JSON"})
+		return
+	}
+	patch := services.UpdatePatch{
+		Slug:        in.Slug,
+		SectionKey:  in.SectionKey,
+		TitleDE:     in.TitleDE,
+		TitleEN:     in.TitleEN,
+		ContentMDDE: in.ContentMDDE,
+		ContentMDEN: in.ContentMDEN,
+		Visibility:  in.Visibility,
+		IsPublished: in.IsPublished,
+		Note:        in.Note,
+	}
+	if in.FirmSet {
+		patch.Firm = &in.Firm
+	}
+	if in.ProceedingFamilySet {
+		patch.ProceedingFamily = &in.ProceedingFamily
+	}
+	if in.DescriptionDESet {
+		patch.DescriptionDE = &in.DescriptionDE
+	}
+	if in.DescriptionENSet {
+		patch.DescriptionEN = &in.DescriptionEN
+	}
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+	b, err := dbSvc.submissionBuildingBlock.Update(ctx, uid, blockID, patch)
+	if err != nil {
+		if errors.Is(err, services.ErrBuildingBlockNotFound) {
+			writeJSON(w, http.StatusNotFound, map[string]string{"error": "block not found"})
+			return
+		}
+		if errors.Is(err, services.ErrBuildingBlockInvalidVisibility) {
+			writeJSON(w, http.StatusBadRequest, map[string]string{"error": err.Error()})
+			return
+		}
+		writeServiceError(w, err)
+		return
+	}
+	writeJSON(w, http.StatusOK, blockJSONFromService(b))
+}
+
+func handleAdminDeleteBuildingBlock(w http.ResponseWriter, r *http.Request) {
+	if !requireDB(w) {
+		return
+	}
+	uid, ok := requireUser(w, r)
+	if !ok {
+		return
+	}
+	if dbSvc.submissionBuildingBlock == nil {
+		writeJSON(w, http.StatusServiceUnavailable, map[string]string{"error": "building blocks not configured"})
+		return
+	}
+	blockID, ok := parseUUIDPath(w, r, "block_id", "block id")
+	if !ok {
+		return
+	}
+	ctx, cancel := context.WithTimeout(r.Context(), 5*time.Second)
+	defer cancel()
+	if err := dbSvc.submissionBuildingBlock.SoftDelete(ctx, uid, blockID); err != nil {
+		if errors.Is(err, services.ErrBuildingBlockNotFound) {
+			writeJSON(w, http.StatusNotFound, map[string]string{"error": "block not found"})
+			return
+		}
+		writeServiceError(w, err)
+		return
+	}
+	writeJSON(w, http.StatusNoContent, nil)
+}
+
+func handleAdminListBuildingBlockVersions(w http.ResponseWriter, r *http.Request) {
+	if !requireDB(w) {
+		return
+	}
+	if dbSvc.submissionBuildingBlock == nil {
+		writeJSON(w, http.StatusServiceUnavailable, map[string]string{"error": "building blocks not configured"})
+		return
+	}
+	blockID, ok := parseUUIDPath(w, r, "block_id", "block id")
+	if !ok {
+		return
+	}
+	ctx, cancel := context.WithTimeout(r.Context(), 5*time.Second)
+	defer cancel()
+	rows, err := dbSvc.submissionBuildingBlock.ListVersions(ctx, blockID)
+	if err != nil {
+		writeServiceError(w, err)
+		return
+	}
+	writeJSON(w, http.StatusOK, map[string]any{"versions": rows})
+}
+
+func handleAdminRestoreBuildingBlockVersion(w http.ResponseWriter, r *http.Request) {
+	if !requireDB(w) {
+		return
+	}
+	uid, ok := requireUser(w, r)
+	if !ok {
+		return
+	}
+	if dbSvc.submissionBuildingBlock == nil {
+		writeJSON(w, http.StatusServiceUnavailable, map[string]string{"error": "building blocks not configured"})
+		return
+	}
+	blockID, ok := parseUUIDPath(w, r, "block_id", "block id")
+	if !ok {
+		return
+	}
+	versionID, ok := parseUUIDPath(w, r, "version_id", "version id")
+	if !ok {
+		return
+	}
+	ctx, cancel := context.WithTimeout(r.Context(), 10*time.Second)
+	defer cancel()
+	b, err := dbSvc.submissionBuildingBlock.RestoreVersion(ctx, uid, blockID, versionID)
+	if err != nil {
+		if errors.Is(err, services.ErrBuildingBlockNotFound) {
+			writeJSON(w, http.StatusNotFound, map[string]string{"error": "block or version not found"})
+			return
+		}
+		writeServiceError(w, err)
+		return
+	}
+	writeJSON(w, http.StatusOK, blockJSONFromService(b))
+}
+
+// handleAdminBuildingBlocksPage serves the admin editor shell. The
+// client bundle hydrates the list + edit UI.
+func handleAdminBuildingBlocksPage(w http.ResponseWriter, r *http.Request) {
+	http.ServeFile(w, r, "dist/admin-submission-building-blocks.html")
+}

internal/models/models.go

@@ -264,14 +264,7 @@ type Deadline struct {
 	OriginalDueDate *time.Time `db:"original_due_date" json:"original_due_date,omitempty"`
 	WarningDate     *time.Time `db:"warning_date"      json:"warning_date,omitempty"`
 	Source          string     `db:"source"            json:"source"`
-	// Slice B.4 (mig 140, t-paliad-305): paliad.deadlines.rule_id column
-	// dropped; the back-link now lives on `sequencing_rule_id` (FK to
-	// paliad.sequencing_rules). Same UUID values (sequencing_rules.id
-	// inherited deadline_rules.id during mig 136 backfill), so internal
-	// Go references to `RuleID` continue to carry the same semantic
-	// pointer. The JSON name stays `rule_id` for frontend backward-compat
-	// — B.5 will rename if/when frontend is updated.
-	RuleID          *uuid.UUID `db:"sequencing_rule_id" json:"rule_id,omitempty"`
+	RuleID          *uuid.UUID `db:"rule_id"           json:"rule_id,omitempty"`
 	// RuleCode is the legal citation ("RoP.023", "R.151") attached at
 	// save time — see migration 032. Free text by design; survives
 	// changes to paliad.deadline_rules and accepts citations from
@@ -553,51 +546,6 @@ type Party struct {
 // scans, hydration, projection service) continues to compile.
 type DeadlineRule = litigationplanner.Rule
 
-// SequencingRule is the Slice B.5 (t-paliad-305) canonical name for what
-// the legacy schema called a "deadline rule". Alias to DeadlineRule so
-// existing call-sites compile unchanged while new code can adopt the
-// procedural-event vocabulary. Same struct, same db / json tags.
-type SequencingRule = DeadlineRule
-
-// ProceduralEvent mirrors paliad.procedural_events — the "what kind of
-// step is this in the proceeding" identity row. New struct introduced
-// in Slice B.5 (t-paliad-305) for code that needs the procedural-event
-// columns alone. Most consumers still pull the merged shape via
-// SequencingRule through the paliad.deadline_rules_unified view; this
-// struct unlocks per-PE reads/writes without going through the view.
-type ProceduralEvent struct {
-	ID                  uuid.UUID  `db:"id"                    json:"id"`
-	Code                string     `db:"code"                  json:"code"`
-	Name                string     `db:"name"                  json:"name"`
-	NameEN              string     `db:"name_en"               json:"name_en"`
-	Description         *string    `db:"description"           json:"description,omitempty"`
-	EventKind           *string    `db:"event_kind"            json:"event_kind,omitempty"`
-	PrimaryPartyDefault *string    `db:"primary_party_default" json:"primary_party_default,omitempty"`
-	LegalSourceID       *uuid.UUID `db:"legal_source_id"       json:"legal_source_id,omitempty"`
-	ConceptID           *uuid.UUID `db:"concept_id"            json:"concept_id,omitempty"`
-	LifecycleState      string     `db:"lifecycle_state"       json:"lifecycle_state"`
-	DraftOf             *uuid.UUID `db:"draft_of"              json:"draft_of,omitempty"`
-	PublishedAt         *time.Time `db:"published_at"          json:"published_at,omitempty"`
-	IsActive            bool       `db:"is_active"             json:"is_active"`
-	CreatedAt           time.Time  `db:"created_at"            json:"created_at"`
-	UpdatedAt           time.Time  `db:"updated_at"            json:"updated_at"`
-}
-
-// LegalSource mirrors paliad.legal_sources — the source-of-law citation
-// rows that procedural events anchor against. pretty_de / pretty_en are
-// nullable on disk; readers fall back to
-// internal/services/submission_vars.go:legalSourcePretty when missing.
-type LegalSource struct {
-	ID           uuid.UUID `db:"id"           json:"id"`
-	Citation     string    `db:"citation"     json:"citation"`
-	Jurisdiction string    `db:"jurisdiction" json:"jurisdiction"`
-	PrettyDE     *string   `db:"pretty_de"    json:"pretty_de,omitempty"`
-	PrettyEN     *string   `db:"pretty_en"    json:"pretty_en,omitempty"`
-	Notes        *string   `db:"notes"        json:"notes,omitempty"`
-	CreatedAt    time.Time `db:"created_at"   json:"created_at"`
-	UpdatedAt    time.Time `db:"updated_at"   json:"updated_at"`
-}
-
 // DeadlineRuleAudit is one row of paliad.deadline_rule_audit — the
 // append-only audit log for every change to paliad.deadline_rules.
 // Written by the AFTER-trigger (raw create / update / delete) and by

internal/services/deadline_rule_service.go

@@ -10,24 +10,12 @@ import (
 	"mgit.msbls.de/m/paliad/internal/models"
 )
 
-// DeadlineRuleService reads paliad.deadline_rules_unified (mig 139 view
-// projecting paliad.sequencing_rules + procedural_events +
-// legal_sources back to the legacy column shape after mig 140 dropped
-// the underlying table) + paliad.proceeding_types. Rules are static
-// reference data; no visibility check needed.
+// DeadlineRuleService reads paliad.deadline_rules + paliad.proceeding_types.
+// Rules are static reference data; no visibility check needed.
 type DeadlineRuleService struct {
 	db *sqlx.DB
 }
 
-// SequencingRuleService is the Slice B.5 (t-paliad-305) canonical name
-// for DeadlineRuleService. Alias preserves every existing call-site
-// while new code can adopt the procedural-event vocabulary.
-type SequencingRuleService = DeadlineRuleService
-
-// NewSequencingRuleService is the canonical constructor name; alias to
-// NewDeadlineRuleService for now. Both return the same underlying type.
-var NewSequencingRuleService = NewDeadlineRuleService
-
 // NewDeadlineRuleService wires the service to the pool.
 func NewDeadlineRuleService(db *sqlx.DB) *DeadlineRuleService {
 	return &DeadlineRuleService{db: db}

internal/services/deadline_service.go

@@ -65,13 +65,8 @@ func (s *DeadlineService) pendingApprovalErr(ctx context.Context, deadlineID uui
 	return NewPendingApprovalError(rid, role)
 }
 
-// Slice B.4 (mig 140, t-paliad-305): rule_id column dropped from
-// paliad.deadlines. sequencing_rule_id holds the same UUID and is the
-// FK to paliad.sequencing_rules. SELECT-column lists below pull
-// sequencing_rule_id into the Deadline.RuleID field (db tag adjusted in
-// internal/models/models.go).
 const deadlineColumns = `id, project_id, title, description, due_date, original_due_date,
-	warning_date, source, sequencing_rule_id, rule_code, custom_rule_text, status, completed_at, caldav_uid, caldav_etag,
+	warning_date, source, rule_id, rule_code, custom_rule_text, status, completed_at, caldav_uid, caldav_etag,
 	notes, created_by, created_at, updated_at,
 	approval_status, pending_request_id, approved_by, approved_at`
 
@@ -277,7 +272,7 @@ func (s *DeadlineService) ListVisibleForUser(ctx context.Context, userID uuid.UU
 		       ar.requester_kind AS requester_kind
 		  FROM paliad.deadlines f
 		  JOIN paliad.projects p ON p.id = f.project_id
-		  LEFT JOIN paliad.deadline_rules_unified r ON r.id = f.sequencing_rule_id
+		  LEFT JOIN paliad.deadline_rules_unified r ON r.id = f.rule_id
 		  LEFT JOIN paliad.approval_requests ar ON ar.id = f.pending_request_id
 		 WHERE ` + strings.Join(conds, " AND ") + `
 		 ORDER BY f.due_date ASC, f.created_at DESC`
@@ -544,11 +539,7 @@ func (s *DeadlineService) Update(ctx context.Context, userID, deadlineID uuid.UU
 		if input.RuleID != nil && input.CustomRuleText != nil {
 			return nil, fmt.Errorf("%w: rule_id and custom_rule_text are mutually exclusive", ErrInvalidInput)
 		}
-		// Slice B.4 (t-paliad-305): rule_id column dropped; the FK
-		// back-link now lives on sequencing_rule_id. Same UUID value.
-		// The procedural_event_id mirror is derived in
-		// syncDeadlineDualLinks below after the primary UPDATE lands.
-		appendSet("sequencing_rule_id", input.RuleID)
+		appendSet("rule_id", input.RuleID)
 		var customText *string
 		if input.CustomRuleText != nil {
 			trimmed := strings.TrimSpace(*input.CustomRuleText)
@@ -594,13 +585,13 @@ func (s *DeadlineService) Update(ctx context.Context, userID, deadlineID uuid.UU
 		if _, err := tx.ExecContext(ctx, query, args...); err != nil {
 			return nil, fmt.Errorf("update deadline: %w", err)
 		}
-		// Slice B.4 (mig 140, t-paliad-305): rule_id column gone;
-		// sequencing_rule_id holds the back-link. When the patch updated
-		// it (auto/custom swap from t-paliad-258), mirror the FK onto
-		// procedural_event_id so the joined view continues to resolve.
-		// Idempotent: no-op when sequencing_rule_id is unchanged.
+		// Slice B.2 dual-write (t-paliad-305): if rule_id was in the
+		// patch (auto/custom swap from t-paliad-258), the parallel
+		// procedural_event_id + sequencing_rule_id columns must follow.
+		// Call unconditionally — it's a single UPDATE keyed on
+		// deadlineID and a no-op when rule_id is unchanged.
 		if input.RuleSet {
-			if err := syncDeadlineProceduralEventID(ctx, tx, deadlineID); err != nil {
+			if err := syncDeadlineDualLinks(ctx, tx, deadlineID); err != nil {
 				return nil, err
 			}
 		}

internal/services/dual_write.go

@@ -1,50 +1,392 @@
-// Slice B.4 retirement of B.2 dual-write (t-paliad-305 / m/paliad#93).
+// Slice B.2 dual-write (t-paliad-305 / m/paliad#93) — keep paliad's
+// new tables (procedural_events / sequencing_rules / legal_sources) in
+// lock-step with the legacy paliad.deadline_rules table during the
+// dual-write window. Mig 136 (Slice B.1) created the new tables and
+// backfilled them once. This file keeps them in sync going forward.
 //
-// Mig 140 dropped paliad.deadline_rules and installed INSTEAD OF
-// triggers on paliad.deadline_rules_unified that route writes to
-// procedural_events + sequencing_rules + legal_sources. The legacy
-// dual-write helper (syncDualWriteFromDeadlineRule) and the drift-check
-// loop (CheckDualWriteDrift / StartDualWriteDriftCheckLoop) reference
-// paliad.deadline_rules, which no longer exists — they would crash on
-// first call if kept.
+// Contract:
 //
-// Survivor: syncDeadlineProceduralEventID — keeps paliad.deadlines's
-// new procedural_event_id column in sync with sequencing_rule_id after
-// any UPDATE that touched the latter. Still useful as a "derive from
-// canonical pointer" helper.
+//   - Every RuleEditorService method that mutates paliad.deadline_rules
+//     calls syncDualWriteFromDeadlineRule(ctx, tx, id) inside the same
+//     transaction, AFTER the deadline_rules write, BEFORE tx.Commit.
+//   - The sync is idempotent (INSERT … ON CONFLICT … DO UPDATE) so the
+//     same call works for Create (new row), UpdateDraft (existing row),
+//     CloneAsDraft (new row referencing an old row), Publish (lifecycle
+//     flip), Archive/Restore (lifecycle flip), and the published-peer
+//     archive that Publish performs as a cascade.
+//   - The sync re-derives the new-table state from paliad.deadline_rules
+//     in pure SQL — no struct mapping in Go. The legacy table stays the
+//     source of truth during B.2 (B.3 flips reads, B.4 drops it).
+//   - Read paths still read deadline_rules in B.2. The new tables are a
+//     parallel projection kept consistent for B.3's read cutover; they
+//     are not yet authoritative.
 //
-// The DualWriteDriftReport struct + HasDrift method are retired with
-// the loop they served.
-
+// Why a per-row sync instead of a global trigger:
+//
+//   - The deadline_rules audit trigger (mig 079) reads paliad.audit_reason
+//     to record the rationale on every change. Putting the new-table
+//     write in the same TX preserves that auditability — set_config is
+//     transactional and the new writes share the same reason.
+//   - A Postgres-side AFTER UPDATE trigger on deadline_rules would also
+//     work but it's harder to test in isolation and harder to revert
+//     when B.4 drops the source table. A Go-side sync is reversible
+//     with a code revert; an SQL trigger needs a follow-up migration.
+//
+// The drift-check job (CheckDualWriteDrift below) runs daily and
+// alerts on mismatches. If the sync ever silently misses a row, the
+// drift check surfaces it inside one day.
+//
+// See docs/design-procedural-events-model-2026-05-25.md §5.2 (dual-write
+// phase) and docs/design-procedural-events-b0-findings-2026-05-26.md §7.
 package services
 
 import (
 	"context"
 	"fmt"
+	"log"
+	"time"
 
 	"github.com/google/uuid"
 	"github.com/jmoiron/sqlx"
 )
 
-// syncDeadlineProceduralEventID mirrors paliad.deadlines.sequencing_rule_id
-// onto procedural_event_id. Call this within an open transaction AFTER
-// any UPDATE that mutates paliad.deadlines.sequencing_rule_id (today's
-// callers: DeadlineService.Update on the RuleSet branch, and the
-// RuleEditorService orphan-resolve path which sets both columns in one
-// statement so doesn't need this helper).
+// syncDualWriteFromDeadlineRule re-projects the deadline_rules row with
+// the given id into legal_sources + procedural_events + sequencing_rules.
+// Runs three UPSERT statements in the open transaction.
 //
-// Idempotent: NULL sequencing_rule_id collapses procedural_event_id to
-// NULL via the subquery returning NULL. Slice B.4 (t-paliad-305).
-func syncDeadlineProceduralEventID(ctx context.Context, tx *sqlx.Tx, deadlineID uuid.UUID) error {
+// Synthetic-code rule (for rows where deadline_rules.submission_code is
+// NULL) mirrors mig 136's backfill: 'null.' || first 8 hex chars of the
+// uuid (dashes stripped). This must stay byte-identical to the mig 136
+// expression or the lookup join inside the sequencing_rules UPSERT
+// misses.
+func syncDualWriteFromDeadlineRule(ctx context.Context, tx *sqlx.Tx, id uuid.UUID) error {
+	// 1. legal_sources — UPSERT the citation (no-op if already present).
+	//    jurisdiction is parsed from the first dot-separated segment;
+	//    'other' on empty (paranoid fallback, no live rows hit it).
+	if _, err := tx.ExecContext(ctx, `
+		INSERT INTO paliad.legal_sources (citation, jurisdiction)
+		SELECT dr.legal_source,
+		       COALESCE(NULLIF(split_part(dr.legal_source, '.', 1), ''), 'other')
+		  FROM paliad.deadline_rules dr
+		 WHERE dr.id = $1 AND dr.legal_source IS NOT NULL
+		ON CONFLICT (citation) DO NOTHING`, id); err != nil {
+		return fmt.Errorf("dual-write legal_sources for rule %s: %w", id, err)
+	}
+
+	// 2. procedural_events — UPSERT keyed by code. The code is the
+	//    submission_code if present, else the synthetic 'null.<8hex>'
+	//    minted from the deadline_rules row's id (matches mig 136).
+	//    legal_source_id is resolved by JOIN on legal_sources.citation
+	//    (NULL when the rule has no legal_source).
+	if _, err := tx.ExecContext(ctx, `
+		INSERT INTO paliad.procedural_events
+		    (code, name, name_en, description, event_kind,
+		     primary_party_default, legal_source_id, concept_id,
+		     lifecycle_state, published_at, is_active)
+		SELECT
+		    COALESCE(dr.submission_code,
+		             'null.' || substring(replace(dr.id::text, '-', ''), 1, 8)),
+		    dr.name, dr.name_en, dr.description, dr.event_type,
+		    dr.primary_party, ls.id, dr.concept_id,
+		    dr.lifecycle_state, dr.published_at, dr.is_active
+		  FROM paliad.deadline_rules dr
+		  LEFT JOIN paliad.legal_sources ls ON ls.citation = dr.legal_source
+		 WHERE dr.id = $1
+		ON CONFLICT (code) DO UPDATE SET
+		    name                  = EXCLUDED.name,
+		    name_en               = EXCLUDED.name_en,
+		    description           = EXCLUDED.description,
+		    event_kind            = EXCLUDED.event_kind,
+		    primary_party_default = EXCLUDED.primary_party_default,
+		    legal_source_id       = EXCLUDED.legal_source_id,
+		    concept_id            = EXCLUDED.concept_id,
+		    lifecycle_state       = EXCLUDED.lifecycle_state,
+		    published_at          = EXCLUDED.published_at,
+		    is_active             = EXCLUDED.is_active,
+		    updated_at            = now()`, id); err != nil {
+		return fmt.Errorf("dual-write procedural_events for rule %s: %w", id, err)
+	}
+
+	// 3. sequencing_rules — UPSERT keyed by id (1:1 inheritance from
+	//    deadline_rules.id). procedural_event_id resolved by JOIN on
+	//    the (real or synthetic) code. All hat-3 mechanics columns copy
+	//    1:1 from the deadline_rules row's post-write state.
+	if _, err := tx.ExecContext(ctx, `
+		INSERT INTO paliad.sequencing_rules
+		    (id, procedural_event_id, proceeding_type_id, parent_id, trigger_event_id,
+		     duration_value, duration_unit, timing,
+		     alt_duration_value, alt_duration_unit, alt_rule_code, anchor_alt,
+		     combine_op, condition_expr, primary_party, sequence_order,
+		     is_spawn, spawn_label, spawn_proceeding_type_id,
+		     is_bilateral, is_court_set, priority,
+		     rule_code, rule_codes, deadline_notes, deadline_notes_en,
+		     choices_offered, applies_to_target,
+		     lifecycle_state, draft_of, published_at, is_active,
+		     created_at, updated_at)
+		SELECT
+		    dr.id, pe.id,
+		    dr.proceeding_type_id, dr.parent_id, dr.trigger_event_id,
+		    dr.duration_value, dr.duration_unit, dr.timing,
+		    dr.alt_duration_value, dr.alt_duration_unit, dr.alt_rule_code, dr.anchor_alt,
+		    dr.combine_op, dr.condition_expr, dr.primary_party, dr.sequence_order,
+		    dr.is_spawn, dr.spawn_label, dr.spawn_proceeding_type_id,
+		    dr.is_bilateral, dr.is_court_set, dr.priority,
+		    dr.rule_code, dr.rule_codes, dr.deadline_notes, dr.deadline_notes_en,
+		    dr.choices_offered, dr.applies_to_target,
+		    dr.lifecycle_state, dr.draft_of, dr.published_at, dr.is_active,
+		    dr.created_at, dr.updated_at
+		  FROM paliad.deadline_rules dr
+		  JOIN paliad.procedural_events pe
+		    ON pe.code = COALESCE(dr.submission_code,
+		                          'null.' || substring(replace(dr.id::text, '-', ''), 1, 8))
+		 WHERE dr.id = $1
+		ON CONFLICT (id) DO UPDATE SET
+		    procedural_event_id      = EXCLUDED.procedural_event_id,
+		    proceeding_type_id       = EXCLUDED.proceeding_type_id,
+		    parent_id                = EXCLUDED.parent_id,
+		    trigger_event_id         = EXCLUDED.trigger_event_id,
+		    duration_value           = EXCLUDED.duration_value,
+		    duration_unit            = EXCLUDED.duration_unit,
+		    timing                   = EXCLUDED.timing,
+		    alt_duration_value       = EXCLUDED.alt_duration_value,
+		    alt_duration_unit        = EXCLUDED.alt_duration_unit,
+		    alt_rule_code            = EXCLUDED.alt_rule_code,
+		    anchor_alt               = EXCLUDED.anchor_alt,
+		    combine_op               = EXCLUDED.combine_op,
+		    condition_expr           = EXCLUDED.condition_expr,
+		    primary_party            = EXCLUDED.primary_party,
+		    sequence_order           = EXCLUDED.sequence_order,
+		    is_spawn                 = EXCLUDED.is_spawn,
+		    spawn_label              = EXCLUDED.spawn_label,
+		    spawn_proceeding_type_id = EXCLUDED.spawn_proceeding_type_id,
+		    is_bilateral             = EXCLUDED.is_bilateral,
+		    is_court_set             = EXCLUDED.is_court_set,
+		    priority                 = EXCLUDED.priority,
+		    rule_code                = EXCLUDED.rule_code,
+		    rule_codes               = EXCLUDED.rule_codes,
+		    deadline_notes           = EXCLUDED.deadline_notes,
+		    deadline_notes_en        = EXCLUDED.deadline_notes_en,
+		    choices_offered          = EXCLUDED.choices_offered,
+		    applies_to_target        = EXCLUDED.applies_to_target,
+		    lifecycle_state          = EXCLUDED.lifecycle_state,
+		    draft_of                 = EXCLUDED.draft_of,
+		    published_at             = EXCLUDED.published_at,
+		    is_active                = EXCLUDED.is_active,
+		    updated_at               = now()`, id); err != nil {
+		return fmt.Errorf("dual-write sequencing_rules for rule %s: %w", id, err)
+	}
+
+	return nil
+}
+
+// syncDeadlineDualLinks mirrors a deadline's legacy rule_id back-link
+// onto the new procedural_event_id + sequencing_rule_id columns added
+// by mig 136. Call this within an open transaction AFTER any UPDATE
+// that mutates paliad.deadlines.rule_id (mig 122 introduced rule_id
+// as the deadline→rule FK; today's writers are DeadlineService.Update
+// and RuleEditorService.ResolveOrphan).
+//
+// Idempotent: NULL rule_id collapses both new columns to NULL by virtue
+// of the subquery returning NULL. Slice B.2 (t-paliad-305).
+func syncDeadlineDualLinks(ctx context.Context, tx *sqlx.Tx, deadlineID uuid.UUID) error {
 	if _, err := tx.ExecContext(ctx, `
 		UPDATE paliad.deadlines d
-		   SET procedural_event_id = (
+		   SET sequencing_rule_id  = d.rule_id,
+		       procedural_event_id = (
 		           SELECT sr.procedural_event_id
 		             FROM paliad.sequencing_rules sr
-		            WHERE sr.id = d.sequencing_rule_id
+		            WHERE sr.id = d.rule_id
 		       )
 		 WHERE d.id = $1`, deadlineID); err != nil {
-		return fmt.Errorf("sync deadline procedural_event_id for %s: %w", deadlineID, err)
+		return fmt.Errorf("sync deadline dual-links for %s: %w", deadlineID, err)
 	}
 	return nil
 }
+
+// DualWriteDriftReport summarises the comparison between the legacy
+// paliad.deadline_rules table and the new procedural_events /
+// sequencing_rules tables that B.2's dual-write is meant to keep in
+// sync. A zero-drift report (every count delta zero, every join clean)
+// is the steady state during the dual-write window; any non-zero field
+// is the signal that a write path either bypassed
+// syncDualWriteFromDeadlineRule or that an out-of-band mutation
+// happened (e.g. raw SQL run by an operator).
+type DualWriteDriftReport struct {
+	// Counts on the legacy and the projected side.
+	DeadlineRules    int `json:"deadline_rules"`
+	SequencingRules  int `json:"sequencing_rules"`
+	ProceduralEvents int `json:"procedural_events"`
+	LegalSources     int `json:"legal_sources"`
+
+	// Expected (from the legacy side) vs observed (on the new side).
+	ExpectedPE           int `json:"expected_procedural_events"`
+	ExpectedLegalSources int `json:"expected_legal_sources"`
+
+	// MissingSR — deadline_rules rows with no sequencing_rules row by id.
+	// OrphanedSR — sequencing_rules rows whose id doesn't exist in
+	// deadline_rules anymore (would only happen with a deletion path
+	// that bypasses dual-write).
+	MissingSR  int `json:"missing_sequencing_rules"`
+	OrphanedSR int `json:"orphaned_sequencing_rules"`
+
+	// MismatchedLifecycle — rows where deadline_rules.lifecycle_state
+	// disagrees with sequencing_rules.lifecycle_state. Should always be
+	// zero during dual-write.
+	MismatchedLifecycle int `json:"mismatched_lifecycle"`
+
+	// MismatchedActive — same shape, for is_active.
+	MismatchedActive int `json:"mismatched_active"`
+}
+
+// HasDrift returns true if any field signals divergence between the
+// legacy and projected sides. Used by the drift-check ticker to decide
+// whether to log at WARN (drift) or INFO (clean).
+func (r DualWriteDriftReport) HasDrift() bool {
+	if r.SequencingRules != r.DeadlineRules {
+		return true
+	}
+	if r.ProceduralEvents != r.ExpectedPE {
+		return true
+	}
+	if r.LegalSources != r.ExpectedLegalSources {
+		return true
+	}
+	if r.MissingSR != 0 || r.OrphanedSR != 0 {
+		return true
+	}
+	if r.MismatchedLifecycle != 0 || r.MismatchedActive != 0 {
+		return true
+	}
+	return false
+}
+
+// CheckDualWriteDrift compares the legacy paliad.deadline_rules table
+// against the parallel new tables maintained by Slice B.2's dual-write.
+// Returns a DualWriteDriftReport — caller decides what to do with
+// non-zero drift (log, page, fail healthcheck, etc.).
+//
+// Read-only. Safe to run against prod. Single query per metric so the
+// pool isn't held for a long time. No locks; tolerates concurrent
+// writes (counts may shift by one or two during the read, but a
+// persistent drift > 0 is the alarm signal).
+func CheckDualWriteDrift(ctx context.Context, conn *sqlx.DB) (*DualWriteDriftReport, error) {
+	var r DualWriteDriftReport
+
+	q := func(label, sql string, dst *int) error {
+		if err := conn.GetContext(ctx, dst, sql); err != nil {
+			return fmt.Errorf("drift-check %s: %w", label, err)
+		}
+		return nil
+	}
+
+	if err := q("dr_total", `SELECT COUNT(*) FROM paliad.deadline_rules`, &r.DeadlineRules); err != nil {
+		return nil, err
+	}
+	if err := q("sr_total", `SELECT COUNT(*) FROM paliad.sequencing_rules`, &r.SequencingRules); err != nil {
+		return nil, err
+	}
+	if err := q("pe_total", `SELECT COUNT(*) FROM paliad.procedural_events`, &r.ProceduralEvents); err != nil {
+		return nil, err
+	}
+	if err := q("ls_total", `SELECT COUNT(*) FROM paliad.legal_sources`, &r.LegalSources); err != nil {
+		return nil, err
+	}
+
+	if err := q("expected_pe", `
+		SELECT
+		  (SELECT COUNT(DISTINCT submission_code) FROM paliad.deadline_rules WHERE submission_code IS NOT NULL)
+		  +
+		  (SELECT COUNT(*) FROM paliad.deadline_rules WHERE submission_code IS NULL)
+	`, &r.ExpectedPE); err != nil {
+		return nil, err
+	}
+	if err := q("expected_ls",
+		`SELECT COUNT(DISTINCT legal_source) FROM paliad.deadline_rules WHERE legal_source IS NOT NULL`,
+		&r.ExpectedLegalSources); err != nil {
+		return nil, err
+	}
+
+	if err := q("missing_sr", `
+		SELECT COUNT(*) FROM paliad.deadline_rules dr
+		  LEFT JOIN paliad.sequencing_rules sr ON sr.id = dr.id
+		 WHERE sr.id IS NULL`, &r.MissingSR); err != nil {
+		return nil, err
+	}
+	if err := q("orphaned_sr", `
+		SELECT COUNT(*) FROM paliad.sequencing_rules sr
+		  LEFT JOIN paliad.deadline_rules dr ON dr.id = sr.id
+		 WHERE dr.id IS NULL`, &r.OrphanedSR); err != nil {
+		return nil, err
+	}
+
+	if err := q("mismatched_lifecycle", `
+		SELECT COUNT(*) FROM paliad.deadline_rules dr
+		  JOIN paliad.sequencing_rules sr ON sr.id = dr.id
+		 WHERE dr.lifecycle_state <> sr.lifecycle_state`, &r.MismatchedLifecycle); err != nil {
+		return nil, err
+	}
+	if err := q("mismatched_active", `
+		SELECT COUNT(*) FROM paliad.deadline_rules dr
+		  JOIN paliad.sequencing_rules sr ON sr.id = dr.id
+		 WHERE dr.is_active <> sr.is_active`, &r.MismatchedActive); err != nil {
+		return nil, err
+	}
+
+	return &r, nil
+}
+
+// StartDualWriteDriftCheckLoop runs CheckDualWriteDrift on a fixed
+// interval for the lifetime of ctx. A clean run logs at INFO level;
+// drift logs at WARN level with the full report payload. The first
+// check fires after `interval`, not immediately on Start — by the time
+// the ticker first fires the process has finished booting and the
+// initial backfill + dual-write writes have settled.
+//
+// Slice B.2 (t-paliad-305). interval should be short enough to surface
+// drift before the next deploy (so a broken dual-write doesn't sit
+// silent for a week) and long enough to avoid noise (the check holds
+// no locks but it does run nine SELECT COUNTs).
+//
+// Recommended interval: 6h. Override via the caller (cmd/server picks
+// the runtime value).
+func StartDualWriteDriftCheckLoop(ctx context.Context, conn *sqlx.DB, interval time.Duration) {
+	if interval <= 0 {
+		interval = 6 * time.Hour
+	}
+	go func() {
+		t := time.NewTicker(interval)
+		defer t.Stop()
+		for {
+			select {
+			case <-ctx.Done():
+				return
+			case <-t.C:
+				report, err := CheckDualWriteDrift(ctx, conn)
+				if err != nil {
+					log.Printf("dual-write drift-check: error: %v", err)
+					continue
+				}
+				if report.HasDrift() {
+					log.Printf("dual-write drift-check: DRIFT DETECTED — "+
+						"deadline_rules=%d sequencing_rules=%d "+
+						"procedural_events=%d (expected %d) "+
+						"legal_sources=%d (expected %d) "+
+						"missing_sr=%d orphaned_sr=%d "+
+						"mismatched_lifecycle=%d mismatched_active=%d",
+						report.DeadlineRules, report.SequencingRules,
+						report.ProceduralEvents, report.ExpectedPE,
+						report.LegalSources, report.ExpectedLegalSources,
+						report.MissingSR, report.OrphanedSR,
+						report.MismatchedLifecycle, report.MismatchedActive)
+				} else {
+					log.Printf("dual-write drift-check: OK — "+
+						"deadline_rules=%d sequencing_rules=%d "+
+						"procedural_events=%d legal_sources=%d",
+						report.DeadlineRules, report.SequencingRules,
+						report.ProceduralEvents, report.LegalSources)
+				}
+			}
+		}
+	}()
+}
+

internal/services/dual_write_test.go

@@ -202,11 +202,14 @@ func TestDualWrite_RuleEditorLifecycle(t *testing.T) {
 		t.Errorf("sequencing_rules.lifecycle_state after Archive: got %q, want %q", srLifecycleArchived, "archived")
 	}
 
-	// Slice B.4 (mig 140, t-paliad-305): the legacy paliad.deadline_rules
-	// table is gone and so is CheckDualWriteDrift — there's no parallel
-	// side to compare against. The INSTEAD OF triggers on the view
-	// guarantee parity by construction (single TX fan-out from one
-	// SQL write to three target tables).
+	// 5. Drift check should return zero drift right after the dance.
+	report, err := CheckDualWriteDrift(ctx, pool)
+	if err != nil {
+		t.Fatalf("CheckDualWriteDrift: %v", err)
+	}
+	if report.HasDrift() {
+		t.Errorf("CheckDualWriteDrift unexpectedly flagged drift: %+v", report)
+	}
 }
 
 // TestDualWrite_SyntheticCodeForNullSubmission asserts that a rule

internal/services/projection_service.go

@@ -1805,7 +1805,7 @@ func (s *ProjectionService) parentHasAnchoredActual(ctx context.Context, project
 	err := s.db.GetContext(ctx, &count, `
 		SELECT COUNT(*) FROM (
 			SELECT 1 FROM paliad.deadlines
-			 WHERE project_id = $1 AND sequencing_rule_id = $2
+			 WHERE project_id = $1 AND rule_id = $2
 			   AND (completed_at IS NOT NULL
 			        OR status = 'completed'
 			        OR source = 'anchor')
@@ -1843,7 +1843,7 @@ func (s *ProjectionService) upsertAnchorDeadline(ctx context.Context, userID, pr
 	var existingID uuid.UUID
 	err := s.db.GetContext(ctx, &existingID,
 		`SELECT id FROM paliad.deadlines
-		  WHERE project_id = $1 AND sequencing_rule_id = $2
+		  WHERE project_id = $1 AND rule_id = $2
 		  ORDER BY created_at ASC
 		  LIMIT 1`, projectID, rule.ID)
 	switch {

internal/services/rule_editor_orphans.go

@@ -212,21 +212,20 @@ func (s *RuleEditorService) ResolveOrphan(ctx context.Context, orphanID uuid.UUI
 	}
 
 	now := time.Now().UTC()
-	// Slice B.4 (mig 140, t-paliad-305): paliad.deadlines.rule_id column
-	// dropped. Back-link lives on sequencing_rule_id (same UUIDs as
-	// before — sr.id inherited dr.id at mig 136 backfill).
-	// procedural_event_id is derived from the same sequencing_rules row.
 	if _, err := tx.ExecContext(ctx,
-		`UPDATE paliad.deadlines d
-		    SET sequencing_rule_id  = $1,
-		        procedural_event_id = (SELECT procedural_event_id
-		                                  FROM paliad.sequencing_rules
-		                                 WHERE id = $1),
-		        updated_at          = $2
-		  WHERE d.id = $3`,
+		`UPDATE paliad.deadlines
+		    SET rule_id    = $1,
+		        updated_at = $2
+		  WHERE id = $3`,
 		ruleID, now, oc.DeadlineID,
 	); err != nil {
-		return fmt.Errorf("set deadline sequencing_rule_id: %w", err)
+		return fmt.Errorf("set deadline rule_id: %w", err)
+	}
+	// Slice B.2 dual-write (t-paliad-305): mirror the new linkage onto
+	// the parallel deadlines.procedural_event_id + sequencing_rule_id
+	// columns so they don't drift from rule_id.
+	if err := syncDeadlineDualLinks(ctx, tx, oc.DeadlineID); err != nil {
+		return err
 	}
 	if _, err := tx.ExecContext(ctx,
 		`UPDATE paliad.deadline_rule_backfill_orphans

internal/services/rule_editor_service.go

@@ -76,13 +76,7 @@ type RulePatch struct {
 	NameEN                *string         `json:"name_en,omitempty"`
 	Description           *string         `json:"description,omitempty"`
 	PrimaryParty          *string         `json:"primary_party,omitempty"`
-	// EventType is the legacy JSON key; EventKind is the Slice B.5
-	// canonical name. Decoder accepts either — coalescePatchKeys()
-	// resolves the canonical to the legacy field if only EventKind
-	// was sent. Same uuid wire shape; emit-side wraps via
-	// adminRuleResponse to expose both keys for one slice.
 	EventType             *string         `json:"event_type,omitempty"`
-	EventKind             *string         `json:"event_kind,omitempty"`
 	DurationValue         *int            `json:"duration_value,omitempty"`
 	DurationUnit          *string         `json:"duration_unit,omitempty"`
 	Timing                *string         `json:"timing,omitempty"`
@@ -107,24 +101,6 @@ type RulePatch struct {
 	ConceptID             *uuid.UUID      `json:"concept_id,omitempty"`
 }
 
-// CoalesceCanonicalKeys folds the Slice B.5 (t-paliad-305) canonical
-// JSON aliases into the legacy field positions so the rest of the
-// service can keep using the existing field names. Canonical wins
-// when both are sent.
-//
-//	json:"event_kind"      → EventType (legacy)
-//
-// Called by the handler immediately after json.Decode. New code can
-// adopt the canonical naming; legacy callers continue to work.
-func (p *RulePatch) CoalesceCanonicalKeys() {
-	if p == nil {
-		return
-	}
-	if p.EventKind != nil {
-		p.EventType = p.EventKind
-	}
-}
-
 // CreateRuleInput is the create payload — a full rule row in draft
 // state. Required fields enforce schema NOT-NULL on insert (name,
 // name_en, duration_value, duration_unit).
@@ -135,16 +111,9 @@ type CreateRuleInput struct {
 	TriggerEventID        *int64          `json:"trigger_event_id,omitempty"`
 	ParentID              *uuid.UUID      `json:"parent_id,omitempty"`
 	ConceptID             *uuid.UUID      `json:"concept_id,omitempty"`
-	// SubmissionCode is the legacy JSON key; Code is the Slice B.5
-	// canonical name. Decoder accepts either — CoalesceCanonicalKeys()
-	// folds Code → SubmissionCode if only the canonical was sent.
 	SubmissionCode        *string         `json:"submission_code,omitempty"`
-	Code                  *string         `json:"code,omitempty"`
 	PrimaryParty          *string         `json:"primary_party,omitempty"`
-	// EventType is the legacy JSON key; EventKind is the Slice B.5
-	// canonical name. Same dual-accept pattern as SubmissionCode/Code.
 	EventType             *string         `json:"event_type,omitempty"`
-	EventKind             *string         `json:"event_kind,omitempty"`
 	DurationValue         int             `json:"duration_value"`
 	DurationUnit          string          `json:"duration_unit"`
 	Timing                *string         `json:"timing,omitempty"`
@@ -166,24 +135,6 @@ type CreateRuleInput struct {
 	SequenceOrder         int             `json:"sequence_order"`
 }
 
-// CoalesceCanonicalKeys folds the Slice B.5 (t-paliad-305) canonical
-// JSON aliases into the legacy field positions. Canonical wins when
-// both are sent. Called by the handler immediately after json.Decode.
-//
-//	json:"code"        → SubmissionCode (legacy)
-//	json:"event_kind"  → EventType      (legacy)
-func (in *CreateRuleInput) CoalesceCanonicalKeys() {
-	if in == nil {
-		return
-	}
-	if in.Code != nil {
-		in.SubmissionCode = in.Code
-	}
-	if in.EventKind != nil {
-		in.EventType = in.EventKind
-	}
-}
-
 // Create inserts a new rule as lifecycle_state='draft' with
 // published_at=NULL. The caller's reason is set on the session BEFORE
 // the INSERT so the mig 079 trigger writes an audit row with the
@@ -227,7 +178,7 @@ func (s *RuleEditorService) Create(ctx context.Context, input CreateRuleInput, r
 	// here writes the live shape only — priority + condition_expr
 	// + is_court_set are the new gates.
 	if _, err := tx.ExecContext(ctx,
-		`INSERT INTO paliad.deadline_rules_unified
+		`INSERT INTO paliad.deadline_rules
 		    (id, proceeding_type_id, trigger_event_id, parent_id, concept_id, submission_code,
 		     name, name_en, description, primary_party, event_type,
 		     duration_value, duration_unit, timing,
@@ -258,11 +209,13 @@ func (s *RuleEditorService) Create(ctx context.Context, input CreateRuleInput, r
 		return nil, fmt.Errorf("insert rule: %w", err)
 	}
 
-	// Slice B.4 (mig 140, t-paliad-305): write routes through the
-	// INSTEAD OF triggers on paliad.deadline_rules_unified, which fan
-	// out into legal_sources + procedural_events + sequencing_rules.
-	// No Go-side mirror call needed — the INSERT above already landed
-	// the parallel rows.
+	// Slice B.2 dual-write (t-paliad-305): project the new row into
+	// legal_sources / procedural_events / sequencing_rules in the same
+	// transaction so the parallel tables stay in lock-step with
+	// deadline_rules through the B.3 read-cutover window.
+	if err := syncDualWriteFromDeadlineRule(ctx, tx, id); err != nil {
+		return nil, err
+	}
 
 	if err := tx.Commit(); err != nil {
 		return nil, fmt.Errorf("commit create: %w", err)
@@ -326,13 +279,15 @@ func (s *RuleEditorService) UpdateDraft(ctx context.Context, id uuid.UUID, patch
 	args = append(args, time.Now().UTC())
 	args = append(args, id)
 	q := fmt.Sprintf(
-		`UPDATE paliad.deadline_rules_unified SET %s WHERE id = $%d AND lifecycle_state = 'draft'`,
+		`UPDATE paliad.deadline_rules SET %s WHERE id = $%d AND lifecycle_state = 'draft'`,
 		strings.Join(sets, ", "), len(args))
 	if _, err := tx.ExecContext(ctx, q, args...); err != nil {
 		return nil, fmt.Errorf("update rule draft: %w", err)
 	}
-	// Slice B.4 (mig 140, t-paliad-305): INSTEAD OF trigger handles the
-	// new-table writes — the UPDATE above is already fan-out.
+	// Slice B.2 dual-write (t-paliad-305).
+	if err := syncDualWriteFromDeadlineRule(ctx, tx, id); err != nil {
+		return nil, err
+	}
 	if err := tx.Commit(); err != nil {
 		return nil, fmt.Errorf("commit update: %w", err)
 	}
@@ -366,7 +321,7 @@ func (s *RuleEditorService) CloneAsDraft(ctx context.Context, id uuid.UUID, reas
 
 	newID := uuid.New()
 	if _, err := tx.ExecContext(ctx,
-		`INSERT INTO paliad.deadline_rules_unified
+		`INSERT INTO paliad.deadline_rules
 		    (id, proceeding_type_id, trigger_event_id, parent_id, concept_id, submission_code,
 		     name, name_en, description, primary_party, event_type,
 		     duration_value, duration_unit, timing,
@@ -387,16 +342,20 @@ func (s *RuleEditorService) CloneAsDraft(ctx context.Context, id uuid.UUID, reas
 		        is_active,
 		        'draft', $2, NULL,
 		        now(), now()
-		   FROM paliad.deadline_rules_unified
+		   FROM paliad.deadline_rules
 		  WHERE id = $2`,
 		newID, id,
 	); err != nil {
 		return nil, fmt.Errorf("clone rule as draft: %w", err)
 	}
-	// Slice B.4 (mig 140, t-paliad-305): INSTEAD OF INSERT trigger
-	// mints the synthetic 'null.<8hex>' code when submission_code is
-	// NULL (matching mig 136 + the legacy dual-write helper's
-	// expression).
+	// Slice B.2 dual-write (t-paliad-305): new draft gets its own
+	// procedural_events + sequencing_rules row. The synthetic-code
+	// branch fires here when the source rule had NULL submission_code
+	// (the clone inherits the NULL and mints a fresh 'null.<8hex>'
+	// derived from newID).
+	if err := syncDualWriteFromDeadlineRule(ctx, tx, newID); err != nil {
+		return nil, err
+	}
 	if err := tx.Commit(); err != nil {
 		return nil, fmt.Errorf("commit clone: %w", err)
 	}
@@ -430,7 +389,7 @@ func (s *RuleEditorService) Publish(ctx context.Context, id uuid.UUID, reason st
 
 	now := time.Now().UTC()
 	if _, err := tx.ExecContext(ctx,
-		`UPDATE paliad.deadline_rules_unified
+		`UPDATE paliad.deadline_rules
 		    SET lifecycle_state = 'published',
 		        published_at = $1,
 		        updated_at   = $1
@@ -443,7 +402,7 @@ func (s *RuleEditorService) Publish(ctx context.Context, id uuid.UUID, reason st
 	// Archive the peer this draft was cloned from, if any.
 	if current.DraftOf != nil {
 		if _, err := tx.ExecContext(ctx,
-			`UPDATE paliad.deadline_rules_unified
+			`UPDATE paliad.deadline_rules
 			    SET lifecycle_state = 'archived',
 			        updated_at      = $1
 			  WHERE id = $2 AND lifecycle_state = 'published'`,
@@ -453,9 +412,17 @@ func (s *RuleEditorService) Publish(ctx context.Context, id uuid.UUID, reason st
 		}
 	}
 
-	// Slice B.4 (mig 140, t-paliad-305): both UPDATEs above route via
-	// the INSTEAD OF UPDATE trigger, which mirrors the lifecycle flip
-	// onto procedural_events + sequencing_rules in the same TX.
+	// Slice B.2 dual-write (t-paliad-305): sync both sides — the newly
+	// published draft AND the cloned-from peer that just flipped to
+	// archived (if any).
+	if err := syncDualWriteFromDeadlineRule(ctx, tx, id); err != nil {
+		return nil, err
+	}
+	if current.DraftOf != nil {
+		if err := syncDualWriteFromDeadlineRule(ctx, tx, *current.DraftOf); err != nil {
+			return nil, err
+		}
+	}
 
 	if err := tx.Commit(); err != nil {
 		return nil, fmt.Errorf("commit publish: %w", err)
@@ -504,7 +471,7 @@ func (s *RuleEditorService) flipLifecycle(ctx context.Context, id uuid.UUID, tar
 	// timestamp helps audit reads ("when was this rule first live?").
 	if target == "published" {
 		if _, err := tx.ExecContext(ctx,
-			`UPDATE paliad.deadline_rules_unified
+			`UPDATE paliad.deadline_rules
 			    SET lifecycle_state = $1,
 			        published_at    = COALESCE(published_at, $2),
 			        updated_at      = $2
@@ -515,7 +482,7 @@ func (s *RuleEditorService) flipLifecycle(ctx context.Context, id uuid.UUID, tar
 		}
 	} else {
 		if _, err := tx.ExecContext(ctx,
-			`UPDATE paliad.deadline_rules_unified
+			`UPDATE paliad.deadline_rules
 			    SET lifecycle_state = $1, updated_at = $2
 			  WHERE id = $3`,
 			target, now, id,
@@ -524,8 +491,11 @@ func (s *RuleEditorService) flipLifecycle(ctx context.Context, id uuid.UUID, tar
 		}
 	}
 
-	// Slice B.4 (mig 140, t-paliad-305): INSTEAD OF UPDATE trigger
-	// mirrors the lifecycle flip onto sr + pe.
+	// Slice B.2 dual-write (t-paliad-305): mirror the lifecycle flip
+	// onto sequencing_rules + procedural_events.
+	if err := syncDualWriteFromDeadlineRule(ctx, tx, id); err != nil {
+		return nil, err
+	}
 
 	if err := tx.Commit(); err != nil {
 		return nil, fmt.Errorf("commit flip: %w", err)

internal/services/submission_building_block_service.go

@@ -0,0 +1,629 @@
+package services
+
+// Composer building-block library service — t-paliad-315 Slice C
+// (design doc docs/design-submission-generator-v2-2026-05-26.md §8 +
+// §4.4).
+//
+// Per the Q2 ratification (m, 2026-05-26): building blocks are plain
+// text paste sources. The library row is the source; the lawyer's
+// section row is the destination. After paste, the section row has
+// no link back to the library — the prose belongs to the section.
+//
+// Per the Q9 ratification: four visibility tiers — private / team /
+// firm / global. The DB-side RLS policy (mig 149) handles the
+// "private rows only the author sees" coarse gate. This service
+// applies the fine-grained tier predicate at query time, so the
+// picker on the section editor only shows blocks the caller actually
+// has reach to.
+//
+// Admin mutations are gated at the handler layer (adminGate). The
+// service exposes Create + Update + SoftDelete + RestoreVersion which
+// all assume the caller has already passed the admin check.
+// Append-only audit history (_admin_versions) is retained at 20 rows
+// per block, GCed in the same transaction as each Save.
+
+import (
+	"context"
+	"database/sql"
+	"errors"
+	"fmt"
+	"strings"
+	"time"
+
+	"github.com/google/uuid"
+	"github.com/jmoiron/sqlx"
+)
+
+// BuildingBlock mirrors a row in paliad.submission_building_blocks.
+type BuildingBlock struct {
+	ID               uuid.UUID  `db:"id"                  json:"id"`
+	Slug             string     `db:"slug"                json:"slug"`
+	Firm             *string    `db:"firm"                json:"firm,omitempty"`
+	SectionKey       string     `db:"section_key"         json:"section_key"`
+	ProceedingFamily *string    `db:"proceeding_family"   json:"proceeding_family,omitempty"`
+	TitleDE          string     `db:"title_de"            json:"title_de"`
+	TitleEN          string     `db:"title_en"            json:"title_en"`
+	DescriptionDE    *string    `db:"description_de"      json:"description_de,omitempty"`
+	DescriptionEN    *string    `db:"description_en"      json:"description_en,omitempty"`
+	ContentMDDE      string     `db:"content_md_de"       json:"content_md_de"`
+	ContentMDEN      string     `db:"content_md_en"       json:"content_md_en"`
+	AuthorID         *uuid.UUID `db:"author_id"           json:"author_id,omitempty"`
+	Visibility       string     `db:"visibility"          json:"visibility"`
+	IsPublished      bool       `db:"is_published"        json:"is_published"`
+	CreatedAt        time.Time  `db:"created_at"          json:"created_at"`
+	UpdatedAt        time.Time  `db:"updated_at"          json:"updated_at"`
+	DeletedAt        *time.Time `db:"deleted_at"          json:"-"`
+}
+
+// BuildingBlockVersion is one row from the admin-only audit history.
+type BuildingBlockVersion struct {
+	ID              uuid.UUID  `db:"id"                  json:"id"`
+	BuildingBlockID uuid.UUID  `db:"building_block_id"   json:"building_block_id"`
+	ContentMDDE     string     `db:"content_md_de"       json:"content_md_de"`
+	ContentMDEN     string     `db:"content_md_en"       json:"content_md_en"`
+	TitleDE         string     `db:"title_de"            json:"title_de"`
+	TitleEN         string     `db:"title_en"            json:"title_en"`
+	EditedBy        *uuid.UUID `db:"edited_by"           json:"edited_by,omitempty"`
+	Note            *string    `db:"note"                json:"note,omitempty"`
+	CreatedAt       time.Time  `db:"created_at"          json:"created_at"`
+}
+
+// BuildingBlockService handles the library + admin audit history.
+type BuildingBlockService struct {
+	db   *sqlx.DB
+	firm string
+}
+
+// NewBuildingBlockService wires the service. firm is branding.Name —
+// captured at construction time and used to apply the firm-tier
+// filter on List/Get calls.
+func NewBuildingBlockService(db *sqlx.DB, firm string) *BuildingBlockService {
+	return &BuildingBlockService{db: db, firm: firm}
+}
+
+const (
+	// VisPrivate / Team / Firm / Global — the 4 tiers per Q9.
+	VisPrivate = "private"
+	VisTeam    = "team"
+	VisFirm    = "firm"
+	VisGlobal  = "global"
+
+	// Retention horizon for the admin audit history per block.
+	buildingBlockVersionRetention = 20
+)
+
+// ErrBuildingBlockNotFound is the sentinel for "no block with that id
+// visible to this user". Maps to 404 at the handler layer.
+var ErrBuildingBlockNotFound = errors.New("submission building block: not found")
+
+// ErrBuildingBlockInvalidVisibility is the sentinel for a Create /
+// Update with an unknown tier value.
+var ErrBuildingBlockInvalidVisibility = errors.New("submission building block: invalid visibility")
+
+const buildingBlockColumns = `id, slug, firm, section_key, proceeding_family,
+                              title_de, title_en, description_de, description_en,
+                              content_md_de, content_md_en,
+                              author_id, visibility, is_published,
+                              created_at, updated_at, deleted_at`
+
+// BlockListFilter narrows the picker query. All fields optional. Returns
+// only published, non-deleted rows the caller has tier reach to.
+type BlockListFilter struct {
+	// SectionKey filters to blocks bound to one section (the picker
+	// uses this to restrict "facts" blocks to facts sections, etc.).
+	// Empty string = no filter.
+	SectionKey string
+	// ProceedingFamily filters to blocks tagged for one family OR
+	// untagged (proceeding_family IS NULL = "any family"). Empty
+	// string = no filter.
+	ProceedingFamily string
+	// Search free-text query against title + description + content.
+	// Empty string = no filter.
+	Search string
+	// Limit caps the result count (0 = default 50).
+	Limit int
+}
+
+// ListVisible returns blocks the caller can see, after the tier
+// predicate is applied. Ordered by updated_at DESC. The DB-side
+// SELECT policy already drops soft-deleted rows + private-other-author
+// rows; this query additionally honours the picker filter + the
+// is_published gate + the firm + team predicates.
+func (s *BuildingBlockService) ListVisible(ctx context.Context, userID uuid.UUID, filter BlockListFilter) ([]BuildingBlock, error) {
+	limit := filter.Limit
+	if limit <= 0 {
+		limit = 50
+	}
+
+	q := `SELECT ` + buildingBlockColumns + `
+	      FROM paliad.submission_building_blocks
+	      WHERE deleted_at IS NULL
+	        AND is_published = true
+	        AND (
+	          visibility = 'global'
+	          OR visibility = 'private' AND author_id = $1
+	          OR visibility = 'firm' AND (firm IS NULL OR firm = $2)
+	          OR visibility = 'team' AND EXISTS (
+	              SELECT 1 FROM paliad.project_teams pt1
+	              JOIN paliad.project_teams pt2 ON pt1.project_id = pt2.project_id
+	              WHERE pt1.user_id = author_id AND pt2.user_id = $1
+	          )
+	        )`
+	args := []any{userID, s.firm}
+	idx := 3
+
+	if filter.SectionKey != "" {
+		q += fmt.Sprintf(" AND section_key = $%d", idx)
+		args = append(args, filter.SectionKey)
+		idx++
+	}
+	if filter.ProceedingFamily != "" {
+		q += fmt.Sprintf(" AND (proceeding_family IS NULL OR proceeding_family = $%d)", idx)
+		args = append(args, filter.ProceedingFamily)
+		idx++
+	}
+	if filter.Search != "" {
+		pattern := "%" + strings.ToLower(filter.Search) + "%"
+		q += fmt.Sprintf(" AND (LOWER(title_de) LIKE $%d OR LOWER(title_en) LIKE $%d OR LOWER(COALESCE(description_de,'')) LIKE $%d OR LOWER(COALESCE(description_en,'')) LIKE $%d OR LOWER(content_md_de) LIKE $%d OR LOWER(content_md_en) LIKE $%d)",
+			idx, idx, idx, idx, idx, idx)
+		args = append(args, pattern)
+		idx++
+	}
+	q += fmt.Sprintf(" ORDER BY updated_at DESC LIMIT $%d", idx)
+	args = append(args, limit)
+
+	var rows []BuildingBlock
+	err := s.db.SelectContext(ctx, &rows, q, args...)
+	if err != nil {
+		return nil, fmt.Errorf("list building blocks: %w", err)
+	}
+	return rows, nil
+}
+
+// ListAllForAdmin returns every non-deleted row regardless of tier.
+// Handler-side adminGate is the access gate.
+func (s *BuildingBlockService) ListAllForAdmin(ctx context.Context) ([]BuildingBlock, error) {
+	var rows []BuildingBlock
+	err := s.db.SelectContext(ctx, &rows,
+		`SELECT `+buildingBlockColumns+`
+		   FROM paliad.submission_building_blocks
+		  WHERE deleted_at IS NULL
+		  ORDER BY updated_at DESC`)
+	if err != nil {
+		return nil, fmt.Errorf("admin list building blocks: %w", err)
+	}
+	return rows, nil
+}
+
+// GetVisible fetches a block by id, applying the same tier predicate
+// as ListVisible. ErrBuildingBlockNotFound when the row exists but
+// the caller has no tier reach (handler maps to 404).
+func (s *BuildingBlockService) GetVisible(ctx context.Context, userID, blockID uuid.UUID) (*BuildingBlock, error) {
+	var b BuildingBlock
+	err := s.db.GetContext(ctx, &b,
+		`SELECT `+buildingBlockColumns+`
+		   FROM paliad.submission_building_blocks
+		  WHERE id = $1
+		    AND deleted_at IS NULL
+		    AND is_published = true
+		    AND (
+		      visibility = 'global'
+		      OR visibility = 'private' AND author_id = $2
+		      OR visibility = 'firm' AND (firm IS NULL OR firm = $3)
+		      OR visibility = 'team' AND EXISTS (
+		          SELECT 1 FROM paliad.project_teams pt1
+		          JOIN paliad.project_teams pt2 ON pt1.project_id = pt2.project_id
+		          WHERE pt1.user_id = author_id AND pt2.user_id = $2
+		      )
+		    )`,
+		blockID, userID, s.firm)
+	if errors.Is(err, sql.ErrNoRows) {
+		return nil, ErrBuildingBlockNotFound
+	}
+	if err != nil {
+		return nil, fmt.Errorf("get building block: %w", err)
+	}
+	return &b, nil
+}
+
+// GetForAdmin fetches a block by id with no tier filter. adminGate at
+// the handler is the access gate.
+func (s *BuildingBlockService) GetForAdmin(ctx context.Context, blockID uuid.UUID) (*BuildingBlock, error) {
+	var b BuildingBlock
+	err := s.db.GetContext(ctx, &b,
+		`SELECT `+buildingBlockColumns+`
+		   FROM paliad.submission_building_blocks
+		  WHERE id = $1 AND deleted_at IS NULL`,
+		blockID)
+	if errors.Is(err, sql.ErrNoRows) {
+		return nil, ErrBuildingBlockNotFound
+	}
+	if err != nil {
+		return nil, fmt.Errorf("admin get building block: %w", err)
+	}
+	return &b, nil
+}
+
+// CreateInput carries the fields needed to insert a new block. Admin
+// path only (Slice C); user-authored private blocks are a later
+// feature.
+type CreateInput struct {
+	Slug             string
+	Firm             *string
+	SectionKey       string
+	ProceedingFamily *string
+	TitleDE          string
+	TitleEN          string
+	DescriptionDE    *string
+	DescriptionEN    *string
+	ContentMDDE      string
+	ContentMDEN      string
+	Visibility       string
+	IsPublished      bool
+}
+
+// Create inserts a new block and seeds the first audit-history row.
+// editorID is the admin's uuid; recorded in _admin_versions.edited_by.
+func (s *BuildingBlockService) Create(ctx context.Context, editorID uuid.UUID, in CreateInput) (*BuildingBlock, error) {
+	if !validVisibility(in.Visibility) {
+		return nil, ErrBuildingBlockInvalidVisibility
+	}
+	in.Slug = strings.TrimSpace(in.Slug)
+	in.SectionKey = strings.TrimSpace(in.SectionKey)
+	in.TitleDE = strings.TrimSpace(in.TitleDE)
+	in.TitleEN = strings.TrimSpace(in.TitleEN)
+	if in.Slug == "" || in.SectionKey == "" || in.TitleDE == "" || in.TitleEN == "" {
+		return nil, ErrInvalidInput
+	}
+
+	tx, err := s.db.BeginTxx(ctx, nil)
+	if err != nil {
+		return nil, fmt.Errorf("create building block tx: %w", err)
+	}
+	committed := false
+	defer func() {
+		if !committed {
+			_ = tx.Rollback()
+		}
+	}()
+
+	var b BuildingBlock
+	err = tx.GetContext(ctx, &b,
+		`INSERT INTO paliad.submission_building_blocks
+		     (slug, firm, section_key, proceeding_family,
+		      title_de, title_en, description_de, description_en,
+		      content_md_de, content_md_en, author_id, visibility, is_published)
+		 VALUES ($1,$2,$3,$4,$5,$6,$7,$8,$9,$10,$11,$12,$13)
+		 RETURNING `+buildingBlockColumns,
+		in.Slug, in.Firm, in.SectionKey, in.ProceedingFamily,
+		in.TitleDE, in.TitleEN, in.DescriptionDE, in.DescriptionEN,
+		in.ContentMDDE, in.ContentMDEN, editorID, in.Visibility, in.IsPublished)
+	if err != nil {
+		return nil, fmt.Errorf("insert building block: %w", err)
+	}
+	if err := s.appendVersionTx(ctx, tx, b.ID, editorID, &b, "create"); err != nil {
+		return nil, err
+	}
+	if err := tx.Commit(); err != nil {
+		return nil, fmt.Errorf("commit create building block: %w", err)
+	}
+	committed = true
+	return &b, nil
+}
+
+// UpdatePatch carries the optional fields for an Update call.
+type UpdatePatch struct {
+	Slug             *string
+	Firm             **string // **string for "set to null" semantics
+	SectionKey       *string
+	ProceedingFamily **string
+	TitleDE          *string
+	TitleEN          *string
+	DescriptionDE    **string
+	DescriptionEN    **string
+	ContentMDDE      *string
+	ContentMDEN      *string
+	Visibility       *string
+	IsPublished      *bool
+	Note             *string // free-form note that lands in _admin_versions
+}
+
+// Update applies a patch. Appends an audit-history row; GCs to the
+// retention=20 horizon in the same tx so old versions don't pile up.
+func (s *BuildingBlockService) Update(ctx context.Context, editorID, blockID uuid.UUID, patch UpdatePatch) (*BuildingBlock, error) {
+	if patch.Visibility != nil && !validVisibility(*patch.Visibility) {
+		return nil, ErrBuildingBlockInvalidVisibility
+	}
+
+	tx, err := s.db.BeginTxx(ctx, nil)
+	if err != nil {
+		return nil, fmt.Errorf("update building block tx: %w", err)
+	}
+	committed := false
+	defer func() {
+		if !committed {
+			_ = tx.Rollback()
+		}
+	}()
+
+	setParts := []string{}
+	args := []any{}
+	idx := 1
+
+	addText := func(col string, p *string) {
+		if p == nil {
+			return
+		}
+		setParts = append(setParts, fmt.Sprintf("%s = $%d", col, idx))
+		args = append(args, *p)
+		idx++
+	}
+	addBool := func(col string, p *bool) {
+		if p == nil {
+			return
+		}
+		setParts = append(setParts, fmt.Sprintf("%s = $%d", col, idx))
+		args = append(args, *p)
+		idx++
+	}
+	addNullable := func(col string, p **string) {
+		if p == nil {
+			return
+		}
+		setParts = append(setParts, fmt.Sprintf("%s = $%d", col, idx))
+		args = append(args, *p)
+		idx++
+	}
+
+	addText("slug", patch.Slug)
+	addNullable("firm", patch.Firm)
+	addText("section_key", patch.SectionKey)
+	addNullable("proceeding_family", patch.ProceedingFamily)
+	addText("title_de", patch.TitleDE)
+	addText("title_en", patch.TitleEN)
+	addNullable("description_de", patch.DescriptionDE)
+	addNullable("description_en", patch.DescriptionEN)
+	addText("content_md_de", patch.ContentMDDE)
+	addText("content_md_en", patch.ContentMDEN)
+	addText("visibility", patch.Visibility)
+	addBool("is_published", patch.IsPublished)
+
+	if len(setParts) == 0 {
+		// No-op patch — still append a version with the user's note if
+		// supplied. Otherwise just return current row.
+		current, err := s.GetForAdmin(ctx, blockID)
+		if err != nil {
+			return nil, err
+		}
+		if patch.Note != nil && strings.TrimSpace(*patch.Note) != "" {
+			if err := s.appendVersionTx(ctx, tx, blockID, editorID, current, *patch.Note); err != nil {
+				return nil, err
+			}
+		}
+		if err := tx.Commit(); err != nil {
+			return nil, fmt.Errorf("commit no-op update building block: %w", err)
+		}
+		committed = true
+		return current, nil
+	}
+
+	args = append(args, blockID)
+	q := fmt.Sprintf(
+		`UPDATE paliad.submission_building_blocks
+		    SET %s
+		  WHERE id = $%d AND deleted_at IS NULL
+		  RETURNING `+buildingBlockColumns,
+		strings.Join(setParts, ", "), idx,
+	)
+	var b BuildingBlock
+	err = tx.GetContext(ctx, &b, q, args...)
+	if errors.Is(err, sql.ErrNoRows) {
+		return nil, ErrBuildingBlockNotFound
+	}
+	if err != nil {
+		return nil, fmt.Errorf("update building block: %w", err)
+	}
+
+	note := ""
+	if patch.Note != nil {
+		note = *patch.Note
+	}
+	if note == "" {
+		note = "update"
+	}
+	if err := s.appendVersionTx(ctx, tx, blockID, editorID, &b, note); err != nil {
+		return nil, err
+	}
+	if err := tx.Commit(); err != nil {
+		return nil, fmt.Errorf("commit update building block: %w", err)
+	}
+	committed = true
+	return &b, nil
+}
+
+// SoftDelete marks a block deleted. RLS hides deleted rows; the
+// admin can still see them via GetForAdmin if the row is referenced
+// by audit history.
+func (s *BuildingBlockService) SoftDelete(ctx context.Context, editorID, blockID uuid.UUID) error {
+	tx, err := s.db.BeginTxx(ctx, nil)
+	if err != nil {
+		return fmt.Errorf("soft delete tx: %w", err)
+	}
+	committed := false
+	defer func() {
+		if !committed {
+			_ = tx.Rollback()
+		}
+	}()
+	var b BuildingBlock
+	err = tx.GetContext(ctx, &b,
+		`UPDATE paliad.submission_building_blocks
+		    SET deleted_at = now()
+		  WHERE id = $1 AND deleted_at IS NULL
+		  RETURNING `+buildingBlockColumns,
+		blockID)
+	if errors.Is(err, sql.ErrNoRows) {
+		return ErrBuildingBlockNotFound
+	}
+	if err != nil {
+		return fmt.Errorf("soft delete: %w", err)
+	}
+	if err := s.appendVersionTx(ctx, tx, blockID, editorID, &b, "delete"); err != nil {
+		return err
+	}
+	if err := tx.Commit(); err != nil {
+		return fmt.Errorf("commit soft delete: %w", err)
+	}
+	committed = true
+	return nil
+}
+
+// ListVersions returns the audit history for a block (most recent
+// first), capped at retention. Admin path only.
+func (s *BuildingBlockService) ListVersions(ctx context.Context, blockID uuid.UUID) ([]BuildingBlockVersion, error) {
+	var rows []BuildingBlockVersion
+	err := s.db.SelectContext(ctx, &rows,
+		`SELECT id, building_block_id, content_md_de, content_md_en,
+		        title_de, title_en, edited_by, note, created_at
+		   FROM paliad.submission_building_block_admin_versions
+		  WHERE building_block_id = $1
+		  ORDER BY created_at DESC
+		  LIMIT $2`,
+		blockID, buildingBlockVersionRetention)
+	if err != nil {
+		return nil, fmt.Errorf("list building block versions: %w", err)
+	}
+	return rows, nil
+}
+
+// RestoreVersion overwrites the block's current content + titles with
+// the named version's snapshot. Appends a new audit row noting the
+// restore. Admin path only.
+func (s *BuildingBlockService) RestoreVersion(ctx context.Context, editorID, blockID, versionID uuid.UUID) (*BuildingBlock, error) {
+	tx, err := s.db.BeginTxx(ctx, nil)
+	if err != nil {
+		return nil, fmt.Errorf("restore version tx: %w", err)
+	}
+	committed := false
+	defer func() {
+		if !committed {
+			_ = tx.Rollback()
+		}
+	}()
+
+	var v BuildingBlockVersion
+	err = tx.GetContext(ctx, &v,
+		`SELECT id, building_block_id, content_md_de, content_md_en,
+		        title_de, title_en, edited_by, note, created_at
+		   FROM paliad.submission_building_block_admin_versions
+		  WHERE id = $1 AND building_block_id = $2`,
+		versionID, blockID)
+	if errors.Is(err, sql.ErrNoRows) {
+		return nil, ErrBuildingBlockNotFound
+	}
+	if err != nil {
+		return nil, fmt.Errorf("fetch version: %w", err)
+	}
+
+	var b BuildingBlock
+	err = tx.GetContext(ctx, &b,
+		`UPDATE paliad.submission_building_blocks
+		    SET content_md_de = $1, content_md_en = $2,
+		        title_de = $3, title_en = $4
+		  WHERE id = $5 AND deleted_at IS NULL
+		  RETURNING `+buildingBlockColumns,
+		v.ContentMDDE, v.ContentMDEN, v.TitleDE, v.TitleEN, blockID)
+	if errors.Is(err, sql.ErrNoRows) {
+		return nil, ErrBuildingBlockNotFound
+	}
+	if err != nil {
+		return nil, fmt.Errorf("restore update: %w", err)
+	}
+
+	note := fmt.Sprintf("restore from %s", versionID.String())
+	if err := s.appendVersionTx(ctx, tx, blockID, editorID, &b, note); err != nil {
+		return nil, err
+	}
+	if err := tx.Commit(); err != nil {
+		return nil, fmt.Errorf("commit restore: %w", err)
+	}
+	committed = true
+	return &b, nil
+}
+
+// appendVersionTx inserts an audit row + GCs to the retention horizon.
+// Runs inside the caller's transaction so a failure rolls back the
+// associated Create / Update / Delete / Restore.
+func (s *BuildingBlockService) appendVersionTx(ctx context.Context, tx *sqlx.Tx, blockID, editorID uuid.UUID, b *BuildingBlock, note string) error {
+	_, err := tx.ExecContext(ctx,
+		`INSERT INTO paliad.submission_building_block_admin_versions
+		     (building_block_id, content_md_de, content_md_en,
+		      title_de, title_en, edited_by, note)
+		 VALUES ($1, $2, $3, $4, $5, $6, $7)`,
+		blockID, b.ContentMDDE, b.ContentMDEN, b.TitleDE, b.TitleEN, editorID, note)
+	if err != nil {
+		return fmt.Errorf("append version: %w", err)
+	}
+	// GC: keep only the most recent N versions per block.
+	_, err = tx.ExecContext(ctx,
+		`DELETE FROM paliad.submission_building_block_admin_versions
+		  WHERE id IN (
+		    SELECT id FROM paliad.submission_building_block_admin_versions
+		     WHERE building_block_id = $1
+		     ORDER BY created_at DESC
+		     OFFSET $2
+		  )`,
+		blockID, buildingBlockVersionRetention)
+	if err != nil {
+		return fmt.Errorf("gc version history: %w", err)
+	}
+	return nil
+}
+
+// InsertIntoSection clones a block's content_md_<lang> into the named
+// section by appending at the end (with a paragraph break separator).
+// Per Q2: no lineage stamped on the section. The returned
+// SubmissionSection carries the updated content.
+//
+// The handler enforces draft ownership before calling this; the
+// service does the visibility check on the block itself and the
+// SectionService.Get + Update sequence inside one transaction so an
+// in-flight failure rolls back cleanly.
+func (s *BuildingBlockService) InsertIntoSection(ctx context.Context, userID, blockID, sectionID uuid.UUID, sections *SectionService) (*SubmissionSection, error) {
+	block, err := s.GetVisible(ctx, userID, blockID)
+	if err != nil {
+		return nil, err
+	}
+	sec, err := sections.Get(ctx, sectionID)
+	if err != nil {
+		return nil, err
+	}
+
+	// Determine which lang column to splice into based on the section
+	// row's existing content + the block's content. We splice both
+	// lang columns so the section is bilingually current — the
+	// lawyer's draft language picker still drives which one renders.
+	newDE := appendBlockContent(sec.ContentMDDE, block.ContentMDDE)
+	newEN := appendBlockContent(sec.ContentMDEN, block.ContentMDEN)
+
+	patch := SectionPatch{ContentMDDE: &newDE, ContentMDEN: &newEN}
+	return sections.Update(ctx, sectionID, patch)
+}
+
+func appendBlockContent(existing, addition string) string {
+	if strings.TrimSpace(existing) == "" {
+		return addition
+	}
+	if strings.TrimSpace(addition) == "" {
+		return existing
+	}
+	return strings.TrimRight(existing, "\n") + "\n\n" + addition
+}
+
+func validVisibility(v string) bool {
+	switch v {
+	case VisPrivate, VisTeam, VisFirm, VisGlobal:
+		return true
+	}
+	return false
+}

internal/services/submission_building_block_service_test.go

@@ -0,0 +1,60 @@
+package services
+
+// Unit tests for BuildingBlockService helpers — pure functions, no DB
+// dependency (t-paliad-315 Slice C).
+
+import "testing"
+
+func TestValidVisibility(t *testing.T) {
+	cases := []struct {
+		in    string
+		valid bool
+	}{
+		{"private", true},
+		{"team", true},
+		{"firm", true},
+		{"global", true},
+		{"PRIVATE", false}, // case-sensitive
+		{"", false},
+		{"public", false},
+		{"all", false},
+	}
+	for _, tc := range cases {
+		t.Run(tc.in, func(t *testing.T) {
+			if got := validVisibility(tc.in); got != tc.valid {
+				t.Errorf("validVisibility(%q) = %v; want %v", tc.in, got, tc.valid)
+			}
+		})
+	}
+}
+
+func TestAppendBlockContent(t *testing.T) {
+	cases := []struct {
+		existing string
+		addition string
+		want     string
+	}{
+		{"", "hello", "hello"},
+		{"existing", "", "existing"},
+		{"", "", ""},
+		{"existing", "addition", "existing\n\naddition"},
+		{"existing\n", "addition", "existing\n\naddition"},
+		{"existing\n\n\n", "addition", "existing\n\naddition"},
+		{"   ", "addition", "addition"}, // whitespace-only existing counts as empty
+		{"existing", "   ", "existing"}, // whitespace-only addition counts as empty
+	}
+	for _, tc := range cases {
+		if got := appendBlockContent(tc.existing, tc.addition); got != tc.want {
+			t.Errorf("appendBlockContent(%q,%q) = %q; want %q", tc.existing, tc.addition, got, tc.want)
+		}
+	}
+}
+
+func TestBuildingBlockVisibilityConstants(t *testing.T) {
+	// Pin the constants so a typo somewhere doesn't silently flip a
+	// tier name. The DB CHECK constraint and the RLS predicate both
+	// hard-code these literals.
+	if VisPrivate != "private" || VisTeam != "team" || VisFirm != "firm" || VisGlobal != "global" {
+		t.Errorf("visibility constants drifted: %q/%q/%q/%q", VisPrivate, VisTeam, VisFirm, VisGlobal)
+	}
+}

internal/services/submission_vars.go

@@ -289,12 +289,12 @@ func (s *SubmissionVarsService) nextOpenDeadline(ctx context.Context, projectID,
 	var d models.Deadline
 	err := s.db.GetContext(ctx, &d,
 		`SELECT id, project_id, title, description, due_date, original_due_date,
-		        warning_date, source, sequencing_rule_id, rule_code, status, completed_at,
+		        warning_date, source, rule_id, rule_code, status, completed_at,
 		        caldav_uid, caldav_etag, notes, created_by, created_at, updated_at,
 		        approval_status, pending_request_id, approved_by, approved_at
 		   FROM paliad.deadlines
 		  WHERE project_id = $1
-		    AND sequencing_rule_id = $2
+		    AND rule_id = $2
 		    AND status = 'pending'
 		  ORDER BY due_date ASC
 		  LIMIT 1`, projectID, ruleID)