Future-Macro Object Governance Rule

Date: 2026-06-10. Binding KB-level rule for the tool-kiem-thu initiative. Embodies feedback_self_audit_before_external_review_mutable_authority and the native "LUẬT KHAI SINH / Birth Registry Law" principle ("no registration → no birth → not countable").

The rule

Every future macro that creates, materially changes, or newly relies on an object or supporting accessory MUST, within the SAME macro, do ONE of the following for each such object — or the macro may not report PASS:

1. Birth/govern it — add it to tool-kiem-thu-object-registry-*.md/.json with canonical ID, type/species, location, owner-class, authority class, lifecycle, allowed/prohibited use, retention/cleanup, and promotion/deprecation path; or
2. Prove auto-birth/auto-governance handled it — cite first-hand evidence (e.g. a birth_registry row with owner/cert) that the native system detected AND governed it; or
3. Create an action-ready governance blocker — with blocker ID, object, missing fact, root cause, exact next action, and the owner/Codex/operator required.

No new orphan objects or ungoverned accessories are allowed. "Support file" is not an exemption — accessories (harnesses, profiles, fixtures, packets, run artifacts, local /tmp files, new labels/species/statuses) are objects.

Mandatory clauses

1. Accessories count. Harnesses, seccomp profiles, Dockerfiles, fixtures, packets, run artifacts, raw-log indices, AND new taxonomy/labels/statuses/blocker-classes are governable objects.
2. No fake-green auto-claim. Never claim the auto-system governed an object without a cited birth_registry/governance_object_ownership row showing owner + certification. KB-doc auto-birth is certified=false/owner=null and counts only as BORN-UNCERTIFIED, not GOVERNED.
3. KB-level ≠ production registry. Writing a KB governance record is allowed and sufficient to clear orphan status at KB level, but it is NOT a production-registry insertion; insertion is an AUTHORITY action and must be a blocker, never silently claimed.
4. No self-certifying authority. Provisional catalogs/taxonomy stay provisional-non-authority until owner+Codex seal them; promotion is at most one authority class per sealed step.
5. Local/tmp artifacts need a lifecycle. Any /tmp or ephemeral artifact must get a retention-or-cleanup rule in the same macro.
6. Self-reference. A governance macro must govern its OWN deliverables (this rule, the registry, etc.) — they are objects too.
7. Gate before Call Contract. Phase 4 (Call Contract), gate consumer, KB writer, and controlled pilot may NOT begin while any object created by a prior macro is unclassified and lacks a blocker. Phase 3.5 governance must be current first.

Enforcement

• A future-macro self-check MUST include: "Did I birth/govern, prove-auto, or blocker EVERY object/accessory I created?" If any answer is NO, status is PARTIAL/BLOCKED, not PASS.
• The object registry is the single KB home; do not create competing registries (duplicate-authority risk).

Verdict

FUTURE_MACRO_GOVERNANCE_RULE_WRITTEN — binding no-orphan rule established with enforcement and self-check hooks.