13 — Go / No-Go List (Branch M)

What is safe to proceed with now under current governance, what needs an existing approval, what is blocked on a law/design patch, and what must stop. Applied to every grouping-related artifact. (This audit itself performed none of these — read-only.)

✅ CAN PROCEED NOW (safe, read-only or already-central)

• Label grouping via Đ24/Đ29 reuse — query/display existing facets/labels/species/governance_role; no new store.
• Orphan scanner reuse — fn_refresh_orphan_* + system_issues halves are live and governed (GOV-SIV).
• Count-integrity detection (read-only) — the six committed views + Đ31 contract logic; detection raises issues without approval.
• Pivot READ / coverage reporting — render existing pivots; mark gaps PIVOT_MISSING in the surface (display string, not a commit).
• Registries-Pivot UI route (already LIVE) — keep serving via Đ28 templates; no further commit needed to read.
• No-hardcode enforcement design + CI gate authoring — Đ28 Test-4 / coverage scanner reuse.
• Authoring (author-mode) of law-patch drafts, DOT specs, approval requests — drafting is not enacting.
• This governance audit + recommendations — done.

🟡 CAN PROCEED AFTER EXISTING APPROVAL (Đ32 spine exists; just walk it)

• Assign agency owners to classification/pivot domains → schema_add/rule_change APR, council (Đ37 §4.12(d) minute).
• New pivot rows (PIV-500 grand-total, PIV-301 orphan, PIV-311 label) → new_dot/schema_add APR; PIV-500 needs the helper view committed first.
• Register new issue/event types (pivot_missing, count_integrity_failed, classification_required, pin.*) → approval-gated INSERT (Đ45 register-before-emit).
• Author + register grouping/pivot DOTs under Đ35 → new_dot APR (apply DOTs are B-tier, paired).
• label_rules / new dimension changes → rule_change/schema_add APR.
• Directus exposure of views → Directus-write approval (RG7) — once views have a PK or the pg-exception is ratified.

🔴 MUST WAIT FOR LAW/DESIGN PATCH (LAW_GAP / definition gap)

• display_policy / threshold (50 ceiling) — blocked on Đ24/Đ29 threshold clause (P2). No commit until a law defines the ceiling. (Rehearsal-only is fine.)
• registry_pin (global pins) — blocked on a pin/personalization law clause (P-PIN) + domain assignment. User/role/team scoped pins could be reframed as display personalization later, but global pins wait.
• phantom_count column / PIV-302 / phantom cleanup — blocked on Đ31 phantom definition (P1, council). Detection candidates may be surfaced read-only; nothing written/cleaned.
• count_integrity FAILED → cleanup actions — detection ok; acting waits on the phantom/threshold clauses + Đ32 approval.

⛔ MUST STOP / REJECT (creates an island or violates law)

• Any standalone registry_grouping_policy / local display_policy / local registry_pin table with no domain-agency owner + no Đ32 approval — REJECT (LGIR; GPT direction explicit).
• Any local approval / sign-off mechanism (a Registries-Pivot-only approve flow) — REJECT; only approval_requests/apr_approvals are valid.
• Any grouping DOT outside Đ35 (hand-SQL classifier, Nuxt-side grouping, --admin bypass, curl … || true) — REJECT.
• Any frontend/Nuxt grouping arrays, hardcoded CAT- rows, or count math* (Đ28 NT-D1/D3) — REJECT.
• Self-approval of any of the above (Đ32 §4.3.1) — REJECT.
• Enacting threshold/phantom/pin as law by an agent — REJECT (council_review only).
• Committing pivot rows / phantom_count by hand-INSERT (Đ26 1E) — REJECT.
• Treating the live direct-pg API as the sanctioned convention without an explicit Đ41 API-exception approval — STOP until approved (it currently runs as an un-ratified exception).

Per-artifact one-liner

Artifact	Verdict
grouping policy	🟡 after owner-assign + Đ32
threshold policy	🔴 wait P2
label grouping	✅ reuse Đ24/29
registry_pin	🔴 wait P-PIN
phantom	🔴 wait P1 (council)
pivot coverage	🟡 after Đ32 (views ✅ now)
grouping DOTs	🟡 author under Đ35 + new_dot APR
Directus/API exposure	🟡 after RG7 / view PK
UI route	✅ live (Đ28)
legacy retirement	🟡/DEFER retire-after-replace (RG9)

Bottom line: nothing about grouping needs to be blocked forever — but display_policy, registry_pin, and phantom cannot be committed until their law clauses exist, and nothing may be built as a local island. Everything else proceeds by walking the existing Đ32 spine.