14 — Law / Design Patch Outline

Status: DRAFT FOR COUNCIL — author-mode only. NO enactment. NO self-approval. Each patch must be enacted via its Đ32 authority (council_review for law clauses) and minuted to governance_audit_log. This audit drafts; it does not enact.

LAW patches

P1 — Đ31 §(new): Phantom Definition (source_model-aware)

• Why: phantom = LAW_DEFINITION_GAP; only orphan/drift are defined. Blocks PIV-302, phantom_count, cleanup.
• What: define phantom = registry/pivot record whose governed substrate is absent, evaluated vs the live pivot, per source_model — model-A (write-race) ⇒ NOT phantom; model-B (substrate-absent) ⇒ phantom candidate. Mandate A-tier detection only, 2-pass grace verify, leaf-scoped, 4 false-positive guards (doc 09 §8). Authorize additive meta_catalog.phantom_count + PIV-302 (DEFER). Register issue_types phantom_candidate|confirmed + events count_integrity.phantom_detected|cleared.
• Authority: GOV-COUNCIL council_review. Owner after enact: GOV-SIV (detect).

P2 — Đ24 (or Đ29) §(new): Ungrouped Display Ceiling

• Why: the "max-ungrouped 50" is in no law → LAW_GAP → blocks display_policy/threshold commit; tempts a hardcoded 50.
• What: a per-species/per-list MAX ungrouped ceiling = a CEILING not a target; pagination ≠ semantic grouping. Stored as a reference table (Đ24 INSERT pattern), default 50, smaller allowed. Exceed ⇒ emit CLASSIFICATION_REQUIRED. No hardcoded 50 in code (Đ28 NT-D3).
• Authority: GOV-COUNCIL. Owner: classification domain (GOV-COUNCIL).

P-PIN — §(new clause, host law TBD): Pin / Watch / Personalization

• Why: pin has no law and no domain → highest LGIR.
• What: define pin scopes (global / user / role / team); global pins are governed objects (Đ32 approval); user/role/team are self-service within scope. Decide host: a Đ28 display-personalization clause OR a new sub-domain under classification. Born in meta_catalog; events pin.created|removed (Đ45 register-before-emit).
• Authority: GOV-COUNCIL. Status: DEFER until clause exists.

P-DRIFT — reconcile enacted Đ37 v3.3 ↔ live governance schema

• Why: live tables diverge from the enacted law (column names + CHECK vocabularies + the capability JSON not in law). The anchor of the central model is itself drifted.
• What: decide canonical vocabulary: gov_type vs type; created_by_law vs governing_law; governance_relations.relation_type set (live owner/approver_tbox/executor_abox vs law owner/depends_on/cooperates/enforces/produces/consumes); enforcement_role (live executor/auditor vs law primary/audit/support); discovery_source vs discovery_method. Ratify or remove the live capability JSON (can_create/must_not_own) — it implements no-double-ownership at object level and is currently un-enacted.
• Authority: GOV-COUNCIL (amend Đ37) or GOV-NRM-SYS schema reconciliation.

P-REG — register Đ20 / Đ23 / Đ45 into normative_registry

• Why: enacted as KB docs but absent as rows → Law-SSOT coverage gap; FKs (created_by_law, law_jurisdiction, law_dot_enforcement) cannot reference them.
• What: INSERT normative_registry rows for Đ20, Đ23, Đ45 with kb_path + status=enacted; backfill any law_jurisdiction/enforcement edges.
• Authority: GOV-NRM-SYS (Đ38) + council confirm.

DESIGN / DOC patches

P3 — Đ37/Đ32: Object-level governance ownership (pick ONE, system-wide)

• Either widen governance_relations.target_type CHECK (law,agency → +collection,pivot,object) to record agency→object ownership edges, OR formally declare domain-ownership (governance_registry.domain + law_jurisdiction) as the canonical object-binding and forbid per-table owner_gov_code columns.
• Do system-wide or not at all. Do NOT add gov columns to Registries-Pivot tables only.

P4 — Patch the canonical design package (registries-pivot-os-agency/)

• The design docs still frame display_policy/registry_pin as standalone tables with "owner = likely GOV-COUNCIL" (TODO). Rewrite docs 07/08 to: (a) bind relationally (doc 05), (b) mark display_policy/pin/phantom as DEFER-until-law, (c) record the Option-4 ownership map.

P5 — Activate the dormant governance event lane

• event_type_registry mother.proposal.created|approved|rejected + governance.blocked|unblocked are active=false. Approval-gated activation gives the governed-proposal lifecycle its events (doc 10). Additive.

P6 — Close the governance audit loop

• governance_audit_log has 1 stale row. Wire DOT-GOV-VERIFY/DISCOVERY (Đ37 §6) to write here on schedule; attach the Council ownership minutes (P1/P2/P-PIN decisions) here.

P7 — Ratify the direct-pg API exception (or remove it)

• The live rpGatewayDb.ts direct read-only pg Pool bypasses PG→Directus→Nuxt. Either get an explicit Đ41 API-exception approval (documented reason: Directus 403 on PK-less views) OR add PKs to the six views and route via Directus (preferred long-term).

Sequencing (dependency order)

1. P-DRIFT + P-REG (fix the anchor: schema↔law + register missing laws).
2. Option-4 ownership assignment (attach classification/pivot domains to GOV-COUNCIL/GOV-SIV; minute to audit_log).
3. P1 (phantom) + P2 (threshold) + P-PIN law clauses (council_review).
4. Register issue/event types (Đ45) + P5 event lane.
5. Gate new pivots/dimensions via Đ32; author grouping/pivot DOTs under Đ35.
6. P4 design-doc patch; P6 audit loop; P7 API exception.
7. Only then: commit display_policy/registry_pin/phantom_count/PIV-302 (each via its now-existing law + Đ32 approval).

None of the above is executed by this audit. All are author-mode proposals requiring the named central approval.