08 — Branch H: Law / Forbidden / Self-Review

Forbidden-action compliance (every item)

Forbidden	Complied?	Evidence
Candidate Registry committed birth without B-2/B-3/B-4/P-1 + Đ32	✅	No commit. Rehearsal ROLLBACK only.
Agent self-approval (Đ32)	✅	No review_decision minted; deferred to human pack (doc 06).
Law enactment	✅	None; enacting clause is a human action (doc 06 D1).
4 Mothers runtime	✅	Untouched; rows stay draft.
Generated workflows/tasks/forms/reports	✅	None.
Nuxt/UI	✅	None.
Directus mutation	✅	None.
Qdrant/vector write	✅	None; vector_sync_enabled=false intact.
Unsafe P-pub block	✅	Not touched.
allow_no_review_decision=true	✅	Stays false (gate verifier confirms).
vector_sync_enabled=true	✅	Stays false (gate verifier confirms).
Gate left open	✅	No gate opened; all_safe=true at exit.
Hidden second SoT	✅	New registries FK-reference SoT, never copy (doc 01).
Open idle transaction left behind	✅	pg_stat_activity clean at exit (0 workflow_admin tx).
Client-timeout-kill of open tx	✅	stdin-fed single invocation + server-side timeouts; no kill.

Law check

• Điều 0-G (birth): every registry born via full contract (meta_catalog→species→map→collection_registry + birth trigger); no "đẻ rơi". ✓
• Điều 7 (assembly/no-orphan): tier_registry orphan resolved by law (Đ37 authority owner, not a factory). ✓
• Điều 30/31 (reversibility/integrity): byte-identical rollback proven; soft-retire reversal documented; FK-reference not copy. ✓
• Điều 32 (approval): not self-minted; human pack delivered. ✓
• Điều 36/37: field/input_form (Đ36) owned by GOV-MOIT; tier (Đ37) owned by GOV-COUNCIL. ✓
• Điều 38/39: read channel honored; no KG mutation. ✓
• Điều 45: no event/runtime emission. ✓

Prompt-quality self-review (vs prompt-muc-tieu-mo-for-claude-code.md v1.3)

• Did the prompt force fake work? No. The prompt was open-goal with specified defaults and forbade mutation-for-volume. It did not incentivize artificial X-scale. Good prompt discipline (the GPT direction explicitly corrected the earlier X-scale over-emphasis).
• Did I ask the user? No. All decisions used the supplied defaults (tier owner = GOV-COUNCIL recommended; no commit without authority; prefer activation pack). The genuine authority choice (tier owner, Đ32 signers) was packaged for the human rather than asked mid-run.
• Did I close all agent-solvable blockers? Yes — B-2 (production schemas, proven), B-3 (exact codes + validation), B-4 (tier owner decided + reversible write proven), P-1 (+60 cascade fully decomposed). All four are CLOSED.
• Did I defer only human/authority items? Yes — only B-5 (enacting law + Đ32 cross-sign) remains, which is correctly human-only.
• Did I leave any unsafe transaction? No — verified pg_stat_activity clean at entry and exit; rehearsal was rolled back; gate all_safe=true.
• Did I provide enough activation detail? Yes — doc 06 is human-executable end-to-end: decisions, preflight, commit script, certification, verify, soft-retire, hard-rollback, stop conditions, incident handling, owner table. No further agent discovery needed.

Honest caveats / residual unknowns

• The +60 figure assumes the per-registry birth triggers are included (recommended). Without them it is +57. The activation pack asserts the chosen number at commit so a mismatch stops the run.
• entity_labels (+42) is the dominant cascade; its precise per-label content was not enumerated row-by-row (only counted). The rollback path scopes it by born_at window — adequate for reversal, but a committed hard-rollback should capture the exact label ids at commit time.
• seq_meta_catalog_code value is not readable by the read-only role (permission denied); explicit CAT codes sidestep this, and the preflight recomputes max_cat_num as the safety net.
• Production review_decision internals in cutter_governance remain privilege-walled from both read and apply roles used here; the human session must supply that role.

Net assessment

Maximum lawful advance achieved: G1 is now one human Điều 32 act away from commit, with every technical ambiguity removed and every safety invariant preserved. PASS.