12 — Law / Forbidden / Self-Review

1. Law crosswalk

Law	Where touched	Compliance
Hiến pháp	overall governance discipline	✓ measure-twice, no shortcut
Đ0-G Birth Registry	A (CR birth contract), F/G (born collections)	✓ births dress-rehearsed, none committed without Đ32
Đ7 Assembly-First	G (factory create-one/reference-many), I (ownership lattice)	✓ no double ownership
Đ28 Nuxt/template	F, K (MOUT)	✓ no UI implemented
Đ30 Reversibility	all live changes	✓ rollback for every commit
Đ31 Audit/Integrity	DOT catalog, audit fn	✓
Đ32 Approval	A, E, G	✓ no agent self-mint; cross-sign path defined
Đ35 DOT	B3 catalog row	✓ read-only DOT registered
Đ36 Collection	A, G births	✓
Đ37 Governance	F (roles), G (factory rows)	✓ no law enacted
Đ38/39 IU/KG	B (view, vocab, audit)	✓ provenance-or-quarantine respected
Đ45 Event/Queue	H (mother.* types)	✓ refs-only, draft-law respected, no delivery
layer3 / atom-law / species-taxonomy	B (vocab), A (species)	✓ deferred to atom-law for canonical vocab

2. Forbidden compliance (18/18)

#	Forbidden	Status
1	4 Mothers runtime generation	✓ none
2	Nuxt/UI implementation	✓ none
3	Directus mutation	✓ none
4	Qdrant/vector write	✓ none; vector_sync stays false
5	Unsafe P-pub block	✓ default stays warn
6	Production approval shortcut	✓ no self-mint
7	iu_enact.allow_no_review_decision=true	✓ stays false
8	iu_core.vector_sync_enabled=true	✓ stays false (never_flip intact)
9	Gate left open	✓ all_safe=true at exit; no gate opened
10	Hidden second SoT	✓ KG via read-only UNION view only
11	Law enactment	✓ none (vocab/factory/role/event all deferred)
12	Final OSS/tool selection	✓ none
13	Real event delivery	✓ none
14	Job execution	✓ none
15	Generated workflows/tasks/forms/reports	✓ none
—	Destructive ops	✓ only additive CREATE/INSERT; dress-rehearsals ROLLBACK

3. Live changes committed (complete list)

1. v_kg_edges_all — appended assertion_mode + evidence (read-only view, security_invoker).
2. fn_iu_kg_edge_audit() — read-only STABLE jsonb audit.
3. dot_iu_command_catalog +1 row dot_iu_kg_edge_audit (read/non-mutating). 52→53.

All three additive, reversible (rollback in doc 02 §1). No data-row mutation. Exit: iu=219, iu_relation=60, governance_registry=5, event_type_registry=31 — UNCHANGED. fn_iu_gate_verify_closed() all_safe=true, never_flip_intact=true.

4. Dress-rehearsed (persisted nothing, proven executable)

• A: collection_registry raw insert (soft-gate WARN) + fn_pre_birth_check exact checklist.
• G: governance_registry MOW factory row (only status CHECK blocked).
• B2: iu_relation relation_type CHECK widen to 13 values (60 rows valid).
• H: event_type_registry mother.* shape confirmed.

5. Acceptance criteria check

Criterion	Met?
Branches A–K completed or precisely deferred	✓ all 11 + 13 docs
Candidate Registry live-born OR exact authority blocker final	✓ exact 4-item blocker (meta_catalog + PREFIX-NNN + law + Đ32)
KG advances beyond prior backfill	✓ view +2 cols, audit DOT, vocab-widen rehearsed
Master Design truth patched or patch package ready	✓ doc 03 patch list
≥1 of G1/G2/G3/G4 materially advances	✓ G1, G3, G4 advanced (+G2 review-ready)
Dry assembly attempted if safe	✓ doc 09, coherent
IU pilot start package operator-ready	✓ doc 10
≥15 large prompts	✓ 15 (doc 11)
No unsafe mutation	✓

Verdict: PASS. No fatal blocker. No unsafe mutation. Hard gates protected; three gates materially advanced; KG infrastructure extended live.

6. Self-critique / residual risk

• Branch E proposal builder spec'd but the exact walled CHECK vocab for verdict/status was not read this campaign (next: P5) — builder must not be committed until that read is done.
• B2 vocab widen uses lowercase semantic names; atom-law must confirm canonical casing before commit (P2).
• G factory rows are insertable but capability matrix lacks a schema home — do not commit rows until the column/table decision is made (P7), else a half-modeled factory exists.
• universal_edges provenance posture left explicitly unchanged (deliberate, documented).