Doc 09 — Law / Forbidden / Self-Review

(2026-05-29)

1. Law compliance of the audit itself

Law	How this campaign complied
Hiến pháp NT3/NT11/NT13	Read-only via registered channel; relied on PG catalog auto-discovery (information_schema) over manual declaration; all findings are PG-row facts.
Đ7 Assembly First	Recommendation (Hybrid) and blueprint (Doc 06) both reuse/extend existing tables; explicitly refuse a new MOWD factory + new tables.
Đ30 / Đ31	No UI touched; audit surfaces divergence (vector PG↔Qdrant) as an Đ31-style "every divergence is an error" finding rather than silently passing it.
Đ32	No approvals minted; all proposed mutations (M1–M4) routed through APR in the macros; no self-approval.
Đ35	Identified the IU-DOT-vs-dot_tools integration gap and the missing Tier-A pairs; proposed registration/ratification via APR, not unilateral.
Đ36	Soft-delete/lifecycle respected; blueprint uses born→active→deprecated→retired.
Đ37	Honoured no-double-ownership (§4.12) and one-primary-per-domain (§4.8) as the decisive reason against MOWD-as-Mother.
Đ38/39	Vector law "1 IU = ≥1 point, no mix" verified; provenance-or-quarantine reflected in dot_iu_relation_assert proposal; KG writes proposal-only.
Đ45	No event delivery / job execution; queue=signal-not-data and executor-boundary respected; DLQ-replay DOT proposed to honor queue.dlq.replay_enabled.

2. Forbidden-list compliance

Forbidden	Status
4 Mothers runtime	✅ none
UI / Nuxt implementation	✅ none (Doc 07 design-only; UI deferred to M5)
Directus mutation	✅ none
Qdrant / vector write	✅ none (read-only registry introspection only)
Production data mutation	✅ none — entry==exit snapshot (iu 219, rel 60, kg 2259, sql_link 3, split 1, merge 0, evt 40, cat 53, run 55)
Law enactment	✅ none
Hidden second SoT	✅ none (KB docs are reports, not a data SoT)
Raw table creation for MOWD	✅ none (Doc 06 is paper-only, no DDL)
Self-approval	✅ none
Gate left open	✅ none opened; all_safe=true at start and unchanged
Event delivery / job execution	✅ none

3. Acceptance-criteria check

Criterion	Met?
design-vs-live matrix complete	✅ Doc 01 (20 rows, all required capabilities)
vector boundary checked	✅ Doc 02 (PARTIAL-PASS with proofs + gaps)
DOT completeness matrix complete	✅ Doc 03 (22 ops + score + pack)
MOWD question has a recommendation	✅ Doc 05 (Hybrid, with exit clause)
workflow design blueprint proposed	✅ Doc 06 (design-only, no DDL)
next macros actionable	✅ Doc 08 (5 paste-ready)
no unsafe mutation	✅ zero mutation, verified

Verdict: PASS.

4. Self-review — limitations & honesty notes

1. Vector point-count is unverifiable from context_pack_readonly. I could not query Qdrant directly (no MCP Qdrant tool); the 149-vs-"0 points" divergence is reported as an open reconcile gap, not resolved. M3 needs a Qdrant read path.
2. iu_nontest exact count not isolated — information_unit has no local_id column under this role's view; I report total 219 (matches prior baseline) rather than a test/nontest split.
3. G1 "closed live" rests on prior evidence (d/e/f rd_bound=true), not re-executed this session — re-run lives in M1.
4. Đ35-integration is an interpretation call. Whether IU DOTs must live in dot_tools vs a ratified sub-registry is a Council decision; I flagged it MED, not a hard bug.
5. Design docs are DRAFT (2026-05-27) and lag live state; several "gaps" are doc-staleness, not live defects — I labelled these DOC-STALE rather than GAP.
6. One genuine open bug: G2 autowire (Doc 01 A3), confirmed live (cut_fns_calling_materialize=0). This is the highest-confidence actionable finding.

5. Evidence reproducibility

All live facts in this package are reproducible read-only via query_pg on directus (queries embedded in Docs 02/03). Environment: contabo VPS / container postgres / PG 16.13 / role context_pack_readonly. Snapshot timestamp band: 2026-05-29T09:27Z.