Doc 07 — Law Mapping, Forbidden Compliance & Self-Review

1. Law mapping per branch

Branch	Governing law	How honored
A pilot readiness	Đ30 reversibility, Đ31 audit/integrity, Đ32 approval	board reflects gate/audit/approval state; no claim beyond evidence
B P-pub	Đ38 (IU birth contract), Đ39 (provenance feeds KG), Đ32 (vocab+backfill+flip approval)	warn→block deferred; staged config gate; no false authority assignment (Đ31)
C review_decision	Đ32 (approval authority), Đ31 (audit), Đ30 (supersede not delete)	agent refuses to self-mint approval; production requires human/council/sovereign + cross-sign
D KG relationship	Đ39 (KG law v2.3: A8 provenance-or-quarantine, C7 explainability, C8 ACL), Đ44 (UOSL draft)	IU edges stay uuid-native; projection derived-only; no hidden SoT; vector off
E reconciliation	Đ28/35/36/37/45 (surface/DOT/collection/governance/event)	documentation-truth only
F 4 Mothers gate	Đ0-G birth, Đ7 assembly-first, Đ37 factory agency, Đ36 collection	Mothers kept blocked; human-org-role gap flagged (Đ37 has no human roles — Rev5 D-1)
G macros	all above + Hard-Gate-0	each macro locks gates/forbidden/boundary

2. Forbidden compliance checklist (mission §11)

Forbidden item	Status
No 4 Mothers implementation	✅ none
No Nuxt/UI work	✅ none
No Directus mutation	✅ none (read-only query_pg only)
No Qdrant/vector write	✅ none; vector_sync_enabled=false intact
No unsafe P-pub hard-block	✅ not applied — authority-packed
No production review_decision shortcut	✅ not built — authority-packed
No bypass of Điều 32	✅ honored
No iu_enact.allow_no_review_decision=true	✅ stays false (never_flip intact)
No iu_core.vector_sync_enabled=true	✅ stays false (never_flip intact)
No gate left open	✅ no gate opened; all_safe=true at start; zero iu_gate_transition rows
No real route delivery	✅ none
No law enactment	✅ none
No final OSS selection	✅ none
No hidden second graph SoT	✅ explicitly designed against (projection derived-only)

Mutation accounting: every DB call this run was a read-only query_pg (READ ONLY txn). Baseline counts at exit identical to Hard Gate 0 snapshot (iu=219, catalog=52, run=55, gate_transition=0, DLQ=0). Zero rows written to the live DB. All deliverables are KB documents.

3. Self-review against §14 underload rule

Question	Answer
Did I complete A–G?	✅ A PASS · B authority pack · C authority pack · D design/readiness pack · E reconciliation · F gate decision · G 6 macros
Did I decide what can start next?	✅ pilot + Candidate Registry + KG + reconciliation now (parallel); governance hardening then; Mothers last
Did I produce ≥5 macro prompts?	✅ 6
Did I map KG relationships?	✅ doc 03 (substrate, pairs, Đ39 fields, projection, 4-Mothers map)
Did I handle P-pub and production review_decision?	✅ docs 01 + 02, both safe-deferred with full packs
Did I keep 4 Mothers blocked or justify otherwise?	✅ kept blocked; blockers B1–B4 + MOW-UI B3 stated
Did I follow prompt mục tiêu mở v1.3?	✅ open-goal, owned objective, deferred unsafe branches precisely, no user question (no fatal blocker)

4. Acceptance-criteria self-check (§13)

• every branch completed or precisely deferred ✅
• IU pilot-readiness verdict explicit ✅ (LIMITED-PRODUCTION-PILOT READY)
• P-pub path safe-or-authority-packed ✅
• production review_decision safe-or-authority-packed ✅
• KG relationship path mapped ✅
• 4 Mothers gate explicit ✅
• next macro prompts usable ✅
• no unsafe mutation ✅
• no user prompt (no fatal blocker) ✅

Overall: PASS.

5. Notes / minor caveats for next runner

• cutter_governance schema is privilege-walled from the readonly role; production review_decision macro must re-introspect via workflow_admin.
• iu_relation lineage types (derived_from/supersedes/merged_from/split_from) are defined but unpopulated — they mint only on real cuts.
• universal_edges = CAT-130 (2,199 edges) is the integer-keyed system graph; do not conflate with IU edges.