MOWD Phase 1 — Law / Forbidden Compliance / Self-Review (Branch L)
Doc 12 — Law Mapping / Forbidden Compliance / Self-Review
1. Law mapping
| Law | How this campaign honors it |
|---|---|
| Hiến pháp | IU-centered; no second SoT; governance via existing spine. |
| Điều 7 (Assembly First) | MOW remains owner; capability matrix (can_create:[workflows], must_not_own:[…]) unchanged; no new ownership. |
| Điều 28 (Nuxt/template) | UI delivered as data contract only; no Nuxt implementation. |
| Điều 30 (rollback/reversibility) | Every step has reversal; FKs NOT VALID→VALIDATE later; forward-only soft-retire preferred; rollback DOT = version-pin. |
| Điều 31 (audit/integrity) | All mutating DOTs audited (actor/before/after/_dot_origin); validation harness; integrity owner GOV-SIV. |
| Điều 32 (approval) | No commit without recorded approval + ≥2 cross-sign; agent self-approval forbidden; exact wording provided. |
| Điều 35 (DOT) | DOT family classified read/mutate, reversible, target_functions, paired-test requirement for mutating set. |
| Điều 36 (collection) | No new collections committed; Phase 2 tables via birth contract. |
| Điều 37 (governance/factory) | Owner = GOV-MOW factory row; activation = GOV-COUNCIL; no GOV-MOWD. |
| Điều 38/39 (IU/KG/vector) | Design bodies → information_unit (uuid refs); no vector write (never_flip closed). |
| Điều 45 (event/queue) | Event refs map to event_type_registry; emission/job/DLQ gates stay false; no execution. |
2. Forbidden compliance (mission §15)
| Forbidden | Status |
|---|---|
| Committed DDL / schema change / table creation | ✅ none — rehearsal only (BEGIN..ROLLBACK ×2) |
| Directus mutation | ✅ none (read-only MCP) |
| Qdrant/vector write | ✅ none (vector_sync never_flip = false) |
| UI/Nuxt implementation | ✅ none (contract only) |
| 4 Mothers runtime | ✅ none |
| Law enactment | ✅ none |
| Self-approval | ✅ none (packet only; no apr_approvals written) |
| Event delivery / job execution | ✅ none (gates closed) |
| Hidden second SoT | ✅ none (pointers + projections only) |
| MOWD as fifth Mother | ✅ none (owner stays GOV-MOW) |
| Long inline text where IU ref applies | ✅ migration plan moves bodies to IU; 0 long-text live |
| Open idle transaction | ✅ idle-in-tx = 0 entry and exit |
| Client-timeout-kill | ✅ server-side timeouts only |
3. Mutation ledger
| Action | Channel | Net effect |
|---|---|---|
| Gate 0 + fact-gathering | query_pg (read-only) | none |
| Additive EXTEND rehearsal | ssh→workflow_admin, BEGIN..ROLLBACK | none (17/20/8 → 25/27/9 → 17/20/8) |
| Read DOT registration rehearsal | ssh→workflow_admin, BEGIN..ROLLBACK | none (cat 54→60→54) |
| Validation harness §1/§6 | query_pg (read-only) | none |
| 13 KB docs | KB upload | docs only |
Exit == entry: all_safe/never_flip/gov_closed = true; idle_tx 0; wf 2 / steps 70 / rel 80 / cat 54 / IU 219 / gov 9 / wf cols 17 / step cols 20. ZERO net mutation.
4. Self-review (what's strong / what's deferred / honest gaps)
Strong: keystone EXTEND re-rehearsed GREEN this session (independent of prior campaign); FK target types verified before authoring; validation baseline run live and clean; owner/approval spine confirmed against live rows; commit + rollback packs are rehearsal-identical and human-executable.
Deferred (correctly, not gaps): mutating DOT fn implementation + paired tests; actual IU minting; UI implementation; VALIDATE constraints; Phase 2 tables (trigger_design/assignee_policy/hierarchy/scanner).
Honest gaps / cautions:
- The 2 views use correlated subqueries — fine for 2 workflows, must switch to the pre-aggregated join (doc 04 §A) before UI scale. Flagged, not yet implemented.
dot_reftest_passed (C5b) depends on a DOT test-status source not yet wired into the catalog (catalog has no test column); Điều-35 paired-test linkage is a build task (prompt 31), not yet satisfiable by a single SQL check.- The design-bind gate is described as a "design-scoped capability check" rather than reusing the live
iu_core.structure_ops_enabledgate (which governs IU runtime). This distinction must be made concrete when mutating DOTs are built (prompt 4/9) — currently a design intent, not enforced code. step_version/active_design_versionsemantics are specified but the version-store mechanics (where prior versions live) reuse IU versioning — to be proven in the pilot (prompt 16/28).
5. Acceptance verdict
PASS. Ratification packet executable; commit pack human-executable; DOT family fully specified (read subset rehearsed); UI contracts concrete; 70-step migration actionable; validation harness defined + run; runtime boundary explicit; pilot ready; 32 prompts (≥30); zero unsafe mutation. Single standing blocker to commit is the human Điều 32 approval — by design, not a failure.
6. Next macro
MOWD_PHASE1_HUMAN_RATIFY_THEN_ADDITIVE_EXTEND_COMMIT_OFFPEAK → register read DOTs → stand up Surfaces 1/2 → pilot WF-001 → governance drill → VALIDATE FKs → WF-002 migration → Phase 1 acceptance.