11 — Phase-1 Impact & Rebuild Plan (repatched after M-1 redefinition + SB-0)

Package: one-roof-axis-auth-proposal-operational-hardening-build-ready-design-2026-06-02 Mode: DESIGN ONLY · READ-ONLY · NO COMMIT · NO MUTATION Hardens: prior …-2026-06-01/12-impact-on-phase1-build.md. Closes GPT review gap #7: "Phase-1 build plan must be repatched after M-1 redefinition and SB-0 authorization substrate are hardened."

---

11.0 Headline

Phase-1 is unblocked by a decision, not by engineering. The decision is the one-time L2 council + L4 sovereign ratification of the authorization model (redefine M-1; adopt SB-0). After that, every reversible build step is L3-authorized through SB-0 (doc 03) — no further sovereign e-sign unless a step is individually escalated. The promotion/runtime mechanism is doc 16; the readiness scoreboard is doc 13.

Live correction vs prior plan (doc 01): SB-1's "4 governance action types" are genuinely unbuilt (live apr_action_types is the implementation set, not the Phase-A governance set). birth_registry = 1,069,055. These do not change the plan's shape, only confirm the spine is greenfield.

---

11.1 Classification (five classes)

Class	Meaning	Authorization to proceed
A — Gate / critical path	the authorization-model change itself	L2 council + L4 sovereign (one-time, constitutional)
B — Substrate spine, after SB-0	empty/inactive substrate, per-step L3	per-step governance_build_authorization (L3)
C — Axis substrate, after this design accepted	the axis tables	design acceptance → per-step L3
D — Defer	needs both models + C-7 rulings + Điều 38/39 reconcile	future
R — Remove / reorder	items that moved	n/a

---

11.2 Per-component classification

Component	Class	Depends on	Live status	Risk	What to build
Authorization model change (redefine M-1; adopt L0–L4)	A	sovereign ratification	n/a	const.	docs 02/03; bootstrap (doc 02 §2.7)
SB-0 governance_build_authorization + v_build_auth_valid + verifier + action-type rows	A→B	Class A ratified	ABSENT	med	doc 03 (incl. F-83-1 re-wire for the action-type rows)
fn_auto_approve_add hardening (allowlist + fail-safe deny)	A (early)	—	DANGEROUS DEFAULT live	low	doc 12 P5 (can land early, standalone)
SB-12 governance_ruleset(draft) + reuse evolution_snapshots	B	SB-0	ABSENT	low	rehearsed-green; draft not active
SB-13 gov_worker_cursor(text watermark) + reuse queue_heartbeat	B	SB-0	ABSENT	low	L-WATERMARK (text key, not uuid/int); F-57-1 fold
SB-10 governance_candidate_state + candidate_scan_run	B	SB-0, SB-12 (FK)	ABSENT	med	decaying verdict; key collection:entity_code
SB-11 register 5 governance event types active=false	B	SB-0	ABSENT (no gov domain)	low	register-before-emit; F-57-2/3/4 folds; zero emit
SB-2 governance_responsibility_scope + governance_object_ownership + 2 views	B	SB-0, C-1	ABSENT; governance_relations=8 (keep)	med	trigger-less; partial-unique; never ALTER governance_relations
SB-1 F-83-1 fix + governance apr_action_types rows	B	SB-0, C-2	ABSENT (6 impl rows)	high	re-wire fn_birth_registry_auto('action_code') FIRST; Phase-A handler_ref='unimplemented'; action='review'
SB-AXIS-1 axis_registry	C	this pkg accepted, SB-0, SB-2	ABSENT	med	doc 05 §5.1; project facets in
SB-AXIS-2 axis_assignment	C	SB-AXIS-1	ABSENT	med	doc 05 §5.2; collection:entity_code key
SB-3 generalize iu_three_axis_envelope → projection of axis_registry	C	SB-AXIS-1	live envelope=216	med	non-breaking rebuild (doc 04 §4.8)
FAC-08 operationalization (max>0, cardinality)	C	council L2	FAC-08 max=0	low	data decision (doc 07)
T6 coverage-scanner DOTs	D	SB-10..13 built + C-7	ABSENT (dot_tools=309)	med	read/propose-only even later
T7 issue/event/notification emit	D	SB-11 built + C-7	no gov events	med	rides system_issues/event_outbox
GCOS backfill seed	D	C-7.3	—	med	dry-run only first
Topic promotion to official UI	D	axis model + C-7	—	med	doc 07 WF-2 + doc 10
KG-assisted dynamic topic	D	entity_relations (unbuilt)	—	med	needs G6 build
IU island dissolution (OP-B/SB-2 + C-4 adapter)	D	OP-B, SB-2	—	med	governed owner + central APR routing
Mutating apply DOT dot_governance_assignment_apply (G-APPLY)	D	A-9/H-1/H-2/SB-6	—	high	never build now
UI / Directus / Nuxt / Qdrant exposure	D	views + axis model	—	low-med	doc 10 view contracts first

---

11.3 Rebuild order (timeline)

PHASE 0  (decision)   Ratify authorization model  [L2 council + L4 sovereign]   ← unblocks all
PHASE 1  (substrate)  SB-0  → SB-12 → SB-13 → SB-10 → SB-11(inactive) → SB-2 → SB-1
                      (each per-step L3-authorized via SB-0; small txns; SB-12 before SB-10 FK;
                       SB-1 last by risk, with F-83-1 re-wire)
PHASE 2  (axis)       Accept docs 04/05 → SB-AXIS-1 → SB-AXIS-2 → SB-3 → FAC-08 operationalize
PHASE 3  (operate)    C-7 rulings → T6 (read/propose) → T7 (emit) → backfill seed → topic UI
                      → KG dynamic → IU island dissolution
NEVER-NOW             G-APPLY mutating apply DOT (A-9 sovereign sign-off)

fn_auto_approve_add hardening (P5) may land before Phase 0 as a standalone safety fix (it only narrows a dangerous default; reversible).

---

11.4 What changed vs the prior plan (the repatch)

• Added SB-0 as the new first substrate item (was implicit "authorization-model change"; now a named substrate with build-ready DDL, doc 03).
• Redefined M-1 from "≥1 os_proposal_approvals row" to "per-step valid governance_build_authorization" (doc 02 §2.7). Phase-1 COMMIT templates point at SB-0, not the e-sign module.
• Confirmed SB-1 unbuilt and corrected the action-type expectation (live drift, doc 01 §1.3).
• Named the axis substrate SB-AXIS-1/2 with CREATE-TABLE-level designs (docs 04/05).
• Bootstrap made explicit: SB-0 itself needs L2+L4; this is a decision dependency, not an engineering gap.

---

11.5 Build still NO-GO

All build remains NO-GO until Class A is ratified (M-1 redefined + SB-0 adopted) by L2 council + L4 sovereign, and thereafter only per-step under L3 grants. No COMMIT is authorized by this design. (Forbidden-compliance: design-only; read-only.)