12 — Required Patches to Prior Docs (fold-backs, none applied)
12 — Required Patches to Prior Docs (fold-backs, none applied)
Package:
one-roof-axis-auth-proposal-operational-hardening-build-ready-design-2026-06-02Mode: DESIGN ONLY · READ-ONLY · NO COMMIT · NO MUTATION · no patch applied; this is the list Supersedes/extends: prior…-2026-06-01/13-design-patches-required.md.
This package hardens the prior axis/auth package and folds back into the Phase-1 implementation-index and laws/concepts. Nothing here is applied now; each patch carries its required authorization.
12.1 Patches that CARRY FORWARD from prior doc 13 (still required)
| ID | Target | Change | Auth needed |
|---|---|---|---|
| P1 | impl-index docs 88,89,95,96,100,114,124 | Redefine M-1: from "≥1 os_proposal_approvals row" → per-step valid governance_build_authorization (doc 02 §2.7) |
L2 + L4 (constitutional) |
| P2 | impl-index docs 93–99 | Insert new first build step SB-0 = governance_build_authorization + v_build_auth_valid + verifier + action-type rows (doc 03) |
L2 + L4 (with P1) |
| P3 | impl-index docs 72,95 | Reserve os_proposal_approvals for L4 only; COMMIT template M-1 line → SB-0; flag target purpose-built sovereign e-sign collection |
L2 (+ L4 to migrate) |
| P4 | impl-index doc 07-sb3, 38–44 | Add axis_registry+axis_assignment as SB-AXIS-1/2; SB-3 = "generalize envelope → projection of axis_registry" |
L2 (design accept) |
| P5 | impl-index docs 27,84 | Fix fn_auto_approve_add: auto-approve only if proposed_action_code ∈ governed allowlist AND risk_level='low', else fail-safe deny |
L1/L2 (can land early, standalone) |
| P6 | impl-index docs 31–35, 09 | Register axis issue types in the governance event domain (register-before-emit) |
L2/L3 (SB-11) |
| P7 | impl-index doc 26 (OP-B), 17 (SB-2) | Owner-per-scope must cover axes/topic | L2 |
Law/concept fold-backs (carried): L1 promote Axis Registry (M-DEF-9) to build blocker; L2 name axis_assignment in Điều 38 L3-metadata governance; L3 flag entity_relations/abbreviation_dict/disambiguation_log/entity_embeddings as decreed-but-unbuilt; L4 no change to Điều 39 law text, record KG topics stay provisional.
12.2 NEW patches this hardening adds
| ID | Target | Change | Why | Auth |
|---|---|---|---|---|
| H1 — canonical-key | prior pkg doc 04; SB-10 docs 38–44 | axis_assignment keys on entity_collection+entity_code (collection:entity_code), never canonical_address |
live: canonical_address NULL in all 1,069,055 birth rows (doc 01/05 §5.3) |
design accept |
| H2 — F-83-1 ⊇ SB-0 | impl-index doc 98; doc 03 §3.6 | The F-83-1 birth-trigger re-wire (fn_birth_registry_auto('action_code')) is a prerequisite for inserting the SB-0 action-type rows too, not just SB-1 |
the new auth/axis action-type rows hit the same argless-trigger hazard | build-time |
| H3 — view-only authz | impl-index; doc 03 §3.2/§3.4 | Add detector raw_status_authz + rule: no consumer may read governance_build_authorization.status for a COMMIT decision; all use v_build_auth_valid/verifier (INV-10) |
prevents the forged-row bypass | L2 (with SB-0) |
| H4 — NĐ-36-01 citation | prior pkg docs 04,06; laws | Verify the "NĐ-36-01" citation: state recovery found no distinct decree by that name; Điều 36 is the closest. Either correct the citation or locate the decree before any law cross-ref is written | the 3-zone/score-vs-state model is cited to NĐ-36-01 MT4 (doc 05 §5.7) | research + L2 |
| H5 — apr_action_types drift | impl-index docs 19,93; SB-1 | Record that the live apr_action_types is the implementation set (add_field/amend_law/create_item/enact_nrm/patch_ops_code/update_item); the governance set is unbuilt |
corrects stale "4 governance rows present" assumption | doc-only |
| H6 — live counts | impl-index doc96 baseline | Refresh baseline: birth_registry 1,069,055; system_issues 196,402; event_outbox 187,826; entity_labels 787,723 |
organic growth since doc96 | doc-only |
| H7 — superseded sketches | prior pkg docs 02,03,04 | Column sketches in the prior package are superseded by the build-ready specs in this package's docs 03/05 | this package is the hardening of those sketches | doc-only |
12.3 Patch ordering & application gate
- Critical path (must precede any spine build): P1 + P2 + P3 + H3 (the authorization model + SB-0 + view-only authz). These require L2 + L4.
- Early / standalone (low-risk, may land first): P5 (
fn_auto_approve_addhardening), H5/H6 (doc-only refreshes). - With detailed-design phase: P4, P6, P7, H1, H2, L1–L4, H4 (citation), H7.
- None executed now. Each patch is applied only under its stated authorization, per-step, after Class-A ratification (doc 11).
12.4 Linkage (anti-island)
This package is explicitly not an island: it hardens the prior …-2026-06-01 package (which it supersedes at the sketch level, H7) and folds back into the Phase-1 implementation-index one-roof-governance-technical-addendum-and-implementation-index-2026-06-01. doc 00 records the cross-links; doc 14 lists the macros that apply these patches.
Forbidden-compliance: design-only; no patch applied; no doc mutated except authoring this new package; read-only.