00 — One-Roof Governance Decision Pack — Overview & Control (2026-06-01)
00 — One-Roof Governance Decision Pack — Overview & Control
- Mission: ONE_ROOF_GOVERNANCE_DECISION_AND_DESIGN_PACK_FOR_SCALE
- Date: 2026-06-01
- Class: Supplemental architecture / design decision pack. No implementation. No canonical design patch. No law enactment.
- Mode: READ-ONLY. KB + live PG (read-only role) + source inspection only.
- Output channel: KB report docs only (this package).
- Effort: xhigh.
0.1 Versioning / patch policy (operator override — binding for this mission)
This pack obeys the no-version-bump editorial / content-only correction regime:
- Does NOT increment any law/design version number.
- Does NOT change any enacted/draft status.
- Does NOT run enactment, amendment, or approval workflows.
- Does NOT mutate
normative_registry,law_catalog,governance_docs, or any registry/version metadata. - Does NOT cascade version changes across index files.
- Does NOT create a new official law version.
Everything here is a supplemental decision/design pack that drafts proposed content for a future, separately-approved phase. Law/design clause drafts (doc 08) are draft text only — they are not enactments and must not be described as new versions. This simplification is temporary: once laws migrate into Information Units (IU) as the law substrate, full versioning/governance will be enforced.
This stance is independently corroborated by the live substrate: apr_action_types.amend_law and apr_action_types.enact_nrm both have handler_ref='unimplemented' (risk_level=high), so the approval engine itself is DB-gated against enacting law via APR today (Điều 32 §3.3/§7). Manual council ratification is the only live enactment path, and it is explicitly out of scope here.
0.2 Hard Gate 0 — pre-work confirmation (PASS)
| # | Gate | Result | Evidence |
|---|---|---|---|
| 1 | KB read access | ✅ | get_document on the GPT decision doc returned content; list_documents paginated the laws + design package. |
| 2 | Live PG read-only access | ✅ | query_pg (database directus) returned rows; role is read-only, AST-validated, READ ONLY txn, 5s timeout, hard LIMIT 500 — writes/DDL impossible. |
| 3 | No PG/Directus/Qdrant/Nuxt mutation | ✅ | Only SELECT issued; no Directus/Qdrant/Nuxt tool used. |
| 4 | No canonical design patch | ✅ | Canonical knowledge/dev/design/registries-pivot-os-agency/ docs read only; patch plan (doc 09) is a plan, not a patch. |
| 5 | No law enactment | ✅ | No normative_registry/enactment touch; law clauses are drafts (doc 08). |
| 6 | No approval creation | ✅ | No approval_requests/apr_approvals/os_proposal_approvals writes. |
| 7 | No route/UI implementation | ✅ | No Nuxt/route work. |
| 8 | Outputs are standalone KB report docs | ✅ | This package: 14 docs under …/one-roof-governance-decision-pack-2026-06-01/. |
Output package path verified empty before writing (clean slate).
0.3 Verified-fact ledger (live, directus, 2026-06-01)
All design decisions in this pack rest on the following live-verified facts. "Old reports are evidence, not authority; live verification wins" (prompt standard §4).
governance_registry — 9 rows. Columns: code, name, gov_type, gov_group, output_target, domain, primary_collection, created_by_law, health_dot, status, capability.
| code | gov_type | domain | created_by_law | status | capability |
|---|---|---|---|---|---|
| GOV-COUNCIL | council | governance | NRM-LAW-37 | active | NULL |
| GOV-SIV | system | monitoring.integrity | NRM-LAW-31 | active | NULL |
| GOV-DOT | system | monitoring.dot | NRM-LAW-35 | active | NULL |
| GOV-NRM-SYS | system | normative | NRM-LAW-38 | active | NULL |
| GOV-KG-SYS | system | kg | NRM-LAW-39 | active | NULL |
| GOV-MOW | factory/mother | assembly.workflow | NRM-LAW-07 | draft | JSON |
| GOV-MOT | factory/mother | assembly.task | NRM-LAW-07 | draft | JSON |
| GOV-MOIT | factory/mother | assembly.input | NRM-LAW-07 | draft | JSON |
| GOV-MOUT | factory/mother | assembly.output | NRM-LAW-07 | draft | JSON |
primary_collectionandhealth_dotare NULL for all 9.capability(JSONB) is populated only for the 4 draft mother factories; the 5 active system/council agencies havecapability=NULL.- GOV-SIV is a live active row (answers GPT open point #1). GOV-MOUT — the intended render/display/API owner — is still
draft(answers GPT open point #2), born under NRM-LAW-07 (Mother law), not NRM-LAW-28.
governance_relations — 8 rows. Columns: source_type, source_code, target_type, target_code, relation_type, is_contract, discovery_source, enforcement_type, enforcement_ref, status, last_verified_at. All 8 are agency → law edges (owner / approver_tbox / executor_abox), discovery_source='manual':
| owner agency | law owned |
|---|---|
| GOV-COUNCIL | NRM-LAW-37 (owner), NRM-LAW-39 (approver_tbox) |
| GOV-KG-SYS | NRM-LAW-39 (owner + executor_abox) |
| GOV-DOT | NRM-LAW-35 (owner), NRM-LAW-36 (owner) |
| GOV-NRM-SYS | NRM-LAW-38 (owner) |
| GOV-SIV | NRM-LAW-31 (owner) |
- Structural blocker: Điều 37 §5.4 CHECK forces
source_typeandtarget_type∈{law, agency}. There is no edge type that expresses agency → object (agency owns a pivot / table / route / DOT / policy as an object). Ownership is law-mediated only. - Laws with NO owner edge: NRM-LAW-28 (display), NRM-LAW-24 (label), NRM-LAW-26 (pivot), NRM-LAW-45 (queue/event) — among others. These law domains are agency-orphaned at the active-agency level. Đ28 render/display is the most acute (GOV-MOUT is its de-facto factory but is
draftand born under law-07, not law-28).
governance_audit_log — 1 row. Columns: id, relation_id, checked_at, checked_by, result, detail. Keyed to relation_id → it audits governance_relations edges only, not arbitrary governed objects. Effectively dormant.
dot_tools — 309 rows. A live scan→propose→verify pattern already exists and is reusable:
DOT-FIX-REPAIR-DETECT[A, governance.audit, audit] ↔DOT-FIX-REPAIR-PROPOSE[B, governance.approval] ↔DOT-FIX-REPAIR-VERIFY[B] (+-TESTpaired-A variants).dot-ops-silent-fail-scan[A, governance.audit] /dot-ops-silent-fail-propose[B, governance.approval].DOT-COVERAGE[A, monitoring.dot, report];DOT-TAC-ENACT-GATE[governance.approval, gate];DOT_GOV_SEED/DOT_GOV_VERIFY[governance];DOT_KG_ORPHAN[kg.quality].- None of the proposed One-Roof governance-coverage scanner DOTs exist (
dot_governance_coverage_scan,dot_governance_orphan_detect,dot_governance_gap_propose,dot_governance_assignment_apply,dot_governance_coverage_audit,dot_governance_exception_review,dot_governance_issue_routeare all ABSENT) → they are NEW (design only).
event_type_registry — 40 rows. Domains: iu (16, active), mother (9, all active=false, incl. mother.governance.blocked / mother.governance.unblocked), piece (6, active), staging (5, active), system (4: issue_opened/issue_resolved/issue_archived active, red_zone_violation inactive). No governance-coverage / governance-orphan event types exist. Đ45 §3.2 + §6.4 require register-before-emit, so any new governance-gap event is a future ratification, not an emit.
system_issues — 188,250 rows. issue_type/issue_class are free-text (no CHECK). Distinct issue_type (top): template_gap 181,378; NULL 5,001; thiếu_quan_hệ 606; silent_fail 546; collection_onboarding_gap 345; dot_bug 170; kb_pg_sync_drift 86; hc_finding_sql 72; hardcode_violation 11; thiếu_mã_định_danh 9; apr_legacy_unmapped 8; … sai_lệch_dữ_liệu 2; apr_phantom_applied 1. Reuse anchors: thiếu_quan_hệ+thiếu_mã_định_danh = orphan halves (Đ37 mồ côi); sai_lệch_dữ_liệu = drift; hardcode_violation = Đ28; collection_onboarding_gap = coverage-gap analog. No governance_orphan / local_governance_island / *_gap governance issue types exist.
Approval spine. approval_requests 211; apr_approvals 42; os_proposal_approvals 0. apr_action_types (6): add_field (medium), amend_law (unimplemented, high), create_item (low), enact_nrm (unimplemented, high), patch_ops_code (high), update_item (low). Quorum (Đ32 §4.2): high = ≥1 president + ≥2 ai_council + 0 reject; no self-approve on high-risk (Đ32 §4.3).
0.4 One-Roof verdict (headline)
The central governance roof already exists and is sufficient as a spine; the defect is incomplete coverage, not absence of governance. The correct model is federated-but-central (GPT review): distinct owners for policy (GOV-COUNCIL), health/integrity (GOV-SIV), DOT execution (GOV-DOT), and render/display (GOV-MOUT after activation), all bound to the one governance_registry + the one Điều 32 approval spine + the one Điều 31/45 issue-event substrate. No surface may mint a local owner, local approval, or local policy table.
The missing piece is a Governance Coverage Invariant and an automatic anarchy/governance-orphan detector — the governance analog of birth/orphan counting — so the system stops depending on humans or future agents remembering the one-roof rule. Registries-Pivot is the first beneficiary, but the model is system-wide and must scale to 10⁸ objects.
See doc 13 §self-review for the full verdict matrix.
0.5 Package map (read in order)
| Doc | Title | Branch | Answers |
|---|---|---|---|
| 00 | Overview & Control (this) | — | gate, ledger, policy |
| 01 | One-Roof Governance Principle | A | the principle + forbidden patterns |
| 02 | Governed Object Contract | B | what is governed + required links |
| 03 | Governance-Orphan / Anarchic Object | C | definitions + gap taxonomy + severity |
| 04 | Governance Coverage Invariant | D | the accounting identity + "covered" rules |
| 05 | Scalable Detection Architecture | E | 6-layer view/model design |
| 06 | GOV-SIV / GOV-DOT Scanner Lifecycle | F | 7 DOTs + lifecycle |
| 07 | Issue / Event / Notification Model | G | 16 issue/event types, reuse-first |
| 08 | Law / Design Clause Drafts | H | draft clauses for Đ37/31/35/24-29/26/28/45 |
| 09 | Registries-Pivot Future Design Patch Plan | I | exact future patches to real design docs |
| 10 | Future Implementation Plan | J | 9 gated phases |
| 11 | Scale Strategy | K | 10⁸-object strategy |
| 12 | Next Prompts | §15 | ≥8 paste-ready prompts |
| 13 | Self-Review | §17 | acceptance + forbidden compliance |
0.6 Forbidden compliance (pre-declared, audited in doc 13)
No PG / Directus / Qdrant / Nuxt mutation; no route change; no law enactment; no approval creation; no self-approval; no new governance owner created; no table creation; no schema change; no event/job/notification emit; no hardcode in any proposal (every literal is sourced from SSOT/registry/law); no production deployment; no canonical design doc patched. All 14 docs are standalone KB reports.
0.7 Naming-accuracy note (verified, affects doc 09)
The mission brief assumed canonical filenames that differ from live KB reality. Verified actual names under knowledge/dev/design/registries-pivot-os-agency/: 00-master-design-v0.1.md (not 00-overview-control.md); 04-dynamic-drilldown-layer-model.md ✓; 07-label-grouping-policy.md ✓; 08-pin-ghim-policy.md already exists (so a "new doc 08-pin-phantom-pivot-coverage-governance.md" would collide — doc 09 renumbers it to a NEW 14-…); 10-ui-contract-os-agency.md ✓; 12-implementation-readiness-gate.md ✓; 13-next-macro-prompts.md ✓. Doc 09 targets the real files.