03 — Governance-Orphan / Anarchic Object / Local Island (2026-06-01)
03 — Governance-Orphan / Anarchic Object / Local Island
Branch C. Supplemental decision pack. Defines the conditions the detector (doc 05/06) classifies.
3.1 Definitions
Governance-orphan (mồ côi quản trị) — a governed object (doc 02) that lacks one or more of the required central-governance links for its object class (doc 02 §2.3). It is the governance-tier analog of the birth/registry orphan (Điều 37 NV1 "không đăng ký = mồ côi"; Điều 2 §3 "không trong registry = vô hình"). The object may function, but the system cannot say who owns it, who approved it, where it is audited, or how it is rolled back.
Anarchic object (đối tượng vô chính phủ) — a high-risk governance-orphan: a governance-orphan that can alter system truth, execution, classification, display, automation, issue-routing, or cleanup without a central owner / approval / audit / rollback. Every anarchic object is a governance-orphan; not every governance-orphan is anarchic (a read-only report missing only a design_ref is an orphan but not anarchic). Anarchy = orphan-hood × capacity to change truth/authority.
Local-governance-island — a cluster of objects that defines its own owner / approval / lifecycle / rules outside the central roof: e.g. a surface that has its own "approved?" flag, its own owner constant, its own policy table with no owner_gov_code. An island is worse than a lone orphan because it manufactures orphans systematically and presents a false appearance of governance.
Governance coverage gap — the population-level measure: the set (and count, and pivot) of governance-orphans across a source or the whole system. The coverage gap is what Registries-Pivot will display (doc 09) and what the invariant (doc 04) drives to zero for production-eligible objects.
3.2 Gap-type taxonomy
Each missing link maps to a gap type. These are the proposed system_issues.issue_type / sub_class values (doc 07 finalizes reuse-vs-new):
| Gap type | Triggered when… | Maps to missing link (doc 02 §2.2) |
|---|---|---|
OWNER_GAP |
no valid owner path | owner_gov_code / relation |
CAPABILITY_GAP |
owner exists but no capability authorizes the object class | capability_code |
APPROVAL_PATH_GAP |
mutating/high-risk object with no APR authorizing it | approval_request_ref |
AUDIT_GAP |
changes are not logged anywhere central | audit_ref |
ROLLBACK_GAP |
mutating object with no reversible mechanism | rollback_ref |
DOT_AUTHORITY_GAP |
executed by code but not a registered DOT / no paired_dot |
dot_authority_ref |
ISSUE_EVENT_GAP |
produces problems but has no issue/event route | system_issue_ref / event_type_ref |
LAW_REF_GAP |
no governing law | law_ref |
DESIGN_REF_GAP |
no governing design doc | design_ref |
LOCAL_GOVERNANCE_ISLAND |
a cluster defines local owner/approval/lifecycle | (structural) |
UNRATIFIED_EXCEPTION |
a bypass exists with no approved-exception record or expired TTL | exception record |
GOVERNANCE_SCHEMA_DRIFT |
governance metadata disagrees with live reality (e.g. enacted law text ≠ live columns) | (consistency) |
3.3 Severity
Severity reuses the live system_issues.severity ladder and Điều 31 §4.5 (CRITICAL/WARNING/INFO, where INFO creates no issue). One-Roof adds a 4-level grading for routing:
| Severity | Definition | Example | Default route |
|---|---|---|---|
info |
orphan on a non-truth, non-authority object; tracking only | a read-only report missing design_ref |
log/report, no issue (Đ31 §4.5 INFO) |
warning |
orphan that could mislead but cannot change truth/authority now | a draft owner agency (GOV-MOUT draft owning render) | system_issues warning (cf. Đ37 §4.13 "0 DOT active = WARNING") |
high |
orphan on a truth/authority object (a policy/route/pivot that affects what the system asserts) | display_policy with no owner; law-28 agency-orphaned |
system_issues high + event |
critical |
anarchic: can change truth/execution/cleanup with no owner+approval+audit+rollback | a mutating DOT outside dot_tools; an un-ledgered Direct-PG DDL path |
system_issues critical + event + block production |
Severity is a function of object class × gap type, computed by the scanner — never hand-set. (Echoes Điều 31 Nguyên tắc 1 "mọi lệch đều là lỗi" graded by impact, and Nguyên tắc 2 "phát hiện trước, fix sau".)
3.4 Worked classification of the current known cases (live-verified)
| Case | Object class | Gap type(s) | Severity | Evidence |
|---|---|---|---|---|
| GOV-MOUT draft owns render/display (Đ28) | owner agency / render | OWNER_GAP (active-owner absent) + LAW_REF_GAP (born under law-07 not law-28) |
high | governance_registry.status='draft'; no governance_relations edge to NRM-LAW-28 |
| Điều 28 itself agency-orphaned | law / domain | OWNER_GAP |
high | no owner edge to NRM-LAW-28 (also 24/26/45) |
| Direct-PG read-only API adapter (RP) | direct_pg_exception / route | UNRATIFIED_EXCEPTION + APPROVAL_PATH_GAP |
critical (if it can reach DDL) / high (read-only) | live Nitro→read-only pg Pool; no approved-exception record; vps_deploy_log has no registries-pivot entry (un-ledgered) |
display_policy / registry_pin (if standalone) |
policy object | OWNER_GAP + APPROVAL_PATH_GAP + LOCAL_GOVERNANCE_ISLAND |
high | proposals exist with no owner_gov_code; would be island |
| PIVOT_MISSING (no issue/event type) | pivot / health | ISSUE_EVENT_GAP |
high | no pivot_coverage_* issue type in system_issues; event_type_registry has none |
| phantom definition | phantom_definition / law-gap | LAW_REF_GAP (LAW_DEFINITION_GAP) |
high | no phantom_count law; only apr_phantom_applied issue exists |
| Đ20/23/45 KB-only (unregistered earlier) | law/normative | GOVERNANCE_SCHEMA_DRIFT |
warning | Đ45 IS now enacted (NRM-LAW-45 present) but has no owner edge → residual OWNER_GAP |
UI count/grouping truth in health.get.ts/index.vue |
ui_display_contract | LOCAL_GOVERNANCE_ISLAND (render deciding truth) |
high | live totalGap=reduce(+Math.abs(gap)), hardcoded CAT-017 |
| mother factories own assembly families | owner agency | OWNER_GAP (draft) |
warning | GOV-MOW/MOT/MOIT/MOUT all draft |
3.5 Relationship to existing orphan concepts (reuse, do not duplicate)
One-Roof governance-orphan detection is a new lens over an existing pattern, not a new pattern. The system already has three orphan detectors that the governance detector composes with (and must not duplicate — Điều 37 §4.12 SSOT):
- Birth/registry orphan (bottom-up) — Điều 0-G / Điều 2: entity with no birth record / not in a registry. Live:
system_issues.thiếu_mã_định_danh(9) +thiếu_quan_hệ(606). - Điều 37 orphan (top-down) — an agency missing required links. Live:
DOT-GOV-LAW-HEALTHflags "luật enacted + 0 DOT active" (the luật tự kính / self-mirroring law). - KG orphan —
DOT_KG_ORPHAN(kg.quality), vector-orphan detection (Đ31 §4.3 chiều B).
Governance-orphan is the missing fourth detector: governed object (any class) missing a central governance link. It sits under GOV-SIV / Điều 31 (integrity), uses Điều 37 ownership semantics, and routes via Điều 45. It is distinct from but analogous to all three above — and explicitly scoped to truth/authority objects, so it does not re-scan the 181,378 template_gap rows that Điều 28 already owns.
Cross-refs: doc 04 (invariant), doc 05 (
v_governance_orphans), doc 07 (issue/event types per gap), doc 08 (Điều 37 / Điều 31 draft clauses that name these terms).