10 — Future Implementation Plan

Branch J. Plan only — no implementation in this mission. Each phase is gated; nothing executes until the prior gate passes. Aligns with Điều 20 (design→review→execution) and the prompt standard's Survey→Design→Implementation ladder.

10.1 Phase overview

P1 Council review of this decision pack          (no mutation)
P2 Canonical RP design-doc patch                 (KB content-only, no version bump)
P3 Law/design clause ratification                (manual council; APR amend_law is unimplemented)
P4 Governance-coverage PG view rehearsal         (BEGIN..ROLLBACK, zero net mutation)
P5 Governance scanner DOT design + rehearsal     (dot_tools design, paired)
P6 Issue/event type registration                 (event_type_registry, register-before-emit)
P7 Registries-Pivot integration                  (render L5 coverage summary)
P8 No-hardcode / no-local-governance CI           (gate enforcement)
P9 Production acceptance                          (GOVERNANCE_COVERAGE_PASS)

10.2 Per-phase contract

P1 — Council review of the One-Roof decision pack

• Prerequisite: this pack (docs 00–13) uploaded.
• Owner: GOV-COUNCIL (+ GPT/Gemini council per Điều 20 review).
• Approval: review verdict (not a mutation approval).
• Outputs: accept/revise verdict; chosen ownership model (federated-but-central expected); decision on the deferred §5.4-EXT object-edge structural change.
• Rollback: n/a (review).
• Acceptance: council records GO/REVISE on each branch; open points (GOV-MOUT activation, Direct-PG ratification) assigned owners.

P2 — Canonical RP design-doc patch

• Prerequisite: P1 GO.
• Owner: design author (claude) under GOV-COUNCIL.
• Approval: content-only editorial; no version bump (operator policy).
• Outputs: the 7 patches in doc 09 (incl. new 14-…), each a no-version-bump editorial patch.
• Rollback: KB doc revision history (each patch is one revision; revert = restore prior revision).
• Acceptance: all 7 docs carry the One-Roof section; list/read verifies content; no version/status field changed.

P3 — Law/design clause ratification

• Prerequisite: P2 done.
• Owner: GOV-COUNCIL; human president for high-risk (Điều 32 §4.2 quorum: president + 2 ai_council).
• Approval: manual council ratification — NOT via APR (the engine blocks amend_law/enact_nrm, handler_ref='unimplemented'). This is the explicit boundary: law text changes happen in a separate, human-driven enactment phase, possibly after laws migrate to Information Units.
• Outputs: ratified Điều 37 §4.15–4.18, Điều 31 §4.3-Loại6/§4.6/§4.8, Điều 35 §6.2-bis, Điều 24/29/26/28/45 notes (doc 08).
• Rollback: clause is draft until ratified; no rollback needed pre-ratification.
• Acceptance: council minute in governance_audit_log; clauses move from "draft in pack" to enacted only by the human enactment process (out of scope here).

P4 — Governance-coverage PG view rehearsal

• Prerequisite: P3 (or P3 conditional GO for design-only rehearsal).
• Owner: GOV-SIV.
• Approval: read-only rehearsal needs none; the BEGIN..ROLLBACK harness proves zero net mutation.
• Outputs: v_governed_object_candidates, v_governance_coverage, v_governance_orphans, v_governance_coverage_summary rehearsed under BEGIN; … ROLLBACK; (the proven RP pattern: ssh contabo → docker exec postgres psql -U workflow_admin, ON_ERROR_STOP=1, lock/statement/idle timeouts), reporting the live coverage baseline (doc 04 §4.7).
• Rollback: transaction rollback (nothing committed); confirm 0 leftover objects, 0 idle_tx.
• Acceptance: invariant closes exactly per scope; scalar-subquery resolution (no fan-out); coverage baseline reported honestly (expected: non-zero truth-class orphans).

P5 — Governance scanner DOT design + rehearsal

• Prerequisite: P4 views validated.
• Owner: GOV-DOT (execution) + GOV-SIV (function).
• Approval: DOT registration = APR; tier-B DOTs need paired_dot (Điều 35 §3, PG-enforced).
• Outputs: the 7 DOTs (doc 06) designed + rehearsed read-only; seeded-orphan test proves the detector is not blind.
• Rollback: DOTs registered is_active=false first / off-peak; un-register = delete the dot_tools row (no data effect while inactive).
• Acceptance: DETECT finds a seeded synthetic orphan; PROPOSE writes only approval_requests; APPLY blocked without quorum; AUDIT watches SCAN (WATCHDOG).

P6 — Issue/event type registration

• Prerequisite: P5; Điều 45 §3.2 ratification path.
• Owner: GOV-SIV (issues) + Đ45 substrate owner (events).
• Approval: register-before-emit ratification (Điều 35-style) per event type.
• Outputs: ~10 event_type_registry rows (doc 07 §7.2) registered; mother.governance.* dormant types activated/generalized; governance issue_type values documented (free-text, no schema change).
• Rollback: set event_type_registry.active=false; no emit occurred.
• Acceptance: every governance event type exists in the registry before any emit; safe_payload CHECK validated; no telemetry-as-event.

P7 — Registries-Pivot integration

• Prerequisite: P4 (views) + P6 (types) + RP design patched (P2).
• Owner: GOV-MOUT (render) — requires GOV-MOUT activation (P3 dependency) + GOV-SIV (data).
• Approval: route/UI change per Điều 20 Tier 2 + the live RP approval reality (human RG approval; recall os_proposal_approvals=0 ⇒ commit needs real sign-off).
• Outputs: RP renders v_governance_coverage_summary via a registered design_template; coverage tiles = pivot-backed dimensions; Direct-PG adapter recorded as approved exception + ledgered in vps_deploy_log.
• Rollback: RP rollback script pattern (prior ROLLBACK-registries-pivot-*.sh); template status flip; view drop.
• Acceptance: Test-4 (100% Nuxt=PG) passes for coverage tiles; no frontend governance math; the retired anti-patterns (totalGap reduce, CAT-017) gone.

P8 — No-hardcode / no-local-governance CI

• Prerequisite: P7.
• Owner: GOV-SIV (integrity) + Điều 30 regression framework.
• Approval: CI contract registration.
• Outputs: CI checks for F-ISLAND-1…9 (doc 01 §1.7): no local owner constant, no local approval flag, no policy table without owner_gov_code, no mutating DOT without paired_dot, no unregistered event_type emit, no UI governance math, no uncovered production object. Reuse the live no-hardcode scanner (hc_finding_* issue types) + Điều 28 coverage scanner.
• Rollback: CI is additive (gates, not mutations); disable a check = config flip.
• Acceptance: CI fails a planted local-island violation; hardcode_violation/island findings route to system_issues.

P9 — Production acceptance

• Prerequisite: P1–P8.
• Owner: GOV-COUNCIL + president.
• Approval: Điều 32 high quorum + RG human approval.
• Outputs: GOVERNANCE_COVERAGE_PASS(RP) = true (truth-class orphans = 0 or approved-exception); coverage scanner live + audited; RP coverage screen in production.
• Rollback: full RP rollback script; scanner DOTs → inactive; revert to pre-integration template.
• Acceptance: evidence-based pass (no blind PASS): scanner output + exception ledger + CI green + Test-4 green, all as artifacts.

10.3 Critical-path dependencies & blockers

• GOV-MOUT activation (draft→active) blocks P7 render ownership. High-risk Điều 32 approval (out of scope here).
• Law ratification (P3) is human-driven and cannot use APR (engine block) — the single longest-lead item.
• os_proposal_approvals=0 means any commit in P7/P9 needs genuine sovereign sign-off (the recurring RP NO_APPROVAL_FOUND → COMMIT_FORBIDDEN reality).
• Deferred §5.4-EXT (object-ownership edges) is a Tier-3 structural change; until then ownership resolves via law_jurisdiction + inheritance — this works for P4–P9 but is the eventual scale-clean solution.

Cross-refs: doc 04 §4.6 (gate), doc 06 (DOTs), doc 11 (scale at P4/P7), doc 12 (prompts per phase).