00 — One-Roof Governance Hardening Revision (All Domains, All Axes) — Overview & Control

Package: knowledge/dev/reports/architecture/one-roof-governance-hardening-revision-all-domains-all-axes-2026-06-01/ Date: 2026-06-01 · Class: law/design hardening REVISION (folds Tier-1 + generalizes to all domains/axes + adds IU). Not implementation, not canonical-design patch, not enactment. Read channel: KB/Agent Data + live PG read-only (directus, role context_pack_readonly). Apply channel: KB report docs only. Mutation: ZERO. No PG/Directus/Qdrant/Nuxt write; no law enactment; no version bump; no approval; no normative_registry/law_catalog touch; no route/table/UI.

---

0.1 What this package is

The prior package — one-roof-governance-clause-review-hardening-2026-06-01/ (17 docs) — adversarially hardened the Registries-Pivot-scoped One-Roof decision pack and returned NO-GO for canonical design patch until Tier-1 blockers are folded and red-team rerun. It found 6 internal contradictions, 6 mission gaps, 3 live substrate traps, and that the un-hardened pack caught only 3/24 governance attacks.

This package does four things the prior one did not:

1. Folds all Tier-1 blockers (T1-1..T1-7) into a single coherent hardened revision (doc 01) — not a list, a resolution.
2. Generalizes the model from "today's known domains" to an open-ended axis model (doc 02) so future axes/modules/object-types/registries/DOTs/documents/IU-structures are automatically pulled into coverage with no hardcoded axis array.
3. Adds Information Unit / miếng thông tin as a first-class governed domain with an open (not 3-axis) coverage model (doc 03).
4. Reconciles all relevant laws (doc 04), defines Điều 37 as the governance hub (doc 05), and reruns + expands the red-team to 44+ scenarios including IU/future-axis attacks (doc 12).

It is deliberately system-wide, per the user's stronger requirement: anything with count > 1, or anything that affects system truth, classification, counting, display, execution, automation, approval, audit, rollback, issue, notification, or interpretation, must be automatically governable under One-Roof Governance — with no hardcode and no fixed list of current axes.

0.2 Hard Gate 0 — confirmations (all PASS)

#	Gate	Result	Evidence
1	KB read access	✅	Listed 17 docs of prior hardening package; read 3 GPT inputs + prior docs 12/13/14 in full
2	Live PG read-only access	✅	current_user=context_pack_readonly, current_database=directus, date 2026-06-01
3	No PG/Directus/Qdrant/Nuxt mutation	✅	Only SELECT / information_schema reads issued; zero DDL/DML
4	No canonical law/design patch	✅	Outputs are standalone report docs in this package only
5	No law enactment	✅	All clause text is DRAFT/proposal; normative_registry untouched
6	No version bump	✅	No *_version change proposed as enacted
7	No approval creation	✅	approval_requests/os_proposal_approvals untouched (read-only counts only)
8	All outputs standalone KB report docs	✅	17 docs 00..16 in this package
9	Responsible for broad coverage, not only Registries-Pivot	✅	Branches B (open axes), C (IU), D (all laws), F (13 object classes) are system-wide

0.3 Live substrate re-verification (2026-06-01, re-run this session)

These four facts decide the GO/NO-GO. All re-confirmed live:

Fact	Query result	Bearing
Object-edge CHECK	chk_relations_target_type CHECK (target_type = ANY {law,agency})	Object/IU/route ownership edges un-expressible → T1-6/I2 trap LIVE
APR action-types	proposed_action_code ∈ {create_item, enact_nrm, patch_ops_code}; request_type_code ∈ {accuracy_drift, birth_orphan, fix_repair_dot, new_dot, reclassify, schema_add, schema_modify}	No grant_exception / assign_owner / delegate_authority / assign_axis_owner → T1-6/I1 trap LIVE
Governance events	5 rows, all event_domain='mother', all active=false: governance.blocked/unblocked, proposal.created/approved/rejected. No orphan/island/coverage/anarchy type.	H1 defect LIVE; no GOV-SIV governance/integrity domain
Governance registry	9 rows: active GOV-COUNCIL(governance), GOV-DOT(monitoring.dot), GOV-KG-SYS(kg), GOV-NRM-SYS(normative), GOV-SIV(monitoring.integrity); draft GOV-MOIT/MOT/MOUT/MOW(assembly.*)	Render owner GOV-MOUT still draft → interim Council render-delegation required; KG/NRM owners active → available for IU substrate/law ownership
Sovereign sign-off	os_proposal_approvals = 0	No human/council ratification exists → enactment/commit remain forbidden

Conclusion of §0.3: the single structural blocker (T1-6) is unchanged — object-grain ownership apply and exception-grant still cannot be expressed in the live substrate. Everything else is wording, and is folded here.

0.4 Package map

Doc	Branch	Purpose
00	—	This control doc: scope, gates, substrate facts, verdict pointer
01	A	Tier-1 blocker folding — restate / hardened wording / why-resolved / residual-substrate / acceptance test, per blocker
02	B	Open axis model — axis as a governed object; axis registry; future-axis auto-coverage; no hardcoded array
03	C	Information Unit governance coverage — IU as first-class domain; generic IU axis-registration; per-class profiles
04	D	All-laws reconciliation — keep / centralize / reference / patch / defer matrix
05	E	Điều 37 as governance hub — own vs reference vs leave-in-specialized-law; governance-hook declaration pattern
06	F	13 governed object classes + minimum coverage profiles
07	G	Ownership model hardening — one accountable owner per scope; roles; inheritance anti-hiding; orphan/double-owner
08	H	Governed exception + emergency model
09	I	Governance coverage invariant v2 (scale + inheritance + future axes)
10	J	Law-level detection obligations (no SQL)
11	K	Noise / scale control
12	L	Red-team v2 — 24 rerun + 24 new = 48 scenarios
13	M	Hardened clause revision package (consolidated draft text)
14	N	GO / NO-GO for canonical design patch
15	—	≥8 paste-ready next prompts
16	—	Self-review & acceptance

0.5 Headline verdict (full reasoning in doc 14)

CONDITIONAL GO.

• GO to patch the concept/principle-level canonical design docs — One-Roof principle, governed-object contract, governance-orphan/anarchy definition, the open-axis model, IU coverage, the coverage-invariant v2, detection obligations, the Điều 37 hub clause — provided they carry the hardened definitions (doc 13 M-DEF-1..9) and explicitly flag the substrate prerequisite.
• NO-GO (still) for the apply/remediation-binding design docs (object-grain owner-assign, exception-grant, axis-owner-assign) until the single substrate prerequisite T1-6 lands: §5.4-EXT object/axis ownership edges and the assign_governance_owner / grant_governance_exception / delegate_authority / assign_axis_owner APR action-types. Detection+gate of these conditions works today; auto-remediation does not.
• Council decision needed before IU design patch: the IU family owner_agency_code is TBD/unassigned (OP-B) — IU is currently a governance island (doc 03 §I). Assign the IU substrate owner (recommended GOV-KG-SYS, active) and the IU policy owner (GOV-COUNCIL) before the IU surfaces are design-patched.

Red-team v2 (doc 12): folded wording catches or explicitly classifies+blocks 46/48 scenarios (95.8%); the 2 not auto-remediable (#13/#14-class: object-edge apply + APR action-type) are detected and gate-blocked but remediation is inoperable until T1-6 — they block the apply design, not the concept design. Zero uncaught-and-unblocked critical scenarios.

0.6 Reading order

Read 01 → 02 → 03 for the core advances (folding, open axes, IU), then 06/07/08/09 for the operational model, 04/05 for law placement, 10/11 for detection+noise, 12 for the adversarial proof, 13 for the consolidated draft text, and 14 for the decision. Docs 15/16 are forward prompts and self-review.

Forbidden-action compliance is asserted in doc 16 §16.x and matches §0.2 above.