Incomex AI Portal
KB-6AA7

14 — GO / NO-GO for Canonical Design Patch (Branch N) (2026-06-01)

10 min read Revision 1
one-roof-governancehardening-revisionbranch-ngo-no-goconditional-gocanonical-design-patcht1-6-prerequisiteop-bsuccess-target-answers2026-06-01

14 — GO / NO-GO for Canonical Design Patch (Branch N)

The decision. Whether the hardened model is strong enough to patch canonical design docs (not law — law enactment is a separate human-ratification phase). Verdict, scope of what may/may not be patched, exact remaining blockers, and the answers to the mission's 12 success-target questions.

14.1 Verdict: CONDITIONAL GO

Track Decision
Concept / principle-level canonical design docs GO — patch now, carrying doc 13's hardened definitions
Apply / remediation-binding canonical design docs NO-GO — wait for the single substrate prerequisite T1-6
IU surface/binding design docs NO-GO until OP-B — IU owner assignment + review_decision exception ruling first

Rationale: the hardened model is structurally complete, live-anchored, reuse-first, non-islanding, and now system-wide + future-axis-open. Red-team v2 (doc 12) shows 100% of 48 scenarios caught-or-classified, zero uncaught critical, 91.7% auto-remediable. The only thing not ready is auto-remediation of object/axis-grain ownership, which depends on one substrate delta (T1-6) — and that gap is detected and gate-blocked today, so patching the concept docs propagates a correct model, not a defective one. The prior package's NO-GO ("don't patch on top of 3 contradictions + an inoperable remediation path") is satisfied: the contradictions are folded (doc 01), and the inoperable path is reclassified to an explicit, blocked-not-silent prerequisite.

14.2 What may be patched now (GO scope)

These concept docs may be patched provided each carries doc 13's M-DEF-1..9 and explicitly flags T1-6 as a substrate prerequisite gating the apply surfaces:

  1. One-Roof Governance principle statement (the central design doc) — §4.15c + M-DEF-1.
  2. Governed-object contract — M-DEF-1/2 + the 13 classes (doc 06).
  3. Governance-orphan / anarchy definition — M-DEF-5 + §4.15b.
  4. Open-axis model + Axis Registry — M-DEF-8/9 + §4.15-quater (doc 02). New in this revision; this is the generalization the user required.
  5. IU governance-coverage concept — doc 03 §3.2–§3.4 (the generic axis model + per-class profiles + non-exemptable invariants), excluding owner-binding (OP-B).
  6. Coverage invariant v2 — M-DEF-7 + doc 09 (formulas + acceptance tests).
  7. Detection-obligations doc — doc 10 (law-level, no SQL).
  8. Noise/scale-control doc — doc 11.
  9. Điều 37 hub model + §0-GOV hook pattern — doc 05 (design-doc form of the hub).
  10. The 14-governance-coverage… Registries-Pivot design doc + the One-Roof statement in the RP design package (the prior package's P-09.1/P-09.4 concept docs), now carrying the hardened + generalized definitions.

14.3 What may NOT be patched yet (NO-GO scope) + exact blockers

Blocker What it blocks Why Clears when
T1-6a — APR action-types (assign_governance_owner, grant_governance_exception, delegate_authority, assign_axis_owner) absent live (proposed_action_code ∈ {create_item, enact_nrm, patch_ops_code}) owner-assign / exception-grant / axis-owner PROPOSE design (Đ32/Đ35 apply binding) PROPOSE returns proposal_blocked (red-team #13/#36) the 4 action-types are added (council-approved, with handlers/council-review per OQ-C7)
T1-6b — object/axis ownership edge un-expressible (chk_relations_target_type ∈ {law,agency}) object-grain & axis-grain APPLY design (the §5.4-EXT-dependent surfaces) APPLY returns apply_blocked: object_edge_unexpressible (red-team #14/#45) §5.4-EXT lands (new governance_object_ownership table preferred, OQ-B7/I2)
OP-B — IU owner unassigned (information_unit family owner_agency_code=TBD) IU owner-binding + IU surface design docs every IU object is owner_gap by construction (red-team #39) council assigns IU owners per doc 03 §3.5 + rules on review_decision exception (OQ-IU-OWNER)
Sovereign sign-off absent (os_proposal_approvals = 0) any enactment of the hardened clauses into law no human/council ratification exists a separate human-ratification phase (out of scope for design patch)
Doc-drift (OQ-J10) — Đ45 ban_hanh=false leftover; Đ36 v4.0/v5.0 ambiguity; enacted Đ37 v3.3 vs live columns clean law patch authoritative status ambiguous GOV-NRM-SYS resolves content-only before any law patch (doc 15 prompt 6)

Note: T1-6a and T1-6b are the same prerequisite (the remediation substrate). They are design/prep items — they do not need to be built in the next macro; the next macro is the concept-doc patch, which can proceed because detection+gate work without them.

14.4 PASS-condition check (mission §21)

# Criterion Status
1 Tier-1 blockers folded ✅ (doc 01: 6/7 by wording, T1-6 reclassified to prerequisite)
2 IU explicitly covered as first-class governed domain ✅ (doc 03, 17 classes + generic axis model)
3 Future axes covered without hardcode ✅ (doc 02 open-axis model + M-DEF-8/9; §2.10 no-array statement)
4 All relevant laws reconciled ✅ (doc 04 keep/centralize/reference/patch/defer matrix, 20+ laws)
5 Điều 37 hub model defined ✅ (doc 05 own/reference/hook + §0-GOV)
6 Governed object classes + min coverage profiles defined ✅ (doc 06, 13 classes)
7 Accountable/support ownership hardened ✅ (doc 07, 7 roles, owner-link-only inheritance)
8 Exception/emergency hardened ✅ (doc 08, 11-field + emergency lane)
9 Invariant v2 handles scale + inheritance ✅ (doc 09, grain + anti-hiding + 9 acceptance tests)
10 Detection obligations at law level ✅ (doc 10, 12+2 obligations, 6 layers)
11 Noise/scale controls exist ✅ (doc 11)
12 Red-team v2 ≥ 44 scenarios ✅ (doc 12, 48; 100% caught-or-classified)
13 Hardened clause revision package exists ✅ (doc 13, M-DEF-1..9 + Đ37 clauses + §0-GOV)
14 GO/NO-GO explicit ✅ (this doc)
15 No unsafe mutation ✅ (doc 00 §0.2; doc 16)

All 15 PASS conditions met → PASS (with CONDITIONAL GO as the decision content, which is itself a valid PASS outcome — the mission asks for an explicit verdict, not necessarily an unconditional GO).

14.5 Answers to the 12 success-target questions (mission §3)

  1. What is under One-Roof Governance? Every object passing the shared-truth/authority test (M-DEF-1), classified into one of 13 coverage profiles (doc 06), incl. all axes (M-DEF-8) and IU (doc 03).
  2. What is not? Class 0 — single-user/session/agent-private, RO against shared truth, no approval/exec power; the Class-0 list is COUNCIL-owned (M-DEF-1).
  3. How do we know? The shared-truth predicate decides membership; the coverage invariant (doc 09) computes covered/orphan/exception/retired/stale; inventory reconciliation (doc 10) catches anything unclassified.
  4. How is a new domain/axis/object type auto-pulled in? Three ways: §0-GOV hook at law/design review (Đ20); inventory reconciliation at ship (inventory_gap); birth precedence at create (Đ0-G). No memory required (doc 05 §5.6).
  5. How is "vô chính phủ" detected? governance_orphan/anarchic (M-DEF-5) + axis_unregistered + island_detected + inventory_gap, fired like birth-orphans, as first-class system-integrity conditions (doc 10).
  6. How do we avoid hardcoding current domains/axes? Axes are governed objects in a data-driven Axis Registry (M-DEF-9); no axis array exists in law/code/UI (Constitution NT4; doc 02 §2.10).
  7. How do we prevent local governance islands? §4.15c (object + law level) + island detection + §0-GOV hook (a law without it is a law-level island) + the "valid owner path" exclusions (doc 05/13).
  8. How do we avoid alert noise at scale? Grain aggregation, coalesce dedup, summary/detail/drilldown, no-per-row-for-inherited, emit ceiling, disclosed sampling, stale-fails-closed (doc 11).
  9. How do we handle exceptions? 11-field governed exceptions with mandatory replacement_plan, TTL, fingerprint, max-2-renewals, non-exemptable floors, emergency lane (doc 08).
  10. How do IU/miếng thông tin and all future IU axes fit? IU is a first-class domain (doc 03) with a generic axis-registration model (not the 3 axes); future IU axes are Axis-Registry rows; the IU island is remediated by owner assignment (OP-B) + DOT registration + approval/audit/event wiring.
  11. How does it interact with birth/registry/collection/pivot/DOT/label/event/approval/audit/rollback/display/API laws? Doc 04 keep/centralize/reference/patch/defer matrix; Đ37 owns definitions, specialized laws own mechanisms and declare §0-GOV hooks.
  12. Is the model strong enough to patch canonical design docs? Yes for concept docs; not yet for apply/remediation docs (T1-6) or IU surface docs (OP-B). This is the CONDITIONAL GO.

14.6 The single sentence

Patch the concept-level canonical design docs now (One-Roof principle, governed-object contract, anarchy definition, open-axis model + Axis Registry, IU coverage concept, invariant v2, detection obligations, Điều 37 hub) carrying doc 13's definitions; defer the apply/remediation-binding docs until the one substrate delta (object/axis ownership edges + the four APR action-types) lands, and defer IU surface docs until the council assigns the IU owner.

Branch-N verdict

CONDITIONAL GO with an exact, short blocker list (T1-6 substrate delta; OP-B IU owner; sovereign sign-off for enactment; doc-drift cleanup for clean law patch). The concept design patch may proceed immediately; the apply design and IU surface design wait on two named council/substrate items. All 15 PASS conditions met.

Back to Knowledge Hub knowledge/dev/reports/architecture/one-roof-governance-hardening-revision-all-domains-all-axes-2026-06-01/14-go-no-go-for-canonical-design-patch.md