05 — IU & Open-Axis Final Hardening (Branch E)

Re-evaluates IU coverage with new live evidence and produces final wording. The central new finding: the live IU substrate physically hardcodes exactly three axes, so the open-axis model is correct in concept but contradicted at the IU substrate today — a blocker (SB-AXIS-ENVELOPE) that must be named, not papered over.

5.1 Live IU evidence (re-verified read-only, 2026-06-01)

Fact	Value	Consequence
`information_unit`	219 (146 enacted + 41 draft `law_unit`, 32 `design_doc_section`)	IU currently models law clauses + design sections. Only 2 of 9 seed `unit_kind` values are live.
`owner_ref`	populated on all 219, but free-text (`agent:p3d1`, `incomex_council`, macro names)	NOT an agency FK → not a governance owner. OP-B confirmed: no `governance_registry` row owns IU.
`conformance_status`	`open` for all 219	IU's own conformance gate never closes → IU governance coverage is unverified by its own machinery.
`iu_three_axis_envelope`	216 rows; columns `axis_a_doc_code/_sort_order/_section_code`, `axis_b_tags/_tags_by_source`, `axis_c_parent_id/_depth/_ancestors`	Exactly 3 axes hardcoded in DDL. A 4th axis ⇒ `ALTER TABLE`. SB-AXIS-ENVELOPE.
`axis_b` namespaces (live)	`unit_kind`(216), `legal_document`(127), `section_type`(127), `topic`(16), `legal_domain`(16)	Axis B is already an open 5-namespace tag-bag — and none is in any Axis Registry (all `axis_unregistered`).
`iu_relation`	60, all `relation_type='contains'`	IU KG is a thin containment tree; semantic/cross edges absent; edge-write DOT missing.
`dot_iu_command_catalog`	54 standalone (`command_name, category, mutating, reversible, target_functions`) — NOT in `dot_tools`(309)	IU DOT island parallel to the Đ35 SSOT (red-team #29).
`iu_vector_sync_point` / `iu_qdrant_collection_registry` / `iu_sql_link` / `iu_structure_operation`	152 / 1 / 3 / 72	vector/sql/structure machinery live but island-bound.
`NRM-LAW-44` (Đ44 UOSL)	DRAFT v0.1.2, NOT in `normative_registry`	IU's governing law un-enacted/unregistered (L-2). IU is a family under Đ38 (enacted), extended by Đ44/0-B/24/29/39/34/35/37.
`approval_requests` referencing IU	0	IU mutations never route through Đ32 (island).

Conclusion: IU runs a rich internal governance microcosm (gates, command catalog, command-run audit, review_decision_id, fail-closed logging) but is structurally disconnected from the central spine on every scope: owner (no agency), DOT authority (parallel catalog), approval (0 rows), audit (IU-private), issue/event (gated off, not wired in). This is the canonical local-governance island.

5.2 Final IU governance wording (concept — patchable now, excluding owner-binding)

IU-GOV-1 (first-class governed domain). The Information Unit (miếng thông tin) is a first-class governed domain. Every IU class maps to a coverage profile + an accountable owner per scope; IU reuses the central spine (one governance_registry, one Đ32 approval, one Đ31/45 issue-event substrate, one Đ35 DOT SSOT). IU may not maintain a local governance island — its parallel command catalog, internal approval, and private audit must be bound to the central spine (registered as DOTs, routed through Đ32 or a governed exception, wired into the central detector).

IU-GOV-2 (the current 3 axes are examples, not the universe). The headline "three-axis" envelope (A = source/origin/order; B = specialty/domain tags; C = parent-child-grandchild containment) is a denormalized projection, not the axis universe. Live/implied IU axes are ≥9 (A, B, C, composition/species, relation/KG, label/taxonomy, vector/index, lifecycle/version, workflow). No IU axis list is enumerated in law, design, or runtime. Each IU axis is an Axis Registry row with axis family = iu. Named future axis candidates already exist (policy_clause, evidence_unit, risk_signal, customer_instruction) — each will be a new row, not a law edit.

IU-GOV-3 (structure operations are governed). IU cut / split / merge / compose / reconstruct are governed operations (DOT profile, owner GOV-DOT): each must be a registered DOT with paired audit, route through Đ32 (or a governed exception), and emit a registered event. The live iu_structure_operation (72) + dot_iu_command_catalog (54) are the island form; the binding wires them to dot_tools + Đ45 events.

IU-GOV-4 (every IU surface is covered). IU relation/KG edges (Đ39), SQL links (Đ8), vector/index (GOV-KG-SYS/SIV), event/trigger routes (Đ45), DOT commands (Đ35), and API/UI surfaces (Đ28/GOV-MOUT) are each governed objects under the matching profile — none may be an un-owned seam.

IU-GOV-5 (non-exemptable IU invariants). No exception may waive these (M-DEF-6 floors):

Reconstruction integrity: fn_iu_reconstruct_source(doc_code) returns every source position 1..N exactly once (contiguous + unique; sort_order strictly monotonic; gap_before_count = 0); fingerprint md5(string_agg(canonical_address||':'||content_hash, '|' ORDER BY source_position)) recomputable, changes iff body/order changes. (Proven live: DIEU-37 17 pieces, DIEU-35 36 pieces, 0 gaps.)
Relation integrity: every edge owned; edge writes only via a DOT (KG proposes, never auto-mutates — Đ39 A8); orphan/contradictory edge = issue.
Vector/index consistency: one vector/chunk = exactly one IU, never straddling a boundary (mission no_cross_IU_vector); each chunk carries unit_id+parent_piece_id; drift = content_digest ≠ indexed_digest.
Governance coverage: each IU object resolves its profile-mandatory links; conformance_status must be closed by GOV-SIV, not left open.

5.3 Open-axis final wording (system-wide, M-DEF-8/9 confirmed + SB-3)

AXIS-1 (M-DEF-8). An axis is any dimension along which objects are classified / counted / grouped / pivoted / ordered / related / displayed. An axis is distinct from the objects it organizes and is itself a governed object (profile AXIS, frozen Class 3). Membership = the shared-truth test applied to changing the axis's definition/vocabulary/grouping.

AXIS-2 (M-DEF-9). The Axis Registry is a governed registry (Class 2) enumerating every active axis by its nine attributes: (1) axis code, (2) axis family, (3) owner per scope, (4) scope, (5) source registry (vocabulary home), (6) grouping policy (ceilings/pin/threshold), (7) coverage rule, (8) issue path, (9) lifecycle. A future axis = a new row (data). Its own absence is the first inventory_gap (critical). No fixed axis array anywhere.

SB-3 (SB-AXIS-ENVELOPE) — the substrate caveat that makes the model honest. The live iu_three_axis_envelope hardcodes 3 axes; to honor "no fixed axis array" at the IU substrate, the envelope must be re-cast as a hot-cache projection of the Axis Registry, with a generic axis-value store behind it:

Axis Registry = ground truth (the list of axes is data).
Optional iu_three_axis_envelope (or iu_axis_envelope) = a denormalized hot-path projection of the first-N axes for query speed.
Generic store iu_axis_value(unit_id, axis_code → axis_registry, value/json, ...) = where every axis (incl. the 4th+) lives. This is IU technical design (after OP-B); concept-level open-axis wording is patchable now provided it carries the SB-3 flag.

5.4 OP-B owner status (unresolved — council decision)

OP-B = council-decision-required (C-3) + sovereign ratification (H-2). Until resolved, every IU object is OWNER_GAP by construction and IU owner-binding/surface design is NO-GO.

Recommended assignment (council to ratify): policy→GOV-COUNCIL; substrate/health (KG/taxonomy/vector)→GOV-KG-SYS + integrity/coverage→GOV-SIV; execution (cut/split/merge/compose DOTs)→GOV-DOT; render→GOV-MOUT (interim COUNCIL delegation, TTL-bounded); law owner of the IU family→GOV-NRM-SYS. Companion ruling (C-4 / OQ-IU-OWNER): record IU's review_decision_id as a governed approval-adapter exception (11-field record + replacement_plan to migrate to Đ32), unless council requires full Đ32 routing.

5.5 What can be concept-patched now vs must wait

Item	Now (concept GO)	Wait
IU as first-class governed domain (IU-GOV-1)	✅	—
Generic axis model for IU (IU-GOV-2, AXIS-1/2)	✅ (carry SB-3 flag)	—
Structure-ops-are-governed concept (IU-GOV-3)	✅	DOT binding → after OP-B
Non-exemptable IU invariants (IU-GOV-5)	✅	—
IU owner binding (which agency owns IU)	❌	OP-B (C-3 + H-2)
IU surface/binding design docs	❌	OP-B
Axis-envelope generalization (SB-3)	❌	IU technical design (substrate)
Edge-write DOT, reindex DOT, reconstruct-wrapper DOT	❌	IU technical design
Closing `conformance_status`	❌	GOV-SIV scanner (implementation)

5.6 What future IU technical design MUST include (forward contract)

OP-B owner binding into governance_registry + governance_object_ownership (after SB-2).
Axis Registry rows for all ≥9 IU axes + the generic axis-value store (SB-3) so a 4th axis is data, not DDL.
DOT binding: register the 54-command catalog into dot_tools (Đ35), add the missing edge-write DOT, vector-reindex DOT, and reconstruct-wrapper DOT, each with paired audit.
Approval routing: the review_decision adapter (C-4) or full Đ32 routing; back-route the 0 IU approvals.
Issue/event wiring: register IU issue types (iu_object_orphan, iu_cut_unapproved, axis_unregistered, reconstruction_integrity_fail, iu_vector_drift, iu_kg_edge_unowned) under Đ45 register-before-emit; wire the 16 live iu.* events into the central detector.
Conformance closure: GOV-SIV closes conformance_status as the coverage proof.
Non-exemptable invariant checks as live DOTs (reconstruction fingerprint, vector-per-IU, relation integrity).

5.7 Answer to Success-Target Q4

"Does the model cover IU and future IU axes without hardcoding the current 3 axes?" → YES at concept, NO at substrate-today. The concept is fully open (each axis = an Axis-Registry row; the current 3 are examples; future axes are data). The honest caveat: the live IU substrate hardcodes 3 axes (iu_three_axis_envelope) — captured as SB-3 / SB-AXIS-ENVELOPE, a named substrate blocker with a concrete generalization path, to be resolved in IU technical design after OP-B. This is a detected, documented limitation with an upgrade path — not a silent hardcode.