08 — Technical Addendum SCAFFOLD: Governance Coverage Scanner / DOT Family

SCAFFOLD only. No SQL, no DOT code. Frames future T6. GATED on T3 + T4 + concept GO.

Purpose

Frame the future design of the detector that proves governance coverage (the twin of the birth/orphan scanner) and the scan/propose/apply/audit DOT family that acts on it.

Controlling inputs

• Concept canon doc 01 (coverage invariant v3: total = covered + orphans + exceptions + retired; M-DEF-5 orphan/anarchic + 12 gap types; anti-spam Đ37 §4.17/§4.17-bis; 4-phase readiness gate).
• Round-4 doc 08 (SB-4 event domain absent; SB-7 audit-loop dormant; SB-8 dot_coverage_required=11; template_gap=182,378 anti-spam proof).
• Registries-Pivot patched doc 06 (orphan/phantom/unmanaged policy) + doc 09 (notification contract) — TECHNICAL_REFERENCE for reuse patterns.
• This package doc 03 §3.4 (SB-4/7/8); doc 04 (T6).

Current blocker status

OPEN / GATED. Needs SB-1 (T3) action-types and SB-2 (T4) owner edge designed first (the apply DOT writes owner edges via those). The coverage event domain is unregistered (SB-4); coverage DOT rows absent (SB-8); audit loop dormant (SB-7).

Exact scope of the future design (T6)

• 6-layer coverage detector design — measures covered/orphan/anarchic/island/exception/retired against invariant v3.
• scan / propose / apply / audit DOT family — reuse the Đ19 orphan scanner + Đ35 DOT pattern + GOV-SIV; reuse paired_dot; do not invent a new scanner engine.
• dot_coverage_required rows for governance.coverage / classification / pivot / axis / iu (SB-8) — as data.
• Anti-spam path — coalesce_key / cooldown / summary / emit-ceiling, sized against template_gap=182,378 so the scanner is signal not noise.
• Inventory-completeness reconciliation — the governance twin of birth-orphan; every governed object is covered, an exception, or retired.
• Audit-loop activation design (SB-7) — reuse governance_audit_log + registry_changelog/event_outbox, do not replace.

Dependencies

• Gated on T3 + T4. Consumes T7 event/issue taxonomy for emit. Reuses GOV-SIV (active, Đ31, 22 DOTs).

Known constraints

• Reuse, don't island: Đ19 scanner, Đ35 DOT pattern, GOV-SIV, existing audit tables.
• Anti-spam is mandatory (the 182k template_gap is the cautionary proof).
• Container-grain, never per-row, at 10^8 scale.
• No-hardcode: gap types and coverage rows are data.

Forbidden implementation shortcuts

• ❌ Committing any DOT; ❌ running a production scan / emitting events.
• ❌ A new scanner engine that bypasses Đ19/Đ35/GOV-SIV (local island).
• ❌ Silent truncation / uncapped emit.

Acceptance criteria for the future detailed design

6-layer detector + DOT family + coverage rows + anti-spam + reconciliation + audit-loop activation all designed as reuse; invariant-v3 accounting closed; no committed DOT/scan/emit; no-hardcode + no-island attestation.

Where future detailed docs must be added

This package (e.g. 08a-coverage-scanner-design.md). Pointer added here.

What old docs must NOT be used as controlling input

• Registries-Pivot ship reports as a governance scanner spec (they are surface/substrate reference).
• Any orphan/phantom wording predating Round 4 where it conflicts.