100 — Phase 1 GO/NO-GO Matrix (no build, 2026-06-01)
100 — Phase 1 GO/NO-GO Matrix
Mission §11 (Branch H). Tier: the single decision matrix. Mutation footprint: ZERO. Master gate over the whole matrix:
os_proposal_approvals=0 (live 2026-06-01) ⇒ no row is GO-NOW. "Build allowed in Phase 1" means eligible to build once its named authorization exists; it never means "build now." Columns: DC design complete · RG rehearsed green · AUTH authorization needed · P1? build allowed in Phase 1 · ¬P1 build forbidden in Phase 1 · DEP post-build dependency · RISK main risk · STATUS final status.
100.1 Matrix
| Component | DC | RG | AUTH needed | P1 build allowed | Forbidden in P1 | Post-build dependency | Main risk | Final status |
|---|---|---|---|---|---|---|---|---|
| SB-12 ruleset/snapshot | ✅ (38) | ✅ (58/62) | M-1 | ✅ (draft only) | activation (C-7.2) | SB-10 FK parent | premature activation | GO-WHEN-AUTHORIZED (M-1) |
| SB-13 worker cursor | ✅ (39) | ✅ (59/62) | M-1 | ✅ | — | GCOS workers (post-P1) | typed watermark / F-57-1 cols | GO-WHEN-AUTHORIZED (M-1) |
| SB-10 candidate state | ✅ (40) | ✅ (60/62) | M-1 (after SB-12) | ✅ | seeding candidate rows | scanner/backfill (post-P1) | FK ordering; canonical NULL | GO-WHEN-AUTHORIZED (M-1 + SB-12 built) |
| SB-11 event domain | ✅ (41) | ✅ (61/62) | M-1 | ✅ (active=false) | active=true / emit | T7 wiring; C-7.1 trust | accidental emit / CHECK enum | GO-WHEN-AUTHORIZED (M-1) |
| SB-2 ownership substrate | ✅ (17) | ✅ (75–81) | M-1 + C-1 | ✅ | real owner writes; relations CHECK-widen | SB-1 Phase-B owner writes | CHECK-widen / trigger | GO-WHEN-AUTHORIZED (M-1 + C-1) |
| SB-1 APR action-types | ✅ (16) | ✅ (83/84) | M-1 + C-2 | ✅ (Phase A, with F-83-1) | handler flip (Phase B) | Phase-B handler (NO-GO) | F-83-1 trigger; action='add' bypass | GO-WHEN-AUTHORIZED (M-1 + C-2 + F-83-1 fix) |
| T6/T7 scanner/issue DOTs | ✅ (24/25) | ⚠ partial (63 Part-A) | M-1 + C-7 + SB-10..13 built | ❌ | ✅ entire | reads candidate/event substrate | tier-A only; G-APPLY trap | NO-GO IN P1 (post-substrate) |
| GCOS backfill seed | ✅ (31) | substrate-only | M-1 + C-7.3 | ❌ (dry-run only later) | ✅ committing rows | SB-10..13 built | ungoverned mass onboarding | NO-GO IN P1 |
| Event registration→activation/emit | ✅ (41) | ✅ register step | M-1 (register) + C-7.1 (activate) | register active=false only |
✅ activation/emit | C-7.1 input-trust | trusting untrusted input | REGISTER-ONLY IN P1; activation NO-GO |
| DOT registration (GCOS) | ✅ (25) | ⚠ (63) | M-1 + dot_domains order (F-R7-1) | ❌ | ✅ entire | SB-10..13 built; T6/T7 step | FK order; G-APPLY DOT | NO-GO IN P1 |
| Production gate (G-PROD) | rule (35/49) | n/a | M-1 + SB-10 built | ❌ | ✅ entire | SB-10 built | fail-open default | NO-GO IN P1 |
| UI / Directus exposure | n/a (C-5/T8) | n/a | C-5 + M-1 | ❌ | ✅ entire | SB-2 built; C-5 | surface before substrate | NO-GO IN P1 |
Legend for STATUS: GO-WHEN-AUTHORIZED = engineering-ready; builds the moment its named authorization (M-1 ± council record) exists and its fold-ins are applied. REGISTER-ONLY = the inactive registration is in P1; activation/emit is not. NO-GO IN P1 = excluded from Phase 1 by scope; revisit in a later phase under its own gates.
100.2 Authorization-key summary (what unlocks each P1 component)
| Component | Sovereign (M-1) | Council | Engineering fold-in |
|---|---|---|---|
| SB-12 | ✅ required | — | — |
| SB-13 | ✅ required | — | F-57-1, L-WATERMARK |
| SB-10 | ✅ required (+ SB-12 built) | — | L-CANON-NULL, no-checked-forever |
| SB-11 | ✅ required | (C-7.1 only for later activation) | F-57-2/3/4 |
| SB-2 | ✅ required | C-1 | additive-only, trigger-less |
| SB-1 | ✅ required | C-2 | F-83-1, action≠'add' |
100.3 Cross-cutting NO-GO guards (apply to the whole matrix)
- G-APPLY — the mutating DOT
dot_governance_assignment_apply/ any Phase-B owner-write handler: NEVER build in Phase 1 (needs A-9 sovereign sign-off). - No emit —
event_outboxgovernance must stay 0 across all of Phase 1. - No law/version/status change —
normative_registry/law_catalog/governance_docsuntouched (L-1/L-2 are FUTURE). - No surface — no Directus/Nuxt/API/Qdrant change.
- One step, one COMMIT, one auth row — no batching.
100.4 Current live GO/NO-GO verdict (2026-06-01)
EVERY row is NO-GO-NOW. Six components (SB-12/13/10/11/2/1) are GO-WHEN-AUTHORIZED (engineering-ready, rehearsed green); they convert to buildable only when the sovereign master gate M-1 (os_proposal_approvals>0 for the step) and, for SB-2/SB-1, the council records C-1/C-2 exist live, with the doc-86 fold-ins applied. The remaining six rows (T6/T7, backfill, activation/emit, DOT registration, G-PROD, UI) are NO-GO IN PHASE 1 by scope.
Branch H verdict: matrix complete — 12 rows × 8 columns, with authorization keys, cross-cutting guards, and a live verdict. Phase 1 build set = {SB-12, SB-13, SB-10, SB-11, SB-2, SB-1}, all GO-WHEN-AUTHORIZED; none GO-NOW; M-1=0 ⇒ COMMIT_FORBIDDEN.