Incomex AI Portal
KB-7B30

28 — Council-Packet + Scanner/Event Bundle Integration & Readiness Map (design-only, 2026-06-01)

12 min read Revision 1
one-roof-governanceimplementation-indexbundle-integrationreadiness-mapdependency-graphgate-tablefuture-macro-ordercontinuation-contractc-1c-2t6t7op-bauto-approveno-gono-islanddesign-only2026-06-01

28 — Bundle Integration & Readiness Map (Council Packet + Scanner/Event Design)

Path: knowledge/dev/reports/architecture/one-roof-governance-technical-addendum-and-implementation-index-2026-06-01/ Doc: 28. Track: Branch F. Integrates docs 23–27 with the existing package (00–22) and the concept canon. Status: DESIGN/READINESS MAP ONLY. No mutation, no approval, no enactment. This doc states what the bundle unlocked, what stays NO-GO, the dependency graph, the implementation gates, the future-macro order, and the continuation contract.

1. What this bundle produced (docs 23–27)

Doc Branch Deliverable Verdict
23 A C-1 / C-2 council decision packet (SB-2 ownership substrate; SB-1 action-type vocabulary; exception-store correction) COMPLETE — decision-ready
24 B T7 issue/event/notification design (20 governance issue types; register-before-emit; anti-spam; routing) COMPLETE — register/emit NO-GO
25 C T6 coverage scanner / 7-DOT family design (6-layer detector; lifecycle; SB-7 audit; SB-8 rows) COMPLETE — apply NO-GO
26 D OP-B IU owner decision packet (C-3 federated owner-per-scope; C-4 adapter) COMPLETE — no binding
27 E Auto-approve (action='add') bypass hardening risk note COMPLETE — no mutation

All five branches plus this readiness map (Branch F) = the macro's seven authored docs (23–30, with 29 next-prompts and 30 self-review).

2. What this macro UNLOCKS (decision/design layers now ready)

This macro is a decision/design advance — it unlocks next steps, not builds:

  1. A council ruling on C-1 + C-2 (doc 23). Once ruled, SB-1 Phase-A registration and SB-2 table creation become build-queue eligible (still behind H-1 + sovereign sign-off). This is the critical path.
  2. A council ruling on OP-B/C-3 + C-4 (doc 26). Once ruled + H-2 ratified, IU owner-binding becomes possible and T5 (SB-3) and T10 (IU integration) unblock for design.
  3. T7 event/issue taxonomy (doc 24) is design-complete → the T7 build macro (register the governance event domain) can proceed when authorized.
  4. T6 scanner design (doc 25) is complete → the scanner can be built (read/detect/propose tiers) once SB-1/SB-2 land; the apply DOT stays NO-GO.
  5. A concrete hardening plan (doc 27) for the auto-approve bypass → ready for a T11 hardening macro; the interim action='review' convention is in force now.

It does not unlock any commit, registration, emit, or owner-write.

3. What remains NO-GO (gates still standing)

  • Build of SB-1 / SB-2 (Phase-A INSERT; CREATE table) — needs C-1/C-2 ruled + H-1 enact path + rehearsal log.
  • First live owner-write — needs SB-1 Phase-B handler (real handler_ref) + SB-2 table live + approved APR + sovereign sign-off (H-2/SB-6; os_proposal_approvals=0 ⇒ COMMIT_FORBIDDEN).
  • Register the governance event domain / emit any event — needs T7 build authorization + register-before-emit.
  • Register any DOT / run any production scan / apply remediation — needs T6 build + SB-1/SB-2 live + approved APRs.
  • IU owner-binding (live) — needs C-3 ruled + H-2 + C-4 + the SB-1/SB-2 substrate.
  • IU open-axis substrate (4th+ axis as data) — needs SB-3 (after OP-B).
  • Auto-approve hardening (function/column change) — needs a T11 hardening macro + council awareness for the default change.
  • Law-file patch / enactment — needs L-1/L-2 (content) + a separate law-patch macro, then the human enactment phase (SB-5/SB-6/H-1).

No gate may be satisfied by self-approval.

4. Dependency graph (updated)

                          ┌─────────────────────── concept canon (GO) ───────────────────────┐
                          ▼                                                                    ▼
   C-1 (SB-2 table) ──┐                                                          OP-B/C-3 ── C-4
   C-2 (SB-1 verbs) ──┤  ◀── doc 23 packet (THIS bundle)              doc 26 packet (THIS bundle)
                      │                                                          │        │
                      ▼                                                          ▼        ▼
            build queue: CREATE table + Phase-A INSERT                  IU owner-binding   IU approval
                      │   (gate: H-1 + rehearsal)                       (gate: H-2)        routing
                      │                                                          │
                      ▼                                                          ▼
   SB-1 Phase-B handler (governed DOT)  ◀── needs SB-2 table live        T5 (SB-3 design) ── unblocks ── T10 (IU integration)
                      │                                                          │  (4th-axis-as-data still needs SB-3 build)
                      ▼
   sovereign sign-off (H-2 / SB-6;  os_proposal_approvals=0 = COMMIT_FORBIDDEN)
                      │
                      ▼
   first live owner-write (action≠'add'; auto-approve hardened — doc 27)
                      │
        ┌─────────────┼───────────────────────────────┐
        ▼             ▼                                 ▼
   T6 scanner    T7 event domain                  auto-approve hardening (doc 27)
   (read/detect/  register (register-before-       (function/column; T11)
   propose now;   emit; needs build auth)
   apply NO-GO)

Independent / parallelizable: T7 (events) ∥ T6 (scanner design) ∥ OP-B packet ∥ auto-approve hardening design. T5 waits on OP-B. T10 waits on OP-B + SB-3. T11 waits on everything.

Key independence facts (carried from doc 20): SB-1 ↔ SB-2 are mutually dependent for the owner-write path; SB-1/SB-2 are independent of SB-3 (axis ownership ≠ axis value storage); OP-B gates IU binding (T10) and SB-3 design (T5).

5. Exact gates before implementation (consolidated gate table)

Implementation step Gates (all required; none self-approvable) Status
Create SB-2 table + scope ref + views C-1 ruled + H-1 enact path + rehearsal log (doc 19) + host/backup gate (mission §6) NO-GO
Register SB-1 4 action-types (Phase A) C-2 ruled + H-1 + rehearsal log NO-GO
Seed governance_responsibility_scope (6 rows) C-1 + H-1 (governed insert) NO-GO
Build SB-1 Phase-B handler (governed DOT) + flip handler_ref C-2 + SB-2 table live + handler is a governed DOT NO-GO
First live owner-write SB-1 Phase-B + SB-2 live + approved APR (action≠'add') + sovereign sign-off (H-2/SB-6) NO-GO
Materialize governed-exception register C-2 (store decision) NO-GO
Register governance event domain + types T7 build auth + GOV-SIV ownership ruled + register-before-emit NO-GO
Add governance system_issues buckets T7 build auth NO-GO
Register the 7 DOTs + dot_coverage_required rows T6 build auth + SB-8 NO-GO
Run production scan (read/detect/propose) T6 build + SB-1 Phase-A (propose valid) + SB-2 views (owner findings) NO-GO
Apply remediation (…_assignment_apply) SB-1 Phase-B + SB-2 live + approved APR + sovereign sign-off NO-GO
IU owner-binding (live) OP-B (C-3) + H-2 + C-4 + SB-1/SB-2 substrate live NO-GO
IU open-axis (4th+ axis as data) SB-3 (after OP-B) NO-GO
Auto-approve hardening T11 hardening macro + council awareness + rehearsal + H-1 NO-GO
Law-file patch + enactment L-1 + L-2 (content) → law-patch macro → SB-5/SB-6/H-1 NO-GO

6. Order of future macros

  1. P1 — C-1/C-2 council ruling (consume doc 23). Critical path. Unblocks SB-1/SB-2 build queue.
  2. P4 — OP-B/C-3 + C-4 council ruling (consume doc 26). Unblocks T5 (SB-3) + T10 design. Can run in parallel with P1.
  3. (after P1) SB-1/SB-2 build macro — gated on H-1 + rehearsal + sovereign sign-off; creates the table + registers Phase-A action-types.
  4. P2 — T7 event/issue register build (consume doc 24) — register the governance domain; can begin design-finalization in parallel, build after authorization.
  5. P3 — T6 scanner build (consume doc 25) — read/detect/propose tiers after SB-1/SB-2 land; apply stays NO-GO.
  6. P5 — auto-approve hardening macro (consume doc 27) — T11; can be sequenced before the first live owner-write (it protects R2).
  7. T5 (SB-3 design) after OP-B ruled; T10 (IU integration) after OP-B + SB-3.
  8. L-1/L-2 law-cleanup design → law-patch macro → enactment phase (SB-5/SB-6/H-1) — the law side, sequenced independently.

(Exact paste-ready prompts: doc 29.)

7. How future agents must continue from this package

  1. State-recover from THIS package (doc 00 §0.10 preamble): read 00 → 01 → 02 → 03 → 04, then 16, 17, 18, 20, then this bundle's relevant doc (23–28). The implementation index controls; concept canon > pre-patch design; Round-4 law > earlier wording; blockers win; if unclear → STOP.
  2. Honor HARD GATE 0 every time: no PG/Directus/Qdrant/Nuxt mutation; no schema/DOT/UI/API; no enactment/version-bump/status-change/registry-write; no approval/self-approval; no hardcode; no hidden local governance island; no implementation disguised as design.
  3. Do not restart or re-author. Per mission §4F, the next macro must consume these design/decision docs (rule them, or build from them under gates) — not redesign from scratch or produce another author-ready gap.
  4. Re-verify live counts read-only before relying on any number (this bundle's live facts are a 2026-06-01 snapshot).
  5. Write all new docs inside this package (append after 30). Do not create a competing package.
  6. No gate by self-approval — a council/human ruling is recorded only through the proper enact/approval path.

8. No-island / no-hardcode attestation (bundle-wide)

  • No local governance island introduced. Every design reuses the single live spine: one governance_registry, one Điều 32 APR spine (apr_action_types + fn_apr_quorum_check), one ownership store (SB-2 governance_object_ownership), one event substrate (event_type_registry/event_outbox, Điều 45), one issue store (system_issues), one audit (registry_changelog). No parallel vocabulary, approver, bus, store, notifier, or scanner. The OP-B recommendation explicitly dissolves the existing IU island rather than blessing it.
  • No hardcode. Action-types are rows; quorum derives from risk_level; ownership/scope/object/axis resolve to registries; severity is computed from (gap_family × object_risk_class × shared_truth); routing resolves from v_object_effective_owner + governance_responsibility_scope; the scanner sources its object/axis inventory from registries/config/source-inventory and fails closed if a source is missing — no axis or object-class array is embedded in code.

9. Verdict

Bundle integration & readiness map: COMPLETE (Branch F). The macro unlocks two council rulings (C-1/C-2 critical path; OP-B/C-3+C-4) and four downstream design/build layers, while every commit/register/emit/owner-write/enactment remains NO-GO behind recorded gates. The dependency graph, consolidated gate table, future-macro order, and continuation contract are specified. No mutation, no island, no hardcode. Next: doc 29 (next prompts), doc 30 (self-review).

Back to Knowledge Hub knowledge/dev/reports/architecture/one-roof-governance-technical-addendum-and-implementation-index-2026-06-01/28-bundle-integration-and-readiness.md