Incomex AI Portal
KB-70AD rev 2

89 — Final Build Handoff & Stop Conditions — READ FIRST before any One-Roof Governance build (2026-06-01)

11 min read Revision 2
one-roof-governanceimplementation-indexbuild-handoffstop-conditionsread-firstbuild-orderm-1no-commit-without-auth2026-06-01

89 — Final Build Handoff & Stop Conditions

Branch G (mission §10). This is the single document a future build-agent MUST read before any One-Roof Governance build/COMMIT. It supersedes ad-hoc build instructions; it does not supersede the controlling-sources order (doc 00 §0.1) or the blocker register (doc 88). Hard truth at the top: os_proposal_approvals = 0 (live 2026-06-01) ⇒ COMMIT_FORBIDDEN. If M-1 is not met when you read this, STOP — nothing below is executable.

Addendum (2026-06-02) — authorization model redefined upstream; SB-0 is now the new first step. Before using the build order below, read …/one-roof-axis-auth-proposal-operational-hardening-build-ready-design-2026-06-02/ (docs 02/03/11/13): M-1 is redefined from "an os_proposal_approvals row exists" to a per-step governance_build_authorization (SB-0) grant whose validity is recomputed from backing quorum + (where required) an L4 sovereign e-sign. SB-0 is the new STEP 0 and is gated on a one-time L2 council + L4 sovereign ratification of the model. SB-0 + axis (axis_registry/axis_assignment) were rehearsed live (BEGIN..ROLLBACK, REHEARSED-GREEN, entry==exit, zero residue) and published to …/one-roof-auth-axis-bootstrap-ratification-rehearsal-go-nogo-2026-06-02/ (docs 00–09). The master gate (os_proposal_approvals = 0 ⇒ COMMIT_FORBIDDEN) is unchanged — build remains NO-GO.

89.1 Mandatory read order (before touching anything)

  1. doc 00 (read-me-first / controlling-sources priority).
  2. doc 88 (blocker closure ledger) — confirm M-1, C-1, C-2, C-7 status live.
  3. doc 86 (drift fold-ins) — the engineering corrections you MUST apply.
  4. doc 89 (this doc) — build order + stop conditions.
  5. The per-component design + rehearsal docs for the step you are building: SB-1 → 16/83/84; SB-2 → 17/75–81; SB-12 → 38/58; SB-13 → 39/59; SB-10 → 40/60; SB-11 → 41/61; T6/T7 → 24/25/63/69.
  6. doc 90 (paste-ready build prompts) and doc 91 (entry==exit verification template).
  7. House law: knowledge/dev/laws/prompt-muc-tieu-mo-for-claude-code.md + live-apply hard gate.

89.2 Exact build order (dependency-correct)

Each step is COMMIT-able only when its authorization row exists (§89.6). Steps gate downstream steps.

STEP 0  Pre-flight live re-verify (§89.4). If M-1=0 → STOP.
STEP 1  SB-1 Phase A  — apply F-83-1 fix (birth trigger arg); INSERT 4 apr_action_types rows
                        (high/unimplemented). Needs: C-2 build record + M-1.
STEP 2  SB-2          — CREATE governance_responsibility_scope (+6 seed) + governance_object_ownership
                        (20-col, partial-UNIQUE, trigger-less) + 2 resolution views. Needs: C-1 + M-1.
STEP 3  SB-12         — CREATE governance_ruleset (draft) + reuse evolution_snapshots row.
                        Needs: M-1.  (Activation later: C-7.2.)
STEP 4  SB-13         — CREATE gov_worker_cursor (text watermark) [F-57-1 fold-in for queue_heartbeat reuse].
                        Needs: M-1.
STEP 5  SB-10         — CREATE governance_candidate_state (+ optional object) + candidate_scan_run;
                        FK → governance_ruleset (so STEP 3 first). Needs: M-1.
STEP 6  SB-11         — register 5 governance event types in event_type_registry, active=false
                        [F-57-2/3/4 fold-in]. Needs: M-1.
STEP 7  T6/T7 addenda — INSERT dot_domains (4 GCOS) → dot_tools (4 tier-A read/propose DOTs)
                        → dot_coverage_required (4)  [F-R7-1 order, F-R7-2 naming]. Needs: SB-10..13 built + C-7 + M-1.
                        DO NOT create dot_governance_assignment_apply (G-APPLY).
STEP 8  GCOS backfill seed — DRY-RUN only first. Needs: C-7.3 + M-1.
STEP 9  Phase-B handler / apply — DO NOT BUILD. Needs: A-9 (H-1/H-2/SB-6) sovereign sign-off.

Stop between every step. Re-verify (§89.4) and re-confirm the next step's authorization. Never batch steps under one approval.

89.3 Per-step allowed vs forbidden mutation

Step ALLOWED (under its auth row) FORBIDDEN always
1 SB-1 re-wire apr_action_types birth trigger ('action_code'); INSERT 4 rows handler_ref='unimplemented', risk='high', action-convention N/A (no APR) flipping any handler_ref to a real handler; creating an approval_requests row with action='add'
2 SB-2 CREATE 2 tables + 2 views + partial UNIQUE; seed 6 scopes ALTER governance_relations (CHECK widen); any trigger on the new tables
3–5 SB-12/13/10 CREATE the additive tables; ruleset status='draft' activating a ruleset (C-7.2); writing a checked-forever boolean
6 SB-11 INSERT event types active=false active=true; any event_outbox emit
7 T6/T7 INSERT dot_domains/dot_tools/dot_coverage_required (read/propose only) creating the mutating apply DOT; any owner write
8 backfill DRY-RUN compute only committing onboarding rows before C-7.3
all COMMIT without the step's auth row; Directus/Qdrant/Nuxt mutation; law enactment; version/status bump; event emit; self-approval

89.4 Live re-verify queries (run at STEP 0 and between steps)

-- MASTER GATE
SELECT count(*) FROM os_proposal_approvals;                         -- must be > 0 with a row for THIS step; if 0 → STOP
-- substrate presence (expect ABSENT until you build them)
SELECT to_regclass('public.governance_object_ownership'), to_regclass('public.governance_responsibility_scope'),
       to_regclass('public.governance_ruleset'), to_regclass('public.gov_worker_cursor'),
       to_regclass('public.governance_candidate_state'), to_regclass('public.candidate_scan_run');
-- vocabulary / approval surface
SELECT count(*) FROM apr_action_types;                              -- 6 until SB-1 built
SELECT count(*) FROM apr_action_types WHERE action_code IN ('assign_governance_owner','grant_governance_exception','delegate_authority','assign_axis_owner');
SELECT count(*) FROM birth_registry WHERE collection_name='apr_action_types';   -- 0 until SB-1 built (F-83-1)
SELECT count(*) FROM approval_requests; SELECT count(*) FROM apr_approvals;       -- unchanged unless a real governed APR ran
-- event / dot / law surfaces
SELECT count(*) FROM event_type_registry WHERE event_domain='governance';        -- 0 until SB-11
SELECT count(*) FROM event_outbox WHERE event_domain='governance';               -- must stay 0 (no emit)
SELECT count(*) FROM dot_domains; SELECT count(*) FROM dot_tools; SELECT count(*) FROM dot_coverage_required;
SELECT count(*) FROM normative_registry; SELECT count(*) FROM law_catalog;       -- no law change
-- hygiene
SELECT count(*) FROM pg_stat_activity WHERE datname='directus' AND state='idle in transaction';  -- 0

Organic-growth tables (birth_registry, event_outbox) may differ from prior baselines via unrelated production traffic — that is expected; only governance-scoped counts must match.

89.5 Rollback / verification requirement (every step)

  1. Rehearse first in BEGIN; SET LOCAL statement_timeout='5s', lock_timeout='3s', idle_in_transaction_session_timeout='15s'; … ROLLBACK; — prove entry==exit (doc 91 template) before any COMMIT version.
  2. pg_dump the touched reuse-tables (apr_action_types, governance_relations, governance_registry, dot_tools, dot_domains, dot_coverage_required, event_type_registry) immediately before the COMMIT.
  3. The COMMIT transaction must itself set the three timeouts and be a single reviewed transaction.
  4. After COMMIT, re-run §89.4 and record the delta. Keep a documented rollback SQL (retire-not-delete for action-types; DROP for greenfield tables; DELETE-by-_dot_origin/event_domain for reuse-table rows).

89.6 Which steps need EXPLICIT build authorization (and from whom)

Step Needs explicit authorization text from Form
ANY COMMIT President (sovereign) os_proposal_approvals row for the step (M-1) — the load-bearing one
SB-1 (STEP 1) Council C-2 build record + sovereign M-1 recorded decision (not a GPT rehearsal ruling)
SB-2 (STEP 2) Council C-1 build record + sovereign M-1 recorded decision
SB-12 activation, backfill, input-trust Council C-7.2 / C-7.3 / C-7.1 recorded decisions
Phase-B apply / mutating DOT A-9 sovereign sign-off (H-1/H-2/SB-6) sovereign — otherwise NEVER build
GPT direction GPT may sequence/authorize rehearsal only — it cannot authorize a COMMIT advisory

A GPT or agent statement is never sufficient for a COMMIT. The sovereign os_proposal_approvals row is.

89.7 Stop conditions (halt immediately, write a finding, do not proceed)

  • os_proposal_approvals = 0 (or no row for the current step) → STOP.
  • Any required council record (C-1/C-2/C-7.x) absent for the step → STOP.
  • A fold-in (F-83-1/F-57-x/F-R7-1) not applied and the step's DDL/DML errors → STOP, do not "work around."
  • Any attempt would touch governance_relations CHECK, flip a handler_ref, set active=true, emit an event, or create the apply DOT without A-9 → STOP.
  • Entry==exit fails in the pre-COMMIT rehearsal, or idle_in_transaction > 0, or a session is left open → STOP, roll back, investigate.
  • Live counts contradict this handoff in a way that implies someone else mutated the substrate → STOP, reconcile, do not overwrite.

89.8 Final report fields (every build step must report)

step id · authorization row(s) cited (os_proposal_approvals id; C-record id) · pre-counts (§89.4) · fold-ins applied · rehearsal entry==exit result · pg_dump path · COMMIT yes/no · post-counts + delta · rollback SQL on file · no-hardcode attestation · no-island attestation · events emitted (must be 0 unless the step's emit is authorized) · law/version/status unchanged attestation · stop-conditions encountered.

89.9 No-hardcode / no-island checks (build-time, mandatory)

  • No-hardcode: action-type names/risk/handler are rows in apr_action_types; quorum derives from risk_level; scopes are rows in governance_responsibility_scope; owners resolve to governance_registry; event types are rows in event_type_registry; DOTs in dot_tools. No enum, no code-branch list, no literal owner/axis. (The action='review' protocol constant is a contract constant, not a datum — exempt.)
  • No-island: SB-1 adds vocabulary to the existing Điều-32 spine and reuses fn_apr_quorum_check/fn_apr_block_unimplemented_handler. SB-2 owner writes go to governance_object_ownership (never a private table). Events go through event_outbox after registration. Run the CI island scan (canon §5 dual channel) before COMMIT. Điều-37 stays the single roof (REFERENCE to Điều-32).

Handoff verdict: the substrate is engineering-ready and rehearsed-green; the build is authorization-gated. Build only one step at a time, each under its own sovereign + council record, each rehearsed entry==exit first.

Back to Knowledge Hub knowledge/dev/reports/architecture/one-roof-governance-technical-addendum-and-implementation-index-2026-06-01/89-final-build-handoff-and-stop-conditions.md