11 — Law / Forbidden Compliance / Self-Review (Branch + acceptance)

11.1 Forbidden-list compliance (every item)

Forbidden	Status this campaign
No self-minted approval	OK none minted
No law enactment	OK none (G2 deferred to sovereign)
No Candidate Registry committed without human Điều 32	OK G1 not committed (tables still absent)
No 4-Mothers runtime generation	OK none
No real workflows/tasks/forms/reports	OK none
No Nuxt/UI	OK none
No Directus mutation	OK none
No Qdrant/vector write	OK none (vector.enabled=false verified)
No unsafe P-pub block	OK untouched
No production approval shortcut	OK none
allow_no_review_decision=true	OK stays false (verified)
vector_sync_enabled=true	OK stays false (verified)
No gate left open	OK 0 open gate rows entry & exit
No hidden second SoT	OK v_kg_edges_all is a projection only
No open idle transaction left behind	OK idle_in_tx=0 verified
No client-timeout-killing open transactions	OK none (avoided DML rehearsal over flaky channel)
No event delivery	OK none (emit disabled)
No job execution	OK none

11.2 Law touchpoints honored

Hiến pháp / Điều 0-G (governed birth) · Điều 7 (no-double-ownership, verified disjoint) · Điều 28 (UI doc-only) · Điều 30/31 (soft-retire reversal preference) · Điều 32 (human cross-sign≥2, no agent self-mint) · Điều 36/37 (collection + role governance) · Điều 37-H (human-org-role law, deferred) · Điều 38/39 (provenance-or-quarantine, 60/60) · Điều 45 (event substrate dormant).

11.3 Acceptance criteria (mission §16)

Criterion	Met?
Branches A–J completed or precisely deferred	YES all completed; commits precisely deferred to human session
Activation sequence executable by humans	YES doc 01
One-shot rehearsal completed or exact blocker documented	YES doc 02 (read-only coherence + exact DML tx; full DML deferred with stated reason)
Phase 0 config-only package ready	YES doc 03
IU Pilot Day 1 package runnable	YES doc 04 (live read-only rehearsal green)
Governance Cockpit data layer ready or blocker documented	YES doc 05 (static-drift finding + live design; commit deferred)
Runtime blockers explicit	YES doc 08
>=30 real prompts	YES doc 10 (30)
No unsafe mutation	YES zero mutation

Overall: PASS.

11.4 Self-review — what is genuinely new vs predecessor

1. Fresh independent live verification that nothing drifted (every count + gate + KG re-checked 2026-05-29).
2. Single executable activation sequencing packet (doc 01) ordering G1→G2→G3→G4→config→pilot with per-step preflight/commit/post-verify/rollback/stop/incident — the predecessor had these as separate branch docs.
3. Branch B coherence proof showing fn_pre_birth_check is fail-closed at 4/5 for absent collections (Check1 only) — the precise, current "one step away" evidence.
4. Branch E confirmation: the committed fn_phase0_cockpit() is ALREADY live-computing (not static); designed an OPTIONAL additive v2 (pilot/DLQ/pending-review blocks).
5. Branch G correction: relation vocab is a 6-value CHECK (contains/derived_from/supersedes/replaced_by/merged_from/split_from), expandable only by DDL — there is no iu_relation_type table and no live 8-atom IU vocab.
6. Corrected agent memory + mid-campaign drafts: deleted a false "entity_species G1 blocker" note; corrected three first-pass doc claims built on queries that had actually errored (a "4/4 gate", a "static cockpit", an "8-atom relation table").

11.5 Honest limitations

• The streamed docker exec stdout is unreliable in this agent shell; all live facts were obtained via MCP query_pg (reliable). No mutation was attempted, so this did not constrain the safe scope — but it is why the deferred safe additives (live cockpit, KG wrappers) were NOT committed this campaign (committing without verifiable apply output would violate "prove durability").
• KB MCP upload of these anchors is attempted; if it fails in a headless context, the local mirror at /Users/nmhuyen/knowledge/dev/reports/architecture/<this-dir>/ is canonical.