Governance and delivery map for the MAF ICF Participation Program v0. All six participation steps accepted. MCP Governance Gateway operational. Gate 3 locked.
Programme gates are sequential. Each gate requires explicit governance authorization before the next may open. Gate 3 (matching and exchange) requires a separate authorization not yet granted.
Control Note
Programme authorization baseline
Tier A Public Site
Static public read · Live 2026-06-13
Protected Pilot · v0 accepted
All 6 steps delivered · 2026-06-17
Matching & Exchange
Requires separate authorization
Phase 1 established the identity, consent, and governance baseline required before any authenticated surface or personal data collection could proceed. All Phase 1 prerequisites completed and signed off 2026-06-15.
Six mandatory steps must be completed in order before any matching is permitted. No step may be skipped, bypassed, or reordered. All six steps delivered and accepted at v0 (2026-06-17). Matching is not permitted until all six steps are complete for a given participant record.
Keycloak authentication required before any write surface. Role assignment (Self / Family / Professional / Organisation) recorded in participant record and reviewed by a named human before evidence submission is permitted.
Explicit, revocable, purpose-specific consent recorded before any personal data is stored. Seven consent trigger events — account, card data, profile, evidence, family linkage, content, ICF self-report. Human review required; no automated consent processing.
Participant self-reported classification across ICF domains (d1, d4, d7, d9). Unused capacities staged by type (time, skills, knowledge, space, tools, goods, networks, professional support, lived experience). Non-clinical; does not constitute diagnosis or eligibility determination.
Participant record staged into appropriate support pathway after classification. Determines which matching and exchange options may be presented. No matching occurs at this step. Protected case pathway triggers safeguarding procedure; human review required before vulnerable participant record advances.
Records what forms of exchange the participant is willing and able to use: six CES transaction types (time, gift, exchange/SWAP, barter, mixed, shared) plus conventional currency. Mixed time + currency (type 5) disabled at v0 — requires separate approval and clear fiat disclosure.
Participation record created after Steps 1–5 complete. Governed by MAF-Evidence-Model-v0.1.yaml. Human verification required for all verified evidence types. No clinical claims, eligibility determinations, or diagnostic inferences may be recorded or derived.
Design principle: Do not match too early. The correct sequence is: Identify → Classify → Protect → Stage → Consent → then Match. No automated matching, recommendation, or eligibility determination may be introduced at any step. All matching proposals require human review before activation.
The MCP Governance Gateway provides Claude AI and authorized MCP clients with structured, read-only access to programme governance records and context. Qdrant participant-data search is intentionally disabled by configuration.
MCP OAuth authentication connector verified and operational.
ChatGPT MCP connector verified. External AI client access to governance tools confirmed.
Live read access to km-base governance records. km-base is authoritative; Qdrant is derived retrieval only.
Five active governance tools: programme status, control status, execution brief, final review checklist, context listing, km-base search.
One Qdrant governance search tool intentionally disabled by configuration. No participant data may be ingested into Qdrant at Gate 2.
Protected pilot testing permitted under existing consent and privacy controls. Audit log is append-only.
The following boundaries are governance controls on file in km-base. They are not technical limitations — they are programme authorization limits that require explicit governance decisions before they may be changed.
Gate 3 requires a separate explicit governance authorization not yet granted. All six steps must be individually completed per participant before Gate 3 consideration.
External PDPA legal review (R-4) remains a hard blocker for Pilot → Active. No counsel review has occurred as of 2026-06-17. Gate 2 v0 protected pilot testing may continue under existing on-file controls.
No personal data may be ingested into Qdrant. Registry status: qdrant_status: not_indexed_no_upsert_authorized. Aggregate de-identified counts require separate approval.
Minor linkage is unauthorized at v0. This decision is on file in km-base and does not change without explicit governance approval.
The Step 3 workflow (participant self-report → coordinator triage → designated professional review → institutional authority confirmation → audit/provenance) is designed, not built. Formal ICF/ICHI codes require designated professional or institutional authority.
n8n integration for Step 3 professional review workflow is designed but not activated. No webhook or workflow is live.
/match and /exchange return 404. No CES transaction, marketplace/store handoff, ERPNext integration, or payment processing is authorized at Gate 2.
All acceptance records are on file in km-base and accessible via the governance portal. Authoritative source: km-base. MCP governance tools provide live read access.
Final validation pass: 9 PASS, 1 PASS-with-flag, 1 mechanism-level PASS, 2 not independently verified (accepted on existing evidence). Option A signed: Gate 2 v0 accepted for continued protected pilot testing only. Does not grant Pilot → Active. Does not open Gate 3.
All six Phase 2 participation steps accepted at v0 as of 2026-06-17. Gate 3, participant-data Qdrant, n8n, and Pilot → Active remain locked/blocked. Registry updated with gate2_phase2_status: all_steps_v0_accepted.
R-4 external PDPA legal review remains required before Pilot → Active. No counsel review has occurred as of 2026-06-17. Gate 2 v0 protected pilot testing may continue under existing on-file consent and privacy controls. This decision does not waive, shorten, or substitute for external legal review.
Phase 1 identity, consent, and governance prerequisites completed and signed off. Keycloak IAM, seven consent artifacts (#1–#7), privacy review, data retention, integration approvals, and evidence model baseline all on file in km-base.
Authoritative governance records: governance.timebank.tw · km-base is the source of truth. MCP records are authoritative. Qdrant is derived retrieval only.
The traceability matrix connects each Gate 2 block — gate, stage, step, connector, and open item — to its delivery page, evidence note, governance decision, MCP/km-base context, and current status. 16 rows. 5 public pages pending (authenticated routes).
「我的優勢卡」(ABID)版權屬於廖華芳教授及財團法人中華民國發展遲緩兒童基金會。WSI/CES 為社區實施合作夥伴,不持有授權,不製作、複製或衍生優勢卡內容。
官方工具:https://www.fcdd.org.tw/AbilityCard/info · 官方平台:https://www.maf4p.com
ABID / My Abilities First copyright belongs to Prof. Liao Hua-Fang and 財團法人中華民國發展遲緩兒童基金會 (FCDD). WSI/CES holds no license and does not reproduce, adapt, or generate ABID content.
This governance map is a public-safe status record only. It does not constitute a legal opinion, clinical assessment, eligibility determination, diagnosis, or ABID card service. No matching, exchange, or Pilot → Active approval is implied by this page.
The MAF/CES team has completed a synthetic governance validation round (Gate 3 v0) to test the structures, controls, and scenario coverage for future community matching and exchange planning.
Using 10 synthetic scenarios and 30 SDG11-aligned community planning simulations — with no real participant data — the team validated that governance fixtures for needs/capacity matching, exchange, and CES 1+6 structures are in place; all safety, consent, reviewer, dispute, and cancellation controls are correctly represented; and private evidence files are not publicly accessible.
294 validators passed, 0 failed across MAF and CES repositories.
Gate 3 remains locked. No live matching, exchange, or CES transactions are operating. The programme is at the governance preparation stage.
Before any live matching or exchange service can begin, the programme requires separate authorization, external privacy review, and human-reviewed consent processes for each participant. No timeline for live services is confirmed.