C1-DRYRUN-EXECUTION 05 — C1 Authorization Verifier & Consume Proof — 2026-06-22
C1-DRYRUN-EXECUTION 05 — C1 Authorization Verifier & Consume Proof — 2026-06-22
Gate: REGISTRATION_HOLD · CAN_PROCEED = NO · 0 runtime mutations.
1. Exact verifier (carried from PATCH2 file 05; status-domain aligned)
A grant passes iff all hold (single matching row):
status = 'active'— the live enforced domain is{draft,active,consumed,expired,revoked}(CHECKgovernance_build_authorization_status_check, confirmed this session). PATCH1'sstatus='granted'is unsatisfiable and is replaced.scopeaction set exactly equals the C1 build action set (set-equality, not JSONB@>superset).requires_sovereign_esign⇒sovereign_esign_refpresent and authentic (presence alone is insufficient).- bound to an approved
request_ref/approval_ref; notexpired_at/revoked_at;commit_allowedconsistent with mode.
2. Live authorization state (read-only)
SELECT count(*) FROM governance_build_authorization → auth_total = 0. There is no grant of any status — no active, no test/sandbox grant, no Chairman token. The verifier therefore returns AUTH_ABSENT for every input. This is the expected AUTHORITY_MISSING_ONLY residual — and it means no authorization can be consumed because none exists.
3. Atomic consume — handler absent
The governed consume model (PATCH2 file 05/06): CAS-consume the single matching active grant → consumed before any write, in one transaction, via a governed handler (not raw UPDATE). Live: no such handler exists (c1_functions=0), and raw DML is forbidden (macro §4) and impossible (query_pg read-only). So consume-before-write cannot be exercised — there is neither a grant to consume nor a handler to consume it nor a write to gate.
4. Negative behavior is vacuously safe but UNTESTED-LIVE
Because there is no live verifier surface and no grant, no input — wrong / none / generic / expired / revoked / reused / superset — can be accepted: there is nothing to accept it. This is safe, but it is absence of surface, not a demonstrated fail-closed verifier. The macro requires the verifier to reject bad grants; that demonstration must wait for the registered handler. Recorded honestly (no overclaim).
5. Classification & boundary attestation
VERIFIER_EXACT (design) + AUTH_ABSENT (0 grants) + CONSUME_HANDLER_ABSENT (PREPARATION_GAP). No grant read mutated; no consume performed. REGISTRATION_HOLD retained; CAN_PROCEED = NO; 0 runtime mutations.