02 — Existing Identity & Approval Channel (Reuse-First)
02 — Existing identity & approval channel — reuse-first
Goal: before staging anything new, find an existing mechanism that (a) records a real president/ai_council
vote into apr_approvals and (b) authenticates the approver. Reuse-first, prefer existing identity substrate.
No approval, no identity row, and no credential were created during this survey.
A. Approval-channel reuse (re-verified this turn)
| candidate | records pres vote | records council vote | binds real id | no self-approve | no manual write | decision |
|---|---|---|---|---|---|---|
dot-content-approve (DOT-018) |
NO | NO | n/a | n/a | n/a | REJECT — content domain, not apr_approvals |
dot-apr-propose/execute/health (309/310/311) |
NO | NO | — | — | — | REJECT — lifecycle is propose→[GAP]→execute; no approve step |
Directus API on apr_approvals |
NO | NO | NO | NO | NO | REJECT — 0 directus_fields ⇒ raw write, approver is free text |
DB functions touching apr_approvals (8) |
NO | NO | — | — | — | REJECT — all READ votes; none INSERTs; no fn_record_approval |
MCP query_pg/directus_create/write_file |
NO | NO | — | — | NO | REJECT — agent-side manual write = fabrication/bypass |
auto-approve (fn_auto_approve_add) |
NO | NO | — | — | — | REJECT — neutered 2026-06-06 (writes review_note only) |
| historical 42 rows | NO | NO | NO | — | NO | REJECT — batch back-fill, not a repeatable channel |
Result: no reusable lawful approval channel. The approve step (dot-apr-approve) is genuinely the missing
primitive. (Confirms prior package apr-approval-channel-discovery-and-bootstrap, re-checked against live state.)
B. Identity-substrate reuse (the new question this macro forces)
Searched information_schema for identity/seat/credential/token/secret/council/president tables. Findings:
B1. qt001_authority_identity_registry ← closest existing identity substrate
Columns: identity_key, identity_class, reviewer_type, authority_lock(bool), evidence_path, active(bool), created_at.
- No credential/token/secret/hash column → it can declare an authority but cannot authenticate a caller.
- Rows: 1 —
STAGE2.6A-FIX2-MACHINE-POLICY(classAPPROVER, reviewer_type NULL, lock=true, active=true). Not apresident, not anai_councilseat. - Reuse verdict: reusable as an authorization declaration layer (is key X a valid seat?), but not as an authentication layer. A real substrate would extend it (or a sibling) with a token-hash binding — a new, governed mutation, which the owner deferred (HOLD).
B2. directus_users (13 accounts)
nmhuyen@gmail.com(owner) — active, has token + password. The only plausible human-president holder.- AI agent logins (
gemini,agent.chatgpt,agent.claude_code_cli,agent.codex_cli,agent.gemini_cli, …) — allsuspended, token-only. These are agent logins, not governanceai_councilseats. - No account named/identified as
president(human governance seat) and noai_councilseat accounts. - Reuse verdict: directus_users could back authentication (token/password), but there is no president seat and no council seats to bind to, and the AI accounts are suspended and operator-controlled (not independent).
B3. Historical apr_approvals approver identities (what a "seat" looked like)
president(human,14) · gemini(11) · gpt(11) · gemini-ai-council(2) · gpt-ai-council(2) ·
ai_council_1(1) · ai_council_2(1) — all free-text strings, zero credential binding. The quorum functions
match these by approver ILIKE '%president%' / approver_type='ai_council' — i.e. a string test, trivially
fakeable by anyone who can insert a row.
Reuse-first conclusion
- Approval channel: none reusable →
dot-apr-approveis genuinely net-new (design in file 03). - Identity substrate: an authorization registry exists (
qt001_authority_identity_registry) and can be reused/extended, but no authenticated seat substrate exists, and a real one cannot be stood up in-session (file 04). Reuse-first is satisfied: we will not duplicate the registry; we extend it — but only once real seats exist and the owner consumes the warrant.