Authority P1 Hardening / Back-audit Ratification / Scanner-Apply Control — 00 Readme First

Date: 2026-06-06. Mode: EXECUTION, principal-delegate. Live mutation: YES (2 reversible function patches via CREATE OR REPLACE + 18 additive views + 1 refreshed guard view). Birth-neutral: birth_registry 1,210,801 before == 1,210,801 after the DDL apply. trigger_guard_alerts: 129 before == 129 after (no new trigger). apr_approvals: 42 unchanged (no fake votes). OOM: SAFE (no signal-9).

Headline

AUTHORITY_BYPASS_CONTAINED (P0, prior macro) → AUTHORITY_P1_HARDENED + SCANNER_APPLY_CONTROLLED + APPLY_TIME_QUORUM_GUARDED + BACKAUDIT_RATIFICATION_ACTION_READY.

The previous macro closed the P0 INSERT-path auto-approve bypass. This macro closes the two remaining P1 authority gaps and makes the historical-ratification / reconcile queue machine-visible — without any fake authority.

What changed (all reversible)

1. Apply-time quorum re-proof (P1b) — extended the existing apply-guard function fn_apr_block_unimplemented_handler (fires at approved→applied) to call quorum_passed(NEW.code) BEFORE its null-action early-return. A request can now reach applied only if live votes currently satisfy quorum. Fail-closed. No new trigger was added (CREATE OR REPLACE only) so the DDL trigger-guard did not fire and trigger_guard_alerts stayed 129.
2. Scanner auto-apply control (P1a) — patched auto_apply_approval() (wired to host cron daily 04h30 CEST) to skip any scanner row where quorum_passed is false, writing an audit skip-note instead of applying. Narrowest safe option (block-without-vote / fail-closed).
3. 18 additive views for reverification, scanner control, apply-time re-proof, back-audit ratification packet, APR-0234 reconcile, P1 regression/teeth, and a control-plane P1 dashboard + router v2.
4. Refreshed the prior-session guard v_authority_lifecycle_failclosed_guard so its apply_quorum_reproof_present assertion is live-derived (now PASS + blocking) instead of hard-coded false.

Read order

• 01 — P0 reverification + P1 gap proof (live BEGIN..ROLLBACK rehearsal).
• 02 — scanner auto-apply control (inventory, cron wiring, patch options, chosen=D).
• 03 — apply-time quorum re-proof (mechanism, no-go guard).
• 04 — back-audit ratification packet (21 ratify / 1 reconcile / 4 none).
• 05 — APR-0234 reconcile (object already live+active).
• 06 — principal authority P1 decision interface (Vietnamese, plain-language).
• 07 — regression guard + teeth (8 live-derived teeth, all PASS).
• 08 — control-plane router v2 (next = RP_PRODUCTION_API_OPERATOR_FIX).
• 09 — safety audit.
• 10 — final summary.
• 11 — GPT MCP-readable checkpoint mirror.

Completion

PASS on the macro contract: scanner auto-apply is controlled (applied), apply-time quorum re-proof is implemented (applied), historical ratification/reconcile queue is machine-visible, and regression guards have teeth. PARTIAL only where owner/president authority is required (the 21 ratifications + APR-0234 reconcile remain action-ready, not executed — no fake votes).

Artifacts (VPS)

SQL under /opt/incomex/docs/mcp-writes/authority-p1-2026-06-06/: 00_rehearsal.sql (v1, new-trigger approach — superseded), 00b_rehearsal.sql (v2, chosen CREATE OR REPLACE approach), 01_apply.sql, 02_verify.sql, 99_rollback.sql.