11 — GPT MCP-Readable Checkpoint (mirror)

This mirrors the canonical checkpoint at knowledge/dev/reports/architecture/checkpoint-authority-p1-hardening-backaudit-ratification-scanner-apply-control-2026-06-06.md.

State

• Status: PASS (PARTIAL on owner/president-blocked ratification).
• Mode: EXECUTION, principal-delegate. Live mutation: YES, reversible.
• Birth: 1,210,801 before == after (DDL birth-neutral). trigger_guard_alerts 129==129. apr_approvals 42==42. OOM safe.

Closed this macro

• P1a scanner auto-apply: CONTROLLED (auto_apply_approval gated on quorum_passed; skip-without-vote).
• P1b apply-time quorum re-proof: IMPLEMENTED (quorum_passed in fn_apr_block_unimplemented_handler before null-action early-return; no new trigger).
• P0 containment: still holds (3/3).
• Back-audit: 21 ratify / 1 reconcile (APR-0234) / 4 none — machine-visible packets.
• Regression: v_authority_p1_regression_guard 8/8 PASS live-derived.

Key live facts

• Apply path chokepoint = approved→applied UPDATE; the only DB applier is auto_apply_approval (cron 04h30 CEST, returns 0 today). dot-apr-execute 5-min cron failing on curl localhost:8055.
• quorum_passed(code) is the reused re-proof primitive; returns false for null action/risk (fail-closed).
• APR-0234: 4 target DOTs already live+active; reconcile = president ratify-then-reject or apply-as-noop.
• Router v2 next = RP_PRODUCTION_API_OPERATOR_FIX (1 RED, 3 AMBER, 5 GREEN).

New objects (18 views + 2 fn patches + 1 guard refresh)

Views: v_authority_p0_still_contained_guard, v_authority_p1_gap_reverification, v_scanner_auto_apply_inventory, v_scanner_apply_control_status, v_scanner_auto_apply_no_go_guard, v_scanner_apply_control_patch_plan, v_apply_time_quorum_reproof_status, v_apply_time_quorum_no_go_guard, v_apply_time_quorum_regression_guard, v_authority_backaudit_ratification_packet, v_authority_backaudit_reconcile_packet, v_authority_backaudit_principal_queue, v_apr_0234_reconcile_status, v_apr_0234_reconcile_plan, v_authority_p1_regression_guard, v_authority_p1_teeth_tests, v_control_plane_p1_status_dashboard, v_control_plane_next_macro_router_v2. Patched fns: fn_apr_block_unimplemented_handler, auto_apply_approval. Refreshed: v_authority_lifecycle_failclosed_guard.

Gotchas (2026-06-06)

• Adding a NEW trigger trips fn_evt_trigger_guard (logs [TRIGGER-GUARD] DDL detected) and would push trigger_guard_alerts; use CREATE OR REPLACE on the existing apply-guard fn instead to keep it 129.
• quorum_passed returns false for null proposed_action_code → apply-time guard fail-closes legacy null-action rows; intended.
• 160 scanner-applied "by source" splits into auto-apply-function 18 (bypass) + orchestrator-s142b 142 (sanctioned) — classify by reviewed_by, not source.
• DDL via ssh contabo → cat hostfile | docker exec -i postgres psql -U directus -d directus (host file piped to container stdin); query_pg RO 5s.

Blockers

All human: president (+owner) for ratify 21; president for APR-0234; operator/dev for RP API. No engineering blocker.