06 - Operator Authorization Recheck

Verdict

OPERATOR_AUTHORIZATION_FAIL

The terminology separation is correct, but the proposed contract is not machine-checkable PG-native authority.

evidence_registry exposes artifact URI/hash, issuer, epoch, validity, and revocation. It does not expose typed approved_package_sha256 or authorization_scope. Those values remain inside external artifact content. The blueprint defines no sealed analyzer/adapter contract that reads the artifact, validates its schema, and emits typed PG decision inputs.

Additionally, activation quorum is relevant to PKG-F activation but does not by itself authorize PKG-E, PKG-G, or PKG-H. A broad operator role grant is not a package-specific authorization contract.

Required T1 fix: bind authorization scope/package hash/authorized action/epoch/principal to an approved typed PG authority contract, or explicitly request a design correction. External evidence may support the decision but cannot supply unparsed final authority.