Check A - Approval Envelope Shape Recheck

Verdict: APPROVAL_ENVELOPE_SHAPE_NEEDS_FIX

Accepted: machine-readable YAML exists; it lists active members, revisions/placeholders, section scope, boundary/guard/membership hashes, approver/checkpoint fields, and next_required_recheck_on_change: true.

Required fixes:

1. Use canonical full KB document_id paths consistently. Current envelope rows omit knowledge/dev/reports/architecture/, while MCP document identities include it; the membership hash input is therefore ambiguous.
2. Define byte-exact, domain-separated, schema-versioned canonical encodings for membership, marker/fence registry, superseded boundary, guard set, and envelope manifest. Specify exact keys, ordering, delimiters/JSON encoding, LF/null rules, and region delimiters.
3. Make envelope_manifest_sha256 bind every authority-bearing field, including active section identity/range, revisions, normalized/full hashes, membership, marker/fence registry, superseded boundary, guard set, approval status/epoch/role/time, checkpoint anchor, algorithm/version, and next_required_recheck_on_change.
4. Resolve doc 00 self-reference. full_document_sha256 cannot include an envelope that contains its own hash. Either mark full-doc hash explicitly not applicable for the self-host and rely on a precisely defined exclude-region body hash plus whole-envelope hash, or move the envelope outside the hashed corpus.
5. Resolve the blueprint-checkpoint contradiction: it is described as a self-referential host, but it is not in active_corpus and no checkpoint EXCLUDE envelope was found.