06 — Production review_decision Governance Path (Branch F)

Verdict: AUTHORITY PACK / DEFER — no Agent self-approval. Only the test builder exists live. A production proposed/draft builder is specified that structurally cannot emit an approve verdict; the approve step is reserved for human/council/sovereign with cross-sign + manifest binding.

A. Live inspection (entry)

• fn_iu_test_review_decision_create(p_actor text, p_reason text, p_manifest_tag text) — the only live builder (test-scope, automated_agent, cross_signed=false).
• review_decision table is in cutter_governance schema (NOT public) — privilege-walled from context_pack_readonly; re-introspect under workflow_admin for the prod build.
• No production builder function exists. iu_enact.allow_no_review_decision=false (never-flip, intact) — enactment genuinely requires a review_decision, so the prod builder is on the critical path for governed enactment beyond test scope.

B. Production review_decision — the law (Đ32)

A production decision must bind to: a real manifest_envelope, a human/council/sovereign signer, cross_sign ≥ 2, and a verdict. An Agent MUST NOT mint an approve verdict — the test builder is explicitly test-scoped and cross_signed=false to make this structurally visible.

C. Proposed/draft builder — SAFE-NOW spec (refuses approve)

A fn_iu_proposed_review_decision_create that can ONLY create a proposed/draft decision and raises on any approve/reject verdict:

-- AUTHORITY-GATED spec (re-introspect cutter_governance under workflow_admin first)
CREATE FUNCTION fn_iu_proposed_review_decision_create(
  p_actor text, p_manifest_ref uuid, p_proposed_verdict text, p_rationale text)
RETURNS uuid AS $$
DECLARE v_id uuid;
BEGIN
  IF p_proposed_verdict NOT IN ('proposed','draft','needs_changes') THEN
    RAISE EXCEPTION 'proposed builder cannot emit terminal verdict %, use human path', p_proposed_verdict;
  END IF;
  IF p_manifest_ref IS NULL THEN RAISE EXCEPTION 'manifest binding required (Dieu32)'; END IF;
  -- insert into cutter_governance.review_decision with decision_kind='proposed',
  --   author_kind='automated_agent', cross_signed=false, scope='production_candidate'
  RETURN v_id;
END $$ LANGUAGE plpgsql SECURITY DEFINER;

Properties: cannot approve, requires manifest, author tagged automated_agent, cross_signed=false. Reversible: DROP FUNCTION. This is the safe additive piece — but since review_decision is in privilege-walled cutter_governance and needs re-introspection under workflow_admin, the actual CREATE is deferred to the prod-review macro (doc 10 Prompt 6), not applied here.

D. Human/council/sovereign approval path

1. Agent (or builder) creates a proposed decision bound to a manifest (no verdict authority).
2. Human reviewer reviews; a council member cross-signs (sign #1).
3. Second council/sovereign cross-signs (sign #2) → cross_sign ≥ 2.
4. Terminal verdict (approve/reject) written by the human path only, with both signatures + manifest hash recorded.
5. Only then may fn_iu_enact consume the decision (allow_no_review_decision stays false).

E. Cross-sign + manifest binding

• Each signature: signer identity + role (from human-org-role law, doc 07) + timestamp + manifest hash.
• Manifest binding: decision.manifest_ref → real manifest_envelope row; verdict invalid without it.
• No self-sign: signer #1 ≠ signer #2 ≠ proposer.

F. No Agent self-approval — compliance

No approving production review_decision minted. Proposed builder is approve-incapable by construction. Approve reserved for human path with 2 cross-signs. Forbidden rule satisfied.

G. Advance vs prior state

Prior bundles flagged the gap and the test-builder scope. This doc adds: the approve-incapable proposed-builder spec (with the explicit RAISE), the 5-step human cross-sign sequence, the cross_sign≥2 + manifest-hash binding rules, and the dependency on doc 07 for signer roles — i.e. the prod review path is spec-complete pending cutter_governance re-introspection + one gated build.