06 — Production review_decision Governance Path (authority pack)

Goal: a production review_decision path that cannot bypass Điều 32 and cannot be self-minted by an agent. Live-deferred (any production builder must be authored under council privilege).

1. Live reality (verified this run)

• No review_decision table in public; cutter_governance schema is not visible to context_pack_readonly (privilege-walled, real per prior pg_class checks).
• Test builder live: fn_iu_test_review_decision_create(p_actor, p_reason, p_manifest_tag) — tags test_scope, automated_agent, cross_signed=false. Explicitly NOT a production Đ32 artifact.
• split/merge/retire/supersede all require + FK-probe a review_decision_id.

2. Test builder vs production builder (the hard line)

Dimension	Test builder (live)	Production builder (to author)
Reviewer	automated_agent	human / council / sovereign — never agent
cross_signed	false	true, ≥2 distinct human signers
Manifest	tag only	real manifest_envelope binding (artifact hash)
Scope	test_scope	production canonical_address scope
Schema	public test fn	cutter_governance (privilege-walled)
Verdict vocab	approve (test)	approve / reject / approve_with_conditions / defer

3. Production builder contract (authority spec)

fn_cuttergov_review_decision_create(
  p_manifest_envelope_id uuid,   -- REAL artifact binding (hash-verified)
  p_scope_address       text,    -- production canonical_address
  p_verdict             text,    -- approve|reject|approve_with_conditions|defer
  p_reviewer_principal  text,    -- human/council/sovereign principal id
  p_reviewer_role       text,    -- domain_admin|company_admin|council|sovereign
  p_conditions          jsonb,
  p_cross_signers       jsonb     -- ≥2 distinct human principals
) RETURNS uuid

Invariants enforced inside the function (fail-closed):

1. p_reviewer_role ∈ {council, sovereign, company_admin, domain_admin} and resolves to a real human/org principal (joins to the human-org-role table from doc 07). automated_agent → RAISE.
2. array_length(distinct p_cross_signers) >= 2 and signers are human principals ≠ each other.
3. p_manifest_envelope_id exists and its artifact hash matches (no dangling/forged manifest).
4. Writes only into cutter_governance (privilege-walled); callable only by a council-privileged role, never by context_pack_readonly or the agent.
5. Every call audited (actor, manifest, verdict, signers, timestamp).

4. No-agent-approve invariant

• The agent may author the test builder and the production contract spec, but must never call a production builder or mint a production review_decision.
• Enforced by: privilege wall (cutter_governance not granted to agent roles) + the role check in §3.1 + iu_enact.allow_no_review_decision=false (never flip).

5. Manifest binding & cross-sign

• A production review_decision is valid only when bound to a manifest_envelope whose artifact hash is verified at decision time (prevents approving a stale/forged artifact).
• Cross-sign ≥2 distinct humans defends against single-actor capture; council/sovereign decisions log both signers.

6. Live-apply gate

Production builder is live-applicable only when: (a) the human-org-role table (doc 07) exists so role checks resolve; (b) cutter_governance write authored under council privilege (not agent); (c) manifest_envelope artifact-hash verification function exists. Until then → authority-pack.

7. Verdict & next macro

AUTHORITY-PACK. Contract + invariants are implementation-ready; live-create requires council privilege + the human-org-role table. Next macro: IU_PROD_REVIEW_DECISION_BUILDER_COUNCIL_AUTHORED_400000X (council-gated, after doc 07 law).