02 — Live Governance Substrate Analysis

Package: one-roof-auth-model-ratification-intake-2026-06-02 Answers mission §2.2: Which existing substrate can legally record it? Mode: READ-ONLY. All queries run via query_pg (AST-validated, READ ONLY role, 5s timeout, hard LIMIT 500) against database directus, 2026-06-02.

---

2.1 Raw live readings (this run)

Counts / gates

approval_requests      = 211
apr_approvals          = 42
apr_action_types       = 6
os_proposal_approvals  = 0          ← L4 e-sign gate UNSATISFIED
birth_registry         = 1,074,290  ← organic growth (was 1,074,279 in memory; canonical NULL)
idle_in_transaction (workflow_admin) = 0   ← no rehearsal residue

Object presence (to_regclass)

governance_build_authorization  = NULL  (ABSENT)   ← SB-0 L3 grant table
v_build_auth_valid              = NULL  (ABSENT)   ← SB-0 anti-forgery view
fn_build_commit_allowed         = NULL  (ABSENT)   ← SB-0 verifier
axis_registry                   = NULL  (ABSENT)
axis_assignment                 = NULL  (ABSENT)
governance_registry             = PRESENT
governance_relations            = PRESENT
governance_audit_log            = PRESENT
os_proposal_approvals           = PRESENT (sales e-sign module)

apr_action_types — full contents (6 rows, all status='active')

action_code	risk	handler_ref	origin
add_field	medium	dot-apr-execute:add_field	MIGRATION
amend_law	high	unimplemented	MIGRATION
create_item	low	dot-apr-execute:create	MIGRATION
enact_nrm	high	unimplemented	S178-Fix21
patch_ops_code	high	dot-apr-execute:patch_ops	MIGRATION
update_item	low	dot-apr-execute:update	MIGRATION

→ No authorize_build_step / ratify_* / governance build-authorization action-type exists. The 8 governance action-types of hardening doc 03 §3.3 are genuinely unbuilt (= SB-1). The only constitution-adjacent types are amend_law and enact_nrm, both unimplemented (no handler).

Tables matching ratif/council/proposal/esign/sovereign/build_auth

design_templates, os_proposal_approvals, os_proposal_blocks,
os_proposal_contacts, os_proposals, table_proposals

→ No governance ratification / council / sovereign / build-authorization table exists. The only *proposal* cluster is the sales module (os_proposal*) and schema-migration proposals (table_proposals). The only e-sign surface is os_proposal_approvals (sales).

governance_audit_log schema

id (int), relation_id (int), checked_at (tstz), checked_by (varchar),
result (varchar), detail (json)

→ It is a relation-verification audit log (one row per check of a governance_relations edge). It is not a free-form decision/ratification ledger; every row is bound to a relation_id. A constitutional ratification has no relation_id to bind to.

Live L2 quorum mechanism (functions present)

fn_apr_quorum_check    = PRESENT   ← L2 quorum (president-human + ai_council)
fn_auto_approve_add    = PRESENT   ← L0 auto-approve ('add' default — N4 hardening target)
fn_birth_registry_auto = PRESENT   ← Birth trigger (F-83-1 re-wire target)

Existing approved precedents (only 2 status='approved')

code	title	action	proposed_action_code
APR-0234	S178-Fix22 silent-fail scanner	add	(null) — auto-approved 'add', 0 council votes
APR-S178F18-FALLBACK-5	retroactive APR admin_fallback_log id=5	modify	patch_ops_code (real council-backed)

→ The L2 spine works (one genuine council-backed approval exists), but none of it is a build-authorization or a constitutional ratification, and there is no path to attach one without an action-type that does not exist.

2.2 Surface-by-surface legality assessment

Can each live surface legally record the D-BOOT-1/2 ratification as an act an Agent is entitled to author?

Surface	Could it hold the act?	Verdict	Why
os_proposal_approvals (L4 e-sign)	It is the L4 target	NO	Human sovereign e-sign module; Agent cannot impersonate a signature; currently 0; writing it = e-sign forgery (forbidden).
approval_requests + apr_approvals (L2)	Spine for council decisions	NO (as a governed act)	(a) No governance build-auth action-type exists → nothing legitimate to reference (SB-1 unbuilt); (b) the council votes in apr_approvals cannot be cast by the Agent without self-approval/forgery; (c) any write is a Directus/PG mutation — forbidden this mission; (d) a constitutional bootstrap must originate from proper authority, not an Agent.
governance_build_authorization (L3 / SB-0)	The new M-1 surface	NO	ABSENT — it is the very object the decision would authorize building. Using it to authorize its own creation is circular (doc 01 §1.2).
governance_audit_log	Audit trail	NO	Relation-verification log keyed to relation_id; wrong shape; a ratification has no relation edge; writing a synthetic row = local governance island + Directus mutation (forbidden).
governance_registry / governance_relations	Taxonomy / edges	NO	Object/relationship registry, not an approval or ratification surface; recording a decision here = category error + island + mutation.
any ratification/council/sovereign table	—	N/A	None exist.

2.3 Conclusion of the substrate analysis

There is no live surface on which an Agent can legitimately record the D-BOOT-1/2 ratification as a governed decision. Every candidate fails on at least one of: (i) it is a human/sovereign-only act (forgery to author), (ii) it requires a non-existent governance action-type (SB-1 unbuilt → circular), (iii) it is the wrong shape (category error / local island), (iv) any write is a Directus/PG mutation this mission forbids.

The constitutional bootstrap is, by design, the one decision the substrate refuses to let an Agent self-record. This is the intended safety property, working as designed — not a defect.

→ Carried to the recording-path decision in [[03-legitimate-recording-path-decision]].

2.4 Cross-links

• counts/objects feed [[03-legitimate-recording-path-decision]] and the build verdict [[05-build-go-nogo-after-ratification-intake]].
• consistent with bootstrap [[one-roof-auth-axis-bootstrap-ratification-rehearsal-go-nogo-2026-06-02]] doc 02 (preflight) — same gate state, birth_registry advanced organically.