KB-783C

04 — Human/Sovereign Ratification-Ready Packet (exact UI/manual steps)

9 min read Revision 1

one-roof-governanceauthratificationhuman-packetl2-councill4-sovereign-esignAPR-BOOT-AUTHMODEL-1no-mutation2026-06-02

04 — Human/Sovereign Ratification-Ready Packet

Package: one-roof-auth-model-ratification-intake-2026-06-02 Answers mission §2.5: create a human/sovereign ratification-ready packet with exact UI/manual steps and stop. This document is the deliverable. It is text, not an act. Nothing here has been executed. No approval_requests, apr_approvals, or os_proposal_approvals row was written.

4.0 Who must act

Step	Authority	Tool / surface	Agent may do it?
File the ratification request	A human author (governance owner)	Directus → `approval_requests`	No (mission scope)
Cast L2 council approval	Council: ≥1 president-human + ≥2 ai_council (high-risk rule)	Directus → `apr_approvals` via `fn_apr_quorum_check`	No (forgery)
Cast L4 sovereign e-sign	The President (human)	Directus → `os_proposal_approvals` (interim)	No (e-sign forgery)

The Agent prepared every field value below; a human pastes/enters them and signs.

4.1 STEP 1 — File the L2 ratification request (`approval_requests`)

A human governance owner creates one approval_requests row. Suggested field values (columns verified live, doc 02):

code:                 APR-BOOT-AUTHMODEL-1
request_type:         constitutional_ratification
title:                "Ratify auth model: redefine M-1 -> per-step governance_build_authorization (SB-0); reserve os_proposal_approvals for L4 sovereign e-sign only (D-BOOT-1 + D-BOOT-2)"
action:               modify          # NOT 'add' — must avoid fn_auto_approve_add L0 path
priority:             high
status:               pending
evidence:             "Bootstrap rehearsal REHEARSED-GREEN: one-roof-auth-axis-bootstrap-ratification-rehearsal-go-nogo-2026-06-02 (docs 03-05). Build-ready design: one-roof-axis-auth-proposal-operational-hardening-build-ready-design-2026-06-02 (docs 02,03,12,13). Intake analysis: one-roof-auth-model-ratification-intake-2026-06-02."
source:               governance/bootstrap
proposed_action:      >
  { "kind": "adopt_authorization_model",
    "D-BOOT-1": "redefine M-1 from os_proposal_approvals>0 to per-step governance_build_authorization (SB-0) L3 grant recomputed from L2 quorum",
    "D-BOOT-2": "adopt SB-0 as L3 build gate; reserve os_proposal_approvals for L4 sovereign e-sign only",
    "ladder": "L0..L4 per hardening doc 02",
    "risk_level": "high",
    "reversible": false,
    "constitutional": true }
review_note:          "Constitutional bootstrap — cannot be self-authorized by SB-0 (circular). Requires one-time L2 council + L4 sovereign adoption."

⚠ proposed_action_code deliberately left blank. No live apr_action_types row carries build-authorization semantics (only add_field/amend_law/create_item/enact_nrm/patch_ops_code/ update_item exist; the governance types are unbuilt = SB-1). Do not invent or borrow a code. Carry the semantics in proposed_action JSON + title; the council ratifies the text of the decision, which is sufficient for a one-time constitutional act. (Building the proper apr_action_types rows is part of what this ratification authorizes, in the later SB-1 step — chicken/egg resolved by ratifying the prose now.)

⚠ action='modify' (not the 'add' default). The 'add' default triggers fn_auto_approve_add (L0 auto-approve) — a constitutional act must not be auto-approved. Setting action='modify' keeps it on the L2 council path. (This is also why N4 — fn_auto_approve_add hardening — matters; see doc 06.)

4.2 STEP 2 — Record the L2 council decision (`apr_approvals` via quorum rule)

The council reviews APR-BOOT-AUTHMODEL-1 and records votes. Because the act is high-risk, fn_apr_quorum_check requires:

≥1 president-human approval (matched by ILIKE '%president%', human approver — F-AUTH-LIVE-1), and
≥2 ai_council approvals, and
no reject (any single reject blocks), and
the proposer is not among the approvers.

Council L2 decision-record template (paste into review_note / decision log):

DECISION: ADOPT auth model (D-BOOT-1 + D-BOOT-2) and the L0-L4 ladder.
SCOPE:    one-time constitutional adoption. Authorizes the SB-0 build and the
          subsequent per-step governance_build_authorization grant regime.
          Authorizes SB-1 to create the governance apr_action_types rows.
BASIS:    rehearsed-green bootstrap package (docs 03-05); build-ready design (docs 02,03).
VOTES:    president-human = APPROVE ; ai_council#1 = APPROVE ; ai_council#2 = APPROVE ;
          rejects = 0 ; proposer excluded.
RESULT:   QUORUM PASSED (high-risk rule satisfied).
NOT YET:  this L2 decision alone does NOT authorize build. L4 sovereign e-sign (Step 3)
          is still required before any COMMIT.

When recorded correctly, approval_requests.quorum_passed should resolve TRUE and status move pending → approved via the live quorum machinery (do not flip status by hand).

4.3 STEP 3 — L4 sovereign e-sign (`os_proposal_approvals`, interim)

The President personally e-signs the adoption. Only the President may do this; the Agent cannot and must not. Until governance_sovereign_esign (hardening doc 12 P3) is built, the interim L4 surface is os_proposal_approvals. The signing human enters genuine signature fields:

# entered BY THE PRESIDENT, out-of-band, in Directus:
signature_text:          <President's typed full name>
signature_image:         <President's signature, optional>
first_name / last_name:  <President>
email:                   <President's email>
esignature_agreement:    true
# linked to the adopted decision APR-BOOT-AUTHMODEL-1 (constitutional adoption scope)
ip / timestamp:          <captured by Directus>

This is the gate that makes os_proposal_approvals > 0 true for this constitutional act. After D-BOOT-2 is enacted, os_proposal_approvals is reserved for L4 only going forward; the old M-1 ("any os_proposal_approvals row") is retired in favor of per-step SB-0 grants.

4.4 STEP 4 — Hand back to the build-agent (gated)

Once both Step 2 (L2 quorum passed) and Step 3 (L4 sovereign e-sign present) exist, notify the build-agent to run P3 — gated SB-0 build (bootstrap doc 08 P3 / this doc 06):

ratify (L2+L4)  →  build SB-0 (governance_build_authorization + v_build_auth_valid
                   + quorum_passed/valid_sovereign_esign + fn_build_commit_allowed)
                →  SB-1 apr_action_types rows (with F-83-1 re-wire FIRST)
                →  SB-12 → SB-13 → SB-10 → SB-11(inactive) → SB-2 → SB-1
   each subsequent step L3-authorized THROUGH SB-0 (one grant per step).

The build-agent must STOP at each step unless a valid per-step SB-0 grant exists, and must rehearse BEGIN..ROLLBACK immediately before each COMMIT (bootstrap docs 03/05 scripts).

4.5 Pre-enactment checklist for the humans

APR-BOOT-AUTHMODEL-1 filed with action='modify', status='pending', blank proposed_action_code, full proposed_action JSON.
L2 council votes recorded: 1 president-human + ≥2 ai_council, 0 rejects, proposer excluded; quorum_passed=TRUE.
President L4 e-sign present in os_proposal_approvals with esignature_agreement=true, linked to the adoption.
No status field hand-edited; let the quorum machinery move it.
Only then: trigger the gated SB-0 build macro.

4.6 What was NOT done (attestation)

No approval_requests row written. No apr_approvals vote cast. No os_proposal_approvals e-sign created. No PG/Directus/Qdrant/Nuxt mutation. The values above are prepared text for humans to enter. (Full forbidden-compliance in doc 07.)

4.7 Cross-links

enacts the decision in [[01-ratification-question-and-scope]] §1.1; path chosen in [[03-legitimate-recording-path-decision]].
build sequence detailed in [[05-build-go-nogo-after-ratification-intake]] and bootstrap [[one-roof-auth-axis-bootstrap-ratification-rehearsal-go-nogo-2026-06-02]] doc 07 §7.5.
L4 target evolution governance_sovereign_esign: [[one-roof-axis-auth-proposal-operational-hardening-build-ready-design-2026-06-02]] doc 12.