14 — Next Prompts (paste-ready follow-on macros)

Package: one-roof-axis-auth-proposal-operational-hardening-build-ready-design-2026-06-02 Mode: DESIGN ONLY now; these macros are what comes AFTER this hardening package is reviewed. All macros are self-contained-after-clear (cite KB paths + live-verify first), per muc-tieu v1.3 §3.1.

---

N1 — Authorization-model ratification decision-intake (CRITICAL PATH)

Prepare the L2 council + L4 sovereign ratification packet to adopt the authorization model (redefine M-1 → per-step governance_build_authorization; adopt SB-0). DECISION-ONLY, no build. Read first: this package docs 02, 03, 11, 12 (P1/P2/P3/H3); impl-index docs 89, 96, 114. Produce: the exact approval_requests text for authorize_build_step (action='review'); the council decision record template; the sovereign L4 e-sign scope wording (the one-time constitutional adoption); the bootstrap explanation (doc 02 §2.7). Forbidden: writing any os_proposal_approvals/approval/grant row; this is the packet, not the act.

N2 — SB-0 author-mode rehearsal (BEGIN..ROLLBACK)

Rehearse governance_build_authorization + v_build_auth_valid + verifier in author mode (psql -U workflow_admin, BEGIN..ROLLBACK, entry==exit, zero COMMIT). Run the 5 negative tests (doc 03 §3.8): forged-grant-no-quorum, expired, consumed, revoked, self-grant, plus the raw-status-bypass regression. Read first: docs 02, 03; live audit doc 01. Forbidden: COMMIT; any persistent row.

N3 — GPT council review of this hardening package

Review docs 00–16 of this package for build-readiness sufficiency. Confirm the 7 prior gaps are closed; flag any remaining design gap before Phase-0 ratification. Read first: this whole package + the prior …-2026-06-01 package + GPT review 2026-06-02.

N4 — fn_auto_approve_add hardening (P5) — earliest safe standalone build

Build the P5 fix only: auto-approve iff proposed_action_code ∈ governed allowlist AND risk_level='low', else fail-safe deny (doc 12 P5). Reversible; lands before Phase-0. Gate: this is a substrate-touching change ⇒ needs its own L2 approval + L3 grant once SB-0 exists, OR a one-off sovereign-approved safety patch if done before SB-0. Rehearse BEGIN..ROLLBACK first. Read first: doc 01 §1.3; impl-index docs 27, 84.

N5 — Axis substrate detailed-design close + FAC-08 operationalization

Finalize CREATE-TABLE DDL + indexes + negative tests + BEGIN..ROLLBACK rehearsal for axis_registry + axis_assignment (docs 04/05); decide FAC-08 cardinality/max_labels_per_entity (doc 07 O-TOPIC-1); design SB-3 envelope→projection generalization (doc 04 §4.8). Read first: docs 04, 05, 07, 10; live audit doc 01 (entity_labels 787,723; taxonomy/taxonomy_facets).

N6 — SB-2 + axis owner ratification (OP-B / C-1)

Council intake for governance_responsibility_scope + governance_object_ownership (SB-2) and the axis owner-per-scope map (doc 09 §9.7). Resolve OP-B (federated owner-per-scope) and C-4 adapter for IU-island dissolution. Read first: docs 04 §4.7, 09; impl-index docs 16–22, 75–81.

---

Sequencing

N1 (decision) ∥ N3 (review) ∥ N2 (rehearsal, rollback-only)     ← can run in parallel now
        │
        ▼ (after N1 ratified + N3 pass)
build SB-0  →  N5 (axis close) ∥ N6 (SB-2/owner intake)
        │
        ▼
spine build (SB-12…SB-1)  →  axis build (SB-AXIS-1/2, SB-3)  →  C-7 → T6/T7/backfill/topic-UI
N4 (P5) may land first, standalone, reversible.

Operator-surface note (muc-tieu §4J): none of these is a production operator interface; production topic/axis operations will later be short MARK/CUT-style commands, not these macros.

---

Addendum — N2 + N5 EXECUTED & PUBLISHED (2026-06-02)

Back-link added by the rerun (the prior claim of these results was unverifiable; the package is now real in KB).

N2 (SB-0 rehearsal) and N5 (axis substrate rehearsal) have been executed live (author-mode ssh contabo → docker exec -i postgres psql -U workflow_admin, single BEGIN..ROLLBACK) and the results published to:

knowledge/dev/reports/architecture/one-roof-auth-axis-bootstrap-ratification-rehearsal-go-nogo-2026-06-02/ (docs 00–09).

• SB-0 (governance_build_authorization + v_build_auth_valid + quorum_passed/valid_sovereign_esign/fn_build_commit_allowed) and axis (axis_registry + axis_assignment) compile; verifier recomputes validity (never trusts raw status).
• All 7 fail-closed modes + self-grant DENY; SB-0 CHECK negatives + axis negatives reject; entry==exit, zero residue, idle_in_transaction=0 (re-verified from a second connection).
• Safety improvement vs the prior draft: the valid-grant path is backed by a real existing approved request (APR-S178F18-FALLBACK-5), so no write hit the live approval spine and birth_registry was invariant throughout.

N1 (ratification packet) and N3 (GPT review) remain open and unchanged. Build stays NO-GO; the rerun's final status is GO_TO_RATIFICATION_INTAKE (package + rehearsal verified; the one gate not enacted).

---

Addendum — N1 ratification packet EXECUTED & PUBLISHED (2026-06-02)

Forward cross-link added by the PUBLISH_VERIFY_AND_CLOSE mission. Body above is unchanged.

N1 (authorization-model ratification decision-intake) has been executed and published to:

knowledge/dev/reports/architecture/one-roof-auth-model-ratification-intake-2026-06-02/ (docs 00–07, verified list/get/search in KB).

• Verdict: the ratification is NOT Agent-recordable (D-PATH, intake doc 03) — confirmed live: os_proposal_approvals=0; apr_action_types=6 (no governance build-auth type → SB-1 unbuilt); no ratification/council/sovereign table exists.
• Field-level refinement of N1's draft: N1 anticipated action='review'; the live-verified packet (intake doc 04) files request APR-BOOT-AUTHMODEL-1 with a non-add action (to bypass fn_auto_approve_add) and blank proposed_action_code (no governance action-type exists to reference — building those rows is part of what the ratification authorizes, in the later SB-1 step). Semantics carried in proposed_action JSON + title.
• N3 (GPT review) remains open. Build remains NO-GO; the one gate B-RATIFY is human L2 + L4 only.

See [[one-roof-auth-model-ratification-intake-2026-06-02]].