68 — Remaining Gates & Authorization Requirements (GCOS build-intake, BUILD NO-GO, 2026-06-01)
68 — Remaining Gates & Authorization Requirements
Path:
knowledge/dev/reports/architecture/one-roof-governance-technical-addendum-and-implementation-index-2026-06-01/Doc: 68. Role: Branch B of the gated build-intake packet (docs 67–74). The complete remaining-gate matrix between rehearsal-GREEN and an authorized COMMIT build, with the precise authorization each gate needs. Status: BUILD-INTAKE / GATE DOCUMENT ONLY. No mutation, no COMMIT, no approval creation. Read-only authored. Date: 2026-06-01. Extends: doc 49 (gate checklist), doc 46 (C-7 packet), doc 23 (C-1/C-2 council packet), doc 14 (GPT delegated ruling). Consolidates with: doc 67 (evidence).
68.0 The master stop-gate (unchanged, live-verified this run)
M-1: os_proposal_approvals > 0 with a named human sovereign approval for THIS build step. Live count = 0 (re-verified 2026-06-01). ⇒ COMMIT_FORBIDDEN. Per doc 49: "If M-1 is NOT-MET, stop here — nothing else matters; no COMMIT is possible." No gate below can be flipped to GO by self-approval. A C-7 ruling is a recorded governed decision, never an inline code default.
68.1 Authorization-authority model (who can satisfy what)
Three distinct authorities exist; they are not interchangeable:
- GPT delegated ruling (doc 14) — user delegated technical/council decisions to GPT. Per doc 14 verbatim, this is "NOT sovereign build approval, NOT persistent implementation approval, NOT an approval_requests/apr_approvals record, and NOT permission to COMMIT." It can authorize rehearsal and ratify default council positions for rehearsal. It cannot create the
os_proposal_approvalsrow. - C-7 / C-1 / C-2 council ruling (formal intake) — recorded governed decisions (doc 46, doc 23, doc 52 ledger). Required to activate specific objects (ruleset, input-gate, owner table). Decision-intake only; silence ≠ approval; agent may record, never decide; D10 sovereign agent may not even record.
- Human sovereign (President) approval — the only authority that can satisfy M-1 / A-1, recorded in
os_proposal_approvals+ APR with Điều-32 quorum (fn_apr_quorum_check, proposer ≠ approver).
Key consequence: the GPT delegated ruling (doc 14) already exists and already authorized everything it can — the rehearsals. It cannot move M-1. Build authorization therefore requires NEW explicit input beyond doc 14: either a sovereign-recorded M-1 approval, or an explicit GPT/user delegated build authorization that names the step, COMMIT permission, and stop conditions (doc 72 template).
68.2 Remaining-gate matrix
Legend — Sat. by GPT ruling? = can the existing/expanded GPT delegated ruling satisfy it? Needs sovereign? = needs human sovereign explicit authorization. Rehearsal OK? = may proceed to rehearsal now. COMMIT OK? = may proceed to COMMIT now.
| Gate | Current status | Blocks | Sat. by GPT ruling? | Needs sovereign? | Rehearsal OK? | COMMIT OK? |
|---|---|---|---|---|---|---|
M-1 / os_proposal_approvals |
NOT-MET (0) | ALL COMMIT | No — doc 14 explicitly not a COMMIT/approval record | Yes (A-1) | n/a | No |
| A-2 Điều-32 APR quorum (pres + 2 AI council, proposer≠approver) | NOT-MET | any apply / ruleset activation / owner-edge write | No (quorum is recorded approval) | Yes | n/a | No |
| G-C7 formal build authorization (A-3..A-7) | PENDING (defaults only, rehearsal) | ruleset activation, input-gate trust, backfill seed, 60-day rule, observer-trigger | Defaults yes for rehearsal; formal intake record needed for COMMIT | Council ruling (recorded) | Yes (done) | No until recorded |
| → A-3 C-7.1 input-trust | PENDING | activating dot_governance_input_gate |
rehearsal default ratified (doc 14) | council record | Yes | No |
| → A-4 C-7.2 ruleset-owner | PENDING | activating any governance_ruleset |
rehearsal default ratified | council record | Yes | No |
| → A-5 C-7.3 backfill-ruleset | PENDING | seeding backfill verdicts (Branch A) | rehearsal default ratified | council record | Yes | No |
| → A-6 C-7.4 60-day cut-over | PENDING | legacy-escalation rule in candidate/exception DOTs | rehearsal default ratified | council record | Yes | No |
| → A-7 C-7.5 observer-trigger | PENDING (Option A needs none) | optional Option-B fail-open trigger | in-principle for later design only | council record if built | design/rehearsal only | No |
| A-8 C-1 (SB-2 ownership table) + C-2 (SB-1 action-types) | PENDING (rehearsal-approved doc 14) | owner-relevant T6 routing + the apply DOT | rehearsal pattern approved (doc 14); build needs council record | council record | Yes (done in pattern) | No |
G-SB1A / SB-1 build (4 APR action-type rows, Phase-A handler_ref='unimplemented') |
design only, NOT built | owner-relevant work, apply DOT | No | Yes (via M-1) | Yes | No |
G-SB2 / SB-2 build (governance_object_ownership + 6-row governance_responsibility_scope + v_object_effective_owner) |
design only, NOT built; NOT rehearsed this run (W6) | owner-relevant T6 routing | No | Yes — rehearse first (doc 19 line) | No | |
| G-DDL (SB-12/13/10) | rehearsed-GREEN (docs 58–62) | substrate COMMIT | n/a (evidence) | Yes (M-1) | done | No (M-1) |
| G-RBE (SB-11 register-before-emit) | rehearsed-GREEN (docs 61–62); active=true flip deferred |
event registration COMMIT | n/a (evidence) | Yes (M-1) | done | No (M-1) |
G-APPLY (the only mutating DOT dot_governance_assignment_apply) |
NOT-MET (not created) | any governance write/apply | No | Yes (A-9 H-1/H-2/SB-6 sovereign sign-off) | No — do not build | No |
| T6/T7 10 addenda | enumerated + rehearsed (doc 63); not applied | T6/T7 build | No | Yes (M-1) | done | No (gated on SB-10/11/12/13 built + C-7 + M-1) |
| 5 surgical drift findings (F-57-1/2/3/4, F-R7-1/2) | identified, must fold into build DDL | correct SB-13/SB-11/addenda build | n/a (engineering) | No | done | mandatory fold-in (doc 69) |
| OP-B / SB-3 | concept-deferred | 4th-axis-as-data, IU owner federation | No | council/design | not in this build line | No |
| G-PROD (production fail-closed) | design rule (addendum #10) | production exposure of stale/unknown high-risk verdicts | No | n/a | n/a | enforced at build |
68.3 Doc 49 MUST items not yet green (explicit)
- M-1 (
os_proposal_approvals>0) — NOT-MET (0). Hard stop. - M-2 (no forbidden action in scope) — MET for design/rehearsal; must be re-checked per build step.
- M-3 (reversible by default) — staged in doc 71; per-step rollback required.
- M-4 (no second roof / no-island) — MET by design (0 new buses proven, doc 62).
- M-5 (no hardcode) — MET by design (grep-proven, doc 62/63).
- A-1..A-9 — A-1/A-2/A-9 NOT-MET; A-3..A-8 PENDING (rehearsal defaults ratified, formal record needed for COMMIT).
- RE-1..RE-7 — all MET for the GCOS substrate scope (doc 64 certifies). For SB-2 line, RE-1..RE-7 must be produced separately (W6).
- RR-1..RR-12 — build-time controls; carried into doc 69/70/71 as mandatory.
68.4 What each authority must do, in order
- GPT delegated ruling (optional, can be issued now): review docs 57–66 (P3) and either (a) confirm rehearsal evidence is sufficient and issue an explicit delegated build-intake authorization scoped to a single step with COMMIT-forbidden-unless-M1, or (b) require formal C-7 intake first. Doc 14 already authorized rehearsals; a NEW doc is needed to move toward build.
- C-7 / C-1 / C-2 council formal intake (required for COMMIT of activation-bearing steps): ratify A-3..A-8 as recorded governed decisions (doc 52 ledger; silence ≠ approval; proposer ≠ approver).
- Human sovereign (required for ANY COMMIT): record the M-1 approval in
os_proposal_approvals+ APR with Điều-32 quorum, naming the exact build step. Only this unlocks COMMIT.
68.5 Remaining-gates verdict
Between rehearsal-GREEN and COMMIT there remain: M-1 (sovereign, hard stop), A-2 quorum, G-C7 formal intake (A-3..A-7), A-8 (C-1/C-2 record), G-SB1A + G-SB2 build (SB-2 not yet even rehearsed — W6), G-APPLY (A-9 sovereign, do-not-build now), and mandatory drift fold-in (doc 69). No combination of GPT delegated rulings can substitute for the sovereign M-1 record. BUILD = NO-GO. Rehearsal of the SB-2 owner line may proceed now (doc 19/this packet) without any new authorization, because it is rollback-only.