08 — Human Gate Options Analysis

The single blocker is os_proposal_approvals >= 1 (human L2/L4 ratification). The owner wants minimal dependency on the user. Five practical paths, each assessed; one recommended.

The gate is not arbitrary friction: the ownership seed (Tier 3) is a sovereign accountability assertion — it makes named governance authorities (GOV-COUNCIL, GOV-KG-SYS, GOV-DOT, GOV-MOIT) formally accountable for 35 governed collections. That assertion is precisely what must be human-ratified, and it is the act os_proposal_approvals >= 1 records.

---

Option 1 — Formal L2/L4 ratification (open the gate properly)

• Risk: low. The intended control path; full provenance via a real ratified APR.
• Speed: medium (depends on the human approver's turnaround).
• Safety: highest — accountability is genuinely authorized.
• Steps: (a) human runs the ratification process for APR-BOOT-AUTHMODEL-1 (or equivalent); (b) that enacts an os_proposal_approvals row (ospa→≥1); (c) Agent runs prod/99_run_all.sql -v ratified_apr=<code>.
• Agent can execute without user? No for (a)/(b); yes for (c) once the gate is open.
• Recommended: YES — primary path.

Option 2 — One-time emergency/test production override

• Risk: high. Bypassing the gate fabricates authorization; the seed asserts accountability nobody ratified. On directus (which is production — there is no separate test DB) this is a real, persistent sovereign claim.
• Speed: fast.
• Safety: poor — defeats the only control protecting governance truth.
• Steps: would require editing the gate out of the seed (declined).
• Agent can execute without user? Technically yes; declined on principle (matches the Path-C decision in the gate-resolution package: a persistent seed without ratification is the exact act gated on ospa≥1).
• Recommended: NO.

Option 3 — Production shadow mode (no governance-truth mutation)

• Risk: low. Deploy Tier 1 structure + Tier 2 responsibility axis only (both effect-inert: gap stays 210, 0 rows read, emit fail-closed). Skip Tiers 3–6 (the seeds). Gives production the read-only substrate and UI/API views with no accountability assertion.
• Speed: fast.
• Safety: high — no sovereign claim; fully reversible by DROP.
• Caveat: Tiers 1–2 are currently gated on ospa≥1 too. To run shadow mode independently, split the gate: ship Tiers 1–2 as a ratification-INDEPENDENT structure deploy (they change no effective coverage). This is a small, safe variant the Agent can prepare.
• Agent can execute without user? Structure-only deploy: yes, if the owner authorizes a ratification-independent structure tier (they are genuinely inert). The coverage-closing seed still waits for Option 1.
• Recommended: viable interim — gives visible progress while ratification is pending.

Option 4 — Keep production read-only; continue clone-only

• Risk: none. Speed: n/a. Safety: maximal — status quo; clone remains golden harness.
• Steps: none. Agent can execute without user? Yes (current default).
• Recommended: acceptable default if ratification is not imminent.

Option 5 — Permanent staging environment

• Risk: low-medium (operational cost). Speed: slow (provisioning). Safety: high — removes the "test on production" tension; the clone already partly fills this role.
• Steps: provision a persistent staging Postgres, replicate directus, point a non-prod app at it.
• Agent can execute without user? Partly (Agent can script the clone/replication); infra/credentials need the owner.
• Recommended: good long-term hygiene, not on the critical path.

---

Recommendation

Primary: Option 1. It is the only path that yields a real GO. The Agent has done all technical work; the remaining step is genuinely the human's (ratify), then the Agent executes 99_run_all.sql autonomously.

Interim (optional, owner-authorized): Option 3 shadow structure deploy — ship inert Tiers 1–2 to production so the substrate and UI/API views exist with zero accountability claim, while the coverage seed waits for ratification. The Agent can prepare a ratification-independent structure variant on request.

No path lets the Agent assert governance ownership without human ratification — and it should not. Option 2 is declined.