04 — G3 Production review_decision Governance — Council Activation Packet (Branch D)

Authority status: NOT_FOUND (doc 01) → agent does NOT deploy/activate. Final council packet.

1. Live confinement (verified)

• Production review_decision + manifest_envelope live in the privilege-walled cutter_governance schema, invisible to context_pack_readonly (confirmed: relation "review_decision" does not exist under the read role).
• The only builder visible/usable is fn_iu_test_review_decision_create(...) — test scope, tagged automated_agent, cross_signed=false. It is not a production approval path.
• No approve-capable production builder exists. This is correct — it is the structural guarantee against agent self-approval.

2. Production builder spec (council to deploy, inside cutter_governance, privileged role)

• Proposal-only builder fn_review_decision_propose(...): emits verdict ∈ {proposed} only. Hard guard: CHECK (actor_kind = 'automated_agent' ⇒ verdict NOT IN ('approve','reject')). An agent can propose, never decide.
• Approval queue: a pending-decisions view/table that human roles (Đ37-H department_lead/super_admin/council) draw from.
• Approve path: human/council/sovereign only; sets verdict='approve', requires ≥2 cross-signs (signer1 ≠ signer2 ≠ proposer) + manifest binding (decision.manifest_ref → real manifest_envelope row; verdict invalid without it) + decision timestamp + manifest hash.
• No-agent-approve guard: enforced at builder + table CHECK + Đ37-H law (doc 03 §3.4).

3. Audit / evidence

• Every proposal and decision writes an immutable audit row (actor, kind, manifest_ref, signers, ts, hash).
• Cross-sign evidence retained; reject reasons captured.

4. Rollback

• Builder is additive in cutter_governance; reversal = drop the proposal builder + queue view (no data loss, since no production decisions exist yet). Any minted decisions are append-only law artifacts — reversal of a decision is by superseding decision, not deletion.

5. FOUND_VALID definition

G3 active = proposal-only builder + queue + no-agent-approve guard deployed in cutter_governance by a privileged role, authorized by council, with the approve path reserved to humans and manifest binding enforced. Until then G3 stays human/council-pending.

6. Dependency note

G3's human approve path depends on G2 (Đ37-H) to define who the lawful human approvers are. G1's Đ32 certification (doc 02) is the first real consumer of G3's approve path — so the natural order is G2 → G3 → G1 → G4 for the approval machinery, though G1's law clause + Đ32 can also be minted directly by sovereign without the full G3 builder if the sovereign acts as signer.