02 — Approval-Aware Execution Mode (Branch A)
title: 02 — Approval-Aware Execution Mode (Branch A) date: 2026-05-31 decision: COMMIT_FORBIDDEN_NO_APPROVAL
02 — Approval-Aware Execution Mode (Branch A)
Scan method (live, this run)
Four approval surfaces inspected in directus:
approval_requests, apr_approvals, os_proposal_approvals, plus a keyword scan over
titles/codes/entity_codes/evidence.
Findings
approval_requests status distribution
| status | n | last reviewed | reviewer class |
|---|---|---|---|
| applied | 176 | 2026-04-20 | machine (orchestrator-s142b, auto-apply-function, system_auto_approve) |
| expired | 19 | 2026-05-23 | system_auto_expire |
| rejected | 14 | 2026-04-20 | machine |
| approved | 2 | 2026-04-20 | system_auto_approve (machine) |
The only 6 non-machine ("human") rows — ALL out of scope
| id | code | type | reviewer | title | reviewed |
|---|---|---|---|---|---|
| 220 | APR-0220 | fix_repair_dot | desktop | S178-Fix21 dot-apr-execute v2.1 | 2026-04-19 |
| 214 | APR-0214 | schema_modify | president | S178-Fix20 register directus_fields | 2026-04-19 |
| 211 | APR-S178F18-FALLBACK-5 | fix_repair_dot | president | S178-Fix18 admin_fallback_log id=5 | 2026-04-19 |
| 201/202/203 | — | fix_repair_dot | president | Retroactive APR ADMIN fallback #1/#3/#4 (DOT_NRM_ENACT, m1-ddl-bootstrap, dot-apr-types) | 2026-04-19 |
Every human-signed approval is S178 DOT-repair campaign (2026-04-19), retroactive quorum (gpt+gemini+president). None references any combined-macro scope.
Other surfaces
os_proposal_approvals= 0 rows (no sovereign/OS proposal sign-off ever).apr_approvals= 42 rows — quorum votes attached to the S178 APRs above; none for our scopes.- Keyword scan (
pivot|registr|six.?object|phantom|threshold|label|pin|ghim|drilldown|parent_code|v_registry_leaf_set) returned onlybirth_orphan/accuracy_driftrows auto-applied byorchestrator-s142b/auto-apply-function— machine onboarding, not human authorization to commit.
RG gate classification
| Gate | Scope | Approval present? | Mode this macro |
|---|---|---|---|
| RG1/RG2 | six-object foundation | NO | rehearse + commit-ready pack |
| RG3 | missing pivots (PIV-500/301/302/303/311) | NO | engine-proven pack |
| RG4 | phantom policy/law | NO (council decision) | decision pack + law-patch draft |
| RG5 | threshold/label (display_policy) | NO | rehearsed pack |
| RG6 | pin/ghim (registry_pin) | NO | rehearsed pack |
| RG7 | Directus/API exposure | NO | contract pack + static mock |
| RG8 | Nuxt render-shell | NO | implementation pack only |
| RG9 | legacy retirement / route cutover | NO | plan only, FORBIDDEN to execute |
No approval for one scope is used to authorize another (Đ32).
Decision
COMMIT_FORBIDDEN_NO_APPROVAL. All eight phases proceed on the safe path: rehearse,
prepare commit-ready packs, deploy the safe static preview, produce evidence and next
prompts. No PG commit, no Directus mutation, no Nuxt change, no route cutover, no law
enactment, no self-approval.
To flip to COMMIT mode (what a valid approval must contain)
A human/council artifact (in the user prompt, or recorded to approval_requests +
apr_approvals quorum, or os_proposal_approvals) that names the specific scope, e.g.
"RG1+RG2: commit the six read-only views/function v_registry_leaf_set … fn_registries_pivot_node_substrate".
Then, and only then, the exact ordered commit in doc 11 may run — one scope per approval.