BLOCKER D - Operator Authorization Typed-PG Contract Fix
05 - BLOCKER D: Operator-Authorization Typed-PG Contract (in-blueprint)
Codex recheck-2 finding (doc 06)
evidence_registry exposes artifact URI/hash, issuer, epoch, validity, revocation — but not a
typed approved_package_sha256 or authorization_scope. Those values stayed inside external artifact
content, and the blueprint defined no sealed analyzer/adapter that parses the artifact and emits typed
PG decision inputs. Also: activation quorum authorizes PKG-F only, not PKG-E/G/H — a broad operator
role grant is not a package-specific authorization contract.
The fix — bind to the existing typed PG authority model, drop the artifact-as-authority framing
The prior patch made operator_authorization a sealed evidence_registry row "carrying"
approved_package_sha256. Codex correctly rejected that: an artifact's content is not a typed PG
input. The corrected contract uses the authority FIX7 already has — and the approved design authorizes
manifest transitions executed by Level-B principals, not opaque "packages":
| Codex-required typed input | approved typed PG home |
|---|---|
| authorized action | ACTIVE authority_action_manifest #07 row (action_code) |
| authorization scope | ACTIVE authority_scope_manifest #20 + privilege_set_manifest #21 rows |
| principal + class | CP-09 principal_registry (auth_db_role ↔ human_identity_registry, principal_class) |
| quorum / separation / signoff | ACTIVE quorum_requirement #19 + principal_separation #08 + signoff_requirement #16 + runtime signoff_binding/quorum_vote |
| package hash | the sealed manifest_set.payload_sha256 / manifest_activation.candidate_payload_sha256 / activation_sha256 the transition applies (the package IS a manifest transition) |
| epoch / validity | control_epoch (on manifest_activation/evidence); validity via the activation window |
| operator execution right | the operator's PG role grant to run the package |
So every decision input Codex listed is a typed PG row, not unparsed artifact text. A supporting
evidence_registry row (the reviewed commit/packet/approval) may be referenced for audit, but it
supplies no final authority — G-OPERATOR-AUTH-PG-NATIVE (doc 06) proves every input is a typed
PG row and that the live package sha256 equals the sealed payload hash (both-EXCEPT/read-back).
Per-package authorization (PKG-E/F/G/H), not just PKG-F
- PKG-E (create+seal+stage): no live authority mutation; bounded by owner role + the seal mechanism (exact-set verification) + Level-B principal binding.
- PKG-F (atomic cutover): the authoritative manifest activation —
manifest_activationquorum (#18/#19) +control_epoch+candidate_payload_sha256+signoff_binding+ Level-B principal. This is the design's one authoritative transition and is fully typed. - PKG-G (residual owner/ACL cutover): authorized by the sealed #20
expected_owner_role/expected_acl_sha256+ #21 grants the step must realize (verified byG-OWNER-CUTOVER) + the Level-B principal; the "package" is the set of owner-entrypoint calls that realize exactly the sealed end-state. - Each step's package integrity = the SECURITY DEFINER entrypoint
source_sha256(pinned in #02operator_primitive_manifest/ #26gateway_manifest) + the sealed manifestpayload_sha256.
There is no need for a dedicated approved_package_sha256 typed column, because FIX7 authorizes
manifest states/transitions (whose hashes are already typed PG columns) executed by Level-B-bound
principals — not free-form operational packages. If the design owner nonetheless prefers a literal
per-package hash column, that is a minor catalog/DDL amendment; T1 flags it but does not require it, as
the per-transition + per-entrypoint hashing fully covers integrity.
PG-native, no new surface
All inputs are existing approved typed rows (#07/#20/#21/#16/#19/#08 + CP-09 registries +
manifest_activation + control_epoch). The only addition is one test/verification guard
(G-OPERATOR-AUTH-PG-NATIVE). The evidence_registry artifact is demoted to supporting evidence.
Self-check
PASS only if the authorization decision inputs are typed PG rows and no external artifact supplies
final authority, for every live package (not just activation). PASS — bound to
#07/#20/#21/#16/#19/#08 + CP-09 + manifest_activation payload/epoch + operator role grant;
artifact is supporting-only; G-OPERATOR-AUTH-PG-NATIVE enforces it.