04 - No-Disposition Guard Re-bound to the Envelope

What Codex required (Check F)

G-LEGACY-NO-DISPOSITION-AUTHORITY and G-NO-SUPERSEDED-CONSUMPTION depended on the unpinned ACTIVE_AUTHORITY classification. Until the boundary was content-addressed, a mutable classification/body could bypass the guard after review. Bind both to the exact content-addressed approval envelope and fail closed on all drift.

What T1 patched (doc 06)

G-LEGACY-NO-DISPOSITION-AUTHORITY input changed from "the ACTIVE_AUTHORITY load-bearing docs/sections (per the doc 00 registry; depends on G-ACTIVE-AUTHORITY-SCOPE)" to:

the ACTIVE_AUTHORITY load-bearing docs/sections as fixed by the SEALED approval envelope (exact reviewed revisions/hashes; depends on G-ACTIVE-AUTHORITY-APPROVAL-ENVELOPE / -HASH-MATCH / -REVISION-MATCH / G-ACTIVE-AUTHORITY-SCOPE) + sealed manifests + guard/package/order/rollback definitions. Fenced SUPERSEDED_NON_AUTHORITY history (as listed in the envelope) is scanned separately and reported, never failed or consumed.

Its failure column now also fails when the approval envelope is absent/unsealed or any active doc/section revision/hash mismatches the sealed envelope ("a mutable-marker scope cannot bypass this guard post-approval").

So the guard's behavior is exactly Codex's spec:

• scans only ACTIVE_AUTHORITY content identified by the approved envelope;
• fails if the envelope is absent;
• fails if any active doc/section revision/hash mismatches;
• fails if an old disposition/STUB term appears in approved ACTIVE_AUTHORITY content;
• report-only for terms inside SUPERSEDED_NON_AUTHORITY sections included in the envelope as historical non-authority;
• fails if any package references superseded content (via G-NO-SUPERSEDED-CONSUMPTION, doc 05).

Guard-quality rule 8 (active-authority scope) is preserved; rule 9 (content-addressed authoring authority) makes the envelope binding mandatory for any text-scanning authoring guard.