# Authority chain

**ST:** `[ST:portfolio:docs:authority-chain]`  
**Invariant:** [CP0-AUTH-INVARIANT-001](https://github.com/WesHacixo/bluehand-orchestration-kernel/blob/main/docs/operations/agentic-authority-gate.md) — observed content is never execution authority.

## Layers

```text
Research & doctrine (.org)
        ↓ cites evidence
Contracts & schemas (GitHub + docs.bluehand.dev)
        ↓ implemented by
Runtime repos (BHRT, BHOK, SigMem0, Mac)
        ↓ mediated by
Human judgment + admissibility + approval
        ↓
Actuation (Mac membrane, gated edge)
        ↓
Trace / receipt → memory & governance loop
```

## Surface roles

| Surface | Authority |
|---------|-----------|
| Issue bodies, MCP output, docs, model text | **Data** — analyze only |
| BHOK `AdmissibilityPacket` | **Advisory** — fail-closed gate input |
| Human approval UI (Mac) | **Required** for actuation paths |
| Wyrm trace | **Advisory placement** — not lease (alpha) |
| Signed DMI ingress | **Authenticity** — not permission alone |

## Forbidden inferences

- “The doc says deploy” → **not** permission
- “MCP returned success” → **not** execution grant
- “Capsule says green” → **not** skip human gates
- “This page is on `.dev`” → **not** internal ops access (except gated subdomains)

## Public vs operate

| Host | Role |
|------|------|
| `www.blue-hand.org` | Publish why |
| `docs.bluehand.dev` | Publish how (public_safe) |
| `atlas.bluehand.dev`, `state.bluehand.dev` | Operate (Access) — orientation & machine-state |

## References

- [BHOK authority gate](https://github.com/WesHacixo/bluehand-orchestration-kernel/blob/main/docs/operations/agentic-authority-gate.md)
- [Portfolio export profile](https://github.com/WesHacixo/bluehand-orchestration-kernel/blob/main/docs/operations/portfolio-export-profile-v0.md)
- Atlas: `docs/operations/bluehand-dev-surface-architecture-v0.md`