Non-bypassable here means: on governed BiDigest paths documented in PLUMBING_SPEC, materialization is preceded by T₁ checks so stale intent does not silently become committed telemetry without passing those checks. Customer edges and partner routes have different envelopes—see sovereign egress evaluation internal doc.
From rule satisfaction to authority verification
Validation checks shape. T₁ re-derivation re-reads org lifecycle (including inactive or suspended org posture where implemented), strict claim shape, and fail-closed shunts such as ORG_SUSPENDED_AT_T1 so execution drift from prior approval is reduced.
Sealer and API paths document concrete machine codes and preimage-style context for failures—discovery-oriented reconstruction, not a claim that every integration is cryptographically Merkle-complete today.
This is not universal sub-ms guarantees; route and deployment honesty stay in MESSAGING_COPY_BLOCKS and PLUMBING_SPEC.