Codex Review - R2-B2 Inspect Producer TD-Prep LEGO
STATUS: PASS_WITH_CAVEATS
REPORT_DATE: 2026-06-18
OFFICIAL_KB_PATH: knowledge/dev/laws-new/reports/codex/codex-review-r2-b2-inspect-producer-td-prep-lego-2026-06-18.md
REVIEW_SCOPE: Independent read-only control review of the R2-B2 Inspect Producer TD-Prep packet and execution report.
0. Operating Position
Three declarations:
- Permanent: this review accepts only the B2 inspect-producer contract boundary; it does not authorize a producer build, channel install, live run, or backlog remediation.
- Mistake-resistant: B2 remains inspect-only and cannot certify, canonicalize, mint identity, or write KG/provenance.
- Automatic: no automation, channel selection, cron/runner/job setup, or next TD package is started here; Owner must choose the next exact scope.
Control principles applied: read target files directly from AgentData KB in the main process, treat AgentData metadata as authoritative, preserve inherited caveats, distinguish engineering PASS from authority PASS, reject TD drift, reject channel-authority selection, reject scope creep, and do not treat local scratch as official storage.
Executive Summary
- The two files are valid R2-B2 design-only TD-prep deliverables.
- Scope is truly B2-only: B2 reads uncertified birth_registry rows, uses the D0-G PEN/STAMP/GATE rule-set, writes inspect_pen / inspect_stamp / inspect_gate only, appends S7 evidence, and follows S8 as one producer-run rollback unit.
- The packet does not authorize certification, canonicalization, identity minting, KG/provenance writes, B5 backlog execution, B7 gate policy, channel installation, pg_cron, queue worker enablement, or live runtime action.
- The channel matrix is conceptual only. Host cron and agent-api executor are candidates; pg_cron and job_queue are risky/future-gated; manual one-shot is rejected as a standing channel. No channel is selected as authority.
- The 2026-03-21 fused shortcut is rejected strongly enough as a manual, unrepeatable, non-LEGO anti-pattern that fused B1+B2+B3+B4 and certified without genuine inspection.
- Status is PASS_WITH_CAVEATS because B2 is still missing, bad-input behavior is conceptual-only, D0-G source recovery remains open, and inherited caveats CAV-3/CAV-4/CAV-5 remain binding.
| File |
Expected |
Observed |
Verdict |
Issue |
| knowledge/dev/laws-new/newlaws/consolidation/r2-b2-inspect-producer-td-prep-lego-2026-06-18.md |
revision 1, content_length 47732 |
revision 1, content_length 47732 |
PASS |
None |
| knowledge/dev/laws-new/newlaws/reports/r2-b2-inspect-producer-td-prep-lego-execution-report-2026-06-18.md |
revision 1, content_length 12885 |
revision 1, content_length 12885 |
PASS |
None |
Metadata convention audit:
- Both target files exist at exact KB paths.
- Editorial revision is distinct from AgentData metadata.
- File bodies do not pin volatile storage revision/content_length.
- AgentData metadata at read time is treated as authoritative.
- No third file is treated as output.
- No registry/schema/code/current corpus file is created.
Source-Read / No-Parallel-Agent Audit
| Check |
Verdict |
Issue |
| Sources read directly from AgentData KB |
PASS |
Packet states all sources were read first-hand from AgentData KB. |
| No parallel reader-agents |
PASS |
Packet explicitly says no parallel reader-agents were used. |
| No background reader-agents |
PASS |
Packet explicitly says no background agents were used. |
| No sub-agent outsourcing for reading |
PASS |
Packet explicitly says reads were by the main process. |
| Reads bounded/sequential |
PASS |
Packet states one document per call, sequentially, full read. |
| No fact inferred from local prose/memory |
PASS |
Packet states no local-prose inference. |
| Prior reader-agent caveat repeated |
PASS |
Not repeated; this packet explicitly avoids that pattern. |
| Item |
Verdict |
Issue |
| v0.1-stable / FIX7 V3 baseline |
PASS |
Carried as baseline fixture; not overwritten, promoted, or modified. |
| FIX7 Recheck-9 / current Codex packet use |
PASS |
v0.1 may continue as reproducibility/comparison/regression fixture only. |
| Tool-Kiem-Thu v0.2-hardening |
PASS |
Kept as separate development track; not authority for FIX7. |
| v0.2 authority confusion |
PASS |
BI-10 rejects v0.2-hardening as authority until Owner/User promotion after regression. |
B2 Boundary Audit
| Check |
Verdict |
Issue |
| B2 is inspect producer only |
PASS |
Responsibility limited to producing PEN/STAMP/GATE inspection results. |
| Reads uncertified birth_registry rows |
PASS |
Input contract is uncertified rows plus D0-G rule-set and B3 contract. |
| Writes inspect_pen/stamp/gate only |
PASS |
Output contract forbids all other writes. |
| Appends S7 evidence |
PASS |
Evidence contract includes counts, ids, timestamps, rule-set hash, failure records. |
| Follows S8 one producer-run rollback unit |
PASS_WITH_CAVEAT |
Unit is defined, but downstream B4 auto-certify rollback interaction remains future TD. |
| Channel remains internal/replaceable |
PASS |
Channel is explicitly not the block boundary. |
| Avoids B4 certification |
PASS |
certified/certified_at are forbidden outputs. |
| Avoids B1/S3 identity minting |
PASS |
entity_code/identity mutation forbidden. |
| Avoids B6/S4 canonical address |
PASS |
canonical_address/owner/jsonb_profile/status writes forbidden. |
| Avoids B5 backlog execution |
PASS |
Backlog is separate B5; not smuggled into B2. |
| Avoids B7 gate flip |
PASS |
app.birth_gate_mode flip forbidden and future-gated. |
| Avoids KG/provenance/quarantine logic |
PASS |
KG/provenance writes explicitly forbidden. |
| Avoids tool authority logic |
PASS |
Tool lock preserved; v0.2 not authority. |
| Check |
Verdict |
Issue |
| Input: uncertified birth_registry rows |
PASS |
certified=true rows are skipped. |
| Input: governed PEN scope |
PASS_WITH_CAVEAT |
governed scope present; observed-role policy remains carried as open ambiguity. |
| Input: D0-G PEN/STAMP/GATE rule-set |
PASS_WITH_CAVEAT |
Rule-set used from working source; authoritative source recovery remains open. |
| Input: B3 inspect_* contract |
PASS |
B3 is load-bearing stud. |
| Output: inspect_pen only if PEN passes |
PASS |
Genuine per-stage pass required. |
| Output: inspect_stamp only if STAMP passes |
PASS |
Requires prior PEN. |
| Output: inspect_gate only if GATE passes |
PASS |
Requires prior STAMP. |
| PEN -> STAMP -> GATE order |
PASS |
Out-of-order stamps rejected. |
| One inspector writes only own column |
PASS |
One-column-per-inspector invariant carried. |
| Idempotent, no overwrite/re-stamp |
PASS |
Only unset columns may be set. |
| certified=true/certified_at allowed? |
PASS |
Explicitly forbidden. |
| canonical/owner/jsonb_profile/status fields allowed? |
PASS |
Explicitly forbidden. |
| entity_code mutation allowed? |
PASS |
Explicitly forbidden. |
| KG provenance allowed? |
PASS |
Explicitly forbidden. |
| all inspect_*=now() shortcut allowed? |
PASS |
Explicitly rejected. |
| net-new stamp columns/manual SQL shortcut allowed? |
PASS |
Explicitly rejected. |
| Case |
Verdict |
Issue |
| BI-1 row missing entity_code |
PASS |
Reject / no inspect stamp + S7 audit. |
| BI-2 row missing collection_name |
PASS |
Reject / no inspect stamp + S7 audit. |
| BI-3 already certified=true |
PASS |
Skip / no producer write. |
| BI-4 partial inspect_* from unknown origin |
PASS_WITH_CAVEAT |
Ambiguous / Owner-gated review / no certify; built behavior not runtime-tested. |
| BI-5 D0-G rule-set unresolved |
PASS_WITH_CAVEAT |
SOURCE_RECOVERY_REQUIRED / no stamp; source recovery remains open. |
| BI-6 asked to set certified=true |
PASS |
Reject. |
| BI-7 asked to set canonical_address |
PASS |
Reject. |
| BI-8 asked to stamp all inspect_*=now() without checks |
PASS |
Reject fused shortcut. |
| BI-9 channel not approved / owner missing |
PASS |
No-op / pending Owner. |
| BI-10 v0.2-hardening offered as FIX7 authority |
PASS |
Reject until Owner/User promotes. |
| BI-11 out-of-order stamp |
PASS |
Reject. |
| BI-12 out-of-scope governance_role |
PASS_WITH_CAVEAT |
Skip/out of scope; observed-role policy caveat preserved. |
Channel Option Audit
| Channel |
Verdict |
Issue |
| host cron |
PASS |
Candidate only; no cron spec or selection. |
| pg_cron |
PASS_WITH_CAVEAT |
Risky/future-gated because pg_cron is not installed; no install authorized. |
| agent-api executor |
PASS |
Candidate only; no contract promotion or runner execution authorized. |
| job_queue worker |
PASS_WITH_CAVEAT |
Risky/future-gated due disabled/idle queue and undrained event_outbox pattern; no worker enable authorized. |
| manual one-shot |
PASS |
Rejected as standing channel; B5 one-shot backlog remains separate and Owner-gated. |
| final channel selected as authority? |
PASS |
No channel selected. |
| cron/runner/job specs written? |
PASS |
No implementation specs found. |
| B5 backlog smuggled into B2? |
PASS |
No; B5 remains separate. |
Fused-Shortcut Audit
| Check |
Verdict |
Issue |
| Certified without genuine inspection |
PASS |
Identified as reason to reject. |
| Fused B1+B2+B3+B4 |
PASS |
Identified as prohibited mega-statement. |
| Used manual SSH/docker exec/psql pattern |
PASS |
Identified as manual bypass anti-pattern. |
| Bypassed DOT/D32 |
PASS |
Identified as invalid. |
| Unrepeatable and not rollbackable as LEGO |
PASS |
Identified as non-LEGO/unrepeatable. |
| Treated as reusable for B2? |
PASS |
No; rejected as standing-channel and implementation pattern. |
S7/S8 Audit
| Surface |
Verdict |
Issue |
| S7 evidence append-only |
PASS |
Records counts, ids, timestamps, rule-set hash, failure audit records. |
| S7 non-decisional |
PASS |
Does not approve, certify, or act as authority. |
| S8 rollback unit |
PASS_WITH_CAVEAT |
One producer-run unit defined; downstream B4 auto-certify interaction is surfaced as future TD. |
| S8 not script/design |
PASS |
No rollback script, command sequence, or SQL mutate plan found. |
Technical-Design Drift Audit
| Check |
Verdict |
Issue |
| Schema DDL / table definition |
PASS |
None found. |
| Migration plan / function body |
PASS |
None found. |
| SQL mutate plan / exact command sequence |
PASS |
None found. |
| Producer implementation |
PASS |
None found. |
| Scheduler / cron implementation plan |
PASS |
Channel matrix remains conceptual. |
| Runner build plan |
PASS |
None found. |
| Rollback script |
PASS |
None found. |
| Backlog execution plan |
PASS |
B5 remains separate; no backlog execution plan. |
| Runtime execution steps |
PASS |
None found. |
Future Write / Owner-Gate Audit
| Future action |
Verdict |
Issue |
| Build/wire standing B2 producer |
PASS |
Forbidden now; Owner/D32 + S2 + channel decision required. |
| Set inspect_pen/stamp/gate |
PASS |
Forbidden now. |
| Run producer against live rows |
PASS |
Forbidden now. |
| Install pg_cron |
PASS |
Forbidden now. |
| Promote agent-api contract |
PASS |
Forbidden now. |
| Enable job_queue worker / master switch |
PASS |
Forbidden now. |
| Assign birth-producer governance owner |
PASS |
Forbidden now. |
| Recover D0-G source |
PASS |
Forbidden now; Owner out-of-band. |
| Run B5 backlog pass |
PASS |
Forbidden now and out of B2 scope. |
| Build S7 evidence writers |
PASS |
Forbidden now. |
| Define/execute rollback mechanism |
PASS |
Forbidden now. |
| Confirm transient GUC |
PASS |
Not done here; CAV-5 preserved. |
Non-Authorization Audit
- DB write/DDL/DML performed/authorized? no
- restart/reload performed/authorized? no
- runner/job/cron/worker execution performed/authorized? no
- DOT/KG/birth/certify/promote execution performed/authorized? no
- inspect/certified writes performed/authorized? no
- gate flip / owner assignment / contract promotion authorized? no
- pg_cron install / queue worker enable authorized? no
- source/prior-report patch performed/authorized? no
- current corpus created/authorized? no
- technical design authorized? no
- implementation authorized? no
- blocker resolved? no
- v0.1-stable/FIX7 V3 overwritten? no
- v0.2-hardening promoted or used as authority? no
Primary Review Questions
- Are the two files valid R2-B2 TD-prep deliverables? yes, with caveats.
- Does the packet remain design-only despite TD-prep language? yes.
- Is the scope truly B2-only? yes.
- Does B2 avoid certifying? yes.
- Does B2 avoid canonicalizing? yes.
- Does B2 avoid identity minting? yes.
- Does B2 avoid KG/provenance? yes.
- Is the channel matrix conceptual only? yes.
- Is no channel selected as authority? yes.
- Is the 2026-03-21 fused shortcut rejected strongly enough? yes.
- Is S7 evidence append-only and non-decisional? yes.
- Is S8 rollback a unit/discipline only, not a script/design? yes.
- Are all future writes still Owner-gated and forbidden? yes.
- Is further Claude patch needed before acceptance? no.
Next-Step Decision
- Is R2-B2 TD-Prep accepted? yes, as design-only TD-prep with caveats.
- Is Owner selection required before actual B2 TD? yes.
- Is write-enabled remediation authorized now? no.
- Is technical design authorized now? no.
- Is a channel selected as authority now? no.
- Recommended next action: Owner chooses whether to proceed to actual B2 technical design with a selected channel, a sibling design-only TD-prep, or a standalone R2-D2 channel decision. No automatic TD or remediation follows.
Final Recommendation
- Further Claude patch needed? no.
- Owner can use this packet before choosing actual B2 TD/channel? yes, with caveats retained.
- Default next action: Owner decision on exact next scope.
- Do not implement confirmation: do not implement, do not mutate runtime, do not run DDL/DML, do not write technical design, do not resolve blockers, do not create current corpus, do not set inspect_* or certified=true, do not install pg_cron, do not enable queue workers, do not select/promote a channel, do not overwrite v0.1-stable/FIX7 V3, and do not promote v0.2-hardening as authority.