CODEX REVIEW — READY_TO_ASSEMBLE_LEGO1-PATCH1 Dry-Run Authorization Readiness — 2026-06-22

STATUS: HOLD
REVIEW VERDICT: NEED_READY_TO_ASSEMBLE_LEGO1_PATCH2
STOP STATE: READY_TO_ASSEMBLE_LEGO1_PATCH1_HOLD_PREPARATION_GAPS_REMAIN
DRY-RUN CLASSIFICATION: NOT_READY_TO_REQUEST_DRY_RUN_AUTHORIZATION · NOT_READY_TO_RUN_DRY_RUN_NOW
REGISTRATION_HOLD: ACTIVE
REGISTRATION_CAN_PROCEED: NO
P2 / named lane: CLOSED · NOT_OPENED · NOT_AUTHORIZED
SCOPE: review-only. No runtime mutation, DDL/DML, Directus write, DOT execution, schema/value creation, rollback, Gate B execution, P2/named-lane opening, registration, activation, or adoption.

0. Mandatory posture

I do not trust Claude’s READY report.
I do not trust harness or category completeness.
I inspect actual governed files.
I fresh-reconstruct from KB.
I inspect actual planned commands and live read-only discovery evidence.
I create bad inputs beyond Claude’s test list.
If invalid input can produce PASS/digest/seal/ready, this is fail-open and I reject.
I distinguish engineering PASS from authority PASS.
I distinguish preparation for dry-run authorization from actual dry-run execution.

1. Sources read directly

All governed sources were read in the main process through AgentData; no background agent/subagent was used.

• knowledge/dev/ssot/operating-rules.md — v7.58, revision 51.
• knowledge/dev/laws/constitution.md — v4.6.3 BAN HÀNH, revision 44.
• knowledge/dev/laws/law-01-foundation-principles.md — v3.3, revision 20.
• knowledge/dev/laws/dieu20-thiet-ke-truoc-trien-khai.md — v1.2 FINAL, revision 12.
• knowledge/dev/laws/dieu32-approval-law.md — v1.1 BAN HÀNH, revision 2.
• knowledge/dev/ssot/directus/directus-operating-rules.md — v1.2, revision 8.
• Official prior HOLD: knowledge/dev/laws-new/reports/codex/codex-review-ready-to-assemble-lego1-preparation-package-2026-06-22.md — revision 1, content_length 11399.
• Accepted basis: knowledge/dev/laws-new/reports/codex/codex-review-rs5b-closeout-patch2-lego-readiness-seal-2026-06-21.md — revision 1, content_length 12975.
• PATCH1 package: all 14 governed documents under knowledge/dev/laws-new/reports/ready-to-assemble-lego1-patch1/, each revision 1.
• Rollup: knowledge/dev/laws-new/reports/macro-ready-to-assemble-lego1-patch1-2026-06-22.md — revision 3, content_length 5731.

The prior HOLD was reconstructed as: category-complete but technically deficient due to raw SQL authority, inconsistent identity/versioning, missing authoritative value input, unproven authorization/atomic consume, incomplete failure model, non-executable preflight/tests, ambiguous serialization, and overclaimed blast radius/readiness.

2. Live read-only discovery

VPS contabo, PostgreSQL directus, PostgreSQL 16.13. Every SQL probe ran inside BEGIN READ ONLY ... ROLLBACK. No function was executed; only catalogs/function definitions/views were read.

2.1 Dispatcher is not an execution channel

Live pg_get_functiondef(fn_process_agent_api_dispatch) contains:

IF p_mode = 'REAL_RUN' THEN
  RAISE EXCEPTION 'dispatch refused: REAL_RUN not permitted by this dispatcher';
...
'note', 'PLAN_ONLY/VERIFY_ONLY validation only; dispatcher cannot execute a DOT and never writes DRY_RUN/REAL_RUN.'

PATCH1 file 02 §2/§4 and file 06 §2 instead model every transition, including REAL_RUN, as dispatched through this function. The live function directly contradicts that path.

2.2 The named create command does not create a Directus schema collection

Live command catalog:

dot_iu_create_collection|collection|mutating=true|reversible=true|target_functions={fn_iu_collection_create}

Live fn_iu_collection_create writes:

INSERT INTO public.iu_piece_collection
(collection_key, collection_kind, title, description, source_axis_kind, created_by)

It does not create directus_collections, directus_fields, the physical C1 table, fields, constraints, or table_registry. PATCH1 file 02 §2/§4 and file 06 §2 incorrectly treat it as the collection+fields schema primitive.

The inspected VPS dot/bin/dot-schema-ensure is hard-coded for agent_views; it is not a parameterized C1 schema contract. No governed C1-specific schema DOT was identified.

2.3 C1 paired contract does not exist; PF7 belongs to another contract

Live readback:

DOT_KG_EXPLAIN|explain|DRY_RUN|producer|DOT_KG_EXPLAIN_VERIFY|.../dispatch|endpoint_bound
DOT_KG_EXPLAIN_VERIFY|verify|VERIFY_ONLY|verifier|DOT_KG_EXPLAIN||contract_ready
C1 contracts=0
C1 pairs=0

Live v_dotkg_realrun_preflight output explicitly says:

gate_contract_realrun_mode|DRY_RUN|BLOCK|promote DOT_KG_EXPLAIN contract DRY_RUN->REAL_RUN (governed)
gate_dotkg_owner_present|0|BLOCK|PROC-OWN-04 assign dot:kg family governance owner
gate_dry_run_only_cleared|true|BLOCK|set process_dot_runtime.dry_run_only=false
gate_execute_enabled|false|BLOCK|owner-authorized dot_config flip
gate_real_run_enabled|false|BLOCK|owner-authorized dot_config flip
OVERALL_VERDICT|REALRUN_BLOCKED_MULTI_GATE|NO_GO|...

Therefore file 07 §3's claim that this is “the C1 build's governing preflight” is unproven. It is a DOT_KG_EXPLAIN preflight, while the proposed DOT_C1_VOCAB_BUILD contract has no live row.

2.4 Authorization verifier cannot accept any live-valid status

PATCH1 file 05 §2 requires g.status = 'granted'. Live constraint:

governance_build_authorization_status_check:
status IN ('draft','active','consumed','expired','revoked')
AUTH_COUNT=0

Thus A20 is proven: no token can pass the stated verifier, because granted is outside the enforced status domain.

Further, file 05 §3 gives direct INSERT INTO dot_iu_runtime_lease and direct UPDATE governance_build_authorization as the protocol. These are raw DML templates, not a named governed DOT/APR handler. This reintroduces the P0-1 violation and does not prove sovereign e-sign verification; sovereign_esign_ref IS NOT NULL proves presence only, not authenticity.

The action predicate uses JSONB @>, so a grant with a broader action set can pass; that is not exact-scope equality.

2.5 Resolver/manifest is not authoritative or complete

Live schemas show apr_action_types has 14 active rows and process_axis_action_vocabulary has 12 rows. Joining on action_code gives 0 matches for all 14 active APR actions. The latter uses codes such as APPROVE_BIRTH_ADMISSION; APR uses create_item, authorize_build_step, etc.

Therefore file 04 §2's authority enrichment from process_axis_action_vocabulary is not wired. act_type := <governed act-type mapping, reviewed at Gate B> is an unresolved placeholder. _dot_origin values such as MIGRATION are provenance labels, not proof of governing authority. File 04 supplies no actual manifest_digest; it says it will be computed at build time after Gate-B curation. The exact admitted set and effects are still preparation inputs.

2.6 Invoked harness is unrelated to C1 and is not non-mutating

Live catalog maps:

dot_iu_test_harness_run|category=read|mutating=false|target_functions={fn_iu_bcf_harness_run}

Live function definition shows it tests IU axes B/C/F and calls fn_dot_iu_command_log five times. It contains no T1–T20 C1 fixture runner. Therefore file 08 §2's “may run the suite” is false as current wiring and its non-mutating label is itself questionable.

3. Three declarations

1. Permanent? HOLD is based on root contracts, not one data incident: a real C1 schema DOT, executable C1 harness, exact resolver, and enforced authorization state machine must exist and be read-back-verifiable. Prose aliases cannot substitute for those contracts.
2. Mistake-resistant? Current PATCH1 is not mistake-resistant: invalid/wrong-scope auth can be overbroad, no auth can satisfy the written status predicate, and unrelated DOT_KG/IU-BCF surfaces are misidentified as C1 evidence. Infrastructure does not yet make misuse impossible.
3. 100% automatic? No. Manifest curation, act-type mapping, contract/DOT registration, fixture implementation, and compensation behavior remain manual or prose-only. The package is not preparation-complete.

4. Four-step design checkpoint and Assembly Gate

1. Goal: determine whether only test-lane authority/runtime/window remain.
2. Method: direct governed-file review plus independent live read-only catalog/function/view inspection and adversarial A1–A23 checks.
3. Prerequisites: not met. C1 contract/DOT/harness are absent or mismatched; exact manifest/auth state are unresolved.
4. Roadmap: do not request authorization. Produce PATCH2 that first closes the preparation defects below.

Assembly Gate: PG discovery found existing primitives, but Q0/Q1 fail for the claimed composition: the named PG functions and Directus/DOT artifacts do not implement the C1 path described. Q2 Nuxt and Q3 open source are N/A. Q4 code/registration cannot be authorized by this review.

Five design questions:

• Overall model: carrier-specific C1 schema/value/auth/evidence state machine.
• Closed flow: exact grant → atomic reservation → schema/value actions → independent readback → safe compensation.
• Complete tools: missing today; the named tools do not implement this flow.
• Execution environment: Directus PG plus governed DOT/APR/Directus channels, all currently blocked.
• Golden rule: metadata > code is not satisfied merely by naming nonexistent metadata contracts.

5. Findings by required review area

5.1 DOT/Directus execution path — HOLD

Governed sources: PATCH1 file 02 §§2–6; file 06 §2; Directus Operating Rules v1.2 §§I.1/I.5.
Failure: A1/A2. The plan contains raw DML in file 05; dispatcher refuses REAL_RUN; dot_iu_create_collection creates an IU collection record, not the C1 Directus schema; C1 DOT pair is absent.
Assessment: REJECT_DOT_DIRECTUS_PATH_INCOMPLETE.
Closure required: identify or prepare a governed, carrier-specific schema/data/auth/audit path with actual registered artifacts and read-only definition evidence. Authorization may remain absent; the executable contract may not.

5.2 C1 identity/version/lifecycle — HOLD

Governed source: file 03 §§2–7.
Failure: A3/A4. Composite identity is improved, but “protocol_version >=” on text is not a defined semantic-version ordering; no exact handler/constraint exists for cycle prevention, immutable fields, lifecycle transitions, or new-use resolution. The package itself carries U3_PARTIAL_UNIQUE_SURFACE_ABSENT and STATUS_DOMAIN_NOT_DB_ENFORCED.
Assessment: design intent is useful but not executable enough.
Closure required: exact version grammar/comparator and enforceable schema/handler definitions with deterministic reject behavior.

5.3 Authoritative value manifest/resolver — HOLD

Governed source: file 04 §§2–4.
Failure: A5/A6/A18. act_type is a Gate-B placeholder; the claimed authority enrichment has zero live joins; provenance is treated as authority; no candidate snapshot digest is provided; final values are curated later.
Assessment: REJECT_VALUE_MANIFEST_OR_RESOLVER_INCOMPLETE.
Closure required: exact mapping/join, exact admitted values or deterministic selection rule, authority semantics, canonical snapshot bytes, digest, and recomputation command.

5.4 Authorization verifier and atomic consume — HOLD

Governed source: file 05 §§2–5.
Failure: A7/A8/A19/A20. granted cannot satisfy the live status constraint; action set matching permits supersets; e-sign presence is not verification; raw DML is not governed execution; CAS and subsequent writes are not one atomic transaction.
Assessment: REJECT_AUTH_ATOMIC_CONSUME_INCOMPLETE.
Closure required: align status domain, implement exact set equality and authentic signature verification, wire a governed handler, and prove single-winner consume/write semantics.

5.5 Atomicity/idempotency/partial failure/retry/rollback — HOLD

Governed source: file 06 §§2–4.
Failure: A9–A12. “Same idempotency_root ⇒ dispatcher resumes” is unsupported; the dispatcher only validates/observes. Each state is a separate transaction, so compensations can fail independently. COMP_SCHEMA, COMP_VALUES, COMP_EVIDENCE, and COMP_FINALIZE are labels, not executable contracts. “reverse collection” is not reconciled with metadata conservation/no-delete.
Assessment: REJECT_ATOMICITY_IDEMPOTENCY_FAILURE_MODEL_INCOMPLETE.
Closure required: executable transition storage, handlers, transaction boundaries, retry lookup, failure injection, and compensation/retirement semantics.

5.6 PF5/PF7/PF8 truthfulness — HOLD

Governed source: file 07 §§2–6.
Failure: A13. PF5 is unsatisfiable under the live status domain. PF7 is specific to DOT_KG_EXPLAIN, not C1. PF8 cites fences but does not prove the eventual C1 handler is fenced. PF9 claims a stable digest that was never supplied.
Assessment: REJECT_PREFLIGHT_INCOMPLETE.
Closure required: C1-specific reproducible queries and actual output, with observed/planned facts separated.

5.7 T1–T20 executability — HOLD

Governed source: file 08 §§2–4.
Failure: A14. Most “commands” are prose (“dry-run admit…”, “inject failure…”, “then assert columns…”), variables/fixtures are undefined, and no runner/artifact/output capture exists. T1/T2 require a created schema and cannot be dry-run evidence. Existing dot_iu_test_harness_run is unrelated.
Assessment: REJECT_TEST_MATRIX_NOT_EXECUTABLE_ENOUGH.
Closure required: real fixture files/commands with setup, teardown, exact inputs, expected codes, concurrency and fault-injection mechanisms, plus read-only discoverability before authorization.

5.8 Canonical serialization/hash binding — HOLD

Governed source: file 09 §§2–4.
Failure: A15. “RFC 8785 style” plus pre-NFC is not a fully pinned implementation; the plan object listed in §3 omits schema/manifest digests while §4 claims plan_digest contains them; no canonical bytes, digest, implementation, or recomputation command is supplied.
Assessment: REJECT_CANONICAL_SERIALIZATION_INCOMPLETE.
Closure required: exact algorithm/profile, sample canonical bytes and hash, executable recomputation, and internally consistent artifact graph.

5.9 Evidence/readback plan — HOLD

Governed sources: files 02 §5, 08, 09.
Failure: A16. Referenced birth-register views are not proven to understand the absent C1 contract; no C1 before/after/readback query packet or executable capture exists.
Assessment: REJECT_EVIDENCE_PLAN_INCOMPLETE.

5.10 Blast radius/dependencies — HOLD

Governed source: file 10 §§1–4.
Failure: A17/A18. The document correctly retracts “zero”, but omits the need to create/register the C1 contract, carrier-specific DOT/harness, exact act-type mapping, auth status transition handler, and C1 preflight. Config flips described as part of C1 may affect shared DOT_KG runtime, broadening blast radius beyond C1.
Assessment: REJECT_BLAST_RADIUS_OVERCLAIM.

5.11 Internal Codex-style self-review — HOLD

Governed source: internal self-review §§1–3.
Failure: it marks prose fixtures “executable,” treats later Gate-B validation as closure proof, misses the dispatcher REAL_RUN rejection, wrong dot_iu_create_collection semantics, auth-status contradiction, zero resolver joins, and unrelated harness.
Assessment: REJECT_INTERNAL_CODEX_SELF_REVIEW_INSUFFICIENT.

5.12 Scope/non-overclaim — PASS WITH HOLD PRESERVED

Governed sources: files 10–11, index, review packet.
The package consistently retains REGISTRATION_HOLD, REGISTRATION_CAN_PROCEED=NO, P2 closed, no named lane, and no current Chairman token. A21/A22 do not produce current runtime authority. No mega-registry/mega-graph/mega-birth coupling was found (A23 PASS). This boundary discipline does not cure the preparation gaps.

6. A1–A23 adversarial result

Check	Result
A1 raw SQL authority	HOLD — file 05 uses direct INSERT/UPDATE protocol
A2 named but unwired DOT path	HOLD — live primitives contradict claimed path
A3 inconsistent identity	HOLD — version grammar/comparator/enforcement incomplete
A4 cycle/downgrade/duplicate/rewrite	HOLD — handler-only prose, no executable guard
A5 resolver invents/outside authority	HOLD — act_type curated later; provenance ≠ authority
A6 snapshot recomputation/authentication	HOLD — no digest/bytes; zero authority-vocab joins
A7 verifier bad grants	HOLD — superset action set; signature not verified
A8 consume after/independent writes	HOLD — cross-state transactions; raw CAS separate
A9 retry duplicates	HOLD — dispatcher has no resume engine
A10 orphan partial state	HOLD — compensation labels only
A11 rollback deletes	HOLD — reverse-schema behavior undefined
A12 authority weakened/retired valid	HOLD — no executable new-use resolver
A13 PF5/PF7/PF8 conceptual	HOLD — PF5 impossible; PF7 wrong contract
A14 T1–T20 prose-only	HOLD — no C1 runner/fixtures
A15 canonical ambiguity	HOLD — profile/binding inconsistent, no recompute
A16 before/after/readback	HOLD — no executable C1 evidence packet
A17 hidden blast radius	HOLD — shared config and missing registration artifacts
A18 hidden prep tasks	HOLD — manifest, DOT, contract, harness, preflight remain
A19 generic token passes	HOLD risk — action superset passes; exact equality absent
A20 no token passes	PROVEN HOLD — live status domain excludes granted
A21 engineering PASS=authority PASS	PASS boundary only — package distinguishes them
A22 implies run now	PASS boundary only — package says NO_GO
A23 mega coupling	PASS — no mega-registry/graph/birth pipeline found

At least one invalid/unprepared state can be mislabeled preparation-ready by the package's self-review. Acceptance is rejected.

7. Final decision and required PATCH2

Official verdict: NEED_READY_TO_ASSEMBLE_LEGO1_PATCH2.

PATCH1 is held, not accepted as preparation-complete. It is not ready to request dry-run/test-lane authorization and not ready to run a dry-run now.

PATCH2 must, before another authorization-readiness review:

1. identify/create the actual governed C1 schema/data/audit DOT pair and C1-specific preflight contract;
2. replace the impossible auth predicate and raw DML templates with an enforced governed verifier/consume handler;
3. freeze an exact authority-backed manifest/mapping and publish canonical bytes + digest;
4. provide executable C1 T1–T20 fixtures/runner, including concurrency and injected failures;
5. implement/prove transition/idempotency/compensation contracts;
6. repair cser binding and provide recomputation commands/samples;
7. update dependency/blast-radius truth to include these artifacts and any shared config effects.

Remaining blockers are preparation blockers plus, later, Gate B/test-lane authorization, exact-scoped Chairman or equivalent test authorization, sandbox runtime/write permission, and an execution window. Authority/execution are not yet the only blockers.

8. Self-check

1. Official prior HOLD read? Yes.
2. PATCH1 governed files read directly? Yes, all 14.
3. Claude READY ignored as proof? Yes.
4. DOT/Directus path excludes raw authority and is wired? No → HOLD.
5. C1 identity/version/successor invariants verified? No → HOLD.
6. Manifest/resolver authority-backed and recomputable? No → HOLD.
7. Exact authorization matching verified? No → HOLD.
8. Atomic consume-before-write verified? No → HOLD.
9. Idempotency/retry safety verified? No → HOLD.
10. Partial-failure/rollback safety verified? No → HOLD.
11. PF5/PF7/PF8 truthful/reproducible? No → HOLD.
12. T1–T20 executable enough? No → HOLD.
13. Canonical serialization/hash recomputation verified? No → HOLD.
14. Evidence/readback plan verified? No → HOLD.
15. Blast radius/dependency map verified? No → HOLD.
16. No hidden preparation gap remains? No → HOLD.
17. No invalid input can produce PASS/digest/seal/ready? No; self-review can mark unwired design READY.
18. Ready-to-request distinguished from ready-to-run-now? Yes; neither is ready.
19. REGISTRATION_HOLD retained and CAN_PROCEED=NO? Yes.
20. P2/named lane closed? Yes.

9. Workflow compliance / handoff

• Step 0 foundation: completed; three declarations recorded.
• Steps 1–2 read/design: completed before verdict; direct KB and live read-only evidence used.
• Step 3 code: N/A — review-only; no implementation authorized.
• Step 4 two hats/deploy: N/A — no code or deployment.
• Step 5 verify: live evidence above; official report must be read back from AgentData.
• Step 6 report: this document is the official governed report.
• OR update: not required; no new operating rule was enacted and no runtime/implementation state changed.
• TD/tracker update: not required; blockers and PATCH2 closure set are recorded here.
• Handoff: next mission is a bounded PATCH2 preparation task, not Gate B execution.

DO NOT IMPLEMENT: confirmed.