Codex Review — RS1 + PATCH1 Registration Substrate Decision Packet — 2026-06-20

STATUS: PASS_WITH_CAVEATS
VERDICT: ACCEPT_RS1_PATCH1_AND_PROCEED_TO_RS2
Registration gate: REGISTRATION_HOLD · REGISTRATION_CAN_PROCEED = NO
RS2 gate: READY_FOR_RS2 (read-only / KB-design only)
Class: independent review · read-only · non-enacting · non-authorizing · no implementation · no runtime mutation
Date: 2026-06-20

1. Status

RS1 and PATCH1 are accepted as one decision packet. PATCH1 repairs the material source-coverage defects without changing RS1's substantive conclusions. RS2 may start within the bounded read-only/KB-design scope stated in §10.

Acceptance does not authorize DOT registration, Macro-9A/9C, schema creation, validator patching, APR activity, gate changes, or runtime work.

2. Verdict

ACCEPT_RS1_PATCH1_AND_PROCEED_TO_RS2.

Reasons:

1. RS1 is a complete decision packet: source map, registration-path reconstruction, trust matrix, QCM, reuse matrix, gap classification, design-entry criteria, next macro, must-not-do controls, and stop state are present.
2. PATCH1 correctly fixes the source-map coverage issue: the R2-B2 trio paths are corrected to laws-new/newlaws/consolidation/; the omitted matrix-refactor-implementation-plan.md and laws-new/README.md are added; the temporal limitation of cau-hoi-khi-tai-cau-truc.md is explicit.
3. C1/C2/C3 are source-map and wording caveats. They do not supply an authorization path or remove a blocker, and they do not overturn the registration HOLD.
4. The de-bai, LEGO, DOT-only, reuse-first, and no-mega-system conclusions are consistent with the primary laws-new sources.
5. The RISK-BYPASS conflict remains unresolved rather than being falsely cleared.
6. RS2 is the correct single next macro because it addresses the authority/trust path before validator implementation, snapshot/resolver implementation, executor-role changes, or registration.

3. Source Register

Source	Revision / length	Read status	Evidence tier	Use / caveat
RS1 official report	rev1 / 46,040	FULL_READ	REVIEW TARGET	Main decision packet; reported live queries are not independently re-run by Codex
RS1 PATCH1	rev1 / 23,725	FULL_READ	REVIEW TARGET	Coverage addendum; does not replace RS1
Operating Rules	v7.58, AgentData rev51 observed	READ	GOVERNING SSOT	Read-only, Assembly First, no bypass
Constitution	v4.6.3, AgentData rev44 observed	READ	ENACTED	DOT-pair/PG-first/fail-closed baseline
de-bai-cai-tien.md	rev33 / 29,088	COVERAGE_READ	PRIMARY_LAWS_NEW	Temporary-store, local checks, canonical gate, no administrative bloat
matrix-refactor-implementation-plan.md	rev5 / 27,905	COVERAGE_READ	PRIMARY_LAWS_NEW SSOT	Added by PATCH1; reinforces production lock and single roof
matrix-refactor-quick-rules.md	rev8 / 6,057	FULL_READ	PRIMARY_LAWS_NEW SSOT	Temporary-first, no canonical direct write, anti-new-registry
matrix-stamp-governance-addendum.md	rev14 / 26,474	COVERAGE_READ	PRIMARY_LAWS_NEW SSOT	Reuse-first, anti-bloat, stamp is not a separate approval machine
cau-hoi-khi-tai-cau-truc.md	rev82 / 145,449	COVERAGE_READ	PRIMARY_LAWS_NEW	QCM/reuse method; predates RS1/RS2 and is not RS1-specific authority
laws-new/README.md	rev4 / 2,290	FULL_READ	PRIMARY_LAWS_NEW POINTER	Three active SSOT files; drafts do not enact
LAW_READING_INDEX.md	rev2 / 28,225	COVERAGE_READ	PRIMARY_NEWLAWS POINTER	Map, not decree; old enacted corpus not used to override working context
DOT Manage README	rev1 / 1,047	FULL_READ	PRIMARY_HANDBOOK	DOT-only; no authorized disposable-schema DOT
DOT handbook	rev11 / 115,013	TARGETED_READ	PRIMARY_HANDBOOK	No reusable run-scoped schema DOT; inventory evidence is bounded
Collections README	rev1 / 1,646	FULL_READ	PRIMARY_HANDBOOK	No run-scoped disposable workbench
Collections handbook	rev11 / 94,267	TARGETED_READ	PRIMARY_HANDBOOK	public, iu_core, and sandbox_tac do not satisfy this workbench contract
Macro-9B contract / guards / validator	rev2 / 12,095; 11,333; 14,415	READ / source-inspected	PRIMARY_CONTRACT	Authored, not registered/wired/run; N07/N12/N16/N22 remain
Bad-input matrix / v2 evidence	rev2 / 8,971; rev1 / 10,292	READ	PRIMARY_CONTRACT EVIDENCE	64/64 bounded local evidence, not universal/runtime proof
Macro-9B1 admission	rev9 / 19,500	READ	PRIMARY_CONTRACT	KB admission only; no runtime authority
Corrected R2-B2 trio	rev1 / 47,732; 27,230; 57,692	COVERAGE_READ	SECONDARY DESIGN RECORDS	Correct paths confirmed; B2 remains downstream and out of scope
P0/P1 containment report set, 2026-06-06	rev1	FULL_READ selected records	SECONDARY_RUNTIME_REPORT	Strong evidence that INSERT auto-approve and apply-time paths were hardened; not a Codex live read on 2026-06-20
Điều 32/35 compatibility notes	rev1	READ	PRIMARY_NEWLAWS NOTE	Still carry RISK-BYPASS / production-readiness FAIL; non-authorizing
Codex registration-readiness review	rev1 / 16,198	READ	SECONDARY_REPORT	Prior gate remains registration HOLD
Claude Macro-AB	—	SOURCE_NOT_READ	NONE	Not used as evidence

No old knowledge/dev/laws/ source was used to override laws-new/newlaws. Enacted sources were used only as authority/provenance context.

4. RS1/PATCH1 Accepted Points

1. RS1_HOLD_REGISTRATION_PATH_UNPROVEN is correct.
2. REGISTRATION_CAN_PROCEED = NO is correct.
3. PATCH1 closes the partial-source issue sufficiently for decision review.
4. C1 corrected paths are real and should be used by RS2.
5. C2 identifies genuine source-map omissions; both added SSOT documents reinforce the existing conclusion.
6. C3 correctly limits the Question Catalog to methodology, not RS1-specific authority.
7. PG/schema/Directus is a DOT-only zone; manual SQL, psql, and Directus generic creation remain forbidden.
8. No existing DOT is proven to create the required run-scoped disposable schema.
9. No existing collection/table/schema is proven reusable for the R2-B2 disposable workbench.
10. DOT_R2_B2_STAGING_SCHEMA_SHELL remains authored/admitted but unregistered, unwired, and unrun.
11. N07/N12/N16/N22 remain registration-readiness gaps.
12. Equal caller-provided snapshots prove equality, not trusted provenance.
13. Persisted GUC evidence cannot be generalized to transient sessions.
14. Reuse-first is not exhausted; a new governance DOT is premature.
15. B2 producer TD/build, Macro-9A, Macro-9C, KG rollout, and whole-system work remain out of scope.
16. One consolidated Owner decision belongs after the read-only design/review sequence, not before starting RS2.

5. RS1/PATCH1 Corrected Points

C4 — Split the “160” population

RS1 sometimes describes all 160 rows as historical non-quorum or bypass residue. The P1 source separates them:

• 18 rows: reviewed_by=auto-apply-function, the actual scanner auto-apply-without-vote class.
• 142 rows: reviewed_by=orchestrator-s142b, described by the source as a sanctioned batch population, not the auto-apply bypass mechanism.

Both populations may require audit/ratification analysis, but they must not be represented as one homogeneous bypass class. RS2 must preserve this split.

C5 — Separate approval-state null mapping from apply-time enforcement

RS1 reports a fn_apr_quorum_check NULL mapping pass-through. The P1 report also states that the apply-time guard was hardened to re-prove quorum before the NULL-action early return.

Therefore:

• a NULL/missing action/risk mapping remains an approval vocabulary and state-integrity defect;
• it must remain fail-closed and be reconciled;
• it must not be described as a currently proven applied-transition bypass unless RS2 re-verifies that the P1 apply-time defense has regressed.

C6 — Runtime claims are reported evidence, not Codex live observations

This Codex session had no callable live query_pg/runtime tool. Claims such as governance_object_ownership=0, role privileges, current gates, current function bodies, and current row counts are RS1_REPORTED_RUNTIME_EVIDENCE. They are credible packet evidence but were not independently observed live by Codex.

This does not weaken the HOLD: the unproven registration transaction and untrusted snapshot/authority binding remain independently sufficient blockers.

C7 — “Contained” is not “cleared”

The P0/P1 records strongly support containment of the specific INSERT auto-approve mechanism and apply-time scanner path as of 2026-06-06. They do not establish full Điều 32/35 production readiness, clean historical authority state, or a trusted registration lane.

6. RS1/PATCH1 Rejected Points

No top-level conclusion is rejected.

The following readings are rejected:

• “160 rows are all live fn_auto_approve_add bypass residue.”
• “P0 containment clears RISK-BYPASS and permits registration.”
• “The NULL mapping proves the apply-time guard is currently bypassable” without re-verifying P1.
• “RS1 live claims are fresh Codex live observations.”
• “PATCH1 coverage PASS is authority PASS.”
• “KB admission is runtime registration.”
• “RS2 acceptance authorizes implementation.”

These corrections do not require RS1 PATCH2 because PATCH1 and this Codex review jointly preserve the correct gate and give RS2 exact reconciliation duties.

7. RISK-BYPASS Conflict Assessment

Classification: RISK_BYPASS_SOURCE_CONFLICT_UNRESOLVED.

Evidence supports a narrower statement:

1. The 2026-06-06 P0/P1 records report that fn_auto_approve_add now keeps action='add' pending.
2. They report that auto_apply_approval() was quorum-gated and that apply-time quorum was re-proved.
3. RS1 reports a fresh 2026-06-20 live function read consistent with that containment.
4. Điều 32/35 notes and the prior Codex report still carry the earlier live-bypass headline.
5. Historical authority residue remains, but it is split into 18 auto-apply rows and 142 sanctioned S142b rows.
6. approval_requests.action DEFAULT 'add' remains a hazardous default even if P0 currently neutralizes its old auto-approve effect.
7. NULL mapping remains a contract/mapping defect.
8. Điều 35 production-readiness FAIL has not been independently cleared.

Codex did not perform a live function read in this session. Therefore the permitted conclusion is SOURCE_CONFLICT_UNRESOLVED, not RISK_BYPASS_CLEARED.

RS2 must reconcile the current function/trigger chain, current guards, both historical populations, default behavior, NULL mapping, and Điều 35 health state. Registration remains HOLD regardless of the result.

8. Registration Substrate Blocker Classification

Finding	Classification	Reason
No authorized DOT-registration transaction proven	BLOCKER	Independently sufficient; direct registry writes forbidden
No authoritative Owner-of-record/resolver proven	BLOCKER	Caller-supplied ref cannot confer authority
No trusted production-untouched snapshot provider	BLOCKER	Guard 3 has no provenance
No isolated least-privilege DOT executor proven	BLOCKER before runtime	Registration/real-run cannot rely on broad app/admin roles
Generic PG/Directus create path not hardened	HIGH	DOT-only rule is not infrastructure-enforced
N07	HIGH	Authority and snapshot provenance can be self-asserted
N12	HIGH	Target identity uses substring semantics
N16	MEDIUM	PostgreSQL 63-byte truncation/collision risk
N22	MEDIUM	Non-mapping input raises instead of structured reject
No registration transaction/rollback proof	HIGH	No atomic postcondition/rollback evidence
Live executor/script identity unproven	MEDIUM	Mirror/origin parity is not live deployment proof
Transient GUC absence unprovable	MEDIUM	Persisted-empty does not cover active sessions
Risk-bypass source conflict	HIGH	Governance trust must be reconciled
18 auto-apply historical rows	HIGH audit/authority	Actual bypass lineage; governed disposition needed
142 S142b historical rows	MEDIUM audit/ratification	Unvoted but separately sanctioned population; do not misclassify
Điều 35 production readiness	HIGH	FAIL status not independently cleared
Existing registration primitive reuse	HIGH / HOLD	Reuse-first not exhausted
Need for new governance admission DOT	DEFER	Necessity unproved

These classifications gate registration, not the start of RS2.

9. DOT_GOVERNANCE_DOT_ADMISSION Decision

DEFER. DO NOT AUTHOR, REGISTER, OR DESIGN IT NOW.

Reuse-first has not been exhausted. Existing primitives may be sufficient once their authority and transaction path are proven. Creating a new DOT now risks a mini-governance island combining admission, approval, registration, evidence, and execution.

A future proposal is admissible only after RS2 proves all of the following:

1. no existing governed primitive can satisfy the bounded registration responsibility;
2. the missing capability is stated as one narrow fact/operation;
3. authoritative approval, owner, and admission evidence already exist outside the proposed DOT;
4. the DOT would use existing registries rather than create a parallel SSOT;
5. a paired read-only verifier, exact rollback, and postcondition proof are mandatory;
6. no new authority store, approval workflow, birth pipeline, graph, scheduler, or generic registry platform is introduced.

This is a proposal gate, not technical design authorization.

10. RS2 Decision

RS2 is approved to start as the single next macro.

Name: Registration-Path Authority-Trust Reconciliation & Proof-Obligation Design
Timebox: 60–90 minutes.
Authority to start: no Owner approval required because it is read-only/KB-design only. Owner authority is required for every later runtime write or enactment.

RS2 is correctly ordered before RS-Validator, RS3, RS4, and RS5 because the governing registration path and trust boundaries must be fixed before hardening components around an uncertain path.

To prevent scope drift, RS2 is limited to three outputs:

1. reconcile current Điều 32/35 authority-path evidence, including the exact P0/P1 state and the 18/142 split;
2. reconstruct the existing registration path and state transaction/rollback/postcondition proof obligations as acceptance criteria;
3. state interface acceptance criteria for owner resolution, trusted snapshots, executor identity, generic-create blocking, and transient-GUC handling.

RS2 must not patch code, create a DOT, define a new registry, implement a resolver/provider, execute a transaction, query the entire system, or absorb RS-Validator/RS3/RS4/RS5.

Exit states: READY_FOR_COMPONENT_DESIGN, HOLD_RISK_BYPASS_SOURCE_CONFLICT, HOLD_REGISTRATION_PATH_UNPROVEN, HOLD_REUSE_NOT_PROVEN, or SOURCE_NOT_READ_BLOCKER. It cannot exit with registration authorization.

11. Must-Not-Do Confirmation

Confirmed:

• no runtime mutation;
• no DDL/DML or manual SQL;
• no psql or docker exec psql;
• no Directus generic create/update/delete;
• no DOT registration, wiring, or run;
• no schema creation;
• no Macro-9A/9C or B2 producer build;
• no validator or Điều 32/35 patch;
• no gate flip;
• no APR creation/approval;
• no Owner authority claim;
• no new registry/table/collection;
• no DOT_GOVERNANCE_DOT_ADMISSION authoring;
• no old-law override;
• no RS2 implementation in this review.

The only write is this Codex report in AgentData KB.

12. Self-Check

Check	Result
RS1 read fully	PASS — rev1, 46,040
PATCH1 read fully	PASS — rev1, 23,725
C1 corrected paths checked	PASS
C2 omitted SSOT sources checked	PASS
C3 temporal limitation checked	PASS
laws-new/newlaws distinguished from old laws	PASS
De-bai / LEGO / no-mega constraints checked	PASS
DOT-only / collections boundary checked	PASS
Macro-9B state checked	PASS
N07/N12/N16/N22 checked	PASS
RISK-BYPASS conflict independently challenged	PASS_WITH_CAVEAT — no Codex live DB tool; not cleared
Engineering/coverage PASS kept separate from authority	PASS
Registration/schema/runtime kept closed	PASS
RS2 kept read-only and slice-bounded	PASS

Three Declarations

• Permanent/root-cause: RS2 targets authority-path and proof-obligation defects, not one-off row repair.
• Cannot be mistaken: registration remains fail-closed behind explicit blocker states; KB admission and engineering PASS cannot satisfy authority.
• 100% automatic: not claimed by this review. Automation readiness remains unproved until the future governed path has machine-enforced authority, snapshot provenance, rollback, and postcondition checks.

OR/TD/handoff update: not required. This mission is an independent review and does not change operating rules, technical design, runtime, or implementation state.

13. Final Decision

ACCEPT_RS1_PATCH1_AND_PROCEED_TO_RS2.

Proceed only with RS2's bounded read-only/KB-design work. Registration remains HOLD. No implementation or Owner/runtime action is authorized.