Codex Review — RS3B Registrar Hardening Design Package — 2026-06-21

STATUS: PASS_WITH_CAVEATS
VERDICT: ACCEPT_RS3B_HOLD_AND_PROCEED_TO_SOURCE_RECOVERY
Stop states: SOURCE_NOT_READ_CONFIRMED · RS3B_HOLD_ACCEPTED
Package verdict retained: RS3B_HOLD_REGISTRAR_SOURCE_NOT_READ
Registration gate: REGISTRATION_HOLD · REGISTRATION_CAN_PROCEED = NO
Runtime observation: NO_CODEX_LIVE_READ
Class: independent read-only package review · non-enacting · non-authorizing · no implementation · no runtime mutation
Date: 2026-06-21

1. Final Review Position

RS3B stops at the correct controlling HOLD. The registrar and catalog-sync source bodies were not readable through the available AgentData/VPS file channel, and the package does not substitute RP-03 prose for source code. Code-level behavior, exact scan logic, transaction behavior, locking, rollback, and catalog-sync clobber behavior therefore remain unproved.

The single next action is source recovery, not another criteria-only macro and not implementation.

This acceptance covers the HOLD decision and the package's usefulness as a fail-closed design packet. It does not certify the package as a final registrar design. Three corrections must be incorporated when RS3B-01/02/03/05/07/08 are rerun after source access:

define durable single-use consumption for authorization_nonce separately from logical_request_key;
separate the existing registrar control pair from the number of target rows created per registration;
reconcile the claimed 14-trigger count with the 13 trigger rows actually listed.

2. Source Register

Source	Revision / length	Read status	Evidence tier	Use
Codex RS3-PATCH2 gate	rev1 / 17,662	FULL_READ	PRIOR GATE	C1–C4, RS3B authorization, registration HOLD
RS3B executive rollup	rev1 / 5,534	FULL_READ	REVIEW TARGET	Controlling HOLD and package summary
RS3B index	rev1 / 5,229	FULL_READ	PACKAGE INDEX	File inventory and sub-statuses
RS3B-01 source recovery	rev1 / 9,941	FULL_READ	SOURCE-RECOVERY PACKET	Allowlist proof, KB search, behavior HOLD
RS3B-02 dual writer	rev1 / 7,858	FULL_READ	DESIGN CRITERIA	Registrar/catalog-sync boundary
RS3B-03 contract	rev1 / 7,400	FULL_READ	DESIGN CRITERIA	Single-artifact input/output/reject contract
RS3B-04 interface F	rev1 / 7,436	FULL_READ	DESIGN CRITERIA	Artifact carrier classification
RS3B-05 replay	rev1 / 9,386	FULL_READ	DESIGN CRITERIA	C1–C3 state machine
RS3B-06 audit sink	rev1 / 5,064	FULL_READ	DESIGN CRITERIA	Sink comparison and fail-closed selection
RS3B-07 pair/guard	rev1 / 4,664	FULL_READ	DESIGN CRITERIA	Persisted representation
RS3B-08 triggers	rev1 / 6,834	FULL_READ	CLAUDE RUNTIME PACKET + CRITERIA	Trigger inventory and closed-registration proof
RS3B-09 adversarial matrix	rev1 / 7,689	FULL_READ	UNEXECUTED CRITERIA	Forty cases
RS3B-10 decision packet	rev1 / 5,810	FULL_READ	DECISION PACKET	G1–G7 and next action
RS3B Codex packet	rev1 / 4,681	FULL_READ	REVIEW ROUTER	Claims, caveats, requested verdict
Operating Rules	v7.58	DIRECT_SEARCH_READ	GOVERNING SSOT	Unknown = STOP; Assembly First
Constitution	v4.6.3	DIRECT_SEARCH_READ	ENACTED FOUNDATION	PG-first, DOT pair, authority discipline
laws-new LEGO set	rev33/rev8/rev14/rev2	FULL_DIRECT_KB_READ	GOVERNING DRAFT/POINTER	Reuse-first, no-mega, no new registry, non-authorization
RS3B-reported live reads	2026-06-21	PACKET_READ	CLAUDE READ-ONLY PACKET	Metadata, counts, triggers; not Codex live proof
`dot-dot-register.ts` and catalog-sync source	—	`SOURCE_NOT_READ`	NONE	No behavior claim permitted

NO_CODEX_LIVE_READ: runtime observations are packet evidence. No local prose or old-law source was used to override AgentData/laws-new.

3. Package Completeness Assessment

PASS. AgentData contains 12 nonempty revision-1 files under knowledge/dev/laws-new/reports/rs3b/ plus the executive rollup one level above, totaling the claimed 13 files. Codex read all thirteen from their exact KB paths.

The index names all files correctly, the executive and decision packets agree on RS3B_HOLD_REGISTRAR_SOURCE_NOT_READ, and the Codex packet is present. No missing or empty file was found.

Readback claims in the index are consistent with the AgentData listing and this independent read.

4. Source Recovery Assessment

Assessment: SOURCE_NOT_READ_CONFIRMED.

Accepted evidence:

runtime metadata points to bin/dot/dot-dot-register.ts;
the available read_file prefixes exclude the likely bin/dot deployment directory;
direct probes outside the allowlist returned outside the allowlist and allowed-prefix probes returned no file bytes;
several KB searches found metadata and prose but no line-level registrar source;
zero source bytes were returned;
behavior reconstruction was stopped.

Correction: call this a sufficient access-channel proof, not exhaustive filesystem discovery. read_file cannot enumerate directories, and semantic KB search cannot prove global nonexistence. The precise conclusion is NO_KB_SOURCE_COPY_FOUND_WITH_AVAILABLE_SEARCH, not metaphysical proof that no copy exists anywhere.

This precision does not change the HOLD. The available channel cannot supply the required source.

5. Behavior Reconstruction Assessment

PASS. Metadata facts are separated from prior-prose claims. Mass scanning, heuristic metadata, admin credentials, transaction boundaries, rollback, idempotency, locks, and clobber behavior are not promoted to code-derived facts.

RP-03 is retained only as an UNVERIFIED checklist for the eventual source read. This satisfies the prohibition against using prose as source code.

6. Dual-Writer Assessment

PASS_WITH_CAVEAT. DOT-REGISTER and DOT-015 are correctly distinguished by code, domain, operation metadata, pairing, and trigger metadata. The package correctly states that catalog-sync write/clobber/locking behavior is source-unread and keeps the boundary at criteria level.

Correction: refer to a potential dual-writer boundary, not two proven writers. operation=NULL, sync metadata, and on-deploy timing do not prove that catalog-sync writes or that both processes overlap in one deployment. They are sufficient to require fencing until source proves otherwise.

The proposed target boundary remains valid as criteria: registrar-only registration writes; catalog-sync read/diff/report unless an independently governed write contract is proven.

7. Single-Artifact Contract Assessment

PASS_AS_PENDING_SOURCE_CRITERIA. The contract accepts one scalar DOT and one artifact, rejects lists/globs/all-untracked input, separates proposed from attested fields, provides structured output/reject codes, requires a post-commit verifier, and prohibits activation.

The exact registrar input shape, valid inert status, transaction implementation, and behavior of DOT-HEALTH-DOT remain source-unproved. The package labels the contract pending source, so no overclaim results.

8. Interface F Assessment

PASS. dot_tools is correctly rejected as a hash carrier; extra_metadata remains caller-proposed; wf_*_snapshot remains unproven; and context_pack_manifest is only the strongest lead candidate, not a trusted provider.

The resolver correctly emits no trusted_attested.* value unless writer restriction, immutability/governed mutation, canonical path/origin binding, per-artifact linkage, independent observation, readback, and retention are proven. Hash is not treated as signature.

9. Replay / Idempotency / Attempt Assessment

PASS_WITH_REQUIRED_CORRECTION. RS3B-05 correctly consumes the prior Codex caveats:

logical_request_key, authorization_nonce, and attempt_id are distinct;
attempt identity cannot bypass the logical key;
consume and inert registration commit atomically;
pre-commit failure rolls both back;
post-commit verification failure retains the logical key and permits compensation only;
freshness does not erase consumed state;
iu_route_attempt is rejected as the store.

Remaining gap: the required-future-surface section specifies uniqueness on replay_key but does not separately specify the durable consume record/unique constraint for authorization_nonce. The state diagram validates nonce single-use without showing where that state is atomically persisted.

The source-recovery rerun must require either:

separate durable uniqueness for authorization_nonce plus logical-effect uniqueness for replay_key; or
one proven state surface with two independent unique constraints and explicit transitions.

This remains fail-closed and therefore does not invalidate the controlling source HOLD.

10. Audit Sink Assessment

PASS. event_outbox is a reasonable lead reuse candidate based on schema fit and payload safety, while writer authority, append-only enforcement, retention, idempotency, and readback remain unproved. The package correctly keeps it fail-closed and creates no new ledger.

“Post-rollback writable” is shape-level capability only; an authorized post-rollback writer is still unproved and must remain a promotion criterion.

11. Pair / Guard Assessment

PARTIAL_CORRECTION REQUIRED ON RERUN. Avoiding a fixed-five representation is correct, and four guards should not become four automatic registry rows.

However, RS3B-07 conflates two cardinalities:

the existing registrar control pair DOT-REGISTER ↔ DOT-HEALTH-DOT consists of two existing registry identities;
a single target registration creates one target primary row unless that target's own accepted contract explicitly requires a separately registered paired verifier.

DOT-REGISTER.paired_dot does not by itself prove that every registered target contributes two rows. The corrected representation must state:

registrar control-plane pair: two existing identities;
per-target registration mutation: one primary target row by default;
target verifier row: only if the target contract explicitly names and requires one;
four guards: content-bound components, zero automatic registry rows.

This correction preserves the earlier Codex rule: persisted representation is contract-derived, not fixed at two or five.

12. Trigger Assessment

INVENTORY COUNT MISMATCH. RS3B-08 claims 14 dot_tools triggers, 13 enabled and one disabled. Its table lists only 13 trigger names: twelve ordinary-formatted rows plus the bold trg_context_pack_dot_register row. One claimed enabled trigger is missing from the inventory.

The documented activation risk is still valid as packet evidence: trg_context_pack_dot_register notifies context_pack_event for watched tiers with status='active'. The closed-at-registration obligations appropriately prohibit active status and gate/wiring changes.

But TRIGGER_SIDE_EFFECT_INVENTORIED is too strong until the missing trigger is identified or the count is corrected. The source-recovery rerun must:

publish all trigger names from the same pg_catalog.pg_trigger result;
reconcile enabled/disabled totals;
classify side effects of the missing trigger;
add a matrix case for trigger-inventory/count drift.

This is a package caveat, not a reason to bypass source recovery or open registration.

13. Adversarial Matrix Assessment

PASS_AS_UNEXECUTED_CRITERIA. The matrix contains 40 cases and covers source unavailable, mass scan, wrong artifact, path traversal, hash/carrier defects, catalog race/clobber, replay/attempt/nonce, rollback, audit failure, trigger activation, gate opening, guard reachability/drift, missing Owner/APR, and proposed-as-trusted failures.

The anti-fail-open rule is present. No execution or test-pass claim is made.

Add on rerun: TRIGGER_INVENTORY_COUNT_MISMATCH, separate nonce-store conflict, and target-verifier cardinality mismatch.

14. Decision Packet and Next Step

G1–G7 are reasonable single-sufficient blockers at the available evidence tier. G1 is the upstream blocker for code-level hardening; G2 remains the deciding authority blocker.

Single next step: registrar source recovery. Provide one read-only source channel for both registrar and catalog-sync through an allowlist extension, faithful line-level AgentData mirror, or read-only repository access. Then rerun the affected RS3B deliverables against source.

Do not begin implementation or RS-VALIDATOR-HARDENING. Do not open registration.

15. Accepted Points

controlling source HOLD and registration HOLD;
package completeness and nonempty readback;
metadata/prose/source separation;
single-artifact and no-activation criteria;
interface F fail-closed posture;
corrected replay transaction/freshness model;
iu_route_attempt rejection;
event-outbox candidate-only selection;
guards not automatically materialized as rows;
activation-notify risk and gate preservation;
forty-case matrix as unexecuted criteria;
source recovery as the only next action.

16. Corrected and Rejected Points

Corrected:

“exhaustive source proof” → sufficient available-channel proof;
“two writers” → registrar plus potential catalog-sync writer until source proves behavior;
nonce single-use needs its own durable consume rule;
target registration cardinality is not automatically two rows;
trigger inventory count must reconcile 14 claimed versus 13 listed.

Rejected readings:

mass-register or clobber behavior is proven from RP-03;
catalog-sync is proven to write;
DOT-HEALTH-DOT pairing proves every target needs a verifier row;
event-outbox is already a durable immutable sink;
the trigger inventory is complete as written;
package HOLD authorizes implementation, validator hardening, registration, or activation.

17. Must-Not-Do and Self-Check

Confirmed no runtime mutation, DDL/DML, manual SQL, psql, docker-exec psql, Directus generic mutation, DOT registration/wiring/run, schema/registry/table/collection creation, validator patch/test run, Điều 32/35 patch, gate flip, APR creation/approval, Owner claim, registrar implementation, Macro-9A/9C, B2 producer build, RISK-BYPASS clearance, S142B merits claim, 18/142 merge, current-corpus creation, source-law edit, or adoption.

Check	Result
Executive, index, 01–10, Codex packet read	PASS — all 13 exact KB files
Controlling HOLD checked	PASS
Source recovery proof checked	PASS_WITH_WORDING_CORRECTION
RP-03 not substituted for source	PASS
Dual-writer boundary checked	PASS_WITH_CAVEAT
Single-artifact contract checked	PASS_AS_PENDING_SOURCE
Interface F checked	PASS_FAIL_CLOSED
Replay C1–C3 checked	PASS_WITH_NONCE_GAP
Audit sink checked	PASS_FAIL_CLOSED
Pair/guard checked	PARTIAL_CORRECTION_REQUIRED
Trigger inventory checked	COUNT_MISMATCH — 14 claimed / 13 listed
Forty-case matrix checked	PASS_AS_UNEXECUTED_CRITERIA
Single next action selected	PASS — SOURCE RECOVERY
Registration HOLD retained	PASS
Codex live runtime read	NO — `NO_CODEX_LIVE_READ`

Three Declarations

Permanent/root-cause: source recovery precedes behavior claims; logical effect, authority nonce, attempt, artifact and trigger side effects each require independently verifiable contracts.
Cannot be mistaken: unread source, unknown carrier/writer, missing nonce state, inventory mismatch, or authority gap remains HOLD and cannot emit trusted state.
100% automatic: not claimed. No registration or automation readiness exists until source-based reconciliation and all blockers pass.

OR/TD/handoff update: not required; this is an independent non-enacting review with no runtime, law, or implementation change.

18. Final Verdict

ACCEPT_RS3B_HOLD_AND_PROCEED_TO_SOURCE_RECOVERY.

Accept the controlling HOLD, not a registrar PASS. Recover both source files, then rerun the affected RS3B deliverables with the nonce, pair-cardinality, and trigger-inventory corrections above. Registration remains HOLD; REGISTRATION_CAN_PROCEED = NO.