Codex Review - RS3C Source Recovery + RS3B Affected Rerun - 2026-06-21

STATUS: PASS_WITH_CAVEATS
VERDICT: ACCEPT_RS3C_AND_PROCEED_TO_REGISTRAR_HARDENING_DESIGN
Package stop state: RS3C_ACCEPTED
Controlling source finding: SOURCE_CONFIRMS_UNSAFE_REGISTRAR_BEHAVIOR
Registration gate: REGISTRATION_HOLD - REGISTRATION_CAN_PROCEED = NO
Next macro: REGISTRAR-HARDENING-DESIGN-SOURCE-AWARE
Runtime observation: NO_CODEX_LIVE_READ
Class: independent read-only review; non-enacting; non-authorizing; no implementation; no runtime mutation

1. Source Register

All required RS3C target documents were read directly from AgentData KB in full.

Source	Revision	content_length	Read status	Use
Prior Codex RS3B review	1	16,260	FULL	controlling prior gate and C1-C3
RS3C executive rollup	1	6,161	FULL	package verdict and routing
RS3C index	1	3,718	FULL	package inventory
RS3C-01 source recovery proof	1	6,900	FULL	recovery channel and snapshot comparison
RS3C-02 source mirror/hash	1	15,634	FULL	complete code mirrors and hashes
RS3C-03 registrar reconstruction	1	9,407	FULL	registrar behavior
RS3C-04 catalog-sync reconstruction	1	4,770	FULL	catalog-sync behavior
RS3C-05 dual-writer rerun	1	3,493	FULL	producer boundary
RS3C-06 single-artifact rerun	1	4,371	FULL	contract contradiction
RS3C-07 replay/nonce rerun	1	7,638	FULL	C1
RS3C-08 pair/cardinality rerun	1	3,852	FULL	C2
RS3C-09 trigger reconciliation	1	6,547	FULL	C3
RS3C-10 adversarial matrix	1	4,861	FULL	10 added cases and rollup
RS3C-11 decision packet	1	6,138	FULL	blockers and next step
RS3C Codex review packet	1	4,321	FULL	claims and caveats

Supporting read: RS3B-09 adversarial matrix, revision 1, content_length 7,689, read in full to verify the 40 carried cases behind RS3C-10. Operating Rules v7.58, Constitution v4.6.3, and relevant DOT-registration governance material were searched/read as governing context.

2. Package Completeness Assessment

PASS. The executive rollup plus the 13 documents under reports/rs3c/ are present. The package contains recovery proof, full mirrors, both behavior reconstructions, all affected reruns, the 50-case matrix, decision packet, index, and review router. C1, C2, and C3 are each addressed in a dedicated rerun. No required target file was missing or truncated.

3. Source Recovery/Fidelity Assessment

PASS_WITH_CAVEATS. RS3C-01 records a read-only local recovery channel and a same-day comparison against wf_fs_dot_bin_snapshot. It correctly rejects the stale web-test registrar (9c594efd...), which matched only the recorded backup, and selects the local candidate matching the recorded OPERATIONAL registrar hash.

Codex independently recomputed SHA-256 from the complete RS3C-02 code blocks:

Mirror	Bytes	Codex-computed SHA-256	Packet value	Result
dot-dot-register	5,813	31d5cf1508c7950cc30a2a6abb46d7cee868e1cbf951a6095ff0aee7ba48583f	same	PASS
dot-catalog-sync	7,134	7dd84cda6d1e220fc7f54419bf40ec9ad05a952b6a402360df73f0af3fa355cd	same	PASS

The precise accepted claim is: the KB mirrors are internally hash-consistent and match the hashes recorded by the same-day snapshot evidence. Codex did not read /opt/incomex/dot/bin live and did not independently establish wf_fs_dot_bin_snapshot as a trusted attestation provider. Therefore, byte-identical to live OPERATIONAL is not independently proven by Codex and must not be promoted to a signature or trusted-provider claim.

RS3C reports no allowlist patch, service restart, operational configuration change, or runtime mutation. Codex performed none.

4. Source Mirror Assessment

PASS. RS3C-02 contains complete bash mirrors, not excerpts. Line counts and byte counts agree with the recovery proof. Key cited lines resolve correctly: registrar shebang L1, mass scan L121, registry read L128, loop L131, dedup L135, POST L156, status: "active" L173, exit-code check L176, and entrypoint L193; catalog-sync lookup L52, meta_catalog PATCH L68, filesystem scan L84, and entrypoint L264.

The mirror is adequate as the design-review source-of-record under the fidelity caveat in section 3. It is not an authorization source.

5. Registrar Behavior Reconstruction Assessment

PASS_WITH_CAVEATS. The source directly supports the controlling unsafe finding:

• bash executable, not TypeScript: L1;
• hardcoded VPS host/key path: L20-L21;
• mass glob and loop over discovered files: L121 and L131;
• no single-target argument in L95-L100;
• Directus POST to /items/dot_tools: L156;
• hardcoded active status: L173;
• one independent POST per iteration, with no transaction primitives;
• HTTP fail-open reporting: curl lacks --fail, discards the response, and L176 tests curl process exit rather than HTTP status;
• no Owner/APR/gate admission check, artifact hash, logical key, nonce, or attempt identity in the registration path.

Two claims require narrower wording. First, source proves a fragile fixed-substring comparison between scanned paths and stored file_path values; absolute-vs-normalized never matches also depends on DB values and trigger-function behavior not live-read by Codex. Second, absence of UNIQUE(code/file_path) is packet/live-schema evidence, not source-code evidence. These caveats do not weaken the unsafe finding: mass registration, active insertion, missing atomicity, missing authority binding, missing hash binding, and false-success risk are independently sufficient.

6. Catalog-Sync Behavior Reconstruction Assessment

PASS. The full source contains one mutation class: PATCH of meta_catalog.record_count at L68. It has no POST/PATCH/DELETE endpoint for dot_tools, no registrar call, and no lifecycle-field mutation. Its residual risk in this reviewed boundary is stale/advisory count drift, not a registry-row write.

7. Dual-Writer Rerun Assessment

PASS_WITH_SCOPE_CORRECTION. Among the two examined producers, only dot-dot-register writes dot_tools; dot-catalog-sync does not. Thus the RS3B hypothesis that these two are overlapping registry writers is disproved.

Reject the unqualified global statement dot_tools writer set = {dot-dot-register} or exactly one writer. The reviewed source can establish only: dot_tools writer set among {dot-dot-register, dot-catalog-sync} = {dot-dot-register}. Other runtime writers were not exhaustively inventoried by Codex.

8. Single-Artifact Contract Rerun Assessment

PASS. The operational-mirror behavior conflicts with every material single-artifact target: it accepts no scalar target, scans a glob, writes multiple independent active rows, has no transaction or rollback, carries no trusted artifact hash, has no authority envelope, and has no post-commit verification. The contract remains the hardening target; the current registrar is non-compliant. Registration must remain HOLD.

The estimate of approximately 165 local files is workstation evidence, not a proven VPS blast-radius count. It is not needed for the verdict.

9. Replay/Nonce/Logical/Attempt C1 Assessment

PASS. RS3C-07 separates three identities and requires two independent durable constraints:

• UNIQUE(logical_request_key) for one committed logical effect;
• separate durable UNIQUE(authorization_nonce) consumption for one use of the authorization grant;
• attempt_id as execution identity, never the effect-admission key.

It correctly rejects a fresh nonce for an already committed logical effect, preserves consumed state after post-commit failure, and prevents attempt-number bypass. Rejecting iu_route_attempt is coherent with the reported UNIQUE(idempotency_key, attempt_no): that shape is a retry ledger, not a single-use authorization store. This is design closure only; no fit surface is claimed built.

10. Pair/Cardinality C2 Assessment

PASS. The registrar issues one POST per selected target and represents pairing through the paired_dot field. It does not issue a second POST for a verifier. DOT-REGISTER <-> DOT-HEALTH-DOT is a control-plane relationship, not a general two-row-per-target rule. Guards remain content-bound and create zero automatic registry rows. Any future verifier row must arise only from an explicit target contract.

11. Trigger Inventory C3 Assessment

PASS_WITH_CAVEAT. The packet reconciles 17 pg_trigger rows into 13 non-internal user triggers (12 enabled, 1 disabled) and 4 internal FK triggers. The prior count of 14 user triggers was an arithmetic over-count of one; the prior list of 13 names was complete.

Codex has no live pg_catalog read, so this is accepted as packet evidence, not independently reproduced runtime evidence. The trigger's AFTER INSERT/UPDATE execution is supported by the reported inventory. Actual context-pack notification behavior and its conditions remain inferred because the trigger function body was not read this cycle. Keep G7 open as an activation risk; do not state that every active insert certainly emits a notification.

12. Adversarial Matrix Assessment

PASS_AS_DESIGN_CRITERIA. RS3B-09 contains 40 distinct, unexecuted cases; RS3C-10 adds 10 numbered cases for nonce consumption, identity separation, attempt bypass, C2 cardinality, C3 count mismatch, source boundary, unsafe mass registration, and mirror hash mismatch. Total 50 is arithmetically and structurally supported.

No test execution or validator PASS is established. Case 48 is a future regression guard even though the present catalog-sync condition is disproved. All cases remain acceptance/rejection criteria.

13. Blocker Register Assessment

Accepted blocker state:

Blocker	Review disposition
G1 source unreadable	resolved for design review by complete, hash-consistent mirrors; live attestation caveat retained
NF1 unsafe registrar	OPEN and controlling
G2 Owner-of-record	OPEN and deciding authority blocker
G3 governed register_dot action	OPEN
G4 trusted artifact-hash carrier	OPEN
G5 fit replay/nonce surface	OPEN
G6 durable immutable failure-audit sink	OPEN
G7 activation side-effect	OPEN as risk; function-body proof incomplete

The reported runtime counts and schema facts are CLAUDE_READ_ONLY_PACKET evidence. Codex neither confirms nor overrides them with live absence.

14. Accepted Points

1. Complete source mirrors exist in AgentData KB and their hashes recompute exactly.
2. The stale web-test registrar was correctly rejected against the recorded snapshot hashes.
3. SOURCE_CONFIRMS_UNSAFE_REGISTRAR_BEHAVIOR is supported by direct source lines.
4. Catalog-sync does not write dot_tools in the reviewed source.
5. The single-artifact contract is a required target, not current behavior.
6. C1, C2, and C3 are materially corrected.
7. The 50-case matrix is defined but not executed.
8. Registration remains closed.

15. Corrected Points

1. Fidelity means mirror hash equals the recorded snapshot hash; Codex does not claim trusted live attestation.
2. The writer-set conclusion is scoped to the two examined scripts.
3. Dedup is source-proven fragile/fail-open-prone; universal never matches is not independently proven.
4. Trigger execution is evidenced; unconditional notification emission is not independently proven without the function body.
5. Local file-count evidence is not a live VPS blast-radius count.

16. Rejected/Overclaimed Points

• REJECT unqualified proven byte-identical to currently deployed OPERATIONAL as a Codex-live claim.
• REJECT global exactly one dot_tools writer beyond the reviewed producer pair.
• REJECT universal absolute-vs-normalized never matches without complete persisted-value/function-body proof.
• REJECT every active insert certainly emits context-pack notification without the trigger function body.
• REJECT any interpretation of this review as registration approval, schema approval, APR approval, or implementation authorization.

These are precision corrections, not blockers to source-aware design entry. They must be carried into the next macro.

17. Next Macro Decision

OPEN exactly one next macro: REGISTRAR-HARDENING-DESIGN-SOURCE-AWARE.

It must consume the recovered registrar source, the source-derived unsafe behavior, Owner authority envelope, Interface F artifact resolver, replay/nonce/logical state machine, durable failure-audit sink, trigger side-effect constraints, single-artifact contract, and G2 Owner-of-record blocker. It is design only. Do not open implementation, RS-VALIDATOR, registration, or activation.

18. Must-Not-Do Confirmation

This review performed no runtime mutation, DDL/DML, DOT register/wire/run, schema creation, APR creation/approval, gate flip, validator patch, registrar patch, source-law edit, allowlist patch, service restart, registry/table/collection creation, RISK-BYPASS clearance, or 142/18 merge/sanction decision. Hash was not treated as a signature; caller data was not treated as authority; snapshot rows were not promoted to a trusted provider; attempt identity was not allowed to bypass logical identity; consumed state was not expired by request staleness.

19. Final Verdict

ACCEPT_RS3C_AND_PROCEED_TO_REGISTRAR_HARDENING_DESIGN with the precision corrections in sections 15-16. The package is sufficient to enter source-aware registrar-hardening design because the complete mirrors support the controlling unsafe findings and C1-C3 are corrected. This verdict does not approve the current registrar or any registration activity.

Final gate: REGISTRATION_HOLD - REGISTRATION_CAN_PROCEED = NO.