Codex Review Packet — DOT Manage → LEGO Transition for C1 Dry-Run

Macro: DOT_MANAGE_LEGO_TRANSITION_SURVEY_FOR_C1_DRYRUN · Date: 2026-06-22. Ask: Codex CONFIRMS (does not discover). Verify the survey is complete, the classifications are correct, the plan closes all prerequisites, and nothing is overclaimed.

---

Proposed verdict

DOT_MANAGE_LEGO_TRANSITION_SURVEY_COMPLETE_FOR_C1_DRYRUN — survey/plan complete; C1 is NOT dry-run-ready; REGISTRATION_HOLD ACTIVE · CAN_PROCEED=NO · P2 CLOSED · 0 governed mutations.

Claims to confirm (each backed by a package file)

1. DOT registry state (02, evidence 01): dot_tools=309; CAT-006 active (record 309 vs actual 163); dot_agent_api_contract=2 (DOT_KG_EXPLAIN pair only); table_registry=21; Directus collections=352; C1 absent on every surface; gates closed; OSPA=0; ownership=0. All read-only.
2. Frozen-not-enforced finding (02 §5,06): handbook §13 marks 3 birth DOTs frozen/monitored, but live dot_tools rows are status=active, extra_metadata={} with no enforced freeze flag. Surfaced as REPAIR + operator action; not reused.
3. Birth/registration path (03): two distinct births; the lawful registrar dot-dot-register exists but creds-absent; dot-birth-admit is author-mode spec only; only A4 (register) + A9 (gate/Owner) are blocked — both operator-only. No new path invented.
4. Macro-9 fit (04): DOT_R2_B2_STAGING_SCHEMA_SHELL authored/admitted, REGISTRATION_HOLD, pure validator, R2-B2-scoped → REUSE_WITH_LEGO_ADAPTER as a REAL_RUN sandbox template, not a dry-run prerequisite (a DRY_RUN never writes a schema).
5. Reuse-first matrix (05): 4 reuse-as-is, pattern-reuse for ensure/contract/preflight, extend DOT-062, ~5 new C1 DOTs; explicit rejections (generic DOT_SCHEMA_ENSURE, dot_iu_create_collection, KG/GOV/TAC verifiers).
6. Surface map (07): dry-run critical path = collection+table_registry + ~5 registered C1 DOTs + 2 contracts + view + grant + ownership; REAL_RUN items deferred.
7. DOT-manage updated (08): addendum (rev1) + README pointer (rev2) applied; governed updates recorded as operator actions.
8. Plan completeness (09): 8 phases close all prerequisites; gating dependency = operator Gate-B (P0); no orphan (P1.3); no bypass (P3 via lawful registrar).
9. Self-review (10): 0/11 attacks succeed; residuals disclosed (composite-PK/write-once primitive choice; executor liveness; apr_action_types row count) as in-phase verifications.

Adversarial points for Codex to press (where this package is most attackable)

• A2/A4 nuance: is choosing the collection+contract route over forking the Macro-9 staging schema for the dry-run correct? (Package position: yes — DRY_RUN writes nothing, so a disposable schema is a REAL_RUN concern. 04 §8.)
• A7 residual (P2): which existing DOT actually creates a composite-PK + write-once table — is DOT_COLLECTION_REGISTER sufficient, or is DOT_C1_SCHEMA_ENSURE + a trigger step required? Flagged as verify-in-phase, not resolved here.
• Frozen-flag integrity: should the macro have HELD on the registry-vs-handbook divergence rather than recording it as a repair? (Package position: it is an integrity repair + operator action, and no frozen DOT is reused, so it does not block the survey.)
• Dispatch sufficiency: is dry_run_only=true truly sufficient for a governed dry-run while execute_enabled=false? (Package position: yes for DRY_RUN — the dispatcher raises on REAL_RUN by design and never writes; the KG precedent shows endpoint-bound dry-run evidence under closed REAL_RUN gates.)

What this packet does NOT claim

• Does NOT claim C1 is dry-run-ready, registered, or runnable.
• Does NOT claim any governed write/registration was performed.
• Does NOT treat the local C1 sandbox as governed runtime.

Requested Codex outcome

Confirm DOT_MANAGE_LEGO_TRANSITION_SURVEY_COMPLETE_FOR_C1_DRYRUN and accept 09 as the execution-macro plan; OR return precise findings if the survey/classification/plan is incomplete (mapped HOLD/REJECT codes in 10).