KB-6407

MACRO ROLLUP — READY-TO-ASSEMBLE-LEGO1-PATCH2 — 2026-06-22

6 min read Revision 1

macro-rollupready-to-assemble-lego1-patch2holddot-directus-path-incompletefailure-reproduction-firstregistration-hold2026-06-22

MACRO ROLLUP — READY-TO-ASSEMBLE-LEGO1-PATCH2 — 2026-06-22

VERDICT: READY_TO_ASSEMBLE_LEGO1_PATCH2_HOLD_DOT_DIRECTUS_PATH_INCOMPLETE (not forced) · REGISTRATION_HOLD ACTIVE · CAN_PROCEED = NO · P2 / named lane CLOSED · NOT AUTHORIZED · 0 runtime mutations · DO NOT IMPLEMENT · NO subagents (project rule).

Ready to request dry-run authorization: NO. Ready to run dry-run now: NO.

What this macro did

Closed-loop on the official Codex PATCH1 HOLD (NEED_READY_TO_ASSEMBLE_LEGO1_PATCH2), following failure-reproduction-first: read the controlling HOLD, reproduced every finding from independent live read-only evidence, corrected the C1 build blueprint, ran an internal Codex negative review, and reported HOLD because the internal review would not PASS.

Method

Read the Codex HOLD in full + PATCH1 files 02–06/08/09 + internal self-review verbatim.
Independent live read-only discovery (all READ_ONLY_SAFE, 0 writes): dispatcher def, fn_iu_collection_create, dot_agent_api_contract, full 54-row dot_iu_command_catalog, v_dotkg_realrun_preflight, governance_build_authorization constraints/columns, resolver counts, fn_iu_bcf_harness_run, dot_config, and a C1-surface existence probe.
Computed real cser-v1 SHA-256 digests locally (no mutation).

Reproduction result (all Codex findings REAL)

R1 dispatcher RAISES on REAL_RUN · R2 dot_iu_create_collection→iu_piece_collection (no Directus DDL anywhere in the catalog) · R3 c1_contracts=0/c1_dot_tools=0/c1_table=0 · R4 v_dotkg_realrun_preflight is DOT_KG-specific (c1_preflight_views=0) · R5 status granted outside {draft,active,consumed,expired,revoked}, auth_count=0 · R6/R7 @> superset · R8 resolver join apr(14)⨝pav(12)=0, different namespaces · R9 fn_iu_bcf_harness_run tests IU axis B/C/F · R10/R12 doc-level (now closed) · R11 compensation labels.

Closure map (12 blockers)

CLOSED: B2 (→AUTHORITY; broken join dropped, deterministic R_C1 over apr_action_types), B3 (→AUTHORITY_MISSING_ONLY; verifier status='active'+exact set-equality+esign authenticity+approved-request binding), B8 (real cser-v1 bytes/digest/recompute), B9 (read-only evidence packet), B10 (truthful blast-radius + shared-config caveat), B11 (overclaim retracted), B12 (real A1–A22 negative review).
PREPARATION_GAP (executable contract absent; PATCH2 forbidden to create): B1 (schema DOT + producer/verifier pair + value-admit/audit), B4 (governed consume handler + esign verifier), B5 (transition/compensation handlers + c1_build_run), B6 (C1 harness), B7 (v_c1_realrun_preflight).

Why HOLD (controlling reason)

Codex §5.1: "actual registered artifacts and read-only definition evidence — authorization may remain absent; the executable contract may not." The C1 executable contracts do not exist; registering them is forbidden under REGISTRATION_HOLD/0-mutation. A Form-B specification is necessary progress but is not a registered artifact, so the preparation gap is irreducible within PATCH2 → HOLD (macro §6/§7; "do not force READY").

Corrected blueprint (durable output for Gate-B build-prep)

REAL_RUN via executor endpoint + governed promotion (not the dispatcher); schema via new DOT_C1_SCHEMA_ENSURE + table_registry (not dot_iu_create_collection); values via DOT_C1_VALUE_ADMIT (not IU staging, not raw INSERT); verifier on the real status domain + exact set-equality; consume-before-write via governed handler in one txn (not raw DML); resolver from apr_action_types' own columns; C1-specific preflight view + harness; cser-v1 pinned with real digest 2ab1f90bc57322438186f967613290824c704664d516ca3feec96f01eb99e650.

Files (14 + this rollup)

…/reports/ready-to-assemble-lego1-patch2/: index, 01 (failure-reproduction ledger + mindset), 02 (DOT/Directus), 03 (identity/lifecycle), 04 (manifest/resolver), 05 (verifier/consume), 06 (atomicity/rollback), 07 (preflight), 08 (tests T1–T20), 09 (cser/hash), 10 (evidence/blast-radius), 11 (internal Codex review), 12 (final decision), codex-review-packet. Additive; pre-write C1 surface = 0; all uploads via agent-data.

Carry-forward

Carried blockers UNCHANGED; no new runtime blocker/reject-code (all reject codes are design labels). NEXT = GPT → Codex re-review of reproduction+blueprint → if accepted, separately-authorized Gate-B build-prep authorization to register the C1 executable contracts (not dry-run authorization; not P2/named-lane; not C1 registration/activation) → after artifacts exist & are read-back-verifiable, the genuine dry-run-authorization-readiness review → residual ⇒ READY_TO_ASSEMBLE_LEGO1-PATCH3.

Spec ≠ registered artifact; engineering PASS ≠ authority PASS; preparation-complete ≠ dry-run authorization; dry-run authorization ≠ dry-run execution; request-authorization-readiness requires the executable contract to exist. Builds on / closes the HOLD from [[project_ready_to_assemble_lego1_patch1_codex_hold_closure_2026_06_22]].