Macro-RS1 — Registration Substrate Trust Survey and Design-Entry Gate

Mission: R2-B2-MACRO-RS1-REGISTRATION-SUBSTRATE-TRUST-SURVEY-AND-DESIGN-ENTRY-GATE-2026-06-20 Class: read-only survey + reconstruction + acceptance-criteria (design-entry) packet · READ-ONLY · NON-ENACTING · NON-AUTHORIZING · NOT technical design · NOT implementation · NO blocker resolved · NO runtime mutated. Date: 2026-06-20 · Editorial revision: rev1 (AgentData storage revision / content_length authoritative at read time). Slice: the registration substrate for admitting/registering DOT_R2_B2_STAGING_SCHEMA_SHELL only. Not whole-system. Authorizes nothing. Engineering PASS ≠ Authority PASS. KB admission ≠ runtime registration. Default = HOLD.

---

1. STATUS

PASS_WITH_CAVEATS — the RS1 read-only survey is complete and is ready to hand to Codex. The registration substrate itself remains HOLD. "Survey complete" is not "registration ready". Engineering/survey PASS ≠ authority PASS.

Mutation footprint this macro: ZERO. Evidence = direct AgentData KB reads + read-only query_pg (AST-validated READ ONLY, 5 s timeout, LIMIT 500) + list_docker. No DDL/DML, no manual SQL, no psql, no Directus mutation, no registration, no APR, no gate flip, no validator re-run, no schema, no owner row.

2. VERDICT

RS1_HOLD_REGISTRATION_PATH_UNPROVEN

Registration of DOT_R2_B2_STAGING_SCHEMA_SHELL cannot proceed. There is no authorized DOT-registration path proven, no Owner-of-record (governance_object_ownership = 0, live), no trusted production-untouched snapshot provider (Guard 3 verifies caller-supplied evidence only — N07), no isolated DOT-executor role (live), and four open validator registration-readiness gaps (N07/N12/N16/N22, source-confirmed). Each of registration-path-unproven, owner-authority-missing, and snapshot-source-untrusted is independently sufficient to keep registration closed (per the official Codex gate). This agrees with the authoritative Codex review of 2026-06-20: REGISTRATION_CAN_PROCEED = NO.

One material new finding (CONFLICT, surfaced for Codex): a fresh live read of fn_auto_approve_add (2026-06-20) shows the INSERT-path quorum bypass was contained by a P0 patch dated 2026-06-06; yet the Đ32/Đ35 compatibility notes (2026-06-17) and the official Codex report (2026-06-20) still carry the INSERT-path fn_auto_approve_add bypass + "160 unvoted applies" as a live BLOCKER. RS1 does not clear RISK-BYPASS on its own authority — the mechanism is contained but residue and surfaces remain, and the verdict above does not depend on the bypass status. Recorded as SOURCE_CONFLICT for Codex reconciliation.

Design-entry to a read-only/KB-design follow-up (RS2) is READY; registration entry is HELD.

3. EXECUTIVE SUMMARY

RS1 located the blockers precisely (the macro's operational goal: escape "we don't know where the blocker is").

1. The DOT is authored + KB-admitted, not registered. Live: dot_tools = 309 rows, 0 match r2_b2/staging_schema_shell; dot_agent_api_contract = 2 unrelated rows; governance_object_ownership = 0; no r2_b2_wb_*/wb_* schema exists. The admission record (rev9) explicitly states REGISTRATION_HOLD / HOLD_FOR_OWNER_REAL_RUN / NOT_OWNER_AUTHORIZED and "invents no new runtime registry."

2. The registration path is a DB write through a governed gate that is not proven trustworthy for this DOT. Registering a DOT means writing dot_tools (+ law_dot_enforcement mapping, + optional dot_agent_api_contract, + a dot_config gate) — Đ35 requires this to flow through an APR under Đ32. The contract §7 says "dot_tools is NOT written by hand … registration requires an authorized DOT-registration path or Owner-approved runtime gate." No such authorized path is proven to exist or be safe for this DOT.

3. RISK-BYPASS is partially mitigated but conflicted. Live fn_auto_approve_add no longer flips action='add' to approved at INSERT (P0 containment 2026-06-06); the quorum guard fn_apr_quorum_check is intact and correct. BUT: the approval_requests.action column DEFAULT is still 'add' (live), 160 historical non-quorum applied rows remain (live: orchestrator-s142b=142 + auto-apply-function=18), fn_apr_quorum_check still has a legacy pass-through when proposed_action_code/risk_level is NULL, Đ35 carries "PRODUCTION READINESS FAIL" (not re-verified this run), and the laws-new notes + Codex still treat it as open. → CONFLICT, not cleared.

4. Owner authority and trusted-observer trust are absent. governance_object_ownership = 0 (no owner anywhere). Guard 3 (production_untouched_verify) is a pure verdict over caller-supplied before/after evidence — it does no DB I/O and proves equality, not provenance (N07). No owner-reference resolver and no trusted read-only snapshot provider exist.

5. Validator N-findings open (source-confirmed). N07 (fabricated owner ref + self-asserted snapshot), N12 (run_id accepted as a substring of the target, not exact r2_b2_wb_<run_id>), N16 (no PostgreSQL 63-byte identifier-length check), N22 (None/non-mapping request raises AttributeError instead of a structured reject). The original 7 Codex HOLD findings are closed at the engineering layer (validator rev2, 64/64 PASS); the N-findings are a different, still-open set.

6. Runtime is fail-closed/inert (the safe default). Live gates: dry_run_only=true, execute_enabled=false, operator_runtime_enabled=false, real_run_enabled=false. Schema-create is held by the generic directus app role (GAP 2) and workflow_admin SUPERUSER; no isolated DOT-executor role exists (GAP 4); generic Directus create is not policy-blocked (GAP 3). No persisted bypass GUC (pg_db_role_setting empty); transient session GUCs (e.g. app.canonical_writer, used by the IU-create gateway) are unobservable read-only and cannot be proven absent.

7. Reuse-first is not yet exhausted, and DOT_GOVERNANCE_DOT_ADMISSION necessity is NOT proven. No existing collection/table/schema is a safe disposable R2-B2 workbench (handbooks confirm). Whether existing registration primitives (dot_tools + APR/Đ32 + law_dot_enforcement + dot_config) can supply a trusted DOT-registration without a new governance collection is unproven → defer governance_dot_admission (candidate-on-paper).

Net: registration HOLD on ≥3 independent single-sufficient blockers. RS1 packet ready for Codex.

---

4. SOURCE AUTHORITY MAP

Tiers: PRIMARY_RUNTIME_EVIDENCE · PRIMARY_CONTRACT · PRIMARY_LAW_NEWLAWS · PRIMARY_HANDBOOK · SECONDARY_REPORT · SOURCE_NOT_READ. (/laws/ = source/provenance corpus, read-only enacted; laws-new/newlaws = working-law/notes/drafts, non-enacting. Draft ≠ enacted. Engineering PASS ≠ authority PASS.)

File/path	Revision	Read status	Source tier	Used for	Caveat
Live query_pg/list_docker survey (DB directus, 2026-06-20)	n/a	READ (this run)	PRIMARY_RUNTIME_EVIDENCE	dot_tools/ownership/agent-api/law_dot_enf counts; schemas; approval triggers+functions; roles+privs; gates; GUCs	Read-only role view; bounded to queries run; transient session GUCs not observable
…/dot-manage/specs/dot-r2-b2-staging-schema-shell.contract.md	2	READ FULL	PRIMARY_CONTRACT	modes, inputs, allowlist, stop states, §7/§8	AUTHORED, not registered/wired/run
…/dot-manage/specs/dot-schema-write-guards.contract.md	2	READ FULL	PRIMARY_CONTRACT	4 guards, §Hardening GAPS 1–10	Guard 3 = supplied-evidence only
…/dot-manage/specs/dot-r2-b2-staging-schema-shell.validator.py	2	READ FULL (source-inspected)	PRIMARY_CONTRACT	N07/N12/N16/N22 verification; 7-finding closure	NOT_RERUN (verified by source + captured evidence, not executed)
…/dot-manage/specs/dot-r2-b2-bad-input-matrix.md	2	READ FULL	PRIMARY_CONTRACT	64-case coverage; absence of N-cases	Bounded enumeration
…/dot-manage/specs/dot-r2-b2-validator-test-run-v2.txt	1	READ FULL	PRIMARY_CONTRACT	64/64 PASS, 0 fail-open, EXIT=0	Local pure-validator, NOT runtime proof
…/dot-manage/admission/dot-r2-b2-staging-schema-shell-birth-admission-2026-06-19.md	9	READ FULL	PRIMARY_CONTRACT	registry bridge, §12 candidate-on-paper, admission gate	KB admission ≠ registration
…/dot-manage/dot-usage-handbook.md	11	READ (targeted §15/§18 + exec report)	PRIMARY_HANDBOOK	DOT-only zone; no authorized run-scoped staging-schema DOT	115013 chars; targeted chunk read, not full body
…/collections-manage/collections-usage-handbook.md	11	READ (targeted §16/§19)	PRIMARY_HANDBOOK	no reuse for disposable workbench	94267 chars; targeted chunk read
…/collections-manage/README.md	1	READ FULL	PRIMARY_HANDBOOK	DOT-only rule; no manual SQL/psql/Directus generic	—
…/dot-manage/README.md	1	PARTIAL (listing/metadata)	PRIMARY_HANDBOOK	folder canonicality	Body not read
…/newlaws/notes/dieu32-approval-owner-gate-compatibility-note.md	1	READ FULL	PRIMARY_LAW_NEWLAWS	Owner-gate preserved; RISK-BYPASS blocker; no Stamp-bypass	KEEP+NOTE, non-authorizing
…/newlaws/notes/dieu35-dot-governance-compatibility-note.md	1	READ FULL	PRIMARY_LAW_NEWLAWS	PRODUCTION READINESS FAIL; RISK-BYPASS; fn_birth_gate scope	KEEP+NOTE, non-authorizing
…/newlaws/notes/dieu4-birth-process-compatibility-note.md	1	READ FULL	PRIMARY_LAW_NEWLAWS	TEMP@INSERT/canonical@promote; HOLD-2 (no atomic promote txn)	KEEP+NOTE
…/newlaws/notes/dieu39-knowledge-graph-compatibility-note.md	1	READ FULL	PRIMARY_LAW_NEWLAWS	KG runtime-EMPTY; no KG backfill; AI-proposes	KEEP+NOTE
…/newlaws/LAW_READING_INDEX.md	2	READ FULL	PRIMARY_LAW_NEWLAWS	two-corpus rule; CONS-004 order; open-blocker list	Non-enacting pointer
…/laws-new/required-stamps.v0.1.json	6	READ FULL	PRIMARY_LAW_NEWLAWS	stamp model; pre/post-promote store split	DRAFT — not enacted
…/laws-new/promote-checker-v0.1-spec.md	11	READ FULL	PRIMARY_LAW_NEWLAWS	"No checker, no lane"; verdict-only; atomic promote txn	DRAFT — not enacted
…/laws-new/de-bai-cai-tien.md	33	READ (anchors)	PRIMARY_LAW_NEWLAWS	kho-tạm→checker→promote→rollback model; reuse-first	29088 chars; anchor-extracted
…/laws-new/matrix-stamp-governance-addendum.md	14	READ (anchors)	PRIMARY_LAW_NEWLAWS	anti-bloat; reuse-first; no new table	26474 chars; anchor-extracted
…/laws-new/matrix-refactor-quick-rules.md	8	READ (anchors)	PRIMARY_LAW_NEWLAWS	"kho tạm trước"; never write canonical directly	6057 chars
…/laws-new/cau-hoi-khi-tai-cau-truc.md	82	PARTIAL (summary)	PRIMARY_LAW_NEWLAWS	QCM precedent; reuse-first/minimal-fastest; Nhóm 0 Reuse Baseline	145449 chars; summary only
…/reports/codex/codex-review-r2-b2-matrix-stamp-governance-registration-readiness-2026-06-20.md	1	READ FULL	SECONDARY_REPORT	the official gate: REGISTRATION_CAN_PROCEED=NO; F1; N07/N12/N16/N22; DEFER admission	Official current review
…/reports/codex/codex-rereview-macro9b2-validator-contract-remediation-2026-06-20.md	1	READ FULL	SECONDARY_REPORT	7 original findings closed (engineering); caveats	resolves item #19 of read-list (renamed/redated)
…/reports/codex/codex-review-macro9b-dot-package-and-birth-admission-2026-06-19.md	1	READ FULL	SECONDARY_REPORT	the original 7 HOLD findings (now closed)	—
…/reports/architecture/one-roof-…-2026-06-01/27-auto-approve-hardening-risk-note.md	1	READ FULL	SECONDARY_REPORT	fn_auto_approve_add bypass mechanics (verbatim live src 2026-06-01)	report; corroborated by my live read
…/reports/architecture/one-roof-…-2026-06-01/84-sb1-fail-closed-trigger-quorum-rehearsal-results.md	1	READ FULL	SECONDARY_REPORT	trigger timing; Phase-A/B; 160 unvoted applies	report; corroborated live
…/consolidation/r2-b2-inspect-producer-td-prep-lego-2026-06-18.md	1	PARTIAL (header)	SECONDARY_REPORT	B2 producer TD-prep = out-of-slice; design-only	Body not read (out of RS1 slice)
…/consolidation/r2-b2-technical-design-readiness-lego-2026-06-18.md	1	PARTIAL (header)	SECONDARY_REPORT	TD-readiness criteria; no blocker resolved	Body not read
…/consolidation/r1-r2-modular-lego-architecture-scoping-2026-06-18.md	1	PARTIAL (header)	SECONDARY_REPORT	LEGO architecture; design-only	Body not read
Claude "Macro-AB" RS1-precursor report	—	SOURCE_NOT_READ	SOURCE_NOT_READ	—	Not found in KB (matches Codex's own SOURCE_NOT_READ); the "23 extra cases" claim is NOT used as evidence
knowledge/dev/laws/dieu32-approval-law.md, …/dieu35-dot-governance-law.md	enacted	PARTIAL (via notes + search)	(source corpus)	provenance for Đ32/Đ35	Read via compatibility notes + search snippets, not full body

5. REGISTRATION PATH RECONSTRUCTION

Q1 — To register a DOT into runtime, which surfaces must be touched? (from contract §7, admission §7 registry bridge, Đ35 note, live schema)

• dot_tools — master DOT registry row (INSERT). The lawful "complete birth of a DOT tool = deployed in the governed path + registered in dot_tools" (RP-03 architecture note, staged/credentials-gated).
• law_dot_enforcement — DOT-enforcement mapping (272 rows live; paired-DOT discipline per Đ35).
• dot_config — a runtime execute gate row (gates are live-shut).
• dot_agent_api_contract — optional agent-api binding (2 unrelated rows; the DOT is unbound).
• governance_object_ownership — Owner-of-record row (0 rows live). Each is a DB write.

Q2 — Which surfaces are DB/Directus/schema and therefore DOT-only? All of the above + the eventual CREATE SCHEMA r2_b2_wb_<run_id> are PostgreSQL/Directus writes → DOT-only zone (DOT handbook §3; collections README: "Directus/Postgres/schema changes are DOT-only. No manual SQL, no psql, no Directus generic collection creation"). KB document upload is the allowed output channel and is not part of the DOT-only schema zone.

Q3 — Where does Đ32 participate? Đ35 requires a new/fix DOT to be created via an APR governed by Đ32. The APR path is approval_requests with the quorum gate fn_apr_quorum_check firing on the pending → approved UPDATE (high-risk = ≥1 president + ≥2 ai_council, reject blocks, self-approve prohibited). Registering a high-risk DOT therefore depends on the Đ32 quorum gate being trustworthy.

Q4 — Where does Đ35 participate? Đ35 is the DOT-governance law: dot_tools as SSOT, paired DOT (A=read/auto-approve, B=execute/Đ32-approval), law_dot_enforcement mapping, fix_repair_dot lifecycle. Đ35 note: enacted ≠ production-ready ("PRODUCTION READINESS FAIL"); reuse the pattern, carry the caveats.

Q5 — Role of dot_tools / dot_config / dot_agent_api_contract / law_dot_enforcement / governance_object_ownership? They are the runtime authority registries (admission §7 registry bridge). The KB admission record does not replace them and confers no runtime status. Live: DOT absent from dot_tools (0/309); not bound in dot_agent_api_contract; gates shut in dot_config; no owner in governance_object_ownership.

Q6 — Any paired DOT / existing primitive to reuse? No existing DOT builds a run-scoped, disposable, delete-fast staging schema (DOT handbook §15 NO-GO / §18 Missing Register; ~30 DOT_SCHEMA_*_ENSURE write prod public, not a run-scoped schema). The registration primitives (dot_tools INSERT + APR/Đ32 + law_dot_enforcement + dot_config) exist but their trusted use for this DOT is unproven (no authorized DOT-registration DOT/path demonstrated; manual writes forbidden).

Q7 — Exactly which capability is missing? A trusted, governed DOT-registration transaction: (a) an authorized actor/path that writes dot_tools+mapping+gate atomically (not by hand), (b) bound to a real Owner authority (Đ32 quorum), (c) with rollback/postcondition proof, (d) executed by an isolated minimal-privilege role. None of (a)–(d) is proven.

Q8 — If a DOT is missing, what is the minimal DOT (conditions only, no design/implementation)? Only if RS2 proves no existing governed primitive suffices: a single, bounded DOT-registration responsibility that consumes already-authoritative approval/owner/admission evidence, writes exactly one registration through existing registries, exposes a paired read-only verifier, has exact rollback + postcondition evidence, and creates no new authority store / approval model / birth system / graph / scheduler / generic registry platform (Codex §7 constraints). This is a condition set, not a design.

6. TRUST PROPERTY MATRIX

Status ∈ {GO_READONLY, HOLD, BLOCKED, SOURCE_NOT_READ, CONFLICT, DEFER}. "Single sufficient blocker" = enough on its own to keep registration closed.

#	Trust Property	Current Evidence	Status	Why	Minimal closure condition	Forbidden shortcut	Next macro owner
1	Đ32 quorum path	Live fn_apr_quorum_check intact+correct; INSERT-bypass contained 2026-06-06; notes/Codex say HOLD	CONFLICT	Live src ≠ notes/Codex; null-mapping pass-through remains	Reconcile live vs notes; close null proposed_action_code/risk pass-through; authority re-confirm	Patch quorum fn by hand; trust notes over live src	RS2
2	fn_auto_approve_add bypass	Live fn: P0 containment 2026-06-06 (no INSERT auto-approve); notes/Codex: open	CONFLICT	Mechanism contained; evidence stale upstream	Codex re-reads live fn; record reconciliation	Declare "bypass closed → register"	RS2
3	160 unvoted applies	Live: 142 orchestrator-s142b + 18 auto-apply-function applied rows remain	HOLD	Historical non-quorum residue not cleaned	Inventory + classify + governed remediation of the 160	Bulk-delete/relabel by hand	RS2
4	Đ35 production readiness	Đ35 note: "PRODUCTION READINESS FAIL", 14/14 health not LIVE	HOLD	Not re-verified live this run	Re-run/observe the 14 health checks; close prod-readiness	Treat enacted v5.2 as production-ready	RS2
5	Owner authority / owner row	Live governance_object_ownership = 0	BLOCKED (single sufficient)	No Owner-of-record anywhere	A real Owner grant lands an ownership row via Đ32	Claim/assign Owner; self-authorize	Owner (after Codex)
6	Owner-reference resolver	Validator only non-empty-checks owner_authorization_ref; N07	HOLD	Fabricated ref passes	External resolver binds ref to a real grant before validator	Trust caller-asserted ref	RS2
7	Production-untouched trusted snapshot provider	Guard 3 = pure verdict over caller-supplied before/after; N07	BLOCKED (single sufficient)	Proves equality, not provenance	Trusted read-only observer supplies + signs snapshots	Treat equal caller snapshots as no-touch proof	RS2
8	Manual/generic write-path hardening	Live: directus role has schema-create; Directus 11.5 generic create not blocked (GAP 3)	HOLD	Generic create path open at runtime	Policy-block generic Directus/PG create; DOT-only enforced	Use manual SQL/psql/Directus generic as fallback	RS2/Owner
9	Isolated DOT-executor role	Live: 21 roles; none is a scoped DOT-executor (GAP 4)	BLOCKED	Write sits with directus + workflow_admin SUPERUSER	Create minimal-priv role scoped to r2_b2_wb_* (a grant = runtime write)	Run DOT as directus/workflow_admin	Owner (grant)
10	Runtime gate state	Live: dry_run_only=true, execute_enabled=false, operator_runtime_enabled=false, real_run_enabled=false	GO_READONLY	Fail-closed/inert = safe default	Keep closed; flipping is an explicit governed write	Flip a gate to register/real-run	Owner
11	dot_tools registration path	Live: 0/309 match; contract §7 "not written by hand"	BLOCKED (single sufficient)	No authorized DOT-registration path proven	Prove a governed registration transaction (RP-03 staged path)	Direct dot_tools INSERT	RS2
12	dot_config gate/config path	Live gates shut; flip = governed write	HOLD	Inert by default	Owner-approved gate flip post-registration	Hand-flip dot_config	Owner
13	dot_agent_api_contract binding	Live: 2 unrelated rows; DOT unbound	HOLD	Binding is a write	Governed binding after registration (channel decision)	Hand-insert binding	RS2/Owner
14	law_dot_enforcement binding	Live: 272 rows; DOT not mapped	HOLD	Mapping is a write	Governed paired-DOT mapping at registration	Hand-insert mapping	RS2
15	governance_object_ownership role	Live: 0 rows	BLOCKED	Owner model unpopulated	Owner grant lands a row via governed path	Hand-insert owner row	Owner
16	Validator N07/N12/N16/N22	Source-confirmed all 4 OPEN (rev2)	HOLD	Authority/identity/length/non-mapping gaps	KB/code-only validator patch + adversarial tests	Wire validator to a mutating runner with N-gaps open	RS-Validator
17	PG identifier length / truncation (N16)	No len(...)<=63 in _validate_target	HOLD	63-byte truncation collision risk	Validate encoded length; test collision/truncation negatives	Ignore truncation	RS-Validator
18	Non-mapping malformed request (N22)	validate_request does req.get(...) with no isinstance guard	HOLD	None/non-dict raises AttributeError	Reject non-mapping + bad field types with deterministic codes	Assume caller always sends a dict	RS-Validator
19	Registration transaction rollback proof	None; analog HOLD-2 "atomic promote has no real transaction"; promote-checker: no txn → no lane	HOLD	Registration write has no proven atomic/rollback	Define txn boundary + rollback + postcondition proof	"We'll roll back manually if it breaks"	RS2
20	Live executor/script identity proof	Codex: local mirror/origin only; no live /opt/incomex/dot/bin proof this run	HOLD	Mirror parity ≠ live VPS proof	Verify deployed script identity/hash on live VPS via governed read	Treat local mirror as live proof	RS2
21	Transient GUC limitation	Live: iu_create.gateway.marker_key=app.canonical_writer (session GUC gates writes); transient GUCs unobservable read-only	HOLD	Cannot prove absence of a transient bypass	Design write-gating that does not rely on spoofable session GUC, or prove it server-enforced	Claim "no transient bypass exists"	RS2
22	Persisted GUC evidence	Live: pg_db_role_setting = 0 rows	GO_READONLY	No persisted per-db/role bypass GUC found	Keep persisted layer clean; re-check at registration	Generalize to "no GUC bypass at all" (transient unproven)	RS2
23	Reuse viability — existing registration primitives	Primitives exist (dot_tools+APR/Đ32+law_dot_enforcement+dot_config); trusted use unproven	HOLD	Reuse-first not exhausted	Prove existing primitives can do a trusted registration (RS2)	Build a new registry before exhausting reuse	RS2
24	Need for DOT_GOVERNANCE_DOT_ADMISSION	Admission §12 candidate-on-paper (governance_dot_admission); Codex §7 DEFER	DEFER	Necessity not proven; reuse-first open	Prove no governed primitive supplies the function (then narrow boundary)	Author/register a new governance collection now	RS2
25	STOP condition for registration	≥3 single-sufficient blockers (5,7,11) + others	BLOCKED	Registration must remain closed	All single-sufficient blockers closed + Codex + one Owner decision	"Engineering PASS → register"	Owner

7. RS1 QCM (Question / Criteria Matrix)

Schema: ID | Question | Why needed | Evidence to read | Acceptance Criteria | Answer Status | Gate Impact | Satisfaction 0–4 | Notes. (Answer Status ∈ ANSWERED / PARTIAL / OPEN; Satisfaction 0=none…4=fully evidenced.)

ID	Question	Why needed	Evidence to read	Acceptance Criteria	Answer Status	Gate Impact	Sat	Notes
RS1-Q01	Is the official Codex registration-readiness review read and current?	Gate authority	codex-review-…-registration-readiness-2026-06-20 (rev1)	STATUS+verdict+gate quoted from source	ANSWERED	Gating	4	REGISTRATION_CAN_PROCEED=NO
RS1-Q02	Is the macro-9B2 re-review read; what did it close vs leave open?	Separate engineering vs registration	codex-rereview-macro9b2 (rev1)	7 findings closed; runtime NO	ANSWERED	Gating	4	engineering layer only
RS1-Q03	Is DOT_R2_B2_STAGING_SCHEMA_SHELL in dot_tools?	Registration fact	live query_pg	count match = 0	ANSWERED	Gating	4	0/309
RS1-Q04	Is there an Owner-of-record for this lane?	Owner authority	live governance_object_ownership	rows for lane	ANSWERED	Gating (BLOCKER)	4	0 rows total
RS1-Q05	Does an authorized DOT-registration path exist/proven?	Path trust	contract §7; RP-03; live registries	named governed path + proof	OPEN	Gating (BLOCKER)	1	only "staged/creds-gated" mention
RS1-Q06	Is the Đ32 INSERT-path bypass live today?	RISK-BYPASS	live fn_auto_approve_add src	function flips status?	ANSWERED	High	4	contained 2026-06-06 (CONFLICT w/ notes)
RS1-Q07	Is the quorum guard intact for a high-risk registration APR?	Approval trust	live fn_apr_quorum_check	high=≥1 pres+≥2 council, reject-block, no self-approve	ANSWERED	High	3	intact; null-mapping pass-through caveat
RS1-Q08	Do the 160 unvoted/auto-applied rows still exist?	Residue	live approval_requests group	count of non-quorum applied	ANSWERED	Medium	4	142+18=160 present
RS1-Q09	Is the action column default still 'add'?	Default-trap surface	live information_schema.columns	default value	ANSWERED	Medium	4	still 'add' (H-OPT-2 not applied)
RS1-Q10	Is Đ35 production-readiness re-verified?	Governance trust	Đ35 note; live health checks	14/14 LIVE	PARTIAL	High	1	note says FAIL; not re-run this macro
RS1-Q11	Is Guard 3 a trusted no-prod-touch proof?	Snapshot trust	guards contract; validator.py	provenance-bound snapshot	ANSWERED	Gating (BLOCKER)	4	caller-supplied only (N07)
RS1-Q12	Does an owner-reference resolver exist?	Authority binding	validator.py; N07	ref→real-grant resolution	ANSWERED	High	4	only non-empty check
RS1-Q13	N12 — is run_id matched exactly or as substring?	Target identity	validator _validate_target	exact r2_b2_wb_<run_id>	ANSWERED	High	4	substring (in) — OPEN
RS1-Q14	N16 — is PG 63-byte identifier length enforced?	Truncation	validator.py	length check present	ANSWERED	Medium	4	absent — OPEN
RS1-Q15	N22 — is a non-mapping request rejected deterministically?	API robustness	validator validate_request	isinstance/dict guard	ANSWERED	Medium	4	raises AttributeError — OPEN
RS1-Q16	Is Directus/Postgres/schema a DOT-only zone?	No-manual-path	DOT handbook §13; collections README	explicit DOT-only statement	ANSWERED	Gating	4	yes; manual forbidden
RS1-Q17	Does any existing collection/table/schema reuse for the workbench?	Reuse-first	collections handbook §16/§19	safe disposable store exists?	ANSWERED	High	4	none safe
RS1-Q18	Is there an isolated DOT-executor role?	Least privilege	live pg_roles + privs	scoped executor exists	ANSWERED	Gating (BLOCKER)	4	none; GAP 4
RS1-Q19	Does the generic directus role hold schema-create?	Manual-path hardening	live has_schema_privilege	directus create = false desired	ANSWERED	High	4	true — GAP 2
RS1-Q20	Are runtime execute gates closed?	Inert default	live v_rp_authority_execution_preflight	all gates false	ANSWERED	Gating (safe)	4	all closed
RS1-Q21	Any persisted bypass GUC?	Persisted-layer trust	live pg_db_role_setting	empty	ANSWERED	Medium	4	empty — no persisted bypass
RS1-Q22	Can transient GUC bypass be ruled out?	Transient-layer trust	dot_config gateway marker	server-enforced not session-GUC	OPEN	High	1	unobservable read-only; cannot prove absence
RS1-Q23	Is there a registration transaction/rollback proof?	Atomic registration	contract §7; Đ4 note HOLD-2; promote-checker	txn+rollback+postcondition	OPEN	Gating	1	none; HOLD-2 analog
RS1-Q24	Is the live executor/script identity proven (not just mirror)?	Executor trust	Codex F5/§5.3; (no live bin read)	live VPS script identity/hash	OPEN	High	1	mirror/origin only
RS1-Q25	Is DOT_GOVERNANCE_DOT_ADMISSION necessary now?	Avoid mini-island	admission §12; Codex §7	reuse exhausted + necessity proof	ANSWERED (defer)	Gating	3	DEFER — necessity unproven
RS1-Q26	Is "admission" being read as "registration"?	Anti-overclaim	admission §0/§7/§8	admission ≠ registration	ANSWERED	Gating	4	explicit in record
RS1-Q27	Is the Macro-AB body available as evidence?	Source honesty	KB search	found + read	ANSWERED (no)	Medium	4	SOURCE_NOT_READ (matches Codex); 23-case claim not used
RS1-Q28	Is one consolidated Owner decision (post-Codex) the gate, not micro-approval?	Decision hygiene	Codex §8 exit rule	single consolidated decision	ANSWERED	Gating	4	yes, after Codex

8. REUSE-FIRST MATRIX

Capability Needed	Existing primitive	Reuse possible?	Evidence	Gap if any	Minimal next action	Do not build
1. DOT package admission	KB admission record (rev9) + anti-orphan rule	YES (KB layer)	admission §3/§4/§8/§10	None for KB; admission ≠ runtime	Keep using admission gate	New admission engine
2. DOT runtime registration	dot_tools + APR/Đ32 + RP-03 staged path	UNPROVEN	contract §7; RP-03; live 0/309	No proven authorized path	RS2 reconstruct + proof obligations	Hand dot_tools INSERT
3. Owner authorization resolution	Đ32 quorum + governance_object_ownership	NO (unpopulated)	live 0 rows	No owner; no resolver	Owner grant via Đ32	Self-assign owner
4. Quorum verification	fn_apr_quorum_check (live, intact)	YES (with caveat)	live fn src	null-mapping pass-through	RS2 close pass-through	Patch by hand
5. Production-untouched snapshot	Guard 3 verdict logic	PARTIAL (verdict only)	guards contract; N07	No trusted observer	RS2 define snapshot provider criteria	Trust caller snapshots
6. Write allowlist guard	Guard 1 / _validate_target (rev2)	YES (design)	validator.py; matrix B01–B19	N12 substring	RS-Validator fix N12	New allowlist engine
7. Audit proof	Guard 2 audit_proof	YES (design)	guards contract §Guard2	Durable sink not wired	Wire sink at registration	New audit platform
8. Delete-fast verifier	Guard 4 delete_fast_guard	YES (design)	guards contract §Guard4	Not runtime	Keep design; runtime later	New teardown engine
9. Runtime gate open/close	dot_config + process_dot_runtime.*	YES (exists, shut)	live gates	Flip = governed write	Owner-gated flip post-registration	Hand-flip
10. Registration rollback	(none) + promote-checker/atomic-promote pattern	NO	Đ4 note HOLD-2; promote-checker	No registration txn	RS2 define txn+rollback	"manual rollback"
11. Executor identity proof	local mirror + dot_origin	PARTIAL	Codex F5/§5.3	No live VPS proof	RS2 governed live read	Trust mirror as live
12. DOT/contract binding	dot_agent_api_contract (2 rows)	YES (exists, unbound)	live 2 rows	Binding = write	Governed binding later	Hand-insert binding
13. Registry changelog proof	registry_changelog (provenance)	YES (provenance only)	matrix-stamp-addendum anti-bloat	Not a stamp ledger	Use as provenance only	Make it a stamp ledger
14. QCM/gap report persistence	AgentData KB (upload_document)	YES	this report; handbook note	None	Keep KB as output channel	DB table for reports
15. Codex review packet generation	KB report → Codex (this packet)	YES	this report	None	Hand RS1 to Codex	Auto-approve packet

9. GAP REPORT BY SLICE

Severity ∈ {BLOCKER, HIGH, MEDIUM, LOW, DEFER}.

Gap ID	Gap	Severity	Blocks what	Existing evidence	Minimal closure	Deferrable?	Stop state
RS1-G01	No authorized DOT-registration path proven (dot_tools not hand-writable)	BLOCKER (single sufficient)	Registration	contract §7; live 0/309; RP-03 staged	RS2 reconstruct governed registration txn + proof	No	HOLD_REGISTRATION_PATH_UNPROVEN
RS1-G02	No Owner-of-record (governance_object_ownership=0)	BLOCKER (single sufficient)	Registration + real-run	live 0 rows; admission NOT_OWNER_AUTHORIZED	Owner grant via Đ32 (a write)	No	HOLD_OWNER_AUTHORITY_MISSING
RS1-G03	No trusted production-untouched snapshot provider (Guard 3 caller-supplied; N07)	BLOCKER (single sufficient)	Real-run safety; registration trust	guards contract; validator.py	Trusted read-only observer criteria (RS2)	No	HOLD_SNAPSHOT_SOURCE_UNTRUSTED
RS1-G04	No isolated DOT-executor role (write held by directus+workflow_admin)	BLOCKER	Safe registration/real-run	live roles+privs (GAP 4)	Minimal-priv role (a grant = runtime write)	No (before real-run)	HOLD_MANUAL_PATH_OPEN
RS1-G05	Generic directus role holds schema-create; generic Directus create not policy-blocked	HIGH	Manual-path hardening (GAP 2/3)	live has_schema_privilege=true; Directus 11.5	Revoke + policy-block (runtime write)	No (before real-run)	HOLD_MANUAL_PATH_OPEN
RS1-G06	Validator N07 (fabricated owner ref + self-asserted snapshot)	HIGH	Registration authority	validator.py; Codex §4	External resolver+observer bind values	No	HOLD_VALIDATOR_HARDENING_OPEN
RS1-G07	Validator N12 (run_id substring, not exact target identity)	HIGH	Target identity correctness	validator _validate_target	Exact r2_b2_wb_<run_id> + negative tests	No	HOLD_VALIDATOR_HARDENING_OPEN
RS1-G08	Validator N16 (no PG 63-byte identifier length check)	MEDIUM	Create/drop correctness	validator.py	Length check + collision/truncation tests	No	HOLD_VALIDATOR_HARDENING_OPEN
RS1-G09	Validator N22 (non-mapping request raises instead of rejecting)	MEDIUM	Fail-closed API contract	validator validate_request	isinstance guard + deterministic codes + tests	No	HOLD_VALIDATOR_HARDENING_OPEN
RS1-G10	RISK-BYPASS CONFLICT (live containment 2026-06-06 vs stale notes/Codex)	HIGH	Approval-gate trust	live fn_auto_approve_add; Đ32/Đ35 notes; Codex	RS2 reconcile + Codex re-read live; close residue	No	HOLD_RISK_BYPASS (contested)
RS1-G11	160 historical non-quorum applied rows remain	MEDIUM	Audit-trail integrity	live approval_requests group	Governed inventory + remediation	Partially	—
RS1-G12	action column DEFAULT still 'add' (default-trap surface)	MEDIUM	Approval routing safety	live information_schema	H-OPT-2 (default→review) via governed change	Partially	—
RS1-G13	fn_apr_quorum_check null-mapping pass-through	MEDIUM	Quorum completeness	live fn src	Reject/escalate NULL proposed_action_code/risk	Partially	—
RS1-G14	No registration transaction/rollback proof (HOLD-2 analog)	HIGH	Atomic registration	Đ4 note; promote-checker	RS2 define txn boundary + rollback + postcondition	No	HOLD_REGISTRATION_PATH_UNPROVEN
RS1-G15	Live executor/script identity not proven (mirror only)	MEDIUM	Executor trust	Codex F5/§5.3	Governed live VPS identity/hash read	Yes (until real-run)	—
RS1-G16	Transient GUC bypass cannot be ruled out	MEDIUM	Write-gate trust	dot_config app.canonical_writer marker	Server-enforced gating design or proof	Yes (record limitation)	HOLD_TRANSIENT_GUC_UNPROVEN
RS1-G17	Đ35 production-readiness FAIL not re-verified	MEDIUM	Governance-lane trust	Đ35 note	Re-observe 14 health checks	Yes	—
RS1-G18	Reuse of existing registration primitives not proven	HIGH	Reuse-first gate	this §8	RS2 proof existing primitives suffice	No	HOLD_REUSE_NOT_PROVEN
RS1-G19	governance_dot_admission necessity unproven	DEFER	Avoid mini-governance island	admission §12; Codex §7	Prove necessity after reuse exhausted	Yes	—

10. DESIGN-ENTRY CRITERIA (criteria only — NOT design)

Future macro	May start when	Must still not do	Requires Codex review?	Requires Owner confirmation?
RS2 — Registration-Path Authority-Trust Reconciliation & Proof-Obligation Design (read-only + KB-design)	After Codex accepts RS1	No registration/wiring/run; no DDL/DML; no validator code change; no new registry	YES (output is a packet)	NO to start (read-only/design); Owner confirm only to act on it
RS3 — Trusted Snapshot Source + Owner-Reference Resolver Design (criteria)	After RS2 reconstructs the path	No live snapshot collection wiring; no resolver implementation	YES	NO to start
RS-Validator — N07/N12/N16/N22 KB/code-only validator patch (like Macro-9B2)	After RS2 fixes target-identity criteria	No wiring to a mutating runner; no registration	YES (re-review)	NO to start
RS4 — Manual-Path Hardening Design (GAP 2/3/4 criteria)	After RS2	No GRANT/REVOKE/role/policy change (that is a runtime write = Owner)	YES	YES to enact (runtime write)
RS5 — Registration Transaction / Rollback Design (criteria)	After RS2	No transaction executed; no dot_tools write	YES	NO to start; YES to enact
REGISTRATION PACKAGE — register DOT_R2_B2_STAGING_SCHEMA_SHELL	After RS2–RS5 + Codex + ALL single-sufficient blockers closed	Nothing beyond one governed registration; no real-run	YES	YES (one consolidated Owner decision)
Macro-9A — run-scoped staging schema shell (CREATE SCHEMA r2_b2_wb_*)	After registration + GAP 2/3/4 closed + gate opened + SB-4 proof	No production touch; delete-fast proven first	YES	YES (explicit real-run authorization)
B2 producer TD	After Macro-9A proven disposable/no-touch	Out of registration slice; no mega-pipeline	YES	YES

11. DECISION ON DOT_GOVERNANCE_DOT_ADMISSION

DEFER — DO NOT AUTHOR OR REGISTER NOW. Matches Codex §7 and admission §12 (governance_dot_admission is candidate-on-paper). Necessity is not proven: reuse-first over existing registration primitives (dot_tools + APR/Đ32 + law_dot_enforcement + dot_config + KB admission) is not yet exhausted (RS1-G18). Authoring it now risks a new mini-governance island that would own admission + approval + registration + evidence + execution at once — exactly the "mega-registry/mega-graph/mega-birth-pipeline" the program forbids and the anti-bloat rule (matrix-stamp-addendum) rejects.

It becomes admissible to propose only if RS2 proves no existing governed primitive can supply a trusted DOT-registration, and only within the narrow boundary Codex §7 fixed: consume already-authoritative approval/owner/admission evidence; perform exactly one bounded DOT-registration responsibility through existing registries; expose a paired read-only verifier; create no new authority store/approval model/birth system/graph/scheduler/generic registry; carry exact rollback + postcondition evidence. These are review constraints, not a design or an authorization. Create only through a future authorized DOT after a DOT-registration path and Owner authorization exist; never by hand, psql, manual SQL, or Directus generic create.

12. SINGLE NEXT MACRO RECOMMENDATION

RS2 — Registration-Path Authority-Trust Reconciliation & Proof-Obligation Design (read-only survey + KB design-entry/acceptance-criteria only; 60–90 min; one coherent macro, not five small tasks; not a mega-system).

Rationale: RS1 shows the load-bearing unknown is the authorized DOT-registration transaction and the trust of the Đ32/Đ35 gate it flows through — and that the governing authority (Codex + the 2026-06-17 notes) is reasoning on stale evidence about the bypass. RS2 must, in one pass:

1. Reconcile the RISK-BYPASS CONFLICT from live source (the 2026-06-06 fn_auto_approve_add containment vs the notes/Codex), and specify closure criteria for the residue: the 160 historical non-quorum rows, action default 'add', the fn_apr_quorum_check null-mapping pass-through, and a Đ35 production-readiness re-verification.
2. Reconstruct the authorized DOT-registration transaction (how dot_tools + law_dot_enforcement + dot_config + optional dot_agent_api_contract rows are lawfully created via an APR/governed path — RP-03 "staged/creds-gated") and write its proof obligations + rollback boundary (acceptance criteria, not an implementation).
3. Express owner-reference-resolver + trusted-snapshot-provider acceptance criteria (closing N07-class authority/provenance), and record the isolated-executor-role + generic-create-block + transient-GUC concerns as registration preconditions.

RS2 produces one consolidated packet for Codex; it performs no registration, no DDL/DML, no validator code change (that is the separate sibling RS-Validator), no new registry, and no runtime mutation. The validator N07/N12/N16/N22 KB/code-only patch (RS-Validator) and the snapshot/resolver design (RS3) are deliberately sequenced after RS2 so the registration-path shape is fixed before hardening its parts — avoiding both fragmentation and a mega-macro.

13. MUST-NOT-DO CONFIRMATION

This macro did none of the forbidden actions: no register/wire/run of DOT_R2_B2_STAGING_SCHEMA_SHELL; no r2_b2_wb_* schema; no Macro-9A/9C; no B2 producer build; no authoring/registering DOT_GOVERNANCE_DOT_ADMISSION; no new registry/table/collection; no collection_operator_catalog/dot_operator_catalog; no DB patch; no DDL/DML; no manual SQL; no psql; no docker exec psql; no Directus generic create/update/delete; no fn_auto_approve_add patch; no dot_config gate flip; no APR created/approved; no dot_tools/law_dot_enforcement/governance_object_ownership write; no Owner self-assignment/authority claim; KB admission not treated as runtime registration; local mirror not treated as live VPS proof; equal caller-supplied snapshots not treated as trusted proof; no claim of transient-GUC absence; /laws/ not used to override laws-new/newlaws; no mega-registry/graph/birth-pipeline; no full-system backfill; no full-system detailed design; survey stayed within the registration-substrate slice.

14. STOP STATE

RS1_HOLD_REGISTRATION_PATH_UNPROVEN (primary). Contributing held properties: HOLD_OWNER_AUTHORITY_MISSING, HOLD_SNAPSHOT_SOURCE_UNTRUSTED, HOLD_MANUAL_PATH_OPEN, HOLD_VALIDATOR_HARDENING_OPEN, HOLD_REUSE_NOT_PROVEN, HOLD_TRANSIENT_GUC_UNPROVEN, and HOLD_RISK_BYPASS (contested/partially-contained — CONFLICT). No REJECT_FAIL_OPEN (no fail-open found in the enumerated validator evidence; the open N-findings are registration-readiness risks, not an accepted bad input). Official Codex report WAS read (no SOURCE_NOT_READ_BLOCKER); only "Macro-AB" is SOURCE_NOT_READ and is not used as evidence.

Exit rule honored: RS1 concludes only that design entry to RS2 is ready and registration is still held. It does not conclude that registration or runtime is authorized. Codex reviews this RS1 packet first; one consolidated Owner decision is requested only afterward (no micro-approval chain).

15. SELF-CHECK

1. Official Codex report read from KB? YES (rev1, full).
2. laws-new/newlaws context read? YES (LAW_READING_INDEX rev2; Đ4/32/35/39 notes rev1; required-stamps/promote-checker/de-bai/addendum/quick-rules).
3. Used /laws/ to override working context? NO — two-corpus rule respected (/laws/ cited only as provenance).
4. Distinguished draft / enacted / compatibility / report / runtime evidence? YES (source-tier column).
5. Distinguished engineering PASS vs authority PASS? YES (throughout; status line).
6. DOT-only boundary kept? YES.
7. Proposed manual SQL / psql / Directus generic? NO.
8. Opened registration / schema / Macro-9A? NO.
9. Created mega-registry/graph/birth-pipeline? NO.
10. Surveyed beyond the slice? NO (registration substrate only).
11. Source Register present? YES (§4).
12. Trust Property Matrix present? YES (§6, 25 properties).
13. QCM present? YES (§7, 28 questions).
14. Reuse-first Matrix present? YES (§8, 15 capabilities).
15. Gap Report present? YES (§9, 19 gaps).
16. Design-entry Criteria present? YES (§10, 8 future macros).
17. Single Next Macro recommendation present? YES (§12, RS2).
18. Codex review condition stated? YES (Codex reviews RS1 before any RS2 action / Owner decision).
19. Owner confirmation condition stated? YES (one consolidated decision after Codex; no micro-approval).
20. Stop state clear? YES (§14, RS1_HOLD_REGISTRATION_PATH_UNPROVEN).
21. Validator re-run? NO — NOT_RERUN (verified by source inspection + captured dot-r2-b2-validator-test-run-v2.txt).
22. Macro-AB used as evidence? NO — SOURCE_NOT_READ; "23 extra cases" not used.
23. Runtime mutation? NONE (read-only query_pg/list_docker only).

End of Macro-RS1 decision packet. Read-only · non-enacting · non-authorizing. Engineering/survey PASS ≠ Owner authority PASS. KB admission ≠ runtime registration. Default = HOLD. Next: Codex reviews this packet → one consolidated Owner decision → RS2 (read-only/KB-design).