Macro-RS3-BUNDLE — Owner Resolver + Trusted Snapshot + Validator Envelope + Residue Disposition Criteria — 2026-06-20

STATUS: PASS_WITH_CAVEATS VERDICT: RS3_BUNDLE_READY_FOR_CODEX_REVIEW Registration gate: REGISTRATION_HOLD · REGISTRATION_CAN_PROCEED = NO Runtime observation: RS3_LIVE_READ (Claude read-only, DB directus, 2026-06-20) · 0 substrate mutations · NO_CODEX_LIVE_READ retained as a separate caveat Class: read-only / KB-design / acceptance-criteria macro · non-enacting · non-authorizing · no implementation · no runtime mutation Deliverable: this report only (new file; does NOT overwrite RS2-PATCH1, RS2, RS1, or any Codex review) Builds on: Codex ACCEPT_RS2_PATCH1_AND_PROCEED_TO_NEXT_MACRO / READY_FOR_RS3_BUNDLE (2026-06-20) Date: 2026-06-20

1. STATUS

PASS_WITH_CAVEATS. The four LEGO blocks of RS3-BUNDLE — Owner Resolver criteria, Trusted Snapshot Provider criteria, Validator Closure Envelope criteria (N07/N12/N16/N22), and Residue Disposition criteria — are each defined to acceptance-criteria depth with fresh primary runtime evidence and no fail-open. The macro is engineering-complete for Codex review.

It is not an authority pass and it does not authorize registration. All five Codex RS2-PATCH1 caveats are carried forward unchanged, plus four RS3-specific caveats (S142B primary source unread; owner-of-record absent and its write-path unimplemented; gates not re-read this cycle; two listed sources not load-bearing and not read this cycle). Engineering PASS ≠ Authority PASS; KB admission ≠ runtime registration.

2. VERDICT

RS3_BUNDLE_READY_FOR_CODEX_REVIEW.

Justification against the allowed-verdict set:

Not HOLD_OWNER_SOURCE_NOT_READ: the Owner trusted source (governance_object_ownership) was read live — its full 20-column schema is present; it simply holds 0 rows, which is a design input (resolver fail-closed), not a missing source.
Not HOLD_SNAPSHOT_SOURCE_NOT_READ: the snapshot trust surface (Guard 3 production_untouched_verify, its 11 required surfaces, and live observer primitives wf_fs_dot_bin_snapshot etc.) were all read.
Not HOLD_VALIDATOR_SCOPE_UNCLEAR: N07/N12/N16/N22 have exact verbatim definitions from the RS1 survey and the validator source; scope is precise; no validator patch is performed here.
Not HOLD_RESIDUE_SOURCE_NOT_READ: the residue populations and their governed back-audit surfaces were read live; the macro only writes criteria, which the prompt explicitly permits even while the 142 S142B primary source stays SOURCE_NOT_READ (block only if ratifying — we do not ratify).
Not SOURCE_NOT_READ_BLOCKER, REJECT_SCOPE_DRIFT, or REJECT_FAIL_OPEN: no fail-open was found; scope was held to the four interface blocks; no registrar code-level hardening, no validator patch, no mutation.

Registration is not authorized and cannot be authorized by this macro.

3. EXECUTIVE SUMMARY

RS3-BUNDLE converts the four trust interfaces that RS2/RS2-PATCH1 left as named gaps into consumable acceptance criteria + signed-envelope schemas, so that a later registrar-hardening macro (and a future validator patch) can be built block-by-block without inventing a new system.

Biggest contributions of this macro (fresh RS3_LIVE_READ, 2026-06-20, that Codex could not perform — NO_CODEX_LIVE_READ):

Owner block is reuse-ready, not greenfield. governance_object_ownership already has the exact columns an Owner Authority Envelope needs — object_type, object_ref, scope, owner_kind, owner_gov_code, effective_from, effective_to, lifecycle_status, approval_ref, audit_ref, rollback_ref, supersedes_id. The envelope maps onto existing columns; no new owner registry is justified. It holds 0 rows live, and the only action type that could create a row — assign_governance_owner — is handler_ref='unimplemented', risk_level='high' (apply RAISES via fn_apr_block_unimplemented_handler). There is no register_dot action code anywhere in the 14 apr_action_types. So the Owner resolver is designable now but fail-closed until an Owner-gated write exists — corroborating RS2 Objective-B with fresh data.
Snapshot block has a real trust-root gap and real reuse primitives. Guard 3 today is a pure verdict over caller-supplied before/after count-maps (no DB I/O, no hash, no observer) → equal fabricated maps PASS (this is N07's snapshot leg). Live, the substrate already runs independent observer snapshots — wf_fs_dot_bin_snapshot (289 rows) carries a per-file hash column + observed_at + mapped_dot_code, and a family wf_fs_script_snapshot / wf_docker_container_snapshot / wf_systemd_timer_snapshot / wf_host_crontab_snapshot / wf_kb_sop_doc_snapshot / wf_metric_snapshot plus DOT_SCHEMA_SNAPSHOT exist. The Snapshot Evidence Envelope moves the trust root from caller equality to an independent observer + content hashes + freshness/completeness/continuity.
Validator closure is exactly scoped. N07 (fabricated owner ref + self-asserted snapshot), N12 (run_id accepted as a substring not exact r2_b2_wb_<run_id>), N16 (no 63-byte identifier check), N22 (None/non-mapping request raises AttributeError not a structured reject) are pinned to the validator source (rev2). The closure keeps the validator pure (consumes signed envelopes; performs no runtime lookups) and adds an adversarial bad-input matrix extension on top of the existing 64 cases.
Residue split is live-confirmed and the 142 are demonstrably unsanctioned. Live approval_requests.reviewed_by group-by gives exactly 142 orchestrator-s142b + 18 auto-apply-function + 8 system_auto_approve (and the governed back-audit ledger v_authority_back_audit_ledger = 26 rows = 18 scanner_apply_without_vote + 8 insert_path_auto_approve; the 142 do not appear in the ledger at all). The governed views already carry the disposition vocabulary (bypass_class, disposition, effect_assessment, recommended_action, required_actor, reversibility). Disposition criteria therefore reuse these surfaces; the 142 stay SOURCE_NOT_READ/quarantined and are never merged with the 18 and never called sanctioned.

The four blocks are integrated only by a shared envelope (target, operation, artifact_hash, run_id, issuer, audience, issued_at/expires_at, nonce, evidence_hash). Each block is independently born, checked, replaced, and rolled-back/no-mutation. The single recommended next macro is RS3B-REGISTRAR-HARDENING-DESIGN, front-loaded with registrar implementation-source recovery and the deployed-artifact resolver (interface F).

4. SOURCE REGISTER

Evidence-tier legend: PRIMARY_RUNTIME_READONLY (this macro's live query_pg) · PRIMARY_CODE_OR_SCRIPT · PRIMARY_CONTRACT · PRIMARY_LAWS_NEW · PRIMARY_HANDBOOK · SECONDARY_REPORT · SOURCE_NOT_READ.

4.1 Fresh RS3 live reads (`PRIMARY_RUNTIME_READONLY`, DB `directus`, 2026-06-20, read-only role, 0 mutations)

#	Live read	Result (verbatim facts)	Used for
L1	`information_schema.columns` for 4 tables	`governance_object_ownership` = 20 cols (`object_type, object_ref, scope, owner_kind, owner_gov_code, is_inherited_anchor, effective_from, effective_to, lifecycle_status, approval_ref, audit_ref, rollback_ref, source_law_ref, source_design_ref, supersedes_id, created_by…`); `apr_action_types` 8 cols; `approval_requests` 26 cols (incl. `reviewed_by, status, action, proposed_action_code`); `apr_approvals` 7 cols (`approver, approver_type, decision, rationale`)	Block A, owner envelope mapping
L2	`count(*) governance_object_ownership`	0	Block A (fail-closed), Objective-B
L3	`SELECT * FROM apr_action_types` (14 rows)	14 action types; no `register_dot` / no `%dot%` registration code; `assign_governance_owner`=`unimplemented`/`high`/`active`; `register_axis`,`register_topic_node`,`assign_axis_owner`,`delegate_authority`,`grant_governance_exception`,`authorize_build_step`,`amend_law`,`enact_nrm`,`activate_event_type` all `unimplemented`/`high`; only implemented handlers = `add_field`(med),`create_item`(low),`update_item`(low),`patch_ops_code`(high)	Block A, Objective-B
L4	counts `approval_requests`, `apr_approvals`	230, 42	Block D denominator
L5	`dot_tools` registrar/snapshot/catalog scan (17 rows)	`DOT-REGISTER`=`bin/dot/dot-dot-register.ts`/`monitoring.dot`/`register`/active/B/paired `DOT-HEALTH-DOT`; `DOT-015`=`dot-catalog-sync`/`sync`/op NULL/paired NULL; `DOT_SCHEMA_SNAPSHOT`=`bin/dot/dot-schema-snapshot`/active; register+verify pairs `dot-apr-types-register`↔`-audit`, `DOT-TAC-COLLECTION-REGISTER`↔`-VERIFY`; `dot-collection-register`, `dot-species-register`, `dot-schema-meta-catalog-*` incl `…-add-baseline`	Blocks B/F, registrar reuse confirmation
L6	snapshot/audit table inventory (26 tables)	durable-sink candidates `event_outbox, governance_audit_log, iu_route_attempt, registry_changelog, entity_audit_queue`; observer snapshots `wf_fs_dot_bin_snapshot, wf_fs_script_snapshot, wf_docker_container_snapshot, wf_systemd_timer_snapshot, wf_host_crontab_snapshot, wf_kb_sop_doc_snapshot, wf_metric_snapshot, evolution_snapshots, qt001_plan_snapshot`; back-audit views `v_authority_back_audit_ledger, v_authority_backaudit_ratification_packet, v_authority_backaudit_reconcile_packet, v_authority_backaudit_principal_queue`	Blocks B, D, F
L7	`wf_fs_dot_bin_snapshot` shape + count	289 rows; cols incl `source_key, object_key, object_type, path_or_ref, command, hash:text, observed_at, status, mapped_process_candidate, mapped_dot_code, mapped_rp_node, raw:jsonb`	Block F (deployed-artifact hash carrier candidate), Block B observer
L8	durable-sink schemas	`event_outbox`(event_domain,event_type,delivery_lane,actor_ref,correlation_id,safe_payload,occurred_at); `governance_audit_log`(relation_id,checked_at,checked_by,result,detail); `iu_route_attempt`(route_code,idempotency_key,attempt_no,status,error_code,error_detail,payload_snapshot,started_at,finished_at); `registry_changelog`(entity_type,entity_code,action,changed_by,resolved,resolved_by)	Audit-sink caveat (C3)
L9	`pg_proc` for 8 names	present: `auto_apply_approval`(4090), `fn_apr_block_unimplemented_handler`(868), `fn_apr_quorum_check`(2472), `fn_auto_approve_add`(504), `quorum_passed(p_code text)`(1310). Absent (no backing pg function): `assign_governance_owner, register_axis, register_topic_node` → they exist only as `apr_action_types` rows with `handler_ref='unimplemented'`	Blocks A, D
L10	residue group-by `approval_requests.reviewed_by` (9 buckets, Σ=230)	`orchestrator-s142b`=142, null=29, `system_auto_expire`=19, `auto-apply-function`=18, `system_auto_approve`=8, `S178-Fix21-P3-V2`=7, `president`=5, `desktop`=1, `Claude Desktop S145`=1	Block D population map
L11	`approval_requests` status×action	applied/add=146, applied/modify=30 (applied Σ=176), pending/review=17, expired/review=14, rejected/modify=10, expired/modify=5, rejected/add=4, pending/modify=2, approved/add=1, approved/modify=1	Block D (residue 'add' default; 160=142+18 ⊂ 176 applied)
L12	back-audit view counts	ledger=26, ratification_packet=21, principal_queue=3, reconcile_packet=1	Block D governed surfaces
L13	ledger by `bypass_class`×`disposition`	`scanner_apply_without_vote`/`applied_live_effect`=18 (live_effect 18); `insert_path_auto_approve`/`remediated_inert`=4 (0), `/applied_live_effect`=3 (3), `/approved_undisposed`=1 (1). Σ=26 = 18+8; no `s142b` row present	Block D — 18/142 split live-confirmed
L14	ratification packet by class	`scanner_apply_without_vote` → `ratify_retroactive` / actor `owner + president (scanner reclassify/orphan)` / reversible (retroactive vote) = 18; `insert_path_auto_approve` → `ratify_retroactive` / actor `president (high-risk governance metadata)` / reversible = 3 (Σ=21)	Block D disposition criteria

4.2 KB design sources read this cycle

Source	Rev / length	Read status	Evidence tier	Used for
`…/specs/dot-r2-b2-staging-schema-shell.validator.py`	rev2 / 14,415	FULL_READ	`PRIMARY_CODE_OR_SCRIPT`	Block C (guards, 20 reject codes, gate, N-defects)
`…/specs/dot-schema-write-guards.contract.md`	rev2 / 11,333	FULL_READ	`PRIMARY_CONTRACT`	Block B (Guard 3 caller-supplied), Block C
`…/specs/dot-r2-b2-staging-schema-shell.contract.md`	rev2 / 12,095	FULL_READ	`PRIMARY_CONTRACT`	Block C input contract
`…/specs/dot-r2-b2-bad-input-matrix.md`	rev2 / 8,971	FULL_READ	`PRIMARY_CONTRACT`	Block C / matrix extension (64 cases)
`…/specs/dot-r2-b2-validator-test-run-v2.txt`	rev1 / 10,292	FULL_READ	`PRIMARY_CONTRACT`	Block C evidence (64/64)
`…/admission/dot-r2-b2-staging-schema-shell-birth-admission-2026-06-19.md`	rev9 / 19,500	FULL_READ	`PRIMARY_CONTRACT`	Admission identity
`…/dot-manage/dot-usage-handbook.md`	rev11 / 115,013	FULL_READ	`PRIMARY_HANDBOOK`	DOT-only context (documentary lag flagged)
`laws-new/de-bai-cai-tien.md`	DRAFT / 29,088	FULL_READ	`PRIMARY_LAWS_NEW`	LEGO/no-mega/reuse-first
`laws-new/matrix-refactor-implementation-plan.md`	DRAFT 2026-06-13 / 27,905	FULL_READ	`PRIMARY_LAWS_NEW`	Mức-3/Đ32, no-new-registry
`laws-new/matrix-refactor-quick-rules.md`	DRAFT / 6,057	FULL_READ	`PRIMARY_LAWS_NEW`	Anti-bloat rules #18–23
`laws-new/matrix-stamp-governance-addendum.md`	v0.1 / 26,474	FULL_READ	`PRIMARY_LAWS_NEW`	Reuse-existing-ledgers
`laws-new/newlaws/LAW_READING_INDEX.md`	rev2 / 28,225	FULL_READ	`PRIMARY_LAWS_NEW`	RISK-BYPASS open, PASS≠authority

4.3 Chain reports read this cycle (`SECONDARY_REPORT`)

Source	Rev / length	Read status	Used for
Codex review RS2-PATCH1 (current gate)	rev1 / 17,282	FULL_READ	Gate, 5 caveats, RS3 scope
RS2-PATCH1 report	rev4 / 55,030	FULL_READ	5-phase model, registrar reuse, interfaces A–F, 10 new proof obligations
RS2 report	rev1 / 53,927	FULL_READ	18/142 split, RISK-BYPASS sub-state, Objective-B
Codex review RS2	rev1 / 18,297	FULL_READ	R1–R5 structural rejects
RS1 survey	rev1 / 46,040	FULL_READ	N07/N12/N16/N22 verbatim definitions

4.4 Not read this cycle

Source	Status	Rationale
`bin/dot/dot-dot-register.ts` (registrar implementation)	`SOURCE_NOT_READ`	Carried Codex caveat. Out of scope for RS3-BUNDLE (registrar hardening = `RS3B`). Must be recovered before `RS3B`. read_file allowlist is `/opt/incomex/{docs,dot/specs}`, `/var/log/nginx` — `bin/dot/*.ts` may be outside it → recovery may itself need an Owner-supplied path.
S142B primary authorization source (for the 142 `orchestrator-s142b`)	`SOURCE_NOT_READ`	Not located in KB or runtime; the 142 are absent from the governed back-audit ledger (L13). The 142 are therefore not sanctioned. Criteria-only disposition does not require it; ratification would.
`collections-manage/collections-usage-handbook.md`	`NOT_READ_THIS_CYCLE`	Not load-bearing for the four interface blocks (owner/snapshot/validator/residue); collections governance is downstream.
Codex RS1/PATCH1 decision packet; RS1-PATCH1 report	`NOT_READ_THIS_CYCLE`	Cross-reference only (prompt §0.3 "if needed"); the load-bearing facts (N-findings, owner=0, registrar) were taken from the primary RS1 survey + live reads.

5. BLOCK BOUNDARY MAP

The four blocks are LEGO bricks: each is born separately, checked separately, replaced separately, and (here) mutates nothing. They couple only through the Integration Envelope (§14) — never by reading each other's internal state (de-bai §VI.3 "các ô không giao tiếp bằng đọc lén trạng thái nội bộ của nhau").

Block	Responsibility	Input	Output envelope	Mutates?	Owned future macro	Out of scope (here)
A. Owner Resolver	Resolve a durable Owner grant into a bound, signed authority assertion; reject if absent/expired/wrong-target	object_type+ref, operation=`register_dot`, scope, artifact_hash, approval_ref	Owner Authority Envelope v0.1 (§7)	No (read `governance_object_ownership`; never creates an owner row)	`RS3B` (consume), Owner-gated grant write (separate)	Creating owner rows; implementing `assign_governance_owner`; APR approval
B. Trusted Snapshot Provider	Produce a production-untouched proof rooted in an independent observer (not caller equality)	protected-surface manifest, run_id, actor, artifact_hash	Snapshot Evidence Envelope v0.1 (§9)	No (design only; observer is read-only by construction)	`RS3B` (Phase-2 verifier), snapshot-observer wiring (separate)	Wiring an observer; running snapshots; Guard 3 patch
C. Validator Closure	Define how a pure validator consumes A+B+F envelopes and closes N07/N12/N16/N22	the three envelopes + the existing request dict	Validator Closure Envelope criteria + reject codes (§10–11)	No (no validator patch in this macro)	`RS-VALIDATOR-HARDENING` (patch)	Editing `validator.py`; rerunning tests; authority PASS
D. Residue Disposition	Define disposition states + required source/authority per residue population; keep 18/142/8 separate	live populations + governed back-audit views	Residue Disposition Criteria v0.1 (§12–13)	No	`RS2B-RISK-RESIDUE-AND-Đ35-HEALTH-CLOSURE`	Ratify/relabel/delete/merge; calling 142 sanctioned

Separability proof obligations (held): born separately — each block's envelope is self-describing; checked separately — each has its own reject set; replaced separately — swapping block B's observer never touches block A; rollback/no-mutation separately — this macro performs 0 writes; any future block writes only its own governed rows with its own rollback_ref. Interface F (deployed-artifact resolver) is a shared upstream producer of artifact_hash, consumed by A, B, and C — it is itself a future block, not folded into any of the four.

6. OWNER RESOLVER CRITERIA

Goal: acceptance criteria for a read-only Owner-reference resolver that a later registration path can consume. The resolver answers "is there a durable, valid, bound Owner grant authorizing register_dot on this exact artifact?" and returns a signed envelope or a structured reject. It never creates an owner row and never mutates.

Reuse-first finding (LIVE): the trusted source governance_object_ownership already exists with the needed columns (L1). No new registry (de-bai §IV.5, quick-rules #19, #20 One-Roof). Today it holds 0 rows (L2) and the write that would create one (assign_governance_owner) is unimplemented/high (L3, L9) → the resolver is fail-closed by construction today.

#	Criterion	Requirement	Evidence source	Reject case	Output field
OR-01	Input — target object	`object_type` + `object_ref` of the DOT being registered	`governance_object_ownership.object_type/object_ref`	target not matched by any grant row	`target`
OR-02	Input — operation	MUST equal `register_dot` (the bound op)	apr_action_types has no such code yet (L3) → today every input rejects	operation ≠ `register_dot`	`operation`
OR-03	Input — scope	scope/domain/tier the grant must cover	`governance_object_ownership.scope`	grant scope does not cover request scope	`scope`
OR-04	Input — artifact hash	deployed-artifact content hash (from interface F)	`wf_fs_dot_bin_snapshot.hash` candidate (L7)	hash differs from registrar's deployed artifact	`artifact_hash`
OR-05	Trusted source	resolve ONLY from `governance_object_ownership` (durable, governed)	L1	row absent / `count=0`	`ownership_row_ref`
OR-06	Owner identity	bind `owner_kind` + `owner_gov_code`	`governance_object_ownership.owner_kind/owner_gov_code`	owner_kind not permitted for op	`owner_ref`, `owner_kind`
OR-07	Approval binding	grant's `approval_ref` must point to a quorum-approved APR	`governance_object_ownership.approval_ref` → `approval_requests.code`	approval_ref missing / not quorum-passed	`approval_ref`, `quorum_evidence_ref`
OR-08	Quorum evidence	quorum proven via `apr_approvals` + `quorum_passed()`	L9 (`quorum_passed` exists, fail-closed)	quorum not proven (NULL-map must not pass)	`quorum_evidence_ref`
OR-09	Validity window	`now ∈ [effective_from, effective_to]`	`governance_object_ownership.effective_from/to`	now < from OR now > to (expired)	`effective_from`, `expires_at`
OR-10	Lifecycle	`lifecycle_status='active'`	`governance_object_ownership.lifecycle_status`	superseded / revoked / draft	`lifecycle_status`
OR-11	Supersede chain	follow `supersedes_id` to the head; only head is valid	`governance_object_ownership.supersedes_id`	resolving a superseded row	`supersedes_id`
OR-12	Revocation	reject if a revocation reference is present	`governance_object_ownership` (revocation via lifecycle/audit_ref)	revocation_ref present	`revocation_ref`
OR-13	Replay / nonce / freshness	per-request nonce; envelope `issued_at`/`expires_at`; reject reused nonce or stale issuance	proof obligation P-REPLAY (RS2-PATCH1)	nonce reused / issuance stale	`nonce`, `issued_at`, `expires_at`
OR-14	Issuer / audience	issuer = the resolver block; audience = registrar (Phase 1) + validator (interface E)	RS2-PATCH1 interface A; Codex §10	audience mismatch	`issuer`, `audience`
OR-15	Provenance, not caller-assertion	every field provenance-bound to the grant row; reject caller-supplied-only refs	N07 owner leg (RS1 survey)	value present only because caller asserted it	`evidence_hash`
OR-16	No self-creation	resolver MUST NOT create/modify an owner row	de-bai §IV.5; Đ32 owner write is Mức-3	any write attempt = scope drift	—
OR-17	Tamper-evidence	`evidence_hash` over the canonical envelope payload	proof obligation P-DAI/P-REPLAY	hash invalid	`evidence_hash`

Answers to the prompt's 15 Owner questions: (1) input = target+operation+scope+artifact_hash; (2) output = Owner Authority Envelope or structured reject; (3) trusted source = governance_object_ownership only; (4) schema = the 20 live columns (L1); (5) grant binds to object_type+object_ref; (6) operation binds as register_dot (absent today); (7) scope/domain/tier/risk bind via scope; (8) artifact hash binds via interface F (artifact_hash); (9) APR/quorum via approval_ref+apr_approvals/quorum_passed; (10) expiry/revocation/supersede via effective_to/lifecycle/supersedes_id; (11) replay via nonce+freshness; (12) reject cases = OR-01…OR-17 reject column; (13) self-create owner row = No; (14) mutate = No; (15) returns the §7 envelope.

7. OWNER AUTHORITY ENVELOPE v0.1

owner_authority_envelope:
  envelope_version: "0.1"
  issuer:               # owner-resolver block id (read-only); NOT registrar / NOT DOT-under-test
  audience:             # {registrar_phase1, validator_interface_E}; reject on mismatch
  target:               # {object_type, object_ref}  <- governance_object_ownership.object_type/object_ref
  operation:            # MUST == "register_dot"; reject otherwise
  scope:                # <- governance_object_ownership.scope
  artifact_hash:        # deployed-artifact content hash (interface F); reject mismatch
  owner_ref:            # <- governance_object_ownership.owner_gov_code
  owner_kind:           # <- governance_object_ownership.owner_kind (president|owner|delegate|exception)
  ownership_row_ref:    # <- governance_object_ownership.id (durable grant); reject if none (live: 0 rows)
  approval_ref:         # <- governance_object_ownership.approval_ref -> approval_requests.code
  quorum_evidence_ref:  # apr_approvals proof + quorum_passed(); reject if quorum unproven
  issued_at:            # resolver issuance time
  expires_at:           # <- derived from governance_object_ownership.effective_to; reject if now > expires_at
  effective_from:       # <- governance_object_ownership.effective_from; reject if now < effective_from
  nonce:                # anti-replay; reject reused
  lifecycle_status:     # <- governance_object_ownership.lifecycle_status; MUST == "active"
  revocation_ref:       # if present -> reject
  supersedes_id:        # <- governance_object_ownership.supersedes_id (chain head only)
  evidence_hash:        # canonical hash over the payload; reject on tamper

Reject semantics (fail-closed; any one ⇒ REJECT, no envelope issued): REJECT_NO_OWNER_GRANT (ownership_row_ref absent — this is the live default: 0 rows) · REJECT_OPERATION_MISMATCH (≠ register_dot — also live default: no such action code) · REJECT_TARGET_MISMATCH · REJECT_SCOPE_UNCOVERED · REJECT_ARTIFACT_HASH_MISMATCH · REJECT_APPROVAL_UNPROVEN (quorum not passed / NULL-map must not pass) · REJECT_EXPIRED (now ∉ [effective_from, expires_at]) · REJECT_LIFECYCLE_NOT_ACTIVE (superseded/revoked/draft) · REJECT_SUPERSEDED_ROW · REJECT_REVOKED · REJECT_REPLAY_NONCE · REJECT_AUDIENCE_MISMATCH · REJECT_CALLER_SUPPLIED_ONLY (N07 owner leg) · REJECT_EVIDENCE_TAMPER.

The resolver issues an envelope iff all checks pass against a real, active, in-window, quorum-backed governance_object_ownership row bound to this exact target+operation+artifact. Today that set is empty ⇒ the resolver is provably fail-closed and registration stays blocked without any runtime flag.

8. TRUSTED SNAPSHOT PROVIDER CRITERIA

Goal: criteria for a production-untouched snapshot proof whose trust root is an independent observer, not caller-supplied equality. This closes N07's snapshot leg.

Why caller-supplied equality is insufficient (LIVE): Guard 3 production_untouched_verify is "a PURE verdict over EXPLICIT before/after evidence … NO DB I/O" and the guards contract states the evidence is "supplied by the caller/runtime (Guard 3 itself does no DB I/O) … not a runtime drift proof." It compares two caller-provided count-maps over 11 surfaces (public.object_count, iu_core.object_count, birth_registry.certified_count/max_date_certified, governance_object_ownership.count, universal_edges.count/provenance_count, dot_tools.count, directus_collections/fields/relations.count). Equal fabricated maps PASS; there is no hash and no observer. (Absent/incomplete → UNKNOWN, drift → FAIL — so it is not fail-open in the trivial sense, but provenance is unproven = N07.)

Reuse-first finding (LIVE): independent observer primitives already exist — wf_fs_dot_bin_snapshot (289 rows, per-file hash, observed_at, mapped_dot_code), siblings wf_fs_script_snapshot / wf_docker_container_snapshot / wf_systemd_timer_snapshot / wf_host_crontab_snapshot / wf_kb_sop_doc_snapshot / wf_metric_snapshot, plus DOT_SCHEMA_SNAPSHOT and evolution_snapshots. The provider should harden/reuse an observer of this family, not build a new snapshot engine.

#	Criterion	Requirement	Evidence source	Reject case	Output field
SN-01	Bounded protected-surface manifest	enumerate exactly the surfaces to prove untouched (the 11 verify-surfaces + "write-set empty" set); not a full-DB snapshot	guards contract; L6	manifest missing / unbounded	`protected_surface_manifest_ref`
SN-02	Observer identity	a named observer captures before & after	`wf_fs_*_snapshot` family (L6/L7)	no observer id	`observer_id`
SN-03	Observer trust root	observer rooted in a governed read-only identity/origin	RS2-PATCH1 interface B	trust root absent	`observer_trust_root`
SN-04	Observer distinct	observer MUST differ from caller, registrar, and DOT-under-test	N07; RS2-PATCH1 B	observer == any of the three	`observer_id`
SN-05	Content hash, not equality of asserted maps	before/after captured as content hashes by the observer	`wf_fs_dot_bin_snapshot.hash` precedent (L7)	hash absent (equality-only)	`before_hash`, `after_hash`
SN-06	Binding	hashes bound to `run_id` (exact), `actor`, capture time, `artifact_hash`, `target`	RS2-PATCH1 B; N12	any binding missing/mismatched	`run_id`,`actor`,`target`,`artifact_hash`
SN-07	Freshness window	before/after within a max age window; reject stale	proof obligation P-REPLAY	capture older than window	`freshness_window`,`captured_at_*`
SN-08	Completeness proof	every manifest surface present in both captures; else UNKNOWN (never PASS)	Guard 3 UNKNOWN semantics	any surface missing	`completeness_proof_ref`
SN-09	Same-observer continuity	the SAME observer instance captured before and after	RS2-PATCH1 B	mixed observers	`same_observer_continuity`
SN-10	Canonicalization version	declared hash algorithm + canonicalization version	Codex §10	version absent/unknown	`canonicalization_version`
SN-11	No mutation	provider is read-only by construction	de-bai §V.18	any write = scope drift	—
SN-12	Tamper-evidence	`evidence_hash` over the envelope	P-DAI	hash invalid	`evidence_hash`

Answers to the prompt's 14 Snapshot questions: (1) manifest = 11 verify-surfaces + write-set-empty set; (2) full-DB snapshot not needed — bounded manifest (SN-01); (3) before/after captured by the observer, not the caller; (4) trust root = governed read-only observer identity; (5) observer must differ from caller/registrar/DOT (SN-04); (6) hash algorithm+canonicalization declared at criteria level (SN-10); (7) run_id(exact)/actor/time/artifact_hash/target all bound (SN-06); (8) freshness window = max-age bound (SN-07); (9) completeness = all manifest surfaces present (SN-08); (10) same-observer continuity = identical observer instance (SN-09); (11) reject cases = SN-xx reject column; (12) caller-supplied equality insufficient because no provenance/observer/hash (N07); (13) mutate = No; (14) emits the §9 envelope.

9. SNAPSHOT EVIDENCE ENVELOPE v0.1

snapshot_evidence_envelope:
  envelope_version: "0.1"
  issuer:                     # trusted snapshot-provider block id
  observer_id:                # MUST differ from caller / registrar / DOT-under-test
  observer_trust_root:        # governed read-only identity/origin rooting the observer
  audience:                   # {validator_interface_E, post_commit_verifier_phase2}
  run_id:                     # exact token; matches r2_b2_wb_<run_id> (N12 exact)
  actor:                      # registration actor
  target:                     # target schema/object
  artifact_hash:              # same deployed-artifact hash as the owner envelope (interface F)
  protected_surface_manifest_ref:  # bounded surface list; NOT full DB
  before_snapshot_ref:
  before_hash:                # observer-computed content hash of before-capture
  after_snapshot_ref:
  after_hash:                 # observer-computed content hash of after-capture
  canonicalization_version:   # hash algo + canonicalization version
  captured_at_before:
  captured_at_after:
  freshness_window:           # max age; reject stale
  completeness_proof_ref:     # all manifest surfaces present in both captures
  same_observer_continuity:   # true iff same observer captured before & after
  evidence_hash:              # canonical hash over the payload

Reject semantics (fail-closed): REJECT_OBSERVER_UNTRUSTED (no trust root) · REJECT_OBSERVER_NOT_DISTINCT (observer == caller/registrar/DOT — N07 snapshot leg) · REJECT_SNAPSHOT_INCOMPLETE (→ UNKNOWN, never PASS) · REJECT_SNAPSHOT_DRIFT (any required surface before ≠ after) · REJECT_SNAPSHOT_STALE (outside freshness window) · REJECT_MIXED_OBSERVER (continuity false) · REJECT_RUNID_NOT_EXACT (N12) · REJECT_ARTIFACT_HASH_MISMATCH · REJECT_CALLER_SUPPLIED_EQUALITY (maps asserted without observer provenance/hash) · REJECT_EVIDENCE_TAMPER.

10. VALIDATOR CLOSURE ENVELOPE CRITERIA

Goal: criteria so a later RS-VALIDATOR-HARDENING macro can close N07/N12/N16/N22 — but no validator patch happens here. The validator stays pure (import re only, no DB/network/exec; this macro keeps it that way) and CONSUMES the signed Owner Authority Envelope (§7), Snapshot Evidence Envelope (§9), and the Deployed-Artifact Envelope (interface F). The validator is not the source of truth — it verifies envelopes, it does not look anything up at runtime. Validator closure = engineering closure only, never authority PASS.

Finding	Closure criterion	Required envelope / input	Negative test	Expected reject code
N07 (fabricated owner ref + self-asserted snapshot)	replace non-empty-check of `owner_authorization_ref` and caller-equality Guard 3 with: require a verified Owner Authority Envelope AND a verified Snapshot Evidence Envelope (issuer/audience/target/operation/artifact_hash/expiry/revocation/nonce/evidence_hash all valid; observer distinct; before/after hashes; completeness; freshness; continuity)	§7 + §9 envelopes	fabricated owner ref with equal caller maps; observer == caller	`UNVERIFIED_OWNER_ENVELOPE`, `OWNER_GRANT_ABSENT`, `SNAPSHOT_OBSERVER_NOT_DISTINCT`, `SNAPSHOT_HASH_MISMATCH`
N12 (`run_id` substring, not exact `r2_b2_wb_<run_id>`)	exact token-boundary identity: target schema MUST `fullmatch` `r2_b2_wb_<run_id>`; replace substring `in` test	request `target_schema`+`run_id`	`r2_b2_wb_<run_id>_x`; `x_r2_b2_wb_<run_id>`; run_id embedded mid-token	`SCHEMA_RUNID_NOT_EXACT` (distinct from existing `SCHEMA_RUNID_MISMATCH`)
N16 (no 63-byte identifier check)	validate UTF-8 byte length ≤ 63 for every emitted identifier (schema + 7 table names), not char length	emitted identifiers	63-byte boundary (accept); 64-byte (reject); multibyte ≤63 chars but >63 bytes (reject)	`IDENTIFIER_TOO_LONG`
N22 (`None`/non-mapping request → `AttributeError`)	`isinstance(req, Mapping)` guard at entry; non-mapping → deterministic structured reject, never raise	request object	`None`, `[]`, `""`, `0`, `b"..."`, nested wrong-typed field	`MALFORMED_REQUEST_NOT_MAPPING`

Additional closure criteria:

Envelope binding fields the validator must check (Codex §10): issuer, audience (must include the validator), target, operation, artifact_hash, run_id (exact), issued_at/expires_at (freshness), nonce (replay), evidence_hash (tamper). Mismatch on any ⇒ structured reject.
Determinism / canonical encoding (Codex §10): the validator must verify a deterministic canonical encoding + signature/hash binding, while performing no runtime lookups.
Anti-fail-open meta-rule: if any invalid input still yields a write-intent string or a PASS digest, classify FAIL_OPEN → the closure FAILS and the macro that discovers it must REJECT_FAIL_OPEN.
Reject codes are structured (criteria level): the new owner/snapshot codes above, plus retain the existing 20 (WRONG_DOT_CODE, UNKNOWN_MODE, MISSING_CHANNEL, FORBIDDEN_MANUAL_CHANNEL, UNKNOWN_CHANNEL, DIRECTUS_GENERIC_FORBIDDEN, MISSING_ACTOR, MISSING_RUN_ID, BAD_RUN_ID, PROD_DATA_COPY_FORBIDDEN, MISSING_OWNER_AUTH, MISSING_TARGET_SCHEMA, MALFORMED_SCHEMA_CHARS, PROTECTED_SCHEMA_TARGET, NON_ALLOWLIST_SCHEMA, SCHEMA_RUNID_MISMATCH, INVALID_GATE_TYPE, REAL_RUN_GATE_CLOSED, PROD_UNTOUCHED_FAIL, PROD_UNTOUCHED_UNKNOWN).
What the existing 64-case matrix lacks (so the extension is justified): no owner-envelope cases, no snapshot-observer-provenance cases, no exact-vs-substring run_id boundary case, no 63-byte identifier case, no top-level non-mapping request case. (N07/N12/N16/N22 strings do not appear in the Macro-9B package; they live in the RS-track only — confirmed.)

Answers to the prompt's 11 Validator questions: (1) N07 closed by Owner+Snapshot envelopes; (2) validator runtime lookup = No (pure, consumes signed envelopes); (3) envelope must carry issuer/audience/target/operation/artifact/run_id/expiry/nonce/evidence_hash; (4) N12 = exact fullmatch r2_b2_wb_<run_id>; (5) N16 = UTF-8 byte length ≤63; (6) N22 = isinstance-Mapping guard; (7) new negative tests = §11; (8) the 64-case matrix lacks the five categories above; (9) invalid-input-yet-digest/PASS = FAIL_OPEN; (10) structured reject codes as listed; (11) authority PASS = No, engineering closure only.

11. ADVERSARIAL BAD-INPUT MATRIX EXTENSION v0.1

Extends the existing 64 cases (A01–A05 valid, B01–B47 bad-input, S01–S12 real-run sim). New categories K–O. Each expects a structured reject (never a write-intent / PASS digest). Meta-assertion M-EXT: any case below that produces a write-intent or PASS digest = FAIL_OPEN.

Case	Category	Input mutation	Expected reject code
K01	Owner-envelope	fabricated/unverifiable owner envelope	`UNVERIFIED_OWNER_ENVELOPE`
K02	Owner-envelope	expired (now > expires_at)	`OWNER_ENVELOPE_EXPIRED`
K03	Owner-envelope	revoked (revocation_ref present)	`OWNER_ENVELOPE_REVOKED`
K04	Owner-envelope	wrong audience	`OWNER_ENVELOPE_AUDIENCE_MISMATCH`
K05	Owner-envelope	wrong target	`OWNER_ENVELOPE_TARGET_MISMATCH`
K06	Owner-envelope	operation ≠ register_dot	`OWNER_ENVELOPE_OPERATION_MISMATCH`
K07	Owner-envelope	replayed nonce	`OWNER_ENVELOPE_REPLAY`
K08	Owner-envelope	ownership_row_ref absent (live default, 0 rows)	`OWNER_GRANT_ABSENT`
K09	Owner-envelope	artifact_hash mismatch vs registrar artifact	`ARTIFACT_HASH_MISMATCH`
K10	Owner-envelope	approval_ref not quorum-passed	`OWNER_APPROVAL_UNPROVEN`
L01	Snapshot-envelope	caller-supplied equality only (no observer/hash)	`REJECT_CALLER_SUPPLIED_EQUALITY`
L02	Snapshot-envelope	observer == caller	`SNAPSHOT_OBSERVER_NOT_DISTINCT`
L03	Snapshot-envelope	observer == registrar	`SNAPSHOT_OBSERVER_NOT_DISTINCT`
L04	Snapshot-envelope	observer == DOT-under-test	`SNAPSHOT_OBSERVER_NOT_DISTINCT`
L05	Snapshot-envelope	mixed observer before/after	`REJECT_MIXED_OBSERVER`
L06	Snapshot-envelope	stale beyond freshness window	`SNAPSHOT_STALE`
L07	Snapshot-envelope	incomplete manifest surface	`SNAPSHOT_INCOMPLETE` (UNKNOWN, not PASS)
L08	Snapshot-envelope	before/after hash mismatch (drift)	`SNAPSHOT_DRIFT`
L09	Snapshot-envelope	missing observer_trust_root	`SNAPSHOT_OBSERVER_UNTRUSTED`
M01	N12 exact-identity	`r2_b2_wb_<run_id>_extra` (trailing token)	`SCHEMA_RUNID_NOT_EXACT`
M02	N12 exact-identity	`x_r2_b2_wb_<run_id>` (leading token)	`SCHEMA_RUNID_NOT_EXACT`
M03	N12 exact-identity	run_id embedded mid-identifier	`SCHEMA_RUNID_NOT_EXACT`
N01	N16 length	identifier exactly 63 bytes	accept (boundary)
N02	N16 length	identifier 64 bytes	`IDENTIFIER_TOO_LONG`
N03	N16 length	multibyte ≤63 chars but >63 bytes	`IDENTIFIER_TOO_LONG`
O01	N22 type	request `None`	`MALFORMED_REQUEST_NOT_MAPPING`
O02	N22 type	request `[]` (list)	`MALFORMED_REQUEST_NOT_MAPPING`
O03	N22 type	request `""` (str)	`MALFORMED_REQUEST_NOT_MAPPING`
O04	N22 type	request `0` (int)	`MALFORMED_REQUEST_NOT_MAPPING`
O05	N22 type	request `b"..."` (bytes)	`MALFORMED_REQUEST_NOT_MAPPING`
O06	N22 type	mapping but nested wrong-typed field	structured field reject (no raise)
O07	N22 type	oversized field (DoS-shaped)	structured reject (no raise)

These are criteria for the future test matrix; they are not executed here (no validator patch, no test run in this macro).

12. RESIDUE DISPOSITION CRITERIA

Goal: criteria for disposing of the back-audit residue without ratifying, relabeling, deleting, or merging anything. The three populations stay separate; the 142 stay unsanctioned until their primary source is read.

Reuse-first finding (LIVE): the governed disposition substrate already exists — v_authority_back_audit_ledger (26), v_authority_backaudit_ratification_packet (21), v_authority_backaudit_reconcile_packet (1), v_authority_backaudit_principal_queue (3) — carrying bypass_class, disposition, effect_assessment, recommended_action, required_actor, reversibility. No new disposition table (quick-rules #19/#20). Disposition criteria CONSUME these views; they do not create a parallel ledger.

Population	Current status (LIVE)	Required source	Required authority	Allowed disposition states	Forbidden shortcut	Future macro
18 `auto-apply-function`	bypass_class `scanner_apply_without_vote`; all 18 `applied_live_effect`; packet recommends `ratify_retroactive`, actor `owner + president`, reversible (retroactive vote)	doc02 reclassify/orphan evidence (17 reclassify + 1 birth_orphan) — already characterized; read before ratify	Owner + President	`RATIFY_WITH_OWNER`, `QUARANTINE_PENDING_OWNER`	no bulk delete; no auto-ratify without Owner+President; no relabel	`RS2B-RISK-RESIDUE-AND-Đ35-HEALTH-CLOSURE`
8 `system_auto_approve`	bypass_class `insert_path_auto_approve`; 4 `remediated_inert` (0 live-effect), 3 `applied_live_effect` (packet `ratify_retroactive`, actor President), 1 `approved_undisposed`	P0/P1 containment records 2026-06-06 (`fn_auto_approve_add` RETURN NEW; `auto_apply_approval`→`quorum_passed`) — read before ratify	President (3 ratify); none (4 already inert)	`MARK_INERT` (the 4), `RATIFY_WITH_OWNER`/`RECONCILE` (the 3), `QUARANTINE_PENDING_OWNER` (the 1)	no merge with the 18; no relabel; no delete	`RS2B-…`
142 `orchestrator-s142b`	NOT in the back-audit ledger (0 of 26); bypass-lineage not established; primary authorization source `SOURCE_NOT_READ`	S142B primary authorization source — NOT FOUND. Must be located + read	Owner (after source recovery)	`SOURCE_NOT_READ`, `QUARANTINE_PENDING_OWNER`	no sanctioned claim; no merge with the 18; no ratify until source read; no relabel; no delete	`RS2B-…` (source hunt first)

Cross-cutting criteria:

No bulk delete of any population (de-bai §V.4 — unstamped objects are listed/quarantined, never auto-removed).
No relabel without authority — reviewed_by/bypass_class values are evidence, not editable cosmetics.
No merge of 18 and 142 — different lineage (scanner_apply_without_vote vs not-in-ledger), different sanctioning state.
142 never "sanctioned" while S142B primary source is unread.
Đ35 14-health re-verify is required before any ratify-leg can claim production-readiness (LAW_READING_INDEX §4.1 #10: live Đ35 reads "PRODUCTION READINESS FAIL"). RS3-BUNDLE records this as a required precondition; the read-only 14-health re-verify is assigned to RS2B-…, not executed here (this macro touched no Đ35 substrate).
Disposition state vocabulary maps to live columns: RATIFY_WITH_OWNER ≈ ledger applied_live_effect + packet ratify_retroactive; MARK_INERT ≈ ledger remediated_inert; QUARANTINE_PENDING_OWNER ≈ ledger approved_undisposed; RECONCILE ≈ reconcile_packet (1 row); SOURCE_NOT_READ / NO_ACTION_WITH_REASON = RS3 additions for the 142 and for any out-of-scope bucket.

13. RESIDUE POPULATION MAP

Live denominator: approval_requests = 230 rows; applied = 176 (146 add + 30 modify); the "160 unvoted applies" headline = 142 + 18 (a subset of applied). Full reviewed_by distribution (Σ = 230):

`reviewed_by` bucket	n	In RS3 scope?	Lineage / note
`orchestrator-s142b`	142	Yes (D)	NOT in back-audit ledger; primary source `SOURCE_NOT_READ`; unsanctioned
`null`	29	No	unreviewed/other; out of the three target populations
`system_auto_expire`	19	No	auto-expiry, not an apply-bypass
`auto-apply-function`	18	Yes (D)	bypass_class `scanner_apply_without_vote`; all `applied_live_effect`; ratify_retroactive (owner+president)
`system_auto_approve`	8	Yes (D)	bypass_class `insert_path_auto_approve`; 4 inert / 3 ratify / 1 undisposed
`S178-Fix21-P3-V2`	7	No	migration-tagged; not in scope
`president`	5	No	genuine president decisions
`desktop`	1	No	manual
`Claude Desktop S145`	1	No	manual

Back-audit governed coverage (LIVE): ledger 26 = 18 (scanner_apply_without_vote) + 8 (insert_path_auto_approve); ratification packet 21 = 18 + 3; reconcile packet 1; principal queue 3. The 142 are outside every back-audit surface — the strongest fresh evidence that the 18/142 split is real and that the 142 cannot be treated as governed/ratified.

14. INTEGRATION ENVELOPE

The only coupling between the four blocks (+ interface F) is a shared envelope. No block reads another block's internal state; mismatch on any shared field ⇒ the validator (interface E) rejects (fail-closed).

Shared field	Issued by	Consumed by	Reject on mismatch
`target`	A (owner) + F (artifact)	B, E, registrar	target disagreement across envelopes
`operation` (`register_dot`)	A	E, registrar	operation ≠ register_dot
`artifact_hash`	F (deployed-artifact resolver)	A, B, E, registrar	any hash disagreement
`run_id`	registration request	B (exact), E (N12), registrar	substring/inequality
`issuer`	each block	E	unknown issuer
`audience`	A, B	E	validator/verifier not in audience
`issued_at` / `expires_at`	A, B	E	stale / expired
`nonce`	A, B	E	replay
`evidence_hash`	A, B, F	E	tamper
`source_refs`	A (`ownership_row_ref`,`approval_ref`), B (`observer_id`,snapshot refs), F (snapshot/baseline ref)	E, post-commit verifier	provenance missing
`decision_ref`	E (validator verdict); later registrar txn ref	Phase-2 verifier, audit	verdict/txn ref missing

Interface F (deployed-artifact resolver) is the shared upstream producer of artifact_hash. Live candidate carrier: wf_fs_dot_bin_snapshot.hash (per-file hash + mapped_dot_code, 289 rows) and/or a governed extra_metadata carrier — dot_tools has no hash column (confirmed), so F must bind KB-admission → deployed path + content hash + origin with drift detection. F is designed in RS3B, not here; RS3-BUNDLE only fixes the field name and consumers.

15. RS3-BUNDLE GAP REPORT

#	Gap	Severity	Single-sufficient blocker?	Disposition
G-01	Owner-of-record absent — `governance_object_ownership` = 0 rows	BLOCKER	Yes	Owner resolver fail-closed; grant is an Owner-gated Đ32 write, not designable here
G-02	No `register_dot` action type; `assign_governance_owner` unimplemented/high	BLOCKER	Yes	corroborates RS2 Objective-B; needs a governed implemented action type (future, Owner-gated)
G-03	Snapshot trust root missing — Guard 3 = caller-supplied equality (N07 snapshot leg)	BLOCKER	Yes	closed by §9 envelope + observer reuse; wiring is `RS3B`/observer macro
G-04	Validator N07/N12/N16/N22 open	HIGH	No (engineering)	closed-as-criteria (§10–11); patch is `RS-VALIDATOR-HARDENING`
G-05	Deployed-artifact hash carrier — `dot_tools` has no hash column	HIGH	Yes (for lawful birth)	interface F; candidate `wf_fs_dot_bin_snapshot.hash` / governed `extra_metadata`
G-06	Registrar implementation source unread (`dot-dot-register.ts`)	HIGH	Yes (for registrar hardening)	carried Codex caveat; recover first in `RS3B`; read_file allowlist risk
G-07	Durable failure-audit sink not proven	MEDIUM	No	carried Codex caveat; 4 candidate sinks characterized (L8), none proven generic registration-attempt sink; selection deferred to `RS3B` Phase-4
G-08	Pair cardinality not proven exactly 5 rows	MEDIUM	No	carried Codex caveat; adopt contract-derived persisted representation, not fixed-5
G-09	S142B primary authorization source unread; 142 unsanctioned	MEDIUM	No (criteria-only)	`SOURCE_NOT_READ`; recover in `RS2B` before any ratify
G-10	Đ35 production-readiness FAIL / RISK-BYPASS residue open	MEDIUM	No	14-health re-verify required before ratify-leg; assigned to `RS2B`
G-11	No Codex live read	INFO	No	this macro's live reads are Claude `PRIMARY_RUNTIME_READONLY`; Codex must independently verify

16. NEXT MACRO RECOMMENDATION

Single next macro: RS3B-REGISTRAR-HARDENING-DESIGN (read-only / KB-design; large; one LEGO block = the registrar).

Why this one (and only this one):

Codex explicitly sequenced it: "No registrar hardening is included; that follows as RS3B-REGISTRAR-HARDENING-DESIGN after the interfaces are accepted." RS3-BUNDLE just defined those interfaces (§6–§14).
It is the next design step on the registration path and consumes all four RS3 envelopes + interface F.
It keeps the LEGO boundary: it hardens the existing dot-dot-register (REUSE_REGISTRAR_HARDENABLE_BUT_NOT_READY) into a single-artifact governed registrar — it does not build a new registry and does not author DOT_GOVERNANCE_DOT_ADMISSION (DEFER stands).

Mandatory front-loading (its first sub-blocks, in order):

Registrar implementation-source recovery — read dot-dot-register.ts (G-06). If the read_file allowlist does not expose bin/dot/*.ts, RS3B degrades to HOLD_REGISTRAR_SOURCE_NOT_READ and stops (MUST-NOT-DO #29: no detailed code-level hardening without the source).
Deployed-artifact resolver (interface F) — bind KB-admission → deployed path + content hash + origin + drift; assess wf_fs_dot_bin_snapshot.hash and a governed extra_metadata carrier (G-05).
Idempotency / concurrency / closed-at-registration / durable failure-audit sink selection — compare the 4 candidate sinks (L8) on schema/writer-authority/retention/replay-idempotency/failure-behavior (G-07); confirm uniqueness constraints; pair cardinality as contract-derived persisted representation, not fixed-5 (G-08).

Not bundled, and why: RS-VALIDATOR-HARDENING (the actual validator.py patch for N07/N12/N16/N22) and RS2B-RISK-RESIDUE-AND-Đ35-HEALTH-CLOSURE (S142B source hunt + residue disposition + Đ35 14-health re-verify) are sequenced siblings after RS3B, not merged into it — merging would create a multi-purpose mega-step and violate "sinh riêng, kiểm riêng, thay riêng" (de-bai §VI). The deciding upstream blocker remains Owner-of-record (G-01/G-02), whose realization is Owner-gated and cannot be designed away by any read-only macro.

17. MUST-NOT-DO CONFIRMATION

All 30 prohibitions held:

No runtime mutation ✓ (0 writes) · 2. No DDL/DML ✓ · 3. No manual SQL beyond read-only SELECT ✓ · 4. No psql ✓ · 5. No docker exec psql ✓ · 6. No Directus generic create/update/delete ✓ · 7. No register/wire/run DOT ✓ · 8. No schema creation ✓ · 9. Macro-9A not opened ✓ · 10. Macro-9C not opened ✓ · 11. No B2 producer built ✓ · 12. DOT_GOVERNANCE_DOT_ADMISSION not authored/designed (DEFER stands) ✓ · 13. No new registry/table/collection ✓ · 14. Validator not patched ✓ · 15. Đ32/Đ35 not patched ✓ · 16. No gate flipped ✓ · 17. No APR created ✓ · 18. No APR approved ✓ · 19. No Owner authority claimed ✓ · 20. /laws/ not used to override laws-new/newlaws ✓ · 21. Not turned into implementation ✓ · 22. No whole-system survey (scoped to the 4 blocks) ✓ · 23. RISK-BYPASS not cleared ✓ · 24. 142 S142b not called sanctioned (primary source unread) ✓ · 25. 142 not merged with 18 ✓ · 26. Packet/live containment not treated as authority PASS ✓ · 27. KB admission not treated as runtime registration ✓ · 28. Activation not opened with registration ✓ · 29. No detailed registrar code-level hardening (source unread) ✓ · 30. Validator not patched in this macro ✓.

18. STOP STATE

READY_FOR_CODEX_REVIEW.

All four blocks reached acceptance-criteria depth with fresh primary live evidence; no fail-open found.
Registration remains REGISTRATION_HOLD / REGISTRATION_CAN_PROCEED = NO (this macro neither requested nor performed any write; gates not re-read this cycle — RS2-PATCH1 same-day confirmation stands as packet evidence).
Carried caveats (unchanged): registrar implementation source unread; cardinality not proven exactly 5 (→ contract-derived representation); audit surfaces are candidate sinks, not proven durable; NO_CODEX_LIVE_READ; registration HOLD. Plus RS3 caveats: S142B SOURCE_NOT_READ/142 unsanctioned; owner-of-record absent + write-path unimplemented (resolver fail-closed); Đ35 production-readiness FAIL not re-verified this cycle; collections-usage-handbook and the RS1/PATCH1 packets not read this cycle (not load-bearing).
Single next macro: RS3B-REGISTRAR-HARDENING-DESIGN (front-loaded with registrar-source recovery + interface F).

Sequence to registration (unchanged shape, each gated): Codex reviews RS3-BUNDLE → RS3B-REGISTRAR-HARDENING-DESIGN → (RS-VALIDATOR-HARDENING ‖ RS2B-RISK-RESIDUE-AND-Đ35-HEALTH-CLOSURE) → Owner decision on owner-of-record + governed register_dot action type → registration (Phase 0→1, gate stays shut) → separate Owner-gated activation (Phase 3). Default HOLD throughout.

19. SELF-CHECK

Read Codex RS2-PATCH1 acceptance? Yes — STATUS/VERDICT/next-macro/gate + 5 caveats verbatim (§4.3, §1).
Read RS2-PATCH1? Yes — 5-phase model, registrar reuse, interfaces A–F, 10 new proof obligations (§4.3).
Kept registrar-implementation-source caveat? Yes — G-06, §4.4, carried.
Kept pair-cardinality caveat? Yes — G-08 (contract-derived, not fixed-5).
Kept audit-sink caveat? Yes — G-07; 4 sinks characterized (L8), none proven durable.
Four blocks clearly separated? Yes — §5 boundary map; envelope-only coupling.
Owner envelope? Yes — §7 with reject semantics.
Snapshot envelope? Yes — §9 with reject semantics.
N07/N12/N16/N22 criteria? Yes — §10 (verbatim definitions + closure).
Bad-input matrix extension? Yes — §11 (K–O, 30 new cases).
Residue disposition criteria? Yes — §12 (reuse back-audit views).
18/142 split kept? Yes — §13; the 142 are outside the back-audit ledger (live).
142 kept unverified/unsanctioned? Yes — SOURCE_NOT_READ; never sanctioned.
Integration envelope? Yes — §14.
One large next macro chosen? Yes — RS3B-REGISTRAR-HARDENING-DESIGN (§16), not a task list.
No-mega-system kept? Yes — reuse existing tables/views; no new registry; LEGO boundaries.
DOT-only kept? Yes — no manual/Directus-generic writes; 0 mutations.
Any mutation? No — read-only query_pg + KB authoring of this one report only.

Did NOT: mutate runtime; run DDL/DML/manual-SQL/psql; create/approve an APR; flip a gate; register/wire/run a DOT; create a schema/registry/table/collection; patch the validator or Đ32/Đ35; author DOT_GOVERNANCE_DOT_ADMISSION; claim Owner authority; clear RISK-BYPASS; call the 142 sanctioned; merge 18 and 142; design registrar code-level hardening; overwrite RS2-PATCH1/RS2/RS1/Codex. Default HOLD. Engineering PASS ≠ Authority PASS. KB admission ≠ runtime registration.

— End Macro-RS3-BUNDLE report (2026-06-20).