Macro-RS5A — G2 Owner-of-record Decision (rollup) — 2026-06-21

Opened after: Codex ACCEPT_RS4A_PATCH2 (PASS_WITH_CAVEATS), whose single authorised next step is the G2 Owner-of-record decision. Verdict: G2_OWNER_DECISION_READY_FOR_CODEX_REVIEW · Gate: REGISTRATION_HOLD · REGISTRATION_CAN_PROCEED = NO · 0 mutations. Class: read-only live reconstruction + KB design package. Decision dossier, not execution.

1. Scope

RS5A produces a G2 decision dossier: what the Owner-of-record must be, which surface it is drawn from, the conditions to become an accountable head, how register_dot authority is bound, and why the path stays fail-closed without Owner/APR/action. It does not designate an owner, create an APR, author register_dot, approve, flip a gate, patch, implement, or register.

2. Deliverables (15 files)

reports/rs5a/: rs5a-index-…, 01-codex-rs4a-acceptance-and-caveat-register, 02-current-authority-state-fresh-reconstruction (LIVE), 03-owner-of-record-concept-model, 04-object-scope-taxonomy-and-boundaries, 05-candidate-owner-decision-matrix, 06-register-dot-action-contract-v1, 07-authority-envelope-v1-for-authorization-binding, 08-quorum-and-approval-proof-obligations, 09-negative-authority-test-suite-80-cases (84 cases), 10-owner-decision-options-and-recommendation, 11-lego-boundary-and-non-mega-coupling-check, 12-g2-decision-packet, codex-review-packet-rs5a-… — plus this reports/macro-rs5a-… rollup.

3. Fresh live authority facts (DB directus, read-only, this macro)

• governance_object_ownership = 0 rows; head-uniqueness uq_gov_obj_accountable present; owner_kind∈{accountable,supporting,delegated,exception}; lifecycle_status∈{active,superseded,revoked,expired}; FK scope→governance_responsibility_scope, FK owner→governance_registry. No operation/artifact_hash/revocation_ref column.
• governance_responsibility_scope = 6 scopes {approval,audit,execution,health,policy,render} — no registration-authority scope.
• governance_registry = 9 governance objects; candidate heads GOV-DOT (monitoring.dot), GOV-SIV (monitoring.integrity), GOV-COUNCIL (council) all active; the four GOV-MO* draft.
• apr_action_types = 14, no register_dot; register_axis/register_topic_node/assign_governance_owner = high + handler_ref='unimplemented'.
• approval_requests = 230 (applied 176 / approved 2 / pending 19; 182 NULL action); CHECK action∈{add,modify,delete,review}; no effect/artifact column — binds target row ref only.
• apr_approvals: approver text, type∈{human,ai_council}, UNIQUE(apr_id,approver); votes ai_council 28 / human 14 / reject 0.
• quorum_passed(text) + fn_apr_quorum_check() bodies read: tier vote-counts, self-exclusion, reject-blocks; president via ILIKE '%president%' text match; no effect/artifact/freshness/supersession binding.
• fn_apr_block_unimplemented_handler() re-proves quorum + blocks unimplemented at →applied (fail-closed); fn_auto_approve_add() auto-approve disabled (P0 2026-06-06).
• dot_tools.owner free-text (null 212/system 93/claude_ai 4); status active 291/published 16 out-of-vocab/null 2, no CHECK.
• directus_roles 9 RBAC / directus_users 13 — none a governance head.

4. Design outputs

• Owner concept: Owner-of-record = accountable governance head bound to a scope by an active ownership row; ≠ caller/operator/Directus/free-text/requester/validator/registrar.
• 9 object scopes, 6 gate + 3 deferrable, separable LEGO, MUST_NOT_IMPLICIT_INHERIT registration→activation/admission.
• Candidate matrix: surface proven (GOV-DOT/GOV-SIV/GOV-COUNCIL acceptable-for-decision), no head bound.
• register_dot action contract v1: high risk, dot_registration domain, full binding obligations, 24 reject codes, family separation (register/activate/supersede/revision/dry_run) — register_dot must not auto-activate.
• Authority envelope v1: binds PATCH2 authorization_binding_digest; authority kept out of U1; bound_effect_identity defeats approval substitution.
• Quorum proof obligations: QUORUM_SEMANTICS_READ but necessary-not-sufficient (Q3–Q6, Q9 unmet).
• 84 negative tests (≥80), defined-not-executed, all mandatory fail-opens covered.

5. Carried blockers & must-not-do

Blockers G2–G7 + STATUS_DOMAIN_NOT_DB_ENFORCED + U3_PARTIAL_UNIQUE_SURFACE_ABSENT + new OWNER_MINT_PATH_FAIL_CLOSED, QUORUM_EFFECT_BINDING_INSUFFICIENT, QUORUM_APPROVER_IDENTITY_UNVERIFIED. All 31 must-not-do held. REGISTRATION_HOLD not cleared.

6. Next step

Codex reviews RS5A only → on accept, the Owner makes the G2 designation (recommended Option B, split by scope cluster) → per-block hardening + RS-VALIDATOR sequenced after, not bundled → residual ⇒ RS5A-PATCH1.

Builds on / consumes the accepted contract in macro-rs4a-patch2-effect-identity-head-uniqueness-suite-id-reconciliation-2026-06-21.md (does not reopen it).