Macro-RS5A-PATCH3 — Deterministic Lifecycle & Oracle Predicates (rollup) — 2026-06-21
Macro-RS5A-PATCH3 — Deterministic Lifecycle & Oracle Predicates (rollup) — 2026-06-21
Opened after: Codex NEED_RS5A_PATCH3 (HOLD · SCOPE_TAXONOMY_STILL_AMBIGUOUS · GOV_COUNCIL_PRINCIPAL_IDENTITY_INSUFFICIENT · TEST_ORACLE_COUNT_AMBIGUOUS) on RS5A-PATCH2.
Verdict: RS5A_PATCH3_READY_FOR_CODEX_REVIEW (not forced) · Gate: REGISTRATION_HOLD · REGISTRATION_CAN_PROCEED = NO · 0 mutations.
Class: scoped deterministic-lifecycle / oracle-predicate correction. Does NOT overwrite RS5A, RS5A-PATCH1, or RS5A-PATCH2. Does NOT reopen accepted owner, bootstrap, handler, identity, U3, or hard-prerequisite semantics (Codex §7 accepted points).
1. Scope
Single scoped item (Codex §8): deterministic lifecycle and oracle predicates — three corrections only: (1) separate "must exist before admission" from "persists/operates after admission," preserving the replay/audit pre-admission gate while allowing required post-admission operation; (2) define reject-code precedence / mutually-exclusive predicates and a precise half-open delegation interval; (3) make G02a/G02b/G02c mutually exclusive and distinguish the G08 fixture.
2. Closures
- Residual 1 — lifecycle availability vs persistence: PATCH2-02 §4's single column "may act/exist AFTER runtime registration? =
no" conflated first-introduced-after (forbidden for replay/audit) with persists/operates-after (required for every prerequisite). PATCH3-02 replaces it with three orthogonal axes — A first-availability gate (before admission; unchanged, gate not weakened), B post-admission persistence/operation (yes for every prerequisite — replay answers idempotent retry / prior-decision retrieval, audit retains failure records, hash/U3/status/authority/approval remain available for verification & lifecycle integrity), C business-transition timing (onlyDOT_ACTIVATION_AUTHORITY,draft → active, after inert registration, never inherited). Canonical wording: pre-runtime prerequisite surfaces must exist before admission AND remain available after admission as their contracts require; activation is the only post-registration business transition; replay/audit may never be first introduced after registration.CLOSED. ([[rs5a-patch3-02]]) - Residual 2 — quorum reject precedence & delegation interval: PATCH3-03 defines a deterministic P0→P5 ladder with mutually-exclusive predicates: P0 structural (
CANONICAL_PRINCIPAL_SURFACE_REQUIRED_NOT_PRESENT, fires today) → P1 spoof (FREE_TEXT_PRESIDENT_REJECTED,SELF_DECLARED_COUNCIL_IDENTITY_REJECTED) → P2 delegation (DELEGATION_REVOKED→DELEGATION_SCOPE_MISMATCH→DELEGATION_NOT_YET_EFFECTIVE∥DELEGATION_EXPIRED) → P3 resolution (PRESIDENT_ROLE_UNRESOLVED,COUNCIL_PRINCIPAL_UNRESOLVED) → P4 double-count (APPROVER_ALIAS_DOUBLE_COUNT→CANONICAL_PRINCIPAL_DOUBLE_COUNT) → P5 count (QUORUM_NOT_SATISFIED). Spoof beats generic-unresolved; distinct-alias double-count beats exact-identity double-count. Delegation window is the single half-open[effective_from, effective_to)(lower inclusive=valid, upper exclusive=DELEGATION_EXPIRED, before=newDELEGATION_NOT_YET_EFFECTIVE, revocation overrides interval). New code declared in PATCH3 only; no PATCH2 file edited; surfaceREQUIRED_NOT_PRESENT; fail-closed.CLOSED. ([[rs5a-patch3-03]]) - Residual 3 — replay/idempotency mutual exclusion & G08: PATCH3-04 sharpens G02a to require same nonce + same effect + same canonical authorization envelope/digest + prior durable decision, and partitions the "same nonce" space with an effect→envelope decision tree: different effect → G02b
NONCE_REUSE_DIFFERENT_EFFECT; same effect + different envelope → G02cNONCE_REUSE_AUTHORIZATION_MISMATCH; same effect + same envelope → G02aIDEMPOTENT_PRIOR_DECISION_RETRIEVAL. Different-effect and different-envelope are checked before idempotent retrieval, so the authorization-substitution case lands on G02c, never G02a. G08 kept as a distinct executable scenario, distinguished from G02a only by client-observation fixture (known-response retry vs unknown-response / lost-response recovery), same canonical outcome. Count = 84 parent IDs / 86 executable scenarios (84 − 1 + 3 = 86). SuiteDEFINED_NOT_EXECUTED.CLOSED. ([[rs5a-patch3-04]])
3. Deliverables (8 files)
reports/rs5a-patch3/: index, 01-codex-patch2-hold-closure-map, 02-lifecycle-availability-persistence-and-business-transition-separation, 03-quorum-reject-precedence-and-delegation-interval, 04-replay-idempotency-mutual-exclusion-and-g08-fixture, 05-rs5a-patch3-decision-packet, codex-review-packet-… — plus this reports/macro-rs5a-patch3-… rollup. All revision=1, readback-confirmed.
4. Carried blockers & must-not-do
G2–G7 + STATUS_DOMAIN_NOT_DB_ENFORCED + U3_PARTIAL_UNIQUE_SURFACE_ABSENT + OWNER_MINT_PATH_FAIL_CLOSED + QUORUM_EFFECT_BINDING_INSUFFICIENT + QUORUM_APPROVER_IDENTITY_UNVERIFIED + BOOTSTRAP_AUTHORITY_UNRESOLVED + CANONICAL_PRINCIPAL_SURFACE_REQUIRED_NOT_PRESENT. Only new artifact = reject code DELEGATION_NOT_YET_EFFECTIVE (oracle/interval sharpening, not a blocker). All must-not-do held; REGISTRATION_HOLD not cleared; no Owner/scope/principal-registry/APR/register_dot/approval/handler/activation created; no DDL/DML; no registrar/validator patch; no RS-VALIDATOR.
5. Next step
Codex reviews RS5A-PATCH3 only → on accept, proceed to RS5B (G2 Owner-of-record execution-design / authorization-design, non-mutating, bootstrap-solving, separately-authorized-before-write). Further residual ⇒ RS5A-PATCH4.
Builds on / corrects [[project_laws_new_macro_rs5a_patch2_semantic_closure_precision_2026_06_21]]; consumes accepted RS4A/PATCH2 effect-identity, RS5A bootstrap, handler, U1/U2/U3, and prerequisite-graph semantics (not reopened).