Macro-RS5B — G2 Owner-of-record Execution/Authorization Design (rollup) — 2026-06-21

Opened after: Codex ACCEPT_RS5A_PATCH4 (RS5A_PATCH4_ACCEPTED), whose single next step is RS5B — G2 Owner-of-record execution-design / authorization-design, non-mutating. Verdict: RS5B_READY_FOR_GPT_REVIEW (not forced) · Gate: REGISTRATION_HOLD · REGISTRATION_CAN_PROCEED = NO · 0 runtime mutations. PASS level: design-review-ready / engineering-design only — not authority/implementation/runtime/registration PASS. Class: read-only LIVE reconstruction + KB design package. Execution-design / authorization-design, not execution.

1. Scope

RS5B answers, non-mutatingly: how can the first Owner-of-record / G2 authority path be legitimately designated for future DOT registration governance without writing now? It produces a read-only, bootstrap-aware, authorization-aware, fail-closed, LEGO-scoped design. It does not create Owner/scope/APR/register_dot/approval/handler, patch registrar/validator, open RS-VALIDATOR, implement, register, activate, or clear REGISTRATION_HOLD.

2. Method & self-proof posture (per user directive)

The controlling current-state facts were independently re-derived LIVE this macro via my own read-only query_pg (not taken from prior reports), and the design's fail-closed property was proven by my own adversarial probes rather than deferred to Codex. Read-only SELECT is non-mutating (OR v7.58 §7); KB writes are the deliverable.

3. LIVE-reconstructed facts (DB directus, read-only, this macro)

governance_object_ownership = 0; governance_responsibility_scope = 6 {approval,audit,execution,health,policy,render} — no registration-authority scope; governance_registry = 9 (GOV-COUNCIL/GOV-DOT/GOV-KG-SYS/GOV-NRM-SYS/GOV-SIV active; 4 GOV-MO* draft).
apr_action_types = 14, no register_dot; assign_governance_owner = high + handler_ref='unimplemented' (also register_axis/register_topic_node/delegate_authority/grant_governance_exception/assign_axis_owner/amend_law/enact_nrm/activate_event_type/authorize_build_step = high/unimplemented).
approval_requests = 230, 0 columns matching effect/artifact/hash/canonical/principal (binding gap, LIVE); apr_approvals = 42.
Carried REQUIRED_NOT_PRESENT (governed): DOT_APPROVAL_QUORUM_AUTHORITY scope; canonical-principal surface. Carried fail-closed: BOOTSTRAP_AUTHORITY_UNRESOLVED, OWNER_MINT_PATH_FAIL_CLOSED.
Honesty flag: quorum function bodies were not re-derived this macro (carried from RS5A-02/08 rev 1, grounded by Điều 32 §7) — affects no conclusion (all fail-closed).

4. Design outputs

Bootstrap problem (02): circularity = minting the first owner needs an authority only an already-minted owner (or an implemented, owner-authorized mint path) could give; every substrate exit is empty/blocked/REQUIRED_NOT_PRESENT. Only legitimate source = Constitution v4.6.3 + Chairman ("AI proposes, does not self-promulgate"), sitting above the empty substrate. RS5B does not claim a concrete owner-minting mechanism already exists (NEEDS_SOURCE_CONFIRMATION).
Candidate models (03): A operator self-mint REJECT; B GOV-DOT self-mint REJECT (subject-only); C GOV-COUNCIL-approval-as-registration-authority REJECT (forbidden implicit inherit + approval can't form); D founding act (Constitution+Chairman) PREFERRED — design only; E deferred no-owner HOLD = safe runtime posture now. Chosen posture = D-as-design on top of E-as-runtime.
Preferred runbook (04): read-only preflight first; founding-act W-steps (scope rows → lawful mint path → first ownership row(s), Option B split → register_dot + carriers) are all [GATE] (Chairman + separate authorization + later independent gate); replace-not-wrap; per-block rollback; replay/audit are hard pre-runtime, activation the only post-reg-capable scope.
Authorization packet (05): 13 conjunctive pre-write elements (authority source · exact scope · candidate owner · object · effect_identity · artifact/hash · approval/quorum if used · canonical principal if used · rollback · no-implicit-inherit · nonce/replay · read-only preflight · explicit Chairman authorization last & unconditional); none satisfied today ⇒ all writes fail-closed.
Adversarial self-check (06): BI01–BI10 + 2 self-traps; no invalid input produces PASS/digest/seal/cert-like output; engineering PASS never upgraded to authority PASS.
LEGO proof (07 §4): owner/scope/quorum/principal/registration/admission/activation/replay/audit each born/tested/changed/rolled-back separately, joined only by explicit FK/admission/MUST_NOT_IMPLICIT_INHERIT edges. LEGO_BOUNDARY_HELD.

5. Deliverables (9 files + this rollup)

reports/rs5b/: rs5b-index-…, 01-source-register-and-current-state-reconstruction, 02-g2-owner-of-record-bootstrap-problem-statement, 03-authority-chain-candidate-models-and-rejection-matrix, 04-preferred-non-mutating-execution-design-runbook, 05-authorization-packet-requirements-before-any-write, 06-fail-closed-adversarial-self-check-and-bad-inputs, 07-rs5b-decision-packet, codex-review-packet-rs5b-… — plus this reports/macro-rs5b-… rollup. All rev 1, readback-confirmed.

6. Carried blockers & must-not-do

G2–G7 + STATUS_DOMAIN_NOT_DB_ENFORCED + U3_PARTIAL_UNIQUE_SURFACE_ABSENT + OWNER_MINT_PATH_FAIL_CLOSED + QUORUM_EFFECT_BINDING_INSUFFICIENT + QUORUM_APPROVER_IDENTITY_UNVERIFIED + BOOTSTRAP_AUTHORITY_UNRESOLVED + CANONICAL_PRINCIPAL_SURFACE_REQUIRED_NOT_PRESENT. No new blocker, no new reject code. All 24 must-not-do held; REGISTRATION_HOLD not cleared. PATCH4 caveat carried corrected: nine fixtures CQ01–CQ09; no PATCH5.

7. Next step

GPT reviews RS5B only → on accept, Codex review → on accept, a separately-authorized P2 execution lane under Chairman authority builds carriers/policies (replace-not-wrap); a later independent gate decides P3 registration. Residual ⇒ RS5B-PATCH1. Builds on / consumes the accepted contract in macro-rs5a-patch4-total-quorum-precedence-and-g02-domain-2026-06-21.md and the RS5A G2 dossier (does not reopen them).

Default HOLD; design-solved ≠ runtime-resolved; acceptance-of-design ≠ authorization-to-execute; approval-authority ≠ ownership; Constitution+Chairman is the only non-circular first-authority source; engineering PASS ≠ authority PASS.