Macro-RS5B-PATCH1 — Effect/Authorization-Binding Correction (rollup) — 2026-06-21

Opened after: RS5B authored (RS5B_READY_FOR_GPT_REVIEW); a wording slip in RS5B-05 item 5 was flagged for narrow correction. Verdict: RS5B_PATCH1_READY_FOR_GPT_REVIEW (not forced) · Gate: REGISTRATION_HOLD · REGISTRATION_CAN_PROCEED = NO · 0 runtime mutations. PASS level: design-review-ready / engineering-design only — not authority/implementation/runtime/registration PASS. Class: scoped wording correction, additive (does NOT overwrite RS5B).

1. Scope

Corrects the inverted phrase in RS5B-05 item 5 — "effect_identity … kept out of the authorization binding" — to match the accepted RS4A-PATCH2 contract. Does NOT reopen RS5A-PATCH4 quorum/G02 or any other accepted semantics; does NOT rewrite unrelated RS5B sections; creates no schema/column/row.

2. Defect → correction

• Defect: RS5B-05 item 5 said effect_identity is "kept out of the authorization binding". This inverts the contract and could permit approval-not-bound-to-effect / authorization-substitution. It even contradicts item 5's own reject code APPROVAL_NOT_BOUND_TO_EFFECT_IDENTITY ⇒ confirmed wording slip. Marked SUPERSEDED_BY_RS5B_PATCH1.
• Correction (grounded on RS4A-PATCH2-02, read full):
  • effect_identity = H(protocol_version, operation, canonical_target_dot_code, canonical_artifact_identity, canonical_artifact_hash) — business-only/pure; excludes owner scope/policy, approvals, APR/owner ids, nonce, run, attempt, timestamps, operator, session, host.
  • authorization_binding_digest MUST include effect_identity, plus owner scope/head, policy, approval/quorum + canonical-principal evidence (if approval used), nonce ref/issuer/window when used, artifact_hash_ref, separate U3/status/audit policy refs, and founding-authority ref (for a bootstrap owner-designation packet).
  • Real separation = authority-out-of-effect_identity, NOT effect_identity-out-of-binding. The binding binds the pure effect to the authorization envelope.

3. Impact map

• kept out of … authorization binding: 1 occurrence, RS5B-05 item 5 → SUPERSEDED.
• RS5B-05 item-5 element name effect_identity / authorization intent and RS5B-03 Model D shorthand effect/authorization intent → minor NEEDS_PATCH; both are superseded as pure effect_identity + authorization_binding_digest containing it.
• All nine RS5B directory files plus the rollup were scanned. RS5B-07 / RS5B codex packet / RS5B rollup / RS5B-06 (BI05) otherwise list or enforce effect identity consistently → OK, no rewrite.

4. New reject codes made explicit

AUTHORIZATION_BINDING_MISSING_EFFECT (binding omits effect_identity) and EFFECT_IDENTITY_IMPURE (effect_identity hashes authority/credential/execution fields). Both already implicit in RS4A-PATCH2-02; surfaced for the founding-act packet. The existing APPROVAL_NOT_BOUND_TO_EFFECT_IDENTITY and AUTHORIZATION_CHANGED_SAME_EFFECT_DUPLICATE are retained.

5. Adversarial self-check (BI-E1..BI-E7)

BI-E1 omit-effect→APPROVAL_NOT_BOUND_TO_EFFECT_IDENTITY; BI-E2 swap-artifact-hash→ARTIFACT_HASH_MISMATCH/AUTHORIZATION_BINDING_MISMATCH; BI-E3 same-effect-diff-owner→AUTHORIZATION_SCOPE_MISMATCH; BI-E4 approval-reused-diff-effect→APPROVAL_NOT_BOUND_TO_EFFECT_IDENTITY; BI-E5 impure-effect→EFFECT_IDENTITY_IMPURE; BI-E6 binding-omits-effect→AUTHORIZATION_BINDING_MISSING_EFFECT; BI-E7 design→authority→AUTHORITY_OVERCLAIM. No invalid input produces PASS/digest/seal/cert-like output; both binding directions guarded (BI-E5 ↔ BI-E6). Source RS4A-PATCH2-02 found & read full ⇒ no NEEDS_SOURCE_CONFIRMATION.

6. Deliverables (7 files + this rollup)

reports/rs5b-patch1/: rs5b-patch1-index-…, 01-source-and-defect-map, 02-corrected-effect-identity-and-authorization-binding-contract, 03-rs5b-document-impact-map-and-superseded-wording, 04-codex-style-self-check-and-bad-inputs, 05-rs5b-patch1-decision-packet, codex-review-packet-rs5b-patch1-… — plus this reports/macro-rs5b-patch1-… rollup. All rev 1, readback-confirmed.

7. Carried blockers & must-not-do

G2–G7 + STATUS_DOMAIN_NOT_DB_ENFORCED + U3_PARTIAL_UNIQUE_SURFACE_ABSENT + OWNER_MINT_PATH_FAIL_CLOSED + QUORUM_EFFECT_BINDING_INSUFFICIENT + QUORUM_APPROVER_IDENTITY_UNVERIFIED + BOOTSTRAP_AUTHORITY_UNRESOLVED + CANONICAL_PRINCIPAL_SURFACE_REQUIRED_NOT_PRESENT. No new blocker. All must-not-do held: 0 runtime mutation, no DDL/DML, no Owner/scope/principal-registry/APR/register_dot/approval/handler, no registrar/validator patch, no RS-VALIDATOR, no implement/register/activate, REGISTRATION_HOLD not cleared, RS5A-PATCH4 not reopened, effect_identity not made to include authorization envelope, authorization_binding_digest not made to omit effect_identity, design PASS not upgraded to authority PASS. PATCH4 caveat: nine fixtures CQ01–CQ09; no PATCH5.

8. Next step

GPT reviews RS5B-PATCH1 only → on accept, Codex → corrected RS5B-05 item 5 (PATCH1-02 §5) carries into RS5B by reference; RS5B's own next step resumes (GPT/Codex review of RS5B → separately-authorized P2 execution lane under Chairman authority). Residual ⇒ RS5B-PATCH2. Builds on / corrects [[macro-rs5b-g2-owner-execution-authorization-design-2026-06-21]]; grounded on the accepted rs4a-patch2/02-effect-identity-with-authorization-binding-separated (does not reopen it).

effect_identity pure ≠ effect_identity out of binding; the binding contains the effect; authority excluded from effect_identity; design PASS ≠ authority PASS; REGISTRATION_HOLD retained.