Macro-RS5B-PATCH2 — Canonical Operation and BI-E1/BI-E6 Domain Separation — 2026-06-21

Verdict: RS5B_PATCH2_READY_FOR_GPT_REVIEW (not forced) · REGISTRATION_HOLD · REGISTRATION_CAN_PROCEED = NO · 0 runtime mutations (KB-only, design-only). PASS level: design-review-ready / engineering-design only — NOT authority / implementation / runtime / registration PASS.

What this is

A narrow, additive correction closing the two residuals Codex flagged when it returned NEED_RS5B_PATCH2 (HOLD) on RS5B-PATCH1. Reconstructed directly from the official Codex HOLD report in AgentData KB (codex/codex-review-rs5b-patch1-effect-authorization-binding-correction-2026-06-21.md), not from chat summary or local prose. Does not reopen RS5A-PATCH4 (quorum/G02/total-Q-order), RS5B core, the accepted authorization_binding_digest field set, owner/bootstrap/handler, U1/U2/U3, or registration prerequisites.

R1 — operation hardcode → canonical_operation

Defect (Codex §4, §10.1): RS5B-PATCH1-02 §2 pinned operation="register_dot" in the general founding effect_identity, but RS5B-05 is a founding-act packet covering scope creation and first-owner designation — distinct operations → distinct effect identities. A fixed register_dot can bind a founding authorization to the wrong business act.

Closure:

effect_identity = H(protocol_version, canonical_operation,
                    canonical_target_object_type, canonical_target_object_ref,
                    canonical_artifact_identity, canonical_artifact_hash)

• canonical_operation = governed action/effect type per act; register_dot is one value, used only as the register_dot-admission example.
• Founding owner-designation / scope creation MUST NOT be identified as register_dot; they are distinct operations → distinct effect identities.
• Authority changes do not mint a new effect (purity preserved — authority/credential/execution incl. founding_authority_ref stay OUT of effect_identity, in the binding).
• Canonical-operation vocabulary absent as runtime rows ⇒ CANONICAL_OPERATION_VOCABULARY_REQUIRED_NOT_PRESENT; design examples only; no rows invented (KB search confirms the term pre-exists nowhere; nearest live surface apr_action_types is APR-layer and lacks register_dot — related-but-distinct).
• RS4A-PATCH2-02 §1 register_dot formula stays valid as the register_dot specialization (canonical_operation="register_dot", object_type="dot", object_ref=canonical_target_dot_code).
• Operation-domain bad inputs OP-BI-1..4 all fail-closed (WRONG_CANONICAL_OPERATION_FOR_EFFECT, AUTHORITY_CHANGE_IS_NOT_NEW_EFFECT, CANONICAL_OPERATION_VOCABULARY_REQUIRED_NOT_PRESENT).

R2 — BI-E1/BI-E6 overlap → two-layer disjoint domains

Defect (Codex §7, §10.2): BI-E1 and BI-E6 both described "binding lacks effect_identity" but returned different codes, with no mutual exclusion / no evaluation order. One input → two contract-compliant outcomes.

Closure:

• BI-E6 = Layer 1 (digest-shape), evaluated first: authorization_binding_digest input schema omits effect_identity → AUTHORIZATION_BINDING_MISSING_EFFECT.
• BI-E1 = Layer 2 (approval/evidence binding), only if Layer 1 passed: schema includes effect_identity = E but approval evidence not bound to E → APPROVAL_NOT_BOUND_TO_EFFECT_IDENTITY.
• Disjoint by binary predicate P = (effect_identity ∈ digest input schema): ¬P ⇒ BI-E6 only (BI-E1 unreachable); P ⇒ BI-E1 only (BI-E6 unfireable). No input matches both.
• Secondary safeguard precedence AUTHORIZATION_BINDING_MISSING_EFFECT < APPROVAL_NOT_BOUND_TO_EFFECT_IDENTITY.
• Oracle total: every input → exactly one outcome; BINDING_CHECK_PASS is necessary-not-sufficient; no invalid input → PASS/seal/digest. BI-E2/E3/E4/E5/E7 unchanged.

Self-test (all pass)

1. General formula contains operation="register_dot"? No. 2. register_dot example-only? Yes. 3. One input matches BI-E1 & BI-E6? No. 4. BI-E6 covers digest-schema omission? Yes. 5. BI-E1 covers approval-not-bound? Yes. 6. Runtime rows/Owner/scope/APR/register_dot/approval/handler/P2 created? No. 7. Implies authority/runtime/registration PASS? No.

Files (9, additive)

reports/rs5b-patch2/: index · 01 codex-patch1-hold-closure-map · 02 canonical-operation-effect-identity-correction (R1) · 03 bi-e1-bi-e6-domain-separation-and-oracle-totality (R2) · 04 impact-map-and-superseded-wording · 05 codex-style-self-check-and-bad-inputs · 06 decision-packet · codex-review-packet; plus this macro rollup reports/macro-rs5b-patch2-…. All revision 1.

Carried blockers — none resolved, none added

G2–G7 + STATUS_DOMAIN_NOT_DB_ENFORCED + U3_PARTIAL_UNIQUE_SURFACE_ABSENT + OWNER_MINT_PATH_FAIL_CLOSED + QUORUM_EFFECT_BINDING_INSUFFICIENT + QUORUM_APPROVER_IDENTITY_UNVERIFIED + BOOTSTRAP_AUTHORITY_UNRESOLVED + CANONICAL_PRINCIPAL_SURFACE_REQUIRED_NOT_PRESENT. No new runtime blocker; the three R1 labels are design-level clarifications.

Single next step

GPT review RS5B-PATCH2 only → if accepted, Codex review → corrected canonical-operation formula and layered BI domains carry into RS5B. No P2, no runtime write, no registration. Residual ⇒ RS5B-PATCH3.

Default HOLD; canonical_operation ≠ register_dot for founding acts; register_dot is one operation value; authority change ≠ new effect; vocabulary REQUIRED_NOT_PRESENT ≠ invent rows; digest-shape (BI-E6) evaluated before approval-binding (BI-E1); one input → one code; design PASS ≠ authority/runtime/registration PASS.

Builds on / corrects [[project_laws_new_macro_rs5b_patch1_effect_authorization_binding_correction_2026_06_21]]. Consumes RS5B-PATCH1, RS5B-03/05, RS4A-PATCH2-02.